CCNA 3 Labs and Study Guide - BINARYBB.INFO – @jagalbraith
CCNA 3 Labs and Study Guide - BINARYBB.INFO – @jagalbraith
CCNA 3 Labs and Study Guide - BINARYBB.INFO – @jagalbraith
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Switching Basics <strong>and</strong> Intermediate Routing<br />
Cisco Press<br />
800 East 96th Street<br />
Indianapolis, Indiana 46240 USA<br />
<strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Instructor Edition<br />
Allan Johnson
ii Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Switching Basics <strong>and</strong> Intermediate Routing<br />
<strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Instructor Edition<br />
Allan Johnson<br />
Copyrigh® 2007 Cisco Systems, Inc.<br />
Published by:<br />
Cisco Press<br />
800 East 96th Street<br />
Indianapolis, IN 46240 USA<br />
All rights reserved. No part of this book may be reproduced or transmitted<br />
in any form or by any means, electronic or mechanical, including photocopying,<br />
recording, or by any information storage <strong>and</strong> retrieval system,<br />
without written permission from the publisher, except for the inclusion of<br />
brief quotations in a review.<br />
Printed in the United States of America 1 2 3 4 5 6 7 8 9 0<br />
First Printing July 2006<br />
Library of Congress Cataloging-in-Publication Number: 2006920177<br />
ISBN: 1-58713-186-2<br />
Warning <strong>and</strong> Disclaimer<br />
This book is designed to provide information about the <strong>CCNA</strong> 3: Switching<br />
Basics <strong>and</strong> Intermediate Routing course of the Cisco Networking Academy<br />
Program <strong>CCNA</strong> curriculum. Every effort has been made to make this book<br />
as complete <strong>and</strong> as accurate as possible, but no warranty or fitness is implied.<br />
The information is provided on an “as is” basis. The authors, Cisco Press, <strong>and</strong><br />
Cisco Systems, Inc., shall have neither liability nor responsibility to any<br />
person or entity with respect to any loss or damages arising from the information<br />
contained in this book or from the use of the discs or programs that<br />
may accompany it.<br />
The opinions expressed in this book belong to the author <strong>and</strong> are not necessarily<br />
those of Cisco Systems, Inc.<br />
Feedback Information<br />
At Cisco Press, our goal is to create in-depth technical books of the highest<br />
quality <strong>and</strong> value. Each book is crafted with care <strong>and</strong> precision, undergoing<br />
rigorous development that involves the unique expertise of members from<br />
the professional technical community.<br />
Readers’ feedback is a natural continuation of this process. If you have any<br />
comments regarding how we could improve the quality of this book, or otherwise<br />
alter it to better suit your needs, you can contact us through e-mail<br />
at feedback@ciscopress.com. Please make sure to include the book title <strong>and</strong><br />
ISBN in your message.<br />
We greatly appreciate your assistance.<br />
Publisher<br />
Paul Boger<br />
Cisco Representative<br />
Anthony Wolfenden<br />
Cisco Press<br />
Program Manager<br />
Jeff Brady<br />
Executive Editor<br />
Mary Beth Ray<br />
Production Manager<br />
Patrick Kanouse<br />
Development Editor<br />
Andrew Cupp<br />
Senior Project Editor<br />
San Dee Phillips<br />
Copy Editor<br />
Bill McManus<br />
Technical Editor<br />
Bernadette O’Brien<br />
Team Coordinator<br />
Vanessa Evans<br />
Book <strong>and</strong> Cover Designer<br />
Louisa Adair<br />
Composition<br />
Mark Shirar
Trademark Acknowledgments<br />
All terms mentioned in this book that are known to be trademarks or service marks have been appropriately<br />
capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information. Use of<br />
a term in this book should not be regarded as affecting the validity of any trademark or service mark.<br />
iii
iv Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
About the Author<br />
Allan Johnson entered the academic world in 1999 after 10 years as a business owner/operator to dedicate<br />
his efforts to his passion for teaching. He has an MBA <strong>and</strong> an M.Ed in occupational training <strong>and</strong> development.<br />
Allan is currently pursuing an MS in information security. He is an information technology instructor<br />
at Mary Carroll High School <strong>and</strong> Del Mar College in Corpus Christi, Texas. Since 2003, Allan has<br />
committed much of his time <strong>and</strong> energy to the <strong>CCNA</strong> Instructional Support Team providing services for<br />
instructors worldwide <strong>and</strong> creating training materials. He is a familiar voice on the Cisco Networking<br />
Academy Community forum, “Ask the Experts” series. He currently holds <strong>CCNA</strong> <strong>and</strong> CCAI certifications.<br />
About the Technical Reviewer<br />
Bernadette O’Brien has been teaching in the Cisco Networking Academy since 1998 in Schenectady,<br />
New York. Schenectady High School is a Regional Academy for <strong>CCNA</strong> <strong>and</strong> a CATC for Sponsored<br />
Curriculum, which Bernadette coordinates.<br />
Bernadette received her BS degree from SUNY College at Buffalo <strong>and</strong> her MS degree in curriculum <strong>and</strong><br />
instruction from SUNY Albany. She is also <strong>CCNA</strong> <strong>and</strong> CCAI certified.<br />
Bernadette, her husb<strong>and</strong>, <strong>and</strong> two children live in a Victorian village very near the Adirondack Mountains<br />
in upstate New York. They enjoy rehabbing their 120-year-old Victorian house, skiing, <strong>and</strong> hiking.
Dedications<br />
To my wife Becky, <strong>and</strong> my daughter Christina. Thank you both for your love <strong>and</strong> patience.<br />
v
vi Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Acknowledgments<br />
As technical editor, Bernadette O’Brien served admirably as my second pair of eyes, finding <strong>and</strong> correcting<br />
technical inaccuracies as well as grammatical errors that helped make this project a first-class production.<br />
Mary Beth Ray, executive editor, did an outst<strong>and</strong>ing job from beginning to end steering this project<br />
through to completion. I can always count on Mary Beth to make the tough decisions.<br />
Andrew Cupp, development editor, has a dedication to perfection that pays dividends in countless, unseen<br />
ways. Thank you for providing me much-needed guidance <strong>and</strong> support. This book could not be a reality<br />
without your persistence.<br />
Lastly, I cannot forget to thank all my students—past <strong>and</strong> present—who have helped me over the years to<br />
create engaging <strong>and</strong> exciting activities <strong>and</strong> labs. There is no better way to test the effectiveness of an activity<br />
than to give it to a team of dedicated students. They excel at finding the obscurest of errors! I could have<br />
never done this without all of your support.
Contents at a Glance<br />
Chapter 1: Introduction to Classless Routing 1<br />
Chapter 2: Single-Area OSPF 99<br />
Chapter 3: EIGRP <strong>and</strong> Troubleshooting Routing Protocols 175<br />
Chapter 4: Switching Concepts 219<br />
Chapter 5: LAN Design <strong>and</strong> Switches 233<br />
Chapter 6: Catalyst Switch Configuration 243<br />
Chapter 7: Spanning Tree Protocol 313<br />
Chapter 8: Virtual LANs 341<br />
Chapter 9: VLAN Trunking Protocol 379<br />
Appendix A Router Interface Summary Chart 469<br />
Appendix B Erasing <strong>and</strong> Reloading the Switch 471<br />
Appendix C Erasing <strong>and</strong> Reloading the Router 473<br />
Appendix D <strong>CCNA</strong> 3 Skills-Based Assessment Practice 475<br />
vii
viii Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Contents<br />
Chapter 1: Introduction to Classless Routing 1<br />
<strong>Study</strong> <strong>Guide</strong> 2<br />
VLSM 2<br />
Vocabulary Exercise: Matching 3<br />
Vocabulary Exercise: Completion 4<br />
Subnetting Review Exercises 4<br />
Prefix Length Use Exercises 7<br />
VLSM Subnetting a Subnet Exercises 9<br />
VLSM Addressing Design Exercises 12<br />
VLSM Addressing Design Scenarios 16<br />
Summary Route Exercises 23<br />
Default <strong>and</strong> Static Routing Scenario 30<br />
Concept Questions 31<br />
VLSM Case <strong>Study</strong> 32<br />
RIP Version 2 34<br />
Compare <strong>and</strong> Contrast Exercise 34<br />
Internet Research 34<br />
Lab Exercises 37<br />
Comm<strong>and</strong> Reference 37<br />
Curriculum Lab 1-1: Calculating VLSM Subnets (1.1.4) 37<br />
Task 1: Divide the Allocated Addresses into Four Equal-Sized Address Blocks 38<br />
Task 2: Allocate the Next Level After All the Requirements Are Met for the Higher<br />
Level(s) 39<br />
Task 3: Allocate Address Space for Sydney 39<br />
Task 4: Allocate Address Space for Singapore 40<br />
Task 5: Allocate Address Space for WAN Links 41<br />
Curriculum Lab 1-2: Review of Basic Router Configuration with RIP<br />
(1.2.3) 43<br />
Task 1: Basic Router Configuration 45<br />
Task 2: Start the HyperTerminal Program 45<br />
Task 3: Name the HyperTerminal Session 45<br />
Task 4: Specify the Computer’s Connecting Interface 45<br />
Task 5: Specify the Interface Connection Properties 46<br />
Task 6: Close the Session 48<br />
Task 7: Reopen the HyperTerminal Connection 48<br />
Task 8: Configure Hostname <strong>and</strong> Passwords on Router GAD 49<br />
Task 9: Configure Interface Serial 0 on Router GAD 49<br />
Task 10: Configure the Fast Ethernet 0 Interface on Router GAD 49<br />
Task 11: Configure the IP Host Statements on Router GAD 49<br />
Task 12: Configure RIP Routing on Router GAD 50<br />
Task 13: Save the GAD Router Configuration 50<br />
Task 14: Configure Hostname <strong>and</strong> Passwords on Router BHM 50<br />
Task 15: Configure Interface Serial 0 on Router BHM 50
Task 16: Configure the Fast Ethernet 0 Interface on Router BHM 50<br />
Task 17: Configure the IP Host Statements on Router BHM 51<br />
Task 18: Configure RIP Routing on Router BHM 51<br />
Task 19: Save the BHM Router Configuration 51<br />
Task 20: Configure the Hosts 51<br />
Task 21: Verify the Internetwork Is Functioning by Pinging the Fast Ethernet<br />
Interface of the Other Router 51<br />
Task 22: Show the Routing Tables for Each Router 52<br />
Curriculum Lab 1-3: Converting RIPv1 to RIPv2 (1.2.4) 53<br />
Task 1: Configure the Routers 54<br />
Task 2: Configure the Routing Protocol on Router GAD 55<br />
Task 3: Save the GAD Router Configuration 55<br />
Task 4: Configure the Routing Protocol on Router BHM 55<br />
Task 5: Save the BHM Router Configuration 55<br />
Task 6: Configure the Hosts 56<br />
Task 7: Verify that the Internetwork Is Functioning 56<br />
Task 8: Enable RIPv2 Routing 56<br />
Task 9: Ping All Interfaces on the Network from Each Host 56<br />
Curriculum Lab 1-4: Verifying RIPv2 Configuration (1.2.5) 57<br />
Task 1: Configure the Routers 58<br />
Task 2: Configure the Routing Protocol on Router Gadsden 58<br />
Task 3: Save the Gadsden Router Configuration 58<br />
Task 4: Configure the Routing Protocol on Router BHM 58<br />
Task 5: Save the BHM Router Configuration 58<br />
Task 6: Configure the Hosts 58<br />
Task 7: Verify that the Internetwork Is Functioning 59<br />
Task 8: Show the Routing Tables for Each Router 59<br />
Task 9: Enable RIPv2 Routing 60<br />
Task 10: Show the Routing Tables 60<br />
Task 11: Change the Fast Ethernet IP Subnet Mask on Router GAD 61<br />
Task 12: Show the GAD Routing Table 61<br />
Task 13: Show the BHM Routing Table 61<br />
Task 14: Change the Network Addressing Scheme 62<br />
Task 15: Show the Routing Table for Router GAD 62<br />
Task 16: Show the Routing Table for Router BHM 63<br />
Task 17: Change the Host Configurations 63<br />
Task 18: Ping All Interfaces on the Network from Each Host 64<br />
Task 19: Use show ip route to See Different Routes by Type 64<br />
Task 20: Use the show ip protocol Comm<strong>and</strong> 64<br />
Task 21: Remove the Version 2 Option for RIP 65<br />
Task 22: Show the Routing Table for Router GAD 65<br />
Task 23: Show the Routing Table for Router BHM 66<br />
Curriculum Lab 1-5: Troubleshooting RIPv2 Using debug (1.2.6) 66<br />
Task 1: Configure the Routers 67<br />
Task 2: Configure the Routing Protocol on Router GAD 67<br />
Task 3: Save the GAD Router Configuration 67<br />
ix
x Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 4: Configure the Routing Protocol on Router BHM 67<br />
Task 5: Save the BHM Router Configuration 68<br />
Task 6: Configure the Hosts 68<br />
Task 7: Verify the Internetwork Is Functioning 68<br />
Task 8: Show the debug ip Comm<strong>and</strong> Options 68<br />
Task 9: Show the debug ip rip Comm<strong>and</strong> Options 69<br />
Task 10: Show the RIP Routing Updates 69<br />
Task 11: Enable RIPv2 Routing on Router GAD Only 69<br />
Task 12: Restart the Debug Function on Router GAD 69<br />
Task 13: Clear the Routing Table 70<br />
Task 14: Start the Debug RIP Function 70<br />
Task 15: Clear the Routing Table 70<br />
Task 16: Enable RIPv2 Routing on Router BHM 71<br />
Task 17: Use the Debug Function to See Packet Traffic on a Router 71<br />
Task 18: Start the debug ip rip database Function on Router BHM 71<br />
Task 19: Use the Debug Function to See Routing Updates 71<br />
Comprehensive Lab 1-6: Default Routing <strong>and</strong> RIPv2 72<br />
Task 1: Cable the Topology <strong>and</strong> Basic Configurations 73<br />
Task 2: Configure Interfaces <strong>and</strong> Enable RIPv2 74<br />
Task 3: Verify Connectivity 75<br />
Task 4: Add ISP Router 76<br />
Task 5: Configure Static <strong>and</strong> Default Routing 77<br />
Task 6: Verify Connectivity <strong>and</strong> Capture Scripts 77<br />
Challenge Lab 1-7: VLSM Design, RIPv2, <strong>and</strong> Default Routing 85<br />
Task 1: Design the Addressing Scheme 86<br />
Task 2: Cable the Topology <strong>and</strong> Basic Configurations 87<br />
Task 3: Configure the Interfaces <strong>and</strong> Enable RIPv2 87<br />
Task 4: Configure Static <strong>and</strong> Default Routing 87<br />
Task 5: Verify Connectivity 88<br />
Task 6: Challenge 89<br />
Chapter 2: Single-Area OSPF 99<br />
<strong>Study</strong> <strong>Guide</strong> 100<br />
Link-State Routing Overview 100<br />
Vocabulary Exercise: Matching 100<br />
Vocabulary Exercise: Completion 101<br />
Compare <strong>and</strong> Contrast Exercise 101<br />
Concept Questions 102<br />
Journal Entry 102<br />
Single-Area OSPF Concepts 102<br />
Vocabulary Exercise: Completion 102<br />
Build the SPF Loop-Free Topology 103<br />
Concept Questions 106<br />
Single-Area OSPF Configuration 106<br />
Learn the OSPF Comm<strong>and</strong>s Exercise 107
DR/BDR Election Exercise 114<br />
Journal Entry 115<br />
Lab Exercises 116<br />
Comm<strong>and</strong> Reference 116<br />
Curriculum Lab 2-1: Configuring the OSPF Routing Process (2.3.1)<br />
117<br />
Task 1: Configure the Routers 118<br />
Task 2: Save the Configuration Information from Privileged EXEC Comm<strong>and</strong> Mode<br />
120<br />
Task 3: Configure the Hosts 120<br />
Task 4: View the Router’s Configuration <strong>and</strong> Interface Information 120<br />
Task 5: Configure OSPF Routing on Router BERLIN 121<br />
Task 6: Configure OSPF Routing on Router ROME 121<br />
Task 7: Test Network Connectivity 122<br />
Curriculum Lab 2-2: Configuring OSPF with Loopback Addresses<br />
(2.3.2) 122<br />
Task 1: Configure the Routers 123<br />
Task 2: Save the Configuration Information for All the Routers 125<br />
Task 3: Configure the Hosts 125<br />
Task 4: View the Router’s Configuration <strong>and</strong> Interface Information 126<br />
Task 5: Verify Connectivity of the Routers 126<br />
Task 6: Configure OSPF Routing on Router London 126<br />
Task 7: Configure OSPF Routing on Router Ottawa 127<br />
Task 8: Configure OSPF Routing on Router Brasilia 127<br />
Task 9: Test Network Connectivity 127<br />
Task 10: Show OSPF Adjacencies 127<br />
Task 11: Configure the Loopback Interfaces 128<br />
Task 12: Save the Configuration Information for All the Routers 128<br />
Task 13: Show OSPF Adjacencies 128<br />
Task 14: Verify OSPF Interface Configuration 129<br />
Task 15: Configure London to Always Be the DR 129<br />
Task 16: Watch the Election Process 129<br />
Task 17: Show OSPF Adjacencies 129<br />
Curriculum Lab 2-3: Modifying OSPF Cost Metric (2.3.3) 130<br />
Task 1: Configure the Routers 131<br />
Task 2: Save the Configuration Information from Privileged EXEC Comm<strong>and</strong> Mode<br />
132<br />
Task 3: Configure the Hosts 132<br />
Task 4: View the Router’s Configuration <strong>and</strong> Interface Information 133<br />
Task 5: Configure OSPF Routing on Router Cairo 134<br />
Task 6: Configure OSPF Routing on the Moscow Router 134<br />
Task 7: Show the Routing Table Entries 135<br />
Task 8: Test Network Connectivity 135<br />
Task 9: Look at the OSPF Cost on the Cairo Router Interfaces 135<br />
Task 10: Record the OSPF Cost of the Serial <strong>and</strong> Fast Ethernet Interfaces 136<br />
Task 11: Manually Set the Cost on the Serial Interface 136<br />
xi
xii Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 12: Verify Cost 136<br />
Curriculum Lab 2-4: Configuring OSPF Authentication (2.3.4) 137<br />
Task 1: Configure the Routers 138<br />
Task 2: Save the Configuration Information from Privileged EXEC Comm<strong>and</strong> Mode<br />
140<br />
Task 3: Configure the Hosts 140<br />
Task 4: Verify Connectivity 140<br />
Task 5: Configure OSPF Routing on Both Routers 140<br />
Task 6: Test Network Connectivity 141<br />
Task 7: Set Up OSPF Authentication 141<br />
Task 8: Enable OSPF Authentication in this Area, Area 0 142<br />
Curriculum Lab 2-5: Configuring OSPF Timers (2.3.5) 143<br />
Task 1: Configure the Routers 144<br />
Task 2: Save the Configuration Information from Privileged EXEC Comm<strong>and</strong> Mode<br />
145<br />
Task 3: Configure the Hosts 145<br />
Task 4: Verify Connectivity 146<br />
Task 5: Configure OSPF Routing on both Routers 146<br />
Task 6: Test Network Connectivity 146<br />
Task 7: Observe OSPF Traffic 147<br />
Task 8: Show Interface Timer Information 147<br />
Task 9: Modify the OSPF Timers 147<br />
Task 10: Examine the Routing Table 147<br />
Task 11: Look at the OSPF Data Transmissions 147<br />
Task 12: Check the Rome Router Routing Table Status 148<br />
Task 13: Set the Rome Router Interval Timers 148<br />
Task 14: Reset the Router’s Interval Timers to the Default Values 148<br />
Task 15: Verify that the Interval Timers Are Returned to the Default Values 148<br />
Curriculum Lab 2-6: Propagating Default Routes in an OSPF Domain<br />
(2.3.6) 149<br />
Task 1: Configure the ISP Router 150<br />
Task 2: Configure the Area 0 OSPF Routers 151<br />
Task 3: Save the Configuration Information from Privileged EXEC Comm<strong>and</strong> Mode<br />
152<br />
Task 4: Configure the Hosts 152<br />
Task 5: Verify Connectivity 153<br />
Task 6: Configure OSPF Routing on Both Area 0 Routers 153<br />
Task 7: Test Network Connectivity 154<br />
Task 8: Observe OSPF Traffic 154<br />
Task 9: Create a Default Route to the ISP 154<br />
Task 10: Verify the Default Static Route 154<br />
Task 11: Verify Connectivity from the Madrid Router 155<br />
Task 12: Verify Connectivity from the Tokyo Router 155<br />
Task 13: Redistribute the Static Default Route 155
Comprehensive Lab 2-7: OSPF Configuration 156<br />
Task 1: Cable the Topology <strong>and</strong> Basic Configurations 157<br />
Task 2: Configure Interfaces <strong>and</strong> OSPF Routing 158<br />
Task 3: Verify Connectivity 158<br />
Task 4: Modify OSPF Cost 159<br />
Task 5: Configure MD5 Authentication 160<br />
Task 6: Adjust OSPF Timers 161<br />
Task 7: Configure <strong>and</strong> Propagate a Default Route 162<br />
Challenge Lab 2-8: OSPF Design <strong>and</strong> Configuration 167<br />
Task 1: Design the Addressing Scheme 168<br />
Task 2: Cable the Topology <strong>and</strong> Basic Configuration 169<br />
Task 3: Configure OSPF Routing <strong>and</strong> Default Routing 169<br />
Task 4: Other OSPF Configurations 169<br />
Task 5: Verification <strong>and</strong> Documentation 170<br />
Chapter 3: EIGRP <strong>and</strong> Troubleshooting Routing Protocols 175<br />
<strong>Study</strong> <strong>Guide</strong> 176<br />
EIGRP Concepts 176<br />
Vocabulary Exercise: Matching 176<br />
Vocabulary Exercise: Completion 177<br />
EIGRP Packet Type Exercise 177<br />
EIGRP Configuration 178<br />
Learn the EIGRP Comm<strong>and</strong>s Exercise 178<br />
Troubleshooting Routing Protocols 181<br />
Problem-Solving Cycle 181<br />
Troubleshooting RIP 182<br />
Troubleshooting EIGRP 185<br />
Troubleshooting OSPF 187<br />
Internet Research Exercise 191<br />
Lab Exercises 194<br />
Comm<strong>and</strong> Reference 194<br />
Curriculum Lab 3-1: Configuring EIGRP Routing (3.2.1) 195<br />
Task 1: Configure the Routers 196<br />
Task 2: Save the Configuration Information from Privileged EXEC Comm<strong>and</strong> Mode<br />
197<br />
Task 3: Configure the Hosts 197<br />
Task 4: View the Router’s Configuration <strong>and</strong> Interface Information 198<br />
Task 5: Configure EIGRP Routing on Router Paris 198<br />
Task 6: Configure EIGRP Routing on Router Warsaw 199<br />
Task 7: Test Network Connectivity 199<br />
Curriculum Lab 3-2: Verifying Basic EIGRP Configuration (3.2.3)<br />
199<br />
Task 1: Configure the Routers 200<br />
Task 2: Save the Configuration Information from Privileged EXEC Comm<strong>and</strong> Mode<br />
202<br />
xiii
xiv Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 3: Configure the Hosts 202<br />
Task 4: View the Router’s Configuration <strong>and</strong> Interface Information 202<br />
Task 5: Configure EIGRP Routing on Router Paris 203<br />
Task 6: Configure EIGRP Routing on Router Warsaw 203<br />
Task 7: Show EIGRP Neighbors 203<br />
Task 8: Test Network Connectivity 203<br />
Task 9: View the Topology Table 204<br />
Comprehensive Lab 3-3: Comprehensive EIGRP Configuration 204<br />
Task 1: Cable the Topology <strong>and</strong> Basic Configurations 205<br />
Task 2: Configure Interfaces <strong>and</strong> EIGRP Routing 206<br />
Task 3: Configure B<strong>and</strong>width <strong>and</strong> Automatic Summarization 207<br />
Task 4: Configure Manual Summarization 208<br />
Challenge Lab 3-4: EIGRP Design <strong>and</strong> Configuration 209<br />
Task 1: Design the Addressing Scheme 210<br />
Task 2: Cable the Topology <strong>and</strong> Basic Configuration 211<br />
Task 3: Configure EIGRP Routing <strong>and</strong> Default Routing 211<br />
Task 4: Manual Summarization 212<br />
Task 5: Verification <strong>and</strong> Documentation 212<br />
Chapter 4: Switching Concepts 219<br />
<strong>Study</strong> <strong>Guide</strong> 220<br />
Introduction to Ethernet/802.3 LANs 220<br />
Vocabulary Exercise: Matching 221<br />
Vocabulary Exercise: Completion 222<br />
CSMA/CD Process Flow Chart Exercise 223<br />
Concept Questions 224<br />
Journal Entry 224<br />
Introduction to LAN Switching 225<br />
Vocabulary Exercise: Completion 225<br />
Building the MAC Address Table Exercise 225<br />
Concept Questions 227<br />
Journal Entry 227<br />
Switch Operation 228<br />
Vocabulary Exercise: Completion 228<br />
Collision <strong>and</strong> Broadcast Domains Exercises 228<br />
Choose the Correct Cable Exercise 230<br />
Lab Exercises 231<br />
Chapter 5: LAN Design <strong>and</strong> Switches 233<br />
<strong>Study</strong> <strong>Guide</strong> 234<br />
LAN Design 234<br />
Vocabulary Exercise: Matching 234<br />
Vocabulary Exercise: Completion 235<br />
Concept Questions 236
LAN Switches 237<br />
Vocabulary Exercise: Completion 237<br />
Three-Layer Hierarchical Model Exercise 238<br />
Concept Questions 240<br />
Lab Exercises 241<br />
Chapter 6: Catalyst Switch Configuration 243<br />
<strong>Study</strong> <strong>Guide</strong> 244<br />
Starting the Switch 244<br />
Vocabulary Exercise: Completion 244<br />
Switch LED Interpretation Exercise 245<br />
Configuring the Switch 246<br />
Learn Basic Switch Comm<strong>and</strong>s Exercise 246<br />
Lab Exercises 249<br />
Comm<strong>and</strong> Reference 249<br />
Curriculum Lab 6-1: Verifying Default Switch Configuration (6.2.1)<br />
250<br />
Task 1: Enter Privileged Mode 251<br />
Task 2: Examine the Current Switch Configuration 251<br />
Task 3: Get Cisco IOS Software Information 252<br />
Task 4: Examine the Fast Ethernet Interfaces 252<br />
Task 5: Examine VLAN Information 253<br />
Task 6: Examine Flash Memory (1900: Skip to Step 8) 253<br />
Task 7: Examine the Startup Configuration File 254<br />
Task 8: Exit the Switch 254<br />
Curriculum Lab 6-2: Basic Switch Configuration (6.2.2) 255<br />
Task 1: Enter Privileged Mode 256<br />
Task 2: Examine the Current Switch Configuration 256<br />
Task 3: Assign a Name to the Switch 258<br />
Task 4: Examine the Current Running Configuration 259<br />
Task 5: Set the Access Passwords (1900: Skip to Task 6) 261<br />
Task 6: Set the Comm<strong>and</strong> Mode Passwords 261<br />
Task 7: Configure Layer 3 Access to the Switch 261<br />
Task 8: Verify the Management LAN Settings (1900: Skip to Step 9) 262<br />
Task 9: Configure Port Speed <strong>and</strong> Duplex Properties for a Fast Ethernet Interface<br />
262<br />
Task 10: Verify the Settings on a Fast Ethernet Interface 263<br />
Task 11: Save the Configuration 263<br />
Task 12: Examine the Startup Configuration File (1900: Skip to Task 13) 264<br />
Task 13: Remove the Enable <strong>and</strong> Enable Secret Passwords 266<br />
Task 14: Access the Switch Web Interface 266<br />
Task 15: Exit the Switch 267<br />
xv
xvi Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Curriculum Lab 6-3: Managing the MAC Address Table (6.2.3) 267<br />
Task 1: Configure the Switch 268<br />
Task 2: Configure the Hosts that Are Attached to the Switch 268<br />
Task 3: Verify Connectivity 268<br />
Task 4: Record the Host MAC Addresses 268<br />
Task 5: Determine the MAC Addresses that the Switch Has Learned 268<br />
Task 6: Determine the show mac-address-table Options 269<br />
Task 7: Clear the MAC Address Table 269<br />
Task 8: Verify the Results 270<br />
Task 9: Determine the clear mac-address-table Options 270<br />
Task 10: Examine the MAC Table Again 270<br />
Task 11: Exit the Switch 271<br />
Curriculum Lab 6-4: Configuring Static MAC Addresses (6.2.4) 271<br />
Task 1: Configure the Switch 272<br />
Task 2: Configure the Hosts Attached to the Switch 272<br />
Task 3: Verify Connectivity 272<br />
Task 4: Record the Host MAC Addresses 272<br />
Task 5: Determine the MAC Addresses that the Switch Has Learned 273<br />
Task 6: Determine the mac-address-table Options 273<br />
Task 7: Set Up a Static MAC Address 273<br />
Task 8: Verify the Results 274<br />
Task 9: Remove the Static MAC Entry 274<br />
Task 10: Verify the Results 275<br />
Task 11: Exit the Switch 275<br />
Curriculum Lab 6-5: Configuring Port Security (6.2.5) 275<br />
Task 1: Configure the Switch 276<br />
Task 2: Configure the Hosts Attached to the Switch 276<br />
Task 3: Verify Connectivity 276<br />
Task 4: Record the Hosts’ MAC Addresses 276<br />
Task 5: Determine the MAC Addresses that the Switch Has Learned 277<br />
Task 6: Determine the mac-address-table Options 277<br />
Task 7: Set Up a Static MAC Address 277<br />
Task 8: Verify the Results 278<br />
Task 9: List Port Security Options 278<br />
Task 10: Verify the Results 279<br />
Task 11: Show the Running Configuration File 279<br />
Task 12: Limit the Number of Hosts Per Port 280<br />
Task 13: Configure the Port to Shut Down if a Security Violation Occurs 280<br />
Task 14: Show Port 0/4 Configuration Information 280<br />
Task 15: Reactivate the Port 281<br />
Task 16: Exit the Switch 281<br />
Curriculum Lab 6-6: Add, Move, <strong>and</strong> Change MAC Addresses (6.2.6)<br />
282<br />
Task 1: Configure the Switch 283<br />
Task 2: Configure the Hosts Attached to the Switch 283
Task 3: Verify Connectivity 283<br />
Task 4: Record the Hosts’ MAC Addresses 283<br />
Task 5: Determine the MAC Addresses that the Switch Has Learned 283<br />
Task 6: Determine the mac-address-table Options 284<br />
Task 7: Set Up a Static MAC Address 284<br />
Task 8: Verify the Results 284<br />
Task 9: List Port Security Options 285<br />
Task 10: Verify the Results 285<br />
Task 11: Show the Running Configuration File 286<br />
Task 12: Limit the Number of Hosts Per Port 286<br />
Task 13: Move Host 286<br />
Task 14: Clear the MAC Address Table 287<br />
Task 15: Change the Security Settings 287<br />
Task 16: Verify the Results 288<br />
Task 17: Exit the Switch 289<br />
Curriculum Lab 6-7: Managing Switch Operating System Files (6.2.7a)<br />
289<br />
Task 1: Configure the Switch 290<br />
Task 2: Configure the Host that Is Attached to the Switch 290<br />
Task 3: Verify Connectivity 290<br />
Task 4: Start <strong>and</strong> Configure the Cisco TFTP Server 290<br />
Task 5: Copy the IOS Image to the TFTP Server (1900: Skip to Step 9) 291<br />
Task 6: Verify the Transfer to the TFTP Server 291<br />
Task 7: Copy the IOS Image from the TFTP Server 292<br />
Task 8: Test the Restored IOS Image 292<br />
Task 9: Procedure for 1900 Switch Firmware Upgrade Using TFTP 293<br />
Curriculum Lab 6-8: Managing Switch Startup Configuration Files<br />
(6.2.7b) 294<br />
Task 1: Configure the Switch 295<br />
Task 2: Configure the Host that Is Attached to the Switch 295<br />
Task 3: Verify Connectivity 295<br />
Task 4: Start <strong>and</strong> Configure the Cisco TFTP Server 295<br />
Task 5: Copy the Startup Configuration File to the TFTP Server 296<br />
Task 6: Verify the Transfer to the TFTP Server 297<br />
Task 7: Restore the Startup Configuration File from the TFTP Server 297<br />
Task 8: Test the Restored Startup Configuration Image (Not Supported on the 1900)<br />
298<br />
Curriculum Lab 6-9: Password Recovery Procedure on a Catalyst<br />
2900 Series Switch (6.2.8) 300<br />
Task 1: Configure the Switch 301<br />
Task 2: Configure the Host that Is Attached to the Switch 301<br />
Task 3: Verify Connectivity 301<br />
Task 4: Reset the Console Password 301<br />
Task 5: Recover Access to the Switch 301<br />
Task 6: Restart the System 302<br />
Task 7: Procedure for the 1900 <strong>and</strong> 2800 Switches 303<br />
xvii
xviii Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Curriculum Lab 6-10: Firmware Upgrade of a Catalyst 2950 Series<br />
Switch (6.2.9) 305<br />
Task 1: Configure the Switch 306<br />
Task 2: Configure the Host Attached to the Switch 306<br />
Task 3: Verify Connectivity 306<br />
Task 4: Display the Name of the Running Image File 306<br />
Task 5: Prepare for the New Image 307<br />
Task 6: Extract the New IOS Image <strong>and</strong> HTML Files into Flash Memory 307<br />
Task 7: Associate the New Boot File 307<br />
Task 8: Restart the Switch 308<br />
Challenge Lab 6-11: Basic Switch Configuration with Port Security<br />
308<br />
Task 1: Cable the Topology <strong>and</strong> Clear the Configuration 309<br />
Task 2: Configure the Switch 309<br />
Task 3: Configure <strong>and</strong> Test Port Security 310<br />
Chapter 7: Spanning Tree Protocol 313<br />
<strong>Study</strong> <strong>Guide</strong> 314<br />
Redundant Topologies 314<br />
Vocabulary Exercise: Completion 314<br />
Concept Questions 314<br />
Journal Entry 315<br />
Spanning Tree Protocol 315<br />
Vocabulary Exercise: Matching 316<br />
Vocabulary Exercise: Completion 317<br />
Determine the Root Bridge <strong>and</strong> Port Roles Exercise 318<br />
Spanning-Tree Recalculation Exercise 322<br />
Concept Questions 323<br />
Lab Exercises 324<br />
Comm<strong>and</strong> Reference 324<br />
Curriculum Lab 7-1: Selecting the Root Bridge (7.2.4) 324<br />
Task 1: Configure the Switches 325<br />
Task 2: Configure the Hosts that Are Attached to the Switches 325<br />
Task 3: Verify Connectivity 325<br />
Task 4: Look at the show interface vlan Options 326<br />
Task 5: Look at the VLAN Interface Information 327<br />
Task 6: Look at the Switches’ Spanning-Tree Tables 327<br />
Task 7: Reassign the Root Bridge 329<br />
Task 8: Look at the Switch Spanning-Tree Table 330<br />
Task 9: Verify the Running Configuration File on the Root Switch 331<br />
Curriculum Lab 7-2: Spanning-Tree Recalculation (7.2.6) 332<br />
Task 1: Configure the Switches 333<br />
Task 2: Configure the Hosts that Are Attached to the Switches 333<br />
Task 3: Verify Connectivity 333<br />
Task 4: Look at the VLAN Interface Information 333
Task 5: Look at the Switches’ Spanning-Tree Tables 334<br />
Task 6: Remove a Cable on the Switch 336<br />
Task 7: Look at the Spanning-Tree Table for the Switches 337<br />
Task 8: Replace the Cable in the Switch 338<br />
Task 9: Redisplay the Spanning-Tree Table for the Switches 338<br />
Chapter 8: Virtual LANs 341<br />
<strong>Study</strong> <strong>Guide</strong> 342<br />
VLAN Concepts 342<br />
Vocabulary Exercise: Completion 342<br />
VLAN Configuration 342<br />
Learn VLAN Configuration Comm<strong>and</strong>s Exercise 342<br />
Troubleshooting VLANs 345<br />
Identify the Troubleshooting Comm<strong>and</strong> Exercise 345<br />
Lab Exercises 348<br />
Comm<strong>and</strong> Reference 348<br />
Curriculum Lab 8-1: Configuring Static VLANs (8.2.3) 348<br />
Task 1: Configure the Switch 349<br />
Task 2: Configure the Hosts Attached to the Switch 349<br />
Task 3: Verify Connectivity 349<br />
Task 4: Show the Cisco IOS Version 349<br />
Task 5: Display the VLAN Interface Information 350<br />
Task 6: Create <strong>and</strong> Name Two VLANs 351<br />
Task 7: Display the VLAN Interface Information 351<br />
Task 8: Assign a Port to VLAN 2 352<br />
Task 9: Display the VLAN Interface Information 353<br />
Task 10: Assign a Port to VLAN 3 354<br />
Task 11: Display the VLAN Interface Information 354<br />
Task 12: Look Only at VLAN 2 Information 355<br />
Task 13: Look Only at VLAN 2 Information with a Different Comm<strong>and</strong> (1900: Skip<br />
this Task) 355<br />
Curriculum Lab 8-2: Verifying VLAN Configurations (8.2.4) 356<br />
Task 1: Configure the Switch 357<br />
Task 2: Configure the Hosts Attached to the Switch 357<br />
Task 3: Verify Connectivity 357<br />
Task 4: Display the VLAN Interface Information 357<br />
Task 5: Create <strong>and</strong> Name Two VLANs 358<br />
Task 6: Assign Ports to VLAN 2 358<br />
Task 7: Display the VLAN Interface Information 359<br />
Task 8: Assign Ports to VLAN 3 360<br />
Task 9: Display the VLAN Interface Information 360<br />
Task 10: Test the VLANs 361<br />
Task 11: Move a Host 362<br />
Task 12: Test the VLANs 362<br />
Task 13: Move Hosts 362<br />
xix
xx Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 14: Test the VLANs 362<br />
Task 15: Move the Hosts 362<br />
Task 16: Test the VLANs 362<br />
Curriculum Lab 8-3: Deleting VLAN Configurations (8.2.6) 363<br />
Task 1: Configure the Switch 364<br />
Task 2: Configure the Hosts Attached to the Switch 364<br />
Task 3: Verify Connectivity 364<br />
Task 4: Display the VLAN Interface Information 364<br />
Task 5: Create <strong>and</strong> Name Two VLANs 365<br />
Task 6: Assign Ports to VLAN 2 365<br />
Task 7: Display the VLAN Interface Information 366<br />
Task 8: Assign Ports to VLAN 3 366<br />
Task 9: Display the VLAN Interface Information 367<br />
Task 10: Test the VLANs 368<br />
Task 11: Delete a Host from a VLAN 368<br />
Task 12: Display the VLAN Interface Information 368<br />
Task 13: Delete a VLAN 369<br />
Task 14: Display the VLAN Interface Information 370<br />
Task 15: Delete VLAN 1 370<br />
Challenge Lab 8-4: Static VLANs, STP, <strong>and</strong> Port Security 371<br />
Task 1: Cable the Topology <strong>and</strong> Basic Configuration 371<br />
Task 2: Configure VLANs 372<br />
Task 3: Configure the Root Bridge for STP 373<br />
Task 4: Configure Port Security 374<br />
Task 5: Verify VLANs <strong>and</strong> Port Security 375<br />
Chapter 9: VLAN Trunking Protocol 379<br />
<strong>Study</strong> <strong>Guide</strong> 380<br />
Trunking 380<br />
Vocabulary Exercise: Completion 380<br />
Basic Trunk Configuration Exercise 382<br />
VTP 382<br />
Vocabulary Exercise: Completion 383<br />
VTP Basic Configuration Exercise 383<br />
Concept Questions 384<br />
Internet Research: VTP 385<br />
Internet Research: VTP Pruning 387<br />
Inter-VLAN Routing Overview 387<br />
Vocabulary Exercise: Completion 387<br />
Basic Inter-VLAN Configuration Exercise 388<br />
Lab Exercises 389<br />
Comm<strong>and</strong> Reference 389<br />
Curriculum Lab 9-1: Trunking with ISL (9.1.5a) 391<br />
Task 1: Configure the Switch 392
Task 2: Configure the Hosts Attached to the Switch 392<br />
Task 3: Verify Connectivity 392<br />
Task 4: Display the VLAN Interface Information 392<br />
Task 5: Create <strong>and</strong> Name Three VLANs 393<br />
Task 6: Assign Ports to VLAN 10 393<br />
Task 7: Assign Ports to VLAN 20 394<br />
Task 8: Assign Ports to VLAN 30 394<br />
Task 9: Create VLANs on Switch_B 395<br />
Task 10: Display the VLAN Interface Information 395<br />
Task 11: Test the VLANs 396<br />
Task 12: Create the ISL Trunk 396<br />
Task 13: Verify the ISL Trunk 396<br />
Task 14: Test the VLANs <strong>and</strong> the Trunk 397<br />
Task 15: Move the Hosts 397<br />
Task 16: Test the VLANs <strong>and</strong> the Trunk 397<br />
Task 17: Move the Hosts 398<br />
Task 18: Test the VLANs <strong>and</strong> the Trunk 398<br />
Task 19: Move the Hosts 398<br />
Task 20: Test the VLANs <strong>and</strong> the Trunk 398<br />
Task 21: Move the Hosts 398<br />
Task 22: Test the VLANs <strong>and</strong> the Trunk 398<br />
Curriculum Lab 9-2: Trunking with 802.1q (9.1.5b) 402<br />
Task 1: Configure the Switch 403<br />
Task 2: Configure the Hosts Attached to the Switch 403<br />
Task 3: Verify Connectivity 403<br />
Task 4: Display the VLAN Interface Information 403<br />
Task 5: Create <strong>and</strong> Name Three VLANs 404<br />
Task 6: Assign Ports to VLAN 10 404<br />
Task 7: Assign Ports to VLAN 20 405<br />
Task 8: Assign Ports to VLAN 30 405<br />
Task 9: Create VLANs on Switch_B 405<br />
Task 10: Display the VLAN Interface Information 406<br />
Task 11: Test the VLANs 406<br />
Task 12: Create the Trunk 407<br />
Task 13: Verify the Trunk 407<br />
Task 14: Test the VLANs <strong>and</strong> the Trunk 408<br />
Task 15: Move the Hosts 408<br />
Task 16: Test the VLANs <strong>and</strong> the Trunk 409<br />
Task 17: Move the Hosts 409<br />
Task 18: Test the VLANs <strong>and</strong> the Trunk 409<br />
Task 19: Move the Hosts 409<br />
Task 20: Test the VLANs <strong>and</strong> the Trunk 410<br />
Task 21: Move the Hosts 410<br />
Task 22: Test the VLANs <strong>and</strong> the Trunk 410<br />
xxi
xxii Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Curriculum Lab 9-3: VTP Client <strong>and</strong> Server Configurations (9.2.5)<br />
411<br />
Task 1: Configure the Switches 412<br />
Task 2: Configure the Hosts Attached to the Switch 412<br />
Task 3: Verify Connectivity 412<br />
Task 4: Display the VLAN Interface Information 412<br />
Task 5: Configure VTP 413<br />
Task 6: Create <strong>and</strong> Name Three VLANs 413<br />
Task 7: Assign Ports to VLAN 10 414<br />
Task 8: Assign Ports to VLAN 20 414<br />
Task 9: Assign Ports to VLAN 30 414<br />
Task 10: Display the VLAN Interface Information 415<br />
Task 11: Configure the VTP Client 416<br />
Task 12: Create the Trunk 416<br />
Task 13: Verify the Trunk 416<br />
Task 14: Display the VLAN Interface Information 417<br />
Task 15: Assign Ports to VLAN 10 418<br />
Task 16: Assign Ports to VLAN 20 418<br />
Task 17: Assign Ports to VLAN 30 419<br />
Task 18: Display the VLAN Interface Information 419<br />
Task 19: Test the VLANs <strong>and</strong> the Trunk 420<br />
Task 20: Move the Hosts 420<br />
Task 21: Test the VLANs <strong>and</strong> the Trunk 420<br />
Curriculum Lab 9-4: Configuring Inter-VLAN Routing (9.3.6) 421<br />
Task 1: Configure the Switch 422<br />
Task 2: Configure the Hosts Attached to the Switch 422<br />
Task 3: Verify Connectivity 422<br />
Task 4: Create <strong>and</strong> Name Two VLANs 422<br />
Task 5: Assign Ports to VLAN 10 423<br />
Task 6: Assign Ports to VLAN 20 423<br />
Task 7: Display the VLAN Interface Information 424<br />
Task 8: Create the Trunk 425<br />
Task 9: Configure the Router 425<br />
Task 10: Save the Router Configuration 426<br />
Task 11: Display the Router Routing Table 426<br />
Task 12: Test the VLANs <strong>and</strong> the Trunk 427<br />
Task 13: Move the Hosts 427<br />
Comprehensive Lab 9-5: Inter-VLAN <strong>and</strong> VTP Configuration 431<br />
Task 1: Cable the Topology <strong>and</strong> Basic Configuration 432<br />
Task 2: Configure VTP Parameters 432<br />
Task 3: Configure Inter-VLAN Routing 435<br />
Task 4: Adding, Moving, <strong>and</strong> Deleting VLANs 436<br />
Task 5: Documentation 440
Challenge Lab 9-6: Advanced Switching 447<br />
Task 1: Cable the Topology <strong>and</strong> Basic Configuration 448<br />
Task 2: Configure the Root Bridge for STP 448<br />
Task 3: Configure Port Security 449<br />
Task 4: Configure VTP <strong>and</strong> VLANs 450<br />
Task 5: Set Up DHCP on the DIST Router 453<br />
Task 6: Configure Inter-VLAN Routing 453<br />
Task 7: Verify Inter-VLAN Routing 454<br />
Task 8: Documentation 458<br />
Appendix A Router Interface Summary Chart 469<br />
Appendix B Erasing <strong>and</strong> Reloading the Switch 471<br />
Appendix C Erasing <strong>and</strong> Reloading the Router 473<br />
Appendix D <strong>CCNA</strong> 3 Skills-Based Assessment Practice 475<br />
xxiii
xxiv Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Icons Used in This Book<br />
Communication<br />
Server<br />
Token<br />
Ring<br />
Token Ring<br />
PC PC with<br />
Software<br />
Terminal File<br />
Server<br />
Comm<strong>and</strong> Syntax Conventions<br />
The conventions that present comm<strong>and</strong> syntax in this book are the same conventions used in the IOS<br />
Comm<strong>and</strong> Reference. The Comm<strong>and</strong> Reference describes these conventions as follows:<br />
■ Boldface indicates comm<strong>and</strong>s <strong>and</strong> keywords that are entered literally as shown. In actual<br />
configuration examples <strong>and</strong> output (not general comm<strong>and</strong> syntax), boldface indicates comm<strong>and</strong>s<br />
that are manually input by the user (such as a show comm<strong>and</strong>).<br />
■ Italics indicate arguments for which you supply actual values.<br />
■ Vertical bars (|) separate alternative, mutually exclusive elements.<br />
■ Square brackets [ ] indicate optional elements.<br />
■ Braces { } indicate a required choice.<br />
Sun<br />
Workstation<br />
Web<br />
Server<br />
Printer Laptop IBM<br />
Mainframe<br />
Gateway<br />
Network Cloud<br />
Macintosh<br />
Cisco Works<br />
Workstation<br />
Front End<br />
Processor<br />
Access<br />
Server<br />
ATM<br />
Switch<br />
Cluster<br />
Controller<br />
■ Braces within brackets [{ }] indicate a required choice within an optional element.<br />
ISDN/Frame Relay<br />
Switch<br />
Modem<br />
Multilayer<br />
Switch<br />
Router Bridge Hub<br />
DSU/CSU<br />
DSU/CSU FDDI Catalyst<br />
Switch<br />
Line: Ethernet<br />
FDDI<br />
Line: Serial Line: Switched Serial
Introduction<br />
Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong> is a supplement to your classroom<br />
<strong>and</strong> laboratory experience with the Cisco Networking Academy Program. Specifically, this book<br />
covers the third of four courses. To be successful in this course <strong>and</strong> achieve your <strong>CCNA</strong> certification, you<br />
should do everything in your power to arm yourself with a variety of tools <strong>and</strong> training materials to support<br />
your learning efforts. This <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong> is just such a collection of tools. Used to its fullest<br />
extent, it will help you gain the knowledge as well as practice the skills associated with the content area of<br />
the <strong>CCNA</strong> 3 Switching Basics <strong>and</strong> Intermediate Routing course. Specifically, this book will help you to<br />
work on these main areas of <strong>CCNA</strong> 3:<br />
■ Advanced IP addressing techniques (VLSM)<br />
■ Routing protocols: RIPv2, single-area OSPF, <strong>and</strong> EIGRP<br />
■ Switching technologies <strong>and</strong> LAN design<br />
■ Switch configurations: security, STP, VLANs, <strong>and</strong> VTP<br />
Lab <strong>Study</strong> <strong>Guide</strong>s similar to this one are also available for the other three courses: Networking Basics<br />
<strong>CCNA</strong> 1 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong>, Routers <strong>and</strong> Routing Basics <strong>CCNA</strong> 2 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong>, <strong>and</strong> WAN<br />
Technologies <strong>CCNA</strong> 4 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong>.<br />
Goals <strong>and</strong> Methods<br />
One of the most important goals of this book is to help you prepare for either the <strong>CCNA</strong> exam (640-801)<br />
or the ICND exam (640-811). Whether you are studying for the full exam or the second part of your<br />
<strong>CCNA</strong>, passing either of these exams means that you not only have the required knowledge of the technologies<br />
covered by the exam, but also can plan, design, implement, operate, <strong>and</strong> troubleshoot these technologies.<br />
In other words, these exams are rigorously application-based. In fact, if you view the topics for<br />
the <strong>CCNA</strong> exam at http://www.cisco.com/web/learning/le3/current_exams/640-801.html, you will see the<br />
following four categories:<br />
■ Planning & Designing<br />
■ Implementation & Operation<br />
■ Troubleshooting<br />
■ Technology<br />
Although Technology is listed last, a <strong>CCNA</strong> student cannot possibly plan, design, implement, operate, <strong>and</strong><br />
troubleshoot networks without first fully grasping the technology. So, you need to devote a certain amount<br />
of time <strong>and</strong> effort in the <strong>Study</strong> <strong>Guide</strong> section of each chapter learning the concepts <strong>and</strong> theories before<br />
applying them in the Lab Exercises portion.<br />
The <strong>Study</strong> <strong>Guide</strong> section of each chapter offers exercises that help you learn the concepts <strong>and</strong> configurations<br />
crucial to your success as a <strong>CCNA</strong> exam c<strong>and</strong>idate. Each chapter is slightly different <strong>and</strong> includes<br />
some or all of the following types of exercises:<br />
■ Vocabulary matching <strong>and</strong> completion<br />
■ Skill-building activities <strong>and</strong> scenarios<br />
■ Configuration scenarios<br />
■ Concept questions<br />
■ Journal entries<br />
■ Internet research<br />
xxv
xxvi Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
The Lab Exercises sections include a Comm<strong>and</strong> Reference table, all the online Curriculum <strong>Labs</strong>, <strong>and</strong><br />
br<strong>and</strong>-new Comprehensive <strong>Labs</strong> <strong>and</strong> Challenge <strong>Labs</strong>. The Curriculum <strong>Labs</strong> typically walk you through the<br />
configuration tasks step by step. The Comprehensive <strong>Labs</strong> combine many, if not all, of the configuration<br />
tasks of the Curriculum <strong>Labs</strong> without actually providing you with all the comm<strong>and</strong>s. The Challenge <strong>Labs</strong><br />
take this a step further, often giving you only a general requirement that you must implement fully without<br />
the details of each small step. In other words, you must use the knowledge <strong>and</strong> skills you gained in the<br />
Curriculum <strong>Labs</strong> to successfully complete the Comprehensive <strong>and</strong> Challenge <strong>Labs</strong>. In fact, you should not<br />
attempt the Comprehensive or Challenge <strong>Labs</strong> until you have worked through all the <strong>Study</strong> <strong>Guide</strong> activities<br />
<strong>and</strong> the Curriculum <strong>Labs</strong>. When you work through the Comprehensive <strong>and</strong> Challenge <strong>Labs</strong>, avoid the<br />
temptation to flip back through the Curriculum <strong>Labs</strong> when you are not sure of a comm<strong>and</strong>. Do not try to<br />
short-circuit your <strong>CCNA</strong> training. <strong>Study</strong> the chapter’s topics until you can do the Comprehensive <strong>and</strong><br />
Challenge <strong>Labs</strong> without any help. You need a deep underst<strong>and</strong>ing of <strong>CCNA</strong> knowledge <strong>and</strong> skills to ultimately<br />
be successful on the <strong>CCNA</strong> exam.<br />
How This Book Is Organized<br />
Although you could work through the <strong>Study</strong> <strong>Guide</strong>s <strong>and</strong> Lab Exercises in this book in order, the content of<br />
knowledge <strong>and</strong> skills actually flows down three separate paths. The flow chart shown in Figure I-1 graphically<br />
displays these paths.<br />
Figure I-1 Paths for Using This Book<br />
Intermediate<br />
Routing<br />
Chapter 1:<br />
Introduction to<br />
Classless Routing<br />
Chapter 2:<br />
Single-Area<br />
OSPF<br />
Chapter 3:<br />
EIGRP <strong>and</strong><br />
Troubleshooting<br />
Routing Protocols<br />
Intermediate<br />
Routing <strong>and</strong><br />
Switching Basics<br />
<strong>CCNA</strong> 3<br />
Switching <strong>and</strong><br />
Design<br />
Chapter 4:<br />
Switching<br />
Concepts<br />
Chapter 5:<br />
LAN Design<br />
<strong>and</strong> Switches<br />
Appendix D:<br />
<strong>CCNA</strong> 3 Skills-Based<br />
Assessment Practice<br />
Switching<br />
Configuration<br />
Chapter 6:<br />
Catalyst Switch<br />
Configuration<br />
Chapter 7:<br />
Spanning Tree<br />
Protocol<br />
Chapter 8:<br />
Virtual LANs<br />
Chapter 9:<br />
VLAN<br />
Trunking Protocol<br />
Chapters 1, 2, <strong>and</strong> 3 belong to the Intermediate Routing path <strong>and</strong> focus on VLSM <strong>and</strong> routing configuration.<br />
Chapters 4 <strong>and</strong> 5 belong to the Switching <strong>and</strong> Design path <strong>and</strong> focus on switching technologies <strong>and</strong><br />
LAN design. Chapters 6, 7, 8, <strong>and</strong> 9 belong to the Switching Configuration path <strong>and</strong> focus on basic<br />
switching protocols <strong>and</strong> configurations. No path is dependent upon another path. Appendix D provides you<br />
with three different <strong>CCNA</strong> 3 Skills-Based Assessment practice labs.
Work through the <strong>Study</strong> <strong>Guide</strong> <strong>and</strong> Lab Exercises in the sequence in which they are presented. The<br />
sequence is designed to take you from a basic underst<strong>and</strong>ing of the knowledge topics through the full<br />
application <strong>and</strong> implementation of the skills. Individually, the chapters <strong>and</strong> appendixes include exercises<br />
<strong>and</strong> labs covering the following knowledge <strong>and</strong> skills:<br />
■ Chapter 1, “Introduction to Classless Routing”—Variable-Length Subnet Masking (VLSM) is<br />
arguably one of the most challenging skills you must master as a <strong>CCNA</strong> c<strong>and</strong>idate. Therefore, this<br />
chapter spends a great deal of time on this topic. Use the large variety of exercises to solidify your<br />
VLSM skills. In the RIPv2 discussion of the <strong>Study</strong> <strong>Guide</strong> portion, you compare <strong>and</strong> contrast RIPv1<br />
<strong>and</strong> RIPv2 <strong>and</strong> complete an Internet Research exercise. In the Lab Exercises portion is a Comm<strong>and</strong><br />
Reference exercise to help you review all the comm<strong>and</strong>s covered in the chapter. The five Curriculum<br />
<strong>Labs</strong> focus your attention on the configuration tasks covered in the chapter. Two additional labs, a<br />
Comprehensive Lab <strong>and</strong> a Challenge Lab, help you review the comm<strong>and</strong>s <strong>and</strong> skills learned in the<br />
Curriculum <strong>Labs</strong>.<br />
■ Chapter 2, “Single-Area OSPF”—This chapter has plenty of vocabulary exercises to help you get a<br />
firm grasp of OSPF terminology. Additional exercises focus on specific concepts <strong>and</strong> skills. For example,<br />
the DR/BDR Election exercise concentrates on this challenging OSPF topic. Concept questions<br />
round out your study of the operation of OSPF. In the Lab Exercises portion is a Comm<strong>and</strong> Reference<br />
exercise to help you review all the comm<strong>and</strong>s covered in the chapter. The six Curriculum <strong>Labs</strong> focus<br />
your attention on the configuration tasks covered in the chapter. Two additional labs, a Comprehensive<br />
Lab <strong>and</strong> a Challenge Lab, help you review the comm<strong>and</strong>s <strong>and</strong> skills learned in the Curriculum <strong>Labs</strong>.<br />
■ Chapter 3, “EIGRP <strong>and</strong> Troubleshooting Routing Protocols”—This chapter covers the concepts<br />
<strong>and</strong> configurations of the Cisco-proprietary Enhanced Interior Gateway Routing Protocol (EIGRP).<br />
Exercises cover vocabulary <strong>and</strong> the EIGRP packet types. In the “EIGRP Configuration” section, you<br />
work through a comprehensive EIGRP configuration exercise. Finally, you work on your troubleshooting<br />
skills in the “Troubleshooting Routing Protocols” section. The Lab Exercises portion has a<br />
Comm<strong>and</strong> Reference exercise to help you review all the comm<strong>and</strong>s covered in the chapter. The two<br />
Curriculum <strong>Labs</strong> focus your attention on the configuration tasks covered in the chapter. Two additional<br />
labs, a Comprehensive Lab <strong>and</strong> a Challenge Lab, help you review the comm<strong>and</strong>s <strong>and</strong> skills learned<br />
in the Curriculum <strong>Labs</strong>.<br />
■ Chapter 4, “Switching Concepts”—This chapter is in many ways a review of concepts you have<br />
already learned in previous course work. Therefore, in addition to some vocabulary exercises, additional<br />
exercises concentrate on a few of the more difficult concepts, including CSMA/CD, the MAC<br />
address table, collision <strong>and</strong> broadcast domains, <strong>and</strong> cabling. There are no Lab Exercises for this chapter.<br />
■ Chapter 5, “LAN Design <strong>and</strong> Switches”—This chapter is mostly vocabulary <strong>and</strong> concepts. The<br />
exercises in this chapter ensure that you have a firm grasp of the vocabulary <strong>and</strong> concepts pertaining<br />
to LAN design <strong>and</strong> the three-layer hierarchical model. There are no Lab Exercises for this chapter.<br />
xxvii<br />
■ Chapter 6, “Catalyst Switch Configuration”—This chapter includes some vocabulary exercises <strong>and</strong><br />
LED switch identification exercises. Most of the <strong>Study</strong> <strong>Guide</strong> section is devoted to a basic switch configuration<br />
exercise. In the Lab Exercises section of this chapter, you will find a Comm<strong>and</strong> Reference<br />
exercise to help you review all the comm<strong>and</strong>s covered in the chapter. The ten Curriculum <strong>Labs</strong> focus<br />
your attention on the configuration tasks covered in the chapter. A Challenge Lab will help you review<br />
the comm<strong>and</strong>s <strong>and</strong> skills you learned in the Curriculum <strong>Labs</strong>.
xxviii Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
■ Chapter 7, “Spanning Tree Protocol”—This chapter covers the need for redundancy in today’s production<br />
networks <strong>and</strong> explains how the Spanning Tree Protocol (STP) avoids switching loops in a<br />
redundant configuration. <strong>Study</strong> <strong>Guide</strong> exercises include vocabulary, concept questions, determining<br />
the root bridge, <strong>and</strong> spanning-tree recalculation. Because comm<strong>and</strong>s are limited to configuring the<br />
root bridge <strong>and</strong> verifying STP operation, the Lab Exercises are limited to the two online Curriculum<br />
<strong>Labs</strong>. However, STP configuration <strong>and</strong> verification comm<strong>and</strong>s are used in the Comprehensive <strong>and</strong><br />
Challenge <strong>Labs</strong> of both Chapter 8 <strong>and</strong> Chapter 9.<br />
■ Chapter 8, “Virtual LANs”—This chapter begins the study of VLANs, which are increasingly<br />
becoming more prominent in production networks. Exercises focus on vocabulary, concepts, configuration,<br />
<strong>and</strong> troubleshooting. In the Lab Exercises section of this chapter, you will find a Comm<strong>and</strong><br />
Reference exercise to help you review all the comm<strong>and</strong>s covered in the chapter. The three Curriculum<br />
<strong>Labs</strong> focus your attention on the configuration tasks covered in the chapter. An additional Challenge<br />
Lab combines VLAN configuration with port security (Chapter 6) <strong>and</strong> STP (Chapter 7).<br />
■ Chapter 9, “VLAN Trunking Protocol”—This chapter rounds out your <strong>CCNA</strong> study of VLANs<br />
with the VLAN Trunking Protocol. Exercises include vocabulary, concept questions, Internet research,<br />
<strong>and</strong> a journal entry. Also included are configuration exercises covering trunk configuration, VTP configuration,<br />
<strong>and</strong> inter-VLAN configuration. In the Lab Exercises section of this chapter, you will find a<br />
Comm<strong>and</strong> Reference exercise to help you review all the comm<strong>and</strong>s covered in the chapter. The four<br />
Curriculum <strong>Labs</strong> focus your attention on the configuration tasks covered in the chapter. Two additional<br />
labs, a Comprehensive Lab <strong>and</strong> a Challenge Lab, help you review the comm<strong>and</strong>s <strong>and</strong> skills learned<br />
in the Curriculum <strong>Labs</strong> as well as reinforce comm<strong>and</strong>s from Chapters 6, 7, <strong>and</strong> 8.<br />
■ Appendix A, “Router Interface Summary Chart”—This appendix has a table that you can reference<br />
for the appropriate IOS interface names to use on Cisco 800, 1600, 1700, 2500, <strong>and</strong> 2600 series<br />
routers.<br />
■ Appendix B, “Erasing <strong>and</strong> Reloading the Switch”—Because many of the labs require a clean<br />
switch configuration, this appendix includes the procedures you should complete before beginning.<br />
■ Appendix C, “Erasing <strong>and</strong> Reloading the Router”—Because many of the labs require a clean<br />
router configuration, this appendix includes the procedures you should complete before beginning.<br />
■ Appendix D, “<strong>CCNA</strong> 3 Skills-Based Assessment Practice”—This appendix contains three practice<br />
labs for the skills-based assessment. The first lab focuses on routing. The second lab focuses on<br />
switching. The third lab is comprehensive, including most of the comm<strong>and</strong>s <strong>and</strong> configurations you<br />
must master as a <strong>CCNA</strong> 3 student.
CHAPTER 1<br />
Introduction to Classless Routing<br />
The <strong>Study</strong> <strong>Guide</strong> portion of this chapter uses a combination of exercises to test your knowledge on classless<br />
routing.<br />
The Lab Exercises portion of this chapter includes all of the online curriculum labs as well as a<br />
Comprehensive Lab <strong>and</strong> a Challenge Lab to ensure that you have mastered the practical, h<strong>and</strong>s-on skills<br />
needed about classless routing.
2 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
<strong>Study</strong> <strong>Guide</strong><br />
VLSM<br />
Today’s networks must be stable yet scalable. Scalability means the initial design of the network must<br />
allow for change <strong>and</strong> growth without any major modifications to the overall design. A key element of good<br />
network design is an IP addressing plan that optimizes the use of IP addresses <strong>and</strong> minimizes the size of<br />
routing tables. This is achieved through the use of VLSM, CIDR, <strong>and</strong> route summarization. These are fundamental<br />
concepts <strong>and</strong> must be incorporated in your <strong>CCNA</strong> skill set before you move on to the more challenging<br />
topics of OSPF <strong>and</strong> EIGRP, which both incorporate VLSM <strong>and</strong> scalable network design.<br />
The exercises in this section will help you build your skills in implementing VLSM addressing schemes,<br />
determining efficient route summaries, <strong>and</strong> configuring static <strong>and</strong> default routing. The exercises are meant<br />
to progress logically from establishing the use of terminology in the Vocabulary Exercises through applying<br />
your skill in design scenarios <strong>and</strong> application exercises. If you are new to the topic of VLSM, you<br />
should proceed through the exercises in the order presented. However if you are refreshing your skill, try<br />
one of the VLSM Addressing Design Scenarios or even Challenge Lab 1-7 to effectively gauge where you<br />
are weak. Then, choose additional exercises to reinforce your knowledge <strong>and</strong> skill.
Vocabulary Exercise: Matching<br />
Chapter 1: Introduction to Classless Routing 3<br />
Match the definition on the left with a term on the right. This exercise is not necessarily a one-to-one<br />
matching. Some definitions may be used more than once <strong>and</strong> some terms may have multiple definitions.<br />
Definition<br />
a. With classful routing, __________ must be<br />
avoided because they are not visible across<br />
classful network boundaries.<br />
b. does not advertise subnet mask information.<br />
c. describes the combination of multiple contiguous<br />
classful network addresses into one<br />
advertisement.<br />
d. the policy of advertising routes at the classful<br />
boundary.<br />
e. When using a classful routing protocol, it is<br />
important that all subnets have the same as<br />
mask. This is sometimes referred to as<br />
__________.<br />
f. process of combining multiple subnets into<br />
one advertisement with a common prefix<br />
length (not necessarily on a classful boundary).<br />
g. advertises subnet mask information.<br />
h. When a router does not have an interface for<br />
the destination network, it sends traffic to its<br />
_____________.<br />
i. With classless routing protocols, the subnet<br />
mask can be different from subnet to subnet.<br />
This is called __________.<br />
j. also referred to as CIDR notation, bitmask,<br />
<strong>and</strong> network mask, the number of bits that are<br />
shared in common by all addresses in the<br />
address space.<br />
k. specified by RFC 1519 to address the critical<br />
problems of exhaustion of Class B address<br />
space <strong>and</strong> the growth in size of Internet routing<br />
tables.<br />
Term<br />
k classless inter-domain routing<br />
g classless routing protocol<br />
j prefix length<br />
a discontiguous subnets<br />
f route aggregation<br />
e fixed-length subnet masking (FLSM)<br />
h default route<br />
d automatic summarization<br />
i variable-length subnet mask (VLSM)<br />
f route summarization<br />
c supernetting<br />
b classful routing protocol
4 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Instructor Note: Supernetting can be referred to as route summarization or route aggregation, but route summarization<br />
cannot always be referred to as supernetting. They are not technically the same thing. For example,<br />
192.168.1.0/25 can be a summary route of the 192.168.1.0/26 <strong>and</strong> 192.168.1.64/26 subnets, but it is not a supernet of<br />
them. Supernetting is a term used to describe the combination of multiple contiguous classful network addresses into<br />
one advertisement. For example, 192.168.0.0/22 includes Class C networks 192.168.0.0 through 192.168.3.0.<br />
However, the supernet 192.168.0.0/22 is more often referred to as a summary route. In fact, the show ip protocols<br />
comm<strong>and</strong> will list this summary as Address Summarization, not as a supernet.<br />
Classless inter-domain routing (CIDR, pronounced “cider”) is the method specified by RFC 1519 for assigning IP<br />
addresses without using the st<strong>and</strong>ard IP address classes such as Class A, Class B, <strong>and</strong> Class C. Thus, an organization<br />
could be assigned eight addresses such as 209.165.201.8/29. This is not a subnet; rather, it is a block of addresses from<br />
209.165.201.8 through 209.165.201.15. The CIDR notation, which is the prefix length, is /29, meaning that the first<br />
29 bits are assigned by the Internet Assigned Numbers Authority (http://www.iana.org). The remaining 3 bits are<br />
available to the assignee for addressing purposes.<br />
Vocabulary Exercise: Completion<br />
Complete the paragraphs that follow by filling in appropriate words <strong>and</strong> phrases.<br />
When using classful routing protocols such as RIP <strong>and</strong> IGRP, you must use fixed-length subnet masking<br />
(FLSM), which means that all subnets within the same addressing scheme must share the same subnet<br />
mask. With these routing protocols, it is also very important to avoid discontiguous subnets, because they<br />
perform automatic summarization at classful network boundaries. Subnets must be assigned to networks in<br />
sequential order because they are not advertised across the network boundary.<br />
Classless inter-domain routing is specified in RFC 1519 as a way to assign addresses by delineating the<br />
prefix length of the common bits in the network portion of the address space instead of relying on the<br />
default subnet masks of Classes A, B, <strong>and</strong> C.<br />
The implementation of CIDR allows the use of classless routing protocols such as OSPF, IS-IS, EIGRP,<br />
<strong>and</strong> BGPv4. These protocols effectively preserve address space <strong>and</strong> reduce the size of routing tables<br />
through the use of variable-length subnet masks (or masking) (VLSM). These protocols are capable of<br />
advertising a collection of classful addresses in one big supernet, which is a type of route summarization<br />
(or aggregation) with which multiple address spaces can be combined into one route with a common network<br />
prefix.<br />
The process of using routing protocols such as RIP or OSPF is often referred to as dynamic routing. Two<br />
other types of routing are available to the network administrator: static routing, which is the manual configuration<br />
of a network/subnet mask combination, <strong>and</strong> default routing, which is the manual configuration<br />
of a gateway of last resort.<br />
Subnetting Review Exercises<br />
Three basic subnetting review exercises follow, which will help you refresh your subnetting skills. You<br />
must be able to demonstrate a basic level of competency in subnetting before proceeding into VLSM.<br />
Note: CIDR notation refers to the practice of representing the prefix length of the network portion of an address in<br />
“slash” format. For example, the CIDR notation of the Class C default subnet mask 255.255.255.0 is /24.
Class C Subnetting Scenario<br />
Use the address space 192.168.1.0/24 <strong>and</strong> subnet it to provide enough addresses for 40 hosts.<br />
What are the most bits you can borrow? 2<br />
Assuming subnet 0 <strong>and</strong> the all-1s subnet are both useable, what is the total number of subnets? 4<br />
What is the total number of useable hosts per subnet? 26 <strong>–</strong> 2 = 62<br />
What is the new subnet mask in dotted-decimal notation? 255.255.255.192<br />
What is the new subnet mask in CIDR notation? /26<br />
What is the magic number or subnet multiplier? 64<br />
Fill in the following table for the first ten useable subnets. All rows in the table may not be used.<br />
Subnet No. Subnet Address Host Range Broadcast Address<br />
0 192.168.1.0 192.168.1.1<strong>–</strong>192.168.1.62 192.168.1.63<br />
1 192.168.1.64 192.168.1.65<strong>–</strong>192.168.1.126 192.168.1.127<br />
2 192.168.1.128 192.168.1.129<strong>–</strong>192.168.1.190 192.168.1.191<br />
3 192.168.1.192 192.168.1.193<strong>–</strong>192.168.1.254 192.168.1.255<br />
4<br />
5<br />
6<br />
7<br />
8<br />
9<br />
Class B Subnetting Scenario<br />
Use the address space 172.16.0.0/16 <strong>and</strong> subnet it to provide 2000 subnets.<br />
How many bits do you need to borrow? 11<br />
Assuming subnet 0 <strong>and</strong> the all-1s subnet are both useable, what is the total number of subnets? 2048<br />
What is the total number of useable hosts per subnet? 25 <strong>–</strong> 2 = 30<br />
What is the new subnet mask in dotted-decimal notation? 255.255.255.224<br />
What is the new subnet mask in CIDR notation? /27<br />
What is the magic number or subnet multiplier? 32<br />
Chapter 1: Introduction to Classless Routing 5<br />
Fill in the following table for the first ten useable subnets. Note: All blanks may not be used.
6 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Subnet No. Subnet Address Host Range Broadcast Address<br />
0 172.16.0.32 172.16.0.33<strong>–</strong>172.16.0.62 172.16.0.63<br />
1 172.16.0.64 172.16.0.65<strong>–</strong>172.16.0.94 172.16.0.95<br />
2 172.16.0.96 172.16.0.97<strong>–</strong>172.16.0.126 172.16.0.127<br />
3 172.16.0.128 172.16.0.129<strong>–</strong>172.16.0.158 172.16.0.159<br />
4 172.16.0.160 172.16.0.161<strong>–</strong>172.16.0.190 172.16.0.191<br />
5 172.16.0.192 172.16.0.193<strong>–</strong>172.16.0.222 172.16.0.223<br />
6 172.16.0.224 172.16.0.225<strong>–</strong>172.16.0.254 172.16.0.255<br />
7 172.16.1.0 172.16.1.1<strong>–</strong>172.16.1.30 172.16.1.31<br />
8 172.16.1.32 172.16.1.33<strong>–</strong>172.16.1.64 172.16.1.63<br />
9 172.16.1.64 172.16.1.65<strong>–</strong>172.16.1.94 172.16.1.95<br />
Class A Subnetting Scenario<br />
Use the address space 10.0.0.0/8 <strong>and</strong> subnet it to provide enough addresses for 30,000 hosts.<br />
What are the most bits you can borrow? 9<br />
Assuming subnet 0 <strong>and</strong> the all-1s subnet are both useable, what is the total number of subnets? 512<br />
What is the total number of useable hosts per subnet? 215 <strong>–</strong> 2 = 32,764<br />
What is the new subnet mask in dotted-decimal notation? 255.255.128.0<br />
What is the new subnet mask in CIDR notation? /17<br />
What is the magic number or subnet multiplier? 128<br />
Fill in the following table for the first ten useable subnets. Note: All blanks may not be used.<br />
Subnet No. Subnet Address Host Range Broadcast Address<br />
0 10.0.0.0 10.0.0.1<strong>–</strong>10.0.127.254 10.0.127.255<br />
1 10.0.128.0 10.0.128.1<strong>–</strong>10.0.255.254 10.0.255.255<br />
2 10.1.0.0 10.1.0.1<strong>–</strong>10.1.127.254 10.1.127.255<br />
3 10.1.128.0 10.1.128.1<strong>–</strong>10.1.255.254 10.1.255.255<br />
4 10.2.0.0 10.2.0.1<strong>–</strong>10.2.127.254 10.2.127.255<br />
5 10.2.128.0 10.2.128.1<strong>–</strong>10.2.255.254 10.2.255.255<br />
6 10.3.0.0 10.3.0.1<strong>–</strong>10.3.127.254 10.3.127.255<br />
7 10.3.128.0 10.3.128.1<strong>–</strong>10.3.255.254 10.3.255.255<br />
8 10.4.0.0 10.4.0.1<strong>–</strong>10.4.127.254 10.4.127.255<br />
9 10.4.128.0 10.4.128.1<strong>–</strong>10.4.255.254 10.4.255.255
Prefix Length Use Exercises<br />
Use the following exercises to practice converting between dotted-decimal <strong>and</strong> prefix length representations<br />
(CIDR notation) of subnet masks.<br />
Dotted-Decimal to Prefix Length Conversion<br />
Convert the following subnets <strong>and</strong> subnet masks shown in dotted-decimal format into the equivalent prefix<br />
length format.<br />
Example:<br />
192.168.1.0 255.255.255.0; Answer: 192.168.1.0/24<br />
192.168.1.0 255.255.255.128; Answer: 192.168.1.0/25<br />
192.168.1.128 255.255.255.192; Answer: 192.168.1.0/26<br />
192.168.1.32 255.255.255.224; Answer: 192.168.1.31/27<br />
192.168.1.96 255.255.255.248; Answer: 192.168.1.96/29<br />
192.168.1.48 255.255.255.252; Answer: 192.168.1.48/30<br />
172.16.128.0 255.255.224.0; Answer: 172.16.128.0/19<br />
172.16.8.0 255.255.255.128; Answer: 172.16.8.0/25<br />
172.16.160.0 255.255.254.0; Answer: 172.16.160.0/23<br />
172.16.80.0 255.255.240.0; Answer: 172.16.80.0/20<br />
172.16.240.0 255.255.248.0; Answer: 172.16.240.0/21<br />
172.16.39.0 255.255.255.0; Answer: 172.16.39.0/24<br />
172.16.224.0 255.255.255.224; Answer: 172.16.224.0/27<br />
172.16.45.24 255.255.255.248; Answer: 172.16.45.24/29<br />
172.16.16.16 255.255.255.240; Answer: 172.16.16.16/28<br />
172.16.200.192 255.255.255.192; Answer: 172.16.200.192/26<br />
10.0.0.0 255.254.0.0; Answer: 10.0.0.0/15<br />
10.5.160.32 255.255.255.224; Answer: 10.0.160.32/27<br />
10.96.128.0 255.255.224.0; Answer: 10.96.128.0/19<br />
10.64.48.0 255.255.255.240; Answer: 10.64.48.0/28<br />
10.52.0.0 255.252.0.0; Answer: 10.52.0.0/14<br />
Prefix Length to Dotted-Decimal Conversion<br />
Convert the following subnets <strong>and</strong> subnet masks shown in prefix length format into the equivalent dotteddecimal<br />
format.<br />
Example:<br />
172.16.0.0/16; Answer: 172.16.0.0 255.255.0.0<br />
192.168.2.240/29; Answer: 192.168.2.240 255.255.255.248<br />
192.168.2.32/28; Answer: 192.168.2.32 255.255.255.240<br />
Chapter 1: Introduction to Classless Routing 7
8 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
192.168.2.0/25; Answer: 192.168.2.0 255.255.255.128<br />
192.168.2.240/30; Answer: 192.168.2.240 255.255.255.252<br />
192.168.2.192/26; Answer: 192.168.2.192 255.255.255.192<br />
172.20.34.0/25; Answer: 172.20.34.0 255.255.255.128<br />
172.20.64.0/18; Answer: 172.20.64.0 255.255.192.0<br />
172.20.224.0/20; Answer: 172.20.224.0 255.255.240.0<br />
172.20.16.0/23; Answer: 172.20.16.0 255.255.254.0<br />
172.20.180.0/28; Answer: 172.20.180.0 255.255.255.240<br />
172.20.36.0/22; Answer: 172.20.36.0 255.255.252.0<br />
172.20.0.0/19; Answer: 172.20.0.0 255.255.224.0<br />
172.20.128.0/17; Answer: 172.20.0.0 255.255.128.0<br />
172.20.144.0/21; Answer: 172.20.144.0 255.255.248.0<br />
172.20.96.96/27; Answer: 172.20.96.96 255.255.255.224<br />
10.0.0.0/17; Answer: 10.0.0.0 255.255.128.0<br />
10.0.154.32/28; Answer: 10.0.154.32 255.255.255.240<br />
10.224.0.0/13; Answer: 10.72.224.0 255.248.0.0<br />
10.32.0.0/22; Answer: 10.32.0.0 255.255.252.0<br />
10.10.0.0/24; Answer: 10.10.0.0 255.255.255.0<br />
Using Binary Math to AND the Subnet Address<br />
Underst<strong>and</strong>ing how a router determines the network or subnet address for a given IP address is a fundamental<br />
skill to implementing VLSM <strong>and</strong> interpreting routing tables.<br />
In the following exercises, use binary math to “AND” the host IP address <strong>and</strong> subnet mask to determine<br />
the subnet address. After completing the binary math, write the subnet address in dotted-decimal format.<br />
In binary math, the AND operation is as follows:<br />
1 AND 1 = 1; all other possibilities equal 0<br />
Example:<br />
192.168.1.67/28<br />
IP address 11000000.10101000.00000001.01000011<br />
Subnet mask 11111111.11111111.11111111.11110000<br />
Subnet address 11000000.10101000.00000001.01000000<br />
Dotted-decimal 192.168.1.64<br />
1. 192.168.18.237/27<br />
IP address 11000000.10101000.00010010.11101101<br />
Subnet mask 11111111.11111111.11111111.11100000<br />
Subnet address 11000000.10101000.00010010.11100000<br />
Dotted-decimal 192.168.18.224
2. 192.168.35.142/29<br />
IP address 11000000.10101000.00100011.10001110<br />
Subnet mask 11111111.11111111.11111111.11111000<br />
Subnet address 11000000.10101000.00100011.10000000<br />
Dotted-decimal 192.168.35.128<br />
3. 172.28.23.54/21<br />
IP address 10101100.00011100.00010111.00110110<br />
Subnet mask 11111111.11111111.11111000.00000000<br />
Subnet address 10101100.00011100.00010000.00000000<br />
Dotted-decimal 172.28.16.0<br />
4. 172.31.32.69/25<br />
IP address 10101100.00011111.00100000.01000101<br />
Subnet mask 11111111.11111111.11111111.10000000<br />
Subnet address 10101100.00011111.00100000.00000000<br />
Dotted-decimal 172.31.32.0<br />
5. 10.64.150.197/18<br />
IP address 00001010.01000000.10010110.11000101<br />
Subnet mask 11111111.11111111.11000000.00000000<br />
Subnet address 00001010.01000000.10000000.00000000<br />
Dotted-decimal 10.64.128.0<br />
VLSM Subnetting a Subnet Exercises<br />
Note: Now is a good time to complete Curriculum Lab 1-1: Calculating VLSM Subnets (1.1.4), which walks you<br />
through a VLSM addressing scenario.<br />
VLSM is simply “subnetting a subnet.” In the following exercises, use your subnetting skills to further<br />
subnet a given subnet. If it helps you, draw a topology that represents the requirement you are given.<br />
Example:<br />
Chapter 1: Introduction to Classless Routing 9<br />
Use the subnet 192.168.1.64/27 <strong>and</strong> further subnet this address to provide four additional subnets with at<br />
least six hosts per subnet. List all four subnets in network address/prefix format.<br />
Step 1. Determine how many host bits you have available in the given subnet. For subnet<br />
192.168.1.64/27, you have a total of 5 host bits.<br />
Step 2. Determine how many host bits you can borrow to make an additional four subnets with at least<br />
six hosts per subnet. Borrowing an additional 2 bits will make four subnets (2 2 = 4). Because<br />
there are 3 host bits left after borrowing, each subnet will have exactly six host addresses<br />
(2 3 <strong>–</strong> 2 = 6).<br />
Step 3. Determine the new prefix <strong>and</strong> list the new subnets. Because you borrowed 2 bits, the new<br />
prefix is /29. You start with the first address 192.168.1.64 <strong>and</strong> list the four subnets.
10 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Subnet No. Network Address/Prefix<br />
0 192.168.1.64/29<br />
1 192.168.1.72/29<br />
2 192.168.1.80/29<br />
3 192.168.1.88/29<br />
1. Use the subnet 192.168.1.128/25 <strong>and</strong> further subnet this address to provide eight additional subnets<br />
with at least ten hosts per subnet. List the first five subnets in network address/prefix format. What<br />
would be the last subnet?<br />
192.168.1.240/28<br />
Subnet No. Network Address/Prefix<br />
0 192.168.1.128/28<br />
1 192.168.1.144/28<br />
2 192.168.1.160/28<br />
3 192.168.1.176/28<br />
4 192.168.1.192/28<br />
2. Use the subnet 172.16.32.0/19 <strong>and</strong> further subnet this address to provide eight additional subnets with<br />
at least 1000 hosts per subnet. List the first five subnets in network address/prefix format. What would<br />
be the last subnet?<br />
172.16.60/22<br />
Subnet No. Network Address/Prefix<br />
0 172.16.32.0/22<br />
1 172.16.36.0/22<br />
2 172.16.40.0/22<br />
3 172.16.44.0/22<br />
4 172.16.48.0/22<br />
3. Use subnet 2 from the last question <strong>and</strong> further subnet this address to provide eight additional subnets<br />
with at least 100 hosts per subnet. List the first five subnets in network address/prefix format. What<br />
would be the last subnet?<br />
172.16.43.128/25<br />
Subnet No. Network Address/Prefix<br />
0 172.16.40.0/25<br />
1 172.16.40.128/25<br />
2 172.16.41.0/25<br />
3 172.16.41.128/25<br />
4 172.16.42.0/25
4. Use subnet 4 from the last question <strong>and</strong> further subnet this address to provide eight additional subnets<br />
with at least ten hosts per subnet. List the first five subnets in network address/prefix format. What<br />
would be the last subnet?<br />
172.16.42.112/28<br />
Subnet No. Network Address/Prefix<br />
0 172.16.42.0/28<br />
1 172.16.42.16/28<br />
2 172.16.42.32/28<br />
3 172.16.42.48/28<br />
4 172.16.42.64/28<br />
5. Use subnet 0 from the last question <strong>and</strong> further subnet this address to provide four additional subnets<br />
to be used for point-to-point links. List all four subnets in network address/prefix format.<br />
Subnet No. Network Address/Prefix<br />
0 172.16.42.0/30<br />
1 172.16.42.4/30<br />
2 172.16.42.8/30<br />
3 172.16.42.12/30<br />
6. Use the subnet 10.1.0.0/16 <strong>and</strong> further subnet this address to provide 30 additional subnets with at<br />
least 2000 hosts per subnet. List the first five subnets in network address/prefix format. What would<br />
be the last subnet?<br />
10.1.248.0/21<br />
Subnet No. Network Address/Prefix<br />
0 10.1.0.0/21<br />
1 10.1.8.0/21<br />
2 10.1.16.0/21<br />
3 10.1.24.0/21<br />
4 10.1.32.0/21<br />
Chapter 1: Introduction to Classless Routing 11
12 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
7. Use subnet 4 from the last question <strong>and</strong> further subnet this address to provide 30 additional subnets<br />
with at least 60 hosts per subnet. List the first five subnets in network address/prefix format. What<br />
would be the last subnet?<br />
10.1.39.192.0/26<br />
Subnet No. Network Address/Prefix<br />
0 10.1.32.0/26<br />
1 10.1.32.64/26<br />
2 10.1.32.128/26<br />
3 10.1.32.192/26<br />
4 10.1.33.0/26<br />
8. Use subnet 1 from the last question <strong>and</strong> further subnet this address to provide 16 additional subnets to<br />
be used for point-to-point links. List the first 5 subnets in network address/prefix format. What would<br />
be the last subnet?<br />
10.1.32.124/30<br />
Subnet No. Network Address/Prefix<br />
0 10.1.32.64/30<br />
1 10.1.32.68/30<br />
2 10.1.32.72/30<br />
3 10.1.32.76/30<br />
4 10.1.32.80/30<br />
VLSM Addressing Design Exercises<br />
In the following VLSM Addressing Design Exercises, you apply your VLSM addressing skills to a three<br />
router topology. Each exercise is progressively more difficult than the last. There may be more than one<br />
correct answer in some situations. However, you should always practice good addressing design by assigning<br />
your subnets contiguously. This allows the summary of a group of subnets into one aggregate route,<br />
thus decreasing the size of routing tables.<br />
VLSM Addressing Design Exercise 1<br />
Assume that 4 bits were borrowed from the host portion of 192.168.1.0/24. You are not using VLSM.<br />
Starting with subnet 0, label Figure 1-1 contiguously with subnets. Start with the LAN on RTA <strong>and</strong> proceed<br />
clockwise.
Figure 1-1 Addressing Design Exercise 1 Topology: Subnets<br />
Address Space<br />
192.168.1.0/24<br />
192.168.1.64/28<br />
192.168.1.80/28<br />
192.168.1.0/28<br />
RTA<br />
RTC RTB<br />
192.168.1.48/28<br />
How many total valid host addresses will be wasted on the WAN links?<br />
You assigned 3 WAN subnets with 14 hosts each. Two hosts are used. Therefore, 12 hosts × 3 WAN subnets<br />
= 36 wasted host addresses.<br />
Now, come up with a better addressing scheme using VLSM. Start with the same 4 bits borrowed from the<br />
host portion of 192.168.1.0/24. Label each of the LANs with a subnet. Then, subnet the next available subnet<br />
to provide WAN subnets without wasting any host addresses. Label Figure 1-2 with the subnets.<br />
Figure 1-2 Addressing Design Exercise 1 Topology: VLSM Subnets<br />
Address Space<br />
192.168.1.0/24<br />
192.168.1.32/28<br />
192.168.1.56/30<br />
192.168.1.0/28<br />
RTA<br />
Chapter 1: Introduction to Classless Routing 13<br />
192.168.1.16/28<br />
192.168.1.48/30<br />
RTC RTB<br />
192.168.1.52/30<br />
192.168.1.32/28<br />
192.168.1.16/28
14 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
List the address space that is still available for future expansion.<br />
For the solution shown in Figure 1-2, address space still available is .60/30; .64/26; .128/25.<br />
The topology shown in Figure 1-3 has LAN subnets already assigned out of the 192.168.1.0/24 address<br />
space. Using VLSM, create <strong>and</strong> label the WANs with subnets from the remaining address space.<br />
Figure 1-3 Addressing Design Exercise 1 Topology: WAN Subnets<br />
Address Space<br />
192.168.1.0/24<br />
192.168.1.128/27<br />
List the address space that is still available for future expansion.<br />
Answers may vary. In the answer shown in Figure 1-3, the available address space is .172/30; .176/28;<br />
.192/26.<br />
VLSM Addressing Design Exercise 2<br />
192.168.1.0/26<br />
RTA<br />
192.168.1.168/30 192.168.1.160/30<br />
RTC RTB<br />
192.168.1.164/30<br />
Your address space is 192.168.1.192/26. Each LAN needs to support ten hosts. Use VLSM to create a contiguous<br />
IP addressing scheme. Label Figure 1-4 with your addressing scheme. Don’t forget the WAN links.<br />
Figure 1-4 Addressing Design Exercise 2 Topology<br />
Address Space<br />
192.168.1.192/26<br />
192.168.1.224/28<br />
192.168.1.248/30<br />
192.168.1.192/28<br />
RTA<br />
192.168.240./30<br />
RTC RTB<br />
192.168.1.244/30<br />
192.168.1.64/26<br />
192.168.1.208/28
List the address space that is still available for future expansion.<br />
There is only one subnet left: .252/30.<br />
VLSM Addressing Design Exercise 3<br />
Your address space is 192.168.6.0/23. The number of hosts needed for each LAN is shown in Figure 1-5.<br />
Use VLSM to create a contiguous IP addressing scheme. Label Figure 1-5 with your addressing scheme.<br />
Don’t forget the WAN links.<br />
Figure 1-5 Addressing Design Exercise 3 Topology<br />
Address Space<br />
192.168.6.0/23<br />
192.168.7.64/27<br />
30 Hosts<br />
192.168.7.104/30<br />
List the address space that is still available for future expansion.<br />
For the solution shown in Figure 1-5, the address space still available is .7.108/30; .7.112/28; .7.128/25.<br />
VLSM Addressing Design Exercise 4<br />
192.168.6.0/24<br />
150 Hosts<br />
RTA<br />
RTC RTB<br />
192.168.7.100/30<br />
Chapter 1: Introduction to Classless Routing 15<br />
192.168.7.96/30<br />
192.168.7.0/26<br />
60 Hosts<br />
Your address space is 10.10.96.0/21. The number of hosts needed for each LAN is shown in Figure 1-6.<br />
Use VLSM to create a contiguous IP addressing scheme. Label Figure 1-6 with your addressing scheme.<br />
Don’t forget the WAN links.
16 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Figure 1-6 Addressing Design Exercise 4 Topology<br />
Address Space<br />
10.10.96.0/21<br />
10.10.102.0/24<br />
250 Hosts<br />
10.10.103.248/30<br />
List the address space that is still available for future expansion.<br />
For the solution shown in Figure 1-6, the address space still available is .103.252/30; .103.224/28;<br />
.103.192/27; .103.128/26; .103.0/25.<br />
VLSM Addressing Design Scenarios<br />
The following VLSM Addressing Design Scenarios will build upon your addressing design skills. In these<br />
scenarios, you will fully document your network design, including IP addresses for interfaces <strong>and</strong> hosts.<br />
Instructor Note: Once students have successfully completed a scenario, have them test it out on real routers or a simulator<br />
such as Packet Tracer.<br />
VLSM Addressing Design Scenario 1<br />
Complete Addressing Design Scenario 1 using the following list of requirements:<br />
■ Address space: 192.168.1.0/25.<br />
10.10.96.0/22<br />
1,000 Hosts<br />
RTA<br />
RTC RTB<br />
10.10.103.244/30<br />
■ RTA LAN, 60 hosts; RTB LAN, 30 hosts; RTC LAN, 10 hosts.<br />
■ Using good VLSM design practices, contiguously assign subnets to the topology shown in Figure 1-7.<br />
■ Fill in the table with all necessary IP address configuration information for all devices. Use dotteddecimal<br />
format for the subnet mask.<br />
■ List the address space that is still available for future expansion.<br />
10.10.103.240/30<br />
10.10.100.0/23<br />
500 Hosts
Figure 1-7 Addressing Design Scenario 1 Topology<br />
For the solution shown in Figure 1-7, the address space still available is .124/30.<br />
Because the given address space is /25, there is no more available space except for the one leftover WAN<br />
subnet.<br />
Device Interface IP Address Subnet Mask Default Gateway<br />
RTA Fa0/0 192.168.1.1 255.255.255.192<br />
S0/1 192.168.1.113 255.255.255.252<br />
S0/0 192.168.1.121 255.255.255.252<br />
RTB Fa0/0 192.168.1.65 255.255.255.224<br />
S0/1 192.168.1.114 255.255.255.252<br />
S0/0 192.168.1.117 255.255.255.252<br />
RTC Fa0/0 192.168.1.97 255.255.255.240<br />
S0/1 192.168.1.118 255.255.255.252<br />
S0/0 192.168.1.122 255.255.255.252<br />
Host A 192.168.1.2 255.255.255.192 192.168.1.1<br />
Host B 192.168.1.66 255.255.255.224 192.168.1.65<br />
Host C 192.168.1.98 255.255.255.240 192.168.1.97<br />
VLSM Addressing Design Scenario 2<br />
Complete Addressing Design Scenario 2 using the following list of requirements:<br />
■ Address space: 192.168.18.0/23.<br />
Fa0/0<br />
RTA<br />
Fa0/0 Fa0/0<br />
RTC<br />
S0/1<br />
S0/0<br />
DCE<br />
RTB<br />
192.168.1.116/30<br />
■ RTA LAN, 250 hosts; RTB LAN, 100 hosts; RTC LAN, 60 hosts.<br />
S0/0<br />
Chapter 1: Introduction to Classless Routing 17<br />
60 Hosts<br />
■ Using good VLSM design practices, contiguously assign subnets to the topology shown in Figure 1-8.<br />
S0/1<br />
DCE<br />
S0/0<br />
C DCE<br />
S0/1<br />
B<br />
10 Hosts<br />
Address Space<br />
192.168.1.0/25<br />
192.168.1.96/28<br />
192.168.1.120/30<br />
192.168.1.0/26<br />
A<br />
192.168.1.112/30<br />
192.168.1.64/27<br />
30 Hosts
18 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
■ Fill in the table with all necessary IP address configuration information for all devices. Use dotteddecimal<br />
format for the subnet mask.<br />
■ List the address space that is still available for future expansion.<br />
Figure 1-8 Addressing Design Scenario 2 Topology<br />
Fa0/0 Fa0/0<br />
RTC<br />
S0/1<br />
S0/0<br />
DCE<br />
RTB<br />
192.168.19.196/30<br />
For the solution shown in Figure 1-8, the address space still available is .19.204/30; .19.208/28;<br />
.19.224/27.<br />
Device Interface IP Address Subnet Mask Default Gateway<br />
RTA Fa0/0 192.168.18.1 255.255.255.0<br />
S0/1 192.168.19.193 255.255.255.252<br />
S0/0 192.168.19.201 255.255.255.252<br />
RTB Fa0/0 192.168.19.1 255.255.255.128<br />
S0/1 192.168.19.194 255.255.255.252<br />
S0/0 192.168.19.197 255.255.255.252<br />
RTC Fa0/0 192.168.19.129 255.255.255.192<br />
S0/0<br />
S0/1 192.168.19.198 255.255.255.252<br />
S0/0 192.168.19.202 255.255.255.252<br />
Host A 192.168.18.2 255.255.255.0 192.168.18.1<br />
Host B 192.168.19.2 255.255.255.128 192.168.19.1<br />
Fa0/0<br />
Host C 192.168.19.130 255.255.255.192 192.168.19.129<br />
RTA<br />
250 Hosts<br />
S0/1<br />
DCE<br />
C<br />
S0/0<br />
DCE<br />
S0/1<br />
B<br />
60 Hosts<br />
Address Space<br />
192.168.18.0/23<br />
192.168.19.128/26<br />
192.168.19.200/30<br />
192.168.18.0/24<br />
A<br />
192.168.19.192/30<br />
192.168.19.0/25<br />
100 Hosts
VLSM Addressing Design Scenario 3<br />
Complete Addressing Design Scenario 3 using the following list of requirements:<br />
■ Address space: 172.16.0.0/22.<br />
■ RTA LAN, 500 hosts; RTB LAN, 250 hosts; RTC LAN, 100 hosts.<br />
■ Using good VLSM design practices, contiguously assign subnets to the topology shown in Figure 1-9.<br />
■ Fill in the table with all necessary IP address configuration information for all devices. Use dotteddecimal<br />
format for the subnet mask.<br />
■ List the address space that is still available for future expansion.<br />
Figure 1-9 Addressing Design Scenario 3 Topology<br />
Fa0/0 Fa0/0<br />
RTC<br />
S0/1<br />
S0/0<br />
DCE<br />
RTB<br />
172.16.3.132/30<br />
For the solution shown in Figure 1-9, the address space still available is .3.140/30; .3.144/28; .3.160/27;<br />
.3.192/27.<br />
Device Interface IP Address Subnet Mask Default Gateway<br />
RTA Fa0/0 172.16.0.1 255.255.254.0<br />
S0/1 172.16.3.129 255.255.255.252<br />
S0/0 172.16.3.137 255.255.255.252<br />
RTB Fa0/0 172.16.2.1 255.255.255.0<br />
S0/1 172.16.3.130 255.255.255.252<br />
S0/0 172.16.3.133 255.255.255.252<br />
RTC Fa0/0 172.16.3.1 255.255.255.128<br />
S0/1 172.16.3.134 255.255.255.252<br />
S0/0 172.16.3.138 255.255.255.252<br />
Chapter 1: Introduction to Classless Routing 19<br />
Host A 172.16.0.2 255.255.254.0 172.16.0.1<br />
Host B 172.16.2.2 255.255.255.0 172.16.2.1<br />
Host C 172.16.3.2 255.255.255.128 172.16.3.1<br />
S0/0<br />
Fa0/0<br />
RTA<br />
500 Hosts<br />
S0/1<br />
DCE<br />
S0/0<br />
C DCE<br />
S0/1<br />
B<br />
100 Hosts<br />
Address Space<br />
172.16.0.0/22<br />
172.16.3.0/25<br />
172.16.3.136/30<br />
172.16.0.0/23<br />
A<br />
172.16.3.128/30<br />
172.16.2.0/24<br />
250 Hosts
20 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
VLSM Addressing Design Scenario 4<br />
Complete Addressing Design Scenario 4 using the following list of requirements:<br />
■ Address space: 172.24.0.0/21.<br />
■ RTA LAN, 1000 hosts; RTB LAN, 500 hosts; RTC LAN, 250 hosts.<br />
■ Using good VLSM design practices, contiguously assign subnets to the topology shown in<br />
Figure 1-10.<br />
■ Fill in the table with all necessary IP address configuration information for all devices. Use dotteddecimal<br />
format for the subnet mask.<br />
■ List the address space that is still available for future expansion.<br />
Figure 1-10 Addressing Design Scenario 4 Topology<br />
Fa0/0 Fa0/0<br />
RTC<br />
S0/1<br />
S0/0<br />
DCE<br />
RTB<br />
172.24.7.4/30<br />
For the solution shown in Figure 1-10, the address space still available is .7.12/30; .7.16/28; .7.32/27;<br />
.7.64/26; .7.128/25.<br />
Device Interface IP Address Subnet Mask Default Gateway<br />
RTA Fa0/0 172.24.0.1 255.255.252.0<br />
S0/1 172.24.7.1 255.255.255.252<br />
S0/0 172.24.7.9 255.255.255.252<br />
RTB Fa0/0 172.24.4.1 255.255.254.0<br />
S0/1 172.24.7.2 255.255.255.252<br />
S0/0 172.24.7.5 255.255.255.252<br />
RTC Fa0/0 172.24.6.1 255.255.255.0<br />
S0/0<br />
S0/1 172.24.7.6 255.255.255.252<br />
S0/0 172.24.7.10 255.255.255.252<br />
Host A 172.24.0.2 255.255.252.0 172.24.0.1<br />
Fa0/0<br />
RTA<br />
1,000 Hosts<br />
S0/1<br />
DCE<br />
S0/0<br />
C DCE<br />
S0/1<br />
B<br />
250 Hosts<br />
Address Space<br />
172.24.0.0/21<br />
172.24.0.0/22<br />
A<br />
172.24.7.8/30 172.24.7.0/30<br />
172.24.6.0/24 172.24.4.0/23<br />
500 Hosts
Device Interface IP Address Subnet Mask Default Gateway<br />
Host B 172.24.4.2 255.255.254.0 172.24.4.1<br />
Host C 172.24.6.2 255.255.255.0 172.24.6.1<br />
VLSM Addressing Design Scenario 5<br />
Complete Addressing Design Scenario 5 using the following list of requirements:<br />
■ Address space: 10.8.64.0/18.<br />
■ RTA LAN, 6000 hosts; RTB LAN, 3000 hosts; RTC LAN, 1000 hosts.<br />
■ Using good VLSM design practices, contiguously assign subnets to the topology shown in Figure 1-11.<br />
■ Fill in the table with all necessary IP address configuration information for all devices. Use dotteddecimal<br />
format for the subnet mask.<br />
■ List the address space that is still available for future expansion.<br />
Figure 1-11 Addressing Design Scenario 5 Topology<br />
Fa0/0<br />
Fa0/0 Fa0/0<br />
RTC<br />
S0/1<br />
S0/0 RTB<br />
10.8.116.4/30<br />
DCE<br />
For the solution shown in Figure 1-11, the address space still available is 116.12/30; .116.16/28;<br />
.116.32/27; .116.64/26; .116.128/25; .117.0/24; .118.0/23; .120.0/21.<br />
RTA<br />
Device Interface IP Address Subnet Mask Default Gateway<br />
RTA Fa0/0 10.8.64.1 255.255.224.0<br />
S0/1 10.8.116.1 255.255.255.252<br />
S0/0 10.8.116.9 255.255.255.252<br />
RTB Fa0/0 10.8.96.1 255.255.240.0<br />
S0/0<br />
S0/1 10.8.116.2 255.255.255.252<br />
S0/0 10.8.116.5 255.255.255.252<br />
Chapter 1: Introduction to Classless Routing 21<br />
6,000 Hosts<br />
S0/1<br />
DCE<br />
S0/0<br />
C DCE<br />
S0/1<br />
B<br />
1,000 Hosts<br />
Address Space<br />
10.8.64.0/18<br />
10.8.116.8/30<br />
10.8.64.0/19<br />
A<br />
10.8.116.0/30<br />
10.8.112.0/22 10.8.96.0/20<br />
3,000 Hosts
22 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Device Interface IP Address Subnet Mask Default Gateway<br />
RTC Fa0/0 10.8.112.1 255.255.252.0<br />
S0/1 10.8.116.6 255.255.255.252<br />
S0/0 10.8.116.10 255.255.255.252<br />
Host A 10.8.64.2 255.255.224.0 10.8.64.1<br />
Host B 10.8.96.2 255.255.240.0 10.8.96.1<br />
Host C 10.8.112.2 255.255.252.0 10.8.112.1<br />
VLSM Addressing Design Scenario 6<br />
Complete Addressing Design Scenario 6 using the following list of requirements:<br />
■ Address space: 10.0.0.0/15.<br />
■ RTA LAN, 65,000 hosts; RTB LAN, 30,000 hosts; RTC LAN, 8000 hosts.<br />
■ Using good VLSM design practices, contiguously assign subnets to the topology shown in Figure 1-12.<br />
■ Fill in the table with all necessary IP address configuration information for all devices. Use dotteddecimal<br />
format for the subnet mask.<br />
■ List the address space that is still available for future expansion.<br />
Figure 1-12 Addressing Design Scenario 6 Topology<br />
S0/0<br />
Fa0/0<br />
RTA<br />
65,000 Hosts<br />
S0/1<br />
DCE<br />
S0/0<br />
C DCE<br />
S0/1<br />
B<br />
8,000 Hosts<br />
Address Space<br />
10.0.0.0/15<br />
10.1.128.0/19<br />
10.1.160.8/30<br />
10.0.0.0/16<br />
A<br />
10.1.160.0/30<br />
Fa0/0 Fa0/0<br />
RTC<br />
S0/1<br />
S0/0<br />
DCE<br />
RTB<br />
10.1.160.4/30<br />
10.1.0.0/17<br />
30,000 Hosts
For the solution shown in Figure 1-12, the address space still available is 10.1.160.12/30; 10.1.160.16/28;<br />
10.1.160.32/27; 10.1.160.64/26; 10.1.160.128/25; 10.1.161.0/24; 10.1.162.0/23; 10.1.164.0/22;<br />
10.1.168.0/21; 10.1.176.0/20; 10.1.192.0/18.<br />
Device Interface IP Address Subnet Mask Default Gateway<br />
RTA Fa0/0 10.0.0.1 255.255.0.0<br />
S0/1 10.1.160.1 255.255.255.252<br />
S0/0 10.1.160.9 255.255.255.252<br />
RTB Fa0/0 10.1.0.1 255.255.128.0<br />
S0/1 10.1.160.2 255.255.255.252<br />
S0/0 10.1.160.5 255.255.255.252<br />
RTC Fa0/0 10.1.128.1 255.255.224.0<br />
S0/1 10.1.160.6 255.255.255.252<br />
S0/0 10.1.160.10 255.255.255.252<br />
Host A 10.0.0.2 255.255.0.0 10.0.0.1<br />
Host B 10.1.0.2 255.255.128.0 10.1.0.1<br />
Host C 10.1.128.2 255.255.224.0 10.1.128.1<br />
Summary Route Exercises<br />
Use the following exercises to practice determining the summary route for a collection of subnets.<br />
The following is an example with the answer:<br />
Referring to Figure 1-13, what summary route would R1 send to BBR (Backbone Router) for the four networks?<br />
Write your answer in the space provided.<br />
Figure 1-13 Summary Route Example<br />
192.168.1.0/27<br />
192.168.1.32/27<br />
192.168.1.64/27<br />
192.168.1.96/27<br />
Chapter 1: Introduction to Classless Routing 23<br />
R1 BBR<br />
Summary Route<br />
192.168.1.0/25
24 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Step 1. Find the number of highest-order bits that match in all the addresses, convert the addresses to<br />
binary format, <strong>and</strong> align them in a list.<br />
To make sure that you are including the entire address range from the lowest to the highest network<br />
address, find the lowest IP address, which is the network address 192.168.1.0 in the<br />
example. Then, find the highest IP address, which is 192.168.1.127, or the last address in the<br />
highest network, 192.168.1.96.<br />
Write the lowest <strong>and</strong> highest IP addresses in binary:<br />
192.168.1.0: 11000000.10101000.00000001.00000000<br />
192.168.1.127: 11000000.10101000.00000001.01111111<br />
Step 2. Locate where the common pattern of digits ends. The common bits are shaded in the following<br />
example.<br />
First IP 192.168.1.0 11000000.10101000.00000001.00000000<br />
Last IP 192.168.1.127 11000000.10101000.00000001.01111111<br />
Step 3. Count the number of common bits. This number is the prefix length of the summary route. It is<br />
represented at the end of the first IP address in the block <strong>and</strong> preceded by a slash.<br />
In this example, counting from left to right, you have 25 common bits. Your first address in the<br />
address block is 192.168.1.0. Therefore, your summary route is 192.168.1.0/25.<br />
Summary Route Exercise 1<br />
Referring to Figure 1-14, what summary route would R1 send to BBR for the four networks? Write your<br />
answer in the space provided.<br />
Figure 1-14 Summary Route Exercise 1<br />
192.168.1.0/25<br />
192.168.1.128/26<br />
192.168.1.192/27<br />
192.168.1.224/27<br />
R1 BBR<br />
Summary Route<br />
192.168.1.0/24
First IP 192.168.1.0 11000000.10101000.00000001.00000000<br />
Last IP 192.168.1.255 11000000.10101000.00000001.11111111<br />
Summary route 192.168.1.0/24<br />
Summary Route Exercise 2<br />
Referring to Figure 1-15, what summary route would R1 send to BBR for the four networks? Write your<br />
answer in the space provided.<br />
Figure 1-15 Summary Route Exercise 2<br />
192.168.4.0/24<br />
192.168.5.0/24<br />
192.168.6.0/24<br />
192.168.7.0/24<br />
First IP 192.168.4.0 11000000.10101000.00000100.00000000<br />
Last IP 192.168.7.255 11000000.10101000.00000111.11111111<br />
Summary route 192.168.4.0/22<br />
Summary Route Exercise 3<br />
Chapter 1: Introduction to Classless Routing 25<br />
R1 BBR<br />
Summary Route<br />
192.168.4.0/22<br />
Referring to Figure 1-16, what summary route would R1 send to BBR for the four networks? Write your<br />
answer in the space provided.
26 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Figure 1-16 Summary Route Exercise 3<br />
192.168.64.0/21<br />
192.168.72.0/21<br />
192.168.80.0/21<br />
192.168.88.0/21<br />
First IP 192.168.64.0 11000000.10101000.01000000.00000000<br />
Last IP 192.168.95.255 11000000.10101000.01011111.11111111<br />
Summary route 192.168.64.0/19<br />
Summary Route Exercise 4<br />
R1 BBR<br />
Summary Route<br />
192.168.64.0/19<br />
Referring to Figure 1-17, what summary route would R1 send to BBR for the four networks? Write your<br />
answer in the space provided.
Figure 1-17 Summary Route Exercise 4<br />
172.16.0.0/14<br />
172.20.0.0/14<br />
172.24.0.0/14<br />
172.28.0.0/14<br />
First IP 172.16.0.0 10101100.00010000.00000000.00000000<br />
Last IP 172.31.255.255 10101100.00011111.11111111.11111111<br />
Summary route 172.16.0.0/12<br />
Your students may be interested to know that the summary route 172.16.0.0/12 is also the entire range of<br />
Class B private IP addresses as defined by RFC 1918.<br />
Summary Route Exercise 5<br />
Chapter 1: Introduction to Classless Routing 27<br />
R1 BBR<br />
Summary Route<br />
172.16.0.0/12<br />
Referring to Figure 1-18, what summary route would R1 send to BBR for the four networks? Write your<br />
answer in the space provided.
28 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Figure 1-18 Summary Route Exercise 5<br />
172.16.0.0/17<br />
172.16.128.0/17<br />
172.17.0.0/16<br />
172.18.0.0/15<br />
First IP 172.16.0.0 10101100.00010000.00000000.00000000<br />
Last IP 172.19.255.255 10101100.00010011.11111111.11111111<br />
Summary route 172.16.0.0/14<br />
Summary Route Exercise 6<br />
R1 BBR<br />
Summary Route<br />
172.16.0.0/14<br />
Referring to Figure 1-19, what summary route would R1 send to BBR for the four networks? Write your<br />
answer in the space provided.
Figure 1-19 Summary Route Exercise 6<br />
10.10.0.0/21<br />
10.10.8.0/21<br />
10.10.16.0/21<br />
10.10.24.0/21<br />
First IP 10.10.0.0 00001010.00001010.00000000.00000000<br />
Last IP 10.10.31.255 00001010.00001010.00011111.11111111<br />
Summary route 10.10.0.0/19<br />
Summary Route Exercise 7<br />
Referring to Figure 1-20, what summary route would R1 send to BBR for the four networks? Write your<br />
answer in the space provided.<br />
Figure 1-20 Summary Route Exercise 7<br />
10.0.0.0/16<br />
10.1.0.0/16<br />
10.2.0.0/15<br />
10.4.0.0/14<br />
Chapter 1: Introduction to Classless Routing 29<br />
R1 BBR<br />
Summary Route<br />
10.10.0.0/19<br />
R1 BBR<br />
Summary Route<br />
10.0.0.0/13
30 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
First IP 10.0.0.0 00001010.00000000.00000000.00000000<br />
Last IP 10.7.255.255 00001010.00000111.11111111.11111111<br />
Summary route 10.0.0.0/13<br />
Default <strong>and</strong> Static Routing Scenario<br />
In Figure 1-21, both static <strong>and</strong> default routing are used between RTA <strong>and</strong> ISP to route traffic. First, determine<br />
the summary route that would summarize all of the subnets from the 10.0.0.0 address space. Then,<br />
record the comm<strong>and</strong>s that would be configured on RTA <strong>and</strong> ISP to provide full connectivity. (Hint: RTA<br />
will use a default route <strong>and</strong> ISP will use a static route.)<br />
Figure 1-21 Default <strong>and</strong> Static Routing Scenario<br />
10.10.1.224/28<br />
To find the summary route, find the common bits shared by the first <strong>and</strong> last addresses in the address<br />
space.<br />
First IP 10.10.1.128 00001010.00001010.00000001.10000000<br />
Last IP 10.10.1.255 00001010.00001010.00000001.11111111<br />
Summary route 10.10.1.128/25<br />
10.10.1.128/26<br />
RTA<br />
RTC 10.10.1.244/30<br />
RTB<br />
Now configure ISP with a static route pointing to the summary of the address space:<br />
ISP(config)#ip route 10.10.1.128 255.255.255.128 209.165.201.2<br />
S1/0<br />
209.165.201.2/30<br />
10.10.1.248/30 10.10.1.240/30<br />
RTA will use a default route to ISP because ISP provides connectivity to destinations outside the<br />
10.10.1.128/25 address space:<br />
RTA(config)#ip route 0.0.0.0 0.0.0.0 209.165.201.1<br />
209.165.201.1/30<br />
S0/0<br />
DCE<br />
10.10.1.192/27<br />
ISP
Concept Questions<br />
List at least three reasons why you should use VLSM when designing your addressing scheme.<br />
■ More efficient use of IP addresses<br />
■ Greater capability to use route summarization<br />
■ Isolation of topology changes from other routers<br />
Why is VLSM described as “subnetting a subnet”?<br />
From the instructor version of the curriculum:<br />
VLSM is often referred to as “subnetting a subnet” because any network address space—whether a classful<br />
address like 192.168.1.0/24 or a classless address like 192.168.1.32/27—can be further subnetted to<br />
provide another level of logical addressing.<br />
Why was VLSM not used in <strong>CCNA</strong> 1 <strong>and</strong> <strong>CCNA</strong> 2?<br />
From the instructor version of the curriculum:<br />
There are two main reasons why VLSM is not used in <strong>CCNA</strong> 1 <strong>and</strong> <strong>CCNA</strong> 2:<br />
■ Historically, subnetting has proved to be one of the more challenging skills students must master during<br />
the first two <strong>CCNA</strong> courses. Adding the concept of VLSM to this already difficult task is unnecessary,<br />
namely because….<br />
■ <strong>CCNA</strong> 2 only deals with classful routing. Students do not yet implement classless addressing schemes<br />
in their network designs.<br />
What is the difference between CIDR <strong>and</strong> supernetting or router summarization?<br />
From the instructor version of the curriculum:<br />
Classless Interdomain Routing (CIDR) is the mechanism that allows advertising of both supernets <strong>and</strong> subnets<br />
outside of the normal bounds of a classful network number. Supernetting is a representation that<br />
allows masks that are shorter than the natural masks, therefore creating supernets.<br />
From Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 Companion <strong>Guide</strong>, by Wayne Lewis (Cisco<br />
Networking Academy Program):<br />
Although there is no consensus, the term route summarization often applies to summarizing within a classful<br />
boundary; on the other h<strong>and</strong>, CIDR almost always refers to combining several classful networks. With<br />
both CIDR <strong>and</strong> route summarization, the point is to optimize routing. To illustrate the difference between<br />
route summarization <strong>and</strong> CIDR, a network engineer may define a summary route on a Cisco router for a<br />
company’s network, but this has nothing to do with allocating a block of addresses to a customer.<br />
List the two ways a router running a classful routing protocol can calculate the network portion of routes<br />
received in routing updates.<br />
From Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 Companion <strong>Guide</strong>:<br />
■ If the routing update information contains the same major network number as configured on the<br />
receiving interface, the router applies the subnet mask that is configured on the receiving interface.<br />
■ If the routing update information contains a different major network than the one configured on the<br />
receiving interface, the router applies the default classful mask by IP address class.<br />
Explain three ways a router can learn paths to destination networks.<br />
From Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 Companion <strong>Guide</strong>:<br />
Chapter 1: Introduction to Classless Routing 31<br />
■ Static routes are manually defined by the system administrator via an attached interface or the next<br />
hop to a destination. These are useful for security <strong>and</strong> reducing routing traffic.
32 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
■ Default routes are also manually defined by the network engineer as the path to take when no known<br />
route exists to the destination. Default routes are essential to minimizing the size of a routing table.<br />
When an entry for a destination network does not exist in a routing table, the packet is sent via the<br />
route.<br />
■ Dynamic routing is where the router learns of paths to destinations by receiving routing updates from<br />
other routers via a routing protocol such as RIP.<br />
Explain the effect of the comm<strong>and</strong> ip classless on both classful <strong>and</strong> classless routing protocols.<br />
From Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 Companion <strong>Guide</strong>:<br />
The ip classless comm<strong>and</strong> causes a classful routing protocol to evaluate all packets using the longestmatch<br />
criterion. Instead of discarding traffic bound for unknown subnets of a known classful network, a<br />
router tries to match the largest number of bits possible against the route in its routing table.<br />
Note that ip classless has no effect on routers running classless routing protocols, because they already use<br />
the longest-match criterion in making routing decisions.<br />
List the two classful routing protocols <strong>and</strong> explain the most serious limitation of these two protocols.<br />
RIPv1 <strong>and</strong> IGRP are both classful routing protocols. Neither RIPv1 nor IGRP sends subnet mask information<br />
in routing updates. Therefore, subnets must use the same mask <strong>and</strong> must be assigned contiguously.<br />
Not only does this waste address space, but classful routing is not very scalable. Adding a new subnet<br />
between two contiguously addressed subnets will necessitate designing a new addressing scheme.<br />
Which classless routing protocols automatically summarize at the classful boundary? Why do these protocols<br />
operate in a classful manner? What comm<strong>and</strong> will turn off automatic summarization <strong>and</strong> with which<br />
IOS versions must you enter the comm<strong>and</strong>?<br />
By default RIPv2, EIGRP, <strong>and</strong> BGP all summarize at the classful boundary. Automatic summarization<br />
enables RIPv2 <strong>and</strong> EIGRP to be backward compatible with their predecessors, RIPv1 <strong>and</strong> IGRP. In situations<br />
in which you want to manually summarize routes at a different bit boundary or want to be able to<br />
assign subnets discontiguously, turn off automatic summarization with the no auto-summary comm<strong>and</strong>.<br />
With Cisco IOS Release 12.2(8)T, EIGRP <strong>and</strong> BGP have auto-summary disabled by default; prior to<br />
12.2(8)T, EIGRP <strong>and</strong> BGP had auto-summary enabled by default. With RIPv2, auto-summary has<br />
always been <strong>and</strong> remains enabled by default.<br />
VLSM Case <strong>Study</strong><br />
You are the new network administrator for Mom <strong>and</strong> Pop’s Stop & Shop, a multibranch convenience store<br />
corporation. The previous network administrator used the 192.168.1.0/24 private network exclusively to<br />
communicate between branch locations <strong>and</strong> corporate headquarters. The current topology <strong>and</strong> addressing<br />
scheme is shown in Figure 1-22.<br />
Mom <strong>and</strong> Pop’s Stop & Shop plans to add two new locations this year. With the current addressing<br />
scheme, how many subnets are left to provide address space for the new locations? As the new network<br />
administrator, what plan would you have for adding additional address space when needed? What routing<br />
protocol would you use?
Figure 1-22 Mom <strong>and</strong> Pop’s Stop & Shop Network Topology<br />
172.16.7.0/24<br />
192.168.1.192/28<br />
172.16.8.0/24<br />
Store8<br />
Store7 HQ 192.168.1.80/28 Store3<br />
192.168.1.176/28<br />
Store6<br />
172.16.6.0/24<br />
172.16.0.20/30<br />
172.16.0.28/30<br />
172.16.0.24/30<br />
172.16.0.16/30<br />
192.168.1.144/28<br />
172.16.1.0/24<br />
The current addressing scheme only allows for an additional four subnets: 192.168.1.0/28,<br />
192.168.1.208/28, 192.168.1.224/28, <strong>and</strong> 192.168.240/28. This is enough for the current needs. However,<br />
no more subnets will be available for future expansion. In addition, the current design is wasting<br />
12 addresses on each WAN link. A better solution would be to implement VLSM <strong>and</strong> a classless<br />
routing protocol.<br />
Allow students to design their own addressing scheme to reinforce the VLSM concepts learned in this<br />
chapter. This will provide you with several examples to compare <strong>and</strong> contrast. Discuss with the students as<br />
a class the benefits <strong>and</strong> drawbacks of different solutions.<br />
The following is a sample solution using the 172.16.0.0/16 address space:<br />
Chapter 1: Introduction to Classless Routing 33<br />
192.168.1.32/28<br />
Store1<br />
172.16.0.0/30<br />
192.168.1.16/28<br />
192.168.1.112/28<br />
Store5<br />
192.168.1.160/28<br />
172.16.5.0/24<br />
172.16.0.8/30<br />
172.16.0.12/30<br />
172.16.2.0/24<br />
Store2<br />
192.168.1.48/28<br />
172.16.0.4/30<br />
Store4<br />
172.16.4.0/24<br />
192.168.1.64/28<br />
172.16.3.0/24<br />
192.168.1.96/28<br />
192.168.1.128/28<br />
Although the current stores need only a h<strong>and</strong>ful of IP addresses, future needs are always more dem<strong>and</strong>ing.<br />
To provide enough address space for any possible future needs at each store, give each store a /24 subnet.<br />
WAN links will be assigned exclusively from the 172.16.0.0/24 address space. (You just as easily could<br />
have used the last /24 subnet or 172.16.255.0/24.) Store subnets will match the store numbers already used<br />
by Mom <strong>and</strong> Pop’s. The addressing convention will be 172.16.x.0/24, where x is the store number. Using a<br />
numbering scheme that also denotes the location helps tremendously when troubleshooting. For example, a<br />
poorly performing or failing NIC can cause a flood of meaningless traffic. This traffic can be identified by<br />
its IP address using network monitoring software. The IP address alone is enough to tell you which store is<br />
generating the excess traffic.<br />
For routing, you can use any classless routing protocol, including RIPv2, OSPF, <strong>and</strong> EIGRP. However,<br />
although the network is large, it is not overly complex. There is no need to complicate the situation with a<br />
more complex routing protocol. RIPv2 is probably the best choice in this situation.
34 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
RIP Version 2<br />
RIP was designed to work as a simple Interior Gateway Protocol (IGP) within small <strong>and</strong> moderate-sized<br />
autonomous systems. The first version of RIP did not support VLSM, but rather simply advertised the<br />
classful network to RIP neighbors. However, the original RIP specification (RFC 1058) provided several<br />
empty fields in the RIP update that are now used by RIP version 2 (RFC 2453). In the following two exercises,<br />
you will compare <strong>and</strong> contrast RIPv1 <strong>and</strong> RIPv2. Then, you will complete a research exercise to discover<br />
more details about the two versions of RIP.<br />
Compare <strong>and</strong> Contrast Exercise<br />
Compare <strong>and</strong> contrast RIPv1 <strong>and</strong> RIPv2 by listing the features of each protocol in the following table.<br />
RIPv1 Features RIPv2 Features<br />
Hop count is the metric. Hop count is the metric.<br />
Maximum hop count is 15. Maximum hop count is 15.<br />
Uses hold-down timers to prevent routing loops. Uses hold-down timers to prevent routing loops.<br />
Uses split-horizon to prevent routing loops. Uses split-horizon to prevent routing loops.<br />
Failure to receive updates in a timely manner Failure to receive updates in a timely manner results in<br />
results in removal of routes previously learned removal of routes previously learned from a neighbor.<br />
from a neighbor.<br />
The administrative distance is 120. The administrative distance is 120.<br />
Routing updates are broadcast every Routing updates are multicast every 30 seconds by 30<br />
seconds by default. default.<br />
Capable of load balancing over as many as six Capable of load balancing over as many as six<br />
equal-cost paths—four paths by default. equal-cost paths—four paths by default.<br />
Authentication is not supported. Supports clear-text <strong>and</strong> Message Digest 5 (MD5)<br />
authentication.<br />
VLSM is not supported— VLSM is supported—sends mask in the update.<br />
it is a classful routing protocol.<br />
Does not support manual route summarization. Supports manual route summarization.<br />
From your preceding list of features, what are the four improvements added to RIPv2?<br />
■ Multicasting of updates<br />
■ Support for simple <strong>and</strong> MD5 authentication<br />
■ Support for VLS because subnet mask information is sent in updates<br />
■ Support for route summarization<br />
Internet Research<br />
RIP is an open st<strong>and</strong>ard, which means the specifications for the format of RIP messages is not proprietary<br />
<strong>and</strong> can be implemented by any vendor or software developer. When you are not sure about an open st<strong>and</strong>ard<br />
such as RIP or OSPF, you can always refer to the original Request For Comments (RFC) for that<br />
st<strong>and</strong>ard. For this research exercise, use the Internet to find the RFC for RIPv2 <strong>and</strong> answer the following<br />
questions.
Students should be well versed in using search tools. The RFCs for RIPv1 <strong>and</strong> RIPv2 exist is several<br />
places on the Internet. Emphasize that they should look for the most recent version of the RFC. In this<br />
case, RFC 2453 is sufficient to answer all of the following questions. Students should also be encouraged<br />
to find the original source for RFCs—the Internet Engineering Task Force (IETF). According to<br />
http://www.ietf.org, IETF “…is a large open international community of network designers, operators,<br />
vendors, <strong>and</strong> researchers concerned with the evolution of the Internet architecture <strong>and</strong> the smooth operation<br />
of the Internet.” The IETF collection of RFCs can be found at http://www.ietf.org/rfc/rfc#, where # is<br />
the number of the RFC.<br />
What Layer 4 protocol does RIP use <strong>and</strong> what is its port number?<br />
RIP used UDP <strong>and</strong> its port number is 520.<br />
How many routing updates can a RIP update contain?<br />
A RIP update can contain up to 25 routing updates.<br />
RIPv1 <strong>and</strong> RIPv2 both use the same header information. RIPv2 uses empty fields in the 20-byte RIPv1<br />
route entry. Fill in the names of the fields for both the RIPv1 <strong>and</strong> RIPv2 route entries in Figure 1-23 <strong>and</strong><br />
Figure 1-24, respectively. (Hint: Look for phrases “message format” <strong>and</strong> “protocol extensions.”)<br />
Figure 1-23 RIPv1 Header <strong>and</strong> Route Entry<br />
Comm<strong>and</strong> (1)<br />
Address Family Identifier (2)<br />
IPv4 Address (4)<br />
Chapter 1: Introduction to Classless Routing 35<br />
Version (1) Must be Zero (2)<br />
Must be Zero (4)<br />
Must be Zero (4)<br />
Metric (4)<br />
Must be Zero (4)
36 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Figure 1-24 RIPv2 Header <strong>and</strong> Route Entry<br />
Comm<strong>and</strong> (1) Version (1) Must be Zero (2)<br />
Address Family Identifier (2)<br />
IPv4 Address (4)<br />
Subnet Mask (4)<br />
Next Hop (4)<br />
Metric (4)<br />
Notice that authentication is not listed in any of the fields. Briefly explain how RIPv2 allows authentication<br />
of messages.<br />
From RFC 2453:<br />
Since authentication is a per message function, <strong>and</strong> since there is only one 2-octet field available in the<br />
message header, <strong>and</strong> since any reasonable authentication scheme will require more than two octets, the<br />
authentication scheme for RIP version 2 will use the space of an entire RIP entry. If the Address Family<br />
Identifier of the first (<strong>and</strong> only the first) entry in the message is 0xFFFF, then the remainder of the entry<br />
contains the authentication. This means that there can be, at most, 24 RIP entries in the remainder of the<br />
message. If authentication is not in use, then no entries in the message should have an Address Family<br />
Identifier of 0xFFFF.<br />
Briefly explain the use of the fields Route Tag <strong>and</strong> Next Hop.<br />
Route Tag (2)<br />
From RFC 2453:<br />
4.2 Route Tag<br />
The intended use of the Route Tag is to provide a method of separating “internal” RIP routes (routes for<br />
networks within the RIP routing domain) from “external” RIP routes, which may have been imported from<br />
an EGP or another IGP.<br />
4.4 Next Hop<br />
The immediate next hop IP address to which packets to the destination specified by this route entry should<br />
be forwarded. Specifying a value of 0.0.0.0 in this field indicates that routing should be via the originator<br />
of the RIP advertisement.
Lab Exercises<br />
Comm<strong>and</strong> Reference<br />
In the table that follows, record the comm<strong>and</strong>, including the correct router prompt, that fits the description.<br />
Comm<strong>and</strong> Description<br />
Router(conig)#ip classless Causes a classful routing protocol to evaluate all packets<br />
using the longest-match criterion. As a last resort, the<br />
router will use the default route rather than discard<br />
traffic bound for unknown subnets of a known classful<br />
network.<br />
Router(config)#ip subnet-zero Allows the use of the all-0 subnets; on by default in<br />
Cisco IOS Software Release 12.0 <strong>and</strong> later.<br />
Router(config)#router rip Turns off the RIP routing process.<br />
Router(config-router)#version 2 Turns on Version 2 of the routing process.<br />
Router(config-router)#network a.b.c.d Configures the network number of the directly connect<br />
ed classful network you want to advertise.<br />
Router(config-router)#no auto-summary RIPv2 summarizes networks at the classful boundary.<br />
This comm<strong>and</strong> turns off autosummarization.<br />
Router#debug ip rip Displays all RIP activity in real time.<br />
Router#show ip rip database Displays contents of the RIP database.<br />
Curriculum Lab 1-1: Calculating VLSM Subnets (1.1.4)<br />
Figure 1-25 Topology for Lab 1-1<br />
192.168.10.128/30<br />
Address Space<br />
192.168.10.0/24<br />
Perth<br />
KL<br />
Sydney<br />
Chapter 1: Introduction to Classless Routing 37<br />
28 Hosts<br />
192.168.10.64/27<br />
192.168.10.132/30 192.168.10.136/30<br />
Singapore<br />
60 Hosts<br />
12 Hosts<br />
12 Hosts<br />
192.168.10.0/26 192.168.10.96/28 192.168.10.112/28
38 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Objective<br />
Use variable-length subnet masking (VLSM) to support more efficient use of the assigned IP address <strong>and</strong><br />
to reduce the amount of routing information at the top level.<br />
The solution to this VLSM lab is provided in the steps themselves. Students should take the recommended<br />
subnetting in each step <strong>and</strong> build a diagram of the network, showing routers, LANs, <strong>and</strong> WAN links. Each<br />
LAN <strong>and</strong> WAN link should be labeled with the appropriate subnet address <strong>and</strong> slash number. A suggested<br />
diagram can be found at the end of this lab.<br />
Background/Preparation<br />
A Class C address of 192.168.10.0/24 has been allocated.<br />
Perth, Sydney, <strong>and</strong> Singapore have a WAN connection to Kuala Lumpur. The host requirements are<br />
as follows:<br />
■ Perth requires 60 hosts.<br />
■ Kuala Lumpur requires 28 hosts.<br />
■ Sydney <strong>and</strong> Singapore each require 12 hosts.<br />
To calculate VLSM subnets <strong>and</strong> the respective hosts, allocate the largest requirements first from the<br />
address range. Requirements levels should be listed from the largest to the smallest.<br />
In this example, Perth requires 60 hosts. Use 6 bits, because 2 6 <strong>–</strong> 2 = 62 usable host addresses. Thus,<br />
2 bits will be used from the fourth octet to represent the extended network prefix of /26, <strong>and</strong> the remaining<br />
6 bits will be used for host addresses.<br />
Task 1: Divide the Allocated Addresses into Four Equal-Sized<br />
Address Blocks<br />
Step 1. Divide the allocated address of 192.168.10.0/24 into four equal-sized address blocks. Because<br />
4 = 2 2 , 2 bits are required to identify each of the four subnets.<br />
Step 2. Take subnet 0 (192.168.10.0/26) <strong>and</strong> identify each of its hosts. Table 1-1 documents the allocated<br />
addresses, subnetworks, <strong>and</strong> usable hosts.<br />
Table 1-1 Usable Hosts for 192.168.10.0/24<br />
Allocated Address Subnetworks 62 Usable Hosts/Subnetworks (Subnet 0)<br />
192.168.10.0/24 192.168.10.0/26 192.168.10.0/26 (network address)<br />
Table 1-2 lists the range for the /26 mask.<br />
192.168.10.64/26 192.168.10.1/26<br />
192.168.10.128/26 192.168.10.2/26<br />
192.168.10.192/26 192.168.10.3/26<br />
through<br />
192.168.10.61/26<br />
192.168.10.62/26<br />
192.168.10.63/26 (broadcast address)
Table 1-2 IP Address Range for 192.168.10.0/26<br />
Perth Range of Addresses in the Last Octet<br />
192.168.10.0/26 From 0 to 63. Sixty hosts required.<br />
Hosts 0 <strong>and</strong> 63 cannot be used because they are the network <strong>and</strong> broadcast<br />
addresses for their subnet.<br />
Task 2: Allocate the Next Level After All the Requirements Are<br />
Met for the Higher Level(s)<br />
Kuala Lumpur requires 28 hosts. The next available address after 192.168.10.63/26 is 192.168.10.64/26.<br />
Note from Table 1-2 that this is subnet 1. Because 28 hosts are required, 2 5 <strong>–</strong> 2 = 30 usable network<br />
addresses. Thus, 5 bits will be required to represent the hosts, <strong>and</strong> 3 bits will be used to represent the<br />
extended network prefix of /27. Applying VLSM on address 192.168.10.64/27 gives the results in Table 1-3.<br />
Table 1-3 Usable Hosts for 192.168.10.64/26<br />
Subnetwork 1 Sub-Subnetworks 30 Usable Hosts<br />
192.168.10.64/26 192.168.10.64/27 192.168.10.65/27<br />
Table 1-4 lists the range for the /27 mask.<br />
192.168.10.96/27 192.168.10.66/27<br />
192.168.10.128/27 192.168.10.67/26<br />
192.168.10.192/27 through<br />
Table 1-4 IP Address Range for 192.168.10.64/27<br />
Kuala Lumpur Range of Addresses in the Last Octet<br />
192.168.10.64/27 (network address)<br />
192.168.10.93/27<br />
192.168.10.94/27<br />
192.168.10.95/27 (broadcast address)<br />
192.168.10.64/27 From 64 to 95. 28 hosts required.<br />
Hosts 64 <strong>and</strong> 95 cannot be used because they are the network <strong>and</strong> broadcast<br />
addresses for their subnet. Thirty usable addresses are available in this range for<br />
the hosts.<br />
Task 3: Allocate Address Space for Sydney<br />
Chapter 1: Introduction to Classless Routing 39<br />
Sydney <strong>and</strong> Singapore require 12 hosts each. The next available address starts from 192.168.10.96/27.<br />
Note from Table 1-2 that this is the next subnet available. Because 12 hosts are required, 2 4 <strong>–</strong> 2 = 14<br />
usable addresses. Thus, 4 bits are required to represent the hosts, <strong>and</strong> 4 bits are required for the extended<br />
network prefix of /28. Applying VLSM on address 192.168.10.96/27 gives the results in Table 1-5.
40 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Table 1-5 Usable Hosts for 192.168.10.96/27<br />
Subnetwork 2 Sub-Subnetworks 14 Usable Hosts<br />
192.168.10.96/27 192.168.10.96/28 192.168.10.96/28 (network address)<br />
Table 1-6 lists the range for the /28 mask.<br />
192.168.10.112/28 192.168.10.97/28<br />
192.168.10.128/28 192.168.10.98/28<br />
192.168.10.224/28 192.168.10.99/28<br />
192.168.10.240/28 through<br />
Table 1-6 IP Address Range for 192.168.10.96/28<br />
Sydney Range of Addresses in the Last Octet<br />
192.168.10.109/28<br />
192.168.10.110/28<br />
192.168.10.111/28 (broadcast address)<br />
192.168.10.96/28 From 96 to 111. Twelve hosts required.<br />
Hosts 96 <strong>and</strong> 111 cannot be used because they are network <strong>and</strong> broadcast<br />
addresses for their subnet. Fourteen usable addresses are available in this range<br />
for the hosts.<br />
Task 4: Allocate Address Space for Singapore<br />
Because Singapore also requires 12 hosts, the next set of host addresses in Table 1-7 can be derived from<br />
the next available subnet (192.168.10.112/28).<br />
Table 1-7 Singapore Host Addresses<br />
Sub-Subnetworks 14 Usable Hosts<br />
192.168.10.96/28 192.168.10.112/28 (network address)<br />
192.168.10.112/28 192.168.10.113/28<br />
192.168.10.128/28 192.168.10.114/28<br />
192.168.10.224/28 192.168.10.115/28<br />
through<br />
192.168.10.240/28 192.168.10.125/28<br />
Table 1-8 lists the range for the /28 mask.<br />
192.168.10.126/28<br />
192.168.10.127/28 (broadcast address)
Table 1-8 IP Address Range for 192.168.10.112/28<br />
Singapore Range of Addresses in the Last Octet<br />
192.168.10.112/28 From 112 to 127. Twelve hosts required.<br />
Hosts 112 <strong>and</strong> 127 cannot be used because they are network <strong>and</strong> broadcast<br />
addresses for their subnet. Fourteen usable addresses are available in this<br />
range for the hosts.<br />
Task 5: Allocate Address Space for WAN Links<br />
Now allocate addresses for the WAN links. Remember that each WAN link requires two IP addresses. The<br />
next available subnet is 192.168.10.128/28. Because two network addresses are required for each WAN<br />
link, 2 2 <strong>–</strong> 2 = 2 usable addresses. Thus, 2 bits are required to represent the links, <strong>and</strong> 6 bits are required<br />
for the extended network prefix of /30. Applying VLSM on 192.168.10.128/28 gives the results in Table 1-9.<br />
Table 1-9 Usable Hosts After Applying VLSM on 192.168.10.112/28<br />
Sub-Subnetworks 14 Usable Hosts<br />
192.168.10.128/30 192.168.10.128/30 (network address)<br />
192.168.10.129/30<br />
192.168.10.130/30<br />
192.168.10.31/30 (broadcast address)<br />
192.168.10.132/30 192.168.10.132/30 (network address)<br />
192.168.10.133/30<br />
192.168.10.134/30<br />
192.168.10.135/30 (broadcast address)<br />
192.168.10.136/30 192.168.10.136/30 (network address)<br />
192.168.10.137/30<br />
192.168.10.138/30<br />
192.168.10.139/30 (broadcast address)<br />
Chapter 1: Introduction to Classless Routing 41<br />
The available addresses for the WAN links can be taken from the available addresses in each of the /30<br />
subnets.<br />
Sometimes, a visual will help your students see how an address space can be used with VLSM. One visual<br />
I like to use is to represent the address space in a big, square box, as shown in Figure 1-25B.
42 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Figure 1-25B VLSM Design Using a Visual<br />
This diagram illustrates how the<br />
Class C address was subnetted<br />
using VLSM. The network address<br />
<strong>and</strong> broadcast address for<br />
each subnet are shown in the<br />
corners of each box.<br />
0<br />
64<br />
/27<br />
95<br />
/26<br />
96<br />
112<br />
128<br />
/30<br />
131<br />
132<br />
/30<br />
135<br />
144<br />
First, draw a large box on the board. Label the top-left corner with the subnet address <strong>and</strong> the bottom-right<br />
corner with the broadcast address. For our beginning address space in this lab, the corners are .0 <strong>and</strong> .255,<br />
respectively.<br />
For the first VLSM step, we borrowed 2 bits. This can be represented visually by bisecting the box in half<br />
two times (for 2 bits). First, draw a horizontal line cutting the box in half. Then, draw a vertical line cutting<br />
the box into fourths. This visually represents to your students that we created four subnets. Now label<br />
each box’s top-left <strong>and</strong> bottom-right corners with the beginning <strong>and</strong> ending address in each of the subnets.<br />
So, the top-left box already has .0 but needs an address for the bottom left, which is the broadcast address<br />
for that subnet or .63. You can see from Figure 1-25B how the other four boxes are labeled.<br />
In the lab, we assigned the first box to Perth because 192.168.10.0/26 is enough address space for<br />
60 hosts. In our figure, we can label the box with “Perth LAN /26” so that we know that block of<br />
addresses has been assigned.<br />
/28<br />
/28<br />
63<br />
192<br />
Next, we need address space for the 28 hosts attached to Kuala Lumpur. So, we subnet the .64/26 address<br />
space borrowing 1 bit. In our visual, we draw a vertical line bisecting this block of addresses <strong>and</strong> label our<br />
corners. Then, we assign 192.168.10.64/27 to Kuala Lumpur’s LAN.<br />
Sydney <strong>and</strong> Singapore both need address space to support 12 hosts. Continuing contiguously through our<br />
address space, we borrow 1 bit from the 192.168.10.96/27 address space to make two subnets:<br />
192.168.10.96/28 <strong>and</strong> 192.168.10.112/28. In our visual, we draw a horizontal line to represent the borrowing<br />
of 1 bit <strong>and</strong> label each box with the name of the LAN assigned to that block of addresses.<br />
Our last step is to assign WAN links. We have the entire second half of the address space available represented<br />
by 192.168.10.128/25. For WAN links, we need only two hosts. Therefore, we can borrow 5 more<br />
bits from 192.168.10.128/25. In our visual, we represent the 5 bits borrowed by first drawing a horizontal<br />
line to bisect the 192.168.10.128/25 address space. Then, we draw a vertical line in the upper box to bisect<br />
the 192.168.10.128/26 address space. Then, we draw a third line to bisect the 192.168.10.128/27 address<br />
space. Finally, we draw a vertical line <strong>and</strong> a horizontal line to bisect the 192.168.10.128/28 address space<br />
into four subnets perfect for WAN links.<br />
111<br />
127<br />
136<br />
/30<br />
139<br />
140<br />
/30<br />
143<br />
159<br />
160<br />
191<br />
255
To finish our visual, we label all the corners <strong>and</strong> designate what the prefix is for each address space. These<br />
are our leftover, unused subnets.<br />
Remember, not every student will care for the visual way of representing VLSM. Many prefer to simply<br />
do it by h<strong>and</strong>. In addition, this visual method can be difficult with larger address spaces. Imagine trying to<br />
do this same exercise with a 10.0.0.0/8 address space <strong>and</strong> eight levels of subnetting. It would not be<br />
impossible, but it also would not be very effective. However, I have found that, for some students, the<br />
“light comes on” when I use a visual representation for VLSM.<br />
Curriculum Lab 1-2: Review of Basic Router Configuration<br />
with RIP (1.2.3)<br />
Figure 1-26 Topology for Lab 1-2<br />
Straight-Through Cable<br />
Table 1-10 Lab Equipment Configuration<br />
Router Router Name Fast Ethernet 0 Address Interface Type Serial 0 Address<br />
Designation<br />
Router 1 GAD 172.16.0.1 DCE 172.17.0.1<br />
Router 2 BHM 172.18.0.1 DTE 172.17.0.2<br />
The enable secret password for both routers is class.<br />
The enable, VTY, <strong>and</strong> console password for both routers is cisco.<br />
The subnet mask for both interfaces on both routers is 255.255.0.0.<br />
Chapter 1: Introduction to Classless Routing 43<br />
Router 1 Router 2<br />
Rollover (Console) Cable<br />
Crossover Cable<br />
Serial Cable
44 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Objectives<br />
■ Cable <strong>and</strong> configure workstations <strong>and</strong> routers.<br />
■ Set up an IP addressing scheme by using Class B networks.<br />
■ Configure RIP on routers.<br />
Background/Preparation<br />
Cable a network that is similar to the one in Figure 1-26. You can use any router that meets the interface<br />
requirements in Figure 1-26 (that is, 800, 1600, 1700, 2500, <strong>and</strong> 2600 routers or a combination). Refer to<br />
the information in Appendix A, “Router Interface Summary Chart,” to correctly specify the interface identifiers<br />
based on the equipment in your lab. The 1721 series routers produced the configuration output in<br />
this lab. Another router might produce slightly different output. You should execute the following steps on<br />
each router unless you are specifically instructed otherwise.<br />
Implement the procedure documented in Appendix C, “Erasing <strong>and</strong> Reloading the Router,” before you<br />
continue with this lab.<br />
General Configuration Tips<br />
■ Use the question mark (?) <strong>and</strong> arrow keys to help to enter comm<strong>and</strong>s.<br />
■ Each comm<strong>and</strong> mode restricts the set of available comm<strong>and</strong>s. If you have difficulty entering a comm<strong>and</strong>,<br />
check the prompt <strong>and</strong> then enter ? for a list of available comm<strong>and</strong>s. The problem might be a<br />
wrong comm<strong>and</strong> mode or wrong syntax.<br />
■ To disable a feature, enter the keyword no before the comm<strong>and</strong>; for example, no ip routing.<br />
■ Save the configuration changes to nonvolatile RAM (NVRAM) so that the changes are not lost if there<br />
is a system reload or power outage.<br />
Table 1-11 lists the router comm<strong>and</strong> modes for this <strong>and</strong> other labs in the chapter.<br />
Table 1-11 Router Comm<strong>and</strong> Modes<br />
Comm<strong>and</strong> Mode Access Method Router Prompt Exit Method<br />
Displayed<br />
User EXEC Log in. Router> Use the logout comm<strong>and</strong>.<br />
Privileged EXEC From user EXEC Router# To exit to user EXEC mode,<br />
mode, enter the use the disable, exit, or<br />
enable comm<strong>and</strong>. logout comm<strong>and</strong>.<br />
Global From privileged EXEC Router(config)# To exit to privileged EXEC<br />
configuration mode, enter the mode, use the exit or end<br />
configure terminal comm<strong>and</strong>, or press Ctrl-Z.<br />
comm<strong>and</strong>.<br />
Interface From global Router(config-if)# To exit to global configuraconfiguration<br />
configuration mode, tion mode, use the exit<br />
enter the interface comm<strong>and</strong>.<br />
type number comm<strong>and</strong>,<br />
such as interface serial 0.
Task 1: Basic Router Configuration<br />
Connect one end of a rollover cable to the console port on the router <strong>and</strong> connect the other end to the PC<br />
with a DB-9 or DB-25 adapter to a COM port. You should do this prior to powering on any devices.<br />
Task 2: Start the HyperTerminal Program<br />
Step 1. Turn on the computer <strong>and</strong> router.<br />
Step 2. From the Windows taskbar, locate the HyperTerminal program by choosing Start > Programs<br />
> Accessories > Communications > HyperTerminal.<br />
Task 3: Name the HyperTerminal Session<br />
In the Connection Description dialog box, enter a name in the Name field <strong>and</strong> click OK (see Figure 1-27).<br />
Figure 1-27 HyperTerminal Connection Description Dialog Box<br />
Chapter 1: Introduction to Classless Routing 45<br />
Task 4: Specify the Computer’s Connecting Interface<br />
In the Connect To dialog box, select COM1 from the Connect Using drop-down list <strong>and</strong> click OK (see<br />
Figure 1-28).
46 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Figure 1-28 HyperTerminal Connect To Dialog Box<br />
Task 5: Specify the Interface Connection Properties<br />
Step 1. In the COM1 Properties dialog box, use the drop-down arrows to select the following (see<br />
Figure 1-29):<br />
Bits per second = 9600<br />
Data bits = 8<br />
Parity = None<br />
Stop bits = 1<br />
Flow control = None<br />
Step 2. Click OK.
Figure 1-29 HyperTerminal Interface Connection Property Settings<br />
Step 3. When the HyperTerminal session window opens (see Figure 1-30), turn on the router. If the<br />
router is already on, press the Enter key. The router should respond.<br />
Figure 1-30 HyperTerminal Session Window<br />
If the router responds, the connection has been successfully completed.<br />
Chapter 1: Introduction to Classless Routing 47
48 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 6: Close the Session<br />
Step 1. To end the console session from a HyperTerminal session, choose File > Exit.<br />
Step 2. When the HyperTerminal disconnect warning dialog box appears, click Yes (see Figure 1-31).<br />
Figure 1-31 Closing a HyperTerminal Session<br />
Step 3. The computer asks if you want to save the session (see Figure 1-32). Click Yes.<br />
Figure 1-32 Saving a HyperTerminal Session<br />
Task 7: Reopen the HyperTerminal Connection<br />
Step 1. In the Connection Description dialog box (refer to Figure 1-27), click Cancel.<br />
Step 2. To open the saved console session from HyperTerminal, choose File > Open. The saved session<br />
will appear. By double-clicking on the name, the connection opens without reconfiguring<br />
it each time.
Task 8: Configure Hostname <strong>and</strong> Passwords on Router GAD<br />
Enter enable at the user mode prompt <strong>and</strong> enter the rest of the comm<strong>and</strong>s in the following code.<br />
Router>enable<br />
Router#configure terminal<br />
Router(config)#hostname GAD<br />
GAD(config)#enable password cisco<br />
GAD(config)#enable secret class<br />
GAD(config)#line console 0<br />
GAD(config-line)#password cisco<br />
GAD(config-line)#login<br />
GAD(config-line)#line vty 0 4<br />
GAD(config-line)#password cisco<br />
GAD(config-line)#login<br />
GAD(config-line)#exit<br />
GAD(config)#<br />
Task 9: Configure Interface Serial 0 on Router GAD<br />
From global configuration mode, configure interface serial 0 (refer to Appendix A) on router GAD.<br />
GAD(config)#interface serial 0<br />
GAD(config-if)#ip address 172.17.0.1 255.255.0.0<br />
GAD(config-if)#clock rate 64000<br />
GAD(config-if)#no shutdown<br />
GAD(config-if)#exit<br />
Task 10: Configure the Fast Ethernet 0 Interface on Router GAD<br />
GAD(config)#interface fastethernet 0<br />
GAD(config-if)#ip address 172.16.0.1 255.255.0.0<br />
GAD(config-if)#no shutdown<br />
GAD(config-if)#exit<br />
Task 11: Configure the IP Host Statements on Router GAD<br />
GAD(config)#ip host BMH 172.18.0.1 172.17.0.1<br />
Chapter 1: Introduction to Classless Routing 49
50 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 12: Configure RIP Routing on Router GAD<br />
GAD(config)#router rip<br />
GAD(config-router)#network 172.16.0.0<br />
GAD(config-router)#network 172.17.0.0<br />
GAD(config-router)#exit<br />
GAD(config)#exit<br />
Task 13: Save the GAD Router Configuration<br />
GAD#copy running-config startup-config<br />
Destination filename [startup-config]?[Enter]<br />
Task 14: Configure Hostname <strong>and</strong> Passwords on Router BHM<br />
Enter enable at the user mode prompt <strong>and</strong> enter the rest of the comm<strong>and</strong>s in the following code.<br />
Router>enable<br />
Router#configure terminal<br />
Router(config)#hostname BHM<br />
BHM(config)#enable password cisco<br />
BHM(config)#enable secret class<br />
BHM(config)#line console 0<br />
BHM(config-line)#password cisco<br />
BHM(config-line)#login<br />
BHM(config-line)#line vty 0 4<br />
BHM(config-line)#password cisco<br />
BHM(config-line)#login<br />
BHM(config-line)#exit<br />
BHM(config)#<br />
Task 15: Configure Interface Serial 0 on Router BHM<br />
From global configuration mode, configure interface serial 0 (refer to Appendix A) on router BHM.<br />
BHM(config)#interface serial 0<br />
BHM(config-if)#ip address 172.17.0.2 255.255.0.0<br />
BHM(config-if)#no shutdown<br />
BHM(config-if)#exit<br />
Task 16: Configure the Fast Ethernet 0 Interface on Router BHM<br />
BHM(config)#interface fastethernet 0<br />
BHM(config-if)#ip address 172.18.0.1 255.255.0.0<br />
BHM(config-if)#no shutdown<br />
BHM(config-if)#exit
Task 17: Configure the IP Host Statements on Router BHM<br />
BHM(config)#ip host GAD 172.16.0.1 172.17.0.1<br />
Task 18: Configure RIP Routing on Router BHM<br />
BHM(config)#router rip<br />
BHM(config-router)#network 172.18.0.0<br />
BHM(config-router)#network 172.17.0.0<br />
BHM(config-router)#exit<br />
BHM(config)#exit<br />
Task 19: Save the BHM Router Configuration<br />
BHM# copy running-config startup-config<br />
Destination filename [startup-config]?[Enter]<br />
Task 20: Configure the Hosts<br />
Using the following information, configure the hosts with the proper IP address, subnet mask, <strong>and</strong> default<br />
gateway:<br />
Host connected to router GAD<br />
IP address: 172.16.0.2<br />
Subnet mask: 255.255.0.0<br />
Default gateway: 172.16.0.1<br />
Host connected to router BHM<br />
IP address: 172.18.0.2<br />
Subnet mask: 255.255.0.0<br />
Default gateway: 172.18.0.1<br />
Chapter 1: Introduction to Classless Routing 51<br />
Task 21: Verify the Internetwork Is Functioning by Pinging the<br />
Fast Ethernet Interface of the Other Router<br />
Step 1. From the host that is attached to GAD, ping the BHM router Fast Ethernet interface. Was the<br />
ping successful? Yes<br />
Step 2. From the host that is attached to BHM, ping the GAD router Fast Ethernet interface. Was the<br />
ping successful? Yes<br />
Step 3. If the answer is no for either question, troubleshoot the router configurations to find the error.<br />
Then, do the pings again until the answer to both questions is yes. Finally, ping all interfaces in<br />
the network.
52 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 22: Show the Routing Tables for Each Router<br />
Step 1. From enable (privileged EXEC) mode, examine the routing table entries by using the show ip<br />
route comm<strong>and</strong> on each router.<br />
GAD#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B <strong>–</strong> BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - c<strong>and</strong>idate<br />
default<br />
route<br />
U - per-user static route, o - ODR, P - periodic downloaded static<br />
T - traffic engineered route<br />
Gateway of last resort is not set<br />
C 172.17.0.0/16 is directly connected, Serial0<br />
C 172.16.0.0/16 is directly connected, FastEthernet0<br />
R 172.18.0.0/16 [120/1] via 172.17.0.2, Serial0<br />
BHM#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B <strong>–</strong> BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter<br />
area * - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is not set<br />
C 172.17.0.0/16 is directly connected, Serial0<br />
R 172.16.0.0/16 [120/1] via 172.17.0.1, 00:00:27, Serial0<br />
C 172.18.0.0/16 is directly connected, FastEthernet0<br />
What are the entries in the GAD routing table?<br />
Networks 172.17.0.0/16 <strong>and</strong> 172.16.0.0/16 are directly connected <strong>and</strong> network 172.18.0.0/16<br />
was learned through RIP from next hop 172.17.0.2 through local interface serial 0.<br />
What are the entries in the BHM routing table?<br />
Networks 172.17.0.0/16 <strong>and</strong> 172.18.0.0/16 are directly connected <strong>and</strong> network 172.16.0.0/16<br />
was learned through RIP from next hop 172.17.0.1 through local interface serial 0.<br />
Step 2. Upon completion of the previous step, log off (by typing exit) <strong>and</strong> turn the router off. Then,<br />
remove <strong>and</strong> store the cables <strong>and</strong> adapter.
Curriculum Lab 1-3: Converting RIPv1 to RIPv2 (1.2.4)<br />
Figure 1-33 Topology for Lab 1-3<br />
Table 1-12 Lab Equipment Configuration<br />
Router Router Name Fast Ethernet 0 Address Interface Type Serial 0 Address<br />
Designation<br />
Router 1 GAD 172.16.0.1 DCE 172.17.0.1<br />
Router 2 BHM 172.18.0.1 DTE 172.17.0.2<br />
The enable secret password for both routers is class.<br />
The enable, VTY, <strong>and</strong> console password for both routers is cisco.<br />
The subnet mask for both interfaces on both routers is 255.255.0.0.<br />
Objectives<br />
■ Configure RIP Version 1 on routers.<br />
■ Convert to RIP Version 2 on routers.<br />
Background/Preparation<br />
Straight-Through Cable<br />
Chapter 1: Introduction to Classless Routing 53<br />
Router 1 Router 2<br />
Rollover (Console) Cable<br />
Crossover Cable<br />
Serial Cable<br />
Cable a network similar to the one in Figure 1-33. You can use any router that meets the interface requirements<br />
in Figure 1-33 (that is, 800, 1600, 1700, 2500, <strong>and</strong> 2600 routers or a combination). Refer to the<br />
information in Appendix A to correctly specify the interface identifiers based on the equipment in your lab.<br />
The 1721 series routers produced the configuration output in this lab. Another router might produce slightly<br />
different output. You should execute the following steps on each router unless you are specifically<br />
instructed otherwise.
54 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Start a HyperTerminal session.<br />
Implement the procedure documented in Appendix C on all routers before you continue with this lab.<br />
Task 1: Configure the Routers<br />
On the routers, configure the hostnames, console, virtual terminal, <strong>and</strong> enable passwords. Next, configure<br />
the serial (IP address <strong>and</strong> clock rate) <strong>and</strong> Fast Ethernet (IP address) interfaces. Finally, configure IP hostnames.<br />
If you have problems performing the basic configuration, refer to Lab 1-2, “Review of Basic<br />
Router Configuration with RIP.” You can also configure optional interface descriptions <strong>and</strong> message of the<br />
day banners. Be sure to save the configurations you just created.<br />
Router 1<br />
Router>enable<br />
Router#configure terminal<br />
Router(config)#hostname GAD<br />
GAD(config)#enable secret class<br />
GAD(config)#line console 0<br />
GAD(config-line)#password cisco<br />
GAD(config-line)#login<br />
GAD(config-line)#line vty 0 4<br />
GAD(config-line)#password cisco<br />
GAD(config-line)#login<br />
GAD(config-line)#exit<br />
GAD(config)#interface serial 0<br />
GAD(config-if)#ip address 172.17.0.1 255.255.0.0<br />
GAD(config-if)#clock rate 64000<br />
GAD(config-if)#no shutdown<br />
GAD(config-if)#exit<br />
GAD(config)#interface Fastethernet 0<br />
GAD(config-if)#ip address 172.16.0.1 255.255.0.0<br />
GAD(config-if)#no shutdown<br />
GAD(config-if)#exit<br />
GAD(config)#ip host BMH 172.18.0.1 172.17.0.2<br />
Router 2<br />
Router>enable<br />
Router#configure terminal<br />
Router(config)#hostname BHM<br />
BHM(config)#enable secret class<br />
BHM(config)#line console 0<br />
BHM(config-line)#password cisco<br />
BHM(config-line)#login<br />
BHM(config-line)#line vty 0 4<br />
BHM(config-line)#password cisco<br />
BHM(config-line)#login<br />
BHM(config-line)#exit
BHM(config)#interface serial 0<br />
BHM(config-if)#ip address 172.17.0.2 255.255.0.0<br />
BHM(config-if)#no shutdown<br />
BHM(config-if)#exit<br />
BHM(config)#interface Fastethernet 0<br />
BHM(config-if)#ip address 172.18.0.1 255.255.0.0<br />
BHM(config-if)#no shutdown<br />
BHM(config-if)#exit<br />
BHM(config)#ip host GAD 172.16.0.1 172.17.0.1<br />
Task 2: Configure the Routing Protocol on Router GAD<br />
Go to the proper comm<strong>and</strong> mode <strong>and</strong> configure RIP routing on the GAD router according to Table 1-12.<br />
GAD(config)#router rip<br />
GAD(config-router)#network 172.16.0.0<br />
GAD(config-router)#network 172.17.0.0<br />
GAD(config-router)#exit<br />
GAD(config)#exit<br />
Task 3: Save the GAD Router Configuration<br />
Any time that changes are correctly made to the running configuration, you should save them to the startup<br />
configuration. Otherwise, if the router is reloaded or power cycled, the changes that are not in the startup<br />
configuration are lost.<br />
GAD#copy running-config startup-config<br />
Destination filename [startup-config]?[Enter]<br />
Task 4: Configure the Routing Protocol on Router BHM<br />
Go to the proper comm<strong>and</strong> mode <strong>and</strong> configure RIP routing on the BHM router according to Table 1-12.<br />
BHM(config)#router rip<br />
BHM(config-router)#network 172.18.0.0<br />
BHM(config-router)#network 172.17.0.0<br />
BHM(config-router)#exit<br />
BHM(config)#exit<br />
Task 5: Save the BHM Router Configuration<br />
BHM#copy running-config startup-config<br />
Destination filename [startup-config]?[Enter]<br />
Chapter 1: Introduction to Classless Routing 55
56 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 6: Configure the Hosts<br />
Configure the hosts with proper IP addresses, subnet masks, <strong>and</strong> default gateways. Document your choices<br />
here:<br />
Host connected to router GAD<br />
IP address: 172.16.0.2<br />
Subnet mask: 255.255.0.0<br />
Default gateway: 172.16.0.1<br />
Host connected to router BHM<br />
IP address: 172.18.0.2<br />
Subnet mask: 255.255.0.0<br />
Default gateway: 172.18.0.1<br />
Task 7: Verify that the Internetwork Is Functioning<br />
Step 1. From each router, ping the other router’s Fast Ethernet interface.<br />
Step 2. From the host that is attached to GAD, ping the other host that is attached to the BHM router.<br />
Was the ping successful? Yes<br />
Step 3. From the host that is attached to BHM, ping the other host that is attached to the GAD router.<br />
Was the ping successful? Yes<br />
Step 4. If the answer is no for either question, troubleshoot the router configurations to find the error.<br />
Then, do the pings again until the answer to both questions is yes.<br />
Task 8: Enable RIPv2 Routing<br />
Enable version 2 of the RIP routing protocol on both the GAD <strong>and</strong> BHM routers.<br />
GAD(config)#router rip<br />
GAD(config-router)#version 2<br />
GAD(config-router)#exit<br />
GAD(config)#exit<br />
BHM(config)#router rip<br />
BHM(config-router)#version 2<br />
BHM(config-router)#exit<br />
BHM(config)#exit<br />
Task 9: Ping All Interfaces on the Network from Each Host<br />
Step 1. Could you still ping all of the interfaces on the network from each host? Yes<br />
Step 2. If not, troubleshoot the network <strong>and</strong> ping again.<br />
Step 3. Upon completion of the previous steps, log off (by typing exit) <strong>and</strong> turn the router off. Then,<br />
remove <strong>and</strong> store the cables <strong>and</strong> adapter.
Curriculum Lab 1-4: Verifying RIPv2 Configuration (1.2.5)<br />
Figure 1-34 Topology for Lab 1-4<br />
Table 1-13 Lab Equipment Configuration<br />
Router Router Name Fast Ethernet 0 Address Interface Type Serial 0 Address<br />
Designation<br />
Router 1 GAD 172.16.0.1 DCE 172.17.1.1<br />
Router 2 BHM 172.18.0.1 DTE 172.17.1.2<br />
The enable secret password for both routers is class.<br />
The enable, VTY, <strong>and</strong> console password for both routers is cisco.<br />
The subnet mask for both interfaces on both routers is 255.255.0.0.<br />
Objectives<br />
Straight-Through Cable<br />
■ Configure RIPv1 <strong>and</strong> RIPv2 on routers.<br />
■ Use show comm<strong>and</strong>s to verify RIPv2 operation.<br />
Chapter 1: Introduction to Classless Routing 57<br />
Router 1 Router 2<br />
Rollover (Console) Cable<br />
Crossover Cable<br />
Serial Cable<br />
Background/Preparation<br />
Cable a network that is similar to the one in Figure 1-34. You can use any router that meets the interface<br />
requirements in Figure 1-34 (that is, 800, 1600, 1700, 2500, <strong>and</strong> 2600 routers or a combination). Refer to<br />
the information in Appendix A to correctly specify the interface identifiers based on the equipment in your<br />
lab. The 1721 series routers produced the configuration output in this lab. Another router might produce<br />
slightly different output. You should execute the following steps on each router unless you are specifically<br />
instructed otherwise.<br />
Start a HyperTerminal session.<br />
Implement the procedure documented in Appendix C on all routers before continuing with this lab.
58 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 1: Configure the Routers<br />
On the routers, configure the hostnames, console, virtual terminal, <strong>and</strong> enable passwords. Next, configure<br />
the serial (IP address <strong>and</strong> clock rate) <strong>and</strong> Fast Ethernet (IP address) interfaces. Finally, configure IP hostnames.<br />
If you have problems performing the basic configuration, refer to Lab 1-2, “Review of Basic<br />
Router Configuration with RIP.” You can also configure optional interface descriptions <strong>and</strong> message of the<br />
day banners. Be sure to save the configurations you just created.<br />
Task 2: Configure the Routing Protocol on Router Gadsden<br />
Go to the correct comm<strong>and</strong> mode <strong>and</strong> configure RIP routing on the GAD router according to Table 1-13.<br />
GAD(config)#router rip<br />
GAD(config-router)#network 172.16.0.0<br />
GAD(config-router)#network 172.17.0.0<br />
GAD(config-router)#exit<br />
GAD(config)#exit<br />
Task 3: Save the Gadsden Router Configuration<br />
Any time that changes are correctly made to the running configuration, you should save them to the startup<br />
configuration. Otherwise, if you reload or power cycle the router, you will lose the changes that are not in<br />
the startup configuration.<br />
Task 4: Configure the Routing Protocol on Router BHM<br />
Go to the correct comm<strong>and</strong> mode <strong>and</strong> configure RIP routing on the BHM router according to Table 1-13.<br />
BHM(config)#router rip<br />
BHM(config-router)#network 172.18.0.0<br />
BHM(config-router)#network 172.17.0.0<br />
BHM(config-router)#exit<br />
BHM(config)#exit<br />
Task 5: Save the BHM Router Configuration<br />
Enter the comm<strong>and</strong> copy run start to save the current running configuration to NVRAM.<br />
Task 6: Configure the Hosts<br />
Configure the hosts with proper IP addresses, subnet masks, <strong>and</strong> default gateways. Document your choices<br />
here:<br />
Host connected to router GAD<br />
IP address: 172.16.0.2<br />
Subnet mask: 255.255.0.0<br />
Default gateway: 172.16.0.1<br />
Host connected to router BHM<br />
IP address: 172.18.0.2<br />
Subnet mask: 255.255.0.0<br />
Default gateway: 172.18.0.1
Task 7: Verify that the Internetwork Is Functioning<br />
Step 1. From each router, ping the other router’s Fast Ethernet interface.<br />
Step 2. From the host that is attached to GAD, ping the other host that is attached to the BHM router.<br />
Was the ping successful? Yes<br />
Step 3. From the host that is attached to BHM, ping the other host that is attached to the GAD router.<br />
Was the ping successful? Yes<br />
Step 4. If the answer is no for either question, troubleshoot the router configurations to find the error.<br />
Then, do the pings again until the answer to both questions is yes.<br />
Task 8: Show the Routing Tables for Each Router<br />
From enable (privileged EXEC) mode, examine the routing table entries by using the show ip route comm<strong>and</strong><br />
on each router.<br />
GAD#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B <strong>–</strong> BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - c<strong>and</strong>idate default<br />
U - per-user static route, o - ODR, P - periodic downloaded static route<br />
T - traffic engineered route<br />
Gateway of last resort is not set<br />
C 172.17.0.0/16 is directly connected, Serial0<br />
C 172.16.0.0/16 is directly connected, FastEthernet0<br />
R 172.18.0.0/16 [120/1] via 172.17.1.2, Serial0<br />
BHM#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B <strong>–</strong> BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is not set<br />
C 172.17.0.0/16 is directly connected, Serial0<br />
C 172.18.0.0/16 is directly connected, FastEthernet0<br />
R 172.16.0.0/16 [120/1] via 172.17.1.1, 00:00:27, Serial0<br />
What are the entries in the GAD routing table?<br />
C 172.17.0.0/16 is directly connected, Serial0<br />
C 172.16.0.0/16 is directly connected, FastEthernet0<br />
R 172.18.0.0/16 [120/1] via 172.17.1.2, Serial0<br />
Chapter 1: Introduction to Classless Routing 59
60 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
What are the entries in the BHM routing table?<br />
C 172.17.0.0/16 is directly connected, Serial0<br />
C 172.18.0.0/16 is directly connected, FastEthernet0<br />
R 172.16.0.0/16 [120/1] via 172.17.1.1, 00:00:27, Serial0<br />
Task 9: Enable RIPv2 Routing<br />
Enable Version 2 of the RIP routing protocol on the GAD <strong>and</strong> BHM routers.<br />
GAD(config)#router rip<br />
GAD(config-router)#version 2<br />
GAD(config-router)#exit<br />
GAD(config)#exit<br />
BHM(config)#router rip<br />
BHM(config-router)#version 2<br />
BHM(config-router)#exit<br />
BHM(config)#exit<br />
Task 10: Show the Routing Tables<br />
Show the routing tables on both routers again.<br />
GAD#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B <strong>–</strong> BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - c<strong>and</strong>idate default<br />
U - per-user static route, o - ODR, P - periodic downloaded static route<br />
T - traffic engineered route<br />
Gateway of last resort is not set<br />
C 172.17.0.0/16 is directly connected, Serial0<br />
C 172.16.0.0/16 is directly connected, FastEthernet0<br />
R 172.18.0.0/16 [120/1] via 172.17.1.2, Serial0<br />
BHM#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B <strong>–</strong> BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is not set<br />
C 172.17.0.0/16 is directly connected, Serial0<br />
C 172.18.0.0/16 is directly connected, FastEthernet0<br />
R 172.16.0.0/16 [120/1] via 172.17.1.1, 00:00:45, Serial0
Have they changed now that RIPv2 is being used instead of RIPv1? No<br />
What is the difference between RIPv2 <strong>and</strong> RIPv1?<br />
RIPv2 supports VLSM <strong>and</strong> RIPv1 does not.<br />
What must you do to see a difference between RIPv2 <strong>and</strong> RIPv1?<br />
Change the subnet mask of the interfaces.<br />
Task 11: Change the Fast Ethernet IP Subnet Mask on Router GAD<br />
Change the subnet mask on router GAD from a Class B (255.255.0.0) to a Class C (255.255.255.0). Use<br />
the same IP address.<br />
GAD(config)#interface fastethernet 0<br />
GAD(config-if)#ip address 172.16.0.1 255.255.255.0<br />
GAD(config-if)#exit<br />
How does this change affect the address for the Fast Ethernet interface?<br />
The IP address of the interface remains the same, but it belongs to a smaller subnet.<br />
Task 12: Show the GAD Routing Table<br />
Show the GAD routing table.<br />
GAD#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B <strong>–</strong> BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - c<strong>and</strong>idate default<br />
U - per-user static route, o - ODR, P - periodic downloaded static route<br />
T - traffic engineered route<br />
Gateway of last resort is not set<br />
C 172.17.0.0/16 is directly connected, Serial0<br />
172.16.0.0/24 is subnetted, 1 subnets<br />
C 172.16.0.0 is directly connected, FastEthernet0<br />
R 172.18.0.0/16 [120/1] via 172.17.1.2, Serial0<br />
Has the output changed now that you have added a subnetted IP address? Yes<br />
How has it changed?<br />
There is a new route to the subnet 172.16.0.0/24.<br />
Task 13: Show the BHM Routing Table<br />
Show the BHM routing table.<br />
BHM#show ip route<br />
Chapter 1: Introduction to Classless Routing 61<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B <strong>–</strong> BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
62 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is not set<br />
C 172.17.0.0/16 is directly connected, Serial0<br />
R 172.16.0.0/16 [120/1] via 172.17.1.1, 00:00:24, Serial0<br />
172.18.0.0/24 is subnetted, 1 subnets<br />
C 172.18.0.0 is directly connected, FastEthernet0<br />
Has the output changed now that you have added a subnetted IP address? Yes<br />
Task 14: Change the Network Addressing Scheme<br />
Change the addressing scheme of the network to a single Class B network with a Class C subnet (8 bits of<br />
subnetting).<br />
On the BHM router:<br />
BHM(config)#interface serial 0<br />
BHM(config-if)#ip address 172.16.1.2 255.255.255.0<br />
BHM(config-if)#exit<br />
BHM(config)#interface fastethernet 0<br />
BHM(config-if)#ip address 172.16.3.1 255.255.255.0<br />
BHM(config-if)#exit<br />
BHM(config)#exit<br />
BHM(config)#router rip<br />
BHM(config-router)#no network 172.18.0.0<br />
BHM(config-router)#no network 172.17.0.0<br />
BHM(config-router)#network 172.16.1.0<br />
BHM(config-router)#network 172.16.3.0<br />
BHM(config-router)#exit<br />
On the GAD router:<br />
GAD(config)#interface serial 0<br />
GAD(config-if)#ip address 172.16.1.1 255.255.255.0<br />
GAD(config-if)#exit<br />
GAD(config)#router rip<br />
GAD(config-router)#no network 172.17.0.0<br />
GAD(config-router)#network 172.16.1.0<br />
GAD(config-router)#exit<br />
Task 15: Show the Routing Table for Router GAD<br />
Show the GAD routing table.<br />
GAD#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B <strong>–</strong> BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - c<strong>and</strong>idate default<br />
U - per-user static route, o - ODR, P - periodic downloaded static route<br />
T - traffic engineered route<br />
Gateway of last resort is not set<br />
172.16.0.0/24 is subnetted, 3 subnets<br />
C 172.16.0.0 is directly connected, FastEthernet0<br />
C 172.16.1.0 is directly connected, Serial0<br />
R 172.16.3.0 [120/1] via 172.16.1.2, Serial0<br />
Has the output changed now that you have added a subnetted IP address? Yes<br />
How has it changed?<br />
There are three subnets, two of which are directly connected, <strong>and</strong> the other subnet, 172.16.3.0, is learned<br />
through RIP via interface serial 0.<br />
Task 16: Show the Routing Table for Router BHM<br />
Show the BHM routing table.<br />
BHM#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B <strong>–</strong> BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is not set<br />
172.16.0.0/24 is subnetted, 3 subnets<br />
R 172.16.0.0 [120/1] via 172.16.1.1, 00:00:05, Serial0<br />
C 172.16.1.0 is directly connected, Serial0<br />
C 172.16.3.0 is directly connected, FastEthernet0<br />
Has the output changed now that you have added a subnetted IP address? Yes<br />
Task 17: Change the Host Configurations<br />
Change the host configuration to reflect the new IP addressing scheme of the network.<br />
Host connected to router GAD<br />
IP address: 172.16.0.2<br />
Subnet mask: 255.255.255.0<br />
Default gateway: 172.16.0.1<br />
Host connected to router BHM<br />
IP address: 172.16.3.2<br />
Subnet mask: 255.255.255.0<br />
Default gateway: 172.16.3.1<br />
Chapter 1: Introduction to Classless Routing 63
64 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 18: Ping All Interfaces on the Network from Each Host<br />
Step 1. Could you still ping all of the interfaces on the network from each host? Yes<br />
Step 2. If not, troubleshoot the network <strong>and</strong> ping again.<br />
Task 19: Use show ip route to See Different Routes by Type<br />
Step 1. Enter show ip route connected on the GAD router.<br />
What networks are displayed?<br />
172.16.0.0/24 is subnetted, 3 subnets<br />
C 172.16.0.0 is directly connected, FastEthernet0<br />
C 172.16.1.0 is directly connected, Serial0<br />
What interface is directly connected?<br />
C 172.16.0.0 is directly connected, Ethernet0<br />
C 172.16.1.0 is directly connected, Serial0<br />
Step 2. Enter show ip route rip.<br />
172.16.0.0/24 is subnetted, 3 subnets<br />
R 172.16.3.0 [120/1] via 172.16.1.2, Serial0<br />
Step 3. List the routes in the routing table.<br />
R 172.16.3.0 [120/1] via 172.16.1.2, Serial0<br />
What is the administrative distance? 120<br />
Step 4. Enter show ip route connected on the BHM router.<br />
What networks are displayed?<br />
172.16.0.0/24 is subnetted, 3 subnets<br />
C 172.16.1.0 is directly connected, Serial0<br />
C 172.16.3.0 is directly connected, Ethernet0<br />
What interface is directly connected?<br />
C 172.16.1.0 is directly connected, Serial0<br />
C 172.16.3.0 is directly connected, Ethernet0<br />
Step 5. Enter show ip route rip.<br />
Step 6. List the routes in the routing table<br />
172.16.0.0/24 is subnetted, 3 subnets<br />
R 172.16.0.0 [120/1] via 172.16.1.1, 00:00:15, Serial0<br />
Task 20: Use the show ip protocol Comm<strong>and</strong><br />
Enter the show ip protocol comm<strong>and</strong> on the GAD router.<br />
Routing Protocol is “rip”<br />
Sending updates every 30 seconds, next due in 1 seconds<br />
Invalid after 180 seconds, hold down 180, flushed after 240<br />
Outgoing update filter list for all interfaces is<br />
Incoming update filter list for all interfaces is
Redistributing: rip<br />
Default version control: send version 2, receive version 2<br />
Interface Send Recv Triggered RIP Key-chain<br />
FastEthernet0 2 2<br />
Serial0 2 2<br />
Routing for Networks:<br />
172.16.0.0<br />
Routing Information Sources:<br />
Gateway Distance Last Update<br />
172.17.1.2 120 00:13:21<br />
172.16.1.2 120 00:00:24<br />
172.17.0.2 120 00:35:08<br />
Distance: (default is 120)<br />
When will the routes be flushed? 240 seconds<br />
What is the default distance listed for RIP? 120<br />
Task 21: Remove the Version 2 Option for RIP<br />
Remove the version 2 option on the RIP configuration for both routers.<br />
GAD(config)#router rip<br />
GAD(config-router)#no version 2<br />
GAD(config-router)#exit<br />
BHM(config)#router rip<br />
BHM(config-router)#no version 2<br />
BHM(config-router)#exit<br />
Task 22: Show the Routing Table for Router GAD<br />
Show the GAD routing table.<br />
GAD#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B <strong>–</strong> BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - c<strong>and</strong>idate default<br />
U - per-user static route, o - ODR, P - periodic downloaded static route<br />
T - traffic engineered route<br />
Gateway of last resort is not set<br />
172.16.0.0/24 is subnetted, 3 subnets<br />
C 172.16.0.0 is directly connected, FastEthernet0<br />
C 172.16.1.0 is directly connected, Serial0<br />
R 172.16.3.0 [120/1] via 172.16.1.2, Serial0<br />
Has the output changed now that RIPv2 has been removed? No<br />
Chapter 1: Introduction to Classless Routing 65
66 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 23: Show the Routing Table for Router BHM<br />
Step 1. Show the BHM routing table.<br />
BHM#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B <strong>–</strong> BGP<br />
area<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is not set<br />
172.16.0.0/24 is subnetted, 3 subnets<br />
R 172.16.0.0 [120/1] via 172.16.1.1, 00:00:01, Serial0<br />
C 172.16.1.0 is directly connected, Serial0<br />
C 172.16.3.0 is directly connected, Ethernet0<br />
Has the output changed now that RIPv2 has been removed? No<br />
Step 2. Upon completion of the previous step, log off (by typing exit) <strong>and</strong> turn the router off. Then,<br />
remove <strong>and</strong> store the cables <strong>and</strong> adapter.<br />
Curriculum Lab 1-5: Troubleshooting RIPv2 Using debug<br />
(1.2.6)<br />
Figure 1-35 Topology for Lab 1-5<br />
Straight-Through Cable<br />
Table 1-14 Lab Equipment Configuration<br />
Router Designation Router Name Fast Ethernet 0 Address Interface Type<br />
Serial 0 Address<br />
Router 1 GAD 172.16.0.1 DCE 172.17.1.1<br />
Router 2 BHM 172.18.0.1 DTE 172.17.1.2<br />
The enable secret password for both routers is class.<br />
Router 1 Router 2<br />
Rollover (Console) Cable<br />
Crossover Cable<br />
Serial Cable
The enable, VTY, <strong>and</strong> console password for both routers is cisco.<br />
The subnet mask for both interfaces on both routers is 255.255.0.0.<br />
Objectives<br />
■ Configure RIP Version 2 on both routers.<br />
■ Use debug comm<strong>and</strong>s to verify proper RIP operation <strong>and</strong> analyze data that is transmitted between<br />
routers.<br />
Background/Preparation<br />
Cable a network that is similar to the one in Figure 1-35. You can use any router that meets the interface<br />
requirements in Figure 1-35 (that is, 800, 1600, 1700, 2500, <strong>and</strong> 2600 routers or a combination). Refer to<br />
the information in Appendix A to correctly specify the interface identifiers based on the equipment in your<br />
lab. The 1721 series routers produced the configuration output in this lab. Another router might produce<br />
slightly different output. You should execute the following steps on each router unless you are specifically<br />
instructed otherwise.<br />
Start a HyperTerminal session.<br />
Implement the procedure documented in Appendix C on all routers before you continue with this lab.<br />
Task 1: Configure the Routers<br />
On the routers, configure the hostnames, console, virtual terminal, <strong>and</strong> enable passwords. Next, configure<br />
the serial (IP address <strong>and</strong> clock rate) <strong>and</strong> Fast Ethernet (IP address) interfaces. Finally, configure IP hostnames.<br />
If you have problems performing the basic configuration, refer to Lab 1-2, “Review of Basic<br />
Router Configuration with RIP.” You can also configure optional interface descriptions <strong>and</strong> message of the<br />
day banners. Be sure to save the configurations you just created.<br />
Task 2: Configure the Routing Protocol on Router GAD<br />
Go to the proper comm<strong>and</strong> mode <strong>and</strong> configure RIP routing on the GAD router according to Table 1-14.<br />
Task 3: Save the GAD Router Configuration<br />
Chapter 1: Introduction to Classless Routing 67<br />
Anytime that changes are correctly made to the running configuration, you should save them to the startup<br />
configuration. Otherwise, if you reload or power cycle the router, you will lose the changes that are not in<br />
the startup configuration.<br />
Task 4: Configure the Routing Protocol on Router BHM<br />
Go to the proper comm<strong>and</strong> mode <strong>and</strong> configure RIP routing on the BHM router according to Table 1-14.
68 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 5: Save the BHM Router Configuration<br />
Enter the comm<strong>and</strong> copy run start to save the current running configuration to NVRAM.<br />
Task 6: Configure the Hosts<br />
Configure the hosts with proper IP addresses, subnet masks, <strong>and</strong> default gateways. Document your choices<br />
here:<br />
Host connected to router GAD<br />
IP address: 172.16.0.2<br />
Subnet mask: 255.255.0.0<br />
Default gateway: 172.16.0.1<br />
Host connected to router BHM<br />
IP address: 172.18.0.2<br />
Subnet mask: 255.255.0.0<br />
Default gateway: 172.18.0.1<br />
Task 7: Verify the Internetwork Is Functioning<br />
Step 1. From each router, ping the other router’s Fast Ethernet interface.<br />
Step 2. From the host that is attached to GAD, ping the other host that is attached to the BHM router.<br />
Was the ping successful? Yes<br />
Step 3. From the host that is attached to BHM, ping the other host that is attached to the GAD router.<br />
Was the ping successful? Yes<br />
Step 4. If the answer is no for either question, troubleshoot the router configurations to find the error.<br />
Then, do the pings again until the answer to both questions is yes.<br />
Task 8: Show the debug ip Comm<strong>and</strong> Options<br />
At the privileged EXEC mode prompt, type debug ip ?.<br />
cache IP cache operations<br />
dhcp Dynamic Host Configuration Protocol<br />
eigrp IP-EIGRP information<br />
error IP error debugging<br />
ftp FTP dialogue<br />
html HTML connections<br />
http HTTP connections<br />
icmp ICMP transactions<br />
igrp IGRP information<br />
interface IP interface configuration changes<br />
mpacket IP multicast packet debugging<br />
nat NAT events<br />
ospf OSPF information<br />
packet General IP debugging <strong>and</strong> IPSO security transactions<br />
peer IP peer address activity
policy Policy routing<br />
rip RIP protocol transactions<br />
routing Routing table events<br />
rtp RTP information<br />
security IP security options<br />
socket Socket event<br />
tcp TCP information<br />
tempacl IP temporary ACL<br />
udp UDP based transactions<br />
Which routing protocols have debug comm<strong>and</strong>s?<br />
EIGRP, IGRP, OSPF, <strong>and</strong> RIP have debug comm<strong>and</strong>s.<br />
Task 9: Show the debug ip rip Comm<strong>and</strong> Options<br />
At the privileged EXEC mode prompt, type debug ip rip ?.<br />
database RIP database events<br />
events RIP protocol events<br />
trigger RIP trigger extension<br />
How many options are available for debug ip rip ? 3<br />
Task 10: Show the RIP Routing Updates<br />
Step 1. From enable (privileged EXEC) mode, examine the routing table entries by using the debug ip<br />
rip comm<strong>and</strong> on each router.<br />
What three operations that take place are listed in the RIP debug statements?<br />
Receive routing update, Send an update, <strong>and</strong> Build update entries are listed.<br />
Step 2. Turn off debugging by typing either no debug ip rip or undebug all.<br />
Task 11: Enable RIPv2 Routing on Router GAD Only<br />
Enable version 2 of the RIP routing protocol on the GAD router only.<br />
GAD(config)#router rip<br />
GAD(config-router)#version 2<br />
Task 12: Restart the Debug Function on Router GAD<br />
Does a problem occur now that RIPv2 is configured on the GAD router? Yes<br />
If so, what is the problem?<br />
It does not accept updates from BHM because of the version difference.<br />
RIP: ignored v1 packet from 172.17.1.2 (illegal version)<br />
Chapter 1: Introduction to Classless Routing 69
70 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 13: Clear the Routing Table<br />
Step 1. Instead of waiting for the routes to time out, type clear ip route *. Then type show ip route.<br />
What has happened to the routing table?<br />
The route to 172.18.0.1 is no longer there.<br />
GAD#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter<br />
area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is not set<br />
C 172.17.0.0/16 is directly connected, Serial0<br />
C 172.16.0.0/16 is directly connected, FastEthernet0/0<br />
Will the routing table be updated to include RIP routes if the debug output says the update is<br />
ignored? No<br />
Step 2. Turn off debugging by typing either no debug ip rip or undebug all.<br />
Task 14: Start the Debug RIP Function<br />
Start the debug RIP function on the BHM router again by typing debug ip rip.<br />
Does a problem occur now that the GAD router is configured with RIPv2? No<br />
If so, what is the problem?<br />
There is no problem on BHM because RIPv1 is accepting the RIPv2 updates from GAD.<br />
RIP: received v2 update from 172.17.1.1 on Serial0<br />
172.16.0.0/16 via 0.0.0.0 in 1 hops<br />
Task 15: Clear the Routing Table<br />
Step 1. Instead of waiting for the routes to time out, type clear ip route *. Then type show ip route.<br />
What has happened to the routing table?<br />
Nothing, all routes are still there.<br />
BHM#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP<br />
area<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is not set<br />
C 172.17.0.0/16 is directly connected, Serial0<br />
R 172.16.0.0/16 [120/1] via 172.17.1.1, 00:00:20, Serial0<br />
C 172.18.0.0/16 is directly connected, FastEthernet0/0
Will the routing table be updated to include RIP routes if the update is from RIPv2? Yes<br />
Step 2. Turn off debugging by typing either no debug ip rip or undebug all.<br />
Task 16: Enable RIPv2 Routing on Router BHM<br />
Enable RIPv2 on the BHM router.<br />
BHM(config)#router rip<br />
BHM(config-router)#version 2<br />
Task 17: Use the Debug Function to See Packet Traffic on a<br />
Router<br />
Use the debug function to see packet traffic on the BHM router by typing debug ip packet at the privileged<br />
EXEC mode prompt.<br />
When a RIP update is sent, how many source addresses are used? 2<br />
Why are multiple source addresses used?<br />
One is used for each network the router will send <strong>and</strong> receive updates with.<br />
What is the source address that is used?<br />
172.16.0.1 <strong>and</strong> 172.17.1.1<br />
Why is this address used?<br />
It is the originating interface from which the packet is sent.<br />
Task 18: Start the debug ip rip database Function on Router BHM<br />
Step 1. Start the RIP database debugging by typing debug ip rip database. Then, clear the routing<br />
table by typing clear ip route *.<br />
Are the old routes in the table deleted? Yes<br />
Are new routes added back into the table? Yes<br />
What does the last entry in the debug output say?<br />
RIP-DB: adding 172.16.0.0/16 (metric 1) via 172.17.1.1 on Serial0 to RIP database.<br />
Step 2. Turn off debugging by typing either no debug ip rip or undebug all.<br />
Task 19: Use the Debug Function to See Routing Updates<br />
Step 1. Use the debug function to see routing updates by typing debug ip rip events in privileged<br />
EXEC mode on the BHM router.<br />
What interfaces are the routing updates sent on?<br />
Fast Ethernet 0/0 <strong>and</strong> serial 0.<br />
How many routes are in the routing updates that are being sent? 2<br />
Chapter 1: Introduction to Classless Routing 71<br />
Step 2. Upon completion of the previous steps, log off (by typing exit) <strong>and</strong> turn the router off. Then,<br />
remove <strong>and</strong> store the cables <strong>and</strong> adapter.
72 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Comprehensive Lab 1-6: Default Routing <strong>and</strong> RIPv2<br />
Figure 1-36 Default Routing <strong>and</strong> RIPv2 Topology<br />
192.168.1.128/26<br />
Address Space<br />
192.168.1.0/24<br />
S0/0<br />
DCE<br />
Table 1-15 Addressing Scheme<br />
192.168.1.0/26<br />
S0/0<br />
Fa0/0<br />
RTA<br />
RIPv2<br />
Fa0/0 Fa0/0<br />
RTC<br />
S0/1<br />
192.168.1.248/30 S0/0<br />
DCE<br />
RTB<br />
Device Interface IP Address Subnet Mask<br />
S0/1<br />
DCE<br />
192.168.1.252/30 192.168.1.244/30<br />
ISP S0/0 209.165.201.1 255.255.255.252<br />
Lo0/0 209.165.202.129 255.255.255.252<br />
RTA Fa0/0 192.168.1.1 255.255.255.192<br />
S1/0 209.165.201.2 255.255.255.252<br />
S0/1 192.168.1.245 255.255.255.252<br />
S0/0 192.168.1.254 255.255.255.252<br />
RTB S0/1 192.168.1.246 255.255.255.192<br />
Fa0/0 192.168.1.65 255.255.255.192<br />
S0/0 192.168.1.249 255.255.255.252<br />
RTC S0/1 192.168.1.250 255.255.255.252<br />
S1/0<br />
209.165.201.2/30<br />
209.165.201.1/30<br />
S0/0<br />
DCE<br />
Fa0/0 192.168.1.129 255.255.255.192<br />
S0/0 192.168.1.253 255.255.255.252<br />
S0/1<br />
192.168.1.64/26<br />
ISP<br />
Public Web Server<br />
209.165.202.129/32
Objectives<br />
■ Review basic router configurations.<br />
■ Configure RIPv2.<br />
■ Configure static <strong>and</strong> default routing.<br />
■ Verify connectivity <strong>and</strong> troubleshoot problems.<br />
Equipment<br />
The topology shown in Figure 1-36 is using 2600 series routers. This lab can be done with any combination<br />
of 1700, 2500, <strong>and</strong> 2600 series routers. If a router with three serial interfaces is not available, you can<br />
use a router with two Ethernet interfaces <strong>and</strong> attach the ISP router through the Ethernet interfaces. If a<br />
router with four interfaces is not available, you can simulate the LAN off of RTA with a loopback instead<br />
of using the Ethernet interface.<br />
NetLab Compatibility Notes<br />
Most of this lab can be completed on a st<strong>and</strong>ard NetLab three router pod. To simulate the ISP connection,<br />
simply configure a loopback address. However, you will not be able to test connectivity to the Public Web<br />
Server.<br />
Task 1: Cable the Topology <strong>and</strong> Basic Configurations<br />
Step 1. Cable the topology as shown in Figure 1-36. If DCE/DTE connections <strong>and</strong> interfaces are different<br />
from those shown in Figure 1-36 <strong>and</strong> Table 1-15, relabel the figure to match your connections.<br />
Step 2. Configure the routers with basic router configurations, including:<br />
■ Hostnames <strong>and</strong> host tables<br />
■ Enable secret password <strong>and</strong> MOTD banner<br />
■ Line configurations<br />
■ IOS-specific comm<strong>and</strong>s (e.g. ip subnet-zero with IOS versions prior to 12)<br />
Router(config)#hostname RTA<br />
RTA(config)#ip subnet-zero<br />
RTA(config)#no ip domain-lookup<br />
RTA(config)#ip host WEB 209.165.202.129<br />
RTA(config)#ip host ISP 209.165.201.1<br />
RTA(config)#ip host RTC 192.168.1.253 192.168.1.254<br />
RTA(config)#ip host RTB 192.168.1.246 192.168.1.249<br />
RTA(config)#banner motd &<br />
***********************************<br />
!!!AUTHORIZED ACCESS ONLY!!!<br />
***********************************<br />
&<br />
RTA(config)#line con 0<br />
RTA(config-line)#exec-timeout 30 0<br />
RTA(config-line)#password cisco<br />
RTA(config-line)#logging synchronous<br />
RTA(config-line)#login<br />
RTA(config-line)#ine aux 0<br />
RTA(config-line)#exec-timeout 30 0<br />
Chapter 1: Introduction to Classless Routing 73
74 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
RTA(config-line)#password cisco<br />
RTA(config-line)#logging synchronous<br />
RTA(config-line)#login<br />
RTA(config-line)#line vty 0 4<br />
RTA(config-line)#exec-timeout 30 0<br />
RTA(config-line)#password cisco<br />
RTA(config-line)#logging synchronous<br />
RTA(config-line)#login<br />
RTA(config-line)#end<br />
RTA#copy run start<br />
Task 2: Configure Interfaces <strong>and</strong> Enable RIPv2<br />
Step 1. Use Table 1-15 <strong>and</strong> the topology shown in Figure 1-37 to configure each router with the correct<br />
interface addresses.<br />
RTA(config)#interface FastEthernet0/0<br />
RTA(config-if)#description Link to RTA LAN<br />
RTA(config-if)#ip address 192.168.1.1 255.255.255.192<br />
RTA(config-if)#no shutdown<br />
RTA(config-if)#interface Serial0/0<br />
RTA(config-if)#description Link to RTC<br />
RTA(config-if)#ip address 192.168.1.254 255.255.255.252<br />
RTA(config-if)#no shutdown<br />
RTA(config-if)#interface Serial0/1<br />
RTA(config-if)#description Link to RTB<br />
RTA(config-if)#ip address 192.168.1.245 255.255.255.252<br />
RTA(config-if)#clockrate 64000<br />
RTA(config-if)#no shutdown<br />
RTA(config)#interface Serial1/0<br />
RTA(config-if)#description Link to ISP<br />
RTA(config-if)#ip address 209.165.201.2 255.255.255.252<br />
RTA(config-if)#no shutdown<br />
Step 2. If you are not using a router with four interfaces for RTA, you need to simulate ISP. To simulate<br />
an ISP connection, use the following configuration on RTA:<br />
RTA(config)#interface Loopback0<br />
RTA(config-if)#description Simulated Link to ISP<br />
RTA(config-if)#ip address 209.165.201.2 255.255.255.252<br />
Step 3. Configuring RIPv2 requires adding the version 2 comm<strong>and</strong> after entering RIP routing configuration<br />
mode. With RIPv2, auto-summary is enabled by default, so you need to add the no<br />
auto-summary comm<strong>and</strong>. All connected networks participating in RIP are defined with the<br />
network comm<strong>and</strong> in the form of classful networks. In this case, you only need to add the<br />
192.168.1.0 network. Do not configure the ISP link as part of RIP.<br />
RTA(config)#router rip<br />
RTA(config-router)#version 2<br />
RTA(config-router)#network 192.168.1.0<br />
RTA(config-router)#no auto-summary
Task 3: Verify Connectivity<br />
Step 1. You should now have full connectivity between RTA, RTB, <strong>and</strong> RTC. Issue the show ip route<br />
comm<strong>and</strong> to verify full convergence.<br />
Routing table on RTA:<br />
RTA#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter<br />
area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is not set<br />
209.165.201.0/30 is subnetted, 1 subnets<br />
C 209.165.201.0 is directly connected, Serial1/0<br />
192.168.1.0/24 is variably subnetted, 6 subnets, 2 masks<br />
R 192.168.1.64/26 [120/1] via 192.168.1.246, 00:00:25, Serial0/1<br />
C 192.168.1.0/26 is directly connected, FastEthernet0/0<br />
R 192.168.1.248/30 [120/1] via 192.168.1.246, 00:00:25, Serial0/1<br />
[120/1] via 192.168.1.253, 00:00:04, Serial0/0<br />
C 192.168.1.252/30 is directly connected, Serial0/0<br />
C 192.168.1.244/30 is directly connected, Serial0/1<br />
R 192.168.1.128/26 [120/1] via 192.168.1.253, 00:00:06, Serial0/0<br />
Step 2. Notice that RTA has four connected routes (including the connected route to ISP) <strong>and</strong> three<br />
RIP routes. RTB <strong>and</strong> RTC should both have three connected routes <strong>and</strong> three RIP routes.<br />
Step 3. Pings sourced from any router to a LAN interface on another router should succeed. Make sure<br />
each router can ping the LAN interfaces of the other two routers. RTA pings to RTB <strong>and</strong> RTC<br />
LAN interfaces are shown here:<br />
RTA#ping 192.168.1.65<br />
Chapter 1: Introduction to Classless Routing 75<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 192.168.1.65, timeout is 2 seconds:<br />
!!!!!<br />
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms<br />
RTA#ping 192.168.1.129<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 192.168.1.129, timeout is 2 seconds:<br />
!!!!!<br />
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms
76 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 4: Add ISP Router<br />
Step 1. If you are not simulating the ISP router, configure ISP with the following script:<br />
Router(config)#hostname ISP<br />
ISP(config)#enable secret class<br />
ISP(config)#no ip domain-lookup<br />
ISP(config)#ip host RTA 209.165.201.1<br />
ISP(config)#interface Loopback0<br />
ISP(config-if)#description Public Web Server<br />
ISP(config-if)#ip address 209.165.202.129 255.255.255.255<br />
ISP(config-if)#interface Serial0<br />
ISP(config-if)#description Link to RTA<br />
ISP(config-if)#ip address 209.165.201.1 255.255.255.252<br />
ISP(config-if)#clockrate 64000<br />
ISP(config-if)#no shutdown<br />
ISP(config-if)#exit<br />
ISP(config)#banner motd &<br />
***********************************<br />
!!!AUTHORIZED ACCESS ONLY!!!<br />
***********************************<br />
&<br />
ISP(config)#line con 0<br />
ISP(config-line)#exec-timeout 30 0<br />
ISP(config-line)#password cisco<br />
ISP(config-line)#logging synchronous<br />
ISP(config-line)#login<br />
ISP(config-line)#line aux 0<br />
ISP(config-line)#exec-timeout 30 0<br />
ISP(config-line)#password cisco<br />
ISP(config-line)#logging synchronous<br />
ISP(config-line)#login<br />
ISP(config-line)#line vty 0 4<br />
ISP(config-line)#exec-timeout 30 0<br />
ISP(config-line)#password cisco<br />
ISP(config-line)#logging synchronous<br />
ISP(config-line)#login<br />
ISP(config-line)#end<br />
ISP#copy run start<br />
Step 2. Verify that ISP can now ping the 209.165.201.2 interface on RTA.<br />
ISP#ping RTA<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 209.165.201.2, timeout is 2 seconds:<br />
!!!!!<br />
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms<br />
RTA will not be able to ping the Public Web Server <strong>and</strong> ISP will not be able to ping beyond the<br />
209.165.201.2 interface of RTA. Why?<br />
The routing table on ISP shows only two directly connected networks. ISP can ping RTA<br />
directly because ISP has a route to the 209.165.201.0/30 network in its routing table. RTA can<br />
reply for the same reason. But RTA does not have a route to host 209.165.202.129/32, nor does
RTA have a default route. ISP cannot ping any of the addresses inside the 192.168.1.0/24<br />
address space because it does not have a route. RTA needs a default route pointing to ISP, <strong>and</strong><br />
ISP needs a static route pointing to the 192.168.1.0/24 address space.<br />
Task 5: Configure Static <strong>and</strong> Default Routing<br />
Step 1. For ISP to be able to send Echo replies back to hosts belonging to the 192.168.1.0/24 address<br />
space, it must have a route. Use the following comm<strong>and</strong> on ISP to configure a static route<br />
pointing to the 192.168.1.0/24 address space:<br />
ISP(config)#ip route 192.168.1.0 255.255.255.0 209.165.201.2<br />
Step 2. Now ISP can route back to any host belonging to 192.168.1.0/24. However, RTA, RTB, <strong>and</strong><br />
RTC do not yet have a route for any address space other than 192.168.1.0/24. Because ISP represents<br />
the connection to the rest of the world, you need to configure default routing. A router<br />
without a more specific route in the routing table will send traffic to the default route. Use the<br />
following comm<strong>and</strong> on RTA to configure a default route:<br />
RTA(config)#ip route 0.0.0.0 0.0.0.0 209.165.201.1<br />
Step 3. If you are simulating ISP, use the following comm<strong>and</strong> to configure a default route:<br />
RTA(config)#ip route 0.0.0.0 0.0.0.0 Loopback0<br />
Step 4. Now RTA should be able to ping the Public Web Server. However, RTB <strong>and</strong> RTC still cannot<br />
ping outside the 192.168.1.0/24 address space. The reason is that RTA does not advertise the<br />
default route unless specifically configured to do so. Use the following comm<strong>and</strong> with RIP to<br />
propagate a default route to RTB <strong>and</strong> RTC in the RIP updates:<br />
RTA(config)#router rip<br />
RTA(config-router)#default-information originate<br />
Note: With RIP routing, depending on the platform <strong>and</strong> IOS version, you may need to reload the router that is propagating<br />
the default route before the default route will be sent in routing updates.<br />
Task 6: Verify Connectivity <strong>and</strong> Capture Scripts<br />
Chapter 1: Introduction to Classless Routing 77<br />
Step 1. Verify that all routers now have a default route <strong>and</strong> can ping the Public Web Server.<br />
Note: If you are simulating ISP, test by pinging the loopback interface, 209.165.201.2 on RTA.<br />
RTA>show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter<br />
area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is 209.165.201.1 to network 0.0.0.0<br />
209.165.201.0/30 is subnetted, 1 subnets<br />
C 209.165.201.0 is directly connected, Serial1/0<br />
192.168.1.0/24 is variably subnetted, 6 subnets, 2 masks
78 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
R 192.168.1.64/26 [120/1] via 192.168.1.246, 00:00:15, Serial0/1<br />
C 192.168.1.0/26 is directly connected, FastEthernet0/0<br />
R 192.168.1.248/30 [120/1] via 192.168.1.253, 00:00:15, Serial0/0<br />
[120/1] via 192.168.1.246, 00:00:15, Serial0/1<br />
C 192.168.1.252/30 is directly connected, Serial0/0<br />
C 192.168.1.244/30 is directly connected, Serial0/1<br />
R 192.168.1.128/26 [120/1] via 192.168.1.253, 00:00:16, Serial0/0<br />
S* 0.0.0.0/0 [1/0] via 209.165.201.1<br />
RTA>ping WEB<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 209.165.202.129, timeout is 2 seconds:<br />
!!!!!<br />
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/38/56 ms<br />
RTB>show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter<br />
area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is 192.168.1.245 to network 0.0.0.0<br />
192.168.1.0/24 is variably subnetted, 6 subnets, 2 masks<br />
C 192.168.1.64/26 is directly connected, FastEthernet0/0<br />
R 192.168.1.0/26 [120/1] via 192.168.1.245, 00:00:13, Serial0/1<br />
C 192.168.1.248/30 is directly connected, Serial0/0<br />
R 192.168.1.252/30 [120/1] via 192.168.1.250, 00:00:04, Serial0/0<br />
[120/1] via 192.168.1.245, 00:00:13, Serial0/1<br />
C 192.168.1.244/30 is directly connected, Serial0/1<br />
R 192.168.1.128/26 [120/1] via 192.168.1.250, 00:00:04, Serial0/0<br />
R* 0.0.0.0/0 [120/1] via 192.168.1.245, 00:00:13, Serial0/1<br />
RTB>ping WEB<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 209.165.202.129, timeout is 2 seconds:<br />
!!!!!<br />
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/38/56 ms<br />
RTC>show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
area<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is 192.168.1.254 to network 0.0.0.0<br />
192.168.1.0/24 is variably subnetted, 6 subnets, 2 masks<br />
R 192.168.1.64/26 [120/1] via 192.168.1.249, 00:00:24, Serial0/1<br />
R 192.168.1.0/26 [120/1] via 192.168.1.254, 00:00:04, Serial0/0<br />
C 192.168.1.248/30 is directly connected, Serial0/1<br />
C 192.168.1.252/30 is directly connected, Serial0/0<br />
R 192.168.1.244/30 [120/1] via 192.168.1.249, 00:00:24, Serial0/1<br />
[120/1] via 192.168.1.254, 00:00:04, Serial0/0<br />
C 192.168.1.128/26 is directly connected, FastEthernet0/0<br />
R* 0.0.0.0/0 [120/1] via 192.168.1.254, 00:00:04, Serial0/0<br />
RTC>ping WEB<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 209.165.202.129, timeout is 2 seconds:<br />
!!!!!<br />
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/38/56 ms<br />
Step 2. Troubleshoot, if necessary, to obtain output similar to the preceding output.<br />
Step 3. When finished, capture your scripts for your records <strong>and</strong> erase/reload the routers.<br />
The following are the ending scripts for this lab tested on NetLab using the 2600 platform with IOS version<br />
12.1(22a):<br />
RTA with connection to ISP router:<br />
hostname RTA<br />
!<br />
enable secret class<br />
!<br />
ip subnet-zero<br />
no ip domain-lookup<br />
ip host RTB 192.168.1.246 192.168.1.249<br />
ip host RTC 192.168.1.253 192.168.1.254<br />
ip host ISP 209.165.201.1<br />
ip host WEB 209.165.202.129<br />
!<br />
interface FastEthernet0/0<br />
!<br />
description Link to RTA LAN<br />
ip address 192.168.1.1 255.255.255.192<br />
no shutdown<br />
Chapter 1: Introduction to Classless Routing 79
80 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
interface Serial0/0<br />
!<br />
description Link to RTC<br />
ip address 192.168.1.254 255.255.255.252<br />
no shutdown<br />
interface Serial0/1<br />
!<br />
description Link to RTB<br />
ip address 192.168.1.245 255.255.255.252<br />
clockrate 64000<br />
no shutdown<br />
interface Serial1/0<br />
!<br />
description Link to ISP<br />
ip address 209.165.201.2 255.255.255.252<br />
no shutdown<br />
router rip<br />
!<br />
version 2<br />
network 192.168.1.0<br />
default-information originate<br />
no auto-summary<br />
ip classless<br />
ip route 0.0.0.0 0.0.0.0 209.165.201.1<br />
!<br />
banner motd &<br />
***********************************<br />
!!!AUTHORIZED ACCESS ONLY!!!<br />
***********************************<br />
&<br />
!<br />
line con 0<br />
exec-timeout 30 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line aux 0<br />
exec-timeout 30 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
exec-timeout 30 0<br />
password cisco
!<br />
logging synchronous<br />
login<br />
end<br />
RTA with simulated ISP:<br />
hostname RTA<br />
!<br />
enable secret class<br />
!<br />
ip subnet-zero<br />
no ip domain-lookup<br />
ip host RTB 192.168.1.246 192.168.1.249<br />
ip host RTC 192.168.1.253 192.168.1.254<br />
ip host ISP 209.165.201.2<br />
!<br />
interface Loopback0<br />
!<br />
description Simulated Link to ISP<br />
ip address 209.165.201.2 255.255.255.252<br />
interface FastEthernet0/0<br />
!<br />
description Link to RTA LAN<br />
ip address 192.168.1.1 255.255.255.192<br />
no shutdown<br />
interface Serial0/0<br />
!<br />
description Link to RTC<br />
ip address 192.168.1.254 255.255.255.252<br />
clockrate 64000<br />
no shutdown<br />
interface Serial0/1<br />
!<br />
description Link to RTB<br />
ip address 192.168.1.245 255.255.255.252<br />
clockrate 64000<br />
no shutdown<br />
router rip<br />
!<br />
version 2<br />
network 192.168.1.0<br />
default-information originate<br />
no auto-summary<br />
ip classless<br />
ip route 0.0.0.0 0.0.0.0 Loopback0<br />
!<br />
Chapter 1: Introduction to Classless Routing 81
82 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
banner motd &<br />
***********************************<br />
!!!AUTHORIZED ACCESS ONLY!!!<br />
***********************************<br />
&<br />
!<br />
line con 0<br />
exec-timeout 30 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line aux 0<br />
exec-timeout 30 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
!<br />
exec-timeout 30 0<br />
password cisco<br />
logging synchronous<br />
login<br />
end<br />
RTB configuration:<br />
hostname RTB<br />
!<br />
enable secret class<br />
!<br />
ip subnet-zero<br />
no ip domain-lookup<br />
ip host RTA 192.168.1.245 192.168.1.254<br />
ip host RTC 192.168.1.250 192.168.1.253<br />
ip host ISP 209.165.201.1<br />
ip host WEB 209.165.202.129<br />
!——————————————————————<br />
!If using a simulated ISP, use the following<br />
!instead of the above ‘ISP’ <strong>and</strong> ‘WEB’:<br />
!ip host ISP 209.165.201.2<br />
!——————————————————————<br />
!<br />
interface FastEthernet0/0<br />
description Link to RTB LAN<br />
ip address 192.168.1.65 255.255.255.192
!<br />
no shutdown<br />
interface Serial0/0<br />
!<br />
description Link to RTC<br />
ip address 192.168.1.249 255.255.255.252<br />
clockrate 64000<br />
no shutdown<br />
interface Serial0/1<br />
!<br />
description Link to RTA<br />
ip address 192.168.1.246 255.255.255.252<br />
no shutdown<br />
router rip<br />
!<br />
version 2<br />
network 192.168.1.0<br />
no auto-summary<br />
ip classless<br />
!<br />
banner motd &<br />
***********************************<br />
!!!AUTHORIZED ACCESS ONLY!!!<br />
***********************************<br />
&<br />
!<br />
line con 0<br />
exec-timeout 30 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line aux 0<br />
exec-timeout 30 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
!<br />
exec-timeout 30 0<br />
password cisco<br />
logging synchronous<br />
login<br />
end<br />
Chapter 1: Introduction to Classless Routing 83
84 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
RTC configuration:<br />
hostname RTC<br />
!<br />
enable secret class<br />
!<br />
ip subnet-zero<br />
no ip domain-lookup<br />
ip host RTA 192.168.1.254 192.168.1.245<br />
ip host RTB 192.168.1.249 192.168.1.246<br />
ip host ISP 209.165.201.1<br />
ip host WEB 209.165.202.129<br />
!——————————————————————<br />
!If using a simulated ISP, use the following<br />
!instead of the above ‘ISP’ <strong>and</strong> ‘WEB’:<br />
!ip host ISP 209.165.201.2<br />
!——————————————————————<br />
!<br />
interface FastEthernet0/0<br />
!<br />
description Link to RTC LAN<br />
ip address 192.168.1.129 255.255.255.192<br />
no shutdown<br />
interface Serial0/0<br />
!<br />
description Link to RTA<br />
ip address 192.168.1.253 255.255.255.252<br />
no shutdown<br />
interface Serial0/1<br />
!<br />
description Link to RTB<br />
ip address 192.168.1.250 255.255.255.252<br />
no shutdown<br />
router rip<br />
!<br />
version 2<br />
network 192.168.1.0<br />
no auto-summary<br />
ip classless<br />
!<br />
banner motd &<br />
***********************************<br />
!!!AUTHORIZED ACCESS ONLY!!!<br />
***********************************<br />
&
!<br />
line con 0<br />
exec-timeout 30 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line aux 0<br />
exec-timeout 30 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
!<br />
exec-timeout 30 0<br />
password cisco<br />
logging synchronous<br />
login<br />
end<br />
Challenge Lab 1-7: VLSM Design, RIPv2, <strong>and</strong> Default<br />
Routing<br />
Figure 1-37 VLSM Design, RIPv2, <strong>and</strong> Default Routing Topology<br />
10.1.8.0/25<br />
10.1.8.128/25<br />
10.1.9.0/25<br />
10.1.9.128/25<br />
Address Space<br />
10.1.0.0/20<br />
Lo1<br />
Lo2<br />
Lo3<br />
Lo4<br />
RTB<br />
S0/1<br />
Chapter 1: Introduction to Classless Routing 85<br />
Public Web Server<br />
209.165.202.129/30<br />
ISP<br />
S0/1<br />
DCE<br />
209.165.201.1/30<br />
209.165.201.2/30<br />
S0/1<br />
172.16.1.0/30 S0/0<br />
DCE<br />
RTA<br />
Lo1<br />
Lo2<br />
Lo3<br />
Lo4<br />
10.1.0.0/25<br />
10.1.0.128/25<br />
10.1.1.0/25<br />
10.1.1.128/25
86 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Table 1-16 Addressing Scheme<br />
Device Interface IP Address Subnet Mask<br />
ISP S0/0 209.165.201.1 255.255.255.252<br />
Lo0/0 209.165.202.129 255.255.255.252<br />
RTA S0/1 209.165.201.2 255.255.255.252<br />
S0/0 172.16.1.1 255.255.255.252<br />
Lo1 10.1.0.1 255.255.255.128<br />
Lo2 10.1.0.129 255.255.255.128<br />
Lo3 10.1.1.1 255.255.255.128<br />
Lo4 10.1.1.129 255.255.255.128<br />
RTB S0/1 172.16.1.2 255.255.255.252<br />
Objectives<br />
■ Design a scalable addressing scheme.<br />
Lo1 10.1.8.1 255.255.255.128<br />
Lo2 10.1.8.129 255.255.255.128<br />
Lo3 10.1.9.1 255.255.255.128<br />
Lo4 10.1.9.129 255.255.255.128<br />
■ Configure routers with basic configurations using your addressing scheme.<br />
■ Configure dynamic, static, <strong>and</strong> default routing.<br />
■ Verify connectivity <strong>and</strong> troubleshoot problems.<br />
Equipment<br />
The topology shown in Figure 1-37 uses 2600 series routers. This lab can be done with any combination of<br />
1700, 2500, <strong>and</strong> 2600 series routers.<br />
NetLab Compatibility Notes<br />
This lab can be completed on a st<strong>and</strong>ard NetLab three router pod.<br />
Task 1: Design the Addressing Scheme<br />
You are given the address space, 10.1.0.0/20. The loopback interfaces on RTA <strong>and</strong> RTB are used to simulate<br />
different areas of the network. Although each loopback interface could be one LAN or a group of<br />
LANs summarized in one routing update, this discussion simply refers to each loopback interface as a simulated<br />
LAN.<br />
Design an addressing scheme by following these requirements:<br />
Step 1. RTA <strong>and</strong> RTB will share the 10.1.0.0/20 address space equally. Split the address space into two<br />
equal subnets. Record your subnets with prefix notation in the space provided.<br />
10.1.8.0/21 10.1.0.0/21<br />
Address space for RTB Address space for RTA
Step 2. Each simulated LAN requires a minimum of 100 host addresses. Subnet the address space for<br />
both RTA <strong>and</strong> RTB, maximizing the total number of subnets while still providing enough host<br />
addresses for each simulated LAN. You will use the first four subnets in each address space.<br />
Record your subnets with prefix notation in the space provided.<br />
Subnets for RTA LANs Subnets for RTB LANs<br />
Lo1 10.1.8.0/25 Lo1 10.1.0.0/25<br />
Lo2 10.1.8.128/25 Lo1 10.1.0.128/25<br />
Lo3 10.1.9.0/25 Lo1 10.1.1.0/25<br />
Lo4 10.1.9.128/25 Lo1 10.1.1.128/25<br />
Step 3. Now label the topology with your subnets <strong>and</strong> finish filling in the addressing table. Make sure<br />
you record the subnet masks in dotted-decimal format.<br />
Step 4. If required, obtain your instructor’s approval before proceeding.<br />
Instructor Initials _______________<br />
Task 2: Cable the Topology <strong>and</strong> Basic Configurations<br />
Step 1. Cable the topology as shown in Figure 1-37.<br />
Step 2. Configure the routers with basic router configurations, including<br />
■ Hostnames <strong>and</strong> host tables<br />
■ Enable secret password <strong>and</strong> MOTD banner<br />
■ Line configurations<br />
■ IOS-specific comm<strong>and</strong>s (that is, ip subnet-zero with IOS versions prior to 12)<br />
See the scripts at the end of this lab for recommended configurations.<br />
Task 3: Configure the Interfaces <strong>and</strong> Enable RIPv2<br />
Step 1. Configure all interfaces, including the loopbacks, according to your addressing scheme.<br />
Step 2. Configure RIPv2 on RTA <strong>and</strong> RTB. Make sure to add the 172.16.0.0 network to RIP configuration<br />
on both RTA <strong>and</strong> RTB. Do not configure RIP on ISP. Do not add the 209.165.201.0/30<br />
network to the RIP configuration on RTA.<br />
See the scripts at the end of the lab for recommended configurations.<br />
Task 4: Configure Static <strong>and</strong> Default Routing<br />
Step 1. ISP needs two static routes: one pointing to the 10.1.0.0/20 address space <strong>and</strong> one pointing to<br />
the 172.16.1.0/30 address space. Configure ISP with these static routes.<br />
ISP(config)#ip route 10.1.0.0 255.255.240.0 209.165.201.2<br />
ISP(config)#ip route 172.16.1.0 255.255.255.252 209.165.201.2<br />
Step 2. RTA needs a default route point to ISP. Configure RTA with a default route.<br />
RTA(config)#ip route 0.0.0.0 0.0.0.0 209.165.201.1<br />
Chapter 1: Introduction to Classless Routing 87
88 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Step 3. RTA needs to send RTB the default router. Configure RTA to originate default information<br />
within the RIP routing process. Refer to Lab 1-6, if you need help.<br />
RTA(config-router)#default-information originate<br />
Note: With RIP routing, you must reload the router that is propagating the default route before the default route will<br />
be sent in routing updates.<br />
Task 5: Verify Connectivity<br />
Step 1. Verify that all routers now have a default route <strong>and</strong> can ping the Public Web Server. The routing<br />
tables should have all the routes shown in the following output:<br />
Routing Table for ISP:<br />
Gateway of last resort is not set<br />
172.16.0.0/30 is subnetted, 1 subnets<br />
S 172.16.1.0 [1/0] via 209.165.201.2<br />
209.165.201.0/30 is subnetted, 1 subnets<br />
C 209.165.201.0 is directly connected, Serial0/1<br />
209.165.202.0/32 is subnetted, 1 subnets<br />
C 209.165.202.129 is directly connected, Loopback0<br />
10.0.0.0/20 is subnetted, 1 subnets<br />
S 10.1.0.0 [1/0] via 209.165.201.2<br />
Routing Table for RTA:<br />
Gateway of last resort is 209.165.201.1 to network 0.0.0.0<br />
172.16.0.0/30 is subnetted, 1 subnets<br />
C 172.16.1.0 is directly connected, Serial0/0<br />
209.165.201.0/30 is subnetted, 1 subnets<br />
C 209.165.201.0 is directly connected, Serial0/1<br />
10.0.0.0/25 is subnetted, 8 subnets<br />
R 10.1.9.0 [120/1] via 172.16.1.2, 00:00:26, Serial0/0<br />
R 10.1.8.0 [120/1] via 172.16.1.2, 00:00:26, Serial0/0<br />
C 10.1.1.0 is directly connected, Loopback3<br />
C 10.1.0.0 is directly connected, Loopback1<br />
R 10.1.9.128 [120/1] via 172.16.1.2, 00:00:27, Serial0/0<br />
R 10.1.8.128 [120/1] via 172.16.1.2, 00:00:27, Serial0/0<br />
C 10.1.1.128 is directly connected, Loopback4<br />
C 10.1.0.128 is directly connected, Loopback2<br />
S* 0.0.0.0/0 [1/0] via 209.165.201.1<br />
Routing Table for RTB:<br />
Gateway of last resort is 172.16.1.1 to network 0.0.0.0<br />
172.16.0.0/30 is subnetted, 1 subnets<br />
C 172.16.1.0 is directly connected, Serial0/1<br />
10.0.0.0/25 is subnetted, 8 subnets<br />
C 10.1.9.0 is directly connected, Loopback3<br />
C 10.1.8.0 is directly connected, Loopback1<br />
R 10.1.1.0 [120/1] via 172.16.1.1, 00:00:20, Serial0/1<br />
R 10.1.0.0 [120/1] via 172.16.1.1, 00:00:20, Serial0/1<br />
C 10.1.9.128 is directly connected, Loopback4
C 10.1.8.128 is directly connected, Loopback2<br />
R 10.1.1.128 [120/1] via 172.16.1.1, 00:00:21, Serial0/1<br />
R 10.1.0.128 [120/1] via 172.16.1.1, 00:00:21, Serial0/1<br />
R* 0.0.0.0/0 [120/1] via 172.16.1.1, 00:00:21, Serial0/1<br />
Step 2. Troubleshoot, if necessary, to obtain output similar to the preceding output.<br />
Step 3. Once finished, capture your scripts for your records <strong>and</strong> erase/reload the routers.<br />
Task 6: Challenge<br />
Looking forward to your studies of EIGRP, you will learn that it is possible to reduce the size of the routing<br />
tables on RTA <strong>and</strong> RTB by configuring EIGRP to summarize the simulated LANs into one route.<br />
What summary route would you configure on RTB to send to RTA? Record the summary route with the<br />
correct prefix length here:<br />
10.1.8.0/21<br />
What summary route would you configure on RTA to send to RTB? Record the summary route with the<br />
correct prefix length here:<br />
10.1.0.0/21<br />
What interface would send the summary on RTB?<br />
Serial 0/1<br />
What interface would send the summary on RTA?<br />
Serial 0/0<br />
Now use the Cisco IOS help facility to discover a comm<strong>and</strong> you can use to configure a summary route. To<br />
get you started on RTA, enter interface configuration mode for the interface attached to RTB. Then enter<br />
ip ?. Can you find an ip comm<strong>and</strong> that looks like a summary route? Continue to use the help facility to<br />
discover all the parameters <strong>and</strong> configure your summary route.<br />
You may want to help the students through this process of discovering additional features of the IOS by<br />
using the help facility. The following output shows how this discovery process might occur:<br />
RTA(config)#interface s0/0<br />
RTA(config-if)#ip ?<br />
Interface IP configuration subcomm<strong>and</strong>s:<br />
access-group Specify access control for packets<br />
accounting Enable IP accounting on this interface<br />
address Set the IP address of an interface<br />
audit Apply IDS audit name<br />
auth-proxy Apply authenticaton proxy<br />
authentication authentication subcomm<strong>and</strong>s<br />
b<strong>and</strong>width-percent Set EIGRP b<strong>and</strong>width limit<br />
bgp BGP interface comm<strong>and</strong>s<br />
broadcast-address Set the broadcast address of an interface<br />
cef Cisco Express Fowarding interface comm<strong>and</strong>s<br />
cgmp Enable/disable CGMP<br />
directed-broadcast Enable forwarding of directed broadcasts<br />
dvmrp DVMRP interface comm<strong>and</strong>s<br />
hello-interval Configures IP-EIGRP hello interval<br />
Chapter 1: Introduction to Classless Routing 89
90 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
helper-address Specify a destination address for UDP broadcasts<br />
hold-time Configures IP-EIGRP hold time<br />
igmp IGMP interface comm<strong>and</strong>s<br />
inspect Apply inspect name<br />
irdp ICMP Router Discovery Protocol<br />
load-sharing Style of load sharing<br />
mask-reply Enable sending ICMP Mask Reply messages<br />
mobile Mobile IP support<br />
mrm Configure IP Multicast Routing Monitor tester<br />
mroute-cache Enable switching cache for incoming multicast packets<br />
mtu Set IP Maximum Transmission Unit<br />
multicast IP multicast interface comm<strong>and</strong>s<br />
nat NAT interface comm<strong>and</strong>s<br />
nhrp NHRP interface subcomm<strong>and</strong>s<br />
ospf OSPF interface comm<strong>and</strong>s<br />
pgm PGM Reliable Transport Protocol<br />
pim PIM interface comm<strong>and</strong>s<br />
policy Enable policy routing<br />
probe Enable HP Probe support<br />
proxy-arp Enable proxy ARP<br />
rarp-server Enable RARP server for static arp entries<br />
redirects Enable sending ICMP Redirect messages<br />
rip Router Information Protocol<br />
route-cache Enable fast-switching cache for outgoing packets<br />
router IP router interface comm<strong>and</strong>s<br />
rsvp RSVP interface comm<strong>and</strong>s<br />
rtp RTP parameters<br />
sap Session Advertisement Protocol interface comm<strong>and</strong>s<br />
sdr Session Directory Protocol interface comm<strong>and</strong>s<br />
security DDN IP Security Option<br />
split-horizon Perform split horizon<br />
summary-address Perform address summarization<br />
tcp TCP header compression parameters<br />
unnumbered Enable IP processing without an explicit address<br />
unreachables Enable sending ICMP Unreachable messages<br />
verify Enable per packet validation<br />
vrf VPN Routing/Forwarding parameters on the interface<br />
wccp WCCP interface comm<strong>and</strong>s<br />
RTA(config-if)#ip summary-address ?<br />
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)<br />
rip Routing Information Protocol (RIP)<br />
RTA(config-if)#ip summary-address rip ?<br />
A.B.C.D IP address
RTA(config-if)#ip summary-address rip 10.1.0.0 ?<br />
A.B.C.D IP network mask<br />
RTA(config-if)#ip summary-address rip 10.1.0.0 255.255.248.0 ?<br />
<br />
RTA(config-if)#ip summary-address rip 10.1.0.0 255.255.248.0<br />
RTA(config-if)#end<br />
Notice the subnet mask matches the summary of all the simulated LANs for RTA. This summary should<br />
conform to the subnet the student determined in Task 1, Step 1 above.<br />
Next, encourage the students to use other comm<strong>and</strong>s besides show run <strong>and</strong> show ip route to see the effect<br />
of this configuration. A powerful comm<strong>and</strong> that displays routing configuration information is show ip protocols.<br />
Notice the highlighted portion of the output shows the summary route.<br />
RTA#show ip protocols<br />
Routing Protocol is “rip”<br />
Sending updates every 30 seconds, next due in 23 seconds<br />
Invalid after 180 seconds, hold down 180, flushed after 240<br />
Outgoing update filter list for all interfaces is not set<br />
Incoming update filter list for all interfaces is not set<br />
Redistributing: rip<br />
Default version control: send version 2, receive version 2<br />
Interface Send Recv Triggered RIP Key-chain<br />
Serial0/0 2 2<br />
Loopback1 2 2<br />
Loopback2 2 2<br />
Loopback3 2 2<br />
Loopback4 2 2<br />
Automatic network summarization is not in effect<br />
Address Summarization:<br />
10.1.0.0/21 for Serial0/0<br />
Maximum path: 4<br />
Routing for Networks:<br />
10.0.0.0<br />
172.16.0.0<br />
Routing Information Sources:<br />
Gateway Distance Last Update<br />
172.16.1.2 120 00:00:10<br />
Distance: (default is 120)<br />
Chapter 1: Introduction to Classless Routing 91<br />
Now verify that RTB has received the new summary route as highlighted in the following output. All the<br />
routes may be listed, including the /25 routes, because RIP has not yet timed out these routes. You can<br />
either wait for the /25 routes to be flushed or simply refresh the routing table by using the clear ip route *<br />
comm<strong>and</strong>.<br />
RTB#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
92 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is 172.16.1.1 to network 0.0.0.0<br />
172.16.0.0/30 is subnetted, 1 subnets<br />
C 172.16.1.0 is directly connected, Serial0/1<br />
10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks<br />
C 10.1.9.0/25 is directly connected, Loopback3<br />
C 10.1.8.0/25 is directly connected, Loopback1<br />
R 10.1.1.0/25 [120/1] via 172.16.1.1, 00:00:55, Serial0/1<br />
R 10.1.0.0/21 [120/1] via 172.16.1.1, 00:00:28, Serial0/1<br />
R 10.1.0.0/25 [120/1] via 172.16.1.1, 00:00:55, Serial0/1<br />
C 10.1.9.128/25 is directly connected, Loopback4<br />
C 10.1.8.128/25 is directly connected, Loopback2<br />
R 10.1.1.128/25 [120/1] via 172.16.1.1, 00:00:55, Serial0/1<br />
R 10.1.0.128/25 [120/1] via 172.16.1.1, 00:00:55, Serial0/1<br />
R* 0.0.0.0/0 [120/1] via 172.16.1.1, 00:00:28, Serial0/1<br />
RTB#clear ip route *<br />
RTB#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is 172.16.1.1 to network 0.0.0.0<br />
172.16.0.0/30 is subnetted, 1 subnets<br />
C 172.16.1.0 is directly connected, Serial0/1<br />
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks<br />
C 10.1.9.0/25 is directly connected, Loopback3<br />
C 10.1.8.0/25 is directly connected, Loopback1<br />
R 10.1.0.0/21 [120/1] via 172.16.1.1, 00:00:03, Serial0/1<br />
C 10.1.9.128/25 is directly connected, Loopback4<br />
C 10.1.8.128/25 is directly connected, Loopback2<br />
R* 0.0.0.0/0 [120/1] via 172.16.1.1, 00:00:03, Serial0/1
Now configure RTB to summarize the simulated LANs in RIP routing updates sent to RTA. What is the<br />
comm<strong>and</strong>, including router prompt?<br />
RTB(config-if)#ip summary-address rip 10.1.8.0 255.255.248.0<br />
Clear the routing table on RTA <strong>and</strong> verify that RTA lists only the summary route for RTB. Test the route<br />
by pinging the loopback interfaces on RTB.<br />
RTA#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is 209.165.201.1 to network 0.0.0.0<br />
172.16.0.0/30 is subnetted, 1 subnets<br />
C 172.16.1.0 is directly connected, Serial0/0<br />
209.165.201.0/30 is subnetted, 1 subnets<br />
C 209.165.201.0 is directly connected, Serial0/1<br />
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks<br />
R 10.1.8.0/21 [120/1] via 172.16.1.2, 00:00:05, Serial0/0<br />
C 10.1.1.0/25 is directly connected, Loopback3<br />
C 10.1.0.0/25 is directly connected, Loopback1<br />
C 10.1.1.128/25 is directly connected, Loopback4<br />
C 10.1.0.128/25 is directly connected, Loopback2<br />
S* 0.0.0.0/0 [1/0] via 209.165.201.1<br />
RTA#ping 10.1.8.1<br />
Chapter 1: Introduction to Classless Routing 93<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 10.1.8.1, timeout is 2 seconds:<br />
!!!!!<br />
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/28 ms<br />
RTA#ping 10.1.8.129<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 10.1.8.129, timeout is 2 seconds:<br />
!!!!!<br />
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms<br />
RTA#ping 10.1.9.129<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 10.1.9.129, timeout is 2 seconds:<br />
!!!!!
94 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/28 ms<br />
RTA#ping 10.1.9.1<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 10.1.9.1, timeout is 2 seconds:<br />
!!!!!<br />
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms<br />
The following are the ending scripts for this lab tested on NetLab using the 2600 platform with<br />
IOS version 12.1(22a).<br />
ISP configuration:<br />
hostname ISP<br />
!<br />
enable secret class<br />
!<br />
ip subnet-zero<br />
no ip domain-lookup<br />
ip host RTA 209.165.201.2<br />
!<br />
interface Loopback0<br />
!<br />
description Public Web Server<br />
ip address 209.165.202.129 255.255.255.255<br />
interface Serial0/1<br />
!<br />
description Link to RTA<br />
ip address 209.165.201.1 255.255.255.252<br />
clockrate 64000<br />
no shutdown<br />
ip classless<br />
ip route 10.1.0.0 255.255.240.0 209.165.201.2<br />
ip route 172.16.1.0 255.255.255.252 209.165.201.2<br />
!<br />
banner motd &<br />
***********************************<br />
!!!AUTHORIZED ACCESS ONLY!!!<br />
***********************************<br />
&<br />
!<br />
line con 0<br />
exec-timeout 30 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line aux 0<br />
exec-timeout 30 0
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
!<br />
exec-timeout 30 0<br />
password cisco<br />
logging synchronous<br />
login<br />
end<br />
RTA configuration:<br />
hostname RTA<br />
!<br />
enable secret class<br />
!<br />
ip subnet-zero<br />
no ip domain-lookup<br />
ip host RTB 172.16.1.2<br />
ip host ISP 209.165.201.1<br />
ip host WEB 209.165.202.129<br />
!<br />
interface Loopback1<br />
!<br />
description RTA Simulated LAN1<br />
ip address 10.1.0.1 255.255.255.128<br />
interface Loopback2<br />
!<br />
description RTA Simulated LAN2<br />
ip address 10.1.0.129 255.255.255.128<br />
interface Loopback3<br />
!<br />
description RTA Simulated LAN3<br />
ip address 10.1.1.1 255.255.255.128<br />
interface Loopback4<br />
!<br />
description RTA Simulated LAN4<br />
ip address 10.1.1.129 255.255.255.128<br />
interface Serial0/0<br />
!<br />
description Link to RTB<br />
ip address 172.16.1.1 255.255.255.252<br />
ip summary-address rip 10.1.0.0 255.255.248.0<br />
clockrate 64000<br />
no shutdown<br />
interface Serial0/1<br />
Chapter 1: Introduction to Classless Routing 95
96 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
!<br />
description Link to ISP<br />
ip address 209.165.201.2 255.255.255.252<br />
no shutdown<br />
router rip<br />
!<br />
version 2<br />
network 10.0.0.0<br />
network 172.16.0.0<br />
default-information originate<br />
no auto-summary<br />
ip classless<br />
ip route 0.0.0.0 0.0.0.0 209.165.201.1<br />
!<br />
banner motd &<br />
***********************************<br />
!!!AUTHORIZED ACCESS ONLY!!!<br />
***********************************<br />
&<br />
!<br />
line con 0<br />
exec-timeout 30 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line aux 0<br />
exec-timeout 30 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
!<br />
exec-timeout 30 0<br />
password cisco<br />
logging synchronous<br />
login<br />
end<br />
RTB configuration:<br />
hostname RTB<br />
!<br />
enable secret class<br />
!<br />
ip subnet-zero<br />
no ip domain-lookup<br />
ip host WEB 209.165.202.129
ip host ISP 209.165.201.1<br />
ip host RTA 172.16.1.1<br />
!<br />
interface Loopback1<br />
!<br />
description Simulated RTB LAN1<br />
ip address 10.1.8.1 255.255.255.128<br />
interface Loopback2<br />
!<br />
description Simulated RTB LAN2<br />
ip address 10.1.8.129 255.255.255.128<br />
interface Loopback3<br />
!<br />
description Simulated RTB LAN3<br />
ip address 10.1.9.1 255.255.255.128<br />
interface Loopback4<br />
!<br />
description Simulated RTB LAN4<br />
ip address 10.1.9.129 255.255.255.128<br />
interface Serial0/1<br />
!<br />
description Link to RTA<br />
ip address 172.16.1.2 255.255.255.252<br />
ip summary-address rip 10.8.0.0 255.255.248.0<br />
no shutdown<br />
router rip<br />
!<br />
version 2<br />
network 10.0.0.0<br />
network 172.16.0.0<br />
no auto-summary<br />
ip classless<br />
!<br />
banner motd &<br />
***********************************<br />
!!!AUTHORIZED ACCESS ONLY!!!<br />
***********************************<br />
&<br />
!<br />
line con 0<br />
exec-timeout 30 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line aux 0<br />
exec-timeout 30 0<br />
Chapter 1: Introduction to Classless Routing 97
98 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
!<br />
exec-timeout 30 0<br />
password cisco<br />
logging synchronous<br />
login<br />
end
CHAPTER 2<br />
Single-Area OSPF<br />
The <strong>Study</strong> <strong>Guide</strong> portion of this chapter uses a combination of matching, fill in the blank, open-ended<br />
questions, <strong>and</strong> unique custom exercises to test your knowledge on the theory of link-state routing protocols,<br />
single-area OSPF concepts, <strong>and</strong> single-area OSPF configuration.<br />
The Lab Exercises portion of this chapter includes all the online curriculum labs as well as a comprehensive<br />
lab <strong>and</strong> a challenge lab to ensure that you have mastered the practical, h<strong>and</strong>s-on skills needed about<br />
single-area OSPF.
100 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
<strong>Study</strong> <strong>Guide</strong><br />
Link-State Routing Overview<br />
In this section of the <strong>Study</strong> <strong>Guide</strong>, you complete exercises that solidify your knowledge of the features,<br />
benefits, <strong>and</strong> limitations of link-state routing protocols. You also work on your OSPF vocabulary. The following<br />
exercises build on each other <strong>and</strong> are best done in sequence.<br />
Vocabulary Exercise: Matching<br />
Match the definition on the left with a term on the right. This exercise is not necessarily a one-to-one<br />
matching. Some definitions may be used more than once <strong>and</strong> some terms may have multiple definitions.<br />
Finally, some terms may not be used at all.<br />
Definition<br />
a. A collection of networks under a common<br />
administration that share a common routing<br />
strategy<br />
b. Link-state routing protocol<br />
c. Attaches to multiple areas, maintains separate<br />
link-state databases for each area it is connected<br />
to, <strong>and</strong> routes traffic destined for or<br />
arriving from other areas<br />
d. Describes the details of OSPF link-state concepts<br />
<strong>and</strong> operations<br />
e. A listing of links used by the SPF algorithm<br />
to calculate the best paths through the network<br />
<strong>and</strong> build the SPF tree<br />
f. A group of contiguous subnets that is a logical<br />
subdivision of an autonomous system<br />
g. Flooded throughout an area when a failure<br />
occurs in the network, such as when a neighbor<br />
becomes unreachable<br />
h. An open-st<strong>and</strong>ard, link-state routing protocol<br />
designed to address the limitations of RIP<br />
i. Calculates <strong>and</strong> maintains a complex database<br />
of topology information<br />
j. Within each autonomous system, a contiguous<br />
transition area through which all other<br />
areas communicate<br />
k. Connects to an external routing domain that<br />
uses a different routing policy<br />
l. The part of the network through which multiple<br />
OSPF areas connect<br />
m. When this is not equal, the router with the highest<br />
will be the DR regardless of router ID values<br />
n. The Router ID for an OSPF router if no loopbacks<br />
are configured<br />
Term<br />
e link-state database<br />
b Intermediate System-to-Intermediate<br />
System (IS-IS)<br />
f area<br />
g link-state advertisements<br />
n highest IP address<br />
b, h Open Shortest Path First (OSPF)<br />
m router priority<br />
l area 0<br />
d RFC 2328<br />
i Shortest Path First algorithm<br />
a autonomous system<br />
c Area Border Router (ABR)<br />
e topological database<br />
l, j the backbone<br />
k Autonomous System Boundary Router<br />
(ASBR)<br />
(not used) lowest IP address<br />
i Dijkstra
Vocabulary Exercise: Completion<br />
Complete the paragraphs that follow by filling in appropriate words <strong>and</strong> phrases.<br />
Open Shortest Path First (OSPF) <strong>and</strong> Intermediate System-to-Intermediate System (IS-IS) protocols are<br />
classified as link-state routing protocols. RFC 2328 describes OSPF link-state concepts <strong>and</strong> operations.<br />
Link-state routing protocols were designed to overcome the limitations of distance vector routing protocols.<br />
When a failure occurs in the network, such as when a neighbor becomes unreachable, link-state protocols<br />
flood LSAs (acronym) using a special multicast address throughout an area. A link is the same as an interface<br />
on a router. The state of the link is a description of an interface <strong>and</strong> the relationship to its neighboring<br />
routers. The collection of link states forms a link-state database, sometimes called a topological database.<br />
Link-state routers find the best paths to destinations by applying the Dijkstra or Shortest Path First algorithm<br />
against the link-state database to build the shortest-path first (SPF) tree, with the local router as the<br />
root. The best paths are then selected from the SPF tree <strong>and</strong> placed in the forwarding database.<br />
An autonomous system (AS) consists of a collection of networks under a common administration that<br />
share a common routing strategy. The backbone area is the transition point between areas in an AS because<br />
all other areas communicate through it.<br />
Compare <strong>and</strong> Contrast Exercise<br />
In the following table, list the benefits <strong>and</strong> limitations of link-state routing protocols. You should have at<br />
least four entries for each side of the table.<br />
Benefits Limitations<br />
Chapter 2: Single-Area OSPF 101<br />
Link-state protocols use cost metrics to choose Link-state protocols require a topology database, an<br />
paths through the network. The cost metric adjacency database, <strong>and</strong> a forwarding database.<br />
reflects the capacity of the links on those paths. Using all these databases can require a significant<br />
amount of memory in large or complex networks.<br />
Routing updates are more infrequent.<br />
Dijkstra’s algorithm requires CPU cycles to calculate<br />
The network can be segmented into area the best paths through the network. If the network is<br />
hierarchies, limiting the scope of route changes. large or complex, link-state protocols can use a<br />
significant amount of CPU time.<br />
Link-state protocols send only updates of a<br />
topology change. By using triggered, flooded In a multiarea design, an area router must always<br />
updates, link-state protocols can immediately have a path to the backbone or else the router will<br />
report changes in the network topology to all have no connectivity to the rest of the network.<br />
routers in the network. This immediate reporting Additionally, the backbone area must remain<br />
generally leads to fast convergence times. contiguous at all times to avoid some areas becoming<br />
isolated (partitioned).<br />
Because each router has a complete <strong>and</strong><br />
synchronized picture of the network, it is very Configuring a link-state protocol in a large network<br />
difficult for routing loops to occur. can be challenging.<br />
Because LSAs are sequenced <strong>and</strong> aged, routers Interpreting the information that is stored in the<br />
always base their routing decisions on the most topology, neighbor databases, <strong>and</strong> routing table<br />
recent set of information. requires a good underst<strong>and</strong>ing of the concepts of<br />
link-state routing.<br />
With careful network design, the link-state<br />
database sizes can be minimized, leading to During the initial discovery process, link-state routing<br />
smaller Dijkstra calculations <strong>and</strong> faster protocols can flood the network with LSAs <strong>and</strong> thereconvergence.<br />
by significantly decrease the network’s capability to<br />
transport data.<br />
Link-state protocols usually scale to larger<br />
networks than distance vector protocols do,<br />
particularly the traditional distance vector<br />
protocols such as RIPv1 <strong>and</strong> IGRP.
102 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Concept Questions<br />
What two names refer to the same algorithm used by all link-state routing protocols?<br />
Link-state routing protocols were made possible by the algorithm formulated by Edsger Wybe Dijkstra.<br />
Thus, it is called the Dijkstra algorithm. More generically, it is called the Shortest Path First algorithm. For<br />
more on Dijkstra, visit Wikipedia at http://en.wikipedia.org/wiki/Edsger Dijkstra.<br />
What is the difference between the way link-state routing protocols view the network <strong>and</strong> the way distance<br />
vector routing protocols view the network?<br />
Link-state routing protocols build a tree-like structure of the network, with the local router as the root of<br />
the tree. Each link-state router has knowledge of the entire network. Link-state routers do not depend on<br />
other routers to advertise the best route. Link-state routers calculate an algorithm to determine the best<br />
route to the destination. Distance vector routing has also been called “routing by rumor” <strong>and</strong> “gossip routing.”<br />
Distance vector routers depend upon directly connected neighbors to advertise the best route to the<br />
destination.<br />
Journal Entry<br />
Describe a network implementation where a distance vector routing protocol would be preferred over a<br />
link-state routing protocol.<br />
First, the current networking devices may not support link-state routing, <strong>and</strong> the budget for the implementation<br />
may not be sufficient to purchase additional equipment.<br />
Second, the network may be simple enough that the benefits of a link-state routing protocol is overkill. For<br />
example, a network with only a h<strong>and</strong>ful of subnets, a few routers <strong>and</strong> servers, <strong>and</strong> only one gateway would<br />
not normally need the features of a link-state routing protocol. In fact, you may not want to run a routing<br />
protocol at all. Instead, you may want to use static routes.<br />
Finally, the network administration of the network may not have the necessary training <strong>and</strong> skills to implement<br />
<strong>and</strong> monitor a link-state routing protocol, which can be more complex than distance vector routing or<br />
static routing.<br />
Single-Area OSPF Concepts<br />
One of the main limitations of OSPF is its sheer complexity. Although you are only responsible for underst<strong>and</strong>ing<br />
single-area OSPF concepts <strong>and</strong> configurations, it is still the most complex routing protocol you<br />
will use at the <strong>CCNA</strong> level. The exercises in the section focus on the conceptual framework of OSPF. It is<br />
important to have a good grasp of these concepts before proceeding into the configuration of OSPF. The<br />
following exercises build on each other <strong>and</strong> are best done in sequence.<br />
Vocabulary Exercise: Completion<br />
Complete the paragraphs that follow by filling in appropriate words <strong>and</strong> phrases.<br />
OSPF is a routing protocol developed for IP networks by the OSPF working group of the Internet<br />
Engineering Task Force (IETF). OSPF has two primary characteristics. The first is that the protocol is an<br />
open st<strong>and</strong>ard, which means that its specification is in the public domain, described in RFC 2328. The second<br />
principal characteristic is that OSPF is based on the Dijkstra or SPF algorithm.<br />
OSPF is a link-state routing protocol, whereas RIP <strong>and</strong> IGRP are distance vector routing protocols.<br />
Routers that are running distance vector algorithms send all or a portion of their routing tables in routingupdate<br />
messages to their neighbors.
The term link simply refers to the interface on a router <strong>and</strong> its relationship to its neighboring routers. The<br />
collection all of these states forms the link-state database, which is an overall picture of networks in relation<br />
to routers.<br />
The ability of OSPF to separate a large internetwork into multiple areas is also referred to as hierarchical<br />
routing. Routing still occurs between areas, but recalculating databases can be isolated to the area where<br />
the change occurred.<br />
The SPF algorithm is used to calculate the cost of links. The OSPF cost of an interface is inversely proportional<br />
to the b<strong>and</strong>width of that interface, so a higher b<strong>and</strong>width indicates a lower cost. The default formula<br />
used to calculate OSPF cost is<br />
cost = 100,000,000/b<strong>and</strong>width in bps<br />
The SPF algorithm calculates a loop-free topology using the node (or local router) as the starting point <strong>and</strong><br />
examining, in turn, information it has about adjacent nodes.<br />
Build the SPF Loop-Free Topology<br />
A physical topology is shown in Figure 2-1. All seven routers are running OSPF in the same single area<br />
network. The OSPF cost value has been simplified for this exercise. Each link is labeled with its cost. Each<br />
router will use the SPF algorithm to construct a loop-free topology with the local router as the root. In the<br />
space provided or on a separate sheet of paper, draw the logical spanning-tree topology for each router.<br />
(Hint: Use a pencil. You will make mistakes.)<br />
Figure 2-1 Build the SPF Loop-Free Topology<br />
D<br />
A<br />
B DC<br />
3<br />
1 4<br />
1<br />
4 1<br />
2 1<br />
1<br />
F G<br />
Chapter 2: Single-Area OSPF 103<br />
Example: The following describes how you would draw the spanning-tree topology in Figure 2-1a showing<br />
Router A as the local or root router. Start by drawing router A at the top. Router A can send traffic to<br />
both router B <strong>and</strong> router C. You can see that router A will always send traffic destined for router B directly<br />
to router B, so draw router B <strong>and</strong> connect it to router A. Label the link with the cost, which is 1. But will<br />
router A send traffic destined for router C directly to router C? No. The cost of 4 is too high compared to<br />
the path through router B, which has a cumulative cost of only 2. So, attach router C to router B <strong>and</strong> label<br />
the link with its cost. Now, how would router A send traffic to router D? It would send it to router B,<br />
which would forward the traffic directly to router D because the cumulative cost of 4 is lower than the<br />
cumulative cost to forward the traffic to router C. So, attach router D to router B <strong>and</strong> label the link with its<br />
cost. Now router B has three routers attached to it. Continue adding routers. Router E would receive traffic<br />
from router A via router C. Both router F <strong>and</strong> router G would receive traffic from router A via router E.<br />
E<br />
2
104 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Figure 2-1a Loop-free Topology for Router A<br />
Figure 2-1b Loop-free Topology for Router B<br />
Figure 2-1c Loop-free Topology for Router C<br />
A D<br />
2<br />
1<br />
1<br />
A<br />
B<br />
C D<br />
1<br />
E F<br />
1<br />
1<br />
1<br />
B<br />
3<br />
G<br />
A C<br />
D<br />
2<br />
E<br />
1 1<br />
F G<br />
C<br />
1 2<br />
B DE<br />
1 3 1 1<br />
3<br />
F G
Figure 2-1d Loop-free Topology for Router D<br />
A C<br />
Figure 2-1e Loop-free Topology for Router E<br />
Figure 2-1f Loop-free Topology for Router F<br />
D<br />
3 2<br />
B DF<br />
1 1 1 1<br />
2<br />
E<br />
B D<br />
E G<br />
C F GD<br />
A<br />
1<br />
1 2<br />
1<br />
2<br />
F<br />
D E GD<br />
C<br />
B<br />
1<br />
2<br />
1<br />
1<br />
A<br />
1<br />
1<br />
Chapter 2: Single-Area OSPF 105
106 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Figure 2-1g Loop-free Topology for Router G<br />
Concept Questions<br />
What is the formula Cisco IOS uses to calculate the cost metric for OSPF?<br />
Cost = 10 8 /b<strong>and</strong>width in bps<br />
What is the OSPF cost of a T1 link?<br />
10 8 /1544000 bps = 64.7, which is rounded to a cost of 64 by the IOS<br />
What is the OSPF cost of a Fast Ethernet link?<br />
10 8 /100,000,000 bps = 1<br />
What is the OSPF cost of a 56-kps dialup link?<br />
10 8 /56000 = 1785.71, which is rounded to a cost of 1785 by the IOS<br />
The routers within an OSPF area have converged. What can you safely assume about the link-state databases<br />
of all the routers within the area?<br />
The link-state databases within an OSPF area are identical. That is, each router contains the same list of<br />
links. In fact, this condition must be met before the routers within the area can calculate the SPF algorithm.<br />
Name at least three advantages of OSPF that relate to its hierarchical routing characteristic.<br />
Because OSPF is built on a multiple-area concept within autonomous systems, it has the following benefits:<br />
■ Reduced frequency of SPF calculations<br />
■ Smaller routing tables<br />
■ Reduced link-state update overhead<br />
Single-Area OSPF Configuration<br />
C<br />
G<br />
1 1<br />
E DF<br />
B<br />
2<br />
1<br />
1<br />
A<br />
Now that you have a good underst<strong>and</strong>ing of how OSPF works, it is time to learn the configuration comm<strong>and</strong>s<br />
that you use in a single-area OSPF network. The first exercise in this section takes you step-by-step<br />
through an OSPF configuration. The second exercise focuses on a topic that often causes problems for students:<br />
the DR/BDR election. The final exercise is a journal entry. These exercises build on each other <strong>and</strong><br />
are best done in sequence.<br />
D<br />
2
Learn the OSPF Comm<strong>and</strong>s Exercise<br />
1. Document the comm<strong>and</strong> syntax, including router prompt, to configure the OSPF routing process.<br />
Router(config)#router ospf process-id.<br />
2. The value for process-id can be any number between 1 <strong>and</strong> 65535.<br />
3. True or False: All routers in an area must have the same process-id.<br />
False. The process-id is only significant to the local router <strong>and</strong> has no meaning to other OSPF neighbors.<br />
OSPF neighbors are unaware of what process ID the local router is using.<br />
4. The comm<strong>and</strong> syntax, including router prompt, for adding network statements to the OSPF routing<br />
process is<br />
Router(config-router)#network address wildcard-mask area area-id.<br />
5. For single area OSPF configurations, the area-id should always be 0.<br />
6. The wildcard-mask argument works the same way as wildcard masks in access control list statements.<br />
List the corresponding wildcard mask for each of the following subnet masks:<br />
255.255.255.0 0.0.0.255<br />
255.255.255.128 0.0.0.127<br />
255.255.255.192 0.0.0.63<br />
255.255.255.240 0.0.0.15<br />
255.255.0.0 0.0.255.255<br />
255.255.252.0 0.0.3.255<br />
255.255.240.0 0.0.15.255<br />
255.0.0.0 0.255.255.255<br />
255.224.0.0 0.31.255.255<br />
255.248.0.0 0.7.255.255<br />
7. Refer to Figure 2-2. In the space provided, document the correct comm<strong>and</strong>s, including router prompt,<br />
to configure RTA to advertise all directly connected networks in OSPF.<br />
Figure 2-2 RTA OSPF Configuration<br />
192.168.1.0/26<br />
RTA<br />
192.168.1.252/30 192.168.1.244/30<br />
Chapter 2: Single-Area OSPF 107
108 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
RTA(config)#router ospf 1<br />
RTA(config-router)#network 192.168.1.0 0.0.0.63 area 0<br />
RTA(config-router)#network 192.168.1.244 0.0.0.3 area 0<br />
RTA(config-router)#network 192.168.1.252 0.0.0.3 area 0<br />
8. OSPF routers that share a common link become neighbors on that link. In Figure 2-3, RTB <strong>and</strong> RTC<br />
are neighbors of RTA, but not of each other. These routers send each other OSPF Hello packets to<br />
establish adjacency. These packets also act as keepalives so that each router knows that adjacent<br />
routers are still functional.<br />
Figure 2-3 Establishing OSPF Adjacency<br />
192.168.1.128/26<br />
9. Using Figure 2-3, document the correct comm<strong>and</strong>s, including router prompt, to configure RTB <strong>and</strong><br />
RTC to advertise all directly connected networks in OSPF.<br />
!OSPF Configuration for RTB.<br />
!Note that the process-id does NOT have to match with RTA<br />
RTB(config)#router ospf 2<br />
RTB(config-router)#network 192.168.1.64 0.0.0.63 area 0<br />
RTB(config-router)#network 192.168.1.244 0.0.0.3 area 0<br />
!OSPF Configuration for RTB.<br />
RTC(config)#router ospf 3<br />
192.168.1.0/26<br />
RTC RTB<br />
RTC(config-router)#network 192.168.1.128 0.0.0.63 area 0<br />
RTC(config-router)#network 192.168.1.252 0.0.0.3 area 0<br />
Note: Now is a good time to complete Curriculum Lab 2-1: Configuring the OSPF Routing Process (2.3.1).<br />
RTA<br />
192.168.1.252/30 192.168.1.244/30<br />
OSPF<br />
Area 0<br />
192.168.1.64/26<br />
10. On multiaccess networks (networks supporting more than two routers) such as Ethernet <strong>and</strong> Frame-<br />
Relay networks, the Hello protocol elects a designated router (DR) <strong>and</strong> a backup designated router<br />
(BDR). Among other things, the designated router is responsible for generating LSAs for the entire<br />
multiaccess network, which reduces both routing-update traffic <strong>and</strong> management of link-state synchronization.
11. The DR/BDR election is based on OSPF priority <strong>and</strong> OSPF Router ID. By default, all OSPF routers<br />
have a priority of 1. If all OSPF routers have the same priority, the highest Router ID determines the<br />
DR <strong>and</strong> BDR.<br />
12. Unless a loopback interface is configured, the highest IP address on an active interface at the moment<br />
of OSPF process startup is used as the router ID.<br />
13. In Figure 2-4, label each router with its router ID. Assume that all routers came up simultaneously <strong>and</strong><br />
that all interfaces are active.<br />
Figure 2-4 Determine the Router ID<br />
14. In Figure 2-4, which router would be the DR? RTC BDR? RTB<br />
15. You can override the Router ID that OSPF chooses by configuring an IP address on a loopback interface.<br />
This will provide stability to your OSPF network, because loopback interfaces do not become<br />
inactive.<br />
16. The syntax for configuring a loopback interface with an IP address is<br />
Router(config)#interface loopback number<br />
Router(config-if)#ip address address subnet-mask<br />
17. Assume that network policy has determined that RTA is best suited to be the DR. In addition, the policy<br />
states that all OSPF routers will be configured with a loopback interface, as follows, to provide stability<br />
to OSPF:<br />
■ 10.0.0.3/32 for RTA<br />
■ 10.0.0.2/32 for RTB<br />
■ 10.0.0.1/32 for RTC<br />
Router ID: 192.168.1.65<br />
Fa0/1 192.168.1.65/26<br />
RTA<br />
Fa0/0 192.168.1.3/29<br />
OSPF<br />
Area 0<br />
Chapter 2: Single-Area OSPF 109<br />
Fa0/1 192.168.1.193/26 Fa0/1 192.168.1.129/26<br />
Fa0/0 192.168.1.1/29 Fa0/0 192.168.1.2/29<br />
RTC<br />
RTB<br />
Router ID: 192.168.1.193 Router ID: 192.168.1.129
110 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
18. Document the correct comm<strong>and</strong>s, including router prompt, to configure loopback interfaces on each<br />
router.<br />
RTA(config)#interface loopback 0<br />
RTA(config-if)#ip address 10.0.0.3 255.255.255.255<br />
RTB(config)#interface loopback 0<br />
RTB(config-if)#ip address 10.0.0.2 255.255.255.255<br />
RTC(config)#interface loopback 0<br />
RTC(config-if)#ip address 10.0.0.1 255.255.255.255<br />
19. With loopback interfaces now configured on each router, what must you do to change which router<br />
is DR?<br />
Does the first sentence mean, “Either the routers must be reloaded or the OSPF process must be<br />
removed with the no router ospf process-id comm<strong>and</strong> <strong>and</strong> then completely reconfigured before routers<br />
will use the loopback addresses as the router ID”? However, the first router reconfigured will become<br />
the DR regardless of the value of Router ID unless you reload the routers. So, the best way to ensure<br />
which router is DR is by configuring priority.<br />
Note: Now is a good time to complete Curriculum Lab 2-2: Configuring OSPF with Loopback Addresses (2.3.2).<br />
20. In addition to configuring loopbacks, it would be a good idea to configure RTA with an OSPF priority<br />
that ensures that it always wins the DR/BDR election. The syntax for configuring OSPF priority is<br />
Router(config-if)#ip ospf priority priority<br />
21. Document the comm<strong>and</strong>s you would configure on RTA to make sure its priority always wins the<br />
DR/BDR election.<br />
RTA(config)#interface Fa 0/0<br />
RTA(config-if)#ip ospf priority 2<br />
!Any priority higher than the default of 1 will work.<br />
22. In Figure 2-5, note the differences in b<strong>and</strong>width. If OSPF uses the default b<strong>and</strong>width on the serial<br />
interfaces to calculate the cost, RTB will send traffic destined for the LAN on RTC directly to RTC,<br />
<strong>and</strong> RTC will send traffic destined for the LAN on RTB directly to RTB. However, the path through<br />
RTA is faster. There are two ways to force RTB <strong>and</strong> RTC to send traffic to RTA. Explain the two different<br />
ways to configure the correct cost. In what situations would one be better than the other?<br />
Figure 2-5 Configure OSPF Cost Metric<br />
192.168.1.0/26<br />
Fa0/0<br />
RTA<br />
192.168.1.252/30 192.168.1.244/30<br />
T1<br />
S0/0<br />
OSPF<br />
Area 0<br />
S0/1<br />
DCE<br />
192.168.1.128/26<br />
S0/0<br />
DCE<br />
S0/1 192.168.1.64/26<br />
Fa0/0<br />
RTC<br />
S0/1<br />
192.168.1.248/30<br />
386 kps<br />
S0/0<br />
DCE<br />
RTB<br />
Fa0/0<br />
T1
The Cisco IOS uses the 10 8 /bps formula to assign a value for OSPF cost. However, this formula is<br />
arbitrary <strong>and</strong> is not universal. The OSPF st<strong>and</strong>ard does not specify how cost is to be calculated. In<br />
fact, it states, “This cost is configurable by the system administrator” (see RFC 2328, page 17).<br />
Therefore, if you are configuring OSPF in a multivendor environment, you need to configure the cost<br />
for the interface so that it matches the non-Cisco device. For that situation, it is best to use the ip ospf<br />
cost bps comm<strong>and</strong>.<br />
If, however, you are using all Cisco equipment, it is much more effective <strong>and</strong> simple to configure the<br />
interface with the actual b<strong>and</strong>width by using the b<strong>and</strong>width bps comm<strong>and</strong>.<br />
23. RTB <strong>and</strong> RTC are both Cisco 2600 series routers. The default b<strong>and</strong>width on serial interfaces for 2600<br />
routers is 1544 kbps (T1). What comm<strong>and</strong> would you enter to verify the default or configured b<strong>and</strong>width<br />
on an interface? show interface Referring to Figure 2-5, document the comm<strong>and</strong>s needed to<br />
configure the b<strong>and</strong>width correctly so that OSPF uses an accurate cost metric.<br />
RTB(config)#interface serial 0/0<br />
RTB(config-if)#b<strong>and</strong>width 386<br />
RTC(config)#interface serial 0/1<br />
RTC(config-if)#b<strong>and</strong>width 386<br />
Note: Now is a good time to complete Curriculum Lab 2-3: Modifying OSPF Cost Metric (2.3.3).<br />
24. By default, a router trusts that information arriving from another router is “believable.” However, to<br />
avoid malicious or inadvertent misinformation, you should configure authentication. The Cisco IOS<br />
has two methods for authenticating OSPF routing updates: simple authentication <strong>and</strong> encrypted<br />
authentication. With simple authentication, passwords are sent in clear text, affording no protection<br />
from sniffer programs. Document the comm<strong>and</strong> syntax, including router prompt, to configure simple<br />
authentication (two comm<strong>and</strong>s).<br />
!On the interface that will participate in authentication:<br />
Router(config-if)#ip ospf authentication-key password<br />
!Within the OSPF router process:<br />
Router(config-router)#area area-number authentication<br />
25. You should use encrypted authentication whenever possible. Document the comm<strong>and</strong> syntax, including<br />
router prompt, to configure encrypted authentication (two comm<strong>and</strong>s).<br />
!On the interface that will participate in encryption:<br />
Router(config-if)#ip ospf message-digest-key key-id encryption-type md5 key<br />
!Within the OSPF router process:<br />
Router(config-router)#area area-id authentication message-digest<br />
26. Document the comm<strong>and</strong>s necessary to configure encrypted authentication of OSPF routing updates<br />
for the routers in Figure 2-5. Because the comm<strong>and</strong>s are the same for all three routers, it is only necessary<br />
that you document the comm<strong>and</strong>s for RTA. Use “allrouters” as the key.<br />
RTA(config)#interface serial 0/0<br />
RTA(config-if)#ip ospf message-digest-key 1 md5 7 allrouters<br />
RTA(config)#interface serial 0/1<br />
RTA(config-if)#ip ospf message-digest-key 1 md5 7 allrouters<br />
RTA(config-if)#router ospf 1<br />
RTA(config-router)#area 0 authentication message-digest<br />
Chapter 2: Single-Area OSPF 111<br />
Instructor Note: The preceding configuration also ensures that potentially malicious routing updates received on the<br />
Fast Ethernet interfaces will not be believed. Authentication has been enabled for the entire area.
112 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Note: Now is a good time to complete Curriculum Lab 2-4: Configuring OSPF Authentication (2.3.4).<br />
27. The DR, BDR, <strong>and</strong> every other router in an OSPF network sends out Hellos using 224.0.0.5 as the<br />
destination address. If a DRother (a router that is not the DR) needs to send an LSA, it will send it<br />
using 224.0.0.6 as the destination address. The DR <strong>and</strong> the BDR will receive LSAs at this address.<br />
28. Complete the following table by listing the four types of OSPF networks <strong>and</strong> whether they have a<br />
DR/BDR election.<br />
Network Type Characteristics DR/BDR<br />
Election?<br />
Broadcast multiaccess Ethernet, Token Ring, or FDDI Yes<br />
Non-broadcast multiaccess Frame Relay, X.25, SMDS Yes<br />
Point-to-point PPP, HDLC No<br />
Point-to-multipoint Configured by an administrator No<br />
29. OSPF routers must use matching Hello intervals <strong>and</strong> Dead intervals on the same link. These are used<br />
to time the exchange of link-state information as well as to determine when a link is down.<br />
30. On broadcast OSPF networks, the default Hello interval is 10 seconds <strong>and</strong> the default Dead interval is<br />
40 seconds. On nonbroadcast networks, the default Hello interval is 30 seconds <strong>and</strong> the default Dead<br />
interval is 120 seconds.<br />
31. These default interval values result in efficient OSPF operation <strong>and</strong> seldom need to be modified.<br />
However, you can change them. Document the comm<strong>and</strong> syntax, including router prompt, to change<br />
these values.<br />
Router(config-if)#ip ospf hello-interval seconds<br />
Router(config-if)#ip ospf dead-interval seconds<br />
32. Again, refer to Figure 2-5. Assuming that the current intervals are 10 <strong>and</strong> 40, document the comm<strong>and</strong>s<br />
necessary to change these intervals on the link between RTB <strong>and</strong> RTC to a value four times greater<br />
than the current value.<br />
RTB(config)#interface serial 0/0<br />
RTB(config-if)#ip ospf hello-interval 40<br />
RTB(config-if)#ip ospf dead-interval 160<br />
RTC(config)#interface serial 0/1<br />
RTC(config-if)#ip ospf hello-interval 40<br />
RTC(config-if)#ip ospf dead-interval 160<br />
Instructor Note: It is not necessary to configure the Dead interval as long as the desired interval is four times the<br />
Hello interval. The IOS will automatically increase the Dead interval to four times the configured Hello interval.<br />
Note: Now is a good time to complete Curriculum Lab 2-5: Configuring OSPF Timers (2.3.5).<br />
33. Refer to Figure 2-6 for the remaining questions in this section. RTA is your gateway router because it<br />
provides access outside the area. In OSPF terminology, RTA is called the Autonomous System<br />
Boundary Router (ASBR) because it connects to an external routing domain that uses a different routing<br />
policy.
Figure 2-6 Propagating a Default Route<br />
192.168.1.128/26<br />
Address Space<br />
192.168.1.0/24<br />
Fa0/0<br />
RTA<br />
S0/1<br />
RTC 192.168.1.248/30 S0/0 RTB<br />
DCE<br />
34. Each routing protocol h<strong>and</strong>les the propagation of default routing information a little differently. For<br />
OSPF, the gateway router must be configured with two comm<strong>and</strong>s. First, RTA needs a static default<br />
route (also known as the “quad-zero” route) pointing to ISP. Document the comm<strong>and</strong> syntax to configure<br />
a static default route on RTA.<br />
Router(config)#ip route 0.0.0.0 0.0.0.0 [interface | next-hop-address]<br />
Instructor Note: Students should also know the difference between using the interface argument <strong>and</strong> using the nexthop-address<br />
argument. When you configure the outbound interface, the router does not need to do the extra step of<br />
looking up the next hop’s address in the routing table. Therefore, the interface argument has an administrative distance<br />
of 0. This is also the preferred configuration if the next hop’s address changes often. If you configure the next-hopaddress<br />
argument, the administrative distance is 1 to account for the extra processing time.<br />
35. Using the interface argument, document the comm<strong>and</strong> necessary to configure RTA with a static<br />
default route pointing to ISP.<br />
RTA(config)#ip route 0.0.0.0 0.0.0.0 serial 1/0<br />
36. At this point, RTA can send pings to ISP, <strong>and</strong> ISP will respond as long as the pings are sourced from<br />
the serial 1/0 interface on RTA. However, any ping coming from the 192.168.1.0/24 address space will<br />
be discarded by ISP. Why?<br />
Because ISP does not yet have a route to the 192.168.1.0/24 address space.<br />
37. Document the comm<strong>and</strong> syntax used to configure a static route.<br />
Router(config)#ip route network_address subnet_mask [interface | next-hop-address]<br />
38. Using the next-hop-address argument, document the comm<strong>and</strong> necessary to configure ISP with a static<br />
route pointing to the 192.168.1.0/24 address space.<br />
ISP(config)#ip route 192.168.1.0 255.255.255.0 209.165.201.2<br />
39. At this point, any host on the LAN attached to RTA will be able to access ISP <strong>and</strong> ping the Public<br />
Web Server at 209.165.202.129. However, RTB <strong>and</strong> RTC still cannot ping outside the 192.168.1.0/24<br />
address space. Why?<br />
Because neither router has a default route.<br />
S1/0<br />
209.165.201.2/30<br />
192.168.1.252/30<br />
RTA<br />
Propagates<br />
Default Route to<br />
RTB <strong>and</strong> RTC<br />
192.168.1.244/30<br />
S0/0<br />
DCE<br />
S0/0<br />
192.168.1.0/26<br />
Fa0/0<br />
S0/1<br />
DCE<br />
Default Route<br />
209.165.201.1/30<br />
Static Route<br />
S0/1<br />
Fa0/0<br />
Chapter 2: Single-Area OSPF 113<br />
S0/0<br />
DCE<br />
ISP<br />
OSPF<br />
Area 0 192.168.1.64/26<br />
Public Web Server<br />
209.165.202.129/30
114 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
40. Document the comm<strong>and</strong> that needs to be configured on RTA to fix this problem.<br />
RTA(config-router)#default-information originate<br />
Note: Now is a good time to complete Curriculum Lab 2-6: Propagating Default Routes in an OSPF Domain (2.3.6).<br />
DR/BDR Election Exercise<br />
In the following exercises, assume that all routers are simultaneously booted. Determine the network type,<br />
if applicable, <strong>and</strong> label which router is elected as the DR <strong>and</strong> which router is elected as the BDR.<br />
Hint: Remember, if priority is equal, router ID determines DR <strong>and</strong> BDR.<br />
Refer to Figure 2-7 <strong>and</strong> answer the following questions:<br />
Figure 2-7 DR/BDR Election Exercise 1 Topology<br />
E0 = 172.16.1.1<br />
L0 = 192.168.1.4<br />
RTA<br />
What is the router ID for RTA? 192.168.1.4<br />
What is the router ID for RTB? 192.168.1.3<br />
What is the router ID for RTC? 192.168.1.2<br />
What is the router ID for RTD? 192.168.1.1<br />
Which router will be elected DR? RTA<br />
Which router will be elected BDR? RTB<br />
RTC<br />
E0 = 172.16.1.3<br />
S0 = 192.168.5.1<br />
L0 = 192.168.1.2<br />
Refer to Figure 2-8 <strong>and</strong> determine whether there will be a DR/BDR election. If applicable, designate<br />
which router is DR <strong>and</strong> which router is BDR.<br />
Figure 2-8 DR/BDR Election Exercise 2 Topology<br />
E0 = 172.16.1.2<br />
L0 = 192.168.1.3<br />
RTB<br />
The loopback address is the router ID in every case<br />
172.15.1.2/30<br />
S0<br />
Fa0<br />
172.16.1.2/24<br />
Router ID<br />
172.15.1.1/30<br />
S0<br />
Fa1<br />
172.16.1.1/24<br />
RTA<br />
Router ID<br />
172.18.1.2/30<br />
S1<br />
Fa0<br />
172.17.1.1/24<br />
Router ID<br />
RTD<br />
E0 = 172.16.1.4<br />
S0 = 192.168.5.2<br />
L0 = 192.168.1.1<br />
Router ID<br />
172.18.1.1/30<br />
S0<br />
RTD RTB<br />
RTC<br />
Fa0<br />
172.17.1.2/24
Network DR/BDR Election? Which Router Is the DR? Which Router Is the BDR?<br />
172.15.1.0/30 No — —<br />
172.16.1.0/24 Yes RTC RTD<br />
172.17.1.0/24 Yes RTB RTC<br />
172.18.1.0/30 No — —<br />
Refer to Figure 2-9 <strong>and</strong> answer the following questions:<br />
Figure 2-9 DR/BDR Election Exercise 3 Topology<br />
What is the router ID for RTA? 209.165.201.2<br />
What is the router ID for RTB? 192.168.1.2<br />
What is the router ID for RTC? 10.1.1.1<br />
Which router is DR for the 192.168.0.0/24 network? RTA<br />
Which router is BDR for the 192.168.0.0/24 network? RTB<br />
Assuming a priority of zero on RTA, which router is DR for the 192.168.1.0/24 network? RTB<br />
What will happen if another router, RTD, joins the 192.168.1.0/24 network with a router ID of<br />
209.165.201.9?<br />
Nothing. Both the DR <strong>and</strong> BDR have to go down before RTD can become the DR.<br />
Journal Entry<br />
RTC<br />
RTA<br />
E0<br />
E0 E0<br />
S0<br />
E0 = 192.168.0.3/24<br />
S0 = 192.168.1.3/30<br />
L0 = 10.1.1.1/32<br />
Router ID<br />
Router ID<br />
E0 = 192.168.0.1/24<br />
S0 = 209.165.201.2/30<br />
S0<br />
OSPF<br />
Area 0<br />
Chapter 2: Single-Area OSPF 115<br />
S0 = 209.165.201.1/30<br />
In a simple three-router topology, it may not be necessary to run OSPF as your routing protocol. Under<br />
what circumstances would you choose to use OSPF instead of RIPv2?<br />
Answers will vary. However, you are looking for an answer that takes into consideration the benefits <strong>and</strong><br />
limitations of both routing protocols. For example, RIP cannot make a decision about routing based on a<br />
cost metric. RIP looks at hops <strong>and</strong> only hops to make its decision. In addition, some equipment may not<br />
support RIPv2 but support OSPF.<br />
S0<br />
ISP<br />
RTB<br />
E0 = 192.168.0.2/24<br />
S0 = 192.168.1.2/30<br />
Router ID
116 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Lab Exercises<br />
Comm<strong>and</strong> Reference<br />
In the table that follows, record the comm<strong>and</strong>, including the correct router prompt, that fits the description.<br />
Fill in any blanks with the appropriate missing information.<br />
Comm<strong>and</strong> Description<br />
Router(config)#router ospf 123 Turns on OSPF process number 123. The process ID is any<br />
value between 1 <strong>and</strong> 65535. The process ID does not equal<br />
the OSPF area.<br />
Router(config-router)#network OSPF advertises interfaces, not networks. Uses the<br />
172.16.10.0 0.0.0.255 area 0 wildcard mask to determine which interfaces to advertise.<br />
The comm<strong>and</strong> shown reads: any interface with an address<br />
of 172.16.10.x is to be put into area 0.<br />
Router(config)#interface lo0 Creates the virtual interface loopback 0.<br />
Router(config-if)#ip ospf priority 50 Changes the OSPF priority for an interface to 50.<br />
Router(config-if)#b<strong>and</strong>width 128 Changes the b<strong>and</strong>width of an interface to 128 kbps.<br />
Router(config-if)#ip ospf cost 1564 Changes the cost to a value of 1564.<br />
Router(config-router)#area 0 authentication Turns on simple authentication within the OSPF routing<br />
process.<br />
Router(config-if)#ip ospf Sets the simple authentication key (password) to fred on an<br />
authentication-key fred interface.<br />
Router(config-router)#area 0 authentication Turns on MD5 authentication within the OSPF routing<br />
message-digest process.<br />
Router(config-if)#ip ospf message- Sets 1 as the key-id <strong>and</strong> fred as the key on an interface.<br />
digest-key 1 md5 7 fred<br />
or<br />
Router(config-if)#ip ospf message-digest-key<br />
1 md5 fred<br />
Router(config-if)#ip ospf hello-interval 20 Changes the Hello Interval timer to 20 seconds.<br />
Router(config-if)#ip ospf dead-interval 80 Changes the Dead Interval timer to 80 seconds.<br />
Router(config)#ip route 0.0.0.0 0.0.0.0 s0/0 Creates a static default route pointing out the serial 0/0<br />
interface. This route will have an administrative distance<br />
of 0.<br />
Router(config)#ip route Creates a static default route pointing to the next-hop IP<br />
0.0.0.0 0.0.0.0 192.168.1.1 address of 192.168.1.1. This route will have an<br />
administrative distance of 1.<br />
Router(config-router)#default-information Sets the default route to be propagated to all OSPF routers.<br />
originate<br />
Router#show ip protocol Displays parameters for all routing protocols running on<br />
the router.
Comm<strong>and</strong> Description<br />
Router#show ip route Displays complete IP routing table.<br />
Router#show ip ospf Displays basic OSPF information for all OSPF processes<br />
running on the router.<br />
Router#show ip ospf interface Displays OSPF information as it relates to all interfaces.<br />
Router#show ip ospf neighbor List all the OSPF neighbors <strong>and</strong> their states.<br />
Router#show ip ospf neighbor detail Displays a detailed list of neighbors.<br />
Router#clear ip route * Clears entire routing table, forcing it to rebuild.<br />
Router#clear ip ospf counters Resets OSPF counters.<br />
Router#clear ip ospf process Resets entire OSPF process, forcing OSPF to re-create<br />
neighbors, the database, <strong>and</strong> the routing table.<br />
Router#debug ip ospf events Displays all OSPF events.<br />
Router#debug ip ospf adj Displays the various OSPF states as neighbors form<br />
adjacencies as well as the DR <strong>and</strong> BDR election between<br />
adjacent routers.<br />
Router#debug ip ospf packets Displays OSPF packets as they are sent <strong>and</strong> received.<br />
Curriculum Lab 2-1: Configuring the OSPF Routing<br />
Process (2.3.1)<br />
Figure 2-10 Topology for Lab 2-1<br />
Straight-Through Cable<br />
Area 0<br />
Rollover (Console) Cable<br />
Router 1 Router 2<br />
Crossover Cable<br />
Serial Cable<br />
Chapter 2: Single-Area OSPF 117
118 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Table 2-1 Lab Equipment Configuration<br />
Router Designation Router Name Routing Protocol Network Statements<br />
Router 1 BERLIN OSPF 192.168.1.128<br />
192.168.15.0<br />
Router 2 ROME OSPF 192.168.15.0<br />
The enable secret password for both routers is class.<br />
The enable, VTY, <strong>and</strong> console password for both routers is cisco.<br />
Table 2-2 Lab Equipment Interface/IP Address Configurations<br />
192.168.0.0<br />
Router IP Host Fast Ethernet 0 Interface Type Serial 0 Address/<br />
Designation Table Entry Address/Subnet Mask Serial 0 Subnet Mask<br />
Router 1 ROME 192.168.1.129/26 DCE 192.168.15.1/30<br />
Router 2 BERLIN 192.168.0.1/24 DTE 192.168.15.2/30<br />
The interface type <strong>and</strong> address/subnet mask for the serial 1 interface on both routers is not applicable for<br />
this lab.<br />
The “IP Host Table Entry” column contents indicate the names of the other routers in the IP host table.<br />
Objectives<br />
■ Set up an IP addressing scheme for OSPF area 0.<br />
■ Configure <strong>and</strong> verify OSPF routing.<br />
Background/Preparation<br />
Cable a network that is similar to the one in Figure 2-10. You can use any router that meets the interface<br />
requirements in Figure 2-10 (that is, 800, 1600, 1700, 2500, <strong>and</strong> 2600 routers or a combination). Refer to<br />
the information in Appendix A, “Router Interface Summary Chart,” to correctly specify the interface identifiers<br />
based on the equipment in your lab. The 1721 series routers produced the configuration output in<br />
this lab. Another router might produce slightly different output. You should execute the following steps on<br />
each router unless you are specifically instructed otherwise. Start a HyperTerminal session.<br />
Implement the procedure documented in Appendix C, “Erasing <strong>and</strong> Reloading the Router,” before you<br />
continue with this lab.<br />
Task 1: Configure the Routers<br />
On the routers, enter global configuration mode <strong>and</strong> configure the hostname as shown in Table 2-1. Then,<br />
configure the console, virtual terminal, <strong>and</strong> enable passwords. Next, configure the interfaces according to<br />
Table 2-2. Finally, configure the IP hostnames. Do not configure the routing protocol until you are specifically<br />
told to. If you have problems configuring the router basics, refer to Lab 1-2, “Review of Basic Router<br />
Configuring with RIP.”<br />
Note: You may need to add the comm<strong>and</strong> ip subnet-zero because of the use of the ZERO subnet with VLSM on the<br />
192.168.1.0/30 <strong>and</strong> 192.168.1.128/26 networks.
BERLIN<br />
Router>enable<br />
Router#configure terminal<br />
Router(config)#hostname BERLIN<br />
BERLIN(config)#enable secret class<br />
BERLIN(config)#line console 0<br />
BERLIN(config-line)#password cisco<br />
BERLIN(config-line)#login<br />
BERLIN(config-line)#line vty 0 4<br />
BERLIN(config-line)#password cisco<br />
BERLIN(config-line)#login<br />
BERLIN(config-line)#exit<br />
BERLIN(config)#interface serial 0<br />
BERLIN(config-if)#ip address 192.168.15.1 255.255.255.252<br />
BERLIN(config-if)#clock rate 64000<br />
BERLIN(config-if)#no shutdown<br />
BERLIN(config-if)#exit<br />
BERLIN(config)#interface FastEthernet 0<br />
BERLIN(config-if)#ip address 192.168.1.129 255.255.255.192<br />
BERLIN(config-if)#no shutdown<br />
BERLIN(config-if)#exit<br />
BERLIN(config)#ip host ROME 192.168.0.1 192.168.15.2<br />
ROME<br />
Router>enable<br />
Router#configure terminal<br />
Router(config)#hostname ROME<br />
ROME(config)#enable secret class<br />
ROME(config)#line console 0<br />
ROME(config-line)#password cisco<br />
ROME(config-line)#login<br />
ROME(config-line)#line vty 0 4<br />
ROME(config-line)#password cisco<br />
ROME(config-line)#login<br />
ROME(config-line)#exit<br />
ROME(config)#interface serial 0<br />
ROME(config-if)#ip address 192.168.15.2 255.255.255.252<br />
ROME(config-if)#no shutdown<br />
ROME(config-if)#exit<br />
ROME(config)#interface FastEthernet 0<br />
ROME(config-if)#ip address 192.168.0.1 255.255.255.0<br />
ROME(config-if)#no shutdown<br />
ROME(config-if)#exit<br />
ROME(config)#ip host BERLIN 192.168.1.129 192.168.15.1<br />
Chapter 2: Single-Area OSPF 119
120 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 2: Save the Configuration Information from Privileged EXEC<br />
Comm<strong>and</strong> Mode<br />
BERLIN#copy running-config startup-config<br />
Destination filename [startup-config]? [Enter]<br />
Why save the running configuration to the startup configuration?<br />
So that the router will keep the configuration when it is reset.<br />
Task 3: Configure the Hosts<br />
Step 1. Configure the hosts with the proper IP address, subnet mask, <strong>and</strong> default gateway.<br />
Host connected to router Rome<br />
IP address: 192.168.0.2<br />
Subnet mask: 255.255.255.0<br />
Default gateway: 192.168.0.1<br />
Host connected to router Berlin<br />
IP address: 192.168.1.130<br />
Subnet mask: 255.255.255.128<br />
Default gateway: 192.168.1.129<br />
Step 2. Each workstation should be able to ping the attached router. Troubleshoot as necessary. Hint:<br />
Remember to assign a specific IP address <strong>and</strong> default gateway to the workstation. If you are<br />
running Windows 98, check using Start > Run > winipcfg. If you are running Windows 2000,<br />
check using ipconfig in a DOS window.<br />
Step 3. At this point, the workstations will not be able to communicate with each other. The following<br />
tasks will demonstrate the process that is required to get communication working while using<br />
OSPF as the routing protocol.<br />
Task 4: View the Router’s Configuration <strong>and</strong> Interface Information<br />
Step 1. At the privileged EXEC mode prompt, type the following:<br />
BERLIN#show running-config<br />
Step 2. Using the show ip interface brief comm<strong>and</strong>, check the status of each interface.<br />
What is the state of the interfaces on each router?<br />
BERLIN:<br />
Fast Ethernet 0: Up<br />
Serial 0: Up<br />
Serial 1: Down<br />
ROME:<br />
Fast Ethernet 0: Up<br />
Serial 0: Up<br />
Serial 1: Down
Step 3. Ping from one of the connected serial interfaces to the other.<br />
Was the ping successful? Yes<br />
Step 4. If the ping was not successful, troubleshoot the router configuration until the ping is successful.<br />
Instructor Note: If the ping is not successful, the show ip interface brief comm<strong>and</strong> would have indicated where the<br />
problem was. The configured interfaces should be in the “up” <strong>and</strong> “up” state.<br />
Task 5: Configure OSPF Routing on Router BERLIN<br />
Step 1. Configure an OSPF routing process on router BERLIN. Use OSPF process number 1 <strong>and</strong><br />
ensure that all networks are in area 0.<br />
BERLIN(config)#router ospf 1<br />
BERLIN(config-router)#network 192.168.1.128 0.0.0.63 area 0<br />
BERLIN(config-router)#network 192.168.15.0 0.0.0.3 area 0<br />
BERLIN(config-router)#end<br />
Step 2. Examine the routers that are running configuration files.<br />
Did the IOS version automatically add any lines under router OSPF 1? Yes<br />
If so, what did it add? log-adjacency-changes<br />
Step 3. If there were no changes to the running configuration, type the following comm<strong>and</strong>s:<br />
BERLIN(config)#router ospf 1<br />
BERLIN(config-router)#log-adjacency-changes<br />
BERLIN(config-router)#end<br />
Step 4. Show the routing table for the BERLIN router.<br />
BERLIN#show ip route<br />
Do entries exist in the routing table? No<br />
Why?<br />
OSPF is not configured on ROME yet.<br />
Task 6: Configure OSPF Routing on Router ROME<br />
Step 1. Configure an OSPF routing process on router ROME. Use OSPF process number 1 <strong>and</strong> ensure<br />
that all networks are in area 0.<br />
ROME(config)#router ospf 1<br />
ROME(config-router)#network 192.168.1.0 0.0.0.255 area 0<br />
ROME(config-router)#network 192.168.15.0 0.0.0.3 area 0<br />
ROME(config-router)#end<br />
Step 2. Examine the ROME router running configuration files.<br />
Did the IOS version automatically add lines under router OSPF 1? Yes<br />
If so, what did it add? log-adjacency-changes<br />
Step 3. If there were no changes to the running configuration, type the following comm<strong>and</strong>s:<br />
ROME(config)#router ospf 2<br />
ROME(config-router)#log-adjacency-changes<br />
ROME(config-router)#end<br />
Chapter 2: Single-Area OSPF 121
122 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Step 4. Show the routing table for the ROME router.<br />
ROME#show ip route<br />
Are there OSPF entries in the routing table now? Yes<br />
What is the metric value of the OSPF route?<br />
It varies; the default with b<strong>and</strong>width on serial set to 128 kbps gives a net cost of 782.<br />
What is the VIA address in the OSPF route? 192.168.15.1<br />
Are routes to all networks shown in the routing table? Yes<br />
What does the O mean in the first column of the routing table?<br />
The route was learned by OSPF.<br />
Task 7: Test Network Connectivity<br />
Ping the BERLIN host from the ROME host. Was it successful? Yes<br />
If not, troubleshoot as necessary.<br />
After you complete the previous steps, log off (by typing exit) <strong>and</strong> turn the router off. Then, remove <strong>and</strong><br />
store the cables <strong>and</strong> adapter.<br />
Curriculum Lab 2-2: Configuring OSPF with Loopback<br />
Addresses (2.3.2)<br />
Figure 2-11 Topology for Lab 2-2<br />
Router 1<br />
Router 2<br />
Router 3
Table 2-3 Lab Equipment Configuration: Part I<br />
Router Router Routing OSPF Network<br />
Designation Name Protocol Routing ID Statements<br />
Router 1 London OSPF 1 192.168.1.0<br />
Router 2 Ottawa OSPF 1 192.168.1.0<br />
Router 3 Brasilia OSPF 1 192.168.1.0<br />
The enable secret password for all routers is class.<br />
The enable, VTY, <strong>and</strong> console passwords for each router is cisco.<br />
Table 2-4 Lab Equipment Configuration: Part II<br />
Router IP Host Fast Ethernet 0 Loopback Interface/<br />
Designation Table Entry Address/Subnet Mask Subnet Mask<br />
Router 1 Ottawa Brasilia 192.168.1.1/24 192.168.31.11/32<br />
Router 2 London Brasilia 192.168.1.2/24 192.168.31.22/32<br />
Router 3 London Ottawa 192.168.1.3/24 192.168.31.33/32<br />
The “IP Host Table Entry” column contents indicate the names of the other routers in the IP host table.<br />
Objectives<br />
■ Configure routers with a Class C IP addressing scheme.<br />
■ Observe the election process for designated routers (DR) <strong>and</strong> backup designated routers (BDR) on the<br />
multiaccess network.<br />
■ Configure loopback addresses for OSPF stability.<br />
■ Assign each OSPF interface a priority to force the election of a specific router as DR.<br />
Background/Preparation<br />
Cable a network that is similar to the one in Figure 2-11. You can use any router that meets the interface<br />
requirements in Figure 2-11 (that is, 800, 1600, 1700, 2500, <strong>and</strong> 2600 routers or a combination). Refer to<br />
the information in Appendix A to correctly specify the interface identifiers based on the equipment in your<br />
lab. The 1721 series routers produced the configuration output in this lab. Another router might produce<br />
slightly different output. You should execute the following steps on each router unless you are specifically<br />
instructed otherwise. Start a HyperTerminal session.<br />
Implement the procedure documented in Appendix C on all routers before continuing with this lab.<br />
Task 1: Configure the Routers<br />
On the routers, enter global configuration mode <strong>and</strong> configure the hostname as shown in Table 2-3. Then,<br />
configure the console, virtual terminal, <strong>and</strong> enable passwords. Next, configure the interfaces <strong>and</strong> the IP<br />
hostnames according to the Lab Equipment Configuration tables, Tables 2-3 <strong>and</strong> 2-4. If you have problems<br />
configuring the router basics, refer to Lab 1-2, “Review of Basic Router Configuring with RIP.”<br />
Note: Do not configure loopback interfaces <strong>and</strong> routing protocols yet.<br />
Chapter 2: Single-Area OSPF 123
124 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
LONDON<br />
Router>enable<br />
Router#configure terminal<br />
Router(config)#hostname LONDON<br />
LONDON(config)#enable secret class<br />
LONDON(config)#line console 0<br />
LONDON(config-line)#password cisco<br />
LONDON(config-line)#login<br />
LONDON(config-line)#line vty 0 4<br />
LONDON(config-line)#password cisco<br />
LONDON(config-line)#login<br />
LONDON(config-line)#exit<br />
LONDON(config)#interface fastethernet 0/0<br />
LONDON(config-if)#ip address 192.168.1.1 255.255.255.0<br />
LONDON(config-if)#no shutdown<br />
LONDON(config-if)#exit<br />
LONDON(config)#ip host OTTAWA 192.168.1.2<br />
LONDON(config)#ip host BRASILIA 192.168.1.3<br />
OTTOWA<br />
Router>enable<br />
Router#configure terminal<br />
Router(config)#hostname OTTAWA<br />
OTTOWA(config)#enable secret class<br />
OTTOWA(config)#line console 0<br />
OTTOWA(config-line)#password cisco<br />
OTTOWA(config-line)#login<br />
OTTOWA(config-line)#line vty 0 4<br />
OTTOWA(config-line)#password cisco<br />
OTTOWA(config-line)#login<br />
OTTOWA(config-line)#exit<br />
OTTOWA(config)#interface fastethernet 0/0<br />
OTTOWA(config-if)#ip address 192.168.1.2 255.255.255.0<br />
OTTOWA(config-if)#no shutdown<br />
OTTOWA(config-if)#exit<br />
OTTOWA(config)#ip host LONDON 192.168.1.1<br />
OTTOWA(config)#ip host BRASILIA 192.168.1.3<br />
BRASILIA<br />
Router>enable<br />
Router#configure terminal<br />
Router(config)#hostname BRASILIA<br />
BRASILIA(config)#enable secret class<br />
BRASILIA(config)#line console 0<br />
BRASILIA(config-line)#password cisco
BRASILIA(config-line)#login<br />
BRASILIA(config-line)#line vty 0 4<br />
BRASILIA(config-line)#password cisco<br />
BRASILIA(config-line)#login<br />
BRASILIA(config-line)#exit<br />
BRASILIA(config)#interface fastethernet 0/0<br />
BRASILIA(config-if)#ip address 192.168.0.1 255.255.255.0<br />
BRASILIA(config-if)#no shutdown<br />
BRASILIA(config-if)#exit<br />
BRASILIA(config)#ip host LONDON 192.168.1.1<br />
BRASILIA(config)#ip host OTTAWA 192.168.1.2<br />
Task 2: Save the Configuration Information for All the Routers<br />
Why should you save the running configuration to the startup configuration?<br />
So that the router will keep the configuration when it is reset.<br />
Task 3: Configure the Hosts<br />
Step 1. Configure the hosts with the proper IP address, subnet mask, <strong>and</strong> default gateway.<br />
Host with gateway London<br />
IP address: 192.168.1.4<br />
Subnet mask: 255.255.255.0<br />
Default gateway: 192.168.1.1<br />
Host with gateway Ottawa<br />
IP address: 192.168.1.5<br />
Subnet mask: 255.255.255.0<br />
Default gateway: 192.168.1.2<br />
Host with gateway Brasilia<br />
IP address: 192.168.1.6<br />
Subnet mask: 255.255.255.0<br />
Default gateway: 192.168.1.3<br />
Chapter 2: Single-Area OSPF 125<br />
Step 2. Each workstation should be able to ping all the attached routers, because they are all part of the<br />
same subnetwork. Troubleshoot as necessary. Hint: Remember to assign a specific IP address<br />
<strong>and</strong> default gateway to the workstation. If you are running Windows 98, check using Start ><br />
Run > winipcfg. If you are running Windows 2000, check using ipconfig in a DOS window.<br />
Step 3. At this point, the workstations will not be able to communicate with each other. The following<br />
tasks demonstrate the process required to get communication working by using OSPF as the<br />
routing protocol.
126 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 4: View the Router’s Configuration <strong>and</strong> Interface Information<br />
Step 1. At the privileged EXEC mode prompt, type show running-config.<br />
Step 2. Using the show ip interface brief comm<strong>and</strong>, check the status of each interface.<br />
What is the state of the interfaces on each router?<br />
London:<br />
■ Fast Ethernet 0: Up<br />
■ Serial 0: Down<br />
■ Serial 1: Down<br />
Ottawa:<br />
■ Fast Ethernet 0: Up<br />
■ Serial 0: Down<br />
■ Serial 1: Down<br />
Brasilia:<br />
■ Fast Ethernet 0: Up<br />
■ Serial 0: Down<br />
■ Serial 1: Down<br />
Task 5: Verify Connectivity of the Routers<br />
Ping all the connected Fast Ethernet interfaces from each other.<br />
Were the pings successful? Yes<br />
If the pings were not successful, troubleshoot the router configuration until the ping is successful.<br />
Task 6: Configure OSPF Routing on Router London<br />
Step 1. Configure an OSPF routing process on router London. Use OSPF process number 1 <strong>and</strong> ensure<br />
that all networks are in area 0.<br />
London(config)#router ospf 1<br />
London(config-router)#network 192.168.1.0 0.0.0.255 area 0<br />
London(config-router)#end<br />
Step 2. Examine the London router running the configuration file.<br />
Did the IOS version automatically add lines under router OSPF 1? Yes/No<br />
Instructor Note: The log-adjacency-changes comm<strong>and</strong> is added automatically with newer versions of the IOS.<br />
Step 3. If there were no changes to the running configuration, type the following comm<strong>and</strong>s:<br />
London(config)#router ospf 1<br />
London(config-router)#log-adjacency-changes<br />
London(config-router)#end<br />
Step 4. Show the routing table for the London router:<br />
London#show ip route
Are entries in the routing table? No<br />
Why?<br />
No other routers have been configured with OSPF.<br />
Task 7: Configure OSPF Routing on Router Ottawa<br />
Step 1. Configure an OSPF routing process on router Ottawa. Use OSPF process number 1 <strong>and</strong> ensure<br />
that all networks are in area 0.<br />
Ottawa(config)#router ospf 1<br />
Ottawa(config-router)#network 192.168.1.0 0.0.0.255 area 0<br />
Ottawa(config-router)#end<br />
Step 2. Examine the Ottawa router running configuration files.<br />
Did the IOS version automatically add lines under router OSPF 1? Yes/No<br />
Step 3. If no changes were made to the running configuration, type the following comm<strong>and</strong>s:<br />
Ottawa(config)#router ospf 1<br />
Ottawa(config-router)#log-adjacency-changes<br />
Ottawa(config-router)#end<br />
Task 8: Configure OSPF Routing on Router Brasilia<br />
Step 1. Configure an OSPF routing process on router Brasilia. Use OSPF process number 1 <strong>and</strong> ensure<br />
that all networks are in area 0.<br />
Brasilia(config)#router ospf 1<br />
Brasilia(config-router)#network 192.168.1.0 0.0.0.255 area 0<br />
Brasilia(config-router)#end<br />
Step 2. Examine the Brasilia router running configuration files.<br />
Did the IOS version automatically add lines under router OSPF 1? Yes<br />
What did it add? log-adjacency-changes<br />
Step 3. If there were no changes to the running configuration, type the following comm<strong>and</strong>s:<br />
Brasilia(config)#router ospf 1<br />
Brasilia(config-router)#log-adjacency-changes<br />
Brasilia(config-router)#end<br />
Task 9: Test Network Connectivity<br />
Ping the Brasilia router from the London router. Was it successful? Yes<br />
If not, troubleshoot as necessary.<br />
Task 10: Show OSPF Adjacencies<br />
Type the comm<strong>and</strong> show ip ospf neighbor on all routers to verify that the OSPF routing has formed adjacencies.<br />
Is there a designated router identified? Yes<br />
Is there a backup designated router? Yes<br />
Chapter 2: Single-Area OSPF 127
128 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Type the comm<strong>and</strong> show ip ospf neighbor detail for more information.<br />
What is the neighbor priority of 192.168.1.1 from router Brasilia? 1<br />
What interface is identified as being part of area 0? FastEthernet 0/0<br />
Task 11: Configure the Loopback Interfaces<br />
Configure the loopback interface on each router to allow for an interface that will not go down due to network<br />
change or failure. You can accomplish this by typing interface loopback # at the global configuration<br />
mode prompt, where the # represents the number of the loopback interface from 0 to 2,147,483,647.<br />
London(config)#interface loopback 0<br />
London(config-if)#ip address 192.168.31.11 255.255.255.255<br />
London(config-router)#end<br />
Ottawa(config)#interface loopback 0<br />
Ottawa(config-if)#ip address 192.168.31.22 255.255.255.255<br />
Ottawa(config-router)#end<br />
Brasilia(config)#interface loopback 0<br />
Brasilia(config-if)#ip address 192.168.31.33 255.255.255.255<br />
Brasilia(config-router)#end<br />
Task 12: Save the Configuration Information for All the Routers<br />
After you save the configurations on all the routers, power them down <strong>and</strong> back up again.<br />
Task 13: Show OSPF Adjacencies<br />
Step 1. Type the comm<strong>and</strong> show ip ospf neighbor on all routers to verify that the OSPF routing has<br />
formed adjacencies.<br />
Is a designated router identified? Yes<br />
What are the Router ID <strong>and</strong> link address of the DR?<br />
192.168.31.33 <strong>and</strong> 192.168.1.3<br />
Is there a backup designated router? Yes<br />
What are the Router ID <strong>and</strong> link address of the BDR?<br />
192.168.31.22 <strong>and</strong> 192.168.1.2<br />
What is the third router referred to as? DROTHER<br />
What is that router’s ID <strong>and</strong> link address?<br />
192.168.31.11 <strong>and</strong> 192.168.1.1<br />
Step 2. Type the comm<strong>and</strong> show ip ospf neighbor detail for more information.<br />
What is the neighbor priority of 192.168.1.1 from router Brasilia? 1<br />
Which interface is identified as being part of area 0? FastEthernet0/0
Task 14: Verify OSPF Interface Configuration<br />
Type show ip ospf interface fastethernet 0 on the London router.<br />
What is the OSPF state of the interface? DROTHER<br />
What is the default priority of the interface? 1<br />
What is the network type of the interface? Broadcast<br />
Task 15: Configure London to Always Be the DR<br />
Step 1. To ensure that the London router always becomes the DR for this multiaccess segment, you<br />
must set the OSPF priority. London is the most powerful router in the network, so it is best<br />
suited to become the DR. Giving London’s loopback a higher IP address is not advised because<br />
the numbering system has advantages for troubleshooting. Also, London is not to act as the DR<br />
for all segments to which it might belong.<br />
Step 2. Set the priority of the interface to 50 on the London router only.<br />
London(config)#interface fastethernet 0/0<br />
London(config-if)#ip ospf priority 50<br />
London(config-router)#end<br />
Step 3. Display the priority for interface FastEthernet 0/0.<br />
London#show ip ospf interface fastethernet 0/0<br />
Task 16: Watch the Election Process<br />
To watch the OSPF election process, restart all the routers. As soon as the router prompt is available, type<br />
the following:<br />
Ottawa>enable<br />
Ottawa#debug ip ospf events<br />
Which router was elected DR? London<br />
Which router was elected BDR? Brasilia<br />
Why?<br />
It has the higher priority.<br />
To turn off all debugging, type undebug all.<br />
Task 17: Show OSPF Adjacencies<br />
Type the comm<strong>and</strong> show ip ospf neighbor on the Ottawa router to verify that the OSPF routing has<br />
formed adjacencies.<br />
What is the priority of the DR? 50<br />
Chapter 2: Single-Area OSPF 129<br />
After you complete the previous steps, log off (by typing exit) <strong>and</strong> turn the router off. Then, remove <strong>and</strong><br />
store the cables <strong>and</strong> adapter.
130 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Curriculum Lab 2-3: Modifying OSPF Cost Metric (2.3.3)<br />
Figure 2-12 Topology for Lab 2-3<br />
Straight-Through Cable<br />
Table 2-5 Lab Equipment Configuration: Part I<br />
Router Designation Router Name Routing Protocol Network Statements<br />
Router 1 Cairo OSPF 192.168.1.0<br />
Router 2 Moscow OSPF 192.168.1.0<br />
192.168.0.0<br />
The enable secret password for both routers is class.<br />
The enable, VTY, <strong>and</strong> console password for both routers is cisco.<br />
Table 2-6 Lab Equipment Configuration: Part II<br />
Area 0<br />
Rollover (Console) Cable<br />
Router 1 Router 2<br />
Crossover Cable<br />
Serial Cable<br />
Router IP Host Fast Ethernet 0 Interface Type Serial 0 Address/<br />
Designation Table Entry Address/Subnet Mask Serial 0 Subnet Mask<br />
Router 1 Moscow 192.168.1.129/26 DCE 192.168.1.1/30<br />
Router 2 Cairo 192.168.0.1/24 DTE 192.168.1.2/30<br />
The interface type <strong>and</strong> address/subnet mask for the serial 1 interface on both routers are not applicable for<br />
this lab.<br />
The “IP Host Table Entry” column contents indicate the names of the other routers in the IP host table.
Objectives<br />
■ Set up an IP addressing scheme for the OSPF area.<br />
■ Configure <strong>and</strong> verify OSPF routing.<br />
■ Modify the OSPF cost metric on an interface.<br />
Background/Preparation<br />
Cable a network that is similar to the one in Figure 2-12. You can use any router that meets the interface<br />
requirements in Figure 2-12 (that is, 800, 1600, 1700, 2500, <strong>and</strong> 2600 routers or a combination). Refer to<br />
the information in Appendix A to correctly specify the interface identifiers based on the equipment in your<br />
lab. The 1721 series routers produced the configuration output in this lab. Another router might produce<br />
slightly different output. You should execute the following steps on each router unless you are specifically<br />
instructed otherwise.<br />
Start a HyperTerminal session.<br />
Implement the procedure documented in Appendix C on all routers before you continue with this lab.<br />
Task 1: Configure the Routers<br />
On the routers, enter the global configuration mode <strong>and</strong> configure the hostname, console, virtual terminal,<br />
<strong>and</strong> enable passwords. Next, configure the interfaces <strong>and</strong> IP hostnames according to the Lab Equipment<br />
Configuration tables, Tables 2-5 <strong>and</strong> 2-6. If you have problems configuring the router basics, refer to Lab<br />
1-2, “Review of Basic Router Configuring with RIP.”<br />
Note: You may need to add the comm<strong>and</strong> ip subnet-zero because of the use of the ZERO subnet with VLSM on the<br />
192.168.1.0/30 <strong>and</strong> 192.168.1.128/26 networks.<br />
Note: Do not configure the routing protocol until you are specifically told to.<br />
Cairo<br />
Router>enable<br />
Router#configure terminal<br />
Router(config)#hostname Cairo<br />
Cairo(config)#enable secret class<br />
Cairo(config)#line console 0<br />
Cairo(config-line)#password cisco<br />
Cairo(config-line)#login<br />
Cairo(config-line)#line vty 0 4<br />
Cairo(config-line)#password cisco<br />
Cairo(config-line)#login<br />
Cairo(config-line)#exit<br />
Cairo(config)#interface serial 0/0<br />
Cairo(config-if)#ip address 192.168.1.1 255.255.255.252<br />
Cairo(config-if)#clockrate 64000<br />
Cairo(config-if)#no shutdown<br />
Cairo(config-if)#interface fastethernet 0/0<br />
Cairo(config-if)#ip address 192.168.1.129 255.255.255.128<br />
Cairo(config-if)#no shutdown<br />
Cairo(config-if)#exit<br />
Chapter 2: Single-Area OSPF 131
132 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Cairo(config)#ip host Moscow 192.168.0.1 192.168.1.2<br />
Cairo(config)#exit<br />
Moscow<br />
Router>enable<br />
Router#configure terminal<br />
Router(config)#hostname Moscow<br />
Moscow(config)#enable password cisco<br />
Moscow(config)#enable secret class<br />
Moscow(config)#line console 0<br />
Moscow(config-line)#password cisco<br />
Moscow(config-line)#login<br />
Moscow(config-line)#line vty 0 4<br />
Moscow(config-line)#password cisco<br />
Moscow(config-line)#login<br />
Moscow(config-line)#exit<br />
Moscow(config)#interface serial 0/0<br />
Moscow(config-if)#ip address 192.168.1.2 255.255.255.252<br />
Moscow(config-if)#no shutdown<br />
Moscow(config-if)#interface fastethernet 0/0<br />
Moscow(config-if)#ip address 192.168.0.1 255.255.255.0<br />
Moscow(config-if)#no shutdown<br />
Moscow(config-if)#exit<br />
Moscow(config)#ip host Cairo 192.168.1.129 192.168.1.1<br />
Moscow(config)#exit<br />
Task 2: Save the Configuration Information from Privileged EXEC<br />
Comm<strong>and</strong> Mode<br />
Cairo#copy running-config startup-config<br />
Destination filename [startup-config]?[Enter]<br />
Moscow#copy running-config startup-config<br />
Destination filename [startup-config]?[Enter]<br />
Why should you save the running configuration to the startup configuration?<br />
Saving the configuration will allow the router to keep the configuration after a reload or power down.<br />
Task 3: Configure the Hosts<br />
Step 1. Configure the hosts with the proper IP address, subnet mask, <strong>and</strong> default gateway.<br />
Host connected to router Cairo<br />
IP address: 192.168.1.130<br />
Subnet mask: 255.255.255.192<br />
Default gateway: 192.168.1.129<br />
Host connected to router Moscow<br />
IP address: 192.168.0.2<br />
Subnet mask: 255.255.255.0<br />
Default gateway: 192.168.0.1
Step 2. Each workstation should be able to ping the attached router. Troubleshoot as necessary. Hint:<br />
Remember to assign a specific IP address <strong>and</strong> default gateway to the workstation. If you are<br />
running Windows 98, check using Start > Run > winipcfg. If you are running Windows 2000,<br />
check using ipconfig in a DOS window.<br />
Step 3. At this point, the workstations will not be able to communicate with each other. The following<br />
tasks demonstrate the process that is required to get communication working while using OSPF<br />
as the routing protocol.<br />
Task 4: View the Router’s Configuration <strong>and</strong> Interface Information<br />
Step 1. At the privileged EXEC mode prompt, type the following:<br />
Cairo#show running-config<br />
[…]<br />
hostname Cairo<br />
!<br />
enable secret 5 $1$hGOQ$I7bGdq5INLFy2ZT4.5CdY/<br />
enable password cisco<br />
!<br />
ip subnet-zero<br />
!<br />
interface FastEthernet0/0<br />
ip address 192.168.1.129 255.255.255.192<br />
speed auto<br />
!<br />
interface Serial0/0<br />
ip address 192.168.1.1 255.255.255.252<br />
clockrate 64000<br />
!<br />
interface Serial1/0<br />
no ip address<br />
shutdown<br />
!<br />
ip classless<br />
no ip http server<br />
!<br />
!<br />
line con 0<br />
password cisco<br />
login<br />
line aux 0<br />
line vty 0 4<br />
password cisco<br />
login<br />
!<br />
no scheduler allocate<br />
end<br />
Step 2. Using the show ip interface brief comm<strong>and</strong>, check the status of each interface.<br />
What is the state of the interfaces on each router?<br />
Chapter 2: Single-Area OSPF 133
134 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Cairo:<br />
■ Fast Ethernet 0: Up<br />
■ Serial 0: Up<br />
Moscow:<br />
■ Fast Ethernet 0: Up<br />
■ Serial 0: Up<br />
Step 3. Ping from one of the connected router serial interfaces to the other.<br />
Was the ping successful? Yes<br />
If the ping was not successful, troubleshoot the router configuration until the ping is successful.<br />
Task 5: Configure OSPF Routing on Router Cairo<br />
Step 1. Configure OSPF routing on each router. Use OSPF process number 1 <strong>and</strong> ensure that all networks<br />
are in area 0.<br />
Cairo(config)#router ospf 1<br />
Cairo(config-router)#network 192.168.1.128 0.0.0.63 area 0<br />
Cairo(config-router)#network 192.168.1.0 0.0.0.3 area 0<br />
Cairo(config-router)#end<br />
Step 2. Examine the running configuration file.<br />
Did the IOS version automatically add lines under router OSPF 1? Yes<br />
What did it add? log-adjacency-changes<br />
Step 3. If there were no changes to the running configuration, type the following comm<strong>and</strong>s:<br />
Cairo(config)#router ospf 1<br />
Cairo(config-router)#log-adjacency-changes<br />
Cairo(config-router)#end<br />
Step 4. Show the routing table for the Cairo router.<br />
Cairo#show ip route<br />
Do entries exist in the routing table? No<br />
Why?<br />
Other routers have not been configured to send out OSPF updates yet.<br />
Task 6: Configure OSPF Routing on the Moscow Router<br />
Step 1. Configure OSPF routing on each router. Use OSPF process number 1 <strong>and</strong> ensure that all networks<br />
are in area 0.<br />
Moscow(config)#router ospf 1<br />
Moscow(config-router)#network 192.168.0 .0 0.0.0.255 area 0<br />
Moscow(config-router)#network 192.168.1.0 0.0.0.3 area 0<br />
Moscow(config-router)#end
Step 2. Examine the running configuration file.<br />
Did the IOS version automatically add lines under router OSPF 1? Yes<br />
Step 3. If there were no changes to the running configuration, type the following comm<strong>and</strong>s:<br />
Moscow(config)#router ospf 1<br />
Moscow(config-router)#log-adjacency-changes<br />
Moscow(config-router)#end<br />
Task 7: Show the Routing Table Entries<br />
Show the routing table entries for the Cairo router.<br />
Cairo#show ip route<br />
Does the routing table have OSPF entries now? Yes<br />
What is the metric value of the OSPF route? 110<br />
What is the VIA address in the OSPF route? 192.168.1.2<br />
Are routes to all networks shown in the routing table? Yes<br />
What does the O mean in the first column of the routing table?<br />
The route was learned by OSPF.<br />
Task 8: Test Network Connectivity<br />
Ping the Cairo host from the Moscow host. Was it successful? Yes<br />
If not, troubleshoot as necessary.<br />
Task 9: Look at the OSPF Cost on the Cairo Router Interfaces<br />
Show the properties of the Cairo router serial <strong>and</strong> Fast Ethernet interfaces by using the show interfaces<br />
comm<strong>and</strong>.<br />
What is the default b<strong>and</strong>width of the interfaces?<br />
■ Serial interface: BW 1544 kbps<br />
■ Fast Ethernet interface: BW 100000 kbps<br />
Calculate the OSPF cost.<br />
■ Serial interface: 64<br />
■ Fast Ethernet interface: 1<br />
Table 2-7 OSPF Cost Calculations for Common Link Types<br />
Link B<strong>and</strong>width Default OSPF Cost<br />
56 kbps 1785<br />
T1 64<br />
10-Mbps Ethernet 10<br />
16-Mbps Token Ring 6<br />
FDDI/Fast Ethernet 1<br />
Chapter 2: Single-Area OSPF 135
136 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 10: Record the OSPF Cost of the Serial <strong>and</strong> Fast Ethernet<br />
Interfaces<br />
Using the show ip ospf interface comm<strong>and</strong>, record the OSPF cost of the serial <strong>and</strong> Fast Ethernet interfaces:<br />
■ OSPF cost of serial interface: 64<br />
■ OSPF cost of Ethernet interface: 1<br />
Do these agree with the calculations? Yes<br />
The clock rate set for the interface should have been 64,000. This is what has been used as a default to this<br />
point <strong>and</strong> specified in Lab 1-2, “Review of Basic Router Configuring with RIP.” Therefore, to calculate the<br />
cost of this b<strong>and</strong>width, you need to divide 10 8 by 64,000.<br />
Task 11: Manually Set the Cost on the Serial Interface<br />
On the serial interface of the Cairo router, set the OSPF cost to 1562 by typing ip ospf cost 1562 at the<br />
serial interface configuration mode prompt.<br />
Cairo(config)#interface serial 0/0<br />
Cairo(config-if)#ip ospf cost 1562<br />
Cairo(config-if)#end<br />
Task 12: Verify Cost<br />
Note that it is essential that all connected links agree about the cost for consistent calculation of the SPF in<br />
an area.<br />
Step 1. Verify that the interface OSPF cost was successfully modified.<br />
Cairo#show ip ospf interface<br />
Serial0/0 is up, line protocol is up<br />
Internet Address 192.168.1.1/30, Area 0<br />
Process ID 1, Router ID 192.168.1.129, Network Type POINT_TO_POINT<br />
Cost: 1562<br />
Transmit Delay is 1 sec, State POINT_TO_POINT,<br />
Step 2. Reverse the effect of this comm<strong>and</strong> by entering the comm<strong>and</strong> no ip ospf cost in interface configuration<br />
mode.<br />
Step 3. Verify that the default cost for the interface has returned.<br />
Serial0/0 is up, line protocol is up<br />
Internet Address 192.168.1.1/30, Area 0<br />
Process ID 1, Router ID 192.168.1.129, Network Type POINT_TO_POINT,<br />
Cost: 64<br />
Transmit Delay is 1 sec, State POINT_TO_POINT,<br />
Step 4. Enter the comm<strong>and</strong> b<strong>and</strong>width 2000 at the serial 0 interface configuration mode prompt.<br />
Record the new OSPF cost of the serial interface. 50<br />
Can the OSPF cost of an Ethernet interface be modified in this way? Yes<br />
You can set the speed on an Ethernet interface. Will this affect the OSPF cost of that interface?<br />
Yes
Step 5. Verify or explain the previous answer.<br />
You cannot change the speed on the Ethernet interfaces of 2500 series routers. You can change<br />
the b<strong>and</strong>width used in calculations with the b<strong>and</strong>width comm<strong>and</strong>. On routers with Fast<br />
Ethernet, you can change the speed on a Fast Ethernet interface with the speed comm<strong>and</strong>.<br />
Once changed, OSPF will use the new speed as the b<strong>and</strong>width variable for the cost calculation.<br />
FastEthernet0/0 is up, line protocol is up<br />
Internet Address 192.168.1.129/25, Area 0<br />
Process ID 1, Router ID 192.168.1.129, Network Type BROADCAST, Cost:<br />
50<br />
Transmit Delay is 1 sec, State DR, Priority 1<br />
Step 6. Reset the b<strong>and</strong>width on the serial interface by using no b<strong>and</strong>width 2000 at the serial 0 interface<br />
configuration mode prompt.<br />
After you complete the previous steps, log off (by typing exit) <strong>and</strong> turn the router off. Then, remove <strong>and</strong><br />
store the cables <strong>and</strong> adapter.<br />
Curriculum Lab 2-4: Configuring OSPF Authentication<br />
(2.3.4)<br />
Figure 2-13 Topology for Lab 2-4<br />
Straight-Through Cable<br />
Table 2-8 Lab Equipment Configuration: Part I<br />
Area 0<br />
Rollover (Console) Cable<br />
Router 1 Router 2<br />
Crossover Cable<br />
Serial Cable<br />
Chapter 2: Single-Area OSPF 137<br />
Router Designation Router Name Routing Protocol Network Statements<br />
Router 1 Dublin OSPF 192.168.1.0<br />
Router 2 Washington OSPF 192.168.1.0<br />
192.168.0.0
138 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
The enable secret password for both routers is class.<br />
The enable, VTY, <strong>and</strong> console password for both routers is cisco.<br />
Table 2-9 Lab Equipment Configuration: Part II<br />
Router IP Host Fast Ethernet 0 Inter-face Serial 0 Address/ Loopback 0<br />
Designation Table Entry Address/Subnet Type Serial 0 Subnet Mask Address/<br />
Mask Subnet Mask<br />
Router 1 Washington 192.168.1.129/26 DCE 192.168.1.1/30 192.168.31.11/32<br />
Router 2 Dublin 192.168.0.1/24 DTE 192.168.1.2/30 192.168.31.22/32<br />
The interface type <strong>and</strong> address/subnet mask for the serial 1 interface on both routers is not applicable for<br />
this lab.<br />
The “IP Host Table Entry” column contents indicate the names of the other routers in the IP host table.<br />
Objectives<br />
■ Set up an IP addressing scheme for the OSPF area.<br />
■ Configure <strong>and</strong> verify OSPF routing.<br />
■ Introduce OSPF authentication into the area.<br />
Background/Preparation<br />
Cable a network that is similar to the one in Figure 2-13. You can use any router that meets the interface<br />
requirements in Figure 2-13 (that is, 800, 1600, 1700, 2500, <strong>and</strong> 2600 routers or a combination). Refer to<br />
the information in Appendix A to correctly specify the interface identifiers based on the equipment in your<br />
lab. The 1721 series routers produced the configuration output in this lab. Another router might produce<br />
slightly different output. You should execute the following steps on each router unless you are specifically<br />
instructed otherwise.<br />
Start a HyperTerminal session.<br />
Implement the procedure documented in Appendix C on all routers before you continue with this lab.<br />
Task 1: Configure the Routers<br />
On the routers, enter global configuration mode <strong>and</strong> configure the hostname, console, virtual terminal, <strong>and</strong><br />
enable passwords. Next, configure the interfaces <strong>and</strong> IP hostnames according to the Lab Equipment<br />
Configuration tables, Tables 2-8 <strong>and</strong> 2-9. If you have problems configuring the router basics, refer to Lab<br />
1-2, “Review of Basic Router Configuring with RIP.”<br />
Note: You may need to add the comm<strong>and</strong> ip subnet-zero because of the use of the ZERO subnet with VLSM on the<br />
192.168.1.0/30 <strong>and</strong> 192.168.1.128/26 networks.<br />
Note: Do not configure the routing protocol until you are specifically told to.<br />
Dublin<br />
Router>enable<br />
Router#configure terminal<br />
Router(config)#hostname Dublin<br />
Dublin(config)#enable secret class<br />
Dublin(config)#line console 0
Dublin(config-line)#password cisco<br />
Dublin(config-line)#login<br />
Dublin(config-line)#line vty 0 4<br />
Dublin(config-line)#password cisco<br />
Dublin(config-line)#login<br />
Dublin(config-line)#exit<br />
Dublin(config)#interface loopback 0<br />
Dublin(config-if)#ip address 192.168.31.11 255.255.255.255<br />
Dublin(config-if)#interface serial 0<br />
Dublin(config-if)#ip address 192.168.1.1 255.255.255.252<br />
Dublin(config-if)#clockrate 64000<br />
Dublin(config-if)#no shutdown<br />
Dublin(config-if)#interface fastethernet 0/0<br />
Dublin(config-if)#ip address 192.168.1.129 255.255.255.192<br />
Dublin(config-if)#no shutdown<br />
Dublin(config-if)#exit<br />
Dublin(config)#ip host Washington 192.168.0.1 192.168.1.2<br />
Dublin(config)#exit<br />
Washington<br />
Router>enable<br />
Router#configure terminal<br />
Router(config)#hostname Washington<br />
Washington(config)#enable secret class<br />
Washington(config)#line console 0<br />
Washington(config-line)#password cisco<br />
Washington(config-line)#login<br />
Washington(config-line)#line vty 0 4<br />
Washington(config-line)#password cisco<br />
Washington(config-line)#login<br />
Washington(config-line)#exit<br />
Washington(config)#interface loopback 0<br />
Washington(config-if)#ip address 192.168.31.22 255.255.255.255<br />
Washington(config-if)#interface serial 0<br />
Washington(config-if)#ip address 192.168.1.2 255.255.255.252<br />
Washington(config-if)#no shutdown<br />
Washington(config-if)#interface fastethernet 0/0<br />
Washington(config-if)#ip address 192.168.0.1 255.255.255.0<br />
Washington(config-if)#no shutdown<br />
Washington(config-if)#exit<br />
Washington(config)#ip host Dublin 192.168.1.129 192.168.1.1<br />
Washington(config)#exit<br />
Chapter 2: Single-Area OSPF 139
140 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 2: Save the Configuration Information from Privileged EXEC<br />
Comm<strong>and</strong> Mode<br />
Dublin#copy running-config startup-config<br />
Destination filename [startup-config]? [Enter]<br />
Washington#copy running-config startup-config<br />
Destination filename [startup-config]? [Enter]<br />
Why should you save the running configuration to the startup configuration?<br />
Saving the configuration will allow the router to keep the configuration after a reload or power down.<br />
Task 3: Configure the Hosts<br />
Step 1. Configure the hosts with the proper IP address, subnet mask, <strong>and</strong> default gateway.<br />
Host connected to router Dublin<br />
IP address: 192.168.1.130<br />
Subnet mask: 255.255.255.192<br />
Default gateway: 192.168.1.129<br />
Host connected to router Washington<br />
IP address: 192.168.0.2<br />
Subnet mask: 255.255.255.0<br />
Default gateway: 192.168.0.1<br />
Step 2. Each workstation should be able to ping the attached router. Troubleshoot as necessary. Hint:<br />
Remember to assign a specific IP address <strong>and</strong> default gateway to the workstation. If you are<br />
running Windows 98, check using Start > Run > winipcfg. If you are running Windows 2000,<br />
check using ipconfig in a DOS window.<br />
Step 3. At this point, the workstations will not be able to communicate with each other. The following<br />
tasks demonstrate the process required to get communication working by using OSPF as the<br />
routing protocol.<br />
Task 4: Verify Connectivity<br />
Ping from one of the connected router serial interfaces to the other.<br />
Was the ping successful? Yes<br />
If the ping was not successful, troubleshoot the router’s configurations until the ping is successful.<br />
Task 5: Configure OSPF Routing on Both Routers<br />
Step 1. Configure OSPF routing on each router. Use OSPF process number 1 <strong>and</strong> ensure that all networks<br />
are in area 0. Refer to Lab 2-2, “Configuring OSPF with Loopback Addresses,” for a<br />
review on configuring OSPF routing.<br />
Dublin(config)#router ospf 1<br />
Dublin(config-router)#network 192.168.1.128 0.0.0.127 area 0<br />
Dublin(config-router)#network 192.168.1.0 0.0.0.3 area 0<br />
Dublin(config-router)#end
Washington(config)#router ospf 1<br />
Washington(config-router)#network 192.168.0.0 0.0.0.255 area 0<br />
Washington(config-router)#network 192.168.1.0 0.0.0.3 area 0<br />
Washington(config-router)#end<br />
Step 2. Examine the Dublin router running the configuration file. Did the IOS version automatically<br />
add lines under router OSPF 1? Yes<br />
Step 3. Show the routing table for the Dublin router.<br />
Dublin#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -<br />
BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS<br />
inter area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is not set<br />
C 192.168.31.11 is directly connected, Loopback0<br />
O 192.168.0.0/24 [110/51] via 192.168.1.2, 00:14:23, Serial0/0<br />
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks<br />
C 192.168.1.0/30 is directly connected, Serial0/0<br />
C 192.168.1.128/26 is directly connected, FastEthernet0/0<br />
Do entries exist in the routing table? Yes<br />
Why?<br />
Because a routing protocol has been configured <strong>and</strong> routing updates are being made.<br />
Task 6: Test Network Connectivity<br />
Ping the Dublin host from the Washington host. Was it successful? Yes<br />
If not, troubleshoot as necessary.<br />
Task 7: Set Up OSPF Authentication<br />
OSPF authentication is being established on the routers in the network. First, introduce authentication only<br />
on the Dublin router.<br />
In interface configuration mode on serial 0, enter the comm<strong>and</strong> ip ospf message-digest-key 1 md5 7<br />
asecret.<br />
Dublin(config)#interface Serial 0<br />
Dublin(config-if)#ip ospf message-digest-key 1 md5 ?<br />
Encryption type (0 for not yet encrypted, 7 for proprietary)<br />
Dublin(config-if)#ip ospf message-digest-key 1 md5 7 ?<br />
LINE The OSPF password (key)<br />
Dublin(config-if)#ip ospf message-digest-key 1 md5 7 asecret<br />
What is the OSPF password that is being used for MD5 authentication? asecret<br />
What encryption type is being used? Type 7<br />
Chapter 2: Single-Area OSPF 141
142 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 8: Enable OSPF Authentication in this Area, Area 0<br />
Dublin(config-if)#router ospf 1<br />
Dublin(config-router)#area 0 authentication<br />
Step 1. Wait for a few seconds. Does the router generate output? Yes<br />
Step 2. Enter the comm<strong>and</strong> show ip ospf neighbor.<br />
Are there OSPF neighbors? No<br />
Step 3. Examine the routing table by entering show ip route.<br />
Are there OSPF routes in the Dublin router routing table? No<br />
Can the Dublin host ping the Washington host? No<br />
Step 4. Enter configuration comm<strong>and</strong>s, one per line. End with Ctrl-Z.<br />
Washington#configure terminal<br />
Washington(config)#interface serial 0<br />
Washington(config-if)#ip ospf message-digest-key 1 md5 7 asecret<br />
Washington(config-if)#router ospf 1<br />
Washington(config-router)#area 0 authentication<br />
Step 5. Verify that there is an OSPF neighbor by entering the show ip ospf neighbor comm<strong>and</strong>.<br />
Neighbor ID Pri State Dead Time Address Interface<br />
192.168.1.129 1 FULL/ - 00:00:38 192.168.1.1 Serial0<br />
Step 6. Show the routing table by typing show ip route.<br />
Washington#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -<br />
BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS<br />
inter area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is not set<br />
C 192.168.31.22 is directly connected, Loopback0<br />
C 192.168.0.0/24 is directly connected, FastEthernet0/0<br />
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks<br />
C 192.168.1.0/30 is directly connected, Serial0/0<br />
O 192.168.1.128/26 [110/791] via 192.168.1.1, 00:18:41, Serial0/0<br />
Step 7. Ping the Washington host from Dublin. If it is not successful, troubleshoot as necessary.<br />
After you complete the previous steps, log off (by typing exit) <strong>and</strong> turn the router off. Then, remove <strong>and</strong><br />
store the cables <strong>and</strong> adapter.
Curriculum Lab 2-5: Configuring OSPF Timers (2.3.5)<br />
Figure 2-14 Topology for Lab 2-5<br />
Straight-Through Cable<br />
Table 2-10 Lab Equipment Configuration: Part I<br />
Router Designation Router Name Routing Protocol Network Statements<br />
Router 1 Sydney OSPF 192.168.1.0<br />
Router 2 Rome OSPF 192.168.1.0<br />
192.168.0.0<br />
The enable secret password for both routers is class.<br />
The enable, VTY, <strong>and</strong> console password for both routers is cisco.<br />
Table 2-11 Lab Equipment Configuration: Part II<br />
Area 0<br />
Rollover (Console) Cable<br />
Router 1 Router 2<br />
Crossover Cable<br />
Serial Cable<br />
Chapter 2: Single-Area OSPF 143<br />
Router IP Host Fast Ethernet 0 Inter-face Serial 0 Address/ Loopback 0<br />
Designation Table Entry Address/Subnet Type Serial 0 Subnet Mask Address/<br />
Mask Subnet Mask<br />
Router 1 Rome 192.168.1.129/26 DCE 192.168.1.1/30 192.168.31.11/32<br />
Router 2 Sydney 192.168.0.1/24 DTE 192.168.1.2/30 192.168.31.22/32<br />
The interface type <strong>and</strong> address/subnet mask for the serial 1 interface on both routers is not applicable for<br />
this lab.<br />
The “IP Host Table Entry” column contents indicate the names of the other routers in the IP host table.
144 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Objectives<br />
■ Set up an IP addressing scheme for the OSPF area.<br />
■ Configure <strong>and</strong> verify OSPF routing.<br />
■ Modify OSPF interface timers to adjust efficiency of the network.<br />
Background/Preparation<br />
Cable a network that is similar to the one in Figure 2-14. You can use any router that meets the interface<br />
requirements in Figure 2-14 (that is, 800, 1600, 1700, 2500, <strong>and</strong> 2600 routers or a combination). Refer to<br />
the information in Appendix A to correctly specify the interface identifiers based on the equipment in your<br />
lab. The 1721 series routers produced the configuration output in this lab. Another router might produce<br />
slightly different output. You should execute the following steps on each router unless you are specifically<br />
instructed otherwise. Start a HyperTerminal session.<br />
Implement the procedure documented in Appendix C on all routers before you continue with this lab.<br />
Task 1: Configure the Routers<br />
On the routers, enter global configuration mode <strong>and</strong> configure the hostname, console, virtual terminal, <strong>and</strong><br />
enable passwords. Next, configure the interfaces <strong>and</strong> IP hostnames according to the Lab Equipment<br />
Configuration tables, Tables 2-10 <strong>and</strong> 2-11. If you have problems configuring the router basics, refer to<br />
Lab 1-2, “Review of Basic Router Configuring with RIP.”<br />
Note: You may need to add the comm<strong>and</strong> ip subnet-zero because of the use of the ZERO subnet with VLSM on the<br />
192.168.1.0/30 <strong>and</strong> 192.168.1.128/26 networks.<br />
Note: Do not configure the routing protocol until you are specifically told to.<br />
Sydney<br />
Router>enable<br />
Router#configure terminal<br />
Router(config)#hostname Sydney<br />
Sydney(config)#enable secret class<br />
Sydney(config)#line console 0<br />
Sydney(config-line)#password cisco<br />
Sydney(config-line)#login<br />
Sydney(config-line)#line vty 0 4<br />
Sydney(config-line)#password cisco<br />
Sydney(config-line)#login<br />
Sydney(config-line)#exit<br />
Sydney(config)#interface loopback 0<br />
Sydney(config-if)#ip address 192.168.31.11 255.255.255.255<br />
Sydney(config-if)#interface serial 0<br />
Sydney(config-if)#ip address 192.168.1.1 255.255.255.252<br />
Sydney(config-if)#clockrate 64000<br />
Sydney(config-if)#no shutdown<br />
Sydney(config-if)#interface FastEthernet 0<br />
Sydney(config-if)#ip address 192.168.1.129 255.255.255.192<br />
Sydney(config-if)#no shutdown<br />
Sydney(config-if)#exit
Sydney(config)#ip host Rome 192.168.0.1 192.168.1.2<br />
Sydney(config)#exit<br />
Rome Router>enable<br />
Router#configure terminal<br />
Router(config)#hostname Rome<br />
Rome(config)#enable secret class<br />
Rome(config)#line console 0<br />
Rome(config-line)#password cisco<br />
Rome(config-line)#login<br />
Rome(config-line)#line vty 0 4<br />
Rome(config-line)#password cisco<br />
Rome(config-line)#login<br />
Rome(config-line)#exit<br />
Rome(config)#interface loopback 0<br />
Rome(config-if)#ip address 192.168.31.22 255.255.255.255<br />
Rome(config-if)#interface serial 0<br />
Rome(config-if)#ip address 192.168.1.2 255.255.255.252<br />
Rome(config-if)#no shutdown<br />
Rome(config-if)#interface FastEthernet 0<br />
Rome(config-if)#ip address 192.168.0.1 255.255.255.0<br />
Rome(config-if)#no shutdown<br />
Rome(config-if)#exit<br />
Rome(config)#ip host Sydney 192.168.1.129 192.168.1.1<br />
Rome(config)#exit<br />
Task 2: Save the Configuration Information from Privileged EXEC<br />
Comm<strong>and</strong> Mode<br />
Sydney#copy running-config startup-config<br />
Destination filename [startup-config]? [Enter]<br />
Rome#copy running-config startup-config<br />
Destination filename [startup-config]? [Enter]<br />
Why should you save the running configuration to the startup configuration?<br />
Saving the configuration will allow the router to keep the configuration after a reload or power down.<br />
Task 3: Configure the Hosts<br />
Step 1. Configure the hosts with the proper IP address, subnet mask, <strong>and</strong> default gateway.<br />
Host connected to router Sydney<br />
IP address: 192.168.1.130<br />
Subnet mask: 255.255.255.192<br />
Default gateway: 192.168.1.129<br />
Chapter 2: Single-Area OSPF 145
146 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Host connected to router Rome<br />
IP address: 192.168.0.2<br />
Subnet mask: 255.255.255.0<br />
Default gateway: 192.168.0.1<br />
Step 2. Each workstation should be able to ping the attached router. Troubleshoot as necessary. Hint:<br />
Remember to assign a specific IP address <strong>and</strong> default gateway to the workstation. If you are<br />
running Windows 98, check using Start > Run > winipcfg. If you are running Windows 2000,<br />
check using ipconfig in a DOS window.<br />
Step 3. At this point, the workstations will not be able to communicate with each other. The following<br />
tasks demonstrate the process that is required to get communication working by using OSPF as<br />
the routing protocol.<br />
Task 4: Verify Connectivity<br />
Ping from one of the connected serial interfaces to the other.<br />
Was the ping successful? Yes<br />
If the ping was not successful, troubleshoot the router configurations until the ping is successful.<br />
Task 5: Configure OSPF Routing on both Routers<br />
Step 1. Configure OSPF routing on each router. Use OSPF process number 1 <strong>and</strong> ensure that all networks<br />
are in area 0. Refer to Lab 2-2, “Configuring OSPF with Loopback Interfaces,” for a<br />
review on configuring OSPF routing.<br />
Sydney(config)#router ospf 1<br />
Sydney(config-router)#network 192.168.1.128 0.0.0.127 area 0<br />
Sydney(config-router)#network 192.168.1.0 0.0.0.3 area 0<br />
Sydney(config-router)#end<br />
Rome(config)#router ospf 1<br />
Rome(config-router)#network 192.168.0.0 0.0.0.255 area 0<br />
Rome(config-router)#network 192.168.1.0 0.0.0.3 area 0<br />
Rome(config-router)#end<br />
Did the IOS version automatically add lines under router OSPF 1? Yes<br />
Step 2. Show the routing table for the Sydney router.<br />
Sydney#show ip route<br />
Do entries exist in the routing table? Yes<br />
Task 6: Test Network Connectivity<br />
Ping the Sydney host from the Rome host. Was it successful? Yes<br />
If not, troubleshoot as necessary.
Task 7: Observe OSPF Traffic<br />
Step 1. At privileged EXEC mode, type the comm<strong>and</strong> debug ip ospf events <strong>and</strong> observe the output.<br />
How frequently are Hello messages sent? Every 10 seconds<br />
Where are Hello messages coming from?<br />
Hello messages are coming from 192.168.31.22 area 0 on the local Serial0 interface with the<br />
address 192.168.1.2<br />
Step 2. Turn off debugging by typing no debug ip ospf events or undebug all.<br />
Task 8: Show Interface Timer Information<br />
Show the hello <strong>and</strong> dead interval timers on the Sydney router Ethernet <strong>and</strong> serial interfaces by entering the<br />
comm<strong>and</strong> show ip ospf interface in privileged EXEC mode.<br />
Record the Hello <strong>and</strong> Dead interval timers for these interfaces:<br />
■ Hello interval: 10<br />
■ Dead interval: 40<br />
What is the purpose of the dead interval?<br />
It specifies the amount of time wait while Hellos are not being received before flagging the router as being<br />
down.<br />
Task 9: Modify the OSPF Timers<br />
Step 1. Modify the Hello <strong>and</strong> Dead interval timers to smaller values to try to improve performance. On<br />
the Sydney router only, enter the comm<strong>and</strong>s ip ospf hello-interval 5 <strong>and</strong> ip ospf dead-interval<br />
20 for interface serial 0.<br />
Sydney(config)#interface Serial 0<br />
Sydney(config-if)#ip ospf hello-interval 5<br />
Sydney(config-if)#ip ospf dead-interval 20<br />
Step 2. Wait for a minute <strong>and</strong> then enter the comm<strong>and</strong> show ip ospf neighbor.<br />
Do OSPF neighbors exist? No<br />
Task 10: Examine the Routing Table<br />
Examine the Sydney router routing table by entering show ip route.<br />
Do OSPF routes exist in the table? No<br />
Can the Sydney host ping the Rome host? No<br />
Task 11: Look at the OSPF Data Transmissions<br />
Enter the comm<strong>and</strong> debug ip ospf events in privileged EXEC mode.<br />
Is there an issue that is identified? Yes<br />
If there is, what is the issue?<br />
Hello <strong>and</strong> Dead intervals are mismatched.<br />
Chapter 2: Single-Area OSPF 147
148 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 12: Check the Rome Router Routing Table Status<br />
On the Rome router, check the routing table by typing show ip route.<br />
Do OSPF routes exist in the table? No<br />
Task 13: Set the Rome Router Interval Timers<br />
Step 1. Match the timer values on the Rome serial link with the Sydney router.<br />
Rome(config)#interface serial 0<br />
Rome(config-if)#ip ospf hello-interval 5<br />
Rome(config-if)#ip ospf dead-interval 20<br />
Step 2. Verify the OSPF neighbor by entering the show ip ospf neighbor comm<strong>and</strong>.<br />
Neighbor ID Pri State Dead Time Address Interface<br />
192.168.31.11 1 FULL/ - 00:00:17 192.168.1.1 Serial0<br />
Step 3. Show the routing table by typing show ip route.<br />
Rome#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -<br />
BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS<br />
inter area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is not set<br />
192.168.31.0/32 is subnetted, 1 subnets<br />
C 192.168.31.22 is directly connected, Loopback0<br />
C 192.168.0.0/24 is directly connected, Ethernet0<br />
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks<br />
C 192.168.1.0/30 is directly connected, Serial0<br />
O 192.168.1.128/25 [110/782] via 192.168.1.1, 00:00:12, Serial0<br />
Do OSPF routes exist in the table? Yes<br />
Step 4. Ping the Rome host from Sydney. If this is not successful, troubleshoot the configurations.<br />
Task 14: Reset the Router’s Interval Timers to the Default Values<br />
Use the no form of the ip ospf hello-interval <strong>and</strong> the ip ospf dead-interval to reset the OSPF timers back<br />
to their default values.<br />
Task 15: Verify that the Interval Timers Are Returned to the<br />
Default Values<br />
Use the show ip ospf interface comm<strong>and</strong> to verify that the timers are reset to their default values.<br />
Are the values back to the default? Yes<br />
If not, repeat Task 14 <strong>and</strong> verify again.
After you complete the previous steps, log off (by typing exit) <strong>and</strong> turn the router off. Then, remove <strong>and</strong><br />
store the cables <strong>and</strong> adapter.<br />
Curriculum Lab 2-6: Propagating Default Routes in an<br />
OSPF Domain (2.3.6)<br />
Figure 2-15 Topology for Lab 2-6<br />
Router 2<br />
Straight-Through Cable<br />
Rollover (Console) Cable<br />
Table 2-12 Lab Equipment Configuration: Part I<br />
Router Router Routing Network Statements Loopback 0 Address/<br />
Designation Name Protocol Subnet Mask<br />
Router 1 Tokyo OSPF 192.168.1.0 192.168.31.11/32<br />
Router 2 Madrid OSPF 192.168.1.0 192.168.0.0 192.168.31.22/32<br />
The enable secret password for all routers is class.<br />
The enable, VTY, <strong>and</strong> console passwords for each router is cisco.<br />
DTE<br />
DTE<br />
DCE DCE<br />
Router 3 Router 1<br />
Area 0<br />
Crossover Cable<br />
Serial Cable<br />
Chapter 2: Single-Area OSPF 149
150 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Table 2-13 Lab Equipment Configuration: Part II<br />
Router IP Host Fast Ethernet 0 Interface Serial 0 Address/ Inter-face Serial 1<br />
Designation Table Entry Address/Subnet Type Subnet Mask Type Serial 1 Address/<br />
Mask Serial 0 Subnet Mask<br />
Router 1 Madrid 192.168.1.129/26 DCE 192.168.1.1/30 N/A N/A<br />
Router 2 Tokyo 192.168.0.1/24 DTE 192.168.1.2/30 DTE 200.20.20.2/30<br />
The “IP Host Table Entry” column contents indicate the names of the other routers in the IP host table.<br />
Objectives<br />
■ Set up an IP addressing scheme for the OSPF area.<br />
■ Configure <strong>and</strong> verify OSPF routing.<br />
■ Configure the OSPF network so that all hosts in an OSPF area can connect to outside networks.<br />
Background/Preparation<br />
Cable a network that is similar to the one in Figure 2-15. You can use any router that meets the interface<br />
requirements in Figure 2-15 (that is, 800, 1600, 1700, 2500, <strong>and</strong> 2600 routers or a combination). Refer to<br />
the information in Appendix A to correctly specify the interface identifiers based on the equipment in your<br />
lab. The 1721 series routers produced the configuration output in this lab. Another router might produce<br />
slightly different output. You should execute the following steps on each router unless you are specifically<br />
instructed otherwise. Start a HyperTerminal session.<br />
Implement the procedure documented in Appendix C on all routers before you continue with this lab.<br />
Task 1: Configure the ISP Router<br />
Normally, the ISP would configure the ISP router (Router 3). For the purpose of this lab, after you erase<br />
the old configuration, configure the ISP router (Router 3) by typing the following:<br />
Router>enable<br />
Router#configure terminal<br />
Router(config)#hostname ISP<br />
ISP(config)#line vty 0 4<br />
ISP(config-line)#password cisco<br />
ISP(config-line)#login<br />
ISP(config-line)#interface serial 1<br />
ISP(config-if)#ip address 200.20.20.1 255.255.255.252<br />
ISP(config-if)#clock rate 64000<br />
ISP(config-if)#no shutdown<br />
ISP(config-if)#interface loopback 0<br />
ISP(config-if)#ip address 138.25.6.33 255.255.255.255<br />
ISP(config-if)#exit<br />
ISP(config)#ip route 192.168.1.0 255.255.255.0 200.20.20.2<br />
ISP(config)#ip route 192.168.0.0 255.255.255.0 200.20.20.2<br />
ISP(config)#end<br />
ISP#copy running-config startup-config<br />
Destination filename [startup-config]? [Enter]<br />
Building configuration...<br />
[OK]<br />
ISP#
Task 2: Configure the Area 0 OSPF Routers<br />
On the routers, enter global configuration mode <strong>and</strong> configure the hostname, console, virtual terminal, <strong>and</strong><br />
enable passwords. Next, configure the interfaces <strong>and</strong> IP hostnames according to the Lab Equipment<br />
Configuration tables, Tables 2-12 <strong>and</strong> 2-13. If you have problems configuring the router basics, refer to<br />
Lab 1-2, “Review of Basic Router Configuring with RIP.”<br />
Note: Do not configure the routing protocol until you are specifically told to.<br />
Tokyo<br />
Router>enable<br />
Router#configure terminal<br />
Router(config)#hostname Tokyo<br />
Tokyo(config)#enable secret class<br />
Tokyo(config)#line console 0<br />
Tokyo(config-line)#password cisco<br />
Tokyo(config-line)#login<br />
Tokyo(config-line)#line vty 0 4<br />
Tokyo(config-line)#password cisco<br />
Tokyo(config-line)#login<br />
Tokyo(config-line)#exit<br />
Tokyo(config)#interface loopback 0<br />
Tokyo(config-if)#ip address 192.168.31.11 255.255.255.255<br />
Tokyo(config-if)#interface serial 0<br />
Tokyo(config-if)#ip address 192.168.1.1 255.255.255.252<br />
Tokyo(config-if)#clockrate 64000<br />
Tokyo(config-if)#no shutdown<br />
Tokyo(config-if)#interface fastethernet 0<br />
Tokyo(config-if)#ip address 192.168.1.129 255.255.255.192<br />
Tokyo(config-if)#no shutdown<br />
Tokyo(config-if)#exit<br />
Tokyo(config)#ip host Madrid 192.168.0.1 192.168.1.2<br />
Tokyo(config)#exit<br />
Madrid<br />
Router>enable<br />
Router#configure terminal<br />
Router(config)#hostname Madrid<br />
Madrid(config)#enable secret class<br />
Madrid(config)#line console 0<br />
Madrid(config-line)#password cisco<br />
Madrid(config-line)#login<br />
Madrid(config-line)#line vty 0 4<br />
Madrid(config-line)#password cisco<br />
Madrid(config-line)#login<br />
Madrid(config-line)#exit<br />
Madrid(config)#interface loopback 0<br />
Madrid(config-if)#ip address 192.168.31.22 255.255.255.255<br />
Chapter 2: Single-Area OSPF 151
152 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Madrid(config-if)#interface serial 0<br />
Madrid(config-if)#ip address 192.168.1.2 255.255.255.252<br />
Madrid(config-if)#no shutdown<br />
Madrid(config-if)#interface serial 1<br />
Madrid(config-if)#ip address 200.20.20.2 255.255.255.252<br />
Madrid(config-if)#no shutdown<br />
Madrid(config-if)#interface fastethernet 0<br />
Madrid(config-if)#ip address 192.168.0.1 255.255.255.0<br />
Madrid(config-if)#no shutdown<br />
Madrid(config-if)#exit<br />
Madrid(config)#ip host Tokyo 192.168.1.129 192.168.1.1<br />
Madrid(config)#exit<br />
Task 3: Save the Configuration Information from Privileged EXEC<br />
Comm<strong>and</strong> Mode<br />
Tokyo#copy running-config startup-config<br />
Destination filename [startup-config]? [Enter]<br />
Madrid#copy running-config startup-config<br />
Destination filename [startup-config]? [Enter]<br />
Why should you save the running configuration to the startup configuration?<br />
Saving the configuration will allow the router to keep the configuration after a reload or power down.<br />
Task 4: Configure the Hosts<br />
Step 1. Configure the hosts with the proper IP address, subnet mask, <strong>and</strong> default gateway.<br />
Host connected to router Sydney<br />
IP address: 192.168.1.130<br />
Subnet mask: 255.255.255.192<br />
Default gateway: 192.168.1.129<br />
Host connected to router Rome<br />
IP address: 192.168.0.2<br />
Subnet mask: 255.255.255.0<br />
Default gateway: 192.168.0.1<br />
Step 2. Each workstation should be able to ping the attached router. Troubleshoot as necessary. Hint:<br />
Remember to assign a specific IP address <strong>and</strong> default gateway to the workstation. If you are<br />
running Windows 98, check using Start > Run > winipcfg. If you are running Windows 2000,<br />
check using ipconfig in a DOS window.<br />
Step 3. At this point, the workstations will not be able to communicate with each other. The following<br />
tasks demonstrate the process that is required to get communication working by using OSPF as<br />
the routing protocol.
Task 5: Verify Connectivity<br />
Ping from the Madrid router to both the Tokyo <strong>and</strong> ISP routers.<br />
Madrid#ping 192.168.1.1<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:<br />
!!!!!<br />
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms<br />
Madrid#ping 200.20.20.1<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 200.20.20.1, timeout is 2 seconds:<br />
!!!!!<br />
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms<br />
Were the pings successful? Yes<br />
If the ping was not successful, troubleshoot the router configurations until the ping is successful.<br />
Task 6: Configure OSPF Routing on Both Area 0 Routers<br />
Step 1. Configure OSPF routing on each router. Use OSPF process number 1 <strong>and</strong> ensure that all networks<br />
are in area 0. Refer to Lab 2-2, “Configuring OSPF with Loopback Addresses,” for a<br />
review on configuring OSPF routing.<br />
Tokyo(config)#router ospf 1<br />
Tokyo(config-router)#network 192.168.1.128 0.0.0.127 area 0<br />
Tokyo(config-router)#network 192.168.1.0 0.0.0.3 area 0<br />
Tokyo(config-router)#end<br />
Madrid(config)#router ospf 1<br />
Madrid(config-router)#network 192.168.0.0 0.0.0.255 area 0<br />
Madrid(config-router)#network 192.168.1.0 0.0.0.3 area 0<br />
Madrid(config-router)#end<br />
Did the IOS version automatically add lines under router OSPF 1? Yes<br />
Step 2. Show the routing table for the Tokyo router.<br />
Tokyo#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -<br />
BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS<br />
inter area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is not set<br />
192.168.31.0/32 is subnetted, 1 subnets<br />
C 192.168.31.11 is directly connected, Loopback0<br />
O 192.168.0.0/24 [110/65] via 192.168.1.2, 00:00:14, Serial0<br />
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks<br />
C 192.168.1.0/30 is directly connected, Serial0<br />
C 192.168.1.128/24 is directly connected, FastEthernet0<br />
Do entries exist in the routing table? Yes<br />
Chapter 2: Single-Area OSPF 153
154 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 7: Test Network Connectivity<br />
Ping the Tokyo host from the Madrid host. Was it successful? Yes<br />
If not, troubleshoot as necessary.<br />
Task 8: Observe OSPF Traffic<br />
Step 1. At privileged EXEC mode, type the comm<strong>and</strong> debug ip ospf events <strong>and</strong> observe the output.<br />
Is there OSPF traffic? Yes<br />
Step 2. Turn off debugging by typing no debug ip ospf events or undebug all.<br />
Task 9: Create a Default Route to the ISP<br />
On the Madrid router only, type a static default route via the serial 1 interface.<br />
Madrid(config)#ip route 0.0.0.0 0.0.0.0 200.200.200.1<br />
Task 10: Verify the Default Static Route<br />
Verify the default static route by looking at the Madrid routing table.<br />
Madrid#show ip route<br />
01:12:26: %SYS-5-CONFIG_I: Configured from console by consolehow ip<br />
route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -<br />
BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS<br />
inter area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is 200.20.20.1 to network 0.0.0.0<br />
200.20.20.0/30 is subnetted, 1 subnets<br />
C 200.20.20.0 is directly connected, Serial1<br />
192.168.31.0/32 is subnetted, 1 subnets<br />
C 192.168.31.22 is directly connected, Loopback0<br />
C 192.168.0.0/24 is directly connected, FastEthernet0<br />
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks<br />
C 192.168.1.0/30 is directly connected, Serial0<br />
O 192.168.1.128/24 [110/782] via 192.168.1.1, 00:01:44, Serial0<br />
S* 0.0.0.0/0 [1/0] via 200.20.20.1<br />
Is the default route in the routing table? Yes
Task 11: Verify Connectivity from the Madrid Router<br />
Step 1. Verify connectivity from the Madrid router by pinging the ISP serial 1 interface from the<br />
Madrid router.<br />
Can the interface be pinged? Yes<br />
Step 2. Ping from a DOS window on the host that is attached to the Madrid router Fast Ethernet interface<br />
to the ISP router serial 1 interface.<br />
Can the interface be pinged? Yes<br />
Step 3. Ping again from the host to the loopback address on the ISP router, which represents the ISP<br />
connection to the Internet.<br />
Can the loopback interface be pinged? Yes<br />
Step 4. All these pings should be successful. If they are not, troubleshoot the configurations on the host<br />
<strong>and</strong> the Madrid <strong>and</strong> ISP routers.<br />
Task 12: Verify Connectivity from the Tokyo Router<br />
Verify connectivity from the Tokyo router by pinging the ISP router serial 1 interface from the Tokyo<br />
router.<br />
Can the interface be pinged? No<br />
If yes, why? If not, why not?<br />
There is no route to the ISP router.<br />
Task 13: Redistribute the Static Default Route<br />
Propagate the gateway of last resort to the other routers in the OSPF domain. At the configure router<br />
prompt on the Madrid router, type default-information originate.<br />
Madrid(config-router)#default-information originate<br />
Does a default route now exist on the Tokyo router? Yes<br />
What is the address of the gateway of last resort? 192.168.1.2<br />
There is an O*E2 entry in the routing table. What type of route is it?<br />
OSPF external route type 2<br />
Can the ISP server address at 138.25.16.33 be pinged from both workstations? Yes<br />
If not, troubleshoot both hosts <strong>and</strong> all three routers.<br />
Chapter 2: Single-Area OSPF 155<br />
After you complete the previous steps, log off (by typing exit) <strong>and</strong> turn the router off. Then, remove <strong>and</strong><br />
store the cables <strong>and</strong> adapter.
156 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Comprehensive Lab 2-7: OSPF Configuration<br />
Figure 2-16 OSPF Configuration<br />
Table 2-14 Lab 2-7 Addressing Scheme<br />
Device Interface IP Address Subnet Mask<br />
RTA Fa0/0 192.168.1.1 255.255.255.192<br />
S0/1 192.168.1.245 255.255.255.252<br />
S0/0 192.168.1.254 255.255.255.252<br />
Lo0 209.165.202.129 255.255.255.255<br />
RTB S0/1 192.168.1.246 255.255.255.192<br />
Fa0/0 192.168.1.65 255.255.255.192<br />
S0/0 192.168.1.249 255.255.255.252<br />
RTC S0/1 192.168.1.250 255.255.255.252<br />
Objectives<br />
192.168.1.128/26<br />
■ Configure OSPF routing<br />
■ Modify OSPF cost<br />
Fa0/0 192.168.1.129 255.255.255.192<br />
S0/0 192.168.1.253 255.255.255.252<br />
■ Configure MD5 authentication<br />
■ Adjust OSPF timers<br />
Address Space<br />
192.168.1.0/24<br />
Fa0/0<br />
■ Configure <strong>and</strong> propagate a default route<br />
S0/0<br />
192.168.1.0/26<br />
Fa0/0<br />
RTA<br />
S0/1<br />
DCE<br />
192.168.1.252/30 192.168.1.244/30<br />
OSPF<br />
Area 0<br />
T1 T1<br />
S0/0<br />
DCE<br />
S0/1<br />
RTC<br />
S0/1<br />
386 kps<br />
192.168.1.248/30 S0/0<br />
DCE<br />
RTB<br />
Simulated ISP Link<br />
Lo0 209.165.202.129/32<br />
192.168.1.64/26<br />
Fa0/0
Equipment<br />
The topology shown in Figure 2-16 is using 2600 series routers. This lab can be done with any combination<br />
of 1700, 2500, <strong>and</strong> 2600 series routers. Connectivity to an ISP is simulated with a loopback interface<br />
on RTA.<br />
NetLab Compatibility Notes<br />
This lab is fully compatible with a st<strong>and</strong>ard NetLab three router pod.<br />
Task 1: Cable the Topology <strong>and</strong> Basic Configurations<br />
Step 1. Cable the topology as shown. If DCE/DTE connections <strong>and</strong> interfaces are different from those<br />
shown in Figure 2-16 <strong>and</strong> the table, relabel the figure to match your connections.<br />
Step 2. Configure the routers with basic router configurations, including<br />
■ Hostnames <strong>and</strong> host tables<br />
■ Enable secret password <strong>and</strong> MOTD banner<br />
■ Line configurations<br />
■ IOS-specific comm<strong>and</strong>s (e.g. ip subnet-zero with IOS versions prior to 12)<br />
Step 3. The following is a basic configuration for RTA:<br />
Router(config)#hostname RTA<br />
RTA(config)#ip subnet-zero<br />
RTA(config)#no ip domain-lookup<br />
RTA(config)#ip host RTC 192.168.1.253 192.168.1.254<br />
RTA(config)#ip host RTB 192.168.1.246 192.168.1.249<br />
RTA(config)#banner motd &<br />
***********************************<br />
!!!AUTHORIZED ACCESS ONLY!!!<br />
***********************************<br />
&<br />
RTA(config)#line con 0<br />
RTA(config-line)#exec-timeout 30 0<br />
RTA(config-line)#password cisco<br />
RTA(config-line)#logging synchronous<br />
RTA(config-line)#login<br />
RTA(config-line)#line aux 0<br />
RTA(config-line)#exec-timeout 30 0<br />
RTA(config-line)#password cisco<br />
RTA(config-line)#logging synchronous<br />
RTA(config-line)#login<br />
RTA(config-line)#line vty 0 4<br />
RTA(config-line)#exec-timeout 30 0<br />
RTA(config-line)#password cisco<br />
RTA(config-line)#logging synchronous<br />
RTA(config-line)#login<br />
RTA(config-line)#end<br />
RTA#copy run start<br />
Chapter 2: Single-Area OSPF 157
158 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 2: Configure Interfaces <strong>and</strong> OSPF Routing<br />
Step 1. Use Table 2-14 <strong>and</strong> the topology shown in Figure 2-16 to configure each router with the correct<br />
interface addresses. To simulate an ISP connection, use the following configuration on RTA:<br />
RTA(config)#interface Loopback0<br />
RTA(config-if)#description Simulated Link to ISP<br />
RTA(config-if)#ip address 209.165.202.129 255.255.255.255<br />
Step 2. Configure OSPF routing on RTA, RTB, <strong>and</strong> RTC. Do not configure the simulated ISP loopback<br />
interface as part of OSPF. The configuration for RTA is as follows:<br />
RTA(config)#router ospf 1<br />
RTA(config-router)#network 192.168.1.0 0.0.0.63 area 0<br />
RTA(config-router)#network 192.168.1.244 0.0.0.3 area 0<br />
RTA(config-router)#network 192.168.1.252 0.0.0.3 area 0<br />
Task 3: Verify Connectivity<br />
Step 1. You should now have full connectivity between RTA, RTB, <strong>and</strong> RTC. Issue the show ip route<br />
comm<strong>and</strong> to verify full convergence.<br />
Routing table on RTA:<br />
RTA#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter<br />
area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is not set<br />
209.165.202.0/32 is subnetted, 1 subnets<br />
C 209.165.202.129 is directly connected, Loopback0<br />
192.168.1.0/24 is variably subnetted, 6 subnets, 2 masks<br />
O 192.168.1.64/26 [110/65] via 192.168.1.246, 00:00:48, Serial0/1<br />
C 192.168.1.0/26 is directly connected, FastEthernet0/0<br />
O 192.168.1.248/30 [110/128] via 192.168.1.246, 00:00:48, Serial0/1<br />
[110/128] via 192.168.1.253, 00:00:48, Serial0/0<br />
C 192.168.1.252/30 is directly connected, Serial0/0<br />
C 192.168.1.244/30 is directly connected, Serial0/1<br />
O 192.168.1.128/26 [110/65] via 192.168.1.253, 00:00:49, Serial0/0<br />
Step 2. Notice that RTA has four connected routes (including the simulated ISP link) <strong>and</strong> three OSPF<br />
routes. RTB <strong>and</strong> RTC should both have three connected routes <strong>and</strong> three OSPF routes.<br />
Step 3. Pings sourced from any router to a LAN interface on another router should succeed.<br />
RTA#ping 192.168.1.65<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 192.168.1.65, timeout is 2 seconds:<br />
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms<br />
RTA#ping 192.168.1.129<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 192.168.1.129, timeout is 2 seconds:<br />
!!!!!<br />
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms<br />
Task 4: Modify OSPF Cost<br />
Step 1. At this point, all routers are using the default b<strong>and</strong>width for serial interfaces: for 2500s <strong>and</strong><br />
2600s, 1544 kbps; for 1700s, 128 kbps. Use the show interface serial comm<strong>and</strong> to view the<br />
b<strong>and</strong>width used to calculate cost.<br />
RTB#show interface s0/0<br />
Serial0/0 is up, line protocol is up<br />
Hardware is PowerQUICC Serial<br />
Description: Link to RTC<br />
Internet address is 192.168.1.249/30<br />
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,<br />
reliability 255/255, txload 1/255, rxload 1/255<br />
(output omitted)<br />
Step 2. When RTB pings the LAN interface on RTC, it sends it directly to RTC even though the path<br />
through RTA is faster.<br />
RTB#traceroute 192.168.1.129<br />
Type escape sequence to abort.<br />
Tracing the route to 192.168.1.129<br />
1 RTC (192.168.1.250) 16 msec * 12 msec<br />
RTB#<br />
Step 3. Configure both RTB <strong>and</strong> RTC with the correct b<strong>and</strong>width.<br />
RTB(config)#interface s0/0<br />
RTB(config-if)#b<strong>and</strong>width 386<br />
!<br />
RTC(config)#interface s0/1<br />
RTC(config-if)#b<strong>and</strong>width 386<br />
Step 4. Verify that RTB sends pings destined for the LAN on RTC to RTA, which then routes the ping<br />
to RTC.<br />
RTB#traceroute 192.168.1.129<br />
Type escape sequence to abort.<br />
Tracing the route to 192.168.1.129<br />
1 RTA (192.168.1.245) 16 msec 12 msec 16 msec<br />
2 RTC (192.168.1.253) 28 msec * 16 msec<br />
RTB#<br />
Chapter 2: Single-Area OSPF 159
160 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 5: Configure MD5 Authentication<br />
Step 1. To make sure routing updates come from trusted sources, configure each router to use MD5<br />
authentication. The configuration for RTA follows:<br />
RTA(config)#interface serial 0/0<br />
RTA(config-if)#ip ospf message-digest-key 1 md5 7 allrouters<br />
RTA(config)#interface serial 0/1<br />
RTA(config-if)#ip ospf message-digest-key 1 md5 7 allrouters<br />
RTA(config-if)#router ospf 1<br />
RTA(config-router)#area 0 authentication message-digest<br />
Step 2. After configuring authentication on each router, neighbor adjacency will go to the DOWN state<br />
<strong>and</strong> then reinitialize. Make sure that all routing tables have reconverged by issuing the show ip<br />
route comm<strong>and</strong>. The table for RTA follows:<br />
RTA#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter<br />
area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is not set<br />
209.165.202.0/32 is subnetted, 1 subnets<br />
C 209.165.202.129 is directly connected, Loopback0<br />
192.168.1.0/24 is variably subnetted, 6 subnets, 2 masks<br />
O 192.168.1.64/26 [110/65] via 192.168.1.246, 00:06:25, Serial0/1<br />
C 192.168.1.0/26 is directly connected, FastEthernet0/0<br />
O 192.168.1.248/30 [110/323] via 192.168.1.246, 00:06:25, Serial0/1<br />
[110/323] via 192.168.1.253, 00:06:25, Serial0/0<br />
C 192.168.1.252/30 is directly connected, Serial0/0<br />
C 192.168.1.244/30 is directly connected, Serial0/1<br />
O 192.168.1.128/26 [110/65] via 192.168.1.253, 00:06:26, Serial0/0<br />
Step 3. You can verify authentication by using the show ip ospf comm<strong>and</strong> or the show ip ospf interface<br />
comm<strong>and</strong>.<br />
RTA#show ip ospf<br />
Routing Process “ospf 1” with ID 209.165.202.129<br />
Supports only single TOS(TOS0) routes<br />
Supports opaque LSA<br />
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs<br />
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs<br />
Number of external LSA 0. Checksum Sum 0x0<br />
Number of opaque AS LSA 0. Checksum Sum 0x0<br />
Number of DCbitless external <strong>and</strong> opaque AS LSA 0<br />
Number of DoNotAge external <strong>and</strong> opaque AS LSA 0<br />
Number of areas in this router is 1. 1 normal 0 stub 0 nssa<br />
External flood list length 0<br />
Area BACKBONE(0)
Number of interfaces in this area is 3<br />
Area has message digest authentication<br />
SPF algorithm executed 2 times<br />
Area ranges are<br />
Number of LSA 3. Checksum Sum 0x1F45E<br />
Number of opaque link LSA 0. Checksum Sum 0x0<br />
Number of DCbitless LSA 0<br />
Number of indication LSA 0<br />
Number of DoNotAge LSA 0<br />
Flood list length 0<br />
RTA#show ip ospf interface s0/0<br />
Serial0/0 is up, line protocol is up<br />
Internet Address 192.168.1.254/30, Area 0<br />
Process ID 1, Router ID 209.165.202.129, Network Type POINT_TO_POINT, Cost:<br />
64<br />
Transmit Delay is 1 sec, State POINT_TO_POINT,<br />
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5<br />
Hello due in 00:00:01<br />
Index 3/3, flood queue length 0<br />
Next 0x0(0)/0x0(0)<br />
Last flood scan length is 1, maximum is 1<br />
Last flood scan time is 0 msec, maximum is 0 msec<br />
Neighbor Count is 1, Adjacent neighbor count is 1<br />
Adjacent with neighbor 10.0.0.1<br />
Suppress hello for 0 neighbor(s)<br />
Message digest authentication enabled<br />
Youngest key id is 1<br />
Task 6: Adjust OSPF Timers<br />
Step 1. Notice in the previous output for show ip ospf interface that the Hello <strong>and</strong> dead interval timers<br />
are shown as 10 <strong>and</strong> 40, respectively. Configure these intervals to be 40 <strong>and</strong> 160 on all three<br />
routers.<br />
RTA(config)#interface s0/0<br />
RTA(config-if)#ip ospf hello-interval 40<br />
RTA(config-if)#ip ospf dead-interval 160<br />
RTA(config)#interface s0/1<br />
RTA(config-if)#ip ospf hello-interval 40<br />
RTA(config-if)#ip ospf dead-interval 160<br />
Chapter 2: Single-Area OSPF 161<br />
Step 2. Verify that all routers have full routing tables <strong>and</strong> have re-established neighbor adjacencies. If<br />
adjacency has not been re-established, you can use the debug ip ospf events comm<strong>and</strong> to find<br />
where there might be a timing mismatch.<br />
RTA#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter<br />
area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR
162 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
P - periodic downloaded static route<br />
Gateway of last resort is not set<br />
209.165.202.0/32 is subnetted, 1 subnets<br />
C 209.165.202.129 is directly connected, Loopback0<br />
192.168.1.0/24 is variably subnetted, 6 subnets, 2 masks<br />
O 192.168.1.64/26 [110/65] via 192.168.1.246, 00:00:04, Serial0/1<br />
C 192.168.1.0/26 is directly connected, FastEthernet0/0<br />
O 192.168.1.248/30 [110/323] via 192.168.1.246, 00:00:04, Serial0/1<br />
[110/323] via 192.168.1.253, 00:00:04, Serial0/0<br />
C 192.168.1.252/30 is directly connected, Serial0/0<br />
C 192.168.1.244/30 is directly connected, Serial0/1<br />
O 192.168.1.128/26 [110/65] via 192.168.1.253, 00:00:05, Serial0/0<br />
RTA#show ip ospf neighbor<br />
Neighbor ID Pri State Dead Time Address Interface<br />
192.168.1.253 1 FULL/ - 00:02:19 192.168.1.253 Serial0/0<br />
192.168.1.249 1 FULL/ - 00:02:16 192.168.1.246 Serial0/1<br />
Task 7: Configure <strong>and</strong> Propagate a Default Route<br />
Step 1. Because the ISP is only simulated, RTA does not have a real default route. However, you can<br />
simulate a default route by configuring it to forward to a null interface.<br />
RTA(config)#ip route 0.0.0.0 0.0.0.0 null 0<br />
Step 2. Now, you can configure RTA to propagate the default route to RTB <strong>and</strong> RTC.<br />
RTA(config)#router ospf 1<br />
RTA(config-router)#default-information originate<br />
Step 3. RTB <strong>and</strong> RTC should now be able to successfully ping the 209.165.202.129 interface, which<br />
verifies that both routers have a working default route.<br />
RTA hostname RTA<br />
!<br />
RTB#ping 209.165.202.129<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 209.165.202.129, timeout is 2 seconds:<br />
!!!!!<br />
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/28 ms<br />
RTC#ping 209.165.202.129<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 209.165.202.129, timeout is 2 seconds:<br />
!!!!!<br />
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/33/48 ms<br />
enable secret class<br />
!<br />
ip subnet-zero
no ip domain-lookup<br />
ip host RTB 192.168.1.246 192.168.1.249<br />
ip host RTC 192.168.1.253 192.168.1.250<br />
!<br />
!<br />
interface Loopback0<br />
!<br />
description Simulated Link to ISP<br />
ip address 209.165.202.129 255.255.255.255<br />
interface FastEthernet0/0<br />
!<br />
description RTA LAN<br />
ip address 192.168.1.1 255.255.255.192<br />
interface Serial0/0<br />
!<br />
description Link to RTC<br />
ip address 192.168.1.254 255.255.255.252<br />
ip ospf message-digest-key 1 md5 7 allrouters<br />
ip ospf hello-interval 40<br />
clockrate 64000<br />
no shutdown<br />
interface Serial0/1<br />
!<br />
description Link to RTB<br />
ip address 192.168.1.245 255.255.255.252<br />
ip ospf message-digest-key 1 md5 7 allrouters<br />
ip ospf hello-interval 40<br />
clockrate 64000<br />
no shutdown<br />
router ospf 1<br />
!<br />
log-adjacency-changes<br />
area 0 authentication message-digest<br />
network 192.168.1.0 0.0.0.63 area 0<br />
network 192.168.1.244 0.0.0.3 area 0<br />
network 192.168.1.252 0.0.0.3 area 0<br />
default-information originate<br />
ip classless<br />
ip route 0.0.0.0 0.0.0.0 Null0<br />
no ip http server<br />
!<br />
!<br />
!<br />
banner motd &<br />
***********************************<br />
!!!AUTHORIZED ACCESS ONLY!!!<br />
Chapter 2: Single-Area OSPF 163
164 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
***********************************<br />
&<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line aux 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
!<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
end<br />
RTB hostname RTB<br />
!<br />
enable secret class<br />
!<br />
ip subnet-zero<br />
no ip domain-lookup<br />
ip host RTC 192.168.1.250 192.168.1.253<br />
ip host RTA 192.168.1.245 192.168.1.254<br />
!<br />
interface FastEthernet0/0<br />
!<br />
description RTB LAN<br />
ip address 192.168.1.65 255.255.255.192<br />
no shutdown<br />
interface Serial0/0<br />
!<br />
description Link to RTC<br />
b<strong>and</strong>width 386<br />
ip address 192.168.1.249 255.255.255.252<br />
ip ospf message-digest-key 1 md5 7 allrouters<br />
ip ospf hello-interval 40<br />
clockrate 64000<br />
no shutdown<br />
!Adjust clock rate for the correct interface, if needed
!<br />
interface Serial0/1<br />
!<br />
description Link to RTA<br />
ip address 192.168.1.246 255.255.255.252<br />
ip ospf message-digest-key 1 md5 7 allrouters<br />
ip ospf hello-interval 40<br />
no shutdown<br />
router ospf 2<br />
!<br />
log-adjacency-changes<br />
area 0 authentication message-digest<br />
network 192.168.1.64 0.0.0.63 area 0<br />
network 192.168.1.244 0.0.0.3 area 0<br />
network 192.168.1.248 0.0.0.3 area 0<br />
ip classless<br />
no ip http server<br />
!<br />
!<br />
snmp-server manager<br />
!<br />
banner motd &<br />
***********************************<br />
!!!AUTHORIZED ACCESS ONLY!!!<br />
***********************************<br />
&<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line aux 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
!<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
end<br />
Chapter 2: Single-Area OSPF 165
166 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
RTC<br />
hostname RTC<br />
!<br />
enable secret class<br />
!<br />
ip subnet-zero<br />
no ip domain-lookup<br />
!<br />
!<br />
interface FastEthernet0/0<br />
!<br />
description RTC LAN<br />
ip address 192.168.1.129 255.255.255.192<br />
no shutdown<br />
interface Serial0/0<br />
!<br />
description Link to RTA<br />
ip address 192.168.1.253 255.255.255.252<br />
ip ospf message-digest-key 1 md5 7 allrouters<br />
ip ospf hello-interval 40<br />
no shutdown<br />
interface Serial0/1<br />
!<br />
description Link to RTB<br />
b<strong>and</strong>width 386<br />
ip address 192.168.1.250 255.255.255.252<br />
ip ospf message-digest-key 1 md5 7 allrouters<br />
ip ospf hello-interval 40<br />
no shutdown<br />
router ospf 3<br />
!<br />
log-adjacency-changes<br />
area 0 authentication message-digest<br />
network 192.168.1.128 0.0.0.63 area 0<br />
network 192.168.1.248 0.0.0.3 area 0<br />
network 192.168.1.252 0.0.0.3 area 0<br />
banner motd &<br />
***********************************<br />
!!!AUTHORIZED ACCESS ONLY!!!<br />
***********************************<br />
&<br />
!<br />
line con 0
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line aux 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
!<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
end<br />
Challenge Lab 2-8: OSPF Design <strong>and</strong> Configuration<br />
Figure 2-17 OSPF Design <strong>and</strong> Configuration<br />
Public Web Server<br />
209.165.202.129/32<br />
Address Space<br />
172.16.0.0/16<br />
Lo0<br />
209.165.201.0/30<br />
ISP<br />
S0/0<br />
DCE<br />
S0/0<br />
Production LAN Lo0<br />
Warehouse LAN Lo1<br />
Marketing LAN Lo2<br />
Management LAN Lo3<br />
Purchasing LAN Lo4<br />
HQ<br />
S0/1<br />
DCE<br />
1<br />
4<br />
T1<br />
East Region Lo0<br />
North Region Lo1<br />
South Region Lo2<br />
West Region Lo3<br />
International Lo4<br />
WAN<br />
S0/1<br />
Chapter 2: Single-Area OSPF 167<br />
172.16.0.0 / 18<br />
172.16.64.0 / 19<br />
172.16.96.0 / 20<br />
172.16.112.0 / 21<br />
172.16.120.0 / 22<br />
172.16.255.252 / 30<br />
Remote<br />
172.16.128.0 / 20<br />
172.16.144.0 / 20<br />
172.16.160.0 / 20<br />
172.16.176.0 / 20<br />
172.16.192.0 / 20
168 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Table 2-15 Lab 2-8 Addressing Scheme<br />
Device Interface IP Address Subnet Mask<br />
ISP Lo0 209.165.202.129 255.255.255.255<br />
S0/0 209.165.201.1 255.255.255.252<br />
HQ S0/0 209.165.201.2 255.255.255.252<br />
S0/1 172.16.255.253 255.255.255.252<br />
Lo0 172.16.0.1 255.255.192.0<br />
Lo1 172.16.64.1 255.255.224.0<br />
Lo2 172.16.96.1 255.255.240.0<br />
Lo3 172.16.112.1 255.255.248.0<br />
Lo4 172.16.120.1 255.255.252.0<br />
REMOTE S0/1 172.16.255.254 255.255.255.252<br />
Objectives<br />
■ Design a VLSM addressing scheme.<br />
Lo0 172.16.128.1 255.255.240.0<br />
Lo1 172.16.144.1 255.255.240.0<br />
Lo2 172.16.160.1 255.255.240.0<br />
Lo3 172.16.176.1 255.255.240.0<br />
Lo4 172.16.192.1 255.255.240.0<br />
■ Configure routers with basic configurations using your addressing scheme.<br />
■ Configure dynamic, static, <strong>and</strong> default routing.<br />
■ Verify connectivity <strong>and</strong> troubleshoot problems.<br />
Equipment<br />
The topology shown in Figure 2-17 uses 2600 series routers. This lab can be done with any combination of<br />
1700, 2500, <strong>and</strong> 2600 series routers.<br />
NetLab Compatibility Notes<br />
This lab can be completed on a st<strong>and</strong>ard NetLab three router pod.<br />
Task 1: Design the Addressing Scheme<br />
You are given the address space, 172.16.0.0/16. The five loopback interfaces on HQ <strong>and</strong> five loopback<br />
interfaces on REMOTE are used to simulate different parts of a global network. Use the following specifications<br />
to design your addressing scheme.
Table 2-16 LAN Addressing Specifications<br />
HQ Hosts Needed<br />
Production LAN 16,000<br />
Warehousing LAN 8000<br />
Marketing LAN 4000<br />
Management LAN 2000<br />
Purchasing LAN 1000<br />
REMOTE Hosts Needed<br />
Eastern Region 4000<br />
Northern Region 4000<br />
Western Region 4000<br />
Southern Region 4000<br />
International 4000<br />
Label the topology in Figure 2-17 with the networks <strong>and</strong> finish filling in the IP addresses in Table 2-16<br />
with your chosen addressing scheme. Use the first IP address in each subnet for the interface address. For<br />
the WAN link between HQ <strong>and</strong> REMOTE, assign HQ the first address.<br />
Task 2: Cable the Topology <strong>and</strong> Basic Configuration<br />
Step 1. Choose three routers <strong>and</strong> cable them according to the topology. You will not need any LAN<br />
interfaces or switches for this lab. (If using NetLab, choose a three router pod).<br />
Step 2. Configure the routers with basic configurations including interface addresses.<br />
Task 3: Configure OSPF Routing <strong>and</strong> Default Routing<br />
Step 1. Configure both HQ <strong>and</strong> REMOTE to use OSPF as the routing protocol. Enter the simulated<br />
LAN subnets <strong>and</strong> the WAN link between HQ <strong>and</strong> REMOTE. Do not advertise the<br />
209.165.201.0/30 network.<br />
Step 2. Configure ISP with a static route pointing the 172.16.0.0/16 Address Space. Configure HQ<br />
with a default route pointing to ISP. Configure HQ to advertise the default route to REMOTE.<br />
Step 3. Verify HQ <strong>and</strong> REMOTE routing tables.<br />
■ HQ should have seven directly connected routes, five OSPF routes, <strong>and</strong> one static route.<br />
■ REMOTE should have six directly connected routes, five OSPF routes, <strong>and</strong> one OSPF E2 route.<br />
■ Verify that REMOTE can ping the Simulated Web Server at 209.165.202.129.<br />
Task 4: Other OSPF Configurations<br />
Step 1. Change the OSPF hello interval to 20 seconds.<br />
Chapter 2: Single-Area OSPF 169<br />
Step 2. The link between HQ <strong>and</strong> REMOTE is a 1/4 T1. Change the b<strong>and</strong>width on both HQ <strong>and</strong><br />
REMOTE to match the actual link speed.<br />
Step 3. Configure OSPF authentication with MD5 between HQ <strong>and</strong> REMOTE. Use “allrouters” as the key.
170 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 5: Verification <strong>and</strong> Documentation<br />
Step 1. Capture the following verifications to a text file called verify.txt:<br />
■ Ping output from REMOTE pinging the Simulated Web Server.<br />
■ Capture show ip route on all three routers: ISP, HQ, <strong>and</strong> REMOTE.<br />
■ Capture show ip ospf, show ip ospf neighbor, <strong>and</strong> show ip ospf interface on HQ <strong>and</strong> REMOTE.<br />
Step 2. Capture the running configurations on all three routers to separate text files. Use the hostname<br />
of the router to name each text file.<br />
Step 3. Clean up the verify.txt, HQ.txt, REMOTE.txt, <strong>and</strong> ISP.txt files. Add appropriate notes to assist<br />
in your studies.<br />
ISP hostname ISP<br />
!<br />
enable secret class<br />
!<br />
!<br />
ip subnet-zero<br />
no ip domain-lookup<br />
!<br />
interface Loopback0<br />
!<br />
description Simulated Public Web Server<br />
ip address 209.165.202.129 255.255.255.255<br />
interface Serial0/0<br />
!<br />
description Link to Customer<br />
ip address 209.165.201.1 255.255.255.252<br />
no shutdown<br />
ip route 172.16.0.0 255.255.0.0 Serial0/0<br />
!<br />
banner motd &<br />
***********************************<br />
!!!AUTHORIZED ACCESS ONLY!!!<br />
***********************************<br />
&<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line aux 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous
login<br />
line vty 0 4<br />
!<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
end<br />
HQ hostname HQ<br />
!<br />
enable secret class<br />
!<br />
ip subnet-zero<br />
no ip domain-lookup<br />
ip host ISP 209.165.201.1<br />
ip host REMOTE 172.16.255.254<br />
ip host WEB 209.165.202.129<br />
!<br />
interface Loopback0<br />
!<br />
description Production LAN<br />
ip address 172.16.0.1 255.255.192.0<br />
interface Loopback1<br />
!<br />
description Warehouse LAN<br />
ip address 172.16.64.1 255.255.224.0<br />
interface Loopback2<br />
!<br />
description Marketing LAN<br />
ip address 172.16.96.1 255.255.240.0<br />
interface Loopback3<br />
!<br />
description Management LAN<br />
ip address 172.16.112.1 255.255.248.0<br />
interface Loopback4<br />
!<br />
description Purchasing LAN<br />
ip address 172.16.120.1 255.255.252.0<br />
interface Serial0/0<br />
!<br />
description Link to ISP<br />
ip address 209.165.201.2 255.255.255.252<br />
clockrate 64000<br />
no shutdown<br />
Chapter 2: Single-Area OSPF 171
172 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
interface Serial0/1<br />
!<br />
description Link to REMOTE<br />
b<strong>and</strong>width 386<br />
ip address 172.16.255.253 255.255.255.252<br />
ip ospf message-digest-key 1 md5 7 allrouters<br />
ip ospf hello-interval 20<br />
clockrate 64000<br />
no shutdown<br />
router ospf 1<br />
!<br />
area 0 authentication message-digest<br />
network 172.16.0.0 0.0.63.255 area 0<br />
network 172.16.64.0 0.0.31.255 area 0<br />
network 172.16.96.0 0.0.15.255 area 0<br />
network 172.16.112.0 0.0.7.255 area 0<br />
network 172.16.120.0 0.0.3.255 area 0<br />
network 172.16.255.252 0.0.0.3 area 0<br />
default-information originate<br />
ip route 0.0.0.0 0.0.0.0 Serial0/0<br />
!<br />
banner motd &<br />
***********************************<br />
!!!AUTHORIZED ACCESS ONLY!!!<br />
***********************************<br />
&<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line aux 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
!<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
end<br />
REMOTE
hostname REMOTE<br />
!<br />
enable secret class<br />
!<br />
ip subnet-zero<br />
no ip domain-lookup<br />
ip host ISP 209.165.201.1<br />
ip host WEB 209.165.202.129<br />
ip host HQ 172.16.255.253<br />
!<br />
interface Loopback0<br />
!<br />
description East Region<br />
ip address 172.16.128.1 255.255.240.0<br />
interface Loopback1<br />
!<br />
description North Region<br />
ip address 172.16.144.1 255.255.240.0<br />
interface Loopback2<br />
!<br />
description South Region<br />
ip address 172.16.160.1 255.255.240.0<br />
interface Loopback3<br />
!<br />
description West Region<br />
ip address 172.16.176.1 255.255.240.0<br />
interface Loopback4<br />
!<br />
description International<br />
ip address 172.16.192.1 255.255.240.0<br />
interface Serial0/1<br />
!<br />
description Link to HQ<br />
b<strong>and</strong>width 386<br />
ip address 172.16.255.254 255.255.255.252<br />
ip ospf message-digest-key 1 md5 7 allrouters<br />
ip ospf hello-interval 20<br />
no shutdown<br />
router ospf 1<br />
area 0 authentication message-digest<br />
network 172.16.128.0 0.0.15.255 area 0<br />
network 172.16.144.0 0.0.15.255 area 0<br />
network 172.16.160.0 0.0.15.255 area 0<br />
network 172.16.176.0 0.0.15.255 area 0<br />
network 172.16.192.0 0.0.15.255 area 0<br />
network 172.16.255.252 0.0.0.3 area 0<br />
Chapter 2: Single-Area OSPF 173
174 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
!<br />
banner motd &<br />
***********************************<br />
!!!AUTHORIZED ACCESS ONLY!!!<br />
***********************************<br />
&<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line aux 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
!<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
end
CHAPTER 3<br />
EIGRP <strong>and</strong> Troubleshooting Routing Protocols<br />
The <strong>Study</strong> <strong>Guide</strong> portion of this chapter uses a combination of matching, fill in the blank, multiple choice,<br />
open-ended question, <strong>and</strong> unique custom exercises to test your knowledge on the theory of EIGRP concepts,<br />
EIGRP configuration, <strong>and</strong> basic routing protocol troubleshooting.<br />
The Lab Exercises portion of this chapter includes all of the online curriculum labs as well as a comprehensive<br />
lab <strong>and</strong> a challenge lab to ensure that you have mastered the practical, h<strong>and</strong>s-on skills needed<br />
about EIGRP <strong>and</strong> routing troubleshooting.
176 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
<strong>Study</strong> <strong>Guide</strong><br />
EIGRP Concepts<br />
EIGRP is the enhanced version of the Cisco-proprietary Interior Gateway Routing Protocol (IGRP). The<br />
speed of convergence, ease of configuration, <strong>and</strong> blending of the best of both distance vector <strong>and</strong> link-state<br />
routing protocols make EIGRP the most powerful of IGPs. To get the absolute best of both worlds, use<br />
EIGRP if all of your equipment is from Cisco.<br />
The exercises in this section walk you through the terminology <strong>and</strong> concepts of EIGRP. Pay particular<br />
attention to the similarities <strong>and</strong> differences between EIGRP <strong>and</strong> other routing protocols.<br />
Vocabulary Exercise: Matching<br />
Directions: Match the definition on the left with a term on the right. This exercise is not necessarily a oneto-one<br />
matching. Some definitions may be used more than once <strong>and</strong> some terms may have multiple definitions.<br />
However, all terms <strong>and</strong> definitions are used.<br />
Definition<br />
a. table that includes route entries for all destinations<br />
that the router has learned<br />
b. a route selected as the primary route to reach<br />
a destination<br />
c. table that ensures bidirectional communication<br />
between each of the directly connected<br />
neighbors<br />
d. a backup route kept in the topology table in<br />
case the primary route goes down<br />
e. used by EIGRP to discover, verify, <strong>and</strong> rediscover<br />
neighbor routers<br />
f. a route that is in a reachable <strong>and</strong> operational<br />
status<br />
g. guarantees loop-free operation at every<br />
instant throughout a route computation <strong>and</strong><br />
allows all devices involved in a topology<br />
change to synchronize at the same time<br />
h. table in which EIGRP places the routes it<br />
chooses from the topology table as the best<br />
(successor) routes to a destination<br />
i. status of a route that has no feasible successors<br />
yet; router is waiting on replies from<br />
EIGRP routers<br />
j. used by EIGRP to guarantee ordered delivery<br />
of EIGRP packets to all neighbors<br />
k. used when a router discovers a new neighbor<br />
l. used when a router needs specific information<br />
from one or all of its neighbors<br />
Term<br />
d feasible successor<br />
e hello packets<br />
g Diffusing Update Algorithm<br />
j Reliable Transport Protocol<br />
c neighbor table<br />
k update packet<br />
a topology table<br />
l query packet<br />
b successor<br />
h routing table<br />
i active state<br />
f passive state
Vocabulary Exercise: Completion<br />
Directions: Complete the paragraphs that follow by filling in appropriate words <strong>and</strong> phrases.<br />
IGRP <strong>and</strong> EIGRP are compatible with each other, which provides seamless interoperability between the<br />
two processes. EIGRP uses metric calculations similar to those used by IGRP, <strong>and</strong> EIGRP supports the<br />
same unequal-cost path load balancing as IGRP does.<br />
Although the metric (b<strong>and</strong>width <strong>and</strong> delay by default) is the same for both IGRP <strong>and</strong> EIGRP, the weight<br />
assigned to the metric is 256 times greater for EIGRP. That is because EIGRP uses a metric that is 32 bits<br />
long, <strong>and</strong> IGRP uses a 24-bit metric. By multiplying or dividing by 256, EIGRP can easily exchange information<br />
with IGRP.<br />
IGRP has a maximum hop count of 255. EIGRP has a maximum hop count of 224. By default, the Cisco<br />
IOS limits the hop count for EIGRP limited to 100 as displayed by the show ip protocols comm<strong>and</strong>. This<br />
is more than adequate to support the largest, properly designed internetworks.<br />
EIGRP’s convergence technology employs the Diffusing Update Algorithm (DUAL), which guarantees<br />
loop-free operation at every instant throughout a route. Routers that are not affected by topology changes<br />
are not involved in recomputations.<br />
Redistribution, the sharing of routes, is automatic between IGRP <strong>and</strong> EIGRP as long as both processes use<br />
the same autonomous system number.<br />
Like OSPF, EIGRP maintains three tables for use with its computations. These tables include the neighbor<br />
table (called the adjacency database in OSPF), the topology table (called the link-state database in OSPF),<br />
<strong>and</strong> the routing table (called the forwarding database in OSPF).<br />
The following are some additional features of EIGRP:<br />
■ EIGRP converges rapidly on network topology changes. In some situations, convergence can be<br />
almost instantaneous. EIGRP stores backup routes, called feasible successors, so that it can quickly<br />
adapt to these alternate routes if the primary route, called the successor, becomes unavailable. If no<br />
backup route exists, then EIGRP sends a query packet to its neighbors to discover an alternate route.<br />
■ During normal operations when the network topology is fully converged, only hello packets are sent<br />
to neighbors. These packets are also used to establish neighbor adjacencies.<br />
■ EIGRP supports automatic route summarization at classful network boundaries. But it can be manually<br />
configured to advertise on arbitrary network boundaries to reduce the size of routing tables.<br />
■ EIGRP uses its own Layer 4 protocol called the Reliable Transport Protocol. Because EIGRP provides<br />
support for multiple routed protocols, including AppleTalk (AT) <strong>and</strong> Internetwork Packet Exchange<br />
(IPX), it must be protocol independent. That means it cannot depend on TCP for reliability services.<br />
EIGRP Packet Type Exercise<br />
Like OSPF, EIGRP relies on different types of packets to maintain its tables <strong>and</strong> establish relationships<br />
with neighbor routers. Complete the missing elements that follow by filling in appropriate words or phrases.<br />
When given the choice, circle whether the packet is reliable or unreliable <strong>and</strong> whether it is unicast or<br />
multicast.<br />
Hello packets:<br />
■ (Reliable/Unreliable) (unicast/multicast) sent to the address 224.0.0.10 to discover <strong>and</strong> maintain<br />
neighbors; contains the router’s neighbor table<br />
■ Default hello interval depends on the b<strong>and</strong>width:<br />
— ≤ 1.544 Mbps = 60 sec. hello interval (180 sec. holdtime)<br />
— > 1.544 Mbps = 5 sec. hello interval (15 sec. holdtime)<br />
Chapter 3: EIGRP <strong>and</strong> Troubleshooting Routing Protocols 177
178 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Update packets. Sent (reliably/unreliably), there are two types:<br />
■ (Unicast/Multicast) to new neighbor discovered; contains routing table<br />
■ (Unicast/Multicast) to all neighbors when topology changes<br />
Query packets. Queries are (unicast/multicast) (reliably/unreliably) during route recomputation, asking<br />
neighbors for a new successor to a lost route.<br />
Reply packets. Neighbors (unicast/multicast) a reply to a query of whether or not they have a route.<br />
Acknowledgement packets. “Dataless” (unicast/multicast) packet that acknowledges the receipt of a packet<br />
that was sent reliably.<br />
EIGRP Configuration<br />
Now that you have a firm grasp of EIGRP concepts, it is time to learn how to configure EIGRP. The exercise<br />
in this section takes you step-by-step through an EIGRP configuration.<br />
Learn the EIGRP Comm<strong>and</strong>s Exercise<br />
Document the comm<strong>and</strong> syntax, including router prompt, to configure the EIGRP routing process.<br />
Router(config)#router eigrp autonomous-system-number<br />
True or False: All routers in an area must have the same autonomous-system-number.<br />
True. The autonomous system number is used to identify all routers that will be participating in this<br />
EIGRP routing process. It must match for all routers in the system.<br />
Like the process-id in OSPF, the value for autonomous-system-number can be any number between 1 <strong>and</strong><br />
65535 as long as it does not have to be registered with IANA.<br />
Refer to Figure 3-1. In the space provided, document the correct comm<strong>and</strong>s, including router prompt, to<br />
configure RTA to advertise all directly connected networks in EIGRP.<br />
Figure 3-1 RTA EIGRP Configuration<br />
172.16.64.0/20<br />
172.16.80.0/20<br />
172.16.96.0/20<br />
172.16.112.0/20<br />
10.0.0.8/30<br />
RTC<br />
T1<br />
S0/0<br />
DCE<br />
172.16.0.0/18<br />
RTA<br />
EIGRP<br />
100<br />
128kbps<br />
T1<br />
10.0.0.0/30<br />
S0/1<br />
10.0.0.4/30 S0/0<br />
DCE<br />
RTB<br />
172.16.128.0/19<br />
172.16.160.0/19<br />
172.16.192.0/19<br />
172.16.224.0/19
RTA(config)#router eigrp 100<br />
RTA(config-router)#network 10.0.0.0<br />
RTA(config-router)#network 172.16.0.0<br />
In Figure 3-1, RTB <strong>and</strong> RTC are distribution routers for several networks. Each router has six networks<br />
attached: two WANs <strong>and</strong> four simulated LANs. If configuring OSPF, you would have to enter each network<br />
in the routing process. But for EIGRP, the configuration is greatly simplified. You need to enter only<br />
the classful networks. Therefore, the EIGRP configuration for RTB <strong>and</strong> RTC is identical to that of RTA. In<br />
the space provided, document the correct comm<strong>and</strong>s, including router prompt, to configure RTB <strong>and</strong> RTC<br />
to advertise all directly connected networks in EIGRP.<br />
RTB(config)#router eigrp 100<br />
RTB(config-router)#network 10.0.0.0<br />
RTB(config-router)#network 172.16.0.0<br />
!<br />
RTC(config)#router eigrp 100<br />
RTC(config-router)#network 10.0.0.0<br />
RTC(config-router)#network 172.16.0.0<br />
In Figure 3-1, notice that the WAN links are labeled with the contracted b<strong>and</strong>width. Because EIGRP calculates<br />
the metric using b<strong>and</strong>width <strong>and</strong> delay, you need to configure the links for the correct b<strong>and</strong>width.<br />
Assume that the default b<strong>and</strong>width for the three routers is 1544 kbps. Document the comm<strong>and</strong>s, including<br />
router prompt, to configure RTB <strong>and</strong> RTC with the correct b<strong>and</strong>width.<br />
RTB(config)#interface serial 0/0<br />
RTB(config-if)#b<strong>and</strong>width 128<br />
!<br />
RTC(config)#interface serial 0/0<br />
RTC(config-if)#b<strong>and</strong>width 128<br />
Chapter 3: EIGRP <strong>and</strong> Troubleshooting Routing Protocols 179<br />
The following output was sent to the console by the IOS when RTA <strong>and</strong> RTB established a new adjacency.<br />
Document the comm<strong>and</strong>, including router prompt, that you need to configure to have this message sent to<br />
the console on RTA.<br />
RTA#<br />
00:24:44: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 10.0.0.2 (Serial0/1) is up:<br />
new adjacency<br />
RTA(config-router)#eigrp log-neighbor-changes<br />
Figure 3-1 has discontiguous subnets. Subnets of the 10.0.0.0 classful network separate subnets of the<br />
172.16.0.0 classful network. As the configuration st<strong>and</strong>s now, no router can send traffic to any of the<br />
LANs connected to another router. The routing table for RTA follows. Document the comm<strong>and</strong>, including<br />
router prompt, that must be configured on all three routers before all subnets will be reachable from anywhere<br />
in the network.<br />
RTA#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route
180 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Gateway of last resort is not set<br />
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks<br />
D 172.16.0.0/16 is a summary, 00:23:16, Null0<br />
C 172.16.0.0/18 is directly connected, FastEthernet0/0<br />
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks<br />
D 10.0.0.0/8 is a summary, 00:23:20, Null0<br />
C 10.0.0.0/30 is directly connected, Serial0/1<br />
RTA(config-router)#no auto-summary<br />
Note: Now is a good time to complete Curriculum Lab 3-1: Configuring EIGRP Routing (3.2.1).<br />
The output that follows shows the current routing table for RTA with automatic summarization disabled,<br />
<strong>and</strong> then shows the same routing table after manual summarization. Even in this simulated network, the<br />
table is rather large. In production networks, this table could be huge. Unlike single-area OSPF configurations,<br />
EIGRP provides a method to manually summarize subnets within the same address space into one<br />
route table entry. Document the comm<strong>and</strong>s necessary to configure RTB <strong>and</strong> RTC to manually summarize<br />
the simulated LANs into one advertisement.<br />
RTA routing table before manual summarization:<br />
RTA#show ip route<br />
(output omitted)<br />
Gateway of last resort is not set<br />
172.16.0.0/16 is variably subnetted, 9 subnets, 3 masks<br />
D 172.16.160.0/19 [90/2297856] via 10.0.0.2, 00:00:16, Serial0/1<br />
D 172.16.128.0/19 [90/2297856] via 10.0.0.2, 00:00:16, Serial0/1<br />
D 172.16.224.0/19 [90/2297856] via 10.0.0.2, 00:00:16, Serial0/1<br />
D 172.16.192.0/19 [90/2297856] via 10.0.0.2, 00:00:16, Serial0/1<br />
C 172.16.0.0/18 is directly connected, FastEthernet0/0<br />
D 172.16.112.0/20 [90/2297856] via 10.0.0.9, 00:00:29, Serial0/0<br />
D 172.16.96.0/20 [90/2297856] via 10.0.0.9, 00:00:30, Serial0/0<br />
D 172.16.80.0/20 [90/2297856] via 10.0.0.9, 00:00:30, Serial0/0<br />
D 172.16.64.0/20 [90/2297856] via 10.0.0.9, 00:00:30, Serial0/0<br />
10.0.0.0/30 is subnetted, 3 subnets<br />
C 10.0.0.8 is directly connected, Serial0/0<br />
C 10.0.0.0 is directly connected, Serial0/1<br />
D 10.0.0.4 [90/21024000] via 10.0.0.9, 00:00:30, Serial0/0<br />
[90/21024000] via 10.0.0.2, 00:00:30, Serial0/1<br />
RTA routing table after manual summarization:<br />
RTA#show ip route<br />
(output omitted)<br />
Gateway of last resort is not set<br />
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks<br />
D 172.16.128.0/17 [90/2297856] via 10.0.0.2, 00:00:36, Serial0/1
C 172.16.0.0/18 is directly connected, FastEthernet0/0<br />
D 172.16.64.0/18 [90/2297856] via 10.0.0.9, 00:02:43, Serial0/0<br />
10.0.0.0/30 is subnetted, 3 subnets<br />
C 10.0.0.8 is directly connected, Serial0/0<br />
C 10.0.0.0 is directly connected, Serial0/1<br />
D 10.0.0.4 [90/21024000] via 10.0.0.9, 00:00:36, Serial0/0<br />
[90/21024000] via 10.0.0.2, 00:00:36, Serial0/1<br />
RTB(config)#interface s0/0<br />
RTB(config-if)#ip summary-address eigrp 100 172.16.128.0 255.255.128.0<br />
RTB(config-if)#interface s0/1<br />
RTB(config-if)#ip summary-address eigrp 100 172.16.128.0 255.255.128.0<br />
!<br />
RTC(config-if)#interface s0/0<br />
RTC(config-if)#ip summary-address eigrp 100 172.16.64.0 255.255.192.0<br />
RTC(config-if)#interface s0/1<br />
RTC(config-if)#ip summary-address eigrp 100 172.16.64.0 255.255.192.0<br />
Instructor Note: Configuring manual summarization for EIGRP is an opportunity to reinforce the route summarization<br />
skills taught in Chapter 1, “Introduction to Classless Routing.”<br />
Troubleshooting Routing Protocols<br />
Learning how to troubleshoot network problems <strong>and</strong> misconfigurations is paramount to your <strong>CCNA</strong> skill<br />
set. Not only will this skill save you countless hours on the job, your ability to problem solve will be thoroughly<br />
tested on the <strong>CCNA</strong> exam. The only way to develop troubleshooting or problem-solving skills is<br />
by practicing. The more “h<strong>and</strong>s on” experience you gain from cabling <strong>and</strong> configuring networks, the more<br />
problems you will run across <strong>and</strong> solve.<br />
By far, the most common errors occur at Layer 1. Always check your physical layer first when a problem<br />
occurs. Then, work your way up the layers. Too often, students issue the comm<strong>and</strong> show run to find a<br />
problem. Rarely is this the best or most efficient method of troubleshooting your network. In addition, on<br />
production networks the running configuration can span many pages. Learn the show <strong>and</strong> debug comm<strong>and</strong>s.<br />
Develop an underst<strong>and</strong>ing of what the output from these comm<strong>and</strong>s means. Not only will this skill<br />
better assist you in troubleshooting your network configurations, you will be better prepared for the troubleshooting<br />
scenarios you encounter on the <strong>CCNA</strong> exam.<br />
In the following exercises, you will document a problem-solving flow chart <strong>and</strong> then work through show<br />
<strong>and</strong> debug comm<strong>and</strong>s for RIP, EIGRP, <strong>and</strong> OSPF. The Internet Research Exercise asks you to research the<br />
fields of an IP packet header.<br />
Problem-Solving Cycle<br />
Chapter 3: EIGRP <strong>and</strong> Troubleshooting Routing Protocols 181<br />
In the space provided, draw a flow chart showing a generic problem-solving cycle that starts with “identify<br />
problem” <strong>and</strong> ends with “document problem <strong>and</strong> solution.” Your flow chart should have no less than six<br />
steps, but it can have more.
182 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Figure 3-2 Problem-Solving Cycle<br />
Identify<br />
Problem<br />
Troubleshooting RIP<br />
The most common problem found in RIP that prevents RIP routes from being advertised is discontiguous<br />
subnets because RIP Version 1 does not support VLSM. First, make sure both Layer 1 <strong>and</strong> Layer 2 are<br />
functioning. Then, use the comm<strong>and</strong>s reviewed in this exercise to verify <strong>and</strong> troubleshoot the network.<br />
What comm<strong>and</strong> generates the following output?<br />
Router#show ip route<br />
Gather/<br />
Analyze<br />
Data<br />
Solution<br />
Resolve<br />
Problem?<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is 192.168.1.253 to network 0.0.0.0<br />
192.168.1.0/24 is variably subnetted, 6 subnets, 2 masks<br />
R 192.168.1.64/26 [120/1] via 192.168.1.246, 00:00:03, Serial0/1<br />
C 192.168.1.0/26 is directly connected, FastEthernet0/0<br />
R 192.168.1.248/30 [120/1] via 192.168.1.246, 00:00:03, Serial0/1<br />
[120/1] via 192.168.1.253, 00:00:07, Serial0/0<br />
C 192.168.1.252/30 is directly connected, Serial0/0<br />
C 192.168.1.244/30 is directly connected, Serial0/1<br />
R 192.168.1.128/26 [120/1] via 192.168.1.253, 00:00:08, Serial0/0<br />
R* 0.0.0.0/0 [120/9] via 192.168.1.253, 00:00:02, Serial0/0<br />
Using the preceding output, answer the following questions.<br />
No<br />
Yes<br />
Document<br />
Problem <strong>and</strong><br />
Solution<br />
List Possible<br />
Solutions<br />
Test Most<br />
Likely<br />
Solution
In the shaded entry for 192.168.1.128/26, what does the 120 mean in the [120/1] portion of the entry?<br />
Administrative distance<br />
What does the 1 mean?<br />
The metric; number of hops to the destination<br />
Why are there two entries to the 192.168.1.248/30 network?<br />
RIP will install up to four equal-cost routes to the destination.<br />
How many subnets <strong>and</strong> masks are used in the 192.168.1.0/24 address space?<br />
Six subnets <strong>and</strong> two masks<br />
What comm<strong>and</strong> generates the following output?<br />
Router#show ip protocols<br />
Routing Protocol is “rip”<br />
Sending updates every 30 seconds, next due in 15 seconds<br />
Invalid after 180 seconds, hold down 180, flushed after 240<br />
Outgoing update filter list for all interfaces is not set<br />
Incoming update filter list for all interfaces is not set<br />
Redistributing: rip<br />
Default version control: send version 2, receive version 2<br />
Interface Send Recv Triggered RIP Key-chain<br />
FastEthernet0/0 2 2<br />
Serial0/0 2 2<br />
Serial0/1 2 2<br />
Automatic network summarization is not in effect<br />
Maximum path: 6<br />
Routing for Networks:<br />
192.168.1.0<br />
Routing Information Sources:<br />
Gateway Distance Last Update<br />
192.168.1.253 120 00:00:17<br />
192.168.1.246 120 00:00:12<br />
Distance: (default is 120)<br />
Using the preceding output, answer the following questions.<br />
How many routers are advertising RIP routes to this router?<br />
Two; listed under “Routing Information Sources”<br />
How many equal-cost routes to the same destination can this router use (not the default)?<br />
Six; shown as “Maximum path”<br />
What are the timers for RIP:<br />
■ Update: 30 seconds<br />
■ Holddown: 180 seconds<br />
■ Invalid: 180 seconds<br />
■ Flushed: 240 seconds<br />
Chapter 3: EIGRP <strong>and</strong> Troubleshooting Routing Protocols 183
184 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
What comm<strong>and</strong> generates the following output?<br />
Router#debug ip rip<br />
00:29:04: RIP: received v2 update from 192.168.1.253 on Serial0/0<br />
00:29:04: 192.168.1.64/26 via 0.0.0.0 in 2 hops<br />
00:29:04: 192.168.1.128/26 via 0.0.0.0 in 1 hops<br />
00:29:04: 192.168.1.248/30 via 0.0.0.0 in 1 hops<br />
00:29:05: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/0 (192.168.1.1)<br />
00:29:05: RIP: build update entries<br />
00:29:05: 192.168.1.64/26 via 0.0.0.0, metric 2, tag 0<br />
00:29:05: 192.168.1.128/26 via 0.0.0.0, metric 2, tag 0<br />
00:29:05: 192.168.1.244/30 via 0.0.0.0, metric 1, tag 0<br />
00:29:05: 192.168.1.248/30 via 0.0.0.0, metric 2, tag 0<br />
00:29:05: 192.168.1.252/30 via 0.0.0.0, metric 1, tag 0<br />
00:29:05: RIP: sending v2 update to 224.0.0.9 via Serial0/0 (192.168.1.254)<br />
00:29:05: RIP: build update entries<br />
00:29:05: 192.168.1.0/26 via 0.0.0.0, metric 1, tag 0<br />
00:29:05: 192.168.1.64/26 via 0.0.0.0, metric 2, tag 0<br />
00:29:05: 192.168.1.244/30 via 0.0.0.0, metric 1, tag 0<br />
Using the preceding output, answer the following questions.<br />
How many RIP neighbors does this router have?<br />
From the output, only one, at 192.168.1.253<br />
Notice that this router sent two updates. How many routes did RIP advertise out FastEthernet0/0?<br />
Five<br />
How many routes did RIP advertise out Serial0/0?<br />
Three<br />
What routes that were advertised out Fa0/0 were not advertised out S0/0?<br />
192.168.1.252/30 <strong>and</strong> 192.168.1.128/26<br />
Why do you think these routes were not advertised out the S0/0 interface?<br />
Because split-horizon prevents a router from sending out updates about networks to another router if the<br />
router receiving the update is the one that originally advertised the route. In this case, the route heard<br />
about the 192.168.1.128/26 network from the router it is sending the update to. In addition, if two routers<br />
share a network, then neither router needs to advertise the route to the other router. That is the case with<br />
the 192.168.1.252/30 network.<br />
Is it necessary to advertise out the Fast Ethernet interface? If not, what can you do to stop advertisements?<br />
If so, why?<br />
The only reason to advertise out the Fast Ethernet interface is if there is another RIP router that needs<br />
updates out that interface. Otherwise, it is best to turn off updates on Fast Ethernet interfaces by using the<br />
passive-interface comm<strong>and</strong>.
Troubleshooting EIGRP<br />
Normal EIGRP operation is stable, efficient in b<strong>and</strong>width utilization, <strong>and</strong> relatively simple to monitor <strong>and</strong><br />
troubleshoot. Make sure your Layer 1 <strong>and</strong> Layer 2 are functioning. Then use the following comm<strong>and</strong>s to<br />
verify <strong>and</strong> troubleshoot the network.<br />
What comm<strong>and</strong> generates the following output?<br />
Router#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is not set<br />
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks<br />
D 172.16.128.0/17 [90/2297856] via 10.0.0.2, 00:00:19, Serial0/1<br />
C 172.16.0.0/18 is directly connected, FastEthernet0/0<br />
D 172.16.64.0/18 [90/2297856] via 10.0.0.9, 00:00:19, Serial0/0<br />
10.0.0.0/30 is subnetted, 3 subnets<br />
C 10.0.0.8 is directly connected, Serial0/0<br />
C 10.0.0.0 is directly connected, Serial0/1<br />
D 10.0.0.4 [90/21024000] via 10.0.0.2, 00:00:19, Serial0/1<br />
[90/21024000] via 10.0.0.9, 00:00:19, Serial0/0<br />
Using the preceding output, answer the following questions.<br />
In the shaded entry for 172.16.128.0/17, what does the 90 mean in the [90/2297856] portion of the entry?<br />
Administrative distance<br />
What does the 2297856 mean?<br />
The metric; it is a value calculated by DUAL that takes into consideration b<strong>and</strong>width <strong>and</strong> delay.<br />
Why are there two entries to the 10.0.0.4/30 network?<br />
By default, EIGRP installs up to four equal-cost routes to the destination.<br />
How many subnets <strong>and</strong> masks are used in the 192.168.1.0/24 address space?<br />
Six subnets <strong>and</strong> two masks<br />
What comm<strong>and</strong> generates the following output?<br />
Router#show ip protocols<br />
Routing Protocol is “eigrp 100”<br />
Outgoing update filter list for all interfaces is not set<br />
Incoming update filter list for all interfaces is not set<br />
Default networks flagged in outgoing updates<br />
Default networks accepted from incoming updates<br />
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0<br />
EIGRP maximum hopcount 100<br />
Chapter 3: EIGRP <strong>and</strong> Troubleshooting Routing Protocols 185
186 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
EIGRP maximum metric variance 1<br />
Redistributing: eigrp 100<br />
Automatic network summarization is not in effect<br />
Maximum path: 5<br />
Routing for Networks:<br />
10.0.0.0<br />
172.16.0.0<br />
Routing Information Sources:<br />
Gateway Distance Last Update<br />
10.0.0.9 90 00:00:53<br />
10.0.0.2 90 00:00:53<br />
Distance: internal 90 external 170<br />
Using the preceding output, answer the following questions.<br />
How many routers are advertising EIGRP routes to this router?<br />
Two; listed under “Routing Information Sources”<br />
How many equal-cost routes to the same destination can this router use (not the default)?<br />
Five; shown as “Maximum path”<br />
The K1 <strong>and</strong> K3 values in the metric weight have a value of 1 each. What are these values for?<br />
In the EIGRP metric formula used by DUAL, the value for b<strong>and</strong>width (K1) <strong>and</strong> the value for delay (K3)<br />
are given the same proportional weight.<br />
The K2, K4, <strong>and</strong> K5 values are all 0. What do these values represent <strong>and</strong> why are they 0?<br />
They represent reliability, load, <strong>and</strong> MTU, which can also be configured as part of the EIGRP metric. By<br />
default, these values are set to 0 <strong>and</strong> only b<strong>and</strong>width <strong>and</strong> delay are evaluated.<br />
What comm<strong>and</strong> generates the following output?<br />
Router#show ip eigrp neighbors<br />
H Address Interface Hold Uptime SRTT RTO Q Seq Type<br />
(sec) (ms) Cnt Num<br />
1 10.0.0.9 Se0/0 11 00:23:21 24 200 0 4<br />
0 10.0.0.2 Se0/1 10 00:23:35 32 200 0 8<br />
What comm<strong>and</strong> generates the following output?<br />
Router#show ip eigrp topology<br />
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,<br />
r - reply Status, s - sia Status<br />
P 10.0.0.8/30, 1 successors, FD is 2169856<br />
via Connected, Serial0/0<br />
P 10.0.0.0/30, 1 successors, FD is 2169856<br />
via Connected, Serial0/1<br />
P 10.0.0.4/30, 2 successors, FD is 21024000<br />
via 10.0.0.2 (21024000/20512000), Serial0/1<br />
via 10.0.0.9 (21024000/20512000), Serial0/0<br />
P 172.16.128.0/17, 1 successors, FD is 2297856<br />
via 10.0.0.2 (2297856/128256), Serial0/1
P 172.16.0.0/18, 1 successors, FD is 28160<br />
via Connected, FastEthernet0/0<br />
P 172.16.64.0/18, 1 successors, FD is 2297856<br />
via 10.0.0.9 (2297856/128256), Serial0/0<br />
What comm<strong>and</strong> generates the following output?<br />
Router#show ip eigrp traffic<br />
Hellos sent/received: 1044/696<br />
Updates sent/received: 9/9<br />
Queries sent/received: 0/0<br />
Replies sent/received: 0/0<br />
Acks sent/received: 7/7<br />
Input queue high water mark 1, 0 drops<br />
SIA-Queries sent/received: 0/0<br />
SIA-Replies sent/received: 0/0<br />
What comm<strong>and</strong> generates the following output?<br />
Router#debug ip eigrp<br />
IP-EIGRP: Processing incoming UPDATE packet<br />
IP-EIGRP: Ext 192.168.3.0 255.255.255.0 M 386560 <strong>–</strong> 256000 130560 SM 360960 <strong>–</strong> 256000<br />
104960<br />
IP-EIGRP: Ext 192.168.0.0 255.255.255.0 M 386560 <strong>–</strong> 256000 130560 SM 360960 <strong>–</strong> 256000<br />
104960<br />
IP-EIGRP: Ext 192.168.3.0 255.255.255.0 M 386560 <strong>–</strong> 256000 130560 SM 360960 <strong>–</strong> 256000<br />
104960<br />
IP-EIGRP: 172.69.43.0 255.255.255.0, - do advertise out Ethernet0/1<br />
IP-EIGRP: Ext 172.68.43.0 255.255.255.0 metric 371200 <strong>–</strong> 25600 115200<br />
IP-EIGRP: 192.135.246.0 255.255.255.0, - do advertise out Ethernet0/1<br />
IP-EIGRP: Ext 192.135.246.0 255.255.255.0 metric 46310656 <strong>–</strong> 45714176 596480<br />
IP-EIGRP: 172.69.40.0 255.255.255.0, - do advertise out Ethernet0/1<br />
IP-EIGRP: Ext 172.68.40.0 255.255.255.0 metric 2272256 <strong>–</strong> 1657856 614400<br />
IP-EIGRP: 192.135.245.0 255.255.255.0, - do advertise out Ethernet0/1<br />
IP-EIGRP: Ext 192.135.245.0 255.255.255.0 metric 40622080 <strong>–</strong> 40000000 622080<br />
IP-EIGRP: 192.135.244.0 255.255.255.0, - do advertise out Ethernet0/1<br />
Troubleshooting OSPF<br />
The majority of problems encountered with OSPF relate to the formation of adjacencies <strong>and</strong> the synchronization<br />
of the link-state databases.<br />
Make sure your Layer 1 <strong>and</strong> Layer 2 are functioning. Then use the following comm<strong>and</strong>s to verify <strong>and</strong><br />
troubleshoot the network.<br />
What comm<strong>and</strong> generates the following output?<br />
Router#show ip route<br />
Chapter 3: EIGRP <strong>and</strong> Troubleshooting Routing Protocols 187<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route
188 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Gateway of last resort is 192.168.1.245 to network 0.0.0.0<br />
192.168.1.0/24 is variably subnetted, 6 subnets, 2 masks<br />
C 192.168.1.64/26 is directly connected, FastEthernet0/0<br />
O 192.168.1.0/26 [110/65] via 192.168.1.245, 00:00:06, Serial0/1<br />
C 192.168.1.248/30 is directly connected, Serial0/0<br />
O 192.168.1.252/30 [110/128] via 192.168.1.245, 00:00:06, Serial0/1<br />
C 192.168.1.244/30 is directly connected, Serial0/1<br />
O 192.168.1.128/26 [110/129] via 192.168.1.245, 00:00:06, Serial0/1<br />
O*E2 0.0.0.0/0 [110/1] via 192.168.1.245, 00:00:07, Serial0/1<br />
Using the preceding output, answer the following questions.<br />
In the entry for 192.168.1.0/26, what does the 110 mean in the [110/65] portion of the entry?<br />
Administrative distance<br />
What does the 65 mean?<br />
The metric; it is the accumulated cost of the route based on the 108/bps formula.<br />
How many subnets <strong>and</strong> masks are used in the 192.168.1.0/24 address space?<br />
Six subnets <strong>and</strong> two masks<br />
What does O*E2 st<strong>and</strong> for <strong>and</strong> what does it mean?<br />
This is an external type 2 OSPF route. The * means that it is a c<strong>and</strong>idate for default routing. The O <strong>and</strong> E2<br />
identify this as an external type 2 OSPF route, which means that the cost is not accumulated as the route is<br />
propagated throughout the OSPF area.<br />
What comm<strong>and</strong> generates the following output?<br />
Router#show ip protocols<br />
Routing Protocol is “ospf 1”<br />
Outgoing update filter list for all interfaces is not set<br />
Incoming update filter list for all interfaces is not set<br />
Router ID 209.165.202.129<br />
It is an autonomous system boundary router<br />
Redistributing External Routes from,<br />
Number of areas in this router is 1. 1 normal 0 stub 0 nssa<br />
Maximum path: 4<br />
Routing for Networks:<br />
192.168.1.0 0.0.0.63 area 0<br />
192.168.1.244 0.0.0.3 area 0<br />
192.168.1.252 0.0.0.3 area 0<br />
Routing Information Sources:<br />
Gateway Distance Last Update<br />
209.165.202.129 110 00:08:10<br />
192.168.1.249 110 00:08:10<br />
192.168.1.253 110 00:08:10<br />
Distance: (default is 110)<br />
Notice in the preceding output the line that states, “It is an autonomous system boundary router.” What<br />
does this mean?
It means that this router is running at least two different routing processes. One of them is OSPF. In this<br />
case, the other is a static default route. This can be deduced from the “Routing Information Sources” portion<br />
of the output. Notice that the gateway 209.165.202.129 is not listed in the “Routing for Networks”<br />
portion of the output. This means that 209.165.202.129 is not part of OSPF but is being routed inside<br />
OSPF from another source. In this case, the default-information originate comm<strong>and</strong> along with the ip<br />
route comm<strong>and</strong> has made this router an ASBR (autonomous system boundary router).<br />
What comm<strong>and</strong> generates the following output?<br />
Router#debug ip ospf events<br />
00:09:46: OSPF: Rcv hello from 192.168.1.249 area 0 from Serial0/1 192.168.1.246<br />
00:09:46: OSPF: Mismatched hello parameters from 192.168.1.246<br />
00:09:46: OSPF: Dead R 160 C 120, Hello R 40 C 40<br />
00:10:26: OSPF: Rcv hello from 192.168.1.253 area 0 from Serial0/0 192.168.1.253<br />
00:10:26: OSPF: End of hello processing<br />
00:10:26: OSPF: Rcv hello from 192.168.1.249 area 0 from Serial0/1 192.168.1.246<br />
00:10:26: OSPF: Mismatched hello parameters from 192.168.1.246<br />
00:10:26: OSPF: Dead R 160 C 120, Hello R 40 C 40<br />
00:11:06: OSPF: Rcv hello from 192.168.1.253 area 0 from Serial0/0 192.168.1.253<br />
00:11:06: OSPF: End of hello processing<br />
00:11:06: OSPF: Rcv hello from 192.168.1.249 area 0 from Serial0/1 192.168.1.246<br />
00:11:06: OSPF: Mismatched hello parameters from 192.168.1.246<br />
00:11:06: OSPF: Dead R 160 C 120, Hello R 40 C 40<br />
00:11:46: OSPF: Rcv hello from 192.168.1.253 area 0 from Serial0/0 192.168.1.253<br />
00:11:46: OSPF: End of hello processing<br />
00:11:46: OSPF: Rcv hello from 192.168.1.249 area 0 from Serial0/1 192.168.1.246<br />
00:11:46: OSPF: Mismatched hello parameters from 192.168.1.246<br />
00:11:46: OSPF: Dead R 160 C 120, Hello R 40 C 40<br />
00:11:46: OSPF: 192.168.1.249 address 192.168.1.246 on Serial0/1 is dead<br />
00:11:46: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.249 on Serial0/1 from FULL to<br />
DOWN, Neighbor Down: Dead timer expired<br />
From the preceding comm<strong>and</strong> output, what is the problem?<br />
In OSPF configurations, hello <strong>and</strong> dead intervals must be the same for all OSPF neighbors. In the output<br />
shown, you interpret the line Dead R 160 C 120, Hello R 40 C 40 as follows: dead received, 160 seconds;<br />
dead configured 120 seconds; hello received, 40 seconds; hello configured, 40 seconds.<br />
In this case, the dead interval has been changed from 160, which was four times the hello, to 120. The reason<br />
why you know that it has just been changed is that the local router had established adjacency with<br />
192.168.1.249. It took the configured 120-second dead interval before the adjacency state with the neighbor<br />
to go from FULL to DOWN.<br />
What comm<strong>and</strong> would fix the “mismatch of hello parameters”?<br />
Router(config-if)#ip ospf dead-interval 160<br />
or<br />
Router(config-if)#no ip ospf dead-interval 120<br />
Chapter 3: EIGRP <strong>and</strong> Troubleshooting Routing Protocols 189
190 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Suppose that after you fixed the mismatch problem, you wanted to watch the processing of packets as the<br />
two neighbors re-establish adjacency. What comm<strong>and</strong> generated the following output?<br />
Router#debug ip ospf packets<br />
00:24:26: OSPF: rcv. v:2 t:1 l:44 rid:192.168.1.249<br />
aid:0.0.0.0 chk:0 aut:2 keyid:1 seq:0x2B91532F from Serial0/1<br />
00:24:29: OSPF: rcv. v:2 t:2 l:32 rid:192.168.1.249<br />
aid:0.0.0.0 chk:0 aut:2 keyid:1 seq:0x2B915330 from Serial0/1<br />
00:24:29: OSPF: rcv. v:2 t:2 l:112 rid:192.168.1.249<br />
aid:0.0.0.0 chk:0 aut:2 keyid:1 seq:0x2B915331 from Serial0/1<br />
00:24:29: OSPF: rcv. v:2 t:2 l:32 rid:192.168.1.249<br />
aid:0.0.0.0 chk:0 aut:2 keyid:1 seq:0x2B915332 from Serial0/1<br />
00:24:29: OSPF: rcv. v:2 t:2 l:32 rid:192.168.1.249<br />
aid:0.0.0.0 chk:0 aut:2 keyid:1 seq:0x2B915333 from Serial0/1<br />
00:24:30: OSPF: rcv. v:2 t:4 l:112 rid:192.168.1.249<br />
aid:0.0.0.0 chk:0 aut:2 keyid:1 seq:0x2B915335 from Serial0/1<br />
00:24:32: OSPF: rcv. v:2 t:5 l:44 rid:192.168.1.249<br />
aid:0.0.0.0 chk:0 aut:2 keyid:1 seq:0x2B915337 from Serial0/1<br />
In the following table, fill in the description for each field shown in the preceding output.<br />
Note: You may have to search Cisco.com to find the answers.<br />
Field Description<br />
v: OSPF version<br />
t: OSPF packet type; possible packet types are as follows:<br />
1: Hello<br />
2: Data description<br />
3: Link-state request<br />
4: Link-state update<br />
5: Link-state acknowledgment<br />
l: OSPF packet length in bytes<br />
rid: OSPF router ID<br />
aid: OSPF area ID<br />
chk: OSPF checksum<br />
aut: OSPF authentication type; possible authentication types are as follows:<br />
0: No authentication<br />
1: Simple password<br />
2: MD5<br />
auk: OSPF authentication key<br />
keyid: MD5 key ID<br />
seq: Sequence number
Internet Research Exercise<br />
The <strong>CCNA</strong> objectives cover all of the layers of the OSI model to some extent. Some layers are less important<br />
than others to your studies. For example, the presentation <strong>and</strong> session layers can be thought of as<br />
belonging to the application layer, as shown when comparing the TCP/IP model <strong>and</strong> the OSI model side<br />
by side. The most important layer of the OSI model for <strong>CCNA</strong> c<strong>and</strong>idates is the network layer. And the<br />
most important protocol of the network layer is the Internet Protocol (IP).<br />
Your assignment is to research IP to discover detailed information about the structure of its packet header.<br />
You can use any trusted Internet resource, but the original source is the RFC. Make sure you list your<br />
sources in the place provided at the end of this exercise.<br />
The IP Packet Header<br />
In Figure 3-3, label all the fields of the IP packet header.<br />
Figure 3-3 IP Packet Header<br />
A B C D<br />
E F G<br />
H I J<br />
K<br />
L<br />
Version<br />
Field Descriptions<br />
Describe in as much detail as possible the purpose of each field in the IP packet header.<br />
Field A Version<br />
Time to Live<br />
Header<br />
Length<br />
This field identifies the IP version, which is currently version 4. So, the bit value is 0100 in this field. The<br />
next version is version 6. There are no other versions.<br />
Field B Header Length<br />
Type of Service or<br />
Differentiated<br />
Service<br />
Chapter 3: EIGRP <strong>and</strong> Troubleshooting Routing Protocols 191<br />
Total Length<br />
Identifier Flags<br />
Fragment Offset<br />
Protocols<br />
M N<br />
Options<br />
32 Bits<br />
8 8 8 8<br />
Source Address<br />
Destination Address<br />
Header Checksum<br />
Padding<br />
This field specifies in 32-bit words the length of this header, which is five or 0101 when no options are<br />
specified. This field’s value can be as large as 1111 or 15, meaning the header can be a maximum of 15<br />
32-bit words or 60 octets.
192 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Field C Type of Service (TOS) or Differentiated Service<br />
This 8-bit field can be broken down into two parts: Precedence <strong>and</strong> TOS. The first 3 bits specify the<br />
Precedence value (e.g. routine-0, priority-1, immediate-2, etc.); 4th bit specifies minimal delay; 5th bit<br />
specifies maximize throughput; 6th bit specifies maximize reliability; 7th bit specifies minimize monetary<br />
costs; 8th bit is currently unused. Although this field is not commonly used <strong>and</strong> is usually set to all zeros,<br />
the Precedence bits are occasionally used for QoS applications.<br />
Field D Total Length<br />
This field is a 16-bit number specifying the total length of the packet (header + data) in bytes; can be up to<br />
65,535 bytes. By subtracting the header length for this value, you can determine the size of the payload.<br />
Field E Identifier<br />
This field is used to identify the fragments of one datagram from those of another. The originating protocol<br />
module of an Internet datagram sets the Identifier field to a value that must be unique for that sourcedestination<br />
pair <strong>and</strong> protocol for the time the datagram will be active in the Internet system. The originating<br />
protocol module of a complete datagram sets the MF bit to 0 <strong>and</strong> the Fragment Offset field to 0.<br />
Field F Flags<br />
These 3 bits indicate whether the packet can be fragmented <strong>and</strong> whether it has more fragments coming.<br />
The 3 bits are as follows:<br />
■ 1st bit: Reserved (unused)<br />
■ 2nd bit: Fragment? 1=no, 0=yes<br />
■ 3rd bit: More Fragments Coming? 0=no, 1=yes<br />
Field G Fragment Offset<br />
This is a byte count from the beginning of the original packet so that the destination knows where to place<br />
this particular fragment when reconstructing the packet. If a router’s interface is set to a maximum transmission<br />
unit that is smaller than the sent packet, then it will be fragmented by the router. However, if the<br />
Do Not Fragment bit is set in the Flag field, then the packet will be dropped <strong>and</strong> an ICMP message will be<br />
sent to the source.<br />
Field H Time to Live<br />
This 8-bit field helps prevent routing loops. This field is set with a certain number when the packet is first<br />
encapsulated at the source. Each router along the path from the source to the destination decrements this<br />
field. If this field reaches 0 before the packet reaches the destination, then the packet is dropped <strong>and</strong> an<br />
ICMP messages is sent to the source. The trace utility uses this field to trace a route to a specified destination.<br />
Field I Protocols<br />
Also called Service Access Point (SAP), the Protocol field identifies the upper-layer protocol that the data<br />
packet is destined for. A few of the values of this field are shown in the following table:
Protocol Value Network Layer Protocol<br />
1 ICMP<br />
6 TCP<br />
17 UDP<br />
88 IGRP<br />
89 OSPF<br />
Instructor Note: Although ICMP is identified by the number 1, it is not an upper-layer protocol, but operates in the<br />
network layer. An ICMP packet is encapsulated with an IP header.<br />
Field J Header Checksum<br />
This field is used to check the integrity of the bits in the header. Because each router decrements the TTL<br />
field, this checksum must be recalculated at each hop on the way to the destination.<br />
Field K Source Address<br />
This field is the 32-bit IP address for the source of the packet.<br />
Field L Destination Address<br />
This field is the 32-bit IP address for the destination of the packet.<br />
Field M Options<br />
IP options can be a number of things. If the options in this field do not extend the full 32 bits of this sixth<br />
32-bit word, then padding is added. The data must begin on a new 32-bit word boundary.<br />
Field N Padding<br />
If necessary, the source will add zeros to the end of the last 32-bit word in the packet header to ensure that<br />
the header always ends on a 32-bit word.<br />
Sources<br />
Chapter 3: EIGRP <strong>and</strong> Troubleshooting Routing Protocols 193<br />
Check student sources to see if they are legitimate. “RFC 791 Internet Protocol” should be listed. For the<br />
sample answers here, the RFC was used as well as the Cisco Press title Routing TCP/IP, Volume 1, Second<br />
Edition, pp. 7-16. The website http://www.networksorcery.com was also consulted.
194 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Lab Exercises<br />
Comm<strong>and</strong> Reference<br />
In the table that follows, record the comm<strong>and</strong>, including the correct router prompt, that fits the description.<br />
Fill in any blanks with the appropriate missing information.<br />
Comm<strong>and</strong> Description<br />
Router(config)#router eigrp 100 Turns on the EIGRP process.<br />
100 is the autonomous system (AS) number,<br />
which can be a number between 1 <strong>and</strong> 65535.<br />
All routers in the same AS must use the same<br />
AS number.<br />
Router(config-router)#eigrp log-neighbor-changes Logs any changes to an EIGRP neighbor<br />
adjacency.<br />
Router(config-router)#no auto-summary Turns off the automatic summarization of<br />
networks at classful boundaries.<br />
Router(config-if)#b<strong>and</strong>width 128 Changes the b<strong>and</strong>width of an interface to<br />
128 kbps.<br />
Router(config-if)#ip summary-address Enables manual summarization on this specific<br />
eigrp 100 10.10.0.0 255.255.0.0 interface for the 10.10.0.0/16 address space.<br />
Router#show ip eigrp neighbors Displays a neighbor table.<br />
Router#show ip eigrp neighbors detail Displays a detailed neighbor table.<br />
Router#show ip eigrp interface Displays EIGRP information for each interface.<br />
Router#show ip eigrp topology Displays the topology table. This comm<strong>and</strong><br />
shows you where your feasible successors are.<br />
Router#show ip eigrp traffic Displays the number <strong>and</strong> type of packets sent<br />
<strong>and</strong> received.<br />
Router#debug eigrp fsm Displays events/actions related to the DUAL<br />
FSM.<br />
Router#debug eigrp packet Displays events/actions related to EIGRP packets.<br />
Router#debug eigrp neighbor Displays events/actions related to EIGRP neighbors.
Curriculum Lab 3-1: Configuring EIGRP Routing (3.2.1)<br />
Figure 3-4 Topology for Lab 3-1<br />
Table 3-1 Lab Equipment Configuration: Part I<br />
Router Designation Router Name Routing Protocol Network Statements<br />
Router 1 Paris EIGRP 192.168.3.0<br />
192.168.2.0<br />
Router 2 Warsaw EIGRP 192.168.1.0<br />
The enable secret password for both routers is class.<br />
The enable, VTY, <strong>and</strong> console password for both routers is cisco.<br />
Table 3-2 Lab Equipment Configuration: Part II<br />
Chapter 3: EIGRP <strong>and</strong> Troubleshooting Routing Protocols 195<br />
Straight-Through Cable<br />
Rollover (Console) Cable<br />
Router 1 Router 2<br />
Crossover Cable<br />
Serial Cable<br />
192.168.2.0<br />
Router IP Host Fast Ethernet 0 Interface Serial 0 Address/ Loopback 0<br />
Designation Table Entry Address/ Type Subnet Mask Subnet Mask<br />
Subnet Mask Serial 0 Address/<br />
Router 1 Warsaw 192.168.3.1/24 DCE 192.168.2.1/30 192.168.0.2/24<br />
Router 2 Paris 192.168.1.1/24 DTE 192.168.2.2/30 No address<br />
The interface type <strong>and</strong> address/subnet mask for the serial 1 interface on both routers is not applicable for<br />
this lab.
196 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
The “IP Host Table Entry” column contents indicate the names of the other routers in the IP host table.<br />
Objectives<br />
■ Set up an IP addressing scheme for the network.<br />
■ Configure <strong>and</strong> verify EIGRP routing.<br />
Background/Preparation<br />
Cable a network that is similar to the one in Figure 3-4. You can use any router that meets the interface<br />
requirements in Figure 3-4 (that is, 800, 1600, 1700, 2500, <strong>and</strong> 2600 routers or a combination). Refer to<br />
the information in Appendix A, “Router Interface Summary Chart,” to correctly specify the interface identifiers<br />
based on the equipment in your lab. The 1721 series routers produced the configuration output in<br />
this lab. Another router might produce slightly different output. You should execute the following steps on<br />
each router unless you are specifically instructed otherwise. Start a HyperTerminal session.<br />
Implement the procedure that is documented in Appendix C, “Erasing <strong>and</strong> Reloading the Router,” on all<br />
routers before you continue with this lab.<br />
Task 1: Configure the Routers<br />
On the routers, enter global configuration mode <strong>and</strong> configure the hostname as shown in the chart. Then,<br />
configure the console, virtual terminal, <strong>and</strong> enable passwords. Next, configure the interfaces according to<br />
Table 3-2. Finally, configure the IP hostnames. If you have problems configuring the router basics, refer to<br />
Lab 1-2, “Review of Basic Router Configuration with RIP.”<br />
Note: Do not configure the routing protocol until you are specifically told to.<br />
PARIS<br />
Router>enable<br />
Router#configure terminal<br />
Router(config)#hostname PARIS<br />
PARIS(config)#enable secret class<br />
PARIS(config)#line console 0<br />
PARIS(config-line)#password cisco<br />
PARIS(config-line)#login<br />
PARIS(config-line)#line vty 0 4<br />
PARIS(config-line)#password cisco<br />
PARIS(config-line)#login<br />
PARIS(config-line)#exit<br />
PARIS(config)#interface serial 0<br />
PARIS(config-if)#ip address 192.168.2.1 255.255.255.252<br />
PARIS(config-if)#clock rate 64000<br />
PARIS(config-if)#no shutdown<br />
PARIS(config-if)#exit<br />
PARIS(config-if)#interface loopback 0<br />
PARIS(config-if)#ip address 192.168.0.2 255.255.255.0<br />
PARIS(config-if)#exit<br />
PARIS(config)#interface fastethernet 0<br />
PARIS(config-if)#ip address 192.168.3.1 255.255.255.0<br />
PARIS(config-if)#no shutdown
PARIS(config-if)#exit<br />
PARIS(config)#ip host WARSAW 192.168.2.2 192.168.1.1<br />
WARSAW<br />
Router>enable<br />
Router#configure terminal<br />
Router(config)#hostname WARSAW<br />
WARSAW(config)#enable secret class<br />
WARSAW(config)#line console 0<br />
WARSAW(config-line)#password cisco<br />
WARSAW(config-line)#login<br />
WARSAW(config-line)#line vty 0 4<br />
WARSAW(config-line)#password cisco<br />
WARSAW(config-line)#login<br />
WARSAW(config-line)#exit<br />
WARSAW(config)#interface serial 0<br />
WARSAW(config-if)#ip address 192.168.2.2 255.255.255.252<br />
WARSAW(config-if)#no shutdown<br />
WARSAW(config-if)#exit<br />
WARSAW(config)#interface fastethernet 0<br />
WARSAW(config-if)#ip address 192.168.1.1 255.255.255.0<br />
WARSAW(config-if)#no shutdown<br />
WARSAW(config-if)#exit<br />
WARSAW(config)#ip host WARSAW 192.168.2.1 192.168.3.1<br />
Task 2: Save the Configuration Information from Privileged EXEC<br />
Comm<strong>and</strong> Mode<br />
Paris#copy running-config startup-config<br />
Destination filename [startup-config]? [Enter]<br />
Task 3: Configure the Hosts<br />
Step 1. Configure the hosts with the proper IP address, subnet mask, <strong>and</strong> default gateway.<br />
Host connected to router Paris<br />
IP address: 192.168.3.2<br />
Subnet mask: 255.255.255.0<br />
Default gateway: 192.168.3.1<br />
Host connected to router Warsaw<br />
IP address: 192.168.1.2<br />
Subnet mask: 255.255.255.0<br />
Default gateway: 192.168.1.1<br />
Chapter 3: EIGRP <strong>and</strong> Troubleshooting Routing Protocols 197
198 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Step 2. Each workstation should be able to ping the attached router. Troubleshoot as necessary. Hint:<br />
Remember to assign a specific IP address <strong>and</strong> default gateway to the workstation. If you are<br />
running Windows 98, check using Start > Run > winipcfg. If you are running Windows 2000<br />
or later, check using ipconfig in a DOS window.<br />
Step 3. At this point, the workstations will not be able to communicate with each other. The following<br />
tasks demonstrate the process that is required to get communication working while using<br />
EIGRP as the routing protocol.<br />
Task 4: View the Router’s Configuration <strong>and</strong> Interface Information<br />
Step 1. At the privileged EXEC mode prompt, type the following:<br />
Paris#show running-config<br />
Step 2. Using the show ip interface brief comm<strong>and</strong>, check the status of each interface.<br />
What is the state of the interfaces on each router?<br />
Paris:<br />
Warsaw:<br />
■ Fast Ethernet 0: Up<br />
■ Serial 0: Up<br />
■ Fast Ethernet 0: Up<br />
■ Serial 0: Up<br />
Step 3. Ping from one of the connected serial interfaces to the other.<br />
Was the ping successful? Yes<br />
Step 4. If the ping was not successful, troubleshoot the router’s configuration until the ping is successful.<br />
Task 5: Configure EIGRP Routing on Router Paris<br />
Step 1. Enable the EIGRP routing process on router Paris <strong>and</strong> configure the networks it will advertise.<br />
Use EIGRP autonomous system number 101.<br />
Paris(config)#router eigrp 101<br />
Paris(config-router)#network 192.168.3.0<br />
Paris(config-router)#network 192.168.2.0<br />
Paris(config-router)#network 192.168.0.0<br />
Paris(config-router)#end<br />
Step 2. Show the routing table for the Paris router.<br />
Paris#show ip route<br />
Do entries exist in the routing table? No<br />
Why?<br />
EIGRP is not configured on router Warsaw yet.
Task 6: Configure EIGRP Routing on Router Warsaw<br />
Step 1. Enable the EIGRP routing process on router Warsaw <strong>and</strong> configure the networks it will advertise.<br />
Use EIGRP autonomous system number 101.<br />
Warsaw(config)#router eigrp 101<br />
Warsaw(config-router)#network 192.168.2.0<br />
Warsaw(config-router)#network 192.168.1.0<br />
Warsaw(config-router)#end<br />
Step 2. Show the routing table for the Warsaw router.<br />
Warsaw#show ip route<br />
Task 7: Test Network Connectivity<br />
Ping the Paris host from the Warsaw host. Was it successful? Yes<br />
If not, troubleshoot as necessary.<br />
After you complete the previous steps, log off (by typing exit) <strong>and</strong> turn the router off. Then, remove <strong>and</strong><br />
store the cables <strong>and</strong> adapter.<br />
Curriculum Lab 3-2: Verifying Basic EIGRP Configuration<br />
(3.2.3)<br />
Figure 3-5 Topology for Lab 3-2<br />
Chapter 3: EIGRP <strong>and</strong> Troubleshooting Routing Protocols 199<br />
Straight-Through Cable<br />
Rollover (Console) Cable<br />
Router 1 Router 2<br />
Crossover Cable<br />
Serial Cable
200 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Table 3-3 Lab Equipment Configuration: Part I<br />
Router Designation Router Name Routing Protocol Network Statements<br />
Router 1 Paris EIGRP 192.168.3.0<br />
192.168.2.0<br />
Router 2 Warsaw EIGRP 192.168.1.0<br />
The enable secret password for both routers is class.<br />
The enable, VTY, <strong>and</strong> console password for both routers is cisco.<br />
Table 3-4 Lab Equipment Configuration: Part II<br />
192.168.2.0<br />
Router IP Host Fast Ethernet 0 Interface Serial 0 Address/ Loopback 0<br />
Designation Table Entry Address/ Type Subnet Mask Address/<br />
Subnet Mask Serial 0 Subnet Mask<br />
Router 1 Warsaw 192.168.3.1/24 DCE 192.168.2.1/30 192.168.0.2/24<br />
Router 2 Paris 192.168.1.1/24 DTE 192.168.2.2/30 No address<br />
The “IP Host Table Entry” column contents indicate the names of the other routers in the IP host table.<br />
Objectives<br />
■ Set up an IP addressing scheme for the network.<br />
■ Configure <strong>and</strong> verify EIGRP routing.<br />
Background/Preparation<br />
Cable a network that is similar to the one in Figure 3-5. You can use any router that meets the interface<br />
requirements in Figure 3-5 (that is, 800, 1600, 1700, 2500, <strong>and</strong> 2600 routers or a combination). Refer to<br />
the information in Appendix A to correctly specify the interface identifiers based on the equipment in your<br />
lab. The 1721 series routers produced the configuration output in this lab. Another router might produce<br />
slightly different output. You should execute the following steps on each router unless you are specifically<br />
instructed otherwise. Start a HyperTerminal session.<br />
Implement the procedure documented in Appendix C on all routers before you continue with this lab.<br />
Task 1: Configure the Routers<br />
On the routers, enter global configuration mode <strong>and</strong> configure the hostname as shown in Tables 3-3 <strong>and</strong> 3-4.<br />
Then, configure the console, virtual terminal, <strong>and</strong> enable passwords. Next, configure the interfaces according<br />
to Tables 3-3 <strong>and</strong> 3-4. Finally, configure the IP hostnames. If you have problems configuring the router<br />
basics, refer to Lab 1-2, “Review of Basic Router Configuration with RIP.”<br />
Note: Do not configure the routing protocol until you are specifically told to.<br />
PARIS<br />
Router>enable<br />
Router#configure terminal<br />
Router(config)#hostname PARIS<br />
PARIS(config)#enable secret class
PARIS(config)#line console 0<br />
PARIS(config-line)#password cisco<br />
PARIS(config-line)#login<br />
PARIS(config-line)#line vty 0 4<br />
PARIS(config-line)#password cisco<br />
PARIS(config-line)#login<br />
PARIS(config-line)#exit<br />
PARIS(config)#interface serial 0<br />
PARIS(config-if)#ip address 192.168.2.1 255.255.255.252<br />
PARIS(config-if)#clock rate 64000<br />
PARIS(config-if)#no shutdown<br />
PARIS(config-if)#exit<br />
PARIS(config-if)#interface loopback 0<br />
PARIS(config-if)#ip address 192.168.0.2 255.255.255.0<br />
PARIS(config-if)#exit<br />
PARIS(config)#interface fastethernet 0<br />
PARIS(config-if)#ip address 192.168.3.1 255.255.255.0<br />
PARIS(config-if)#no shutdown<br />
PARIS(config-if)#exit<br />
PARIS(config)#ip host WARSAW 192.168.2.2 192.168.1.1<br />
WARSAW<br />
Router>enable<br />
Router#configure terminal<br />
Router(config)#hostname WARSAW<br />
WARSAW(config)#enable secret class<br />
WARSAW(config)#line console 0<br />
WARSAW(config-line)#password cisco<br />
WARSAW(config-line)#login<br />
WARSAW(config-line)#line vty 0 4<br />
WARSAW(config-line)#password cisco<br />
WARSAW(config-line)#login<br />
WARSAW(config-line)#exit<br />
WARSAW(config)#interface serial 0<br />
WARSAW(config-if)#ip address 192.168.2.2 255.255.255.252<br />
WARSAW(config-if)#no shutdown<br />
WARSAW(config-if)#exit<br />
WARSAW(config)#interface fastethernet 0<br />
WARSAW(config-if)#ip address 192.168.1.1 255.255.255.0<br />
WARSAW(config-if)#no shutdown<br />
WARSAW(config-if)#exit<br />
WARSAW(config)#ip host PARIS 192.168.2.1 192.168.3.1<br />
Chapter 3: EIGRP <strong>and</strong> Troubleshooting Routing Protocols 201
202 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 2: Save the Configuration Information from Privileged EXEC<br />
Comm<strong>and</strong> Mode<br />
PARIS#copy running-config startup-config<br />
Destination filename [startup-config]? [Enter]<br />
Task 3: Configure the Hosts<br />
Step 1. Configure the hosts with the proper IP address, subnet mask, <strong>and</strong> default gateway.<br />
Host connected to router Paris<br />
IP address: 192.168.3.2<br />
Subnet mask: 255.255.255.0<br />
Default gateway: 192.168.3.1<br />
Host connected to router Warsaw<br />
IP address: 192.168.1.2<br />
Subnet mask: 255.255.255.0<br />
Default gateway: 192.168.1.1<br />
Step 2. Each workstation should be able to ping the attached router. Troubleshoot as necessary. Hint:<br />
Remember to assign a specific IP address <strong>and</strong> default gateway to the workstation. If you are<br />
running Windows 98, check using Start > Run > winipcfg. If you are running Windows 2000<br />
or later, check using ipconfig in a DOS window.<br />
Step 3. At this point, the workstations will not be able to communicate with each other. The following<br />
tasks demonstrate the process that is required to get communication working while using<br />
EIGRP as the routing protocol.<br />
Task 4: View the Router’s Configuration <strong>and</strong> Interface Information<br />
Step 1. At the privileged EXEC mode prompt, type show running-config.<br />
Step 2. Using the show ip interface brief comm<strong>and</strong>, check the status of each interface.<br />
Step 3. What is the state of the interfaces on each router?<br />
Paris:<br />
■ Fast Ethernet 0: Up<br />
■ Serial 0: Up<br />
Warsaw:<br />
■ Fast Ethernet 0: Up<br />
■ Serial 0: Up<br />
Step 4. Ping from one of the connected serial interfaces to the other.<br />
Step 5. Was the ping successful? Yes<br />
Step 6. If the ping was not successful, troubleshoot the router’s configuration until the ping is successful.
Task 5: Configure EIGRP Routing on Router Paris<br />
Step 1. Enable the EIGRP routing process on router Paris <strong>and</strong> configure the networks it will advertise.<br />
Use EIGRP autonomous system number 101.<br />
Paris(config)#router eigrp 101<br />
Paris(config-router)#network 192.168.3.0<br />
Paris(config-router)#network 192.168.2.0<br />
Paris(config-router)#network 192.168.0.0<br />
Paris(config-router)#end<br />
Step 2. Show the routing table for the Paris router.<br />
Paris#show ip route<br />
Do entries exist in the routing table? No<br />
Why?<br />
EIGRP is not configured on Warsaw.<br />
Task 6: Configure EIGRP Routing on Router Warsaw<br />
Step 1. Enable the EIGRP routing process on router Warsaw <strong>and</strong> configure the networks it will advertise.<br />
Use EIGRP autonomous system number 101.<br />
Warsaw(config)#router eigrp 101<br />
Warsaw(config-router)#network 192.168.2.0<br />
Warsaw(config-router)#network 192.168.1.0<br />
Warsaw(config-router)#end<br />
Step 2. Show the routing table for the Warsaw router.<br />
Warsaw#show ip route<br />
Do EIGRP entries exist in the routing table now? Yes<br />
What is the address type in the EIGRP 192.168.2.0 route? C <strong>–</strong> Directly Connected<br />
What does the D mean in the first column of the routing table? The route was learned via<br />
EIGRP.<br />
Task 7: Show EIGRP Neighbors<br />
From the Paris router, show any neighbors that are connected by using the show ip eigrp neighbors comm<strong>and</strong><br />
at the privileged EXEC mode prompt.<br />
Are neighbors shown? Yes<br />
Task 8: Test Network Connectivity<br />
Ping the Paris host from the Warsaw host. Was it successful? Yes<br />
If not, troubleshoot as necessary.<br />
Chapter 3: EIGRP <strong>and</strong> Troubleshooting Routing Protocols 203
204 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 9: View the Topology Table<br />
Step 1. To view the topology table, issue the show ip eigrp topology all-links comm<strong>and</strong>.<br />
How many routes are in passive mode? 3<br />
Step 2. To view more specific information about a topology table entry, use an IP address with this<br />
comm<strong>and</strong>:<br />
Paris#show ip eigrp topology 192.168.1.0<br />
Based on the output of this comm<strong>and</strong>, does it tell what external protocol originated this route to<br />
192.168.2.0? Yes<br />
Does it tell which router originated the route? Yes<br />
Step 3. Use show comm<strong>and</strong>s to view key EIGRP statistics. On the Paris router, issue the show ip eigrp<br />
traffic comm<strong>and</strong>.<br />
How many hello packets has the Paris router received? Answers will vary.<br />
How many has it sent? Answers will vary.<br />
After you complete the previous steps, log off (by typing exit) <strong>and</strong> turn the router off. Then, remove <strong>and</strong><br />
store the cables <strong>and</strong> adapter.<br />
Comprehensive Lab 3-3: Comprehensive EIGRP<br />
Configuration<br />
Figure 3-6 EIGRP Configuration<br />
172.16.64.0/20<br />
172.16.80.0/20<br />
172.16.96.0/20<br />
172.16.112.0/20<br />
Lo1<br />
Lo2<br />
Lo3<br />
Lo4<br />
10.0.0.8/30<br />
RTC<br />
T1<br />
S0/0<br />
172.16.0.0/18<br />
Fa0/0<br />
RTA<br />
EIGRP<br />
100<br />
S0/1<br />
DCE<br />
T1<br />
10.0.0.0/30<br />
S0/0<br />
DCE S0/1<br />
S0/1<br />
128kbps<br />
10.0.0.4/30 S0/0<br />
DCE<br />
RTB<br />
Lo1<br />
Lo2<br />
Lo3<br />
Lo4<br />
172.16.128.0/19<br />
172.16.160.0/19<br />
172.16.192.0/19<br />
172.16.224.0/19
Table 3-5 Addressing Table for Lab 3-3<br />
Device Interface IP Address Subnet Mask<br />
RTA S0/1 10.0.0.1 255.255.255.252<br />
S0/0 10.0.0.10 255.255.255.252<br />
Fa0/0 172.16.0.1 255.255.192.0<br />
RTB S0/1 10.0.0.2 255.255.255.252<br />
S0/0 10.0.0.5 255.255.255.252<br />
Lo1 172.16.128.1 255.255.255.224<br />
Lo2 172.16.160.1 255.255.255.224<br />
Lo3 172.16.192.1 255.255.255.224<br />
Lo4 172.16.224.1 255.255.255.224<br />
RTC S0/1 10.0.0.6 255.255.255.252<br />
Objectives<br />
S0/0 10.0.0.9 255.255.255.252<br />
Lo1 172.16.64.1 255.255.255.240<br />
Lo2 172.16.80.1 255.255.255.240<br />
Lo3 172.16.96.1 255.255.255.240<br />
Lo4 172.16.112.1 255.255.255.240<br />
■ Configure EIGRP routing.<br />
■ Configure b<strong>and</strong>width <strong>and</strong> turn off automatic summarization.<br />
■ Configure manual summarization.<br />
Equipment<br />
The topology shown in Figure 3-6 is using 2600 series routers. This lab can be done with any combination<br />
of 1700, 2500, <strong>and</strong> 2600 series routers. Connectivity to an ISP is simulated with a Loopback interface on<br />
RTA.<br />
NetLab Compatibility Notes<br />
This lab is fully compatible with a st<strong>and</strong>ard NetLab three router pod.<br />
Task 1: Cable the Topology <strong>and</strong> Basic Configurations<br />
Step 1. Cable the topology as shown. If DCE/DTE connections <strong>and</strong> interfaces are different from those<br />
shown in Figure 3-6 <strong>and</strong> the table, then relabel the figure to match your connections.<br />
Step 2. Configure the routers with basic router configurations, including:<br />
■ Hostnames <strong>and</strong> host tables<br />
■ Enable secret password <strong>and</strong> MOTD banner<br />
■ Line configurations<br />
Chapter 3: EIGRP <strong>and</strong> Troubleshooting Routing Protocols 205<br />
■ IOS-specific comm<strong>and</strong>s (e.g. ip subnet-zero with IOS versions prior to 12)
206 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Step 3. The following is a basic configuration for RTA:<br />
Router(config)#hostname RTA<br />
RTA(config)#ip subnet-zero<br />
RTA(config)#no ip domain-lookup<br />
RTA(config)#ip host RTC 10.0.0.9 10.0.0.6<br />
RTA(config)#ip host RTB 10.0.0.2 10.0.0.5<br />
RTA(config)#banner motd &<br />
***********************************<br />
!!!AUTHORIZED ACCESS ONLY!!!<br />
***********************************<br />
&<br />
RTA(config)#line con 0<br />
RTA(config-line)#exec-timeout 30 0<br />
RTA(config-line)#password cisco<br />
RTA(config-line)#logging synchronous<br />
RTA(config-line)#login<br />
RTA(config-line)#ine aux 0<br />
RTA(config-line)#exec-timeout 30 0<br />
RTA(config-line)#password cisco<br />
RTA(config-line)#logging synchronous<br />
RTA(config-line)#login<br />
RTA(config-line)#line vty 0 4<br />
RTA(config-line)#exec-timeout 30 0<br />
RTA(config-line)#password cisco<br />
RTA(config-line)#logging synchronous<br />
RTA(config-line)#login<br />
RTA(config-line)#end<br />
RTA#copy run start<br />
Instructor Note: This basic configuration can be used on all three routers with changes to the hostname <strong>and</strong> the host<br />
table. At this level in their studies, your students should be able to do this with little or no help from you.<br />
Task 2: Configure Interfaces <strong>and</strong> EIGRP Routing<br />
Step 1. Use Table 3-5 <strong>and</strong> the topology shown in Figure 3-6 to configure each router with the correct<br />
interface addresses. The interface configuration for RTA is as follows:<br />
RTA(config)#interface FastEthernet0/0<br />
RTA(config-if)#description Link to RTA LAN<br />
RTA(config-if)#ip address 172.16.0.1 255.255.192.0<br />
RTA(config-if)#no shutdown<br />
RTA(config-if)#interface Serial0/0<br />
RTA(config-if)#description Link to RTC<br />
RTA(config-if)#ip address 10.0.0.10 255.255.255.252<br />
RTA(config-if)#clockrate 64000<br />
RTA(config-if)#no shutdown<br />
RTA(config-if)#interface Serial0/1<br />
RTA(config-if)#description Link to RTB<br />
RTA(config-if)#ip address 10.0.0.1 255.255.255.252<br />
RTA(config-if)#clockrate 64000<br />
RTA(config-if)#no shutdown
RTB<br />
RTC<br />
RTB(config)#interface Loopback1<br />
RTB(config-if)#ip address 172.16.128.1 255.255.224.0<br />
RTB(config-if)#interface Loopback2<br />
RTB(config-if)#ip address 172.16.160.1 255.255.224.0<br />
RTB(config-if)#interface Loopback3<br />
RTB(config-if)#ip address 172.16.192.1 255.255.224.0<br />
RTB(config-if)#interface Loopback4<br />
RTB(config-if)#ip address 172.16.224.1 255.255.224.0<br />
RTB(config-if)#interface Serial0/0<br />
RTB(config-if)#description Link to RTC<br />
RTB(config-if)#ip address 10.0.0.5 255.255.255.252<br />
RTB(config-if)#clockrate 64000<br />
RTB(config-if)#no shutdown<br />
RTB(config-if)#interface Serial0/1<br />
RTB(config-if)#description Link to RTA<br />
RTB(config-if)#ip address 10.0.0.2 255.255.255.252<br />
RTB(config-if)#no shutdown<br />
RTC(config)#interface Loopback1<br />
RTC(config-if)#ip address 172.16.64.1 255.255.240.0<br />
RTC(config-if)#interface Loopback2<br />
RTC(config-if)#ip address 172.16.80.1 255.255.240.0<br />
RTC(config-if)#interface Loopback3<br />
RTC(config-if)#ip address 172.16.96.1 255.255.240.0<br />
RTC(config-if)#interface Loopback4<br />
RTC(config-if)#ip address 172.16.112.1 255.255.240.0<br />
RTC(config-if)#interface Serial0/0<br />
RTC(config-if)#description Link to RTA<br />
RTC(config-if)#ip address 10.0.0.9 255.255.255.252<br />
RTC(config-if)#no shutdown<br />
RTC(config-if)#interface Serial0/1<br />
RTC(config-if)#description Link to RTB<br />
RTC(config-if)#ip address 10.0.0.6 255.255.255.252<br />
RTC(config-if)#no shutdown<br />
Step 2. Configure each router with EIGRP routing. The configuration for RTA follows. All routers<br />
have the same basic EIGRP configuration.<br />
RTA(config)#router eigrp 100<br />
RTA(config-router)#network 10.0.0.0<br />
RTA(config-router)#network 172.16.0.0<br />
Task 3: Configure B<strong>and</strong>width <strong>and</strong> Automatic Summarization<br />
Step 1. According to the topology shown in Figure 3-6, RTB <strong>and</strong> RTC are connected with a 128-kbps<br />
link. Enter the comm<strong>and</strong>s on both routers necessary to adjust the default b<strong>and</strong>width to match<br />
the actual speed.<br />
RTB(config)#interface Serial0/0<br />
RTC(config-if)#b<strong>and</strong>width 128<br />
RTC(config)#interface Serial0/1<br />
RTC(config-if)#b<strong>and</strong>width 128<br />
Chapter 3: EIGRP <strong>and</strong> Troubleshooting Routing Protocols 207
208 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Step 2. Display the routing table on RTA.<br />
RTA#show ip route<br />
(output omitted)<br />
Gateway of last resort is not set<br />
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks<br />
D 172.16.0.0/16 is a summary, 00:23:16, Null0<br />
C 172.16.0.0/18 is directly connected, FastEthernet0/0<br />
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks<br />
D 10.0.0.0/8 is a summary, 00:23:20, Null0<br />
C 10.0.0.0/30 is directly connected, Serial0/1<br />
Step 3. Notice that RTA does not have routes to the simulated LANs on RTB <strong>and</strong> RTC. Enter the comm<strong>and</strong><br />
to disable automatic summarization on all three routers.<br />
Each router should have the no auto-summary comm<strong>and</strong> configured within the<br />
EIGRP routing process.<br />
Task 4: Configure Manual Summarization<br />
Step 1. Display the routing table on RTA.<br />
RTA#show ip route<br />
(output omitted)<br />
Gateway of last resort is not set<br />
172.16.0.0/16 is variably subnetted, 9 subnets, 3 masks<br />
D 172.16.160.0/19 [90/2297856] via 10.0.0.2, 00:00:16, Serial0/1<br />
D 172.16.128.0/19 [90/2297856] via 10.0.0.2, 00:00:16, Serial0/1<br />
D 172.16.224.0/19 [90/2297856] via 10.0.0.2, 00:00:16, Serial0/1<br />
D 172.16.192.0/19 [90/2297856] via 10.0.0.2, 00:00:16, Serial0/1<br />
C 172.16.0.0/18 is directly connected, FastEthernet0/0<br />
D 172.16.112.0/20 [90/2297856] via 10.0.0.9, 00:00:29, Serial0/0<br />
D 172.16.96.0/20 [90/2297856] via 10.0.0.9, 00:00:30, Serial0/0<br />
D 172.16.80.0/20 [90/2297856] via 10.0.0.9, 00:00:30, Serial0/0<br />
D 172.16.64.0/20 [90/2297856] via 10.0.0.9, 00:00:30, Serial0/0<br />
10.0.0.0/30 is subnetted, 3 subnets<br />
C 10.0.0.8 is directly connected, Serial0/0<br />
C 10.0.0.0 is directly connected, Serial0/1<br />
D 10.0.0.4 [90/21024000] via 10.0.0.9, 00:00:30, Serial0/0<br />
[90/21024000] via 10.0.0.2, 00:00:30, Serial0/1<br />
Step 2. Notice that RTA has 12 routes. Some of these routes can be summarized to reduce the size of<br />
the routing table.<br />
The simulated LANs on RTB share the same bit pattern for the first 21 bits of the network prefix<br />
172.16.128.0.<br />
The simulated LANS on RTC share the same bit pattern for the first 18 bits of the network prefix<br />
172.16.64.0.<br />
What comm<strong>and</strong> would you configure on both serial interfaces for RTB?<br />
RTB(config-if)#ip summary-address eigrp 100 172.16.128.0 255.255.128.0
What comm<strong>and</strong> would you configure on both serial interfaces for RTC?<br />
RTC(config-if)#ip summary-address eigrp 100 172.16.64.0 255.255.192.0<br />
Step 3. Display the routing table for RTA. You should have only six routes.<br />
RTA#show ip route<br />
(output omitted)<br />
Gateway of last resort is not set<br />
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks<br />
D 172.16.128.0/17 [90/2297856] via 10.0.0.2, 01:36:05, Serial0/1<br />
C 172.16.0.0/18 is directly connected, FastEthernet0/0<br />
D 172.16.64.0/18 [90/2297856] via 10.0.0.9, 01:38:11, Serial0/0<br />
10.0.0.0/30 is subnetted, 3 subnets<br />
C 10.0.0.8 is directly connected, Serial0/0<br />
C 10.0.0.0 is directly connected, Serial0/1<br />
D 10.0.0.4 [90/21024000] via 10.0.0.9, 01:36:05, Serial0/0<br />
[90/21024000] via 10.0.0.2, 01:36:05, Serial0/1<br />
Challenge Lab 3-4: EIGRP Design <strong>and</strong> Configuration<br />
Figure 3-7 EIGRP Design <strong>and</strong> Configuration<br />
Public Web Server<br />
209.165.202.129/32<br />
Address Space<br />
10.0.0.0/17<br />
Lo0<br />
209.165.201.0/30<br />
ISP<br />
S0/0<br />
DCE<br />
Chapter 3: EIGRP <strong>and</strong> Troubleshooting Routing Protocols 209<br />
S0/0<br />
Lo0<br />
Lo1<br />
Lo2<br />
Lo3<br />
HQ<br />
S0/1<br />
DCE<br />
10.0.64.0 / 20<br />
10.0.80.0 / 20<br />
10.0.96.0 / 20<br />
10.0.112.0 / 20<br />
Lo0<br />
Lo1<br />
Lo2<br />
Lo3<br />
WAN<br />
S0/1<br />
Remote<br />
10.0.0.4 / 30<br />
10.0.32.0 / 21<br />
10.0.40.0 / 21<br />
10.0.48.0 / 21<br />
10.0.56.0 / 21
210 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Table 3-6 Addressing Table for Lab 3-4<br />
Device Interface IP Address Subnet Mask<br />
ISP Lo0 209.165.202.129 255.255.255.255<br />
S0/0 209.165.201.1 255.255.255.252<br />
HQ S0/0 209.165.201.2 255.255.255.252<br />
S0/1 10.0.0.5 255.255.255.252<br />
Lo0 10.0.64.1 255.255.240.0<br />
Lo1 10.0.80.1 255.255.240.0<br />
Lo2 10.0.96.1 255.255.240.0<br />
Lo3 10.0.112.1 255.255.240.0<br />
REMOTE S0/1 10.0.0.6 255.255.255.252<br />
Objectives<br />
Lo0 10.0.32.1 255.255.248.0<br />
Lo1 10.0.40.1 255.255.248.0<br />
Lo2 10.0.48.1 255.255.248.0<br />
Lo3 10.0.56.1 255.255.248.0<br />
■ Design a VLSM addressing scheme.<br />
■ Configure routers with basic configurations using your addressing scheme.<br />
■ Configure dynamic, static, <strong>and</strong> default routing.<br />
■ Configure manual summarization.<br />
■ Verify connectivity <strong>and</strong> troubleshoot problems.<br />
Equipment<br />
The topology shown in Figure 3-7 uses 2600 series routers. This lab can be done with any combination of<br />
1700, 2500, <strong>and</strong> 2600 series routers.<br />
NetLab Compatibility Notes<br />
This lab can be completed on a st<strong>and</strong>ard NetLab three router pod.<br />
Task 1: Design the Addressing Scheme<br />
You are given the address space, 10.0.0.0/17. The four loopback interfaces on HQ <strong>and</strong> four loopback interfaces<br />
on REMOTE are used to simulate different parts of a global network. Complete the following steps<br />
to design your addressing scheme.<br />
Step 1. For HQ, begin with the 10.0.64.0 address as the subnet for loopback 0. What subnet mask<br />
would you use to provide enough space for 4000 users while maximizing the number of subnets?<br />
255.255.240.0 or /20
Step 2. Starting with 10.0.64.0, contiguously assign the next three subnets, all supporting 4000 hosts.<br />
List all four subnets here:<br />
10.0.64.0/20<br />
10.0.80.0/20<br />
10.0.96.0/20<br />
10.0.112.0/20<br />
Step 3. For REMOTE, begin with the 10.0.32.0 address as the subnet for loopback 0. What subnet<br />
mask would you use to provide enough space for 2000 users while maximizing the number of<br />
subnets?<br />
255.255.248.0 or /21<br />
Step 4. Starting with 10.0.32.0, contiguously assign the next three subnets, all supporting 2000 hosts.<br />
List all four subnets here:<br />
10.0.32.0/21<br />
10.0.40.0/21<br />
10.0.48.0/21<br />
10.0.56.0/21<br />
Step 5. Now pick a WAN subnet for the link shared by HQ <strong>and</strong> REMOTE. List the subnet you<br />
assigned here:<br />
The answer can be any subnet /30 from the 10.0.0.0/21 address space.<br />
Step 6. Label the topology in Figure 3-7 with the networks <strong>and</strong> finish filling in the IP address table<br />
with your chosen addressing scheme. Use the first available IP address in each subnet as the<br />
interface address. For the WAN subnet, assign HQ the first address.<br />
Task 2: Cable the Topology <strong>and</strong> Basic Configuration<br />
Step 1. Choose three routers <strong>and</strong> cable them according to the topology. You do not need any LAN<br />
interfaces or switches for this lab. (If using NetLab, choose a three router pod.)<br />
Step 2. Configure the routers with basic configurations including interface addresses.<br />
Task 3: Configure EIGRP Routing <strong>and</strong> Default Routing<br />
Step 1. Configure both HQ <strong>and</strong> REMOTE to use EIGRP as the routing protocol. Enter the simulated<br />
LAN subnets <strong>and</strong> the WAN link between HQ <strong>and</strong> REMOTE. Do not advertise the<br />
209.165.201.0/30 network. Make sure you disable automatic summarization.<br />
Step 2. Configure ISP with a static route pointing to the 10.0.0.0/17 Address Space.<br />
Step 3. Configure HQ with a default route pointing to ISP.<br />
Step 4. Configure HQ to advertise the default route to REMOTE with the redistribute static comm<strong>and</strong><br />
within the EIGRP routing process.<br />
HQ(config-router)#redistribute static<br />
Step 5. Verify HQ <strong>and</strong> REMOTE routing tables:<br />
Chapter 3: EIGRP <strong>and</strong> Troubleshooting Routing Protocols 211<br />
■ HQ should have six directly connected routes, four EIGRP routes, <strong>and</strong> one static route.<br />
■ REMOTE should have five directly connected routes, four EIGRP routes, <strong>and</strong> one EIGRP<br />
external route.
212 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
■ Verify that REMOTE can ping the Simulated Web Server at 209.165.202.129.<br />
REMOTE#ping web<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 209.165.202.129, timeout is 2 seconds:<br />
!!!!!<br />
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/56/56 ms<br />
Task 4: Manual Summarization<br />
Because the simulated LANs on both HQ <strong>and</strong> REMOTE were assigned contiguously, you can summarize<br />
the routing updates to reduce the size of the routing tables. What comm<strong>and</strong> will summarize the simulated<br />
LANs on HQ?<br />
HQ(config)#interface serial 0/1<br />
HQ(config-if)#ip summary-address eigrp 100 10.0.64.0 255.255.192.0<br />
What comm<strong>and</strong> will summarize the simulated LANs on REMOTE?<br />
REMOTE(config)#interface serial 0/1<br />
REMOTE(config-if)#ip summary-address eigrp 100 10.0.32.0 255.255.224.0<br />
Task 5: Verification <strong>and</strong> Documentation<br />
Step 1. Capture the following verifications to a text file called verify.txt:<br />
■ Ping output from REMOTE pinging the Simulated Web Server.<br />
■ Capture show ip route on all three routers: ISP, HQ, <strong>and</strong> REMOTE.<br />
■ Capture show ip eigrp neighbor <strong>and</strong> show ip eigrp topology on HQ <strong>and</strong> REMOTE.<br />
Step 2. Capture the running configurations on all three routers to separate text files. Use the hostname<br />
of the router to name each text file.<br />
Step 3. Clean up the verify.txt, HQ.txt, REMOTE.txt, <strong>and</strong> ISP.txt files. Add appropriate notes to assist<br />
in your studies.<br />
Final configurations <strong>and</strong> show comm<strong>and</strong> output:<br />
HQ hostname HQ<br />
!<br />
enable secret class<br />
!<br />
ip subnet-zero<br />
no ip domain-lookup<br />
ip host REMOTE 10.0.0.6<br />
ip host WEB 209.165.202.129<br />
ip host ISP 209.165.201.1<br />
!<br />
interface Loopback0<br />
!<br />
ip address 10.0.64.1 255.255.240.0<br />
interface Loopback1
!<br />
ip address 10.0.80.1 255.255.240.0<br />
interface Loopback2<br />
!<br />
ip address 10.0.96.1 255.255.240.0<br />
interface Loopback3<br />
!<br />
ip address 10.0.112.1 255.255.240.0<br />
interface Serial0/0<br />
!<br />
description Link to ISP<br />
ip address 209.165.201.2 255.255.255.252<br />
clockrate 64000<br />
no shutdown<br />
interface Serial0/1<br />
!<br />
description Link to REMOTE<br />
ip address 10.0.0.5 255.255.255.252<br />
ip summary-address eigrp 100 10.0.64.0 255.255.192.0<br />
clockrate 64000<br />
no shutdown<br />
router eigrp 100<br />
!<br />
redistribute static<br />
network 10.0.0.0<br />
no auto-summary<br />
eigrp log-neighbor-changes<br />
ip classless<br />
ip route 0.0.0.0 0.0.0.0 Serial0/0<br />
!<br />
banner motd &<br />
***********************************<br />
!!!AUTHORIZE ACCESS ONLY!!!<br />
***********************************<br />
&<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line aux 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
Chapter 3: EIGRP <strong>and</strong> Troubleshooting Routing Protocols 213
214 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
!<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
end<br />
HQ#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is 0.0.0.0 to network 0.0.0.0<br />
209.165.201.0/30 is subnetted, 1 subnets<br />
C 209.165.201.0 is directly connected, Serial0/0<br />
10.0.0.0/8 is variably subnetted, 7 subnets, 4 masks<br />
C 10.0.0.4/30 is directly connected, Serial0/1<br />
D 10.0.32.0/19 [90/2297856] via 10.0.0.6, 00:04:47, Serial0/1<br />
D 10.0.64.0/18 is a summary, 00:05:16, Null0<br />
C 10.0.64.0/20 is directly connected, Loopback0<br />
C 10.0.80.0/20 is directly connected, Loopback1<br />
C 10.0.96.0/20 is directly connected, Loopback2<br />
C 10.0.112.0/20 is directly connected, Loopback3<br />
S* 0.0.0.0/0 is directly connected, Serial0/0<br />
HQ#show ip eigrp neighbors<br />
IP-EIGRP neighbors for process 100<br />
H Address Interface Hold Uptime SRTT RTO Q Seq Type<br />
(sec) (ms) Cnt Num<br />
0 10.0.0.6 Se0/1 12 00:05:42 384 2304 0 9<br />
HQ#show ip eigrp topology<br />
IP-EIGRP Topology Table for AS(100)/ID(10.0.112.1)<br />
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,<br />
r - reply Status, s - sia Status<br />
P 0.0.0.0/0, 1 successors, FD is 2169856<br />
via Rstatic (2169856/0)<br />
P 10.0.0.4/30, 1 successors, FD is 2169856<br />
via Connected, Serial0/1<br />
P 10.0.32.0/19, 1 successors, FD is 2297856
via 10.0.0.6 (2297856/128256), Serial0/1<br />
P 10.0.64.0/18, 1 successors, FD is 128256<br />
via Summary (128256/0), Null0<br />
P 10.0.64.0/20, 1 successors, FD is 128256<br />
via Connected, Loopback0<br />
P 10.0.80.0/20, 1 successors, FD is 128256<br />
via Connected, Loopback1<br />
P 10.0.96.0/20, 1 successors, FD is 128256<br />
via Connected, Loopback2<br />
P 10.0.112.0/20, 1 successors, FD is 128256<br />
REMOTE<br />
hostname REMOTE<br />
!<br />
enable secret class<br />
!<br />
ip subnet-zero<br />
no ip domain-lookup<br />
via Connected, Loopback3<br />
ip host WEB 209.165.202.129<br />
ip host ISP 209.165.201.1<br />
ip host HQ 10.0.0.5<br />
!<br />
interface Loopback0<br />
!<br />
ip address 10.0.32.1 255.255.248.0<br />
interface Loopback1<br />
!<br />
ip address 10.0.40.1 255.255.248.0<br />
interface Loopback2<br />
!<br />
ip address 10.0.48.1 255.255.248.0<br />
interface Loopback3<br />
!<br />
ip address 10.0.56.1 255.255.248.0<br />
interface Serial0/1<br />
!<br />
description Link to HQ<br />
ip address 10.0.0.6 255.255.255.252<br />
ip summary-address eigrp 100 10.0.32.0 255.255.224.0<br />
no shutdown<br />
router eigrp 100<br />
!<br />
network 10.0.0.0<br />
no auto-summary<br />
eigrp log-neighbor-changes<br />
ip classless<br />
!<br />
Chapter 3: EIGRP <strong>and</strong> Troubleshooting Routing Protocols 215
216 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
banner motd &<br />
***********************************<br />
!!!AUTHORIZES ACCESS ONLY!!!<br />
***********************************<br />
&<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line aux 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
!<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
end<br />
REMOTE#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is 10.0.0.5 to network 0.0.0.0<br />
10.0.0.0/8 is variably subnetted, 7 subnets, 4 masks<br />
C 10.0.0.4/30 is directly connected, Serial0/1<br />
C 10.0.40.0/21 is directly connected, Loopback1<br />
D 10.0.32.0/19 is a summary, 00:05:06, Null0<br />
C 10.0.32.0/21 is directly connected, Loopback0<br />
C 10.0.56.0/21 is directly connected, Loopback3<br />
C 10.0.48.0/21 is directly connected, Loopback2<br />
D 10.0.64.0/18 [90/2297856] via 10.0.0.5, 00:04:58, Serial0/1<br />
D*EX 0.0.0.0/0 [170/2681856] via 10.0.0.5, 00:04:58, Serial0/1<br />
REMOTE#show ip eigrp neighbors<br />
IP-EIGRP neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq Type<br />
(sec) (ms) Cnt Num<br />
0 10.0.0.5 Se0/1 14 00:05:19 24 200 0 11<br />
REMOTE#show ip eigrp topology<br />
IP-EIGRP Topology Table for AS(100)/ID(10.0.56.1)<br />
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,<br />
r - reply Status, s - sia Status<br />
P 0.0.0.0/0, 1 successors, FD is 2681856<br />
via 10.0.0.5 (2681856/2169856), Serial0/1<br />
P 10.0.0.4/30, 1 successors, FD is 2169856<br />
via Connected, Serial0/1<br />
P 10.0.40.0/21, 1 successors, FD is 128256<br />
via Connected, Loopback1<br />
P 10.0.32.0/19, 1 successors, FD is 128256<br />
via Summary (128256/0), Null0<br />
P 10.0.32.0/21, 1 successors, FD is 128256<br />
via Connected, Loopback0<br />
P 10.0.56.0/21, 1 successors, FD is 128256<br />
via Connected, Loopback3<br />
P 10.0.48.0/21, 1 successors, FD is 128256<br />
via Connected, Loopback2<br />
P 10.0.64.0/18, 1 successors, FD is 2297856<br />
ISP hostname ISP<br />
!<br />
enable secret class<br />
!<br />
ip subnet-zero<br />
no ip domain-lookup<br />
via 10.0.0.5 (2297856/128256), Serial0/1<br />
ip host HQ 209.165.201.2<br />
!<br />
interface Loopback0<br />
!<br />
description Simulated Public Web Server<br />
ip address 209.165.202.129 255.255.255.255<br />
interface Serial0/0<br />
!<br />
description Link to HQ<br />
ip address 209.165.201.1 255.255.255.252<br />
no shutdown<br />
ip classless<br />
ip route 10.0.0.0 255.255.128.0 Serial0/0<br />
!<br />
Chapter 3: EIGRP <strong>and</strong> Troubleshooting Routing Protocols 217
218 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
banner motd &<br />
***********************************<br />
!!!AUTHORIZED ACCESS ONLY!!!<br />
***********************************<br />
&<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line aux 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
!<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
end<br />
ISP#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is not set<br />
209.165.201.0/30 is subnetted, 1 subnets<br />
C 209.165.201.0 is directly connected, Serial0/0<br />
209.165.202.0/32 is subnetted, 1 subnets<br />
C 209.165.202.129 is directly connected, Loopback0<br />
10.0.0.0/17 is subnetted, 1 subnets<br />
S 10.0.0.0 is directly connected, Serial0/0
CHAPTER 4<br />
Switching Concepts<br />
The <strong>Study</strong> <strong>Guide</strong> portion of this chapter uses a combination of matching, fill in the blank, open-ended<br />
question, journal entry, <strong>and</strong> unique custom exercises to test your knowledge on the theory of switching<br />
<strong>and</strong> switch operation.<br />
There are no Lab Exercises for this chapter.
220 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
<strong>Study</strong> <strong>Guide</strong><br />
Introduction to Ethernet/802.3 LANs<br />
LAN design continues to evolve. Network designers until very recently used hubs <strong>and</strong> bridges to build networks.<br />
Now switches <strong>and</strong> routers are the key components in LAN design, <strong>and</strong> the capabilities <strong>and</strong> performance<br />
of these devices continue to improve.<br />
As a <strong>CCNA</strong> c<strong>and</strong>idate, you should have a firm grasp of the concepts involved in the evolution of<br />
Ethernet/802.3, the most commonly deployed LAN architecture. This section offers some exercises to help<br />
you master these concepts.
Vocabulary Exercise: Matching<br />
Definition<br />
a. Ethernet’s collision resolution methodology<br />
b. the fading of a data signal as it travels<br />
through the media<br />
c. reading the entire frame to check for errors<br />
before sending on to the destination<br />
d. filters traffic at Layer 3; segments broadcast<br />
domains<br />
e. Layer 2 device that provides network access<br />
to hosts<br />
f. Layer 2 error-checking mechanism<br />
g. capable of simultaneous transmission <strong>and</strong><br />
reception<br />
h. basic unit of time in which one bit can be<br />
sent<br />
i. multiport repeater or LAN concentrator<br />
j. sending a frame out all ports except for the<br />
port it was received on<br />
k. frames are stored in queues that are linked to<br />
specific incoming ports`<br />
l. temporary, dedicated path between two hosts<br />
created by the switch<br />
m. sending out frames as soon as the destination<br />
MAC address is read<br />
n. deposits all frames into a common memory<br />
buffer<br />
o. address contained within the frame header<br />
for Ethernet encapsulations<br />
p. sending a frame out a port based on the unicast<br />
MAC address<br />
q. filters traffic based on Layer 2 addressing; no<br />
longer used in today’s networks<br />
r. forwarding frames after the first 64 bytes are<br />
read<br />
s. delay inherent in sending data from the<br />
source to the destination<br />
t. area of a LAN where frames from two different<br />
sources can run into each other<br />
u. can either send or receive, but not both at the<br />
same time<br />
v. filters traffic at Layer 2; capable of microsegmentation<br />
Chapter 4: Switching Concepts 221<br />
Match the definition on the left with a term on the right. This exercise is not necessarily a one-to-one<br />
matching. Some definitions may be used more than once <strong>and</strong> some terms may have multiple definitions.<br />
Term<br />
t collision domains<br />
i hub<br />
o MAC<br />
q bridge<br />
v switch<br />
l virtual circuit<br />
d router<br />
a carrier sense multiple access collision detect<br />
(CSMA/CD)<br />
u half duplex<br />
g full duplex<br />
e network interface card (NIC)<br />
s latency<br />
h bit time (slot time)<br />
b attenuation<br />
f cyclic redundancy check (CRC)<br />
c store <strong>and</strong> forward<br />
j flooding<br />
p filtering<br />
k port-based memory buffering<br />
n shared memory buffering<br />
f frame check sequence (FCS)<br />
m cut-through<br />
r fragment-free
222 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Vocabulary Exercise: Completion<br />
Directions: Complete the paragraphs that follow by filling in appropriate words <strong>and</strong> phrases.<br />
A hub is a Layer 1 device <strong>and</strong> is sometimes referred to as a LAN or Ethernet concentrator or a multiport<br />
repeater.<br />
Ethernet is fundamentally a shared or broadcast technology through which all users on a given LAN segment<br />
compete for the same available b<strong>and</strong>width. If two or more devices try to transmit at the same time, a<br />
collision occurs.<br />
Bridges <strong>and</strong> switches operate at the data link layer of the Open System Interconnection (OSI) model.<br />
These Layer 2 devices make forwarding decisions based on MAC addresses contained within the headers<br />
of transmitted data frames.<br />
Switches create a virtual circuit between two connected devices that want to communicate, which is a dedicated<br />
communication path established between the two devices.<br />
The implementation of a switch on the network is called microsegmentation, which creates a collision-free<br />
environment for each device connected to the switch.<br />
The disadvantage of Layer 2 devices is that they forward broadcast frames to all connected devices on the<br />
network.<br />
Routers operate at the network layer of the OSI model <strong>and</strong> will not forward broadcast frames unless<br />
specifically programmed to do so. Therefore, routers reduce the size of both the collision domains <strong>and</strong> the<br />
broadcast domains in a network.<br />
CSMA/CD is Ethernet’s access control method. Originally Ethernet was a half-duplex technology, which<br />
allows hosts to either transmit or receive at one time, but not both.<br />
Full-duplex Ethernet significantly improves network performance without the expense of installing new<br />
media <strong>and</strong> offers 100 percent of the b<strong>and</strong>width in both directions because it is a collision-free environment.<br />
Frames sent by the two connected end nodes cannot collide, because the end nodes use two separate<br />
circuits in the Category 3, 5, 5e, or 6 cable.<br />
Nodes that are attached to hubs that share their connection to a switch port must operate in half-duplex<br />
mode, because the end stations must be able to detect collisions.<br />
Latency, or delay, is the time a frame or a packet takes to travel from the source station to the final destination.<br />
The networking device that adds the most latency is a router.<br />
A 64-byte frame is the smallest frame that allows CSMA/CD to operate properly, <strong>and</strong> a 1518-byte frame is<br />
the largest.<br />
The distance that a LAN can cover is limited due to attenuation, which means that the signal weakens as it<br />
travels through the network.
CSMA/CD Process Flow Chart Exercise<br />
Draw a flow chart of the CSMA/CD process. Your flow chart should have a minimum of six steps, but can<br />
have more.<br />
Figure 4-1 CSMA/CD Process Flow Chart<br />
Calculate<br />
Back-Off Algorithm<br />
Send Out<br />
Jam Signal<br />
Simple Solution<br />
1. Host wants to transmit<br />
2. Is carrier sensed?<br />
3. Assemble frame<br />
4. Start transmitting<br />
5. Is a collision detected?<br />
6. Keep transmitting<br />
7. Is the transmission done?<br />
8. Transmission completed<br />
9. Broadcast jam signal<br />
10. Attempts = Attempts + 1<br />
11. Attempts > Too many?<br />
12. Too many collisions; abort<br />
transmission<br />
13. Algorithm calculates backoff<br />
14. Wait for t microseconds<br />
Listen to Wire<br />
(Carrier Sense)<br />
Transmit if Free <strong>and</strong><br />
Continue to Listen<br />
Collision<br />
Detected?<br />
Finish<br />
Transmission<br />
Complex Solution<br />
1<br />
2<br />
3<br />
4<br />
5<br />
6<br />
7<br />
8<br />
No<br />
No<br />
Yes<br />
Yes<br />
Yes<br />
No<br />
Chapter 4: Switching Concepts 223<br />
9<br />
10<br />
11<br />
12<br />
Yes<br />
No<br />
13<br />
14
224 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Concept Questions<br />
In your own words, describe the function of a router.<br />
Routers examine inbound packets for Layer 3 data, choose the best path to the destination network, <strong>and</strong><br />
send the packet out the correct outbound port.<br />
In your own words, explain how CSMA/CD works in half-duplex Ethernet LANs.<br />
Each host checks the network to see whether data is being transmitted before it transmits additional data<br />
(carrier sense). If the network is already in use, the transmission is delayed. Despite transmission deferral,<br />
two or more hosts could transmit at the same time (multiple access). This results in a collision. When a<br />
collision occurs, the host that detects the collision first sends out a jam signal to the other hosts (collision<br />
detection). When a jam signal is received, each host stops data transmission, <strong>and</strong> then waits for a r<strong>and</strong>om<br />
period of time to retransmit the data. The back-off algorithm generates this r<strong>and</strong>om delay. The first host<br />
whose time expires can restart the process to transmit data.<br />
Journal Entry<br />
In your own words, describe the various forms of latency. Draw a topology with several networking<br />
devices between two communicating computers as part of your explanation.<br />
Figure 4-2 Your Topology Illustrating Latency<br />
Switches add<br />
some latency<br />
The forms of latency are as follows:<br />
Latency placing the<br />
frame on the wire<br />
Intermediate device latency with<br />
routers adding the most delay<br />
The cloud will<br />
also add latency<br />
Propagation delay as the<br />
frame travels down the wire<br />
Hubs add very<br />
little latency<br />
■ First, there is the time it takes the source NIC to place voltage pulses on the wire <strong>and</strong> the time it takes<br />
the destination NIC to interpret those pulses. This is sometimes called NIC delay, typically around 1<br />
microsecond for a 10BASE-T NIC.<br />
■ Second, there is the actual propagation delay as the signal takes time to travel through the cable.<br />
Typically, this is about 0.556 microseconds per 100 m for Cat 5 UTP. Longer cable <strong>and</strong> slower nominal<br />
velocity of propagation (NVP) result in more propagation delay.<br />
■ Third, latency is added based on network devices that are in the path between two computers. These<br />
are either Layer 1, Layer 2, or Layer 3 devices. The more layers a device processes, the more latency<br />
it adds.
Introduction to LAN Switching<br />
In the past, repeaters were used in most Ethernet networks. Because Ethernet is a broadcast topology,<br />
adding repeaters enlarged the domain in which collisions can occur causing a reduction in the b<strong>and</strong>width<br />
available for data transfer. Bridges were soon introduced to create multiple collision domains. Bridges<br />
evolved into switches capable of microsegmenting a LAN, effectively creating a collision-free environment.<br />
Many modern switches are capable of performing varied <strong>and</strong> complex tasks in the network. For example,<br />
some switches are capable of performing both Layer 2 <strong>and</strong> Layer 3 functions. The exercises in this section<br />
focus on how a switch or router makes a decision to forward data on its way to the intended destination.<br />
This section provides an introduction to network segmentation <strong>and</strong> describes the basics of switch operation.<br />
Vocabulary Exercise: Completion<br />
Directions: Complete the paragraphs that follow by filling in appropriate words <strong>and</strong> phrases.<br />
Networks can be divided into smaller units by a bridge or a switch. These smaller units are called segments.<br />
Each unit is its own collision domain.<br />
Bridges <strong>and</strong> switches are Layer 2 devices that forward data frames based on the MAC address. Bridges<br />
read the source MAC address of the data packets to discover the devices that are on each segment. The<br />
source MAC address is used to populate the MAC address table.<br />
Bridges <strong>and</strong> switches provide segmentation within a single network or subnetwork. Routers provide connectivity<br />
between networks <strong>and</strong> subnetworks. Routers do not forward broadcasts, whereas switches <strong>and</strong><br />
bridges do forward broadcast frames.<br />
When a switch or bridge is first initialized, the MAC address table is empty. With an empty MAC address<br />
table, the switch or bridge must forward each frame to all connected ports other than the one on which the<br />
frame arrived. Sending a frame out all connected ports except the incoming port is called flooding the<br />
frame. Once a switch or a bridge has learned the topology, it can stop frames from propagating onto segments<br />
where the destination does not exist. This process is called filtering.<br />
Building the MAC Address Table Exercise<br />
Assume that the bridge in Figure 4-3 was just installed <strong>and</strong> powered on. The MAC address table is empty.<br />
Answer the following questions <strong>and</strong> complete the table as the bridge would build it.<br />
Figure 4-3 Building the MAC Address Table<br />
A<br />
0260.8c01.1111<br />
0260.8c01.2222<br />
E0<br />
E1<br />
Chapter 4: Switching Concepts 225<br />
C<br />
0260.8c01.3333<br />
B D<br />
0260.8c01.4444
226 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Port MAC Address<br />
E0 0260.8c01.1111<br />
E0 0260.8c01.2222<br />
E1 0260.8c01.4444<br />
E1 0260.8c01.3333<br />
1. Host A sends a unicast frame to Host B. What entry, if any, will the bridge enter in its MAC address<br />
table?<br />
The bridge will enter the source MAC address for Host A <strong>and</strong> the interface that Host A is attached to.<br />
What will the bridge do with the frame?<br />
Because the bridge does not know where Host B is, the bridge will forward the frame to the segment<br />
out E1.<br />
2. Host B responds to Host A with a unicast frame. What entry, if any, will the bridge enter in its MAC<br />
address table?<br />
The bridge will enter the source MAC address for Host B <strong>and</strong> the interface that Host B is attached to.<br />
What will the bridge do with the frame?<br />
The bridge will drop the frame because the destination host, Host A, is on the same segment as Host<br />
B. Host A has already received the frame.<br />
3. Host D attempts to log in to Server C. What entry, if any, will the bridge enter in its MAC address<br />
table?<br />
The bridge will enter the source MAC address for Host D <strong>and</strong> the interface that Host D is attached to.<br />
What will the bridge do with the frame?<br />
Because the bridge does not know where Server C is, the bridge will forward the frame to the segment<br />
out E0.<br />
4. Server C responds to the login attempt by Host D. What entry, if any, will the bridge enter in its MAC<br />
address table?<br />
The bridge will enter the source MAC address for Server C <strong>and</strong> the interface that Server C is attached<br />
to.<br />
What will the bridge do with the frame?<br />
The bridge will drop the frame because the destination host, Host D, is on the same segment as Server<br />
C. Server C has already received the frame.<br />
5. Server C sends out a broadcast frame announcing its services to all potential clients. What entry, if<br />
any, will the bridge enter in its MAC address table?<br />
The bridge will refresh the timestamp on the entry for Server C.<br />
What will the bridge do with the frame?<br />
The bridge will forward the frame out E0 because the destination is a broadcast. Bridges must forward<br />
broadcasts.
Concept Questions<br />
Explain the difference between bridges <strong>and</strong> switches.<br />
Bridges are store <strong>and</strong> forward devices <strong>and</strong> make the switching decision in software. Switches can process<br />
frames faster by using some form of cut-through switching <strong>and</strong> make the switching decision in hardware.<br />
Switches have less latency than bridges.<br />
Explain why routers cause more latency than do switches, bridges, or hubs.<br />
Routers are Layer 3 devices. Therefore, routers must process data at Layer 3. First, the router deencapsulates<br />
the frame <strong>and</strong> reads the MAC address. If the MAC address is the router’s MAC or a broadcast, the<br />
router then calculates the CRC to determine if the frame is corrupted. If the frame is not addressed to the<br />
router, is not broadcast, or has errors, it is dropped. Otherwise, the router opens the packet header to examine<br />
the destination IP address, makes a routing decision, <strong>and</strong> forwards the packet to the outbound interface.<br />
This extra layer of processing causes more latency than a switch causes.<br />
Explain the difference between Layer 2 <strong>and</strong> Layer 3 switching.<br />
The difference between Layer 2 <strong>and</strong> Layer 3 switching is the type of information inside the frame that is<br />
used to determine the correct output interface. Layer 2 switching is based on MAC address information.<br />
Layer 3 switching is based on network layer addresses, or IP addresses. The features <strong>and</strong> functionality of<br />
Layer 3 switches <strong>and</strong> routers have numerous similarities. The only major difference between the packet<br />
switching operation of a router <strong>and</strong> a Layer 3 switch is the physical implementation. In general-purpose<br />
routers, packet switching takes place in software, using microprocessor-based engines, whereas a Layer 3<br />
switch performs packet forwarding using application specific integrated circuit (ASIC) hardware.<br />
Journal Entry<br />
Explain how a Layer 2 switch can operate in three different switching modes. Include in your explanation<br />
how much of the frame each method reads, what kind of error checking is performed by the method, <strong>and</strong><br />
what the method’s latency is. Include a diagram of a frame illustrating each method.<br />
Fast forward has the lowest latency with no error checking. It reads the destination MAC address <strong>and</strong><br />
begins forwarding the frame before the entire frame has been received. Fragment-free switching catches<br />
most errors because it checks up to the first 64 bytes in the Data field. Most errors are the result of collisions<br />
<strong>and</strong> have sizes less than the 64 byte minimum. Latency is fixed, but slightly higher than fast forward.<br />
However, the improved error detection is usually worth the minor increase in latency. Store <strong>and</strong> forward<br />
has the highest latency because it stores the entire frame <strong>and</strong> checks its CRC to determine if there is an<br />
error. Latency is also variable on a frame-by-frame basis because frame size varies.<br />
Note: Students may also mention adaptive cut-through, which is a combination of both fast forward <strong>and</strong> store <strong>and</strong> forward.<br />
Initially, the switch operates in fast forward mode. If too many errors are detected beyond a configurable threshold,<br />
then the switch automatically moves to store <strong>and</strong> forward.<br />
Figure 4-4 Solution Diagram<br />
Chapter 4: Switching Concepts 227<br />
7 Bytes 1 Byte 6 Bytes 6 Bytes 2 Bytes Max 1500 Bytes 4 Bytes<br />
Preamble SFD<br />
Dest.<br />
Address<br />
Source<br />
Address<br />
Length Data FCS<br />
Fast Forward<br />
Fragment-Free<br />
Store-<strong>and</strong>-Forward
228 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Switch Operation<br />
The exercises in this section reinforce your knowledge of collision <strong>and</strong> broadcast domains. In addition,<br />
you revisit the concept of picking the correct cable when connecting devices.<br />
Vocabulary Exercise: Completion<br />
Directions: Complete the paragraphs that follow by filling in appropriate words <strong>and</strong> phrases.<br />
Even though the LAN switch reduces the size of collision domains, all hosts connected to the switch are<br />
still in the same broadcast domain.<br />
Communication in a network occurs in three ways. The most common way of communication is by<br />
unicast transmissions, in which one transmitter tries to reach one receiver.<br />
Another way to communicate is known as a multicast transmission, in which one transmitter tries to reach<br />
only a subset, or a group, of the entire segment.<br />
The final way to communicate is as a broadcast, in which one transmitter tries to reach all the receivers in<br />
the network.<br />
When a device wants to send out a Layer 2 broadcast, the destination MAC address in the frame is set to<br />
all 1s. A broadcast MAC address is FF:FF:FF:FF:FF:FF in hexadecimal. By setting the destination to this<br />
value, all the devices will accept <strong>and</strong> process the broadcasted frame.<br />
Routers are used to segment both collision <strong>and</strong> broadcast domains.<br />
Collision <strong>and</strong> Broadcast Domains Exercises<br />
Using Figure 4-5, circle all the collision domains with a solid line <strong>and</strong> all the broadcast domains with a<br />
dashed line.<br />
Figure 4-5 Collision <strong>and</strong> Broadcast Domains: Topology 1<br />
Broadcast Domain<br />
Collision Domain<br />
Using Figure 4-6, circle all the collision domains with a solid line <strong>and</strong> all the broadcast domains with a<br />
dashed line.
Figure 4-6 Collision <strong>and</strong> Broadcast Domains: Topology 2<br />
Using Figure 4-7, circle all the collision domains with a solid line <strong>and</strong> all the broadcast domains with a<br />
dashed line.<br />
Figure 4-7 Collision <strong>and</strong> Broadcast Domains: Topology 3<br />
Chapter 4: Switching Concepts 229<br />
Broadcast Domain<br />
Collision Domain<br />
Broadcast Domain<br />
Collision Domain
230 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Choose the Correct Cable Exercise<br />
In the blank provided, indicate with an S for straight-through <strong>and</strong> C for cross which type of cable would<br />
be used to connect the two devices.<br />
S Hub to workstation or server<br />
C Switch to switch<br />
C Hub to hub<br />
C Router to PC<br />
S Switch to router<br />
C Workstation to workstation<br />
S Switch to workstation or server<br />
C Switch to hub<br />
C Router to router
Lab Exercises<br />
There are no Lab Exercises for this chapter.<br />
Chapter 4: Switching Concepts 231
This page intentionally left blank
CHAPTER 5<br />
LAN Design <strong>and</strong> Switches<br />
The <strong>Study</strong> <strong>Guide</strong> portion of this chapter uses a combination of matching, fill in the blank, open-ended<br />
question, <strong>and</strong> identification exercises to test your knowledge on the theory of LAN design <strong>and</strong> the threelayer<br />
hierarchical model.<br />
There are no Lab Exercises for this chapter.
234 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
<strong>Study</strong> <strong>Guide</strong><br />
LAN Design<br />
A network design needs to be functional, scalable, adaptable, <strong>and</strong> manageable. Designing a network can be<br />
a challenge because it involves much more than just connecting users. A network requires many features in<br />
order to be reliable <strong>and</strong> available based on the needs of the organization. Underst<strong>and</strong>ing the basic design<br />
process <strong>and</strong> structure of networks will help you to ensure that you are meeting the needs of the network<br />
users.<br />
Vocabulary Exercise: Matching<br />
Match the definition on the left with a term on the right. This exercise is not necessarily a one-to-one<br />
matching. Some definitions may be used more than once <strong>and</strong> some terms may have multiple definitions.<br />
Definition<br />
a. area of a LAN where frames from two different<br />
sources can run into each other<br />
b. switching between ports of different b<strong>and</strong>width<br />
c. local <strong>and</strong> remote user access<br />
d. cabling that runs between wiring closets<br />
e. responsible for fast switching, redundancy,<br />
<strong>and</strong> remote access<br />
f. cabling that runs from workstations to the<br />
wiring closet<br />
g. primary wiring closet where POP is located<br />
h. all ports on the switch have the same b<strong>and</strong>width<br />
i. responsible for policy-based connectivity<br />
j. secondary wiring closet<br />
k. used to connect cable runs from user to the<br />
Layer 2 LAN switch ports<br />
l. used to interconnect the various IDFs to the<br />
central MDF<br />
Term<br />
c access layer<br />
i distribution layer<br />
e core layer<br />
g main distribution facility (MDF)<br />
j intermediate distribution facility (IDF)<br />
a collision domain<br />
k horizontal cross-connect (HCC)<br />
l vertical cross-connect (VCC)<br />
b asymmetric switching<br />
h symmetric switching<br />
d backbone or vertical cabling
Vocabulary Exercise: Completion<br />
Complete the paragraphs that follow by filling in appropriate words <strong>and</strong> phrases.<br />
Chapter 5: LAN Design <strong>and</strong> Switches 235<br />
The first step in designing a LAN is to establish <strong>and</strong> document the goals of the design.<br />
Most LANs are designed to meet four major requirements:<br />
■ Functionality, which enables users to meet their job requirements with speed <strong>and</strong> reliability<br />
■ Scalability, which means that the network should be designed with future growth in mind<br />
■ Adaptability, which means that the network design will easily incorporate new technologies<br />
■ Manageability, which facilitates network monitoring<br />
Servers can be categorized into two distinct classes:<br />
■ Enterprise servers support all the users on the network by offering services such as e-mail, DNS, <strong>and</strong><br />
corporate intranet access.<br />
■ Workgroup servers support a specific set of users, offering services such as word processing <strong>and</strong> file<br />
sharing specific to that group’s needs.<br />
Enterprise servers should be placed in the MDF, <strong>and</strong> workgroup servers should be placed in the IDF closest<br />
to the users who need it.<br />
One of the most important components to consider when designing a network is the cables/cabling/cable<br />
plant because the physical layer is the cause of most network problems.<br />
Fiber-optic cable should be used in the backbone <strong>and</strong> risers in all cable designs. Category 5e or Category 6<br />
UTP cable should be used in the horizontal runs. The cable upgrade should take priority over any other<br />
necessary changes.<br />
The TIA/EIA-568-A st<strong>and</strong>ard specifies that every device connected to the network should be linked to a<br />
central location with horizontal cabling. In a simple star topology, this central location is the MDF (acronym)<br />
<strong>and</strong> includes one or more HCCs used to connect the Layer 1 horizontal cabling coming into the wiring<br />
closet from work areas to the Layer 2 LAN switch inside the wiring closet.<br />
In larger network environments, multiple wiring closets are often needed. These extra or secondary wiring<br />
closets are referred to as IDFs.<br />
A VCC in each wiring closet is used to interconnect the various IDFs to the central MDF. The type of<br />
backbone or vertical cabling used is usually fiber-optic because the cable lengths are typically longer than<br />
the 100-meter limit for Category 5e UTP cable.<br />
Complete Figure 5-1 by filling in all the missing text labeling the components of this multibuilding<br />
campus LAN.
236 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Figure 5-1 Extended Star Topology in a Multibuilding Campus<br />
Devices at Layer 2 determine the size of the collision domains, which can negatively affect the performance<br />
of a network. Switches are capable of microsegmentation, which effectively eliminates collisions<br />
because only one host is attached to a switch port.<br />
A router is a Layer 3 device <strong>and</strong> is one of the most intelligent devices in the network topology. Layer 3<br />
devices allow communication between segments based on Layer 3 addresses.<br />
A router does not forward broadcasts, such as Address Resolution Protocol (ARP) requests. Therefore,<br />
routers segment broadcast domains.<br />
VLAN implementation combines Layer 2 switching <strong>and</strong> Layer 3 routing technologies to limit both collision<br />
domains <strong>and</strong> broadcast domains. To communicate between two VLANs, you must use a router.<br />
Concept Questions<br />
List at least four issues that should be addressed in LAN design if you are going to maximize b<strong>and</strong>width<br />
<strong>and</strong> performance.<br />
■ The function <strong>and</strong> placement of servers<br />
■ Collision domain issues<br />
■ Segmentation issues<br />
Telecommunications<br />
Outlet/Wall Plate<br />
5 m<br />
Work Area<br />
Station Cable<br />
■ Broadcast domain issues<br />
90 m<br />
Horizontal<br />
Cable Category<br />
5e UTP<br />
■ Port speed on switches <strong>and</strong> NICs<br />
MDF<br />
■ CPU processors on workstations <strong>and</strong> servers<br />
HCC<br />
HCC<br />
IDF<br />
HCC<br />
Instructor Note: Your students may list some additional issues that may affect b<strong>and</strong>width. Evaluate each on its<br />
merit. Does it need to be addressed when designing the LAN? If so, give the student credit. Make sure the students are<br />
focusing on LAN issues. Some issues they list may actually be related to the WAN side. For example, “increasing the<br />
b<strong>and</strong>width with the service provider” would not maximize LAN b<strong>and</strong>width <strong>and</strong> performance.<br />
Uplink<br />
Downlink 100 m<br />
Uplink Port<br />
VCC<br />
Vertical Cable<br />
Multiple Fiber-Optic<br />
Runs for Expansion<br />
VCC<br />
WAN
List <strong>and</strong> briefly explain the four steps of an effective LAN design methodology.<br />
Step 1. Gather requirements <strong>and</strong> expectations. This step involves a process of asking questions of key<br />
people <strong>and</strong> the users within the organization. The goal of this step is to determine what availability<br />
is required.<br />
Step 2. Analyze requirements <strong>and</strong> data. This is the process of determining what is required to satisfy<br />
the needs of the users <strong>and</strong> also keeping an eye toward future needs.<br />
Step 3. Design the Layer 1, 2, <strong>and</strong> 3 LAN structure, or topology. Based on the needs analysis done in<br />
Steps 1 <strong>and</strong> 2, determine how the cable plant needs to change <strong>and</strong> choose or upgrade existing<br />
equipment.<br />
Step 4. Document the logical <strong>and</strong> physical network implementation. This is the most important step.<br />
For troubleshooting purposes as well as future expansion considerations, the importance of<br />
documentation cannot be overstated.<br />
List three purposes of Layer 2 devices.<br />
■ Switch frames based on destination MAC addresses<br />
■ Error detection<br />
■ Reduce congestion<br />
Why do you want vertical cabling to have a greater data capacity than horizontal cabling?<br />
Vertical cabling, or backbone cabling, carries aggregated traffic from multiple users. Therefore, it needs to<br />
be a larger “pipe.” Otherwise, it will be a bottleneck, slowing down data traveling between IDFs.<br />
What factors need to be considered when choosing whether to use a router or switch at a particular point<br />
in the network?<br />
Determine the problem that needs to be solved. If the problem is related to protocol rather than issues of<br />
contention, then routers are the appropriate solution. Routers solve problems with excessive broadcasts,<br />
protocols that do not scale well, security issues, <strong>and</strong> network layer addresses.<br />
LAN Switches<br />
Cisco recommends designing your networks based on the three-layer hierarchical model. Each of the LAN<br />
design layers discussed in this chapter requires switches <strong>and</strong> routers that are best suited for the task at<br />
h<strong>and</strong>. The features, functions, <strong>and</strong> technical specifications for each switch or router vary based on the LAN<br />
design layer for which the device is intended. For the best network performance, it is important to underst<strong>and</strong><br />
the role of each layer <strong>and</strong> then choose the device that best suits the layer requirements.<br />
Vocabulary Exercise: Completion<br />
Directions: Complete the paragraphs that follow by filling in appropriate words <strong>and</strong> phrases.<br />
The hierarchical design model includes the following three layers:<br />
■ The access layer provides users in workgroups access to the network.<br />
■ The distribution layer provides policy-based connectivity.<br />
■ The core layer provides optimal transport between sites.<br />
Chapter 5: LAN Design <strong>and</strong> Switches 237<br />
The access layer is the entry point for user workstations <strong>and</strong> servers to the network. In a campus LAN, the<br />
device used at this layer is typically a switch.
238 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
This layer’s functions also include MAC layer filtering, which allows switches to direct frames to only the<br />
port the destination is attached to, <strong>and</strong> microsegmentation, which creates collision-free connections.<br />
The purpose of the distribution layer is to provide a boundary definition in which packet manipulation can<br />
take place. Networks are segmented into broadcast domains by this layer. Policies can be applied <strong>and</strong><br />
access control lists can filter packets. This layer isolates network problems to the workgroups in which<br />
they occur <strong>and</strong> prevents these problems from affecting the core layer. Switches in this layer operate at<br />
Layer 2 <strong>and</strong> Layer 3.<br />
The core layer is responsible for fast packet switching across the backbone, whether WANs or LANs, <strong>and</strong><br />
providing redundant paths.<br />
Three-Layer Hierarchical Model Exercise<br />
For each of the following figures, indicate whether the scenario is an access layer function, distribution<br />
layer function, or core layer function.<br />
Figure 5-2 Scenario 1<br />
In Figure 5-2, an access control list (denoted by the firewall) is implemented to prevent unnecessary network<br />
traffic on the backbone network. The distribution layer is responsible for the implementation of<br />
access control lists.<br />
Figure 5-3 Scenario 2<br />
In Figure 5-3, a telecommuter is shown connecting to headquarters through a modem connection. The<br />
access layer is responsible for allowing telecommuters to connect to the network.<br />
Figure 5-4 Scenario 3<br />
Headquarters<br />
Backbone Network<br />
New York San Jose<br />
T1<br />
In Figure 5-4, the core layer is responsible for connecting New York <strong>and</strong> San Jose across a T1 link.
Figure 5-5 Scenario 4<br />
In Figure 5-5, the access layer is using 2900 series switches to connect end users to the network.<br />
Figure 5-6 Scenario 5<br />
In Figure 5-6, the distribution layer is using 6000 series switches for inter-VLAN routing.<br />
Figure 5-7 Scenario 6<br />
In Figure 5-7, the core layer is using multilayer switches for fast switching <strong>and</strong> no packet manipulation.<br />
Figure 5-8 Scenario 7<br />
2900 Switches<br />
6000 Switches<br />
Multilayer Switches<br />
6000 Switches<br />
Chapter 5: LAN Design <strong>and</strong> Switches 239
240 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
In Figure 5-8, the distribution layer is using multilayer switches to summarize OSPF routes.<br />
Concept Questions<br />
List three functions of the access layer.<br />
■ Local <strong>and</strong> remote user access<br />
■ MAC layer filtering<br />
■ Microsegmentation<br />
List five functions of the distribution layer<br />
■ Aggregation of the wiring closet connections<br />
■ Broadcast/multicast domain definition<br />
■ VLAN routing<br />
■ Any media transitions that need to occur<br />
■ Security<br />
List three functions of the core layer<br />
■ Fast switching of packets<br />
■ Redundancy<br />
■ Access to remote sites
Lab Exercises<br />
There are no Lab Exercises for this chapter.<br />
Chapter 5: LAN Design <strong>and</strong> Switches 241
This page intentionally left blank
CHAPTER 6<br />
Catalyst Switch Configuration<br />
The <strong>Study</strong> <strong>Guide</strong> portion of this chapter uses a combination of fill in the blank <strong>and</strong> unique custom exercises<br />
to test your knowledge of switch configuration.<br />
The Lab Exercises portion of this chapter includes all of the online curriculum labs as well as a challenge<br />
lab to ensure that you have mastered the practical, h<strong>and</strong>s-on skills needed about switch configuration.
244 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
<strong>Study</strong> <strong>Guide</strong><br />
Starting the Switch<br />
The exercises in this section focus on knowledge <strong>and</strong> skills you need before you begin to configure switches.<br />
You should know how to connect to a switch to configure it. You should also be able to interpret the LEDs.<br />
Vocabulary Exercise: Completion<br />
Complete the paragraphs that follow by filling in appropriate words <strong>and</strong> phrases.<br />
Before configuring a switch, make sure it is plugged in <strong>and</strong> that the system LED is green. If the system<br />
LED is amber, the switch failed POST <strong>and</strong> is not operational. To configure a switch, use a rollover cable to<br />
connect the console port on the back of the switch to a COM port on the back of the computer. If using<br />
HyperTerminal as your terminal emulator, you need to configure the port settings in the Properties dialog<br />
box as follows:<br />
Bit per second: 9600<br />
Data bits: 8<br />
Parity: None<br />
Stop bits: 1<br />
Flow control: None<br />
However, simply clicking the Restore Defaults button enters these settings automatically.<br />
After the switch boots, you are asked the following question:<br />
Would you like to enter the initial configuration dialog? [yes/no]:<br />
Just as with a router, answering yes begins Setup mode, in which you are asked a series of basic configuration<br />
questions. If you accidentally answer yes or want to abort Setup mode, use the key combination<br />
Ctrl-C. You can also enter setup mode from the privileged user prompt by entering the comm<strong>and</strong> setup.<br />
Answering no gives you the Switch> prompt, from which you can use the comm<strong>and</strong>-line interface (CLI)<br />
to configure the switch.<br />
You will find that many of the basic configurations of a switch are identical to what you have already<br />
learned for a router. This is because both devices use the Cisco Internetwork Operating System (IOS). For<br />
example, to enter privileged mode, type the enable comm<strong>and</strong>. The prompt changes to Switch#. To enter<br />
global configuration mode, enter configure terminal. The prompt changes to Switch(config)#. At any point<br />
in your configuration, you can enter the ? key to get help.
Switch LED Interpretation Exercise<br />
The LEDs on a switch provide a wealth of information about the switch. Being able to interpret the meanings<br />
of different LED colors <strong>and</strong> statuses is important for troubleshooting problems <strong>and</strong> gives the network<br />
engineer a snapshot of current network performance. Refer to Figure 6-1 <strong>and</strong> answer the following questions<br />
about a switch’s LED.<br />
Figure 6-1 Four Main LEDs on the Catalyst 2950 Switch<br />
System LED<br />
The system LED is off. What does this indicate?<br />
No power to the switch.<br />
What does an amber system LED indicate?<br />
The system failed POST <strong>and</strong> is not operational.<br />
RPS LED<br />
What does the acronym RPS st<strong>and</strong> for?<br />
Redundant power supply.<br />
The RPS LED is off. What does this indicate?<br />
No RPS is attached.<br />
System<br />
LED<br />
Port Mode<br />
LEDs<br />
What does a green RPS LED indicate?<br />
A redundant power supply is attached <strong>and</strong> operational.<br />
What does a flashing green RPS LED indicate?<br />
An RPS is attached but unavailable.<br />
Redundant Power<br />
Supply LED<br />
Mode Button<br />
Chapter 6: Catalyst Switch Configuration 245<br />
Port Status<br />
LEDs<br />
1x 2x 3x 4x 5x
246 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
What does an amber RPS LED indicate?<br />
An RPS is installed but not operational.<br />
What does a flashing amber RPS LED indicate?<br />
The internal power supply failed <strong>and</strong> the RPS is providing power.<br />
Port Mode LEDs<br />
The STAT mode is currently selected. What does each of the following indicate?<br />
The port LED is off.<br />
No device is attached.<br />
The port LED is flashing green.<br />
The port is sending/receiving traffic on an active link.<br />
The port LED is amber (three reasons).<br />
The port has just detected a link <strong>and</strong> is currently running STP, in which case the LED will be amber for<br />
30 seconds, the port has been administratively suspended because of an address violation, or the port has<br />
been suspended by STP because of a loop.<br />
The UTIL mode is currently selected. Briefly explain this mode’s purpose assuming the switch is a 2950-24.<br />
If all the port LEDs are green, the switch is using more than 50 percent of total b<strong>and</strong>width. If the far-right<br />
LED is off, the switch is using more than 25 percent but less than 50 percent of the total b<strong>and</strong>width, <strong>and</strong><br />
so on. If only the far-left LED is green, the switch is using less than 0.0488 percent of the total b<strong>and</strong>width.<br />
For the DUPLEX <strong>and</strong> SPEED modes, what does a green LED indicate?<br />
The port is operating in full duplex <strong>and</strong> at 100 Mbps, respectively.<br />
For the SPEED mode, what does a flashing green LED indicate?<br />
The port is operating at 1000 Mbps.<br />
Configuring the Switch<br />
The exercises in this section focus on switch configuration.<br />
Learn Basic Switch Comm<strong>and</strong>s Exercise<br />
For this exercise, refer to Figure 6-2 to answer the following configuration questions. The router is named<br />
DIST because it is a distribution layer router <strong>and</strong> the switch is named ALSW because it is an access layer<br />
switch.
Figure 6-2 Basic Switch Configuration Exercise<br />
For a Catalyst 2950 switch, the following default configurations are in place:<br />
IP address: 0.0.0.0<br />
CDP: enabled<br />
100BASE-T port: autonegotiate duplex mode<br />
Spanning tree: enabled<br />
Console password: none<br />
The default hostname is Switch. Record the switch prompt <strong>and</strong> comm<strong>and</strong> to change the hostname to<br />
ALSW.<br />
Switch(config)#hostname ALSW<br />
Record the switch prompt <strong>and</strong> comm<strong>and</strong> to configure class as the encrypted enable password.<br />
ALSW(config)#enable secret class<br />
Record the switch prompt <strong>and</strong> comm<strong>and</strong> to enter console line configuration mode.<br />
ALSW(config)#line console 0<br />
Record the switch prompt <strong>and</strong> comm<strong>and</strong> to configure the password cisco on the console line.<br />
ALSW(config-line)#password cisco<br />
Record the switch prompt <strong>and</strong> comm<strong>and</strong> to require users to log in.<br />
ALSW(config-line)#login<br />
DIST<br />
ALSW<br />
VLAN1 192.168.1.2/24<br />
Fa0 192.168.1.1/24<br />
Chapter 6: Catalyst Switch Configuration 247
248 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
The preceding comm<strong>and</strong>s should also be entered on the Telnet lines. A switch has 16 Telnet lines numbered<br />
0 to 15. The comm<strong>and</strong> to enter Telnet line configuration mode is line vty 0 15.<br />
A switch should be assigned an IP address so that it can be accessed remotely using Telnet or other<br />
TCP/IP applications. Referring to Figure 6-2, record the switch prompt <strong>and</strong> comm<strong>and</strong>s to enter interface<br />
configuration mode <strong>and</strong> then to configure ALSW with an IP address. Then record the comm<strong>and</strong> to activate<br />
the interface.<br />
ALSW(config)#interface vlan1<br />
ALSW(config-if)#ip address 192.168.1.2 255.255.255.0<br />
ALSW(config-if)#no shutdown<br />
To receive <strong>and</strong> send IP packets, the management interface needs a default gateway. Record the switch<br />
prompt <strong>and</strong> comm<strong>and</strong> to configure ALSW with a default gateway.<br />
ALSW(config)#ip default-gateway 192.168.1.1<br />
The ports on a switch are defaulted to autonegotiate the speed <strong>and</strong> duplex. However, it is a good idea to set<br />
these to the correct setting for the attached host, because autonegotiation can produce unpredictable results.<br />
Record the switch prompt <strong>and</strong> comm<strong>and</strong>s to configure a port’s interface to 100 Mbps <strong>and</strong> full duplex.<br />
Note: The comm<strong>and</strong>s must be entered in this order. If you try to enter the duplex comm<strong>and</strong> first, you will get the<br />
message: “Duplex can not be set until speed is set to non-auto value.”<br />
ALSW(config-if)#speed 100<br />
ALSW(config-if)#duplex full<br />
To enhance security, you can statically configure a port with the MAC address of the host or hosts attached<br />
to that port. Record the switch prompt <strong>and</strong> comm<strong>and</strong> to statically configure the MAC address<br />
0005.9a3c.7800 on port 6.<br />
ALSW(config)#mac-address-table static 0005.9a3c.7800 vlan 1 interface FastEthernet0/6<br />
Instead of explicitly configuring the MAC address, you can configure a port to dynamically learn MAC<br />
addresses <strong>and</strong> have them “stick” to the current configuration. When in interface configuration mode for<br />
port 5, you need several comm<strong>and</strong>s to enable the following security requirements. Be sure the port is in<br />
access mode <strong>and</strong> do not forget to enable port security. Set the maximum addresses that the port can learn<br />
to 1 <strong>and</strong> set the port to shut down if another MAC address is detected.<br />
ALSW(config)#interface fastEthernet 0/5<br />
ALSW(config-if)#switchport mode access<br />
ALSW(config-if)#switchport port-security<br />
ALSW(config-if)#switchport port-security maximum 1<br />
ALSW(config-if)#switchport port-security mac-address sticky<br />
ALSW(config-if)#switchport port-security violation shutdown<br />
Briefly explain what each of the following port security violation keywords enables on the interface:<br />
■ protect—When the port reaches the maximum number of MAC addresses, frames with unknown<br />
source addresses are dropped until you remove at least one secure MAC address.<br />
■ restrict—The port will still forward traffic from unknown sources above the maximum number, but<br />
the switch will send an SNMP trap notification to the network management workstation.<br />
■ shutdown—The port is shut down in a err-disabled state for all traffic, <strong>and</strong> an SNMP trap notification<br />
is sent to the network management station. You can bring it out of this state by entering the errdisable<br />
recovery cause psecure-violation global configuration comm<strong>and</strong>, or you can manually re-enable it by<br />
entering the shutdown <strong>and</strong> no shutdown interface configuration comm<strong>and</strong>s.
Lab Exercises<br />
Comm<strong>and</strong> Reference<br />
In the following table, record the comm<strong>and</strong>, including the correct switch prompt, that fits the description<br />
for a 2950 Catalyst switch. Fill in any blanks with the appropriate missing information.<br />
Comm<strong>and</strong> Description<br />
Chapter 6: Catalyst Switch Configuration 249<br />
Switch#show vlan Displays the current VLAN configuration<br />
Switch#delete flash:vlan.dat Removes the VLAN database from Flash memory<br />
Switch(config)#interface vlan1 Enables the virtual interface for VLAN1, the default<br />
VLAN on the switch<br />
Switch(config)#ip default-gateway 192.168.1.1 Configures a gateway to allow IP packets an exit<br />
Switch(config-if)#duplex full Forces full-duplex operation on an interface<br />
Switch(config-if)#duplex auto Enables auto-duplex configuration<br />
Switch(config-if)#duplex half Forces half-duplex operation on an interface<br />
Switch(config-if)#speed 10 Forces 10-Mbps operation on an interface<br />
Switch(config-if)#speed 100 Forces 100-Mbps operation on an interface<br />
Switch(config-if)#speed auto Enables autospeed configuration<br />
Switch#show mac-address-table Displays the current MAC address forwarding table<br />
Switch#clear mac-address-table dynamic Deletes all learned entries from the current MAC address<br />
forwarding table<br />
Switch(config)#mac-address-table static Sets a static address of aaaa.aaaa.aaaa in the MAC<br />
aaaa.aaaa.aaaa vlan 1 interface fa0/1 address table for Fa0/1<br />
Switch(config-if)#switchport port-security Enables port security on the interface<br />
Switch(config-if)#switchport port-security Sets the maximum number of MAC addresses<br />
maximum 1 that a port can learn to 1<br />
Switch(config-if)#switchport port-security Configures the port to dynamically learn MAC addresses<br />
mac-address sticky <strong>and</strong> “stick” them to the configuration<br />
Switch(config-if)#switchport port-security Configures the port to be disabled if there is a security<br />
violation shutdown violation<br />
Switch(config-if)#switchport port-security Configures the port to send a SNMP trap if a security<br />
violation restrict violation is detected but does not shut down the port<br />
Switch(config-if)#switchport port-security Configures the port to drop all frames from unknown<br />
violation protect source MAC addresses after the maximum configured<br />
MAC addresses have been learned
250 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Curriculum Lab 6-1: Verifying Default Switch<br />
Configuration (6.2.1)<br />
Figure 6-3 Topology for Lab 6-1<br />
Objective<br />
Investigate the default configuration of a 2900 series switch.<br />
Background/Preparation<br />
Cable a network that is similar to the one in Figure 6-3. The 2950 series switch produced the configuration<br />
output in this lab. Another switch might produce different output. You should execute the following steps<br />
on each switch unless you are specifically instructed otherwise. Instructions are also provide for the 1900<br />
series switch, which initially displays a User Interface Menu. Select the Comm<strong>and</strong> Line option from the<br />
menu to perform the steps for this lab.<br />
Start a HyperTerminal session.<br />
Implement the procedure documented in Appendix B, “Erasing <strong>and</strong> Reloading the Switch,” on all switches<br />
before you continue with this lab.<br />
General Configuration Tips<br />
FA0/1 FA0/4<br />
Switch 1<br />
Straight-Through Cable<br />
Rollover (Console) Cable<br />
Crossover Cable<br />
Serial Cable<br />
■ Use the question mark (?) <strong>and</strong> arrow keys to help to enter comm<strong>and</strong>s.<br />
■ Each comm<strong>and</strong> mode restricts the set of available comm<strong>and</strong>s. If you have difficulty entering a comm<strong>and</strong>,<br />
check the prompt <strong>and</strong> then enter ? for a list of available comm<strong>and</strong>s. You might be using the<br />
wrong comm<strong>and</strong> mode or the wrong syntax.<br />
■ To disable a feature, enter the keyword no before the comm<strong>and</strong>, such as no ip address.<br />
■ Save the configuration changes to NVRAM so that you do not lose the changes if there is a system<br />
reload or power outage.
Table 6-1 shows the switch comm<strong>and</strong> modes that you should be familiar with for all labs in this chapter.<br />
Table 6-1 Switch Comm<strong>and</strong> Modes<br />
Comm<strong>and</strong> Access Switch Prompt Exit<br />
Mode Method Displayed Method<br />
User EXEC Log in. Switch> Use the logout comm<strong>and</strong>.<br />
Privileged From user EXEC mode, Switch# To exit to user EXEC mode, use the<br />
EXEC enter the enable comm<strong>and</strong>. disable, exit, or logout comm<strong>and</strong>.<br />
Global From privileged EXEC Switch (config)# To exit to privileged EXEC mode,<br />
configuration mode, enter the configure use the exit or end comm<strong>and</strong>, or<br />
terminal comm<strong>and</strong>. press Ctrl-Z.<br />
Interface From global configuration Switch (config-if)# To exit to global configuration<br />
configuration mode, enter the interface mode, use the exit comm<strong>and</strong>.<br />
type number comm<strong>and</strong>, such<br />
as interface serial 0.<br />
Task 1: Enter Privileged Mode<br />
Step 1. Privileged mode gives access to all the switch comm<strong>and</strong>s. Because many of the privileged<br />
mode comm<strong>and</strong>s configure operating parameters, privileged mode access should be passwordprotected<br />
to prevent unauthorized use. The privileged mode comm<strong>and</strong> set includes those comm<strong>and</strong>s<br />
that are contained in user EXEC mode, as well as the configure comm<strong>and</strong> through<br />
which access to the remaining comm<strong>and</strong> modes is gained.<br />
Switch>enable<br />
Switch#<br />
Step 2. Notice that the prompt changed to reflect privileged EXEC mode.<br />
Task 2: Examine the Current Switch Configuration<br />
Step 1. Examine the current running configuration file:<br />
Switch#show running-config<br />
How many Ethernet <strong>and</strong> Fast Ethernet interfaces does the switch have?<br />
24 Fast Ethernet ports<br />
What is the range of values shown for the VTY lines? 5 to 15<br />
Step 2. Examine the current contents of NVRAM.<br />
Switch#show startup-config<br />
%% Non-volatile configuration memory is not present<br />
Why does the switch give this response?<br />
Nothing is currently stored in NVRAM due to the erase startup.<br />
Chapter 6: Catalyst Switch Configuration 251
252 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Step 3. Show the current IP address of the switch.<br />
Switch#show interface VLAN 1<br />
Is an IP address set on the switch? No<br />
What is the MAC address of this virtual switch interface?<br />
0004.c075.1500 (answers will vary)<br />
Is this interface up? No<br />
Step 4. You can show the IP properties of the interface by entering the following comm<strong>and</strong>:<br />
Switch#show ip interface VLAN 1<br />
Step 5. The following comm<strong>and</strong> provides the switch IP address information for the 1900:<br />
#show ip<br />
Task 3: Get Cisco IOS Software Information<br />
Examine the version information that the switch reports.<br />
Switch#show version<br />
What is the IOS version that the switch is running?<br />
12.1(9)EA1<br />
What is the system image filename?<br />
c2950-i6q4l2-mz.121-9.EA1.bin<br />
What is the base MAC address of this switch?<br />
00:04:C0:75:15:00 (answers will vary)<br />
Is the switch running Enterprise Edition software?<br />
No, it is running the st<strong>and</strong>ard image.<br />
Is the switch running Enhanced Image software, indicated by the letters EA in the IOS filename (2950<br />
series)? Yes<br />
Task 4: Examine the Fast Ethernet Interfaces<br />
Examine the default properties of the Fast Ethernet interfaces. As an example, examine the properties of<br />
the fourth interface:<br />
Switch#show interface fastethernet 0/4<br />
1900:<br />
#show interface fastethernet 0/26<br />
Note: This is a trunk port.
or<br />
#show interface ethernet 0/4<br />
Note: This is an access port.<br />
2950:<br />
#show interface fastethernet 0/4<br />
Note: This can be a trunk or access port.<br />
or<br />
#show interface gigabitethernet 0/1<br />
Note: This can be a trunk or access port.<br />
Is the interface up or down? Up<br />
What event would make an interface go up?<br />
Attaching a host to the port would make an interface go up.<br />
What is the MAC address of the interface?<br />
0004.c075.1504 (answers will vary)<br />
What is the speed <strong>and</strong> duplex setting of the interface?<br />
Auto-duplex, Auto-speed<br />
Task 5: Examine VLAN Information<br />
Examine the default VLAN settings of the switch.<br />
Switch#show vlan<br />
What is the name of VLAN 1? Default<br />
Which ports are in this VLAN? All, 1[nd]24<br />
Is VLAN 1 active? Yes<br />
What type of VLAN is the default VLAN? Ethernet<br />
Task 6: Examine Flash Memory (1900: Skip to Step 8)<br />
Examine the contents of the Flash directory.<br />
Switch#dir flash:<br />
or<br />
Switch#show flash<br />
Chapter 6: Catalyst Switch Configuration 253
254 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Name the files <strong>and</strong> directories found.<br />
2 -rwx 2490607 Mar 01 1993 00:02:56 c2950-i6q4l2-mz.121-9.EA1.bin<br />
3 -rwx 269 Jan 01 1970 00:01:43 env_vars<br />
6 -rwx 108 Mar 01 1993 00:01:37 info<br />
7 drwx 640 Mar 01 1993 00:03:46 html<br />
18 -rwx 108 Mar 01 1993 00:03:46 info.ver<br />
Task 7: Examine the Startup Configuration File<br />
Step 1. To see the contents of the startup configuration file, enter the show running-config comm<strong>and</strong><br />
in privileged EXEC mode.<br />
Switch#show startup-config<br />
Step 2. The switch responds with the following:<br />
Non-volatile configuration memory is not present<br />
Why does this message appear?<br />
No startup configuration file is present.<br />
Step 3. Copy the current configuration to NVRAM. This step ensures that any changes made will be<br />
available to the switch if there is a reload or if the power goes off.<br />
Switch#copy running-config startup-config<br />
Destination filename [startup-config]?<br />
Building configuration...<br />
[OK]<br />
Switch#<br />
Step 4. Show the contents of NVRAM.<br />
Switch#show startup-config<br />
What is displayed now?<br />
A copy of the running configuration is now saved in NVRAM <strong>and</strong> will be used the next time<br />
the router is rebooted.<br />
Task 8: Exit the Switch<br />
Step 1. Exit to the switch welcome screen.<br />
Switch#exit<br />
Step 2. Remove <strong>and</strong> store the cables <strong>and</strong> adapter.
Curriculum Lab 6-2: Basic Switch Configuration (6.2.2)<br />
Figure 6-4 Topology for Lab 6-2<br />
Table 6-2 Lab Equipment Configuration<br />
Switch Designation Switch Name Enable Secret Password Enable/VTY/Console Password<br />
Switch 1 ALSwitch class cisco<br />
Objectives<br />
■ Configure a switch with a name <strong>and</strong> an IP address.<br />
■ Configure passwords to ensure that access to the CLI is secured.<br />
■ Configure switch port speed <strong>and</strong> duplex properties for an interface.<br />
■ Save the active configuration.<br />
■ View the switch browser interface.<br />
Background/Preparation<br />
FA0/1 FA0/4<br />
Switch 1<br />
Straight-Through Cable<br />
Rollover (Console) Cable<br />
Chapter 6: Catalyst Switch Configuration 255<br />
Crossover Cable<br />
Serial Cable<br />
Cable a network that is similar to the one in Figure 6-4. The 2950 series switch produced the configuration<br />
output used in this lab. Another switch might produce different output. You should execute the following<br />
steps on each switch unless you are specifically instructed otherwise. Instructions are also provided for the<br />
1900 series switch, which initially displays a User Interface Menu. Select the Comm<strong>and</strong> Line option from<br />
the menu to perform the steps for this lab.
256 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Start a HyperTerminal session.<br />
Implement the procedure documented in Appendix B before you continue with this lab.<br />
Task 1: Enter Privileged Mode<br />
Step 1. Privileged mode gives access to all the switch comm<strong>and</strong>s. Because many of the privileged<br />
mode comm<strong>and</strong>s configure operating parameters, privileged mode access should be passwordprotected<br />
to prevent unauthorized use. The privileged mode comm<strong>and</strong> set includes those comm<strong>and</strong>s<br />
that are contained in user EXEC mode, as well as the configure comm<strong>and</strong> through<br />
which access to the remaining comm<strong>and</strong> modes is gained.<br />
Switch>enable<br />
Switch#<br />
1900:<br />
>enable<br />
#<br />
Step 2. Notice that the prompt changed to reflect privileged EXEC mode.<br />
Task 2: Examine the Current Switch Configuration<br />
Step 1. Examine the current running configuration file.<br />
Switch#show running-config<br />
How many Ethernet or Fast Ethernet interfaces does the switch have? 24<br />
What is the range of values shown for the VTY lines? 5<strong>–</strong>15<br />
Switch#show running-config<br />
Building configuration...<br />
Current configuration : 1427 bytes<br />
!<br />
version 12.1<br />
no service pad<br />
service timestamps debug uptime<br />
service timestamps log uptime<br />
no service password-encryption<br />
!<br />
hostname Switch<br />
!<br />
!<br />
ip subnet-zero<br />
!<br />
spanning-tree mode pvst<br />
no spanning-tree optimize bpdu transmission<br />
spanning-tree extend system-id<br />
!<br />
!<br />
interface FastEthernet0/1<br />
no ip address<br />
!
interface FastEthernet0/2<br />
no ip address<br />
!<br />
interface FastEthernet0/3<br />
no ip address<br />
!<br />
interface FastEthernet0/4<br />
no ip address<br />
!<br />
interface FastEthernet0/5<br />
no ip address<br />
!<br />
interface FastEthernet0/6<br />
no ip address<br />
!<br />
interface FastEthernet0/7<br />
no ip address<br />
!<br />
interface FastEthernet0/8<br />
no ip address<br />
!<br />
interface FastEthernet0/9<br />
no ip address<br />
!<br />
interface FastEthernet0/10<br />
no ip address<br />
!<br />
interface FastEthernet0/11<br />
no ip address<br />
!<br />
interface FastEthernet0/12<br />
no ip address<br />
!<br />
interface FastEthernet0/13<br />
no ip address<br />
!<br />
interface FastEthernet0/14<br />
no ip address<br />
!<br />
interface FastEthernet0/15<br />
no ip address<br />
!<br />
interface FastEthernet0/16<br />
no ip address<br />
!<br />
interface FastEthernet0/17<br />
no ip address<br />
!<br />
interface FastEthernet0/18<br />
no ip address<br />
!<br />
Chapter 6: Catalyst Switch Configuration 257
258 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
interface FastEthernet0/19<br />
no ip address<br />
!<br />
interface FastEthernet0/20<br />
no ip address<br />
!<br />
interface FastEthernet0/21<br />
no ip address<br />
!<br />
interface FastEthernet0/22<br />
no ip address<br />
!<br />
interface FastEthernet0/23<br />
no ip address<br />
!<br />
interface FastEthernet0/24<br />
no ip address<br />
!<br />
interface Vlan1<br />
no ip address<br />
no ip route-cache<br />
shutdown<br />
!<br />
ip http server<br />
!<br />
!<br />
line con 0<br />
line vty 5 15<br />
!<br />
end<br />
Switch#<br />
Step 2. Examine the current contents of NVRAM.<br />
Switch#show startup-config<br />
startup-config is not present<br />
Why does the switch give this response?<br />
Nothing is saved into NVRAM.<br />
Task 3: Assign a Name to the Switch<br />
Step 1. Enter enable <strong>and</strong> then configuration mode. Configuration mode allows the management of the<br />
switch. Enter the name by which this switch will be referred, ALSwitch.<br />
Switch#configure terminal<br />
Enter configuration comm<strong>and</strong>s, one per line. End with Ctrl+Z.<br />
Switch(config)#hostname ALSwitch<br />
ALSwitch(config)#exit<br />
Step 2. Notice that the prompt changed to reflect its new name. Type exit or press Ctrl-Z to go back<br />
into privileged mode.
Task 4: Examine the Current Running Configuration<br />
Examine the current configuration to verify that there is no configuration except for the hostname.<br />
ALSwitch#show running-config<br />
Are passwords set on lines? No<br />
What does the configuration show as the hostname of this switch? ALSwitch<br />
ALSwitch#show running-config<br />
Building configuration...<br />
Current configuration : 1427 bytes<br />
!<br />
version 12.1<br />
no service pad<br />
service timestamps debug uptime<br />
service timestamps log uptime<br />
no service password-encryption<br />
!<br />
hostname ALSwitch<br />
!<br />
!<br />
ip subnet-zero<br />
!<br />
spanning-tree mode pvst<br />
no spanning-tree optimize bpdu transmission<br />
spanning-tree extend system-id<br />
!<br />
!<br />
interface FastEthernet0/1<br />
!<br />
interface FastEthernet0/2<br />
!<br />
interface FastEthernet0/3<br />
!<br />
interface FastEthernet0/4<br />
!<br />
interface FastEthernet0/5<br />
!<br />
interface FastEthernet0/6<br />
!<br />
interface FastEthernet0/7<br />
!<br />
interface FastEthernet0/8<br />
!<br />
interface FastEthernet0/9<br />
!<br />
interface FastEthernet0/10<br />
Chapter 6: Catalyst Switch Configuration 259
260 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
interface FastEthernet0/11<br />
!<br />
interface FastEthernet0/12<br />
!<br />
interface FastEthernet0/13<br />
!<br />
interface FastEthernet0/14<br />
!<br />
interface FastEthernet0/15<br />
!<br />
interface FastEthernet0/16<br />
!<br />
interface FastEthernet0/17<br />
!<br />
interface FastEthernet0/18<br />
!<br />
interface FastEthernet0/19<br />
!<br />
interface FastEthernet0/20<br />
!<br />
interface FastEthernet0/21<br />
!<br />
interface FastEthernet0/22<br />
!<br />
interface FastEthernet0/23<br />
!<br />
interface FastEthernet0/24<br />
!<br />
interface Vlan1<br />
no ip route-cache<br />
shutdown<br />
!<br />
ip http server<br />
!<br />
!<br />
line con 0<br />
line vty 5 15<br />
!<br />
end<br />
ALSwitch#
Task 5: Set the Access Passwords (1900: Skip to Task 6)<br />
Enter config-line mode for the console. Set the password on this line to cisco for login. Configure the VTY<br />
lines 5 to 15 with the password cisco.<br />
ALSwitch#configure terminal<br />
Enter configuration comm<strong>and</strong>s, one per line. End with Ctrl-Z.<br />
ALSwitch(config)#line con 0<br />
ALSwitch(config-line)#password cisco<br />
ALSwitch(config-line)#login<br />
ALSwitch(config-line)#line vty 0 15<br />
ALSwitch(config-line)#password cisco<br />
ALSwitch(config-line)#login<br />
ALSwitch(config-line)#exit<br />
Task 6: Set the Comm<strong>and</strong> Mode Passwords<br />
Set the enable password to cisco <strong>and</strong> the enable secret password to class.<br />
ALSwitch(config)#enable password cisco<br />
ALSwitch(config)#enable secret class<br />
1900:<br />
ALSwitch(config)#enable password level 15 cisco<br />
ALSwitch(config)#enable secret class<br />
Which password takes precedence: the enable password or the enable secret password? secret<br />
Task 7: Configure Layer 3 Access to the Switch<br />
Step 1. Set the IP address of the switch to 192.168.1.2 with a subnet mask of 255.255.255.0. Note that<br />
this is done on the internal virtual interface VLAN 1.<br />
ALSwitch(config)#interface VLAN 1<br />
ALSwitch(config-if)#ip address 192.168.1.2 255.255.255.0<br />
ALSwitch(config-if)#exit<br />
1900:<br />
ALSwitch(config)#ip address 192.168.1.2 255.255.255.0<br />
ALSwitch(config)#exit<br />
Step 2. Set the default gateway for the switch <strong>and</strong> the default management VLAN as 192.168.1.1.<br />
ALSwitch(config)#ip default-gateway 192.168.1.1<br />
ALSwitch(config)#exit<br />
1900:<br />
ALSwitch(config)#ip default-gateway 192.168.1.1<br />
ALSwitch(config)#exit<br />
Chapter 6: Catalyst Switch Configuration 261
262 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 8: Verify the Management LAN Settings (1900: Skip to Step 9)<br />
Step 1. Verify the interface settings on VLAN 1.<br />
ALSwitch#show interface VLAN 1<br />
What is the b<strong>and</strong>width on this interface?<br />
1000000 Kbit<br />
What are the VLAN states? VLAN1 is down, <strong>and</strong> line protocol is down.<br />
Step 2. Enable the virtual interface using the no shutdown comm<strong>and</strong>.<br />
ALSwitch(config)#interface VLAN 1<br />
ALSwitch(config-if)#no shutdown<br />
ALSwitch(config-if)#exit<br />
What is the queuing strategy? FIFO<br />
ALSwitch#show interface vlan 1<br />
Vlan1 is administratively down, line protocol is down<br />
Hardware is CPU Interface, address is 0009.b7f6.61c0 (bia 0009.b7f6.61c0)<br />
Internet address is 192.168.1.2/24<br />
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,<br />
reliability 255/255, txload 1/255, rxload 1/255<br />
Encapsulation ARPA, loopback not set<br />
ARP type: ARPA, ARP Timeout 04:00:00<br />
Last input 00:06:12, output never, output hang never<br />
Last clearing of “show interface” counters never<br />
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0<br />
Queueing strategy: fifo<br />
Output queue :0/40 (size/max)<br />
5 minute input rate 0 bits/sec, 0 packets/sec<br />
5 minute output rate 5000 bits/sec, 1 packets/sec<br />
47 packets input, 6606 bytes, 0 no buffer<br />
Received 47 broadcasts, 0 runts, 0 giants, 0 throttles<br />
0 input errors, 0 CRC, 0 frame, 0 overrun, 33 ignored<br />
664 packets output, 372036 bytes, 0 underruns<br />
0 output errors, 3 interface resets<br />
0 output buffer failures, 0 output buffers swapped out<br />
ALSwitch#<br />
Task 9: Configure Port Speed <strong>and</strong> Duplex Properties for a Fast<br />
Ethernet Interface<br />
Note: 1900 switch access ports can operate only at 10 Mbps, but duplex can be set to full. If the switch has<br />
10/100-Mbps trunk ports, the speed <strong>and</strong> duplex can be set for these.<br />
Step 1. Prepare to configure the fastethernet 0/4 interface.<br />
ALSwitch#configure terminal<br />
Step 2. Enter configuration comm<strong>and</strong>s, one per line. End with Ctrl-Z.<br />
ALSwitch(config)#interface fastethernet 0/4
Step 3. Set the port speed of interface fastethernet 0/4 to 100 Mbps <strong>and</strong> to operate in full-duplex mode.<br />
ALSwitch(config-if)#speed 100<br />
ALSwitch(config-if)#duplex full<br />
Step 4. If you know that the devices that are connected to a port must operate at a certain speed <strong>and</strong> in<br />
duplex mode, you should set the interface to that speed <strong>and</strong> mode.<br />
Task 10: Verify the Settings on a Fast Ethernet Interface<br />
ALSwitch#show interface fastethernet 0/4<br />
ALSwitch#show interfaces fastEthernet 0/4<br />
FastEthernet0/4 is down, line protocol is down (notconnect)<br />
Hardware is Fast Ethernet, address is 000b.be7f.ed44 (bia 000b.be7f.ed44)<br />
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,<br />
reliability 255/255, txload 1/255, rxload 1/255<br />
Encapsulation ARPA, loopback not set<br />
Keepalive set (10 sec)<br />
Full-duplex, 100Mb/s<br />
input flow-control is unsupported output flow-control is unsupported<br />
ARP type: ARPA, ARP Timeout 04:00:00<br />
Last input never, output 00:05:53, output hang never<br />
Last clearing of “show interface” counters never<br />
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0<br />
Queueing strategy: fifo<br />
Output queue: 0/40 (size/max)<br />
5 minute input rate 0 bits/sec, 0 packets/sec<br />
5 minute output rate 0 bits/sec, 0 packets/sec<br />
1 packets input, 64 bytes, 0 no buffer<br />
Received 0 broadcasts (0 multicast)<br />
0 runts, 0 giants, 0 throttles<br />
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored<br />
0 watchdog, 0 multicast, 0 pause input<br />
0 input packets with dribble condition detected<br />
1 packets output, 64 bytes, 0 underruns<br />
0 output errors, 0 collisions, 2 interface resets<br />
0 babbles, 0 late collision, 0 deferred<br />
0 lost carrier, 0 no carrier, 0 PAUSE output<br />
0 output buffer failures, 0 output buffers swapped out<br />
ALSwitch#<br />
Task 11: Save the Configuration<br />
Step 1. The basic configuration of the switch has just been completed. Back up the running configuration<br />
file to NVRAM. This ensures that the changes made will not be lost if the system is<br />
rebooted or loses power.<br />
ALSwitch#copy running-config startup-config<br />
Destination filename [startup-config]?[Enter]<br />
Chapter 6: Catalyst Switch Configuration 263
264 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Building configuration...<br />
[OK]<br />
ALSwitch#<br />
Step 2. The configuration is automatically saved to NVRAM within approximately 1 minute of entering<br />
a comm<strong>and</strong>. To save the configuration to a TFTP server, enter the following:<br />
ALSwitch#copy nvram tftp://tftp server ip address/destination_filename<br />
Task 12: Examine the Startup Configuration File (1900: Skip to<br />
Task 13)<br />
To see the configuration that is stored in NVRAM, enter show startup-config from privileged EXEC<br />
(enable) mode.<br />
ALSwitch#show startup-config<br />
What is displayed?<br />
Copy of the running-configuration<br />
Are all the changes that were entered recorded in the file? Yes<br />
ALSwitch#show startup-config<br />
Using 1302 out of 32768 bytes<br />
!<br />
version 12.1<br />
no service pad<br />
service timestamps debug uptime<br />
service timestamps log uptime<br />
no service password-encryption<br />
!<br />
hostname ALSwitch<br />
!<br />
enable secret 5 $1$dw/7$XS/PsFsTanHdxanztCdBO0<br />
enable password cisco<br />
!<br />
ip subnet-zero<br />
!<br />
!<br />
spanning-tree mode pvst<br />
no spanning-tree optimize bpdu transmission<br />
spanning-tree extend system-id<br />
!<br />
!<br />
interface FastEthernet0/1<br />
!<br />
interface FastEthernet0/2<br />
!
interface FastEthernet0/3<br />
!<br />
interface FastEthernet0/4<br />
!<br />
speed 100<br />
duplex full<br />
interface FastEthernet0/5<br />
!<br />
interface FastEthernet0/6<br />
!<br />
interface FastEthernet0/7<br />
!<br />
interface FastEthernet0/8<br />
!<br />
interface FastEthernet0/9<br />
!<br />
interface FastEthernet0/10<br />
!<br />
interface FastEthernet0/11<br />
!<br />
interface FastEthernet0/12<br />
!<br />
interface FastEthernet0/13<br />
!<br />
interface FastEthernet0/14<br />
!<br />
interface FastEthernet0/15<br />
!<br />
interface FastEthernet0/16<br />
!<br />
interface FastEthernet0/17<br />
!<br />
interface FastEthernet0/18<br />
!<br />
interface FastEthernet0/19<br />
!<br />
interface FastEthernet0/20<br />
!<br />
interface FastEthernet0/21<br />
!<br />
interface FastEthernet0/22<br />
!<br />
interface FastEthernet0/23<br />
!<br />
Chapter 6: Catalyst Switch Configuration 265
266 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
interface FastEthernet0/24<br />
!<br />
interface Vlan1<br />
!<br />
ip address 192.168.1.2 255.255.255.0<br />
no ip route-cache<br />
shutdown<br />
ip default-gateway 192.168.1.1<br />
ip http server<br />
!<br />
line con 0<br />
password cisco<br />
login<br />
line vty 0 4<br />
password cisco<br />
login<br />
line vty 5 15<br />
!<br />
!<br />
password cisco<br />
login<br />
end<br />
Task 13: Remove the Enable <strong>and</strong> Enable Secret Passwords<br />
ALSwitch#configure terminal<br />
Enter configuration comm<strong>and</strong>s, one per line. End with Ctrl+Z.<br />
ALSwitch(config)#no enable password<br />
ALSwitch(config)#no enable secret<br />
1900:<br />
ALSwitch(config)#no enable password level 15<br />
ALSwitch(config)#no enable secret<br />
Task 14: Access the Switch Web Interface<br />
Step 1. Access to the web interface of the switch may be on by default. If it is not on, issue the following<br />
comm<strong>and</strong>:<br />
ALSwitch(config)#ip http server<br />
Step 2. Start your web browser.
Step 3. Type the switch IP address into the Location field (Netscape) or Address field (Internet<br />
Explorer) <strong>and</strong> press Enter.<br />
Step 4. Because you have not secured access to the switch web interface, you will get a web page from<br />
the switch. You will not be asked to supply a username or password.<br />
Task 15: Exit the Switch<br />
Step 1. Exit to the switch welcome screen.<br />
Switch#exit<br />
Step 2. Remove <strong>and</strong> store the cables <strong>and</strong> adapter.<br />
Curriculum Lab 6-3: Managing the MAC Address Table<br />
(6.2.3)<br />
Figure 6-5 Topology for Lab 6-3<br />
Table 6-3 Lab Equipment Configuration<br />
Switch Switch Name VLAN 1 IP Default Gateway Subnet Mask<br />
Designation Address IP Address<br />
Switch 1 ALSwitch 192.168.1.2 192.168.1.1 255.255.255.0<br />
The enable secret password is class.<br />
The enable, VTY, <strong>and</strong> console password is cisco.<br />
Objective<br />
FA0/1 FA0/4<br />
Switch 1<br />
Straight-Through Cable<br />
Rollover (Console) Cable<br />
Create a basic switch configuration <strong>and</strong> manage the switch MAC table.<br />
Chapter 6: Catalyst Switch Configuration 267<br />
Crossover Cable<br />
Serial Cable
268 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Background/Preparation<br />
Cable a network that is similar to the one in Figure 6-5. The 2950 switch produced the configuration output<br />
in this lab. Another switch might produce different output. Instructions are also provided for the 1900<br />
series switch, which initially displays a User Interface Menu. Select the Comm<strong>and</strong> Line option from the<br />
menu to perform the steps for this lab.<br />
Start a HyperTerminal session.<br />
Implement the procedure documented in Appendix B on all switches before you continue with this lab.<br />
Task 1: Configure the Switch<br />
Configure the hostname <strong>and</strong> passwords, as well as the management VLAN 1 settings for the switch, as<br />
indicated in Table 6-3. If you have problems while performing this configuration, refer to Curriculum<br />
Lab 6-2, “Basic Switch Configuration (6.2.2).”<br />
Task 2: Configure the Hosts that Are Attached to the Switch<br />
Configure the hosts to use the same IP subnet for addresses, masks, <strong>and</strong> the default gateway as the switch.<br />
Task 3: Verify Connectivity<br />
To verify that the hosts <strong>and</strong> switch are correctly configured, ping the switch IP address from the hosts.<br />
Were the pings successful? Yes<br />
If the answer is no, troubleshoot the hosts <strong>and</strong> switch configurations.<br />
Task 4: Record the Host MAC Addresses<br />
Determine <strong>and</strong> record the Layer 2 addresses of the PC network interface cards.<br />
If you are running Windows 98, check using Start > Run > winipcfg. Click More info.<br />
If you are running Windows 2000 or higher, check using Start > Run > cmd > ipconfig /all.<br />
PC1: 00-01-02-76-8E-EC<br />
PC4: 00-01-02-76-90-DD<br />
Task 5: Determine the MAC Addresses that the Switch Has<br />
Learned<br />
Determine the MAC addresses that the switch has learned by using the show mac-address-table comm<strong>and</strong><br />
at the privileged EXEC mode prompt.<br />
ALSwitch#show mac-address-table<br />
How many dynamic addresses exist? 2<br />
How many MAC addresses exist? 6<br />
How many addresses have been user defined? None<br />
Do the MAC addresses match the host MAC addresses? Yes
Task 6: Determine the show mac-address-table Options<br />
Step 1. Determine the options that the show mac-address-table comm<strong>and</strong> has by using the ? option.<br />
ALSwitch#show mac-address-table ?<br />
How many options are available for the show mac-address-table comm<strong>and</strong>? 11<br />
ALSwitch#show mac-address-table ?<br />
address address keyword<br />
aging-time aging-time keyword<br />
count count keyword<br />
dynamic dynamic entry type<br />
interface interface keyword<br />
multicast multicast info for selected wildcard<br />
notification MAC notification parameters <strong>and</strong> history table<br />
static static entry type<br />
vlan VLAN keyword<br />
| Output modifiers<br />
<br />
Step 2. Show the MAC address table for the switch.<br />
How many total MAC addresses exist? 6<br />
ALSwitch#show mac-address-table<br />
Mac Address Table<br />
—————————————————————-<br />
Vlan Mac Address Type Ports<br />
—— —————- ———— ——-<br />
All 0009.b7f6.61c0 STATIC CPU<br />
All 0100.0ccc.cccc STATIC CPU<br />
All 0100.0ccc.cccd STATIC CPU<br />
All 0100.0cdd.dddd STATIC CPU<br />
1 0001.0276.8eec DYNAMIC Fa0/1<br />
1 0001.0276.90dd DYNAMIC Fa0/4<br />
Total Mac Addresses for this criterion: 6<br />
Step 3. Show only the MAC address table addresses that were learned dynamically.<br />
How many exist? 2<br />
ALSwitch#show mac-address-table<br />
Mac Address Table<br />
—————————————————————-<br />
Vlan Mac Address Type Ports<br />
—— —————- ———— ——-<br />
1 0001.0276.8eec DYNAMIC Fa0/1<br />
1 0001.0276.90dd DYNAMIC Fa0/4<br />
Total Mac Addresses for this criterion: 6<br />
Task 7: Clear the MAC Address Table<br />
Remove the existing MAC addresses by using the clear mac-address-table comm<strong>and</strong> from the privileged<br />
EXEC mode prompt.<br />
ALSwitch#clear mac-address-table dynamic<br />
Chapter 6: Catalyst Switch Configuration 269
270 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 8: Verify the Results<br />
Verify that the mac-address-table was cleared.<br />
ALSwitch#show mac-address-table<br />
How many MAC addresses exist now? 4<br />
How many dynamic addresses exist? 0<br />
ALSwitch#show mac-address-table<br />
Mac Address Table<br />
—————————————————————-<br />
Vlan Mac Address Type Ports<br />
—— —————- ———— ——-<br />
All 0009.b7f6.61c0 STATIC CPU<br />
All 0100.0ccc.cccc STATIC CPU<br />
All 0100.0ccc.cccd STATIC CPU<br />
All 0100.0cdd.dddd STATIC CPU<br />
Total Mac Addresses for this criterion: 6<br />
Task 9: Determine the clear mac-address-table Options<br />
Determine the options that are available with the comm<strong>and</strong> clear mac-address-table ? at the privileged<br />
EXEC mode prompt.<br />
ALSwitch#clear mac-address-table ?<br />
How many options exist? 2<br />
ALSwitch#clear mac-address-table ?<br />
dynamic dynamic entry type<br />
notification Clear MAC notification Global Counters<br />
In what circumstances would these options be used?<br />
They would be used to remove dynamic MAC address entries or clear MAC notification counters.<br />
Task 10: Examine the MAC Table Again<br />
Step 1. Look at the MAC address table again by using the show mac-address-table comm<strong>and</strong> at the<br />
privileged EXEC mode prompt.<br />
ALSwitch#show mac-address-table<br />
How many dynamic addresses exist? 2
Why did this change from the last display?<br />
More than likely, the switch has received some broadcasts since the last time you clear the<br />
table.<br />
ALSwitch#show mac-address-table<br />
Mac Address Table<br />
—————————————————————-<br />
Vlan Mac Address Type Ports<br />
—— —————- ———— ——-<br />
All 0009.b7f6.61c0 STATIC CPU<br />
All 0100.0ccc.cccc STATIC CPU<br />
All 0100.0ccc.cccd STATIC CPU<br />
All 0100.0cdd.dddd STATIC CPU<br />
1 0001.0276.8eec DYNAMIC Fa0/1<br />
1 0001.0276.90dd DYNAMIC Fa0/4<br />
Total Mac Addresses for this criterion: 6<br />
Step 2. If the table has not changed yet, ping the switch IP address from the hosts two times each <strong>and</strong><br />
repeat step 10.<br />
Task 11: Exit the Switch<br />
Step 1. Exit to the switch welcome screen.<br />
Switch#exit<br />
Step 2. Remove <strong>and</strong> store the cables <strong>and</strong> adapter.<br />
Curriculum Lab 6-4: Configuring Static MAC Addresses<br />
(6.2.4)<br />
Figure 6-6 Topology for Lab 6-4<br />
FA0/1 FA0/4<br />
Switch 1<br />
Straight-Through Cable<br />
Rollover (Console) Cable<br />
Chapter 6: Catalyst Switch Configuration 271<br />
Crossover Cable<br />
Serial Cable
272 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Table 6-4 Lab Equipment Configuration<br />
Switch Switch Name VLAN 1 IP Default Gateway Subnet Mask<br />
Designation Address IP Address<br />
Switch 1 ALSwitch 192.168.1.2 192.168.1.1 255.255.255.0<br />
The enable secret password is class.<br />
The enable, VTY, <strong>and</strong> console password is cisco.<br />
Objectives<br />
■ Create a static address entry in the switch MAC table.<br />
■ Remove the created static MAC address entry.<br />
Background/Preparation<br />
Cable a network that is similar to the one in Figure 6-6. The 2950 switch produced the configuration output<br />
in this lab. Another switch might produce different output. Instructions are also provided for the 1900<br />
series switch, which initially displays a User Interface Menu. Select the Comm<strong>and</strong> Line option from the<br />
menu to perform the steps for this lab.<br />
Start a HyperTerminal session.<br />
Implement the procedure documented in Appendix B on all switches before you continue with this lab.<br />
Task 1: Configure the Switch<br />
Configure the hostname <strong>and</strong> passwords, as well as the management VLAN 1 settings for the switch, as<br />
indicated in Table 6-4. If you have problems while performing this configuration, refer to Curriculum<br />
Lab 6-2, “Basic Switch Configuration (6.2.2).”<br />
Task 2: Configure the Hosts Attached to the Switch<br />
Configure the hosts to use the same IP subnet for addresses, masks, <strong>and</strong> the default gateway as the switch.<br />
Task 3: Verify Connectivity<br />
To verify that the hosts <strong>and</strong> switch are correctly configured, ping the switch IP address from the hosts.<br />
Were the pings successful? Yes<br />
If the answer is no, troubleshoot the hosts <strong>and</strong> switch configurations.<br />
Task 4: Record the Host MAC Addresses<br />
Determine <strong>and</strong> record the Layer 2 addresses of the PC network interface cards.<br />
If you are running Windows 98, check using Start > Run > winipcfg. Click More info.<br />
If you are running Windows 2000, check using Start > Run > cmd > ipconfig /all.<br />
PC1: 08-00-46-06-FB-B6 (example; answers will vary)<br />
PC4: 00-08-74-4D-8E-E2 (example; answers will vary)
Task 5: Determine the MAC Addresses that the Switch Has<br />
Learned<br />
Determine the MAC addresses that the switch has learned by using the show mac-address-table comm<strong>and</strong><br />
at the privileged EXEC mode prompt.<br />
ALSwitch#show mac-address-table<br />
How many dynamic addresses exist? 2<br />
How many MAC addresses exist? 6<br />
Do the MAC addresses match the host MAC addresses? They should.<br />
ALSwitch#show mac-address-table<br />
Mac Address Table<br />
—————————————————————-<br />
Vlan Mac Address Type Ports<br />
—— —————- ———— ——-<br />
All 0009.b7f6.61c0 STATIC CPU<br />
All 0100.0ccc.cccc STATIC CPU<br />
All 0100.0ccc.cccd STATIC CPU<br />
All 0100.0cdd.dddd STATIC CPU<br />
1 0008.744d.8ee2 DYNAMIC Fa0/4<br />
1 0800.4606.fbb6 DYNAMIC Fa0/1<br />
Total Mac Addresses for this criterion: 6<br />
Task 6: Determine the mac-address-table Options<br />
Determine the options that the mac-address-table comm<strong>and</strong> has by using the ? option.<br />
ALSwitch(config)#mac-address-table ?<br />
How many options are available for the mac-address-table comm<strong>and</strong>? 3<br />
ALSwitch(config)#mac-address-table ?<br />
aging-time Set MAC address table entry maximum age<br />
notification Enable/Disable MAC Notification on the switch<br />
static static keyword<br />
There is an option to set a static MAC address in the table. Under what circumstances would you use this<br />
option? To add security to your switch.<br />
Task 7: Set Up a Static MAC Address<br />
Set up a static MAC address on Fast Ethernet interface 0/4. Use the address that was recorded for PC4 in<br />
Task 4. The MAC address 00e0.2917.1884 is used in the example statement only.<br />
ALSwitch(config)#mac-address-table static 00e0.2917.1884 interface fastethernet 0/4 vlan 1<br />
1900:<br />
Chapter 6: Catalyst Switch Configuration 273<br />
ALSwitch(config)#mac-address-table permanent 00e0.2917.1884 ethernet 0/4
274 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 8: Verify the Results<br />
Verify the MAC address table entries.<br />
ALSwitch#show mac-address-table<br />
How many MAC addresses exist now? 5<br />
How many static addresses exist? 5<br />
ALSwitch#show mac-address-table<br />
Mac Address Table<br />
—————————————————————-<br />
Vlan Mac Address Type Ports<br />
—— —————- ———— ——-<br />
All 0009.b7f6.61c0 STATIC CPU<br />
All 0100.0ccc.cccc STATIC CPU<br />
All 0100.0ccc.cccd STATIC CPU<br />
All 0100.0cdd.dddd STATIC CPU<br />
1 0008.744d.8ee2 STATIC Fa0/4<br />
Total Mac Addresses for this criterion: 5<br />
Under what circumstances can other static or dynamic learning of addresses occur on switch port 4?<br />
Connecting a hub to that port will enable that to occur.<br />
Task 9: Remove the Static MAC Entry<br />
You might need to reverse the static mac-address-table entry. To do this, enter configuration mode <strong>and</strong><br />
reverse the comm<strong>and</strong> by putting no in front of the entire old comm<strong>and</strong> string. The MAC address<br />
00e0.2917.1884 is used in the example statement only. Use the MAC address that was recorded for the<br />
host on port 0/4.<br />
ALSwitch(config)#no mac-address-table static 00e0.2917.1884 interface<br />
fastethernet 0/4 vlan 1<br />
1900:<br />
ALSwitch(config)#no mac-address-table permanent 00e0.2917.1884<br />
ethernet 0/4
Task 10: Verify the Results<br />
Verify that the static MAC address was cleared.<br />
ALSwitch#show mac-address-table static<br />
ALSwitch#show mac-address-table static<br />
Mac Address Table<br />
—————————————————————-<br />
Vlan Mac Address Type Ports<br />
—— —————- ———— ——-<br />
All 0009.b7f6.61c0 STATIC CPU<br />
All 0100.0ccc.cccc STATIC CPU<br />
All 0100.0ccc.cccd STATIC CPU<br />
All 0100.0cdd.dddd STATIC CPU<br />
1 0008.744d.8ee2 DYNAMIC Fa0/4<br />
1 0800.4606.fbb6 DYNAMIC Fa0/1<br />
Total Mac Addresses for this criterion: 6<br />
How many static MAC addresses exist now? 4<br />
Task 11: Exit the Switch<br />
Step 1. Exit to the switch welcome screen.<br />
Switch#exit<br />
Step 2. Remove <strong>and</strong> store the cables <strong>and</strong> adapter.<br />
Curriculum Lab 6-5: Configuring Port Security (6.2.5)<br />
Figure 6-7 Topology for Lab 6-5<br />
FA0/1 FA0/4<br />
Switch 1<br />
Straight-Through Cable<br />
Rollover (Console) Cable<br />
Chapter 6: Catalyst Switch Configuration 275<br />
Crossover Cable<br />
Serial Cable
276 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Table 6-5 Lab Equipment Configuration<br />
Switch Switch Name VLAN 1 Default Gateway Subnet Mask<br />
Designation IP Address IP Address<br />
Switch 1 ALSwitch 192.168.1.2 192.168.1.1 255.255.255.0<br />
The enable secret password is class.<br />
The enable, VTY, <strong>and</strong> console password is cisco.<br />
Objectives<br />
■ Create <strong>and</strong> verify a basic switch configuration.<br />
■ Configure port security on individual Fast Ethernet ports.<br />
Background/Preparation<br />
Cable a network that is similar to the one in Figure 6-7. The 2950 switch produced the configuration output<br />
in this lab. Another switch might produce different output. Instructions are also provided for the 1900<br />
series switch, which initially displays a User Interface Menu. Select the Comm<strong>and</strong> Line option from the<br />
menu to perform the steps for this lab.<br />
Start a HyperTerminal session.<br />
Implement the procedure documented in Appendix B on all switches before you continue with this lab.<br />
Task 1: Configure the Switch<br />
Configure the hostname <strong>and</strong> passwords, as well as the management VLAN 1 settings for the switch, as<br />
indicated in Table 6-5. If you have problems while performing this configuration, refer to Curriculum<br />
Lab 6-2, “Basic Switch Configuration (6.2.2).”<br />
Task 2: Configure the Hosts Attached to the Switch<br />
Step 1. Configure the hosts to use the same IP subnet for addresses, masks, <strong>and</strong> the default gateway as<br />
the switch.<br />
Step 2. You need a third host for this lab. You must configure this host with the address 192.168.1.7.<br />
The subnet mask is 255.255.255.0 <strong>and</strong> the default gateway is 192.168.1.1. Do not connect this<br />
PC to the switch yet.<br />
Task 3: Verify Connectivity<br />
To verify that the hosts <strong>and</strong> switch are configured correctly, ping the switch IP address from the hosts.<br />
Were the pings successful? Yes<br />
If the answer is no, troubleshoot the hosts <strong>and</strong> switch configurations.<br />
Task 4: Record the Hosts’ MAC Addresses<br />
Determine <strong>and</strong> record the Layer 2 addresses of the PC network interface cards.<br />
If you are running Windows 98, check using Start > Run > winipcfg. Click More info.
If you are running Windows 2000, check using Start > Run > cmd > ipconfig /all.<br />
PC1: 08-00-46-06-FB-B6 (example; answers will vary)<br />
PC4: 00-08-74-4D-8E-E2 (example; answers will vary)<br />
Task 5: Determine the MAC Addresses that the Switch Has<br />
Learned<br />
Determine the MAC addresses that the switch has learned by using the show mac-address-table comm<strong>and</strong><br />
at the privileged EXEC mode prompt.<br />
ALSwitch#show mac-address-table<br />
How many dynamic addresses exist? 2<br />
How many MAC addresses exist? 6<br />
Do the MAC addresses match the host MAC addresses? They should.<br />
ALSwitch#show mac-address-table<br />
Mac Address Table<br />
—————————————————————-<br />
Vlan Mac Address Type Ports<br />
—— —————- ———— ——-<br />
All 0009.b7f6.61c0 STATIC CPU<br />
All 0100.0ccc.cccc STATIC CPU<br />
All 0100.0ccc.cccd STATIC CPU<br />
All 0100.0cdd.dddd STATIC CPU<br />
1 0008.744d.8ee2 DYNAMIC Fa0/4<br />
1 0800.4606.fbb6 DYNAMIC Fa0/1<br />
Total Mac Addresses for this criterion: 6<br />
Task 6: Determine the mac-address-table Options<br />
Determine the options that the mac-address-table comm<strong>and</strong> has by using the ? option.<br />
ALSwitch(config)#mac-address-table ?<br />
ALSwitch(config)#mac-address-table ?<br />
aging-time Set MAC address table entry maximum age<br />
notification Enable/Disable MAC Notification on the switch<br />
static static keyword<br />
Task 7: Set Up a Static MAC Address<br />
Set up a static MAC address on Fast Ethernet interface 0/4. Use the address that was recorded for PC4 in<br />
Task 4. The MAC address 00e0.2917.1884 is used in the example statement only.<br />
ALSwitch(config)#mac-address-table static 00e0.2917.1884 interface<br />
fastethernet 0/4 vlan 1<br />
1900:<br />
ALSwitch(config)#mac-address-table permanent 00e0.2917.1884 ethernet<br />
0/4<br />
Chapter 6: Catalyst Switch Configuration 277
278 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 8: Verify the Results<br />
Verify the MAC address table entries.<br />
ALSwitch#show mac-address-table<br />
How many static addresses exist? 5<br />
ALSwitch#show mac-address-table<br />
Mac Address Table<br />
—————————————————————-<br />
Vlan Mac Address Type Ports<br />
—— —————- ———— ——-<br />
All 0009.b7f6.61c0 STATIC CPU<br />
All 0100.0ccc.cccc STATIC CPU<br />
All 0100.0ccc.cccd STATIC CPU<br />
All 0100.0cdd.dddd STATIC CPU<br />
1 0008.744d.8ee2 STATIC Fa0/4<br />
1 0800.4606.fbb6 DYNAMIC Fa0/1<br />
Total Mac Addresses for this criterion: 6<br />
Task 9: List Port Security Options<br />
Step 1. Determine options for setting port security on interface Fast Ethernet 0/4. Enter switchport<br />
port security ? from the interface configuration prompt for Fast Ethernet port 0/4.<br />
ALSwitch(config)#interface fastethernet 0/4<br />
ALSwitch(config-if)#switchport port-security ?<br />
aging Port-security aging comm<strong>and</strong>s<br />
mac-address Secure mac address<br />
maximum Max secure addresses<br />
violation Security violation mode<br />
<br />
1900:<br />
ALSwitch(config)#interface ethernet 0/4<br />
ALSwitch(config-if)#port secure ?<br />
max-mac-count Maximum number of addresses allowed on the port<br />
<br />
Step 2. Allow the switch port fastethernet 0/4 to accept only one device by using the following comm<strong>and</strong>s:<br />
ALSwitch(config-if)#switchport mode access<br />
ALSwitch(config-if)#switchport port-security<br />
ALSwitch(config-if)#switchport port-security mac-address sticky<br />
1900:<br />
ALSwitch(config-if)#port secure
Task 10: Verify the Results<br />
Step 1. Verify the MAC address table entries.<br />
ALSwitch#show mac-address-table<br />
How are the address types listed for the two MAC addresses?<br />
The entry for Fa0/1 is DYNAMIC but the entry for Fa0/4 is STATIC.<br />
ALSwitch#show mac-address-table<br />
Mac Address Table<br />
—————————————————————-<br />
Vlan Mac Address Type Ports<br />
—— —————- ———— ——-<br />
All 0009.b7f6.61c0 STATIC CPU<br />
All 0100.0ccc.cccc STATIC CPU<br />
All 0100.0ccc.cccd STATIC CPU<br />
All 0100.0cdd.dddd STATIC CPU<br />
1 0008.744d.8ee2 STATIC Fa0/4<br />
1 0800.4606.fbb6 DYNAMIC Fa0/1<br />
Total Mac Addresses for this criterion: 6<br />
Step 2. Show port security settings.<br />
ALSwitch#show port-security<br />
ALSwitch#show port-security<br />
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action<br />
(Count) (Count) (Count)<br />
—————————————————————————————————————-<br />
Fa0/4 1 0 0<br />
Shutdown<br />
—————————————————————————————————————-<br />
Total Addresses in System (excluding one mac per port) : 0<br />
Max Addresses limit in System (excluding one mac per port) : 1024<br />
1900:<br />
ALSwitch#show mac-address-table security<br />
Task 11: Show the Running Configuration File<br />
Do some statements directly reflect the security implementation in the listing of the running configuration?<br />
Yes<br />
What do those statements mean?<br />
Port security is enabled.<br />
interface FastEthernet0/4<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
Chapter 6: Catalyst Switch Configuration 279
280 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 12: Limit the Number of Hosts Per Port<br />
Step 1. On interface fastethernet 0/4, set the port security maximum MAC count to 1.<br />
ALSwitch(config)#interface fastethernet 0/4<br />
ALSwitch(config-if)#switchport port-security maximum 1<br />
1900:<br />
ALSwitch(config)#interface Ethernet 0/4<br />
ALSwitch(config-if)#port secure max-mac-count 1<br />
Step 2. Disconnect the PC that is attached to fastethernet 0/4 <strong>and</strong> connect to that port the PC that has<br />
been given the IP address 192.168.1.7. This PC has not been attached to the switch. To generate<br />
some traffic, you might need to ping the switch address 192.168.1.2.<br />
Record your observations.<br />
Task 13: Configure the Port to Shut Down if a Security Violation<br />
Occurs<br />
Step 1. If a security violation occurs, you should shut down the interface. Make the port security action<br />
shutdown.<br />
2950<br />
ALSwitch(config-if)#switchport port-security violation shutdown<br />
1900:<br />
ALSwitch(config-if)#port security action shutdown<br />
In addition to shutdown, what other violation options are available with port security?<br />
protect, restrict<br />
Step 2. If necessary, ping the switch address 192.168.1.2 from the PC 192.168.1.7 that is now connected<br />
to interface fastethernet 0/4. This ensures that there is traffic from the PC to the switch.<br />
Record your observations.<br />
The ping was successful.<br />
Task 14: Show Port 0/4 Configuration Information<br />
To see the configuration information for Fast Ethernet port 0/4, enter show interface fastethernet 0/4 at<br />
the privileged EXEC mode prompt.<br />
ALSwitch#show interface fastethernet 0/4<br />
1900:<br />
ALSwitch#show interface ethernet 0/4<br />
What is the state of this interface?<br />
Fast Ethernet 0/4 is UP, <strong>and</strong> line protocol is UP.<br />
ALSwitch#show interface fastethernet 0/4<br />
FastEthernet0/4 is up, line protocol is up (connected)<br />
Hardware is Fast Ethernet, address is 000a.b772.2b44 (bia
000a.b772.2b44)<br />
MTU 1500 bytes, BW 100000 Kbit, DLY 1000 usec,<br />
reliability 255/255, txload 1/255, rxload 1/255<br />
Encapsulation ARPA, loopback not set<br />
Keepalive set (10 sec)<br />
Full-duplex, 100Mb/s<br />
input flow-control is off, output flow-control is off<br />
ARP type: ARPA, ARP Timeout 04:00:00<br />
Last input 00:00:00, output 00:00:01, output hang never<br />
Last clearing of “show interface” counters never<br />
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0<br />
Queueing strategy: fifo<br />
Output queue :0/40 (size/max)<br />
5 minute input rate 0 bits/sec, 0 packets/sec<br />
5 minute ouxtput rate 0 bits/sec, 0 packets/sec<br />
161 packets input, 19257 bytes, 0 no buffer<br />
Received 137 broadcasts, 0 runts, 0 giants, 0 throttles<br />
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored<br />
0 watchdog, 5 multicast, 0 pause input<br />
0 input packets with dribble condition detected<br />
349 packets output, 29399 bytes, 0 underruns<br />
0 output errors, 0 collisions, 2 interface resets<br />
0 babbles, 0 late collision, 0 deferred<br />
0 lost carrier, 0 no carrier, 0 PAUSE output<br />
0 output buffer failures, 0 output buffers swapped out<br />
Task 15: Reactivate the Port<br />
Step 1. If a security violation occurs <strong>and</strong> the port is shut down, use the no shutdown comm<strong>and</strong> to<br />
reactivate it.<br />
Step 2. Try this a few times, switching between the original port 0/4 host <strong>and</strong> the new one. Plug in the<br />
original host, enter the no shutdown comm<strong>and</strong> on the interface, <strong>and</strong> ping by using the DOS<br />
window. You have to repeat the ping multiple times or use the ping 192.168.1.2 -n 200 comm<strong>and</strong>.<br />
This sets the number of ping packets to 200 instead of 4. Then, switch hosts <strong>and</strong> try<br />
again.<br />
Task 16: Exit the Switch<br />
Step 1. Exit to the switch welcome screen.<br />
Switch#exit<br />
Step 2. Remove <strong>and</strong> store the cables <strong>and</strong> adapter.<br />
Chapter 6: Catalyst Switch Configuration 281
282 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Curriculum Lab 6-6: Add, Move, <strong>and</strong> Change MAC<br />
Addresses (6.2.6)<br />
Figure 6-8 Topology for Lab 6-6<br />
Table 6-6 Lab Equipment Configuration<br />
Switch Switch Name VLAN 1 Default Gateway Subnet Mask<br />
Designation IP Address IP Address<br />
Switch 1 ALSwitch 192.168.1.2 192.168.1.1 255.255.255.0<br />
The enable secret password is class.<br />
The enable, VTY, <strong>and</strong> console password is cisco.<br />
Objectives<br />
■ Create <strong>and</strong> verify a basic switch configuration.<br />
■ Move a PC from one switch port to another <strong>and</strong> add a new PC to the switch.<br />
Background/Preparation<br />
Cable a network that is similar to the one in Figure 6-8. The 2950 switch produced the configuration output<br />
in this lab. Another switch might produce different output. Instructions are also provided for the 1900<br />
series switch, which initially displays a User Interface Menu. Select the Comm<strong>and</strong> Line option from the<br />
menu to perform the steps for this lab.<br />
Start a HyperTerminal session.<br />
FA0/1 FA0/4<br />
Switch 1<br />
Straight-Through Cable<br />
Rollover (Console) Cable<br />
Crossover Cable<br />
Serial Cable<br />
Implement the procedure documented in Appendix B before you continue with this lab.
Task 1: Configure the Switch<br />
Configure the hostname <strong>and</strong> passwords, as well as the management VLAN 1 settings for the switch, as<br />
indicated in Table 6-6. If you have problems while performing this configuration, refer to Curriculum<br />
Lab 6-2, “Basic Switch Configuration (6.2.2).”<br />
Task 2: Configure the Hosts Attached to the Switch<br />
Step 1. Configure the hosts to use the same IP subnet for addresses, masks, <strong>and</strong> the default gateway as<br />
the switch.<br />
Step 2. You need a third host for this lab. You must configure it with the address 192.168.1.7. The subnet<br />
mask is 255.255.255.0 <strong>and</strong> the default gateway is 192.168.1.1. Do not connect this PC to<br />
the switch yet.<br />
Task 3: Verify Connectivity<br />
To verify that the hosts <strong>and</strong> switch are correctly configured, ping the switch IP address from the hosts.<br />
Were the pings successful? Yes<br />
If the answer is no, troubleshoot the hosts <strong>and</strong> switch configurations.<br />
Task 4: Record the Hosts’ MAC Addresses<br />
Determine <strong>and</strong> record the Layer 2 addresses of the PC network interface cards.<br />
If you are running Windows 98, check using Start > Run > winipcfg. Click More info.<br />
If you are running Windows 2000, check using Start > Run > cmd > ipconfig /all.<br />
PC1: 08-00-46-06-FB-B6 (example; answers will vary)<br />
PC4: 00-08-74-4D-8E-E2 (example; answers will vary)<br />
Task 5: Determine the MAC Addresses that the Switch Has<br />
Learned<br />
Determine the MAC addresses that the switch has learned by using the show mac-address-table comm<strong>and</strong><br />
at the privileged EXEC mode prompt.<br />
ALSwitch#show mac-address-table<br />
How many dynamic addresses exist? 2<br />
How many MAC addresses exist? 6<br />
Do the MAC addresses match the host MAC addresses? They should.<br />
ALSwitch#show mac-address-table<br />
Mac Address Table<br />
Chapter 6: Catalyst Switch Configuration 283
284 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
—————————————————————-<br />
Vlan Mac Address Type Ports<br />
—— —————- ———— ——-<br />
All 0009.b7f6.61c0 STATIC CPU<br />
All 0100.0ccc.cccc STATIC CPU<br />
All 0100.0ccc.cccd STATIC CPU<br />
All 0100.0cdd.dddd STATIC CPU<br />
1 0008.744d.8ee2 DYNAMIC Fa0/4<br />
1 0800.4606.fbb6 DYNAMIC Fa0/1<br />
Total Mac Addresses for this criterion: 6<br />
Task 6: Determine the mac-address-table Options<br />
Determine the options that the mac-address-table comm<strong>and</strong> has by using the ? option.<br />
ALSwitch(config)#mac-address-table ?<br />
ALSwitch(config)#mac-address-table ?<br />
aging-time Set MAC address table entry maximum age<br />
notification Enable/Disable MAC Notification on the switch<br />
static static keyword<br />
Task 7: Set Up a Static MAC Address<br />
Set up a static MAC address on Fast Ethernet interface 0/4. Use the address that was recorded for PC4 in<br />
Step 4. The MAC address 00e0.2917.1884 is used in the example statement only.<br />
ALSwitch(config)#mac-address-table static 00e0.2917.1884 interface<br />
fastethernet 0/4 vlan 1<br />
1900:<br />
ALSwitch(config)#mac-address-table permanent 00e0.2917.1884 ethernet<br />
0/4<br />
Task 8: Verify the Results<br />
Verify the MAC address table entries.<br />
ALSwitch#show mac-address-table<br />
How many static addresses exist? 5<br />
ALSwitch#show mac-address-table<br />
Mac Address Table<br />
—————————————————————-<br />
Vlan Mac Address Type Ports<br />
—— —————- ———— ——-<br />
All 0009.b7f6.61c0 STATIC CPU<br />
All 0100.0ccc.cccc STATIC CPU<br />
All 0100.0ccc.cccd STATIC CPU
All 0100.0cdd.dddd STATIC CPU<br />
1 0008.744d.8ee2 STATIC Fa0/4<br />
1 0800.4606.fbb6 DYNAMIC Fa0/1<br />
Total Mac Addresses for this criterion: 6<br />
Task 9: List Port Security Options<br />
Step 1. Determine options for setting port security on interface Fast Ethernet 0/4. Enter switchport<br />
port security ? from the interface configuration prompt for Fast Ethernet port 0/4.<br />
ALSwitch(config)#interface fastethernet 0/4<br />
ALSwitch(config-if)#port security ?<br />
aging Port-security aging comm<strong>and</strong>s<br />
mac-address Secure mac address<br />
maximum Max secure addrs<br />
violation Security Violation Mode<br />
<br />
1900:<br />
ALSwitch(config)#interface ethernet 0/4<br />
ALSwitch(config-if)#port secure ?<br />
max-mac-count Maximum number of addresses allowed on the port<br />
<br />
Step 2. Allow the switch port Fast Ethernet 0/4 to accept only one device by using the following comm<strong>and</strong>s:<br />
ALSwitch(config-if)#switchport mode access<br />
ALSwitch(config-if)#switchport port-security<br />
ALSwitch(config-if)#switchport port-security mac-address sticky<br />
1900:<br />
ALSwitch(config-if)#port secure<br />
Task 10: Verify the Results<br />
Verify the MAC address table entries.<br />
ALSwitch#show mac-address-table<br />
How are the address types listed for the two MAC addresses?<br />
1 static <strong>and</strong> 1 dynamic<br />
ALSwitch#show mac-address-table<br />
Mac Address Table<br />
—————————————————————-<br />
Vlan Mac Address Type Ports<br />
—— —————- ———— ——-<br />
All 0009.b7f6.61c0 STATIC CPU<br />
All 0100.0ccc.cccc STATIC CPU<br />
All 0100.0ccc.cccd STATIC CPU<br />
All 0100.0cdd.dddd STATIC CPU<br />
Chapter 6: Catalyst Switch Configuration 285
286 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
1 0008.744d.8ee2 STATIC Fa0/4<br />
1 0800.4606.fbb6 DYNAMIC Fa0/1<br />
Total Mac Addresses for this criterion: 6<br />
Task 11: Show the Running Configuration File<br />
In the listing of the running configuration, do some statements directly reflect the security implementation?<br />
Yes<br />
What do those statements mean?<br />
Port security is enabled.<br />
interface FastEthernet0/4<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
Task 12: Limit the Number of Hosts Per Port<br />
Step 1. On interface Fast Ethernet 0/4, set the port security maximum MAC count to 1.<br />
ALSwitch(config)#interface fastethernet 0/4<br />
ALSwitch(config-if)#switchport port-security maximum 1<br />
1900:<br />
ALSwitch(config)#interface ethernet 0/4<br />
ALSwitch(config-if)#port secure max-mac-count 1<br />
Step 2. Disconnect the PC that is attached to Fast Ethernet 0/4 <strong>and</strong> connect to that port the PC that has<br />
been given the IP address 192.168.1.7. This PC has not been attached to the switch. To generate<br />
some traffic, ping the switch address 192.168.1.2 with the -n 50 option. For example, use<br />
ping 192.168.1.2 -n 50, where 50 is the number of pings sent.<br />
Task 13: Move Host<br />
Step 1. Reconnect the PC that had previously been connected to Fast Ethernet 0/4 to Fast Ethernet 0/8.<br />
The PC has been moved to a new location. This could be to another VLAN, but in this<br />
instance, all switch ports are in VLAN 1 <strong>and</strong> network 192.168.1.0.<br />
Step 2. From this PC on Fast Ethernet 0/8, ping 192.168.1.2 -n 50.<br />
Was this successful? Yes<br />
Why or why not?<br />
No port security is enabled.<br />
Step 3. Show the MAC address table.<br />
ALSwitch#show mac-address-table
Step 4. Record the VLAN 1 MAC addresses that are displayed.<br />
ALSwitch#show mac-address-table<br />
Mac Address Table<br />
—————————————————————-<br />
Vlan Mac Address Type Ports<br />
—— —————- ———— ——-<br />
All 0009.b7f6.61c0 STATIC CPU<br />
All 0100.0ccc.cccc STATIC CPU<br />
All 0100.0ccc.cccd STATIC CPU<br />
All 0100.0cdd.dddd STATIC CPU<br />
1 0008.744d.8ee2 STATIC Fa0/4<br />
1 0800.4606.fbb6 DYNAMIC Fa0/1<br />
Total Mac Addresses for this criterion: 6<br />
Task 14: Clear the MAC Address Table<br />
Step 1. Clear the MAC address table. Doing so unlocks the MAC addresses from security <strong>and</strong> allows a<br />
new address to be registered.<br />
ALSwitch#clear mac-address-table dynamic<br />
Step 2. From the PC on the Fast Ethernet 0/8, ping 192.168.1.2 -n 50.<br />
Was this successful? Yes<br />
Step 3. If not, troubleshoot as necessary.<br />
Task 15: Change the Security Settings<br />
Step 1. Show the MAC address table.<br />
ALSwitch#show mac-address-table<br />
Step 2. Observe that Fast Ethernet 0/4 is secure but that the security should be applied to the machine<br />
on port 0/8 because that is the machine that was moved form port 0/4. Remove port security<br />
from interface Fast Ethernet 0/4.<br />
ALSwitch(config)#interface fastethernet 0/4<br />
ALSwitch(config-if)#no switchport port-security<br />
ALSwitch(config-if)#no switchport port-security mac-address sticky<br />
ALSwitch(config-if)#no switchport port-security mac-address sticky<br />
0008.744d.8ee2<br />
ALSwitch(config-if)#shutdown<br />
ALSwitch(config-if)#no shutdown<br />
1900:<br />
ALSwitch(config)#interface ethernet 0/4<br />
ALSwitch(config-if)#no port secure<br />
Chapter 6: Catalyst Switch Configuration 287
288 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Step 3. Apply port security with a max-mac-count of 1 to interface Fast Ethernet 0/8.<br />
ALSwitch(config)#interface fastethernet 0/8<br />
ALSwitch(config-if)#switchport mode access<br />
ALSwitch(config-if)#switchport port-security<br />
ALSwitch(config-if)#switchport port-security mac-address sticky<br />
ALSwitch(config-if)#switchport port-security maximum 1<br />
1900:<br />
ALSwitch(config)#interface ethernet 0/8<br />
ALSwitch(config-if)#port secure max-mac-count 1<br />
Step 4. Clear the MAC address table.<br />
Note: You also could have cleared individual entries.<br />
ALSwitch#clear mac-address-table dynamic<br />
Task 16: Verify the Results<br />
Verify that the MAC address table has been cleared.<br />
ALSwitch#show mac-address-table<br />
Can all PCs still successfully ping each other? Yes<br />
If not, troubleshoot the switch <strong>and</strong> PCs.<br />
ALSwitch#show mac-address-table<br />
Mac Address Table<br />
—————————————————————-<br />
Vlan Mac Address Type Ports<br />
—— —————- ———— ——-<br />
All 0009.b7f6.61c0 STATIC CPU<br />
All 0100.0ccc.cccc STATIC CPU<br />
All 0100.0ccc.cccd STATIC CPU<br />
All 0100.0cdd.dddd STATIC CPU<br />
1 0008.744d.8ee2 STATIC Fa0/8<br />
1 00b0.d026.6ab5 DYNAMIC Fa0/4<br />
1 0800.4606.fbb6 DYNAMIC Fa0/1<br />
Total Mac Addresses for this criterion: 6
Task 17: Exit the Switch<br />
Step 1. Exit to the switch welcome screen.<br />
Switch#exit<br />
Step 2. Remove <strong>and</strong> store the cables <strong>and</strong> adapter.<br />
Curriculum Lab 6-7: Managing Switch Operating System<br />
Files (6.2.7a)<br />
Figure 6-9 Topology for Lab 6-7<br />
Table 6-7 Lab Equipment Configuration<br />
Switch Designation Switch Name VLAN 1 IP Address Default Gateway IP Address<br />
Switch 1 ALSwitch 192.168.1.2 192.168.1.1<br />
The enable secret password is class.<br />
The enable, VTY, <strong>and</strong> console password is cisco.<br />
The subnet mask is 255.255.255.0.<br />
Objectives<br />
■ Create <strong>and</strong> verify a basic switch configuration.<br />
■ Back up the switch IOS to a TFTP server <strong>and</strong> then restore it.<br />
Background/Preparation<br />
Cable a network that is similar to the one in Figure 6-9. The 2950 switch produced the configuration output<br />
in this lab. Another switch might produce different output. Instructions are also provided for the 1900<br />
series switch, which initially displays a User Interface Menu. Select the Comm<strong>and</strong> Line option from the<br />
menu to perform the steps for this lab.<br />
Start a HyperTerminal session.<br />
Straight-Through Cable<br />
Rollover (Console) Cable<br />
Chapter 6: Catalyst Switch Configuration 289<br />
Implement the procedure documented in Appendix B before you continue with this lab.<br />
FA0/1<br />
Crossover Cable<br />
Serial Cable
290 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 1: Configure the Switch<br />
Configure the hostname <strong>and</strong> passwords, as well as the management VLAN 1 settings for the switch, as<br />
indicated in Table 6-7. If you have problems while performing this configuration, refer to Curriculum<br />
Lab 6-2, “Basic Switch Configuration (6.2.2).”<br />
Task 2: Configure the Host that Is Attached to the Switch<br />
Configure the host to use the same subnet for addresses, masks, <strong>and</strong> the default gateway as the switch.<br />
This host will act as the TFTP server in this lab. Be sure to take note of the IP address that is assigned.<br />
Task 3: Verify Connectivity<br />
To verify that the host <strong>and</strong> switch are configured correctly, ping the switch IP address from the host.<br />
Was the ping successful? Yes<br />
If the answer is no, troubleshoot the host <strong>and</strong> switch configurations.<br />
Task 4: Start <strong>and</strong> Configure the Cisco TFTP Server<br />
Step 1. The TFTP server that is indicated in Figure 6-10 might not be the same one that is used in this<br />
classroom. Please check with the instructor for the operating instructions for the TFTP server<br />
that is used in place of the Cisco TFTP server.<br />
Figure 6-10 TFTP Server Startup
Step 2. After the TFTP server is running <strong>and</strong> shows the proper address configured on the workstation,<br />
proceed to the actual copying of the Cisco IOS Software image file to the switch.<br />
Task 5: Copy the IOS Image to the TFTP Server (1900: Skip to<br />
Step 9)<br />
Step 1. Before you try to copy the files, verify that the TFTP server is running.<br />
What is the IP address of the TFTP server? 192.168.1.10<br />
Step 2. From the console session, enter show flash.<br />
What is the name <strong>and</strong> length of the IOS image that is stored in Flash memory?<br />
c2950-i6q4l2-mz.121-9.EA1.bin, 2,490,607 bytes (answers will vary)<br />
What attributes can you identify from codes in the IOS filename?<br />
Version 12.1(9)EA1 (answers will vary)<br />
ALSwitch#show flash<br />
Directory of flash:/<br />
2 -rwx 2490607 Mar 1 1993 02:23:28 +00:00 c2950-i6q4l2-mz.121-<br />
9.EA1<br />
a.bin<br />
3 -rwx 269 Jan 1 1970 00:01:45 +00:00 env_vars<br />
4 -rwx 1278 Mar 1 1993 00:10:01 +00:00 config.text<br />
5 -rwx 5 Mar 1 1993 00:10:01 +00:00 private-config.text<br />
6 -rwx 17 Mar 1 1993 02:00:21 +00:00 testfile.txt<br />
7 drwx 2688 Mar 1 1993 02:25:45 +00:00 html<br />
19 -rwx 110 Mar 1 1993 02:21:13 +00:00 info<br />
20 -rwx 110 Mar 1 1993 02:25:48 +00:00 info.ver<br />
2494816 bytes total (580096 bytes free)<br />
Step 3. From the console session in privileged EXEC mode, enter the copy flash tftp comm<strong>and</strong>. At the<br />
prompt, enter the IP address of the TFTP server.<br />
ALSwitch#copy flash tftp<br />
Source filename []?c2950-i6q4l2-mz.121-9.EA1.bin<br />
Address or name of remote host []? 192.168.1.10<br />
Destination filename [c2950-i6q4l2-mz.121-9.EA1.bin]?<br />
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br />
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br />
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br />
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br />
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br />
2490607 bytes copied in 19.378 secs (94924 bytes/sec)<br />
ALSwitch#<br />
Task 6: Verify the Transfer to the TFTP Server<br />
Chapter 6: Catalyst Switch Configuration 291<br />
Step 1. Verify the transfer by choosing View > Log File to check the TFTP server log file. The output<br />
should look something like the following:<br />
Mon Sep 19 14:10:08 2005: Receiving ‘c2950-i6q4l2-mz.121-9.EA1.bin’ in binary<br />
mode<br />
Mon Sep 19 14:11:14 2005: Successful.
292 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Step 2. Verify the Flash image size in the TFTP server directory. To locate it, choose View > Options.<br />
This shows the TFTP server root directory. It should be similar to the following, unless the<br />
default directories were changed:<br />
C:\Program Files\Cisco Systems\Cisco TFTP Server<br />
Step 3. Locate this directory by using File Manager <strong>and</strong> look at the detail listing of the file. The file<br />
length in the show flash comm<strong>and</strong> should be the same file size as the file stored on the TFTP<br />
server. If the file sizes are not identical, check with your instructor.<br />
Task 7: Copy the IOS Image from the TFTP Server<br />
Step 1. Now that the IOS image is backed up, the image must be tested <strong>and</strong> the IOS image must be<br />
restored to the switch. Verify again that the TFTP server is running, is sharing a network with<br />
the switch, <strong>and</strong> can be reached by pinging the TFTP server IP address.<br />
Record the IP address of the TFTP server. 192.168.1.10<br />
Step 2. Start the actual copying, from the privileged EXEC prompt. Do not interrupt the process!<br />
ALSwitch#copy tftp flash<br />
Address or name of remote host []? 192.168.1.10<br />
Source filename []? c2950-i6q4I2-mz.121-9.EA1.bin<br />
Destination filename [c2950-i6q4I2-mz.121-9.EA1.bin]?[Enter]<br />
%Warning:There is a file already existing with this name<br />
Do you want to over write? [confirm][Enter]<br />
Accessing tftp://192.168.1.10/c2950-i6q4I2-mz.121-9.EA1.bin...<br />
Loading c2950-i6q4I2-mz.121-9.EA1.bin from 192.168.1.10 (via VLAN1):<br />
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br />
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br />
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br />
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br />
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br />
[OK - 2490607 bytes]<br />
2490607 bytes copied in 80.986 secs (22544 bytes/sec)<br />
ALSwitch#<br />
The switch might prompt you to overwrite Flash. Will the image fit in available Flash? Yes<br />
What is the size of the file that is being loaded? 2490607<br />
What happened on the switch console screen as the file was being downloaded?<br />
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br />
Was the verification successful? Yes<br />
Was the whole operation successful? Yes<br />
Task 8: Test the Restored IOS Image<br />
Step 1. To verify that the switch IOS image is correct, cycle the switch power <strong>and</strong> observe the startup<br />
process to confirm that there were no Flash errors. If there were no errors, then the switch’s<br />
IOS image should have started correctly. Also, to further verify the IOS image in Flash, issue<br />
the show version comm<strong>and</strong>, which shows output similar to the following:<br />
System image file is “flash:/c2950-i6q4I2-mz.121-9.EA1.bin”<br />
ALSwitch#show version<br />
Cisco Internetwork Operating System Software<br />
IOS (tm) C2950 Software (C2950-I6Q4I2), Version 12.1(9)EA1, RELEASE SOFTWARE
(fc1)<br />
Copyright 1986-2004 by cisco Systems, Inc.<br />
Compiled Mon 19-Apr-04 20:58 by yenanh<br />
Image text-base: 0x80010000, data-base: 0x805A8000<br />
ROM: Bootstrap program is C2950 boot loader<br />
ALSwitch uptime is 1 hour, 19 minutes<br />
System returned to ROM by power-on<br />
System image file is “flash:/c2950-i6q4l2.121-9.EA1.bin”<br />
cisco WS-C2950-24 (RC32300) processor (revision G0) with 20713K bytes of memory.<br />
Processor board ID FHK0651Y0KA<br />
Last reset from system-reset<br />
Running St<strong>and</strong>ard Image<br />
24 FastEthernet/IEEE 802.3 interface(s)<br />
32K bytes of flash-simulated non-volatile configuration memory.<br />
Base ethernet MAC Address: 00:0B:BE:7F:ED:40<br />
Motherboard assembly number: 73-5781-11<br />
Power supply part number: 34-0965-01<br />
Motherboard serial number: FOC06500SRB<br />
Power supply serial number: DAB06498VHC<br />
Model revision number: G0<br />
Motherboard revision number: A0<br />
Model number: WS-C2950-24<br />
System serial number: FHK0651Y0KA<br />
Configuration register is 0xF<br />
Step 2. Exit to the switch welcome screen.<br />
Switch#exit<br />
Step 3. Remove <strong>and</strong> store the cables <strong>and</strong> adapter.<br />
Task 9: Procedure for 1900 Switch Firmware Upgrade Using TFTP<br />
Step 1. Select option F to go to the Firmware Configuration menu from the Main Menu. An example<br />
of the Firmware Configuration menu follows:<br />
Catalyst 1900 - Firmware Configuration<br />
Chapter 6: Catalyst Switch Configuration 293<br />
——————————- System Information —————————————<br />
FLASH: 1024K bytes<br />
V8.01.00 : Enterprise Edition<br />
Upgrade status:<br />
No upgrade currently in progress.<br />
——————————- Settings ——————————————————<br />
[S] TFTP Server name or IP address 192.168.1.3<br />
[F] Filename for firmware upgrades cat1900.bin<br />
[A] Accept upgrade transfer from other hosts Enabled
294 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
——————————- Actions ——————————————————-<br />
[U] System XMODEM upgrade [D] Download test subsystem<br />
(XMODEM)<br />
[T] System TFTP upgrade [X] Exit to Main Menu<br />
Step 2. Ensure that the switch firmware upgrade file is available on the TFTP server in the default<br />
directory. The file can be copied from another networking device or computer or it can be<br />
downloaded to the server from an appropriate website.<br />
Step 3. Select option S from the Firmware Configuration menu <strong>and</strong> enter the IP address of the server<br />
where the switch upgrade file is located.<br />
Step 4. Select option F from the Firmware Configuration menu <strong>and</strong> enter the name of the firmwareupgrade<br />
file.<br />
Step 5. Select T from the Firmware Configuration menu to initiate the upgrade.<br />
Step 6. Verify that the upgrade is in progress by checking the Upgrade Status field of the Firmware<br />
Configuration menu. If the upgrade is in progress, the field reads “in-progress.”<br />
Step 7. When the transfer is complete, the switch resets automatically <strong>and</strong> executes the newly downloaded<br />
firmware.<br />
Caution: During the transfer of the upgrade file, the switch might not respond to comm<strong>and</strong>s for as long as 1 minute.<br />
This is normal <strong>and</strong> correct. If you interrupt the transfer by turning the switch off <strong>and</strong> on, the firmware could be corrupted.<br />
Curriculum Lab 6-8: Managing Switch Startup<br />
Configuration Files (6.2.7b)<br />
Figure 6-11 Topology for Lab 6-8<br />
Straight-Through Cable<br />
Rollover (Console) Cable<br />
FA0/1<br />
Crossover Cable<br />
Serial Cable
Table 6-8 Lab Equipment Configuration<br />
Switch Designation Switch Name VLAN 1 IP Address Default Gateway<br />
IP Address<br />
Switch 1 ALSwitch 192.168.1.2 192.168.1.1<br />
The enable secret password is class.<br />
The enable, VTY, <strong>and</strong> console password is cisco.<br />
The subnet mask is 255.255.255.0.<br />
Objectives<br />
■ Create <strong>and</strong> verify a basic switch configuration.<br />
■ Back up the switch startup configuration file to a TFTP server <strong>and</strong> then restore it.<br />
Background/Preparation<br />
Cable a network that is similar to the one in Figure 6-11. The 2950 switch produced the configuration output<br />
in this lab. Another switch might produce different output. Instructions are also provided for the 1900<br />
series switch, which initially displays a User Interface Menu. Select the Comm<strong>and</strong> Line option from the<br />
menu to perform the steps for this lab.<br />
Start a HyperTerminal session.<br />
Implement the procedure documented in Appendix B before you continue with this lab.<br />
Task 1: Configure the Switch<br />
Configure the hostname <strong>and</strong> passwords, as well as the management VLAN 1 settings for the switch, as<br />
indicated in Table 6-8. If you have problems while performing this configuration, refer to Curriculum<br />
Lab 6-2, “Basic Switch Configuration (6.2.2).”<br />
Task 2: Configure the Host that Is Attached to the Switch<br />
Configure the host to use the same subnet for addresses, masks, <strong>and</strong> the default gateway as the switch.<br />
This host will act as the TFTP server in this lab. Be sure to take note of the IP address that is assigned.<br />
Task 3: Verify Connectivity<br />
To verify that the host <strong>and</strong> switch are correctly configured, ping the switch IP address from the host.<br />
Was the ping successful? Yes<br />
If the answer is no, troubleshoot the host <strong>and</strong> switch configurations.<br />
Task 4: Start <strong>and</strong> Configure the Cisco TFTP Server<br />
Chapter 6: Catalyst Switch Configuration 295<br />
Step 1. The TFTP server that is indicated in Figure 6-12 might not be the same one that is used in this<br />
classroom. Please check with the instructor for the operating instructions for the TFTP server<br />
that is used in place of the Cisco TFTP server.
296 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Figure 6-12 TFTP Server Startup<br />
Step 2. After the TFTP server is running <strong>and</strong> shows the proper address configured on the workstation,<br />
proceed to the copying of the configuration file to the switch.<br />
Task 5: Copy the Startup Configuration File to the TFTP Server<br />
Step 1. Before you try to copy the files, verify that the TFTP server is running.<br />
What is the IP address of the TFTP server? 192.168.1.10<br />
Step 2. From the console session, enter show flash.<br />
For a 2900 switch, use the comm<strong>and</strong> dir flash:.<br />
Note: This function is not supported on the 1900 switch.<br />
What is the name <strong>and</strong> length of the startup configuration image that is stored in Flash?<br />
config.text, 1278 bytes<br />
ALSwitch#show flash<br />
Directory of flash:/<br />
2 -rwx 2490607 Mar 1 1993 02:23:28 +00:00 c2950-i6q4l2-mz.121-<br />
9.EA1<br />
a.bin<br />
3 -rwx 269 Jan 1 1970 00:01:45 +00:00 env_vars<br />
4 -rwx 1278 Mar 1 1993 00:10:01 +00:00 config.text<br />
5 -rwx 5 Mar 1 1993 00:10:01 +00:00 private-config.text<br />
6 -rwx 17 Mar 1 1993 02:00:21 +00:00 testfile.txt<br />
7 drwx 2688 Mar 1 1993 02:25:45 +00:00 html<br />
19 -rwx 110 Mar 1 1993 02:21:13 +00:00 info<br />
20 -rwx 110 Mar 1 1993 02:25:48 +00:00 info.ver<br />
2494816 bytes total (580096 bytes free)
Step 3. From the console session in privileged EXEC mode, enter copy running-config startup-config<br />
to make sure that the running configuration file is saved to the startup configuration file.<br />
Then, enter the copy startup-config tftp comm<strong>and</strong>. At the prompt, enter the IP address of the<br />
TFTP server.<br />
ALSwitch#copy running-config startup-config<br />
Destination filename [startup-config]?[Enter]<br />
Building configuration...<br />
[OK]<br />
ALSwitch#copy startup-config tftp<br />
Address or name of remote host []? 192.168.1.10<br />
Destination filename [alswitch-confg]?[Enter]<br />
!!<br />
1278 bytes copied in 1.60 secs (744 bytes/sec)<br />
ALSwitch#<br />
Step 4. For the 1900 switch, use the following to copy the switch configuration file to a TFTP server:<br />
ALSwitch#copy nvram tftp://192.168.1.3/alswitch-config<br />
Configuration upload is successfully completed<br />
Task 6: Verify the Transfer to the TFTP Server<br />
Step 1. Verify the transfer by choosing View > Log File to check the TFTP server log file. The output<br />
should look something like the following:<br />
Mon Sep 19 14:10:08 2005: Receiving ‘alswitch.confg’ file from 192.168.1.2 in<br />
binary mode<br />
Mon Sep 19 14:11:14 2005: Successful.<br />
Step 2. Verify the Flash image size in the TFTP server directory. To locate it, choose View > Options.<br />
This shows the TFTP server root directory. It should be similar to the following, unless the<br />
default directories were changed:<br />
C:\Program Files\Cisco Systems\Cisco TFTP Server<br />
Step 3. Locate this directory by using File Manager <strong>and</strong> look at the detail listing of the file. The file<br />
length in the show flash comm<strong>and</strong> should be the same file size as the file that is stored on the<br />
TFTP server. If the file sizes are not identical, check with your instructor.<br />
Task 7: Restore the Startup Configuration File from the TFTP<br />
Server<br />
Step 1. Erase the switch startup configuration file.<br />
Step 2. Reconfigure the file with just the VLAN 1 IP address of 192.168.1.2 255.255.255.0.<br />
Step 3. Enter the comm<strong>and</strong> copy tftp startup-config at the privileged EXEC mode prompt. Do not<br />
interrupt the process!<br />
Switch#copy tftp startup-config<br />
Address or name of remote host []? 192.168.1.10<br />
Source filename []? alswitch-confg<br />
Destination filename [startup-config]?<br />
Accessing tftp://192.168.1.10/alswitch-confg...<br />
Loading alswitch-confg from 192.168.1.10 (via VLAN1): !<br />
Chapter 6: Catalyst Switch Configuration 297
298 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
[OK - 744 bytes]<br />
[OK]<br />
1278 bytes copied in 0.100 secs<br />
Switch#<br />
Was the operation successful? Yes<br />
Step 4. For the 1900 switch, use the following to copy the switch configuration file to a TFTP server:<br />
ALSwitch#copy tftp://192.168.1.10/alswitch-config nvram<br />
TFTP successfully downloaded configuration file<br />
Task 8: Test the Restored Startup Configuration Image (Not<br />
Supported on the 1900)<br />
Step 1. To verify that the switch image is correct, cycle the switch power <strong>and</strong> observe the switch prompt.<br />
If it has returned to the name that was assigned to it in the original configuration, the restoration<br />
is complete. Enter the comm<strong>and</strong> show startup-config to see the restored configuration.<br />
ALSwitch#show startup-config<br />
Using 1278 out of 32768 bytes<br />
!<br />
version 12.1<br />
no service pad<br />
service timestamps debug uptime<br />
service timestamps log uptime<br />
no service password-encryption<br />
!<br />
hostname ALSwitch<br />
!<br />
enable secret 5 $1$Oi07$I3c8fVXNd3wvifcRVulG2.<br />
enable password cisco<br />
!<br />
ip subnet-zero<br />
!<br />
!<br />
spanning-tree mode pvst<br />
no spanning-tree optimize bpdu transmission<br />
spanning-tree extend system-id<br />
!<br />
!<br />
!<br />
!<br />
interface FastEthernet0/1<br />
!<br />
interface FastEthernet0/2<br />
!<br />
interface FastEthernet0/3<br />
!<br />
interface FastEthernet0/4<br />
!<br />
interface FastEthernet0/5<br />
!<br />
interface FastEthernet0/6
!<br />
interface FastEthernet0/7<br />
!<br />
interface FastEthernet0/8<br />
!<br />
interface FastEthernet0/9<br />
!<br />
interface FastEthernet0/10<br />
!<br />
interface FastEthernet0/11<br />
!<br />
interface FastEthernet0/12<br />
!<br />
interface FastEthernet0/13<br />
!<br />
interface FastEthernet0/14<br />
!<br />
interface FastEthernet0/15<br />
!<br />
interface FastEthernet0/16<br />
!<br />
interface FastEthernet0/17<br />
!<br />
interface FastEthernet0/18<br />
!<br />
interface FastEthernet0/19<br />
!<br />
interface FastEthernet0/20<br />
!<br />
interface FastEthernet0/21<br />
!<br />
interface FastEthernet0/22<br />
!<br />
interface FastEthernet0/23<br />
!<br />
interface FastEthernet0/24<br />
!<br />
interface Vlan1<br />
!<br />
ip address 192.168.1.2 255.255.255.0<br />
no ip route-cache<br />
shutdown<br />
ip default-gateway 192.168.1.1<br />
ip http server<br />
!<br />
line con 0<br />
password cisco<br />
login<br />
line vty 0 4<br />
password cisco<br />
login<br />
line vty 5 15<br />
password cisco<br />
Chapter 6: Catalyst Switch Configuration 299
300 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
!<br />
!<br />
login<br />
end<br />
Step 2. Exit to the switch welcome screen.<br />
Switch#exit<br />
Step 3. Remove <strong>and</strong> store the cables <strong>and</strong> adapter.<br />
Curriculum Lab 6-9: Password Recovery Procedure on a<br />
Catalyst 2900 Series Switch (6.2.8)<br />
Figure 6-13 Topology for Lab 6-9<br />
Table 6-9 Lab Equipment Configuration<br />
Switch Designation Switch Name VLAN 1 IP Address Default Gateway IP Address<br />
Switch 1 ALSwitch 192.168.1.2 192.168.1.1<br />
The enable secret password is class.<br />
The enable, VTY, <strong>and</strong> console password is cisco.<br />
The subnet mask is 255.255.255.0.<br />
Objectives<br />
Straight-Through Cable<br />
Rollover (Console) Cable<br />
■ Create a basic switch configuration <strong>and</strong> verify it.<br />
■ Change passwords so that the password recovery procedure must be performed.<br />
FA0/1<br />
Crossover Cable<br />
Serial Cable
Background/Preparation<br />
Cable a network that is similar to the one in Figure 6-13. The 2950 switch produced the configuration output<br />
in this lab. Another switch might produce different output. Instructions are also provided for the 1900<br />
series switch, which initially displays a User Interface Menu. Select the Comm<strong>and</strong> Line option from the<br />
menu to perform the steps for this lab.<br />
Start a HyperTerminal session.<br />
Implement the procedure documented in Appendix B before you continue with this lab.<br />
Task 1: Configure the Switch<br />
Configure the hostname <strong>and</strong> passwords, as well as the management VLAN 1 settings for the switch, as<br />
indicated in Table 6-9. If you have problems while performing this configuration, refer to Curriculum<br />
Lab 6-2, “Basic Switch Configuration (6.2.2).”<br />
Task 2: Configure the Host that Is Attached to the Switch<br />
Configure the host to use the same subnet for addresses, masks, <strong>and</strong> the default gateway as the switch.<br />
Task 3: Verify Connectivity<br />
To verify that the host <strong>and</strong> switch are correctly configured, ping the switch IP address from the host.<br />
Was the ping successful? Yes<br />
If the answer is no, troubleshoot the host <strong>and</strong> switch configurations.<br />
Task 4: Reset the Console Password<br />
Step 1. Have a classmate change the console <strong>and</strong> VTY passwords on the switch, save the changes to<br />
the startup-config file, <strong>and</strong> reload the switch.<br />
Step 2. Without knowing the passwords, try to gain access to the switch.<br />
Task 5: Recover Access to the Switch<br />
Step 1. Make sure that a PC is connected to the console port <strong>and</strong> that a HyperTerminal window is<br />
open.<br />
Step 2. Power off the switch <strong>and</strong> turn it back on by holding down the Mode button on the front of the<br />
switch at the same time that the switch is powered on. Release the Mode button a few seconds<br />
after the STAT LED is no longer lit.<br />
Step 3. The following should be displayed:<br />
Chapter 6: Catalyst Switch Configuration 301<br />
C2950 Boot Loader (C2950-HBOOT-M) Version 12.1(11r)EA1, RELEASE SOFTWARE (fc1)<br />
Compiled Mon 22-Jul-02 18:57 by antonino<br />
WS-C2950-24 starting...<br />
Base ethernet MAC Address: 00:0a:b7:72:2b:40<br />
Xmodem file system is available.
302 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
The system has been interrupted prior to initializing the Flash file system. The following comm<strong>and</strong>s<br />
initialize the Flash file system <strong>and</strong> finish loading the operating system software:<br />
flash_init<br />
load_helper<br />
boot<br />
Step 4. To initialize the file system <strong>and</strong> finish loading the operating system:<br />
Type flash_init.<br />
Type load_helper.<br />
Type dir flash: (do not forget to type the : (colon) after the word flash).<br />
Step 5. Type rename flash:config.text flash:config.old to rename the configuration file.<br />
This file contains the password definition.<br />
Task 6: Restart the System<br />
Step 1. Type boot to boot the system.<br />
Step 2. Enter N at the prompt to start the Setup program.<br />
Continue with the configuration dialog? [yes/no] : N<br />
Step 3. Type rename flash:config.old flash:config.text to rename the configuration file with its original<br />
name at the privileged EXEC mode prompt.<br />
Step 4. Copy the configuration file into memory.<br />
Switch#copy flash:config.text system:running-config<br />
Source filename [config.text]?[Enter]<br />
Destination filename [running-config][Enter]<br />
Step 5. The configuration file is now reloaded, so change the old unknown passwords <strong>and</strong> save the new<br />
configuration.<br />
ALSwitch#configure terminal<br />
ALSwitch(config)#no enable secret<br />
ALSwitch(config)#enable password Cisco<br />
ALSwitch(config)#line console 0<br />
ALSwitch(config-line)#password cisco<br />
ALSwitch(config-line)#exit<br />
ALSwitch(config)#line vty 0 15<br />
ALSwitch(config-line)#password cisco<br />
ALSwitch(config-line)#exit<br />
ALSwitch(config)#exit<br />
ALSwitch#copy running-config startup-config<br />
Destination filename [startup-config]?[Enter]<br />
Building configuration...<br />
[OK]<br />
ALSwitch#<br />
Step 6. Power cycle the switch <strong>and</strong> verify that the passwords are now functional.<br />
If they are not, repeat the procedure.<br />
After you complete the previous steps, log off (by typing exit) <strong>and</strong> turn all the devices off. Then, remove<br />
<strong>and</strong> store the cables <strong>and</strong> adapter.
Task 7: Procedure for the 1900 <strong>and</strong> 2800 Switches<br />
Check the boot firmware version number from the Systems Engineering menu. To access the Systems<br />
Engineering menu, follow this procedure:<br />
Step 1. Disconnect the power cord from the rear panel.<br />
Step 2. Press <strong>and</strong> hold the Mode button on the front panel.<br />
Step 3. Power-cycle the switch.<br />
Step 4. Release the Mode button one or two seconds after the LED above port 1x goes off or when the<br />
diagnostic console is displayed.<br />
Cisco Systems Diagnostic Console<br />
Copyright Cisco Systems, Inc. 1999<br />
All rights reserved.<br />
Ethernet Address: 00-E0-1E-7E-B4-40<br />
————————————————————————-<br />
Press Enter to continue.<br />
Step 5. Press Enter to display the Diagnostic Console [nd] Systems Engineering menu:<br />
Diagnostic Console - Systems Engineering<br />
Operation firmware version: 8.00.00 Status: valid<br />
Boot firmware version: 3.02<br />
[C] Continue with st<strong>and</strong>ard system start up<br />
[U] Upgrade operation firmware (XMODEM)<br />
[S] System Debug Interface<br />
Enter Selection:<br />
The bold letters show the Boot firmware version.<br />
Clearing the Password (Firmware Version 1.10 <strong>and</strong> Later)<br />
Step 1. Power-cycle the switch.<br />
After POST completes, the following prompt displays:<br />
Do you wish to clear the passwords? [Y]es or [N]o:<br />
Note: You have 10 seconds to respond. If you do not respond within that time, the Management Console Logon screen<br />
appears. You cannot change this waiting period.<br />
Step 2. Enter Y to delete the existing password from NVRAM.<br />
Note: If you type N, the existing password remains valid.<br />
Chapter 6: Catalyst Switch Configuration 303<br />
Step 3. Assign a password from the switch management interfaces (management console or CLI).
304 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Viewing the Password (Firmware Versions Between 1.10 <strong>and</strong> 3.02)<br />
For firmware versions between 1.10 <strong>and</strong> 3.02, you can view the password you are trying to recover<br />
(instead of clearing it as described in the previous section).<br />
Step 1. Access the diagnostic console:<br />
Press <strong>and</strong> hold the Mode button.<br />
Power-cycle the switch.<br />
Release the Mode button one or two seconds after the LED above port 1x goes off or the diagnostics<br />
console appears.<br />
You will see the following logon screen:<br />
————————————————————————-<br />
Cisco Systems Diagnostic Console<br />
Copyright Cisco Systems, Inc. 1999<br />
All rights reserved.<br />
Ethernet Address: 00-E0-1E-7E-B4-40<br />
————————————————————————-<br />
Press Enter to continue.<br />
Step 2. Press Enter <strong>and</strong> select the [S] option on the Diagnostic Console <strong>–</strong> Systems Engineering menu,<br />
<strong>and</strong> then select the [V] option on the Diagnostic Console <strong>–</strong> System Debug Interface menu to<br />
display the management console password.<br />
Step 3. If you want to change the password, select the [M] option on the Console Settings menu.<br />
Password Recovery for Firmware Version 1.09 <strong>and</strong> Earlier<br />
Note: If the shipping date is before June 1997, gather the information listed in this section <strong>and</strong> contact the Cisco<br />
Technical Assistance Center (TAC) for password recovery.<br />
Note: This section is also applicable for those Catalyst 2800 switches that do not have the Mode button in their front<br />
panel.<br />
To recover your password, follow these steps:<br />
Step 1. Contact the Cisco TAC for the factory-installed password.<br />
Step 2. Provide the serial number or MAC address of the switch.<br />
The serial number is usually located on the back of the unit. To obtain the MAC address,<br />
remove the cover <strong>and</strong> read the Ethernet address of the PROM.
Curriculum Lab 6-10: Firmware Upgrade of a Catalyst<br />
2950 Series Switch (6.2.9)<br />
Figure 6-14 Topology for Lab 6-10<br />
Table 6-10 Lab Equipment Configuration<br />
Switch Designation Switch Name VLAN 1 IP Address Default Gateway IP Address<br />
Switch 1 ALSwitch 192.168.1.2 192.168.1.1<br />
The enable secret password is class.<br />
The enable, VTY, <strong>and</strong> console password is cisco.<br />
The subnet mask is 255.255.255.0.<br />
Objectives<br />
■ Create a basic switch configuration <strong>and</strong> verify it.<br />
■ Upgrade the IOS <strong>and</strong> HTML files from a file that the instructor supplies.<br />
Background/Preparation<br />
Cable a network that is similar to the one in Figure 6-14. The 2950 switch produced the configuration output<br />
in this lab. Another switch might produce different output.<br />
Start a HyperTerminal session.<br />
Straight-Through Cable<br />
Rollover (Console) Cable<br />
Chapter 6: Catalyst Switch Configuration 305<br />
Implement the procedure documented in Appendix B before you continue with this lab.<br />
FA0/1<br />
Crossover Cable<br />
Serial Cable
306 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Important Note: This lab requires that a combined IOS image <strong>and</strong> HTML file c2950-c3h2s-mz.120-5.3.WC.1.tar be<br />
in the default file directory of the TFTP server. The instructor should download this file from the Cisco Connection<br />
online software center. This file is the latest update for the Catalyst 2950. It has the same filename stem as the current<br />
image, but for the purpose of the lab, assume that this is an update. The IOS update release contains new HTML files<br />
to support changes to the web interface.<br />
This lab requires that there be a saved copy of the current configuration file as backup.<br />
Task 1: Configure the Switch<br />
Configure the hostname <strong>and</strong> passwords, as well as the management VLAN 1 settings for the switch, as<br />
indicated in Table 6-10. If you have problems while performing this configuration, refer to Curriculum<br />
Lab 6-2, “Basic Switch Configuration (6.2.2).”<br />
Task 2: Configure the Host Attached to the Switch<br />
Configure the host to use the same IP subnet for addresses, masks, <strong>and</strong> the default gateway as the switch.<br />
Task 3: Verify Connectivity<br />
To verify that the host <strong>and</strong> switch are correctly configured, ping the switch IP address from the host.<br />
Was the ping successful? Yes<br />
If the answer is no, troubleshoot the host <strong>and</strong> switch configurations.<br />
Task 4: Display the Name of the Running Image File<br />
Step 1. Display the name of the running image file by using the show boot comm<strong>and</strong> from the privileged<br />
EXEC mode prompt.<br />
ALSwitch#show boot<br />
BOOT path-list:<br />
Config file: flash:config.text<br />
Enable Break: no<br />
Manual Boot: no<br />
HELPER path-list:<br />
NVRAM/Config file<br />
buffer size: 32768<br />
ALSwitch#<br />
Step 2. If, as shown in the previous step, no software image is defined in the boot path, enter dir flash:<br />
or show flash to display the contents.<br />
ALSwitch#dir flash:<br />
Directory of flash:/<br />
2 -rwx 1674921 Mar 01 1993 01:28:10 c2950-c3h2s-mz.120-5.3.WC.1.bin<br />
3 -rwx 269 Jan 01 1970 00:00:57 env_vars<br />
4 drwx 10240 Mar 01 1993 00:21:13 html<br />
165-rwx 965 Mar 01 1993 00:22:23 config.text<br />
7741440 bytes total (4778496 bytes free)
Task 5: Prepare for the New Image<br />
Step 1. If the switch has enough free memory, as shown in the previous step, rename the existing IOS<br />
image file to the same name with the .old extension. If there is not enough memory, make sure<br />
that a copy of the IOS image exists on the TFTP server.<br />
ALSwitch#rename flash: c2950-c3h2s-mz.120-5.3.WC.1.bin flash:<br />
c2950-c3h2s-mz.120-5.3.WC.1.old<br />
Step 2. Verify that the renaming was successful.<br />
ALSwitch#dir flash:<br />
Directory of flash:/<br />
2 -rwx 1674921 Mar 01 1993 01:28:10 c2950-c3h2s-mz.120-5.3.WC.1.old<br />
3 -rwx 269 Jan 01 1970 00:00:57 env_vars<br />
4 drwx 10240 Mar 01 1993 00:21:13 html<br />
167 -rwx 965 Mar 01 1993 00:22:23 config.text<br />
7741440 bytes total (4778496 bytes free)<br />
ALSwitch#<br />
Step 3. As a precaution, disable access to the switch HTML pages.<br />
ALSwitch(config)#no ip http server<br />
Task 6: Extract the New IOS Image <strong>and</strong> HTML Files into Flash<br />
Memory<br />
Step 1. Use the tar comm<strong>and</strong> as shown:<br />
ALSwitch#tar /x tftp://192.168.1.3//c2950-c3h2s-mz.120-<br />
5.4.WC.1.tar flash:<br />
Note: Depending on the TFTP server that is being used, you might need only one slash (/) after the IP address of the<br />
server.<br />
Step 2. Re-enable access to the switch HTML pages.<br />
ALSwitch(config)#ip http server<br />
Step 3. Remove existing HTML files.<br />
ALSwitch#delete flash:html/*<br />
Task 7: Associate the New Boot File<br />
Enter the boot comm<strong>and</strong> with the name of the new image filename at the configuration mode prompt.<br />
ALSwitch(config)#boot system flash:c2950-c3h2s-mz.120-5.4.WC.1.bin<br />
Chapter 6: Catalyst Switch Configuration 307
308 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 8: Restart the Switch<br />
Step 1. Restart the switch by using the reload comm<strong>and</strong> to see if the new IOS loaded. Use the show<br />
version comm<strong>and</strong> to see the IOS filename.<br />
What is the name of the IOS file that the switch booted from?<br />
flash:c2950-i6q4l2-mz.121-13.EA1.bin<br />
Is this the proper filename? Yes<br />
Step 2. If the IOS filename is now correct remove the backup file from flash memory using the comm<strong>and</strong><br />
delete flash: c2950-c3h2s-mz.120-5.3.WC.1.old from the Privileged EXEC mode<br />
prompt to remove the backup file.<br />
Step 3. Exit to the switch welcome screen.<br />
Switch#exit<br />
Step 4. Remove <strong>and</strong> store the cables <strong>and</strong> adapter.<br />
Challenge Lab 6-11: Basic Switch Configuration with Port<br />
Security<br />
Figure 6-15 Basic Switch Configuration with Port Security<br />
Objectives<br />
■ Prepare the switch for a new configuration.<br />
■ Apply basic configurations.<br />
■ Enable <strong>and</strong> test port security.<br />
Fa0/4 A<br />
ALSW<br />
VLAN1 192.168.1.2/24<br />
B<br />
192.168.1.3/24<br />
192.168.1.4/24
Equipment<br />
The topology shown in Figure 6-15 is using a 2950 Catalyst series switch. You also need two different PCs<br />
to test the port security.<br />
Note: Comm<strong>and</strong> output for this lab is based on a 2950 series switch running Cisco IOS version 12.1(13)EA1. The<br />
comm<strong>and</strong>s you need to use <strong>and</strong> the output may differ. If necessary, consult with your instructor for the correct comm<strong>and</strong>s.<br />
Alternatively, you can research the comm<strong>and</strong>s for your particular switch platform <strong>and</strong> IOS at Cisco.com. This<br />
would be an excellent way to enhance your Cisco device configuration skills <strong>and</strong> to simulate a “real-world” situation,<br />
namely, researching the comm<strong>and</strong> set for a particular device that is a part of your production network.<br />
NetLab Compatibility Notes<br />
Much of this lab can be completed on a NetLab basic switch pod. However, to test port security, your<br />
NetLab setup must support PCs.<br />
Task 1: Cable the Topology <strong>and</strong> Clear the Configuration<br />
Step 1. Choose a 2950 switch <strong>and</strong> attach a workstation to FastEthernet 0/4.<br />
Step 2. Make sure the switch has an empty startup configuration <strong>and</strong> that the VLAN database has been<br />
deleted. Then, reload the switch. What comm<strong>and</strong>s must be used to carry out this instruction?<br />
How do you verify that the VLAN database has been deleted?<br />
Switch#erase startup-config<br />
Switch#delete flash:vlan.dat<br />
Switch#reload<br />
Use the comm<strong>and</strong> show flash to verify that the vlan.dat file has been deleted.<br />
Task 2: Configure the Switch<br />
Step 1. Configure the switch with the following basic requirements:<br />
■ Hostname<br />
■ Enable password<br />
■ Banner MOTD<br />
■ Line configurations<br />
■ Other instructor-required global configurations<br />
Step 2. Check your configurations. What comm<strong>and</strong> did you use?<br />
show running-config<br />
Step 3. Although there is not a router shown in Figure 6-15, one would eventually be attached.<br />
Configure the management interface, activate it, <strong>and</strong> configure 192.168.1.1 as the default gateway.<br />
What comm<strong>and</strong>s did you use?<br />
ALSW(config)#interface vlan1<br />
ALSW(config-if)#ip address 192.168.1.2 255.255.255.0<br />
ALSW(config-if)#no shutdown<br />
ALSW(config)#ip default-gateway 192.168.1.1<br />
Chapter 6: Catalyst Switch Configuration 309
310 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Step 4. Configure the two hosts. What configurations did you use?<br />
Host A:<br />
■ IP address: 192.168.1.3<br />
■ Subnet Mask: 255.255.255.0<br />
■ Default Gateway: 192.168.1.1<br />
Host B:<br />
■ IP address: 192.168.1.4<br />
■ Subnet Mask: 255.255.255.0<br />
■ Default Gateway: 192.168.1.1<br />
Step 5. Verify that host A can ping ALSW. If it cannot, troubleshoot.<br />
Task 3: Configure <strong>and</strong> Test Port Security<br />
Step 1. For FastEthernet 0/4, implement the following port security requirements:<br />
■ Use port security to dynamically learn only one MAC address.<br />
■ Set the port to be disabled if there is a violation.<br />
What comm<strong>and</strong>s did you use?<br />
ALSW(config)#interface fastEthernet 0/4<br />
ALSW(config-if)#switchport mode access<br />
ALSW(config-if)#switchport port-security<br />
ALSW(config-if)#switchport port-security maximum 1<br />
ALSW(config-if)#switchport port-security mac-address sticky<br />
ALSW(config-if)#switchport port-security violation shutdown<br />
Step 2. Verify that the MAC address for host A is now part of the configuration for ALSW. What comm<strong>and</strong><br />
did you use?<br />
show run or show run interface fa0/4<br />
ALSW#show run<br />
Building configuration...<br />
(output omitted)<br />
!<br />
interface FastEthernet0/4<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
switchport port-security mac-address sticky 00b0.d092.8057<br />
!<br />
(output omitted)<br />
ALSW#show run interface fa0/4<br />
!<br />
interface FastEthernet0/4<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
switchport port-security mac-address sticky 00b0.d092.8057<br />
Is the MAC address for host A “stuck” to the configuration for ALSW? If not, troubleshoot.
Step 3. What comm<strong>and</strong>s can you use to verify port security?<br />
show port-security<br />
show port-security address<br />
show port-security interface fa0/4<br />
ALSW#show port-security<br />
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action<br />
(Count) (Count) (Count)<br />
—————————————————————————————————————-<br />
Fa0/4 1 1 0<br />
Shutdown<br />
—————————————————————————————————————-<br />
Total Addresses in System (excluding one mac per port) : 0<br />
Max Addresses limit in System (excluding one mac per port) : 1024<br />
ALSW#show port-security address<br />
Secure Mac Address Table<br />
—————————————————————————————————-<br />
Vlan Mac Address Type Ports Remaining Age<br />
(mins)<br />
—— —————- —— ——- ——————-<br />
1 00b0.d092.8057 SecureSticky Fa0/4 -<br />
—————————————————————————————————-<br />
Total Addresses in System (excluding one mac per port) : 0<br />
Max Addresses limit in System (excluding one mac per port) : 1024<br />
ALSW#show port-security interface fa0/4<br />
Port Security : Enabled<br />
Port Status : Secure-up<br />
Violation Mode : Shutdown<br />
Aging Time : 0 mins<br />
Aging Type : Absolute<br />
SecureStatic Address Aging : Disabled<br />
Maximum MAC Addresses : 1<br />
Total MAC Addresses : 1<br />
Configured MAC Addresses : 0<br />
Sticky MAC Addresses : 1<br />
Last Source Address : 00b0.d092.8057<br />
Security Violation Count : 0<br />
Chapter 6: Catalyst Switch Configuration 311<br />
Step 4. Test port security by removing host A <strong>and</strong> attaching host B to the FastEthernet 0/4 port. The<br />
port LED should turn from green to OFF. If it does not, send a frame to ALSW by pinging its<br />
VLAN interface from host B. Watch for console messages from the switch. You should see the<br />
following:<br />
00:06:03: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/4, putting<br />
Fa0/4 in err-disable state<br />
00:06:03: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred,<br />
caused by MAC address 00b0.d092.80c3 on port FastEthernet0/4.<br />
00:06:04: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4,<br />
changed state to down<br />
00:06:05: %LINK-3-UPDOWN: Interface FastEthernet0/4, changed state to down
312 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Step 5. Assume that host B is the new workstation for FastEthernet 0/4. How would you clear the disabled<br />
status of the port so that the MAC address for host B will be accepted?<br />
ALSW#clear port-security sticky<br />
ALSW(config)#int fa0/4<br />
ALSW(config-if)#shutdown<br />
00:13:14: %LINK-5-CHANGED: Interface FastEthernet0/4, changed state to administratively<br />
down<br />
ALSW(config-if)#no shutdown<br />
00:13:20: %LINK-3-UPDOWN: Interface FastEthernet0/4, changed state to up<br />
00:13:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4,<br />
changed state to up<br />
Step 6. Verify that the MAC address for host B is now part of the configuration for ALSW. What comm<strong>and</strong><br />
did you use?<br />
show run or show run interface fa0/4<br />
ALSW#show run int fa0/4<br />
Building configuration...<br />
Current configuration : 212 bytes<br />
!<br />
interface FastEthernet0/4<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
switchport port-security mac-address sticky 00b0.d092.80c3<br />
spanning-tree portfast
CHAPTER 7<br />
Spanning Tree Protocol<br />
The <strong>Study</strong> <strong>Guide</strong> portion of this chapter uses a combination of matching, fill in the blank, open-ended<br />
question, journal entry, <strong>and</strong> unique custom exercises to test your knowledge on the theory of redundant<br />
topologies <strong>and</strong> Spanning Tree Protocol (STP).<br />
The Lab Exercises portion of this chapter includes all of the online curriculum labs to ensure that you have<br />
mastered the practical, h<strong>and</strong>s-on skills needed about redundant topologies <strong>and</strong> STP.
314 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
<strong>Study</strong> <strong>Guide</strong><br />
Redundant Topologies<br />
Redundancy in a network is required to protect against loss of connectivity due to the failure of an individual<br />
component. However, this provision can result in physical topologies with loops. Physical layer loops<br />
can cause serious problems in switched networks. This section includes exercises to reinforce your underst<strong>and</strong>ing<br />
of redundant networks <strong>and</strong> the unique problem of broadcast storms.<br />
Vocabulary Exercise: Completion<br />
Complete the paragraphs that follow by filling in appropriate words <strong>and</strong> phrases.<br />
Redundancy allows networks to be fault tolerant, which protects against network downtime. Focusing<br />
specifically on networking, list a few things that can cause network downtime:<br />
Failure of a link<br />
Failure of a port or NIC<br />
Failure of a networking device<br />
Network engineers are often required to balance the cost of redundancy with the need for network availability.<br />
Networks that dem<strong>and</strong> close to 100 percent uptime often strive for “five nines” uptime, a network<br />
that is available 99.999 percent of the time. A goal of redundant topologies is to eliminate network outages<br />
caused by a single point of failure.<br />
However, redundancy in switched topologies introduces a new problem called broadcast storms, which is<br />
when frames loop endlessly through the network, eventually consuming all the available b<strong>and</strong>width.<br />
Concept Questions<br />
List <strong>and</strong> describe three of the problems that can occur with redundant links <strong>and</strong> devices in switched or<br />
bridged networks.<br />
■ Broadcast storms—Endless flooding of frames when no loop-avoidance technique is employed.<br />
■ Multiple frame transmission—Multiple copies of unicast frames may cause unrecoverable errors.<br />
■ MAC database instability—Results from copies of the same frame being received on different ports of<br />
the switch.<br />
What mechanism does the IP have to stop packets from endlessly looping throughout an internetwork?<br />
IP uses an 8-bit field called the Time to Live (TTL) that is decremented by each router as the packet travels<br />
from the source to the destination. If this field’s value reaches zero, the packet is dropped. Layer 2 has<br />
no such mechanism.
Journal Entry<br />
Chapter 7: Spanning Tree Protocol 315<br />
Draw <strong>and</strong> label a topology with two switches. In your own words, explain how a broadcast storm would<br />
occur in this redundantly switched network without some sort of mechanism to stop loops.<br />
Any redundant switched topology is sufficient to illustrate loops. For example, Figure 7-1 is a basic redundant<br />
topology. What you are looking for is a full underst<strong>and</strong>ing of what happens in a redundant switched<br />
topology when no loop-avoidance mechanism is used—not just a reiteration of the steps listed in the<br />
Companion <strong>Guide</strong> or the online curriculum. Have students orally explain how the loops occur.<br />
Figure 7-1 Redundant Topology<br />
Broadcast<br />
Server/Host X<br />
Switch A<br />
Spanning Tree Protocol<br />
Broadcast<br />
Router Y<br />
Segment 1<br />
Switch B<br />
Segment 2<br />
STP is used in redundantly switched networks to create a loop-free logical topology from a physical topology<br />
that has loops. The STP is a powerful tool that gives network administrators the security of a redundant<br />
topology without the risk of problems caused by switching loops. In this section, you work through<br />
exercises that will strengthen your underst<strong>and</strong>ing of what STP is <strong>and</strong> how it operates.
316 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Vocabulary Exercise: Matching<br />
Match the definition on the left with a term on the right. This exercise is not necessarily a one-to-one<br />
matching. Some definitions may be used more than once <strong>and</strong> some terms may have multiple definitions.<br />
Definition<br />
a. calculated based on the speed of the link<br />
b. port is only receiving BPDUs<br />
c. status messages sent between switches every<br />
2 seconds<br />
d. 20 seconds or a cycle of 10 BPDUs<br />
e. the time it takes for a port to transition from<br />
the listening state to the learning state or from<br />
the learning state to the forwarding state<br />
f. actively building a MAC address table but not<br />
forwarding user traffic<br />
g. used in redundantly switched networks to<br />
create a loop-free logical topology<br />
h. can send <strong>and</strong> receive traffic<br />
i. port is sending <strong>and</strong> receiving BPDUs, but not<br />
user traffic<br />
j. without loop avoidance, frames are flooded<br />
endlessly<br />
k. includes the priority <strong>and</strong> MAC address of the<br />
bridge<br />
l. lowest-cost path from the non-root bridge to<br />
the root bridge<br />
m. an improved version of IEEE 802.1d<br />
n. reduces the time of reconvergence when a<br />
topology change occurs in a redundantly<br />
switched network<br />
o. called “blocking” in IEEE 802.1d<br />
p. ports connected to a single end station<br />
q. only one in a given network; all ports are<br />
designated ports<br />
r. operating in full-duplex mode<br />
s. a port that is currently in the discarding state,<br />
but will transition to forwarding if the designated<br />
root port on that segment fails<br />
t. automatically transitions from the blocking<br />
state to the forwarding state<br />
Term<br />
j broadcast storms<br />
g Spanning Tree Protocol (STP)<br />
k bridge ID (BID)<br />
a path cost<br />
q root bridge<br />
h designated ports<br />
l root port<br />
c bridge protocol data unit (BPDU)<br />
g IEEE 802.1d<br />
b blocking<br />
i listening<br />
f learning<br />
e forward delay<br />
d max-age<br />
n, t PortFast<br />
g, m, n Rapid Spanning Tree Protocol (RSTP)<br />
s alternate port<br />
o discarding state<br />
g, m, n IEEE 802.1w<br />
p edge ports<br />
r point-to-point links
Vocabulary Exercise: Completion<br />
Complete the paragraphs that follow by filling in appropriate words <strong>and</strong> phrases.<br />
The Spanning Tree Protocol, originally developed by Digital Equipment Corporation, is used to maintain a<br />
loop-free topology. STP is also known as IEEE 802.1d. STP builds a loop-free topology using two key<br />
concepts: the bridge ID (BID) <strong>and</strong> path cost, which is based on the speed of the link. STP accumulates<br />
cost based on the b<strong>and</strong>width of all the links in the path.<br />
Originally, the cost of a link was calculated on a linear scale based on a maximum b<strong>and</strong>width of 1000<br />
Mbps. Because LANs now incorporate 10GigE links, the costs have been revised. Complete the following<br />
table showing the difference in IEEE costs for STP links.<br />
Link Speed Cost (Revised IEEE Spec) Cost (Previous IEEE Spec)<br />
10 Gbps 2 1<br />
1 Gbps 4 1<br />
100 Mbps 19 10<br />
10 Mbps 100 100<br />
Root ports <strong>and</strong> designated ports are used for forwarding data traffic. Nondesignated ports discard data traffic.<br />
These ports are called blocking or discarding ports. When using STP, the root bridge is the bridge with<br />
the lowest bridge ID (BID).<br />
The BID is made up of two parts: the Priority field, which is 2 bytes, <strong>and</strong> MAC Address field, which is 6<br />
bytes. The BID is included in messages that are sent every 2 seconds. These messages are called bridge<br />
protocol data units (BPDUs).<br />
Record the comm<strong>and</strong>, including the switch prompt, to change a switch’s priority from the default, which is<br />
32768, to 4096. Assume that you are using IOS version 12.1 or later.<br />
Switch(config)#spanning-tree vlan 1 priority 4096<br />
If you do not configure priority, which switch in a given topology will be elected the root bridge?<br />
The switch with the lowest MAC address will be elected the root bridge.<br />
With STP, ports transition through four states: blocking, listening, learning, <strong>and</strong> forwarding. A fifth state,<br />
disabled, is configured when the administrator manually shuts down the port. A port in the blocking state<br />
listens only to BPDUs. If the port does not receive BPDUs for 20 seconds, which is the max-age timer,<br />
then it transitions to the listening state. During the listening state, the port is sending <strong>and</strong> receiving BPDUs<br />
to determine the active topology. After 15 seconds, which is called the forward delay, the port transitions<br />
to the learning state. During the learning state, the port is actively building a MAC address table in preparation<br />
for the forwarding state. After another forward delay of 20 seconds, the port transitions to the forwarding<br />
state, in which it is either a root port or a designated port <strong>and</strong> is sending <strong>and</strong> receiving user traffic.<br />
The total convergence time to move from a blocking state to a forwarding state is 50 seconds.<br />
If a switch port is connected only to end-user stations, with no chance of ever connecting to another<br />
switch, then it can be configured with the PortFast feature by using the spanning-tree portfast interface<br />
comm<strong>and</strong>.<br />
The Rapid Spanning Tree Protocol (RSTP), or IEEE 802.1w, was developed to reduce the time it takes to<br />
reconverge the active topology when a change occurs. RSTP uses three port states: discarding, learning,<br />
<strong>and</strong> forwarding. In addition, ports can have five different roles.<br />
Note: Port roles are not the same as port states.<br />
Chapter 7: Spanning Tree Protocol 317
318 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Complete the following table.<br />
RSTP Role Definition<br />
Root port A single port on each switch in which the switch hears the best BPDU out of all the<br />
received BPDUs<br />
Designated port Of all switch ports on all switches attached to the same segment/collision domain, the<br />
port that advertises the “best” root BPDU<br />
Alternate port A port on a switch that receives a suboptimal root BPDU<br />
Backup port A nondesignated port on a switch that is attached to the same segment/collision<br />
domain as another port on the same switch<br />
Disabled A port that is administratively disabled<br />
RSTP calls Ethernet connections between switches links <strong>and</strong> calls Ethernet connections to end-user<br />
devices edges. If the link is full duplex, RSTP designates it as a point-to-point link. If the link is half<br />
duplex, RSTP designates it as a shared link. An example of a shared link is a port attached to a hub.<br />
Determine the Root Bridge <strong>and</strong> Port Roles Exercise<br />
Instructor Note: This exercise will prove challenging for many students. However, you can enhance their underst<strong>and</strong>ing<br />
of STP concepts <strong>and</strong> operation by reviewing the online curriculum for CCNP 3, Module 3: Objective 3.1,<br />
“Defining the Spanning Tree Protocol—STP.”<br />
The root bridge is chosen based on the lowest BID. After the root bridge is selected, a non-root bridge<br />
looks at the following components in sequence to determine which ports will process user data <strong>and</strong> which<br />
ports will discard user data:<br />
1. On each non-root bridge, the port with the lowest path cost to root is the root port.<br />
2. If two or more bridges are members of the same segment <strong>and</strong> have the same cost to reach the root<br />
bridge, the bridge with the lowest BID is the designated port for that segment.<br />
3. If a bridge has two or more equal cost paths to root, the port with the lowest ID is designated port.<br />
The other port(s) is blocking.<br />
In the topologies shown in Figures 7-2, 7-3, <strong>and</strong> 7-4, circle the root bridge. On non-root bridges, label root<br />
ports with an R, designated ports with a D, <strong>and</strong> ports that are in the blocking state with a B. Use the<br />
revised IEEE costs to make your determinations. In the space provided after each topology, draw the logical<br />
loop-free spanning-tree topology with the root bridge at the top.
Figure 7-2 Determine the Root Bridge <strong>and</strong> Port Roles: Topology 1<br />
I have the best BPDU.<br />
I am root.<br />
Both Gi0/1 <strong>and</strong> Gi0/2<br />
have the same cost to<br />
root, therefore Gi0/1<br />
has the lower port ID<br />
<strong>and</strong> is my root port.<br />
Priority: Default<br />
000d.ecdb.4be4<br />
SWA<br />
Gi0/1<br />
D<br />
Fa0/1<br />
D<br />
Gi0/2<br />
D<br />
100 Mbps<br />
000e.385d.e380<br />
Priority: Default<br />
Root Bridge <strong>and</strong> Port Roles<br />
1000 Mbps<br />
R<br />
Gi0/1<br />
Gi0/2<br />
1000 Mbps 1000 Mbps<br />
Chapter 7: Spanning Tree Protocol 319<br />
Priority: Default<br />
000e.8362.e383<br />
SWB<br />
D Fa0/1<br />
B<br />
100 Mbps<br />
B<br />
Fa0/1<br />
Gi0/2<br />
B<br />
R 1000 Mbps<br />
Gi0/2<br />
D<br />
R<br />
D<br />
Fa0/1<br />
SWC Gi0/1<br />
Gi0/1 SWD<br />
My path cost to root is lower<br />
than SWC, therefore my<br />
Gi0/1 is the designated port.<br />
000d.edd3.37a3<br />
Priority: Default<br />
Logical, Loop-Free Spanning-Tree Topology<br />
SWA<br />
SWB SWD<br />
SWC<br />
My link cost to root is lower<br />
than SWC, therefore my Gi0/2<br />
is the designated port.<br />
Although we have the same<br />
cost to root, I have a lower<br />
BID than SWB, therefore my<br />
Fa0/1 is the designated port.
320 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Figure 7-3 Determine the Root Bridge <strong>and</strong> Port Roles: Topology 2<br />
Although we have the same<br />
cost to root, I have a lower<br />
BID than SWC, therefore my<br />
Fa0/1 is the designated port.<br />
My path cost to root is lower<br />
than SWD, therefore my Gi0/2<br />
is the designated port.<br />
Priority: Default<br />
000d.ecdb.4be4<br />
R<br />
Gi0/1<br />
SWA<br />
D<br />
Fa0/1 Gi0/2<br />
D<br />
100 Mbps<br />
000e.385d.e380<br />
Priority: 36,864<br />
Root Bridge <strong>and</strong> Port Roles<br />
1000 Mbps<br />
Gi0/1<br />
D<br />
Gi0/2<br />
1000 Mbps 1000 Mbps<br />
Priority: 4096<br />
000e.8362.e383<br />
SWB<br />
D Fa0/1<br />
D<br />
100 Mbps<br />
B<br />
Fa0/1<br />
R<br />
Gi0/2<br />
D 1000 Mbps<br />
Gi0/2<br />
R<br />
B<br />
B<br />
Fa0/1<br />
SWC Gi0/1<br />
Gi0/1 SWD<br />
My path cost to root is lower<br />
than SWD, therefore my<br />
Gi0/1 is the designated port.<br />
000d.edd3.37a3<br />
Priority: Default<br />
Logical, Loop-Free Spanning-Tree Topology<br />
SWB<br />
SWA SWC<br />
SWD<br />
I have the best BPDU.<br />
I am root.<br />
Both Gi0/1 <strong>and</strong> Gi0/2<br />
have the same cost to<br />
root, therefore Gi0/1<br />
has the lower port ID<br />
<strong>and</strong> is my root port.
Figure 7-4 Determine the Root Bridge <strong>and</strong> Port Roles: Topology 3<br />
Priority: 45,056<br />
My path cost to root is lower 000d.ecdb.4be4<br />
than SWB, therefore my Gi0/1<br />
D<br />
is the designated port.<br />
Gi0/1<br />
SWA<br />
R<br />
Fa0/1 Gi0/2<br />
B<br />
Although we have the same<br />
cost to root, I have a lower<br />
BID than SWA, therefore my<br />
Fa0/1 is the designated port.<br />
100 Mbps<br />
000e.385d.e380<br />
Priority: Default<br />
Root Bridge <strong>and</strong> Port Roles<br />
1000 Mbps<br />
1000 Mbps 1000 Mbps<br />
Chapter 7: Spanning Tree Protocol 321<br />
R<br />
Gi0/1<br />
Gi0/2<br />
Priority: Default<br />
000e.8362.e383<br />
SWB<br />
B Fa0/1<br />
B<br />
100 Mbps<br />
D<br />
Fa0/1<br />
D<br />
Gi0/2<br />
R 1000 Mbps<br />
Gi0/2<br />
D<br />
D<br />
Fa0/1<br />
SWC Gi0/1<br />
Gi0/1<br />
D<br />
SWD<br />
My path cost to root is lower<br />
than SWB, therefore my<br />
Gi0/2 is the designated port.<br />
Logical, Loop-Free Spanning-Tree Topology<br />
SWD<br />
SWC SWA<br />
1-58713-171-4<br />
sl260704aa.eps<br />
05/29/06<br />
ICC<br />
000d.edd3.37a3<br />
Priority: 8192<br />
SWB<br />
Both Gi0/1 <strong>and</strong> Gi0/2<br />
have the same cost to<br />
root, therefore Gi0/1<br />
has the lower port ID<br />
<strong>and</strong> is my root port.<br />
I have the best BPDU.<br />
I am root.
322 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Spanning-Tree Recalculation Exercise<br />
Figure 7-5 is the same as Figure 7-3 in the preceding section. However, now the Gigabit Ethernet link<br />
between SWC <strong>and</strong> SWB has gone down. as indicated by the X. As you did before, circle the root bridge.<br />
On non-root bridges, label root ports with an R, designated ports with a D, <strong>and</strong> ports that are in the blocking<br />
state with a B. Use the revised IEEE costs to make your determinations. In the space provided after the<br />
topology, draw the logical loop-free spanning-tree topology with the root bridge at the top.<br />
Figure 7-5 Spanning-Tree Recalculation Exercise<br />
None of my costs changed.<br />
I am unaffected.<br />
I lost my best path to<br />
root. My next best path<br />
is through SWD.<br />
Priority: Default<br />
000d.ecdb.4be4<br />
R<br />
Gi0/1<br />
SWA<br />
D<br />
Fa0/1 Gi0/2<br />
D<br />
100 Mbps<br />
B<br />
Fa0/1<br />
Gi0/2<br />
R 1000 Mbps<br />
Gi0/2<br />
D<br />
R<br />
B<br />
Fa0/1<br />
SWC Gi0/1<br />
Gi0/1 SWD<br />
000e.385d.e380<br />
Priority: 36,864<br />
1000 Mbps<br />
1000 Mbps<br />
My path cost to root is now<br />
lower than SWC, therefore my<br />
Gi0/1 is the designated port.<br />
1-58713-171-4<br />
SWD<br />
sl260705aa.eps<br />
05/29/06<br />
ICC<br />
SWC<br />
Priority: 4096<br />
000e.8362.e383<br />
Gi0/1<br />
I have the best BPDU.<br />
D SWB<br />
I am root.<br />
Gi0/2<br />
D Fa0/1<br />
D<br />
1000 Mbps<br />
New Loop-Free Spanning-Tree<br />
Topology After Recalculation<br />
SWB<br />
SWA<br />
100 Mbps<br />
000d.edd3.37a3<br />
Priority: Default<br />
My Gi0/2 has the<br />
lowest cost to root,<br />
therefore it is now<br />
the root port.
Concept Questions<br />
What are the basic steps STP performs to converge a loop-free network?<br />
1. The switches select the root bridge.<br />
2. Configurations are made by the other switches <strong>and</strong> bridges, using the root bridge as a reference point.<br />
3. Each bridge or switch determines which of its own ports offers the best path to the root bridge.<br />
4. The logical loop is removed by one of the switches or bridges by blocking the port that creates the<br />
logical loop. Blocking is done by calculating costs for each port in relation to the root bridge. Then<br />
the port with the highest cost is disabled.<br />
Note: Students may list more or fewer steps than shown here. Just make sure that the concepts are delineated.<br />
How is the root bridge selected?<br />
STP devices settle on the root bridge by using an administratively set priority number. The root bridge is<br />
the one with the lowest priority number. The network administrator should always configure priority on<br />
the desired root bridge.<br />
What happens if two devices have the same priority number?<br />
If this happens, the STP devices pick the one with the lowest MAC address.<br />
What are BPDUs?<br />
BPDUs are messages sent between the root bridge <strong>and</strong> the best ports on the other devices, which are called<br />
root ports. The BPDUs transfer status messages about the network.<br />
What happens if BPDUs are not received for a set amount of time?<br />
Chapter 7: Spanning Tree Protocol 323<br />
The non-root bridge devices will assume that the root bridge has failed, <strong>and</strong> a new root bridge will be<br />
selected.
324 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Lab Exercises<br />
Comm<strong>and</strong> Reference<br />
In the table that follows, record the comm<strong>and</strong>, including the correct switch prompt, that fits the description<br />
for a 2950 Catalyst switch. Fill in any blanks with the appropriate missing information.<br />
Comm<strong>and</strong> Description<br />
Switch#show spanning-tree brief Cisco IOS Software Release 12.0<br />
Displays the spanning-tree table of the switch.<br />
Switch#show spanning-tree Cisco IOS Software Release 12.1<br />
Displays the spanning-tree table of the switch.<br />
Switch(config)#spanning-tree priority 1 Cisco IOS Software Release 12.0<br />
Sets the priority for root bridge elections.<br />
Number can be from 1 to 65535. The default is<br />
32768.<br />
Switch(config)#spanning-tree vlan 1 priority 4096 Cisco IOS Software Release 12.1<br />
Sets the priority for root bridge elections.<br />
Number can be from 0 to 65535 <strong>and</strong> must be<br />
configured in increments of 4096. The default<br />
is 32768.<br />
Switch(config-if)#spanning-tree portfast Sets an access port that will never be attached to<br />
another switch to move immediately into the<br />
forwarding state.<br />
Curriculum Lab 7-1: Selecting the Root Bridge (7.2.4)<br />
Figure 7-6 Topology for Lab 7-1<br />
Table 7-1 Lab Equipment Configuration<br />
FA0/1<br />
FA0/1<br />
FA0/7<br />
FA0/4<br />
FA0/4<br />
FA0/8<br />
Switch 1<br />
Switch 2<br />
Straight-Through Cable<br />
Rollover (Console) Cable<br />
Switch Designation Switch Name VLAN 1 IP Address Default Gateway IP<br />
Address<br />
Switch 1 Switch_A 192.168.1.2 192.168.1.1<br />
Switch 2 Switch_B 192.168.1.3 192.168.1.1<br />
The enable secret password for both switches is class.<br />
Crossover Cable<br />
Serial Cable
The enable, VTY, <strong>and</strong> console password for both switches is cisco.<br />
The subnet mask for both switches is 255.255.255.0.<br />
Objectives<br />
■ Create a basic switch configuration <strong>and</strong> verify it.<br />
■ Determine which switch is selected as a root switch with factory default settings.<br />
■ Force the other switch to be selected as a root switch.<br />
Background/Preparation<br />
Cable a network that is similar to the one in Figure 7-6. The 2950 series switch produced the configuration<br />
output in this lab. Another switch might produce different output. You should execute the following steps<br />
on each switch unless you are specifically instructed otherwise:<br />
■ Start a HyperTerminal session.<br />
■ Implement the procedure that is documented in Appendix B, “Erasing <strong>and</strong> Reloading the Switch,” on<br />
all switches before you continue with this lab.<br />
Task 1: Configure the Switches<br />
Configure the hostnames <strong>and</strong> passwords, as well as the management VLAN 1 settings for each switch, as<br />
indicated in Table 7-1. If you have problems while performing this configuration, refer to Lab 6-2, “Basic<br />
Switch Configuration.”<br />
Task 2: Configure the Hosts that Are Attached to the Switches<br />
Configure the hosts as part of the same subnet as the switches. The hosts also share the same subnet mask<br />
<strong>and</strong> the same default gateway.<br />
Task 3: Verify Connectivity<br />
Step 1. To verify that the hosts <strong>and</strong> switches are correctly configured, ping the switches from the hosts.<br />
C:\>ping 192.168.1.2<br />
Pinging 192.168.1.2 with 32 bytes of data:<br />
Reply from 192.168.1.2: bytes=32 time=1ms TTL=255<br />
Reply from 192.168.1.2: bytes=32 time=1ms TTL=255<br />
Reply from 192.168.1.2: bytes=32 time=1ms TTL=255<br />
Reply from 192.168.1.2: bytes=32 time=1ms TTL=255<br />
Ping statistics for 192.168.1.2:<br />
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),<br />
Approximate round trip times in milli-seconds:<br />
Minimum = 1ms, Maximum = 1ms, Average = 1ms<br />
C:\>ping 192.168.1.3<br />
Pinging 192.168.1.3 with 32 bytes of data:<br />
Reply from 192.168.1.3: bytes=32 time=3ms TTL=255<br />
Reply from 192.168.1.3: bytes=32 time=2ms TTL=255<br />
Chapter 7: Spanning Tree Protocol 325
326 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Reply from 192.168.1.3: bytes=32 time=1ms TTL=255<br />
Reply from 192.168.1.3: bytes=32 time=1ms TTL=255<br />
Ping statistics for 192.168.1.3:<br />
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),<br />
Approximate round trip times in milli-seconds:<br />
C:\><br />
Minimum = 1ms, Maximum = 3ms, Average = 1ms<br />
Step 2. Were the pings successful?<br />
Step 3. If the answer is no, troubleshoot the host <strong>and</strong> switch configurations.<br />
Note: If your pings were not successful, remember the troubleshooting methodology you learned in your <strong>CCNA</strong> 2<br />
studies. Start with the physical layer first. Are all the link lights lit that need to be lit? What other Layer 1 issues might<br />
be the problem? If Layer 1 is not the problem, proceed to Layer 2. What Layer 2 issues are likely to be causing a<br />
problem? Layer 3? For a review of the method of testing by the layers, refer to the online curriculum <strong>CCNA</strong> 2 Routers<br />
<strong>and</strong> Routing Basics: Module 9, Objective 9.2, “Network Testing.”<br />
Task 4: Look at the show interface vlan Options<br />
Step 1. Type show interface vlan1 ?.<br />
Switch_A#show interface vlan1 ?<br />
accounting Show interface accounting<br />
capabilities Show interface capabilities information<br />
counters Show interface counters<br />
crb Show interface routing/bridging info<br />
description Show interface description<br />
etherchannel Show interface etherchannel information<br />
fair-queue Show interface Weighted Fair Queueing (WFQ) info<br />
flowcontrol Show interface flowcontrol information<br />
irb Show interface routing/bridging info<br />
mac-accounting Show interface MAC accounting info<br />
precedence Show interface precedence accounting info<br />
private-vlan Show interface private vlan information<br />
pruning Show interface trunk VTP pruning information<br />
r<strong>and</strong>om-detect Show interface Weighted R<strong>and</strong>om Early Detection (WRED) info<br />
rate-limit Show interface rate-limit info<br />
shape Show interface Traffic Shape info<br />
stats Show interface packets & octets, in & out, by switching<br />
path<br />
status Show interface line status<br />
switchport Show interface switchport information<br />
trunk Show interface trunk information<br />
| Output modifiers<br />
<br />
Step 2. List some of the options that are available.<br />
counters, status, trunk
Task 5: Look at the VLAN Interface Information<br />
Step 1. On Switch_A, type the comm<strong>and</strong> show interface vlan 1 at the privileged EXEC mode prompt.<br />
Switch_A#show interface vlan 1<br />
Vlan1 is up, line protocol is up<br />
Hardware is CPU Interface, address is 0009.b7f5.6d80 (bia 0009.b7f5.6d80)<br />
Internet address is 192.168.1.2/24<br />
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,<br />
reliability 255/255, txload 1/255, rxload 1/255<br />
Encapsulation ARPA, loopback not set<br />
ARP type: ARPA, ARP Timeout 04:00:00<br />
Last input 00:01:00, output never, output hang never<br />
Last clearing of “show interface” counters never<br />
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0<br />
Queueing strategy: fifo<br />
Output queue :0/40 (size/max)<br />
5 minute input rate 0 bits/sec, 0 packets/sec<br />
5 minute output rate 9000 bits/sec, 5 packets/sec<br />
1184 packets input, 104481 bytes, 0 no buffer<br />
Received 137 broadcasts, 0 runts, 0 giants, 0 throttles<br />
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored<br />
3439 packets output, 1160044 bytes, 0 underruns<br />
0 output errors, 4 interface resets<br />
0 output buffer failures, 0 output buffers swapped out<br />
Step 2. What is the MAC address of the switch?<br />
0009.b7f5.5a41<br />
Step 3. On Switch_B, type the comm<strong>and</strong> show interface vlan 1 at the privileged EXEC mode prompt.<br />
Step 4. What is the MAC address of the switch?<br />
0009.b7f5.6d81<br />
Step 5. Which switch should be the root of the spanning tree for VLAN 1?<br />
Switch_A<br />
Step 6. What would you do if you wanted to change which switch is root for VLAN 1?<br />
Change the priority<br />
True or False: After changing which switch is root, you must reload the switches for the change<br />
to take effect.<br />
False<br />
Task 6: Look at the Switches’ Spanning-Tree Tables<br />
Step 1. On Switch_A, type show spanning-tree brief at the privileged EXEC mode prompt if you are<br />
running Cisco IOS Software Release 12.0. If you are running Cisco IOS Software Release<br />
12.1, type show spanning-tree.<br />
Switch_A#show spanning-tree brief<br />
VLAN1<br />
Spanning tree enabled protocol ieee<br />
Root ID Priority 32768<br />
Address 0009.b7f5.5a41<br />
Chapter 7: Spanning Tree Protocol 327
328 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Cost 19<br />
Port 1 (FastEthernet0/1)<br />
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec<br />
Bridge ID Priority 32768<br />
Address 0009.b7f5.6d81<br />
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec<br />
Aging Time 300<br />
Interface Designated<br />
Name Port ID Prio Cost Sts Cost Bridge ID Port<br />
ID<br />
—————————— ———- —— —— —- ——- —————————— ———-<br />
FastEthernet0/1 128.1 128 19 FWD 0 32768 0009.b7f5.5a41 128.1<br />
FastEthernet0/4 128.4 128 19 BLK 0 32768 0009.b7f5.5a41 128.4<br />
FastEthernet0/7 128.7 128 19 FWD 19 32768 0009.b7f5.6d81 128.7<br />
Step 2. On Switch_B, type show spanning-tree brief at the privileged EXEC mode prompt.<br />
Switch_B#show spanning-tree brief<br />
VLAN1<br />
Spanning tree enabled protocol ieee<br />
Root ID Priority 32768<br />
Address 0009.b7f5.5a41<br />
This bridge is the root<br />
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec<br />
Bridge ID Priority 32768<br />
Address 0009.b7f5.5a41<br />
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec<br />
Aging Time 300<br />
Interface Designated<br />
Name Port ID Prio Cost Sts Cost Bridge ID Port<br />
ID<br />
—————————— ———- —— ——- —- ——- —————————— ———<br />
FastEthernet0/1 128.1 128 19 FWD 0 32768 0009.b7f5.5a41 128.1<br />
FastEthernet0/4 128.4 128 19 FWD 0 32768 0009.b7f5.5a41 128.4<br />
FastEthernet0/8 128.8 128 19 FWD 0 32768 0009.b7f5.5a41 128.8<br />
Step 3. Examine your output <strong>and</strong> answer the following questions.<br />
Which switch is the root switch?<br />
Switch_A<br />
What is the priority of the root switch?<br />
32768<br />
What is the bridge ID of the root switch?<br />
0009.b7f5.5a41<br />
Which ports are forwarding on the root switch?<br />
FastEthernet 0/1, 0/4, 0/7<br />
Which ports are blocking on the root switch?<br />
None
What is the priority of the non-root switch?<br />
32768<br />
What is the bridge ID of the non-root switch?<br />
0009.b7f5.6d81<br />
Which ports are forwarding on the non-root switch?<br />
FastEthernet 0/1 <strong>and</strong> 0/8<br />
Which ports are blocking on the non-root switch?<br />
FastEthernet 0/4<br />
What is the status of the link light on the blocking port?<br />
Amber<br />
Task 7: Reassign the Root Bridge<br />
Step 1. The switch that has been selected as the root bridge, by using default values, is not the best<br />
choice. You must force the other switch to become the root switch.<br />
For the purposes of this step, assume that the root switch by default is Switch_A. Also assume<br />
that Switch_B is preferred as the root switch. If your implementation has Switch_B as the<br />
default root, then you will want to configure Switch_A to be the root. Go to the console <strong>and</strong><br />
enter configuration mode for the switch you want to change to root.<br />
Step 2. Determine the parameters that you can configure for the STP.<br />
Switch_A(config)#spanning-tree ?<br />
backbonefast Enable BackboneFast Feature<br />
etherchannel Spanning tree etherchannel specific configuration<br />
extend Spanning Tree 802.1t extensions<br />
loopguard Spanning tree loopguard options<br />
mode Spanning tree operating mode<br />
mst Multiple spanning tree configuration<br />
pathcost Spanning tree pathcost options<br />
portfast Spanning tree portfast options<br />
uplinkfast Enable UplinkFast Feature<br />
vlan VLAN Switch Spanning Tree<br />
Step 3. List the options.<br />
backbonefast, portfast, uplinkfast, vlan<br />
Step 4. Set the priority of the switch that is not root to 4096.<br />
If you are using Cisco IOS Software Release 12.0:<br />
Switch_B(config)#spanning-tree priority 1<br />
Switch_B(config)#exit<br />
If you are using Cisco IOS Software Release 12.1:<br />
Switch_B(config)#spanning-tree vlan 1 priority 4096<br />
Switch_B(config)#exit<br />
Chapter 7: Spanning Tree Protocol 329
330 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 8: Look at the Switch Spanning-Tree Table<br />
Step 1. On Switch_A, type show spanning-tree brief at the privileged EXEC mode prompt if you are<br />
running Cisco IOS Software Release 12.0. If you are running Cisco IOS Software Release<br />
12.1, type show spanning-tree.<br />
Switch_A#show spanning-tree<br />
VLAN1 is executing the ieee compatible Spanning Tree protocol<br />
Bridge Identifier has priority 4096, address 0009.b7f5.6d81<br />
Configured hello time 2, max age 20, forward delay 15<br />
We are the root of the spanning tree<br />
Topology change flag not set, detected flag not set<br />
Number of topology changes 4 last change occurred 00:01:34 ago<br />
Times: hold 1, topology change 35, notification 2<br />
hello 2, max age 20, forward delay 15<br />
Timers: hello 1, topology change 0, notification 0, aging 300<br />
Port 1 (FastEthernet0/1) of VLAN1 is forwarding<br />
Port path cost 19, Port priority 128, Port Identifier 128.1.<br />
Designated root has priority 4096, address 0009.b7f5.6d81<br />
Designated bridge has priority 4096, address 0009.b7f5.6d81<br />
Designated port id is 128.1, designated path cost 0<br />
Timers: message age 0, forward delay 0, hold 0<br />
Number of transitions to forwarding state: 1<br />
BPDU: sent 101, received 1436<br />
Port 4 (FastEthernet0/4) of VLAN1 is forwarding<br />
Port path cost 19, Port priority 128, Port Identifier 128.4.<br />
Designated root has priority 4096, address 0009.b7f5.6d81<br />
Designated port id is 128.4, designated path cost 0<br />
Timers: message age 0, forward delay 0, hold 0<br />
Number of transitions to forwarding state: 1<br />
BPDU: sent 98, received 1433<br />
Port 7 (FastEthernet0/7) of VLAN1 is forwarding<br />
Port path cost 19, Port priority 128, Port Identifier 128.7.<br />
Designated root has priority 4096, address 0009.b7f5.6d81<br />
Designated bridge has priority 4096, address 0009.b7f5.6d81<br />
Designated port id is 128.7, designated path cost 0<br />
Timers: message age 0, forward delay 0, hold 0<br />
Number of transitions to forwarding state: 1<br />
BPDU: sent 2408, received 0<br />
Step 2. On Switch_B, type show spanning-tree brief at the privileged EXEC mode prompt.<br />
Step 3. Examine your output <strong>and</strong> answer the following questions.<br />
Which switch is the root switch?<br />
Switch_B<br />
What is the priority of the root switch?<br />
4096
Which ports are forwarding on the root switch?<br />
FastEthernet 0/1, 0/4, <strong>and</strong> 0/8<br />
Which ports are blocking on the root switch?<br />
None<br />
What is the priority of the non-root switch?<br />
32768<br />
Which ports are forwarding on the non-root switch?<br />
FastEthernet 0/1 <strong>and</strong> 0/7<br />
Which ports are blocking on the non-root switch?<br />
FastEthernet 0/4<br />
What is the status of the link light on the blocking port?<br />
Amber<br />
Task 9: Verify the Running Configuration File on the Root Switch<br />
Step 1. On the switch that was changed to be the root bridge, type show running-config at the<br />
privileged EXEC mode prompt.<br />
Switch_A#show running-config<br />
Building configuration...<br />
Current configuration : 1233 bytes<br />
!<br />
version 12.1<br />
no service pad<br />
service timestamps debug uptime<br />
service timestamps log uptime<br />
no service password-encryption<br />
!<br />
hostname Switch_A<br />
!<br />
enable secret 5 $1$K0Nw$Vfv.yuMmf20yNpzBO3uOh0<br />
!<br />
ip subnet-zero<br />
no ip finger<br />
!<br />
spanning-tree vlan 1 priority 4096<br />
!<br />
interface FastEthernet0/1<br />
!<br />
<br />
!<br />
interface FastEthernet0/24<br />
!<br />
interface Vlan1<br />
ip address 192.168.1.2 255.255.255.0<br />
no ip route-cache<br />
!<br />
ip default-gateway 192.168.1.1<br />
Chapter 7: Spanning Tree Protocol 331
332 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
ip http server<br />
!<br />
line con 0<br />
password cisco<br />
login<br />
transport input none<br />
line vty 0 4<br />
password cisco<br />
login<br />
line vty 5 15<br />
!<br />
end<br />
password cisco<br />
login<br />
Step 2. Does an entry exist in the running configuration file that specifies the spanning-tree priority for<br />
this switch?<br />
Yes<br />
Step 3. What does that entry say?<br />
spanning-tree vlan 1 priority 4096<br />
Note: The output is different depending on whether the Cisco IOS software is Release 12.0 or Release 12.1.<br />
After you complete the previous steps, log off (by typing exit) <strong>and</strong> turn all the devices off. Then remove<br />
<strong>and</strong> store the cables <strong>and</strong> adapter.<br />
Curriculum Lab 7-2: Spanning-Tree Recalculation (7.2.6)<br />
Figure 7-7 Topology for Lab 7-2<br />
Table 7-2 Lab Equipment Configuration<br />
FA0/1<br />
FA0/7 FA0/4<br />
FA0/4<br />
FA0/8<br />
Switch 1<br />
Switch 2<br />
Straight-Through Cable<br />
Rollover (Console) Cable<br />
Switch Designation Switch Name VLAN 1 IP Address Default Gateway IP Address<br />
Switch 1 Switch_A 192.168.1.2 192.168.1.1<br />
Switch 2 Switch_B 192.168.1.3 192.168.1.1<br />
The enable secret password for both switches is class.<br />
The enable, VTY, <strong>and</strong> console password for both switches is cisco.<br />
The subnet mask for both switches is 255.255.255.0.<br />
FA0/1<br />
Crossover Cable<br />
Serial Cable
Objectives<br />
■ Create a basic switch configuration <strong>and</strong> verify it.<br />
■ Observe the behavior of the spanning-tree algorithm in the presence of switched network topology<br />
changes.<br />
Background/Preparation<br />
Cable a network that is similar to the one in Figure 7-7. The 2950 series switch produced the configuration<br />
output in this lab. Another switch might produce different output. You should execute the following steps<br />
on each switch unless you are specifically instructed otherwise:<br />
■ Start a HyperTerminal session.<br />
■ Implement the procedure documented in Appendix B on all switches before you continue with this lab.<br />
Task 1: Configure the Switches<br />
Configure the hostnames <strong>and</strong> passwords, as well as the management VLAN 1 settings for each switch, as<br />
indicated in Table 7-2. If you have problems while performing this configuration, refer to Lab 6-2, “Basic<br />
Switch Configuration.”<br />
Task 2: Configure the Hosts that Are Attached to the Switches<br />
Configure the hosts as part of the same subnet as the switches. The hosts also share the same subnet mask<br />
<strong>and</strong> the same default gateway.<br />
Task 3: Verify Connectivity<br />
Step 1. To verify that the hosts <strong>and</strong> switches are configured correctly, ping the switches from the hosts.<br />
Step 2. Were the pings successful?<br />
Step 3. If the answer is no, troubleshoot the host <strong>and</strong> switch configurations.<br />
Task 4: Look at the VLAN Interface Information<br />
Step 1. On both switches, type the comm<strong>and</strong> show interface vlan 1 at the privileged EXEC prompt.<br />
Switch_A#show interface vlan 1<br />
Vlan1 is up, line protocol is up<br />
Hardware is CPU Interface, address is 0009.b7f5.6d80 (bia 0009.b7f5.6d80)<br />
Internet address is 192.168.1.2/24<br />
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,<br />
reliability 255/255, txload 1/255, rxload 1/255<br />
Encapsulation ARPA, loopback not set<br />
ARP type: ARPA, ARP Timeout 04:00:00<br />
Last input 00:02:05, output never, output hang never<br />
Last clearing of “show interface” counters never<br />
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0<br />
Queueing strategy: fifo<br />
Output queue :0/40 (size/max)<br />
5 minute input rate 3000 bits/sec, 5 packets/sec<br />
5 minute output rate 6000 bits/sec, 1 packets/sec<br />
1453 packets input, 104542 bytes, 0 no buffer<br />
Received 10 broadcasts, 0 runts, 0 giants, 0 throttles<br />
Chapter 7: Spanning Tree Protocol 333
334 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored<br />
375 packets output, 189108 bytes, 0 underruns<br />
0 output errors, 4 interface resets<br />
0 output buffer failures, 0 output buffers swapped out<br />
Switch_B#show interface vlan 1<br />
Vlan1 is up, line protocol is up<br />
Hardware is CPU Interface, address is 0009.b7f5.5a40 (bia 0009.b7f5.5a40)<br />
Internet address is 192.168.1.3/24<br />
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,<br />
reliability 255/255, txload 1/255, rxload 1/255<br />
Encapsulation ARPA, loopback not set<br />
ARP type: ARPA, ARP Timeout 04:00:00<br />
Last input 00:02:27, output never, output hang never<br />
Last clearing of “show interface” counters never<br />
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0<br />
Queueing strategy: fifo<br />
Output queue :0/40 (size/max)<br />
5 minute input rate 0 bits/sec, 1 packets/sec<br />
5 minute output rate 0 bits/sec, 0 packets/sec<br />
9119 packets input, 648668 bytes, 0 no buffer<br />
Received 76 broadcasts, 0 runts, 0 giants, 0 throttles<br />
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored<br />
17084 packets output, 611644 bytes, 0 underruns<br />
0 output errors, 4 interface resets<br />
0 output buffer failures, 0 output buffers swapped out<br />
Step 2. What is the MAC address of Switch_A?<br />
0009.b7f5.6d80<br />
Step 3. What is the MAC address of Switch_B?<br />
0009.b7f5.5a40<br />
Step 4. Which switch should be the root of the spanning tree for VLAN 1?<br />
Switch_B<br />
Task 5: Look at the Switches’ Spanning-Tree Tables<br />
Step 1. On Switch_A, type show spanning-tree brief at the privileged EXEC mode prompt if you<br />
are running Cisco IOS Software Release 12.0. If you are running Cisco IOS Software Release<br />
12.1, type show spanning-tree. Different releases of IOS have different options for this<br />
comm<strong>and</strong>.<br />
Switch_A#show spanning-tree<br />
VLAN1 is executing the ieee compatible Spanning Tree protocol<br />
Bridge Identifier has priority 32768, address 0009.b7f5.6d81<br />
Configured hello time 2, max age 20, forward delay 15<br />
Current root has priority 32768, address 0009.b7f5.5a41<br />
Root port is 1 (FastEthernet0/1), cost of root path is 19<br />
Topology change flag not set, detected flag not set<br />
Number of topology changes 1 last change occurred 00:10:00 ago<br />
from FastEthernet0/1<br />
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15<br />
Timers: hello 0, topology change 0, notification 0, aging 300<br />
Port 1 (FastEthernet0/1) of VLAN1 is forwarding<br />
Port path cost 19, Port priority 128, Port Identifier 128.1.<br />
Designated root has priority 32768, address 0009.b7f5.5a41<br />
Designated bridge has priority 32768, address 0009.b7f5.5a41<br />
Designated port id is 128.1, designated path cost 0<br />
Timers: message age 1, forward delay 0, hold 0<br />
Number of transitions to forwarding state: 1<br />
BPDU: sent 1, received 316<br />
Port 4 (FastEthernet0/4) of VLAN1 is blocking<br />
Port path cost 19, Port priority 128, Port Identifier 128.4.<br />
Designated root has priority 32768, address 0009.b7f5.5a41<br />
Designated bridge has priority 32768, address 0009.b7f5.5a41<br />
Designated port id is 128.4, designated path cost 0<br />
Timers: message age 1, forward delay 0, hold 0<br />
Number of transitions to forwarding state: 0<br />
BPDU: sent 2, received 316<br />
Port 7 (FastEthernet0/7) of VLAN1 is forwarding<br />
Port path cost 19, Port priority 128, Port Identifier 128.7.<br />
Designated root has priority 32768, address 0009.b7f5.5a41<br />
Designated bridge has priority 32768, address 0009.b7f5.6d81<br />
Designated port id is 128.7, designated path cost 19<br />
Timers: message age 0, forward delay 0, hold 0<br />
Number of transitions to forwarding state: 1<br />
BPDU: sent 316, received 0<br />
Step 2. On Switch_B, type show spanning-tree brief at the privileged EXEC mode prompt.<br />
Switch_B#show spanning-tree<br />
VLAN1 is executing the ieee compatible Spanning Tree protocol<br />
Bridge Identifier has priority 32768, address 0009.b7f5.5a41<br />
Configured hello time 2, max age 20, forward delay 15<br />
We are the root of the spanning tree<br />
Topology change flag not set, detected flag not set<br />
Number of topology changes 5 last change occurred 00:10:48 ago<br />
from FastEthernet0/1<br />
Times: hold 1, topology change 35, notification 2<br />
hello 2, max age 20, forward delay 15<br />
Timers: hello 1, topology change 0, notification 0, aging 300<br />
Port 1 (FastEthernet0/1) of VLAN1 is forwarding<br />
Port path cost 19, Port priority 128, Port Identifier 128.1.<br />
Designated root has priority 32768, address 0009.b7f5.5a41<br />
Designated bridge has priority 32768, address 0009.b7f5.5a41<br />
Designated port id is 128.1, designated path cost 0<br />
Timers: message age 0, forward delay 0, hold 0<br />
Number of transitions to forwarding state: 1<br />
BPDU: sent 679, received 1<br />
Port 4 (FastEthernet0/4) of VLAN1 is forwarding<br />
Port path cost 19, Port priority 128, Port Identifier 128.4.<br />
Designated root has priority 32768, address 0009.b7f5.5a41<br />
Designated bridge has priority 32768, address 0009.b7f5.5a41<br />
Designated port id is 128.4, designated path cost 0<br />
Chapter 7: Spanning Tree Protocol 335
336 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Timers: message age 0, forward delay 0, hold 0<br />
Number of transitions to forwarding state: 1<br />
BPDU: sent 679, received 1<br />
Port 8 (FastEthernet0/8) of VLAN1 is forwarding<br />
Port path cost 19, Port priority 128, Port Identifier 128.8.<br />
Designated root has priority 32768, address 0009.b7f5.5a41<br />
Designated bridge has priority 32768, address 0009.b7f5.5a41<br />
Designated port id is 128.8, designated path cost 0<br />
Timers: message age 0, forward delay 0, hold 0<br />
Number of transitions to forwarding state: 1<br />
BPDU: sent 2247, received 0<br />
Step 3. Examine the comm<strong>and</strong> output <strong>and</strong> answer the following questions.<br />
Which switch is the root switch?<br />
Switch_B<br />
Record the states of the first 12 interfaces <strong>and</strong> ports of each switch in the following table.<br />
Switch_A Port No. Switch_B<br />
FWD 1 FWD<br />
Down 2 Down<br />
Down 3 Down<br />
BLK 4 FWD<br />
Down 5 Down<br />
Down 6 Down<br />
FWD 7 Down<br />
Down 8 FWD<br />
Down 9 Down<br />
Down 10 Down<br />
Down 11 Down<br />
Down 12 Down<br />
Task 6: Remove a Cable on the Switch<br />
Step 1. Remove the cable from the forwarding port on the non-root switch. If Switch_A is your root<br />
switch, then remove the cable from the forwarding port on Switch_B. If Switch_B is your root<br />
switch, then remove the cable from the forwarding port on Switch_A.<br />
Step 2. Wait for at least 2 minutes.<br />
Step 3. What has happened to the switch port LEDs?<br />
The port LEDs on both switches for FastEthernet 0/1 turned off.
Task 7: Look at the Spanning-Tree Table for the Switches<br />
Step 1. On Switch_A, type show spanning-tree brief at the privileged EXEC mode prompt if you<br />
are running Cisco IOS Software Release 12.0. If you are running Cisco IOS Software Release<br />
12.1, type show spanning-tree. Different releases of IOS have different options for this<br />
comm<strong>and</strong>.<br />
Switch_A#show spanning-tree<br />
VLAN0001<br />
Spanning tree enabled protocol ieee<br />
Root ID Priority 32769<br />
Address 0009.b7f5.5a40<br />
Cost 19<br />
Port 4 (FastEthernet0/4)<br />
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec<br />
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)<br />
Address 0009.b7f5.6d80<br />
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec<br />
Aging Time 300<br />
Interface Port ID Designated Port<br />
ID<br />
Name Prio.Nbr Cost Sts Cost Bridge ID<br />
Prio.Nbr<br />
———————— ———— ————- —- ————- —————————— ————<br />
Fa0/4 128.4 19 FWD 0 32769 0009.b7f5.5a40 128.4<br />
Fa0/7 128.7 19 FWD 0 32769 0009.b7f5.5a40 128.7<br />
Step 2. On Switch_B, type show spanning-tree brief at the privileged EXEC mode prompt.<br />
Switch_B#show spanning-tree<br />
VLAN0001<br />
Spanning tree enabled protocol ieee<br />
Root ID Priority 32769<br />
Address 0009.b7f5.5a40<br />
This bridge is the root<br />
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec<br />
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)<br />
Address 0009.b7f5.5a40<br />
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec<br />
Aging Time 300<br />
Interface Port ID Designated Port<br />
ID<br />
Name Prio.Nbr Cost Sts Cost Bridge ID<br />
Prio.Nbr<br />
———————— ———— ————- —- ————- —————————— ————<br />
Fa0/4 128.4 19 FWD 0 32769 0009.b7f5.5a40 128.4<br />
Fa0/8 128.8 19 FWD 0 32769 0009.b7f5.5a40 128.8<br />
Step 3. What changes have taken place in the comm<strong>and</strong> output?<br />
On Switch_A?<br />
Information <strong>and</strong> statistics for FastEthernet 0/1 are not displayed <strong>and</strong> FastEthernet 0/4 went<br />
from BLK mode into FWD mode.<br />
On Switch_B?<br />
Information <strong>and</strong> statistics for FastEthernet 0/1 are not displayed.<br />
Chapter 7: Spanning Tree Protocol 337
338 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 8: Replace the Cable in the Switch<br />
Step 1. Replace the cable in the port that it was removed from. For the previous example, this is interface<br />
FastEthernet 0/1 on Switch_A.<br />
Step 2. Wait for at least 2 minutes.<br />
Step 3. What has happened to the switch port LEDs?<br />
Both light up green.<br />
Task 9: Redisplay the Spanning-Tree Table for the Switches<br />
Step 1. On Switch_A, type show spanning-tree brief at the privileged EXEC mode prompt if you<br />
are running Cisco IOS Software Release 12.0. If you are running Cisco IOS Software Release<br />
12.1, type show spanning-tree. Different releases of IOS have different options for this<br />
comm<strong>and</strong>.<br />
Switch_A#show spanning-tree<br />
VLAN0001<br />
Spanning tree enabled protocol ieee<br />
Root ID Priority 32769<br />
Address 0009.b7f5.5a40<br />
Cost 19<br />
Port 1 (FastEthernet0/1)<br />
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec<br />
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)<br />
Address 0009.b7f5.6d80<br />
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec<br />
Aging Time 300<br />
Interface Port ID Designated Port<br />
ID<br />
Name Prio.Nbr Cost Sts Cost Bridge ID<br />
Prio.Nbr<br />
———————— ———— ————- —- ————- —————————— ————<br />
Fa0/1 128.1 19 FWD 0 32769 0009.b7f5.5a40 128.1<br />
Fa0/4 128.4 19 BLK 0 32769 0009.b7f5.5a40 128.4<br />
Fa0/7 128.7 19 FWD 0 32769 0009.b7f5.5a40 128.7<br />
Step 2. On Switch_B, type show spanning-tree brief at the privileged EXEC mode prompt.<br />
Switch_B#show spanning-tree<br />
VLAN0001<br />
Spanning tree enabled protocol ieee<br />
Root ID Priority 32769<br />
Address 0009.b7f5.5a40<br />
This bridge is the root<br />
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec<br />
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)<br />
Address 0009.b7f5.5a40<br />
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec<br />
Aging Time 300<br />
Interface Port ID Designated Port<br />
ID<br />
Name Prio.Nbr Cost Sts Cost Bridge ID<br />
Prio.Nbr
———————— ———— ————- —- ————- —————————— ————<br />
Fa0/1 128.1 19 FWD 0 32769 0009.b7f5.5a40 128.1<br />
Fa0/4 128.4 19 FWD 0 32769 0009.b7f5.5a40 128.4<br />
Fa0/8 128.8 19 FWD 0 32769 0009.b7f5.5a40 128.8<br />
Step 3. What changes have taken place in the comm<strong>and</strong> output?<br />
On Switch_A?<br />
FastEthernet 0/1 goes back into FWD mode <strong>and</strong> FastEthernet 0/4 went back to BLK mode.<br />
On Switch_B?<br />
FastEthernet 0/1 goes back into FWD mode.<br />
Chapter 7: Spanning Tree Protocol 339<br />
After you complete the previous steps, log off (by typing exit) <strong>and</strong> turn all the devices off. Then remove<br />
<strong>and</strong> store the cables <strong>and</strong> adapter.
This page intentionally left blank
CHAPTER 8<br />
Virtual LANs<br />
The <strong>Study</strong> <strong>Guide</strong> portion of this chapter uses a combination of fill in the blank <strong>and</strong> unique custom exercises<br />
to test your knowledge on the theory of VLANs, VLAN configuration, <strong>and</strong> VLAN troubleshooting.<br />
The Lab Exercises portion of this chapter includes all of the online curriculum labs as well as a challenge<br />
lab to ensure that you have mastered the practical, h<strong>and</strong>s-on skills needed about VLANs.
342 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
<strong>Study</strong> <strong>Guide</strong><br />
VLAN Concepts<br />
As a network engineer, it is important that you underst<strong>and</strong> the logical function of a VLAN <strong>and</strong> how<br />
VLANs can improve network performance. The completion exercise in this brief section provides a quick<br />
review of VLAN concepts.<br />
Vocabulary Exercise: Completion<br />
Directions: Complete the paragraphs that follow by filling in appropriate words <strong>and</strong> phrases.<br />
Up to this point in your studies, you have learned that a LAN includes all devices in the same broadcast<br />
domain <strong>and</strong> that a switch is used to microsegment the collision domain. In this chapter, you learned that<br />
switches can be configured with virtual LANs, or VLANs, to segment the broadcast domain at Layer 2.<br />
Without VLANs, a switch treats all interfaces on the switch as being in the same broadcast domain.<br />
A VLAN is a broadcast domain created by one or more switches. Configuration is as simple as putting<br />
some interfaces in one VLAN <strong>and</strong> other interfaces in another VLAN.<br />
List a few reasons or benefits for using VLANs:<br />
■ Limit the size of broadcast domains<br />
■ Group users by function, department, or some other logic instead of by physical location<br />
■ Increase security by separating logically devices on the same LAN<br />
■ Separate specialized traffic from user traffic (e.g. IP phones)<br />
Layer 2 switches cannot forward traffic between VLANs. In fact, the switch maintains a separate MAC<br />
address table for each VLAN so that broadcasts are contained within each VLAN. To communicate<br />
between users on different VLANs, the traffic must pass through a router or Layer 3 switch. This can be<br />
done by using a different Ethernet interface for each VLAN. Note that each VLAN would be on a different<br />
subnet. It is more common to use one Fast Ethernet interface to trunk multiple VLANs <strong>and</strong> configure logical<br />
subinterfaces.<br />
Two basic VLAN configuration methods are available to the network engineer: static configuration, which<br />
is port based, <strong>and</strong> dynamic configuration, which uses a VLAN Management Policy Server (VMPS). Static<br />
VLAN configuration is by far the most widely implemented of these two methods. Dynamic VLAN configuration<br />
is not currently a <strong>CCNA</strong> objective.<br />
VLAN Configuration<br />
Currently, the Cisco IOS is in a transition phase from configuring VLANs in VLAN database configuration<br />
mode to configuring VLANs in global configuration mode. Because both ways are currently supported,<br />
you need to be familiar with each. The configuration exercise in this section will walk you through<br />
both methods for creating, modifying, applying, <strong>and</strong> deleting VLANs.<br />
Learn VLAN Configuration Comm<strong>and</strong>s Exercise<br />
True or False: You can assign a VLAN to an interface without creating the VLAN first. If true, what confirmation<br />
message does the switch display? If false, what error message does the switch display?
True<br />
SWA(config)#interface fa0/4<br />
SWA(config-if)#switchport access vlan 40<br />
% Access VLAN does not exist. Creating vlan 40<br />
Chapter 8: Virtual LANs 343<br />
VLANs can be created using VLAN database mode or global configuration mode. VLAN global configuration<br />
mode is preferred because the user interface is familiar. In addition, you must use the exit comm<strong>and</strong><br />
in VLAN database mode to have changes applied to the VLAN database. Finally, VLAN database configuration<br />
mode has been deprecated <strong>and</strong> will be removed in some future releases.<br />
For the following exercise, refer to Figure 8-1.<br />
Figure 8-1 VLAN Configuration Comm<strong>and</strong>s<br />
Record the comm<strong>and</strong>s, including the switch prompt, to configure SWA with the VLANs, shown in Figure<br />
8-1. The comm<strong>and</strong>s would be the same on SWB.<br />
VLAN database configuration mode<br />
SWA#vlan database<br />
SWA(vlan)#vlan 10 name Accounting<br />
VLAN 10 added:<br />
Name: Accounting<br />
SWA(vlan)#vlan 20 name Marketing<br />
VLAN 10 added:<br />
Name: Marketing<br />
SWA(vlan)#vlan 30 name Purchasing<br />
VLAN 10 added:<br />
Name: Purchasing<br />
SWA(vlan)#exit<br />
APPLY completed.<br />
Exiting....<br />
SWA#<br />
VLAN 1 10.1.0.0/16<br />
VLAN 10 10.10.0.0/16<br />
VLAN 20 10.20.0.0/16<br />
VLAN 30 10.30.0.0/16<br />
VLAN 10<br />
fa0/4<strong>–</strong>8<br />
VLAN global configuration mode<br />
SWA(config)#vlan 10<br />
SWA(config-vlan)#name Accounting<br />
SWA(config-vlan)#vlan 20<br />
SWA(config-vlan)#name Marketing<br />
SWA(config-vlan)#vlan 30<br />
VLAN 1: 10.1.0.2<br />
DefGate: 10.1.0.1<br />
SWA<br />
VLAN 20<br />
fa0/9<strong>–</strong>16<br />
fa0/2<br />
fa0/3<br />
VLAN 30<br />
fa0/17<strong>–</strong>24<br />
VLAN 10<br />
fa0/4<strong>–</strong>8<br />
VLAN 1: 10.1.0.3<br />
DefGate: 10.1.0.1<br />
fa0/2<br />
SWB<br />
fa0/3<br />
VLAN 20<br />
fa0/9<strong>–</strong>16<br />
VLAN 30<br />
fa0/17<strong>–</strong>24
344 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
SWA(config-vlan)#name Purchasing<br />
SWA(config-vlan)#end<br />
SWA#<br />
From global configuration mode if you type interface ? <strong>and</strong> see range as one of the options, you are in<br />
luck. Your Cisco IOS Software Release supports the range parameter. This argument to the interface comm<strong>and</strong><br />
allows you to configure multiple ports at one time. For example:<br />
Switch(config)#interface range fa0/1 <strong>–</strong> 8<br />
Switch(config-if-range)#<br />
Interestingly, the hyphen is considered a parameter. You must enter a space before <strong>and</strong> after the hyphen.<br />
Note that the range argument can be used to configure any combination of ports. For example, the following<br />
would be a legitimate comm<strong>and</strong>:<br />
Switch(config)#interface range fa 0/4 - 5, fa 0/3 , fa 0/10 - 12 , gi 0/1<br />
Switch(config-if-range)#<br />
Record the comm<strong>and</strong>s, including the switch prompt, to assign interfaces with the VLANs shown in Figure<br />
8-1. You only need to show the comm<strong>and</strong>s for SWA. The comm<strong>and</strong>s are the same for SWB.<br />
SWA(config)#interface range fa 0/4 <strong>–</strong> 8<br />
SWA(config-if-range)#switchport mode access<br />
SWA(config-if-range)#switchport access vlan 10<br />
SWA(config-if-range)#interface range fa 0/9 <strong>–</strong> 16<br />
SWA(config-if-range)#switchport mode access<br />
SWA(config-if-range)#switchport access vlan 20<br />
SWA(config-if-range)#interface range fa 0/17 - 24<br />
SWA(config-if-range)#switchport mode access<br />
SWA(config-if-range)#switchport access vlan 30<br />
SWA(config-if-range)#end<br />
SWA#<br />
You need to move ports Fa0/17 through Fa0/20 to the Marketing VLAN. Record the comm<strong>and</strong> or comm<strong>and</strong>s,<br />
including switch prompt, to make the move.<br />
SWA(config)#interface range fa 0/17 <strong>–</strong> 20<br />
SWA(config-if-range)#switchport access vlan 20<br />
!You do not need to first remove the ports from the other VLAN<br />
The Purchasing department has been eliminated. All Purchasing department functions are now h<strong>and</strong>led by<br />
Accounting. You no longer need the Purchasing VLAN. Record the comm<strong>and</strong> or comm<strong>and</strong>s, including<br />
switch prompt, to delete the Purchasing VLAN.<br />
VLAN database configuration mode<br />
Switch#vlan database<br />
Switch(vlan)#no vlan 10<br />
Deleting VLAN 10...<br />
Switch(vlan)#exit<br />
APPLY completed.<br />
Exiting....<br />
Switch#
VLAN global configuration mode<br />
Switch(config)#no vlan 10<br />
Switch(config)#exit<br />
Switch#<br />
What happens to the ports that were members of a deleted VLAN?<br />
The ports belong to no VLAN <strong>and</strong> will have only limited access.<br />
What must be done to fix this problem?<br />
Either assign the ports to a new VLAN or use the no form of the switchport access vlan comm<strong>and</strong> to reassign<br />
the ports to VLAN 1.<br />
Record the comm<strong>and</strong>s, including switch prompt, to reassign ports Fa0/21 through Fa0/24 to VLAN 1.<br />
SWA(config)#interface range fa 0/21 <strong>–</strong> 24<br />
SWA(config-if-range)#no switchport mode access vlan<br />
!or<br />
SWA(config-if-range)#switchport mode access vlan 1<br />
Troubleshooting VLANs<br />
Now that you are comfortable configuring VLANS, it is time to review the comm<strong>and</strong>s that will help you to<br />
verify <strong>and</strong> troubleshoot your VLAN implementation. This section covers the show comm<strong>and</strong>s most commonly<br />
used with VLANs.<br />
Identify the Troubleshooting Comm<strong>and</strong> Exercise<br />
In this exercise, you are asked to identify what comm<strong>and</strong> was used to display the output. You may need to<br />
use a switch to help research your answers. The following output is from a Cisco 2950 running Cisco IOS<br />
Software Version 12.1(13)EA1.<br />
Switch#show spanning-tree vlan 1<br />
VLAN0001<br />
Spanning tree enabled protocol ieee<br />
Root ID Priority 4097<br />
Address 000e.385d.e380<br />
This bridge is the root<br />
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec<br />
Bridge ID Priority 4097 (priority 4096 sys-id-ext 1)<br />
Address 000e.385d.e380<br />
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec<br />
Aging Time 300<br />
Chapter 8: Virtual LANs 345<br />
Interface Role Sts Cost Prio.Nbr Type<br />
———————— —— —- ————- ———— ————————————————<br />
Fa0/1 Desg FWD 19 128.1 P2p<br />
Fa0/2 Desg FWD 19 128.2 P2p
346 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Fa0/3 Desg FWD 19 128.3 P2p<br />
Switch#show vlan name Accounting !or show vlan id 10<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
10 Accounting active Fa0/1, Fa0/2, Fa0/3, Fa0/4<br />
Fa0/5, Fa0/6, Fa0/7, Fa0/8<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
10 enet 100010 1500 - - - - - 0 0<br />
Remote SPAN VLAN<br />
————————<br />
Disabled<br />
Primary Secondary Type Ports<br />
———- ————- ————————- —————————————————————<br />
Switch#show interface fa0/2 switchport<br />
Name: Fa0/2<br />
Switchport: Enabled<br />
Administrative Mode: trunk<br />
Operational Mode: trunk<br />
Administrative Trunking Encapsulation: dot1q<br />
Operational Trunking Encapsulation: dot1q<br />
Negotiation of Trunking: On<br />
Access Mode VLAN: 1 (default)<br />
Trunking Native Mode VLAN: 1 (default)<br />
Voice VLAN: none<br />
Administrative private-vlan host-association: none<br />
Administrative private-vlan mapping: none<br />
Operational private-vlan: none<br />
Trunking VLANs Enabled: ALL<br />
Pruning VLANs Enabled: 2-1001<br />
Capture Mode Disabled<br />
Capture VLANs Allowed: ALL<br />
Protected: false<br />
Voice VLAN: none (Inactive)<br />
Appliance trust: none
Switch#show vlan brief<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Gi0/1, Gi0/2<br />
10 Accounting active Fa0/4, Fa0/5, Fa0/6, Fa0/7<br />
Fa0/8<br />
20 Marketing active Fa0/9, Fa0/10, Fa0/11, Fa0/12<br />
Fa0/13, Fa0/14, Fa0/15, Fa0/16<br />
30 Purchasing active Fa0/17, Fa0/18, Fa0/19, Fa0/20<br />
Fa0/21, Fa0/22, Fa0/23, Fa0/24<br />
1002 fddi-default active<br />
1003 token-ring-default active<br />
1004 fddinet-default active<br />
1005 trnet-default active<br />
Switch#show interface trunk<br />
Port Mode Encapsulation Status Native vlan<br />
Fa0/1 on 802.1q trunking 1<br />
Fa0/2 on 802.1q trunking 1<br />
Fa0/3 on 802.1q trunking 1<br />
Port Vlans allowed on trunk<br />
Fa0/1 1-4094<br />
Fa0/2 1-4094<br />
Fa0/3 1-4094<br />
Port Vlans allowed <strong>and</strong> active in management domain<br />
Fa0/1 1,10,20,30<br />
Fa0/2 1,10,20,30<br />
Fa0/3 1,10,20,30<br />
Port Vlans in spanning tree forwarding state <strong>and</strong> not pruned<br />
Fa0/1 1,10,20,30<br />
Fa0/2 1,10,20,30<br />
Fa0/3 1,10,30<br />
Chapter 8: Virtual LANs 347
348 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Lab Exercises<br />
Comm<strong>and</strong> Reference<br />
In the table that follows, record the comm<strong>and</strong>, including the correct switch prompt, that fits the description<br />
for a 2950 Catalyst switch.<br />
Comm<strong>and</strong> Description<br />
Switch#vlan database Enters VLAN database configuration mode<br />
Switch(vlan)#vlan 2 name Engineering Creates VLAN 2 <strong>and</strong> names it Engineering<br />
Switch(vlan)#vlan 3 name Marketing Creates VLAN 2 <strong>and</strong> names it Marketing<br />
Switch(vlan)#exit Applies changes <strong>and</strong> exits VLAN database mode<br />
Switch(config)#vlan 10 Creates VLAN 10 using global configuration mode<br />
Switch(config-vlan)#name Accounting Assigns the name Accounting to VLAN 10<br />
Switch(config)#interface range fa0/2 <strong>–</strong> 8 Enters interface configuration mode for interfaces Fa0/2<br />
through Fa0/8<br />
Switch(config)#switchport mode access Sets these ports to access mode<br />
Switch(config-if)#switchport access vlan 2 Assigns these ports to VLAN 2<br />
Switch(vlan)#no vlan 3 Deletes VLAN 3 in VLAN database configuration mode<br />
Switch(config)#no vlan 3 Deletes VLAN 3 in global configuration mode<br />
Switch(config-if)#no switchport access vlan 10 Removes an interface from VLAN 10<br />
Switch#delete flash:vlan.dat Removes the entire VLAN database from Flash memory<br />
Switch#show vlan Displays the complete VLAN database<br />
Switch#show vlan brief Displays a summary of the VLAN database<br />
Curriculum Lab 8-1: Configuring Static VLANs (8.2.3)<br />
Figure 8-2 Topology for Lab 8-1<br />
Table 8-1 Lab Equipment Configuration<br />
FA0/1 FA0/4<br />
Switch 1<br />
Straight-Through Cable<br />
Rollover (Console) Cable<br />
Crossover Cable<br />
Serial Cable<br />
Switch Switch Name VLAN 1 IP Address Default Gateway Subnet Mask<br />
Designation IP Address<br />
Switch 1 Switch_A 192.168.1.2 192.168.1.1 255.255.255.0
The enable secret password is class.<br />
The enable, VTY, <strong>and</strong> console password is cisco.<br />
Objectives<br />
■ Create a basic switch configuration <strong>and</strong> verify it.<br />
■ Determine the switch firmware version.<br />
■ Create two VLANs, name them, <strong>and</strong> assign member ports to them.<br />
Background/Preparation<br />
When you are managing a switch, the management domain is always VLAN 1. The network administrator’s<br />
workstation must have access to a port in the VLAN 1 management domain. All ports are assigned to<br />
VLAN 1 by default. This lab will help demonstrate how you can use VLANs to separate traffic <strong>and</strong> reduce<br />
broadcast domains.<br />
Cable a network that is similar to the one in Figure 8-2. The 2950 series switch produced the configuration<br />
output in this lab. Another switch might produce different output. You should execute the following steps<br />
on each switch unless you are specifically instructed otherwise. Instructions are also provided for the 1900<br />
series switch, which initially displays a User Interface Menu. Select the Comm<strong>and</strong> Line option from the<br />
menu to perform the steps for this lab.<br />
Start a HyperTerminal session.<br />
Implement the procedure documented in Appendix B, “Erasing <strong>and</strong> Reloading the Switch,” on all switches<br />
before you continue with this lab.<br />
Task 1: Configure the Switch<br />
Configure the hostnames <strong>and</strong> passwords, as well as the management VLAN 1 settings for the switch, as<br />
indicated in Table 8-1. If you have problems while performing this configuration, refer to Lab 6-2, “Basic<br />
Switch Configuration.”<br />
Task 2: Configure the Hosts Attached to the Switch<br />
Configure the host to use the same subnet for addresses, masks, <strong>and</strong> the default gateway as the switch.<br />
Task 3: Verify Connectivity<br />
To verify that the hosts <strong>and</strong> switch are correctly configured, ping the switch from the hosts.<br />
Were the pings successful? Yes<br />
If the answer is no, troubleshoot the hosts <strong>and</strong> switch configurations.<br />
Task 4: Show the Cisco IOS Version<br />
It is important that you know the version of the operating system. Differences between versions might<br />
change how you enter comm<strong>and</strong>s. Enter the show version comm<strong>and</strong> at the user EXEC or privileged<br />
EXEC mode prompt.<br />
Switch_A#show version<br />
What version of the switch IOS is displayed? 12.1(13)EA1<br />
Does this switch have St<strong>and</strong>ard Edition or Enterprise Edition software? St<strong>and</strong>ard<br />
Switch_A#show version<br />
Chapter 8: Virtual LANs 349
350 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Cisco Internetwork Operating System Software<br />
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(13)EA1, RELEASE<br />
SOFTWARE (fc1)<br />
Copyright 1986-2003 by cisco Systems, Inc.<br />
Compiled Tue 04-Mar-03 02:14 by yenanh<br />
Image text-base: 0x80010000, data-base: 0x805A8000<br />
ROM: Bootstrap program is CALHOUN boot loader<br />
Switch_A uptime is 7 minutes<br />
System returned to ROM by power-on<br />
System image file is “flash:c2950-i6q4l2-mz.121-13.EA1.bin”<br />
cisco WS-C2950-24 (RC32300) processor (revision E0) with 20839K bytes of<br />
memory.<br />
Processor board ID FHK0634Z08M<br />
Last reset from system-reset<br />
Running St<strong>and</strong>ard Image<br />
24 FastEthernet/IEEE 802.3 interface(s)<br />
32K bytes of flash-simulated non-volatile configuration memory.<br />
Base ethernet MAC Address: 00:0A:B7:72:2B:40<br />
Motherboard assembly number: 73-5781-10<br />
Power supply part number: 34-0965-01<br />
Motherboard serial number: FOC06330DJG<br />
Power supply serial number: PHI06290B8Q<br />
Model revision number: E0<br />
Motherboard revision number: B0<br />
Model number: WS-C2950-24<br />
System serial number: FHK0634Z08M<br />
Configuration register is 0xF<br />
Task 5: Display the VLAN Interface Information<br />
On Switch_A, enter the comm<strong>and</strong> show vlan at the privileged EXEC mode prompt.<br />
Switch_A#show vlan<br />
Which ports belong to the default VLAN? All<br />
How many VLANs are set up by default on the switch? 5<br />
What does the VLAN 1003 represent?<br />
It represents the default Token Ring VLAN.<br />
How many ports are in the 1003 VLAN? 0<br />
Switch_A#show vlan<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4<br />
Fa0/5, Fa0/6, Fa0/7, Fa0/8<br />
Fa0/5, Fa0/6, Fa0/7, Fa0/8<br />
Fa0/13, Fa0/14, Fa0/15, Fa0/16
1002 fddi-default act/unsup<br />
1003 token-ring-default act/unsup<br />
1004 fddinet-default act/unsup<br />
1005 trnet-default act/unsup<br />
Fa0/17, Fa0/18, Fa0/19, Fa0/20<br />
Fa0/21, Fa0/22, Fa0/23, Fa0/24<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1 enet 100001 1500 - - - - - 0 0<br />
1002 fddi 101002 1500 - - - - - 0 0<br />
1003 tr 101003 1500 - - - - - 0 0<br />
1004 fdnet 101004 1500 - - - ieee - 0 0<br />
1005 trnet 101005 1500 - - - ibm - 0 0<br />
Remote SPAN VLANs<br />
———————————————————————————————————————<br />
Primary Secondary Type Ports<br />
———- ————- ————————- —————————————————————<br />
Task 6: Create <strong>and</strong> Name Two VLANs<br />
Enter the following comm<strong>and</strong>s to create two named VLANs:<br />
Switch_A#vlan database<br />
Switch_A(vlan)#vlan 2 name VLAN2<br />
Switch_A(vlan)#vlan 3 name VLAN3<br />
Switch_A(config)#exit<br />
1900:<br />
Switch_A#config t<br />
Switch_A(config)#vlan 2 name VLAN2<br />
Switch_A(config)#vlan 3 name VLAN3<br />
Task 7: Display the VLAN Interface Information<br />
On Switch_A, enter the comm<strong>and</strong> show vlan at the privileged EXEC mode prompt.<br />
Switch_A#show vlan<br />
Are new VLANs in the listing? If so, which ones? Yes, 2 <strong>and</strong> 3<br />
Do these VLANs have ports assigned to them yet? No<br />
Switch_A#show vlan<br />
VLAN Name Status Ports<br />
Chapter 8: Virtual LANs 351<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
352 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
2 VLAN2 active<br />
3 VLAN3 active<br />
1002 fddi-default act/unsup<br />
1003 token-ring-default act/unsup<br />
1004 fddinet-default act/unsup<br />
1005 trnet-default act/unsup<br />
Fa0/5, Fa0/6, Fa0/7, Fa0/8<br />
Fa0/9, Fa0/10, Fa0/11, Fa0/12<br />
Fa0/13, Fa0/14, Fa0/15, Fa0/16<br />
Fa0/17, Fa0/18, Fa0/19, Fa0/20<br />
Fa0/21, Fa0/22, Fa0/23, Fa0/24<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1 enet 100001 1500 - - - - - 0 0<br />
2 enet 100002 1500 - - - - - 0 0<br />
3 enet 100003 1500 - - - - - 0 0<br />
1002 fddi 101002 1500 - - - - - 0 0<br />
1003 tr 101003 1500 - - - - - 0 0<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1004 fdnet 101004 1500 - - - ieee - 0 0<br />
1005 trnet 101005 1500 - - - ibm - 0 0<br />
Remote SPAN VLANs<br />
———————————————————————————————————————<br />
Primary Secondary Type Ports<br />
———- ————- ————————- —————————————————————<br />
Task 8: Assign a Port to VLAN 2<br />
You must assign ports to VLANs from the interface mode. Enter the following comm<strong>and</strong>s to add port 2 to<br />
VLAN 2:<br />
Switch_A#configure terminal<br />
Switch_A(config)#interface fastethernet 0/2<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 2<br />
Switch_A(config-if)#end<br />
1900:<br />
Switch_A#config t<br />
Switch_A(config)#interface Ethernet 0/2<br />
Switch_A(config-if)#vlan static 2<br />
Switch_A(config)#end
Task 9: Display the VLAN Interface Information<br />
On Switch_A, enter the comm<strong>and</strong> show vlan at the privileged EXEC mode prompt.<br />
Switch_A#show vlan<br />
Is port 2 assigned to VLAN 2? Yes<br />
Is the port still listed in the default VLAN? No<br />
Switch_A#show vlan<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1, Fa0/3, Fa0/4, Fa0/5<br />
2 VLAN2 active Fa0/2<br />
3 VLAN3 active<br />
1002 fddi-default act/unsup<br />
1003 token-ring-default act/unsup<br />
1004 fddinet-default act/unsup<br />
1005 trnet-default act/unsup<br />
Fa0/6, Fa0/7, Fa0/8, Fa0/9<br />
Fa0/10, Fa0/11, Fa0/12, Fa0/13<br />
Fa0/14, Fa0/15, Fa0/16, Fa0/17<br />
Fa0/18, Fa0/19, Fa0/20, Fa0/21<br />
Fa0/22, Fa0/23, Fa0/24<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1 enet 100001 1500 - - - - - 0 0<br />
2 enet 100002 1500 - - - - - 0 0<br />
3 enet 100003 1500 - - - - - 0 0<br />
1002 fddi 101002 1500 - - - - - 0 0<br />
1003 tr 101003 1500 - - - - - 0 0<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1004 fdnet 101004 1500 - - - ieee - 0 0<br />
1005 trnet 101005 1500 - - - ibm - 0 0<br />
Remote SPAN VLANs<br />
———————————————————————————————————————<br />
Primary Secondary Type Ports<br />
Chapter 8: Virtual LANs 353<br />
———- ————- ————————- —————————————————————
354 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 10: Assign a Port to VLAN 3<br />
You must assign ports to VLANs from the interface mode. Enter the following comm<strong>and</strong>s to add port 3 to<br />
VLAN 3:<br />
Switch_A#configure terminal<br />
Switch_A(config)#interface fastethernet 0/3<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 3<br />
Switch_A(config-if)#end<br />
1900:<br />
Switch_A#config t<br />
Switch_A(config)#interface Ethernet 0/3<br />
Switch_A(config)#vlan static 3<br />
Switch_A(config)#end<br />
Task 11: Display the VLAN Interface Information<br />
On Switch_A, enter the comm<strong>and</strong> show vlan at the privileged EXEC mode prompt.<br />
Switch_A#show vlan<br />
Is port 3 assigned to VLAN 3? Yes<br />
Is the port still listed in the default VLAN? No<br />
Switch_A#show vlan<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1, Fa0/4, Fa0/5, Fa0/6<br />
2 VLAN2 active Fa0/2<br />
3 VLAN3 active Fa0/3<br />
1002 fddi-default act/unsup<br />
1003 token-ring-default act/unsup<br />
1004 fddinet-default act/unsup<br />
1005 trnet-default act/unsup<br />
Fa0/7, Fa0/8, Fa0/9, Fa0/10<br />
Fa0/11, Fa0/12, Fa0/13, Fa0/14<br />
Fa0/15, Fa0/16, Fa0/17, Fa0/18<br />
Fa0/19, Fa0/20, Fa0/21, Fa0/22<br />
Fa0/23, Fa0/24<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1 enet 100001 1500 - - - - - 0 0<br />
2 enet 100002 1500 - - - - - 0 0<br />
3 enet 100003 1500 - - - - - 0 0<br />
1002 fddi 101002 1500 - - - - - 0 0<br />
1003 tr 101003 1500 - - - - - 0 0
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1004 fdnet 101004 1500 - - - ieee - 0 0<br />
1005 trnet 101005 1500 - - - ibm - 0 0<br />
Remote SPAN VLANs<br />
———————————————————————————————————————<br />
Primary Secondary Type Ports<br />
———- ————- ————————- —————————————————————<br />
Task 12: Look Only at VLAN 2 Information<br />
Instead of displaying all the VLANs, enter the show vlan id 2 comm<strong>and</strong> at the privileged EXEC mode<br />
prompt.<br />
Switch_A#show vlan id 2<br />
1900:<br />
Switch_A#show vlan 2<br />
Does this comm<strong>and</strong> supply more information than the show vlan comm<strong>and</strong>? Yes<br />
Switch_A#show vlan id 2<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
2 VLAN2 active Fa0/2<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
2 enet 100002 1500 - - - - - 0 0<br />
Remote SPAN VLAN<br />
————————<br />
Disabled<br />
Primary Secondary Type Ports<br />
———- ————- ————————- —————————————————————<br />
Task 13: Look Only at VLAN 2 Information with a Different<br />
Comm<strong>and</strong> (1900: Skip this Task)<br />
Instead of displaying all the VLANs, enter the show vlan name VLAN2 comm<strong>and</strong> at the privileged<br />
EXEC mode prompt.<br />
Switch_A#show vlan name VLAN2<br />
Chapter 8: Virtual LANs 355
356 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Does this comm<strong>and</strong> supply more information than the other show comm<strong>and</strong>s? No<br />
ALSwitch#show vlan name VLAN2<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
2 VLAN2 active Fa0/2<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
2 enet 100002 1500 - - - - - 0 0<br />
Remote SPAN VLAN<br />
————————<br />
Disabled<br />
Primary Secondary Type Ports<br />
———- ————- ————————- —————————————————————<br />
After you complete the previous step, log off (by typing exit) <strong>and</strong> turn all the devices off. Then, remove<br />
<strong>and</strong> store the cables <strong>and</strong> adapter.<br />
Curriculum Lab 8-2: Verifying VLAN Configurations<br />
(8.2.4)<br />
Figure 8-3 Topology for Lab 8-2<br />
Table 8-2 Lab Equipment Configuration<br />
Switch Switch Name VLAN 1 IP Address Default Gateway Subnet Mask<br />
Designation IP Address<br />
Switch 1 Switch_A 192.168.1.2 192.168.1.2 255.255.255.0<br />
The enable secret password is class.<br />
The enable, VTY, <strong>and</strong> console password is cisco.<br />
Objectives<br />
■ Create a basic switch configuration <strong>and</strong> verify it.<br />
■ Create two VLANs.<br />
FA0/1 FA0/4<br />
Switch 1<br />
Straight-Through Cable<br />
Rollover (Console) Cable<br />
Crossover Cable<br />
Serial Cable
■ Name the VLANs <strong>and</strong> assign multiple member ports to them.<br />
■ Test functionality by moving a workstation from one VLAN to another.<br />
Background/Preparation<br />
When you are managing a switch, the management domain is always VLAN 1. The network administrator’s<br />
workstation must have access to a port in the VLAN 1 management domain. All ports are assigned to<br />
VLAN 1 by default. This lab will also help demonstrate how VLANs can be used to separate traffic <strong>and</strong><br />
reduce broadcast domains.<br />
Cable a network that is similar to the one in Figure 8-3. The 2950 series switch produced the configuration<br />
output in this lab. Another switch might produce different output. You should execute the following steps<br />
on each switch unless you are specifically instructed otherwise. Instructions are also provided for the 1900<br />
series switch, which initially displays a User Interface Menu. Select the Comm<strong>and</strong> Line option from the<br />
menu to perform the steps for this lab.<br />
Start a HyperTerminal session.<br />
Implement the procedure documented in Appendix B on all switches before you continue with this lab.<br />
Task 1: Configure the Switch<br />
Configure the hostnames <strong>and</strong> passwords, as well as the management VLAN 1 settings for the switch, as<br />
indicated in Table 8-2. If you have problems while performing this configuration, refer to Lab 6-2, “Basic<br />
Switch Configuration.”<br />
Task 2: Configure the Hosts Attached to the Switch<br />
Configure the host to use the same subnet for addresses, masks, <strong>and</strong> the default gateway as the switch.<br />
Task 3: Verify Connectivity<br />
To verify that the hosts <strong>and</strong> switch are correctly configured, ping the switch from the hosts.<br />
Were the pings successful? Yes<br />
If the answer is no, troubleshoot the hosts <strong>and</strong> switch configurations.<br />
Task 4: Display the VLAN Interface Information<br />
On Switch_A, enter the comm<strong>and</strong> show vlan at the privileged EXEC mode prompt.<br />
Switch_A#show vlan<br />
Which ports belong to the default VLAN? All<br />
Switch_A#show vlan<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4<br />
1002 fddi-default act/unsup<br />
Chapter 8: Virtual LANs 357<br />
Fa0/5, Fa0/6, Fa0/7, Fa0/8<br />
Fa0/5, Fa0/6, Fa0/7, Fa0/8<br />
Fa0/13, Fa0/14, Fa0/15, Fa0/16<br />
Fa0/17, Fa0/18, Fa0/19, Fa0/20<br />
Fa0/21, Fa0/22, Fa0/23, Fa0/24
358 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
1003 token-ring-default act/unsup<br />
1004 fddinet-default act/unsup<br />
1005 trnet-default act/unsup<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1 enet 100001 1500 - - - - - 0 0<br />
1002 fddi 101002 1500 - - - - - 0 0<br />
1003 tr 101003 1500 - - - - - 0 0<br />
1004 fdnet 101004 1500 - - - ieee - 0 0<br />
1005 trnet 101005 1500 - - - ibm - 0 0<br />
Remote SPAN VLANs<br />
———————————————————————————————————————<br />
Primary Secondary Type Ports<br />
———- ————- ————————- —————————————————————<br />
Task 5: Create <strong>and</strong> Name Two VLANs<br />
Enter the following comm<strong>and</strong>s to create two named VLANs:<br />
Switch_A#vlan database<br />
Switch_A(vlan)#vlan 2 name VLAN2<br />
Switch_A(vlan)#vlan 3 name VLAN3<br />
Switch_A(config)#exit<br />
1900:<br />
Switch_A#config t<br />
Switch_A(config)#vlan 2 name VLAN2<br />
Switch_A(config)#vlan 3 name VLAN3<br />
Switch_A(config)#exit<br />
Task 6: Assign Ports to VLAN 2<br />
You must assign ports to VLANs from the interface mode. Enter the following comm<strong>and</strong>s to add ports 4,<br />
5, <strong>and</strong> 6 to VLAN 2:<br />
Switch_A#configure terminal<br />
Switch_A(config)#interface fastethernet 0/4<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 2<br />
Switch_A(config)#interface fastethernet 0/5<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 2<br />
Switch_A(config)#interface fastethernet 0/6
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 2<br />
Switch_A(config-if)#end<br />
1900:<br />
Switch_A#config t<br />
Switch_A(config)#interface ethernet 0/4<br />
Switch_A(config-if)#vlan static 2<br />
Switch_A(config-if)#interface ethernet 0/5<br />
Switch_A(config-if)#vlan static 2<br />
Switch_A(config-if)#interface ethernet 0/6<br />
Switch_A(config-if)#vlan static 2<br />
Switch_A(config-if)#end<br />
Task 7: Display the VLAN Interface Information<br />
On Switch_A, enter the comm<strong>and</strong> show vlan at the privileged EXEC mode prompt.<br />
Switch_A#show vlan<br />
Are ports 4 through 6 assigned to VLAN 2? Yes<br />
Switch_A#show vlan<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/7<br />
Fa0/8, Fa0/9, Fa0/10, Fa0/11<br />
Fa0/12, Fa0/13, Fa0/14, Fa0/15<br />
Fa0/16, Fa0/17, Fa0/18, Fa0/19<br />
Fa0/20, Fa0/21, Fa0/22, Fa0/23<br />
Fa0/24<br />
2 VLAN2 active Fa0/4, Fa0/5, Fa0/6<br />
3 VLAN3 active<br />
1002 fddi-default act/unsup<br />
1003 token-ring-default act/unsup<br />
1004 fddinet-default act/unsup<br />
1005 trnet-default act/unsup<br />
Chapter 8: Virtual LANs 359<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1 enet 100001 1500 - - - - - 0 0<br />
2 enet 100002 1500 - - - - - 0 0<br />
3 enet 100003 1500 - - - - - 0 0<br />
1002 fddi 101002 1500 - - - - - 0 0<br />
1003 tr 101003 1500 - - - - - 0 0<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———
360 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
1004 fdnet 101004 1500 - - - ieee - 0 0<br />
1005 trnet 101005 1500 - - - ibm - 0 0<br />
Remote SPAN VLANs<br />
———————————————————————————————————————<br />
Primary Secondary Type Ports<br />
———- ————- ————————- ————————————————————-<br />
Task 8: Assign Ports to VLAN 3<br />
Enter the following comm<strong>and</strong>s to assign ports 7, 8, <strong>and</strong> 9 to VLAN 3:<br />
Switch_A#configure terminal<br />
Switch_A(config)#interface fastethernet 0/7<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 3<br />
Switch_A(config)#interface fastethernet 0/8<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 3<br />
Switch_A(config)#interface fastethernet 0/9<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 3<br />
Switch_A(config-if)#end<br />
Task 9: Display the VLAN Interface Information<br />
On Switch_A, enter the comm<strong>and</strong> show vlan at the privileged EXEC mode prompt.<br />
Switch_A#show vlan<br />
Are ports 7 through 9 assigned to VLAN 3? Yes<br />
Switch_A#show vlan<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/10<br />
Fa0/11, Fa0/12, Fa0/13, Fa0/14<br />
Fa0/15, Fa0/16, Fa0/17, Fa0/18<br />
Fa0/19, Fa0/20, Fa0/21, Fa0/22<br />
Fa0/23, Fa0/24<br />
2 VLAN2 active Fa0/4, Fa0/5, Fa0/6<br />
3 VLAN3 active Fa0/7, Fa0/8, Fa0/9<br />
1002 fddi-default act/unsup<br />
1003 token-ring-default act/unsup<br />
1004 fddinet-default act/unsup<br />
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1 enet 100001 1500 - - - - - 0 0<br />
2 enet 100002 1500 - - - - - 0 0<br />
3 enet 100003 1500 - - - - - 0 0<br />
1002 fddi 101002 1500 - - - - - 0 0<br />
1003 tr 101003 1500 - - - - - 0 0<br />
1004 fdnet 101004 1500 - - - ieee - 0 0<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1005 trnet 101005 1500 - - - ibm - 0 0<br />
Remote SPAN VLANs<br />
———————————————————————————————————————<br />
Primary Secondary Type Ports<br />
———- ————- ————————- —————————————————————<br />
Task 10: Test the VLANs<br />
Step 1. Ping from the host in port 0/4 to the host in port 0/1.<br />
Was the ping successful? No<br />
Why?<br />
They have different VLAN membership.<br />
Step 2. Ping from the host in port 0/1 to the host in port 0/4.<br />
Was the ping successful? No<br />
Why?<br />
They have different VLAN membership.<br />
Step 3. Ping from the host in port 0/4 to the switch IP 192.168.1.2.<br />
Was the ping successful? No<br />
Why?<br />
They have different VLAN membership.<br />
Step 4. Ping from the host in port 0/1 to the switch IP 192.168.1.2.<br />
Was the ping successful? Yes<br />
Why?<br />
They have the same VLAN membership.<br />
Chapter 8: Virtual LANs 361
362 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 11: Move a Host<br />
Move the host in port 0/4 to port 0/3, wait until the port LED turns green, <strong>and</strong> then go to the next task.<br />
Task 12: Test the VLANs<br />
Step 1. Ping from the host in port 0/3 to the host in port 0/1.<br />
Was the ping successful? Yes<br />
Why?<br />
They have the same VLAN membership.<br />
Step 2. Ping from the host in port 0/1 to the host in port 0/3.<br />
Was the ping successful? Yes<br />
Step 3. Ping from the host in port 0/3 to the switch IP 192.168.1.2.<br />
Was the ping successful? Yes<br />
Task 13: Move Hosts<br />
Move the host in port 0/3 to port 0/4 <strong>and</strong> the host in port 0/1 to port 0/5, wait until the port LED turns<br />
green, <strong>and</strong> then go to the next task.<br />
Task 14: Test the VLANs<br />
Step 1. Ping from the host in port 0/4 to the host in port 0/5.<br />
Was the ping successful? Yes<br />
Why?<br />
They have the same VLAN membership.<br />
Step 2. Ping from the host in port 0/5 to the host in port 0/4.<br />
Was the ping successful? Yes<br />
Step 3. Ping from the host in port 0/4 to the switch IP 192.168.1.2.<br />
Was the ping successful? No<br />
Step 4. Ping from the host in port 0/5 to the switch IP 192.168.1.2.<br />
Was the ping successful? No<br />
Why?<br />
They have different VLAN membership.<br />
Task 15: Move the Hosts<br />
Move the host in port 0/4 to port 0/8, wait until the port LED turns green, <strong>and</strong> then go to the next task.<br />
Task 16: Test the VLANs<br />
Step 1. Ping from the host in port 0/4 to the host in port 0/8.<br />
Was the ping successful? No
Why?<br />
They have different VLAN membership.<br />
Step 2. Ping from the host in port 0/8 to the host in port 0/4.<br />
Was the ping successful? No<br />
Step 3. Ping from the host in port 0/4 to the switch IP 192.168.1.2.<br />
Was the ping successful? No<br />
Step 4. Ping from the host in port 0/8 to the switch IP 192.168.1.2.<br />
Was the ping successful? No<br />
After you complete the previous steps, log off (by typing exit) <strong>and</strong> turn all the devices off. Then, remove<br />
<strong>and</strong> store the cables <strong>and</strong> adapter.<br />
Curriculum Lab 8-3: Deleting VLAN Configurations (8.2.6)<br />
Figure 8-4 Topology for Lab 8-3<br />
Table 8-3 Lab Equipment Configuration<br />
Switch Switch Name VLAN 1 IP Address Default Gateway Subnet Mask<br />
Designation IP Address<br />
Switch 1 Switch_A 192.168.1.2 192.168.1.1 255.255.255.0<br />
The enable secret password is class.<br />
The enable, VTY, <strong>and</strong> console password is cisco.<br />
Objectives<br />
■ Create a basic switch configuration <strong>and</strong> verify it.<br />
■ Create two VLANs.<br />
■ Name the VLANs <strong>and</strong> assign multiple member ports to them.<br />
■ Delete VLANs.<br />
■ Underst<strong>and</strong> why it is not possible to delete VLAN 1.<br />
Background/Preparation<br />
FA0/1 FA0/4<br />
Switch 1<br />
Straight-Through Cable<br />
Rollover (Console) Cable<br />
Crossover Cable<br />
Serial Cable<br />
Chapter 8: Virtual LANs 363<br />
When you are managing a switch, the management domain is always VLAN 1. The network administrator’s<br />
workstation must have access to a port in the VLAN 1 management domain. All ports are assigned to<br />
VLAN 1 by default. This lab will help demonstrate how you can use VLANs to separate traffic <strong>and</strong> reduce<br />
broadcast domains.<br />
Cable a network that is similar to the one in Figure 8-4. The 2950 series switch produced the configuration<br />
output in this lab. Another switch might produce different output. You should execute the following steps<br />
on each switch unless you are specifically instructed otherwise.
364 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Instructions are also provided for the 1900 series switch, which initially displays a User Interface Menu.<br />
Select the Comm<strong>and</strong> Line option from the menu to perform the steps for this lab.<br />
Start a HyperTerminal session.<br />
Implement the procedure documented in Appendix B on all switches before you continue with this lab.<br />
Task 1: Configure the Switch<br />
Configure the hostnames <strong>and</strong> passwords, as well as the management VLAN 1 settings for the switch, as<br />
indicated in Table 8-3. If you have problems while performing this configuration, refer to Lab 6-2, “Basic<br />
Switch Configuration.”<br />
Task 2: Configure the Hosts Attached to the Switch<br />
Configure the host to use the same subnet for addresses, masks, <strong>and</strong> the default gateway as the switch.<br />
Task 3: Verify Connectivity<br />
To verify that the hosts <strong>and</strong> switch are correctly configured, ping the switch from the hosts.<br />
Were the pings successful? Yes<br />
If the answer is no, troubleshoot the hosts <strong>and</strong> switch configurations.<br />
Task 4: Display the VLAN Interface Information<br />
On Switch_A, enter the comm<strong>and</strong> show vlan at the privileged EXEC mode prompt.<br />
Switch_A#show vlan<br />
Which ports belong to the default VLAN? All<br />
Switch_A#show vlan<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4<br />
1002 fddi-default act/unsup<br />
1003 token-ring-default act/unsup<br />
1004 fddinet-default act/unsup<br />
1005 trnet-default act/unsup<br />
Fa0/5, Fa0/6, Fa0/7, Fa0/8<br />
Fa0/5, Fa0/6, Fa0/7, Fa0/8<br />
Fa0/13, Fa0/14, Fa0/15, Fa0/16<br />
Fa0/17, Fa0/18, Fa0/19, Fa0/20<br />
Fa0/21, Fa0/22, Fa0/23, Fa0/24<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1 enet 100001 1500 - - - - - 0 0<br />
1002 fddi 101002 1500 - - - - - 0 0<br />
1003 tr 101003 1500 - - - - - 0 0<br />
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0<br />
Remote SPAN VLANs<br />
———————————————————————————————————————<br />
Primary Secondary Type Ports<br />
———- ————- ————————- —————————————————————<br />
Task 5: Create <strong>and</strong> Name Two VLANs<br />
Enter the following comm<strong>and</strong>s to create two named VLANs:<br />
Switch_A#vlan database<br />
Switch_A(vlan)#vlan 2 name VLAN2<br />
Switch_A(vlan)#vlan 3 name VLAN3<br />
Switch_A(config)#exit<br />
1900:<br />
Switch_A#configure terminal<br />
Switch_A(config)#vlan 2 name VLAN2<br />
Switch_A(config)#vlan 3 name VLAN3<br />
Task 6: Assign Ports to VLAN 2<br />
Assigning ports to VLANs must be done from the interface mode. Enter the following comm<strong>and</strong>s to add<br />
ports 4, 5, <strong>and</strong> 6 to VLAN 2:<br />
Switch_A#configure terminal<br />
Switch_A(config)#interface fastethernet 0/4<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 2<br />
Switch_A(config)#interface fastethernet 0/5<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 2<br />
Switch_A(config)#interface fastethernet 0/6<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 2<br />
Switch_A(config-if)#end<br />
1900:<br />
Switch_A#configure terminal<br />
Switch_A(config)#interface Ethernet 0/4<br />
Switch_A(config-if)#vlan static 2<br />
Switch_A(config-if)#interface Ethernet 0/5<br />
Switch_A(config-if)#vlan static 2<br />
Switch_A(config-if)#interface Ethernet 0/6<br />
Switch_A(config-if)#vlan static 2<br />
Switch_A(config)#end<br />
Chapter 8: Virtual LANs 365
366 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 7: Display the VLAN Interface Information<br />
On Switch_A, enter the comm<strong>and</strong> show vlan at the privileged EXEC mode prompt.<br />
Switch_A#show vlan<br />
Are ports 4 through 6 assigned to VLAN 2? Yes<br />
Switch_A#show vlan<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/7<br />
Fa0/8, Fa0/9, Fa0/10, Fa0/11<br />
Fa0/12, Fa0/13, Fa0/14, Fa0/15<br />
Fa0/16, Fa0/17, Fa0/18, Fa0/19<br />
Fa0/20, Fa0/21, Fa0/22, Fa0/23<br />
Fa0/24<br />
2 VLAN2 active Fa0/4, Fa0/5, Fa0/6<br />
3 VLAN3 active<br />
1002 fddi-default act/unsup<br />
1003 token-ring-default act/unsup<br />
1004 fddinet-default act/unsup<br />
1005 trnet-default act/unsup<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1 enet 100001 1500 - - - - - 0 0<br />
2 enet 100002 1500 - - - - - 0 0<br />
3 enet 100003 1500 - - - - - 0 0<br />
1002 fddi 101002 1500 - - - - - 0 0<br />
1003 tr 101003 1500 - - - - - 0 0<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1004 fdnet 101004 1500 - - - ieee - 0 0<br />
1005 trnet 101005 1500 - - - ibm - 0 0<br />
Remote SPAN VLANs<br />
———————————————————————————————————————<br />
Primary Secondary Type Ports<br />
———- ————- ————————- ————————————————————-<br />
Task 8: Assign Ports to VLAN 3<br />
Enter the following comm<strong>and</strong>s to assign ports to VLAN 3:<br />
Switch_A#configure terminal<br />
Switch_A(config)#interface fastethernet 0/7<br />
Switch_A(config-if)#switchport mode access
Switch_A(config-if)#switchport access vlan 3<br />
Switch_A(config)#interface fastethernet 0/8<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 3<br />
Switch_A(config)#interface fastethernet 0/9<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 3<br />
Switch_A(config-if)#end<br />
Task 9: Display the VLAN Interface Information<br />
On Switch_A, enter the comm<strong>and</strong> show vlan at the privileged EXEC mode prompt.<br />
Switch_A#show vlan<br />
Are ports 7 through 9 assigned to VLAN 3? Yes<br />
Switch_A#show vlan<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/10<br />
Fa0/11, Fa0/12, Fa0/13, Fa0/14<br />
Fa0/15, Fa0/16, Fa0/17, Fa0/18<br />
Fa0/19, Fa0/20, Fa0/21, Fa0/22<br />
Fa0/23, Fa0/24<br />
2 VLAN2 active Fa0/4, Fa0/5, Fa0/6<br />
3 VLAN3 active Fa0/7, Fa0/8, Fa0/9<br />
1002 fddi-default act/unsup<br />
1003 token-ring-default act/unsup<br />
1004 fddinet-default act/unsup<br />
1005 trnet-default act/unsup<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1 enet 100001 1500 - - - - - 0 0<br />
2 enet 100002 1500 - - - - - 0 0<br />
3 enet 100003 1500 - - - - - 0 0<br />
1002 fddi 101002 1500 - - - - - 0 0<br />
1003 tr 101003 1500 - - - - - 0 0<br />
1004 fdnet 101004 1500 - - - ieee - 0 0<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1005 trnet 101005 1500 - - - ibm - 0 0<br />
Remote SPAN VLANs<br />
Chapter 8: Virtual LANs 367<br />
———————————————————————————————————————
368 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Primary Secondary Type Ports<br />
———- ————- ————————- —————————————————————<br />
Task 10: Test the VLANs<br />
Step 1. Ping from the host in port 0/4 to the host in port 0/1.<br />
Was the ping successful? No<br />
Why?<br />
The ports have different VLAN membership.<br />
Step 2. Ping from the host in port 0/1 to the host in port 0/4.<br />
Was the ping successful? No<br />
Why?<br />
The ports have different VLAN membership.<br />
Step 3. Ping from the host in port 0/4 to the switch IP 192.168.1.2.<br />
Was the ping successful? No<br />
Why?<br />
The ports have different VLAN membership.<br />
Step 4. Ping from the host in port 0/1 to the switch IP 192.168.1.2.<br />
Was the ping successful? Yes<br />
Why?<br />
The ports are on the same VLAN.<br />
Task 11: Delete a Host from a VLAN<br />
To remove a host from a VLAN, use the no form of the switchport comm<strong>and</strong>s in port interface configuration<br />
mode.<br />
Switch_A#configure terminal<br />
Switch_A(config)#interface fastethernet 0/4<br />
Switch_A(config-if)#no switchport mode access<br />
Switch_A(config-if)#no switchport access vlan 2<br />
1900:<br />
Switch_A#config t<br />
Switch_A(config)#interface Ethernet 0/4<br />
Switch_A(config-if)#no vlan static 2<br />
Switch_A(config-if)#end<br />
Task 12: Display the VLAN Interface Information<br />
On Switch_A, enter the comm<strong>and</strong> show vlan at the privileged EXEC mode prompt.<br />
Switch_A#show vlan<br />
Is port 0/4 removed from VLAN 2? Yes
Switch_A#show vlan<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/10<br />
Fa0/11, Fa0/12, Fa0/13, Fa0/14<br />
Fa0/15, Fa0/16, Fa0/17, Fa0/18<br />
Fa0/19, Fa0/20, Fa0/21, Fa0/22<br />
Fa0/23, Fa0/24<br />
2 VLAN2 active Fa0/5, Fa0/6<br />
3 VLAN3 active Fa0/7, Fa0/8, Fa0/9<br />
1002 fddi-default act/unsup<br />
1003 token-ring-default act/unsup<br />
1004 fddinet-default act/unsup<br />
1005 trnet-default act/unsup<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1 enet 100001 1500 - - - - - 0 0<br />
2 enet 100002 1500 - - - - - 0 0<br />
3 enet 100003 1500 - - - - - 0 0<br />
1002 fddi 101002 1500 - - - - - 0 0<br />
1003 tr 101003 1500 - - - - - 0 0<br />
1004 fdnet 101004 1500 - - - ieee - 0 0<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1005 trnet 101005 1500 - - - ibm - 0 0<br />
Remote SPAN VLANs<br />
———————————————————————————————————————<br />
Primary Secondary Type Ports<br />
———- ————- ————————- —————————————————————<br />
Task 13: Delete a VLAN<br />
To remove an entire VLAN, enter the VLAN database mode <strong>and</strong> use the negative form of the comm<strong>and</strong>.<br />
Switch_A#vlan database<br />
Switch_A(vlan)#no vlan 3<br />
Deleting VLAN 3...<br />
Switch_A(vlan)#exit<br />
1900:<br />
Switch_A#config t<br />
Switch_A(config)#no vlan 3<br />
Switch_A(config)#exit<br />
Chapter 8: Virtual LANs 369
370 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 14: Display the VLAN Interface Information<br />
On Switch_A, enter the comm<strong>and</strong> show vlan at the privileged EXEC mode prompt.<br />
Switch_A#show vlan<br />
Is VLAN 3 removed? Yes<br />
Switch_A#show vlan<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/10<br />
Fa0/11, Fa0/12, Fa0/13, Fa0/14<br />
Fa0/15, Fa0/16, Fa0/17, Fa0/18<br />
Fa0/19, Fa0/20, Fa0/21, Fa0/22<br />
Fa0/23, Fa0/24<br />
2 VLAN2 active Fa0/5, Fa0/6<br />
1002 fddi-default act/unsup<br />
1003 token-ring-default act/unsup<br />
1004 fddinet-default act/unsup<br />
1005 trnet-default act/unsup<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1 enet 100001 1500 - - - - - 0 0<br />
2 enet 100002 1500 - - - - - 0 0<br />
3 enet 100003 1500 - - - - - 0 0<br />
1002 fddi 101002 1500 - - - - - 0 0<br />
1003 tr 101003 1500 - - - - - 0 0<br />
1004 fdnet 101004 1500 - - - ieee - 0 0<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1005 trnet 101005 1500 - - - ibm - 0 0<br />
Remote SPAN VLANs<br />
———————————————————————————————————————<br />
Primary Secondary Type Ports<br />
———- ————- ————————- —————————————————————<br />
What happened to the ports that were released from the VLANs?<br />
They are not assigned to a VLAN.<br />
Task 15: Delete VLAN 1<br />
Try to delete VLAN 1, which is the default VLAN, the same way that you deleted VLAN 3.<br />
Switch_A#vlan database<br />
Switch_A(vlan)#no vlan 1
A default VLAN may not be deleted.<br />
Switch_A(vlan)#exit<br />
1900:<br />
Switch_A#config t<br />
Switch_A(config)#no vlan 1<br />
Switch_A(config)#no vlan 1<br />
^<br />
% Invalid input detected at ‘^’ marker.<br />
Switch_A(config)#exit<br />
Can the default VLAN be deleted? No<br />
After you complete the previous step, log off (by typing exit) <strong>and</strong> turn all the devices off. Then, remove<br />
<strong>and</strong> store the cables <strong>and</strong> adapter.<br />
Challenge Lab 8-4: Static VLANs, STP, <strong>and</strong> Port Security<br />
Figure 8-5 Static VLANs, STP, <strong>and</strong> Port Security<br />
Objectives<br />
■ Create <strong>and</strong> assign VLANs.<br />
■ Configure root bridges for STP.<br />
■ Configure port security.<br />
Equipment<br />
VLAN 1 10.1.0.0/16<br />
VLAN 10 10.10.0.0/16<br />
VLAN 20 10.20.0.0/16<br />
VLAN 30 10.30.0.0/16<br />
VLAN 10<br />
fa0/4<strong>–</strong>8<br />
The topology shown in Figure 8-5 is using 2950 switches.<br />
NetLab Compatibility Notes<br />
VLAN 1: 10.1.0.2<br />
DefGate: 10.1.0.1<br />
SWA<br />
VLAN 20<br />
fa0/9<strong>–</strong>16<br />
This lab is fully compatible with a st<strong>and</strong>ard NetLab Basic Switch Pod although you will not be able to<br />
fully test your VLANs or port security.<br />
Task 1: Cable the Topology <strong>and</strong> Basic Configuration<br />
fa0/2<br />
fa0/3<br />
VLAN 30<br />
fa0/17<strong>–</strong>24<br />
VLAN 10<br />
fa0/4<strong>–</strong>8<br />
Chapter 8: Virtual LANs 371<br />
VLAN 1: 10.1.0.3<br />
DefGate: 10.1.0.1<br />
fa0/2<br />
SWB<br />
fa0/3<br />
VLAN 20<br />
fa0/9<strong>–</strong>16<br />
VLAN 30<br />
fa0/17<strong>–</strong>24<br />
Step 1. Choose two 2950 switches <strong>and</strong> cable them according to the topology. (If using NetLab, choose<br />
a Basic Switch Pod. Portions of this lab will not be verifiable.)
372 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Step 2. Configure the switches according to your instructor’s required basic configurations, including<br />
hostnames, passwords, host tables, banner, <strong>and</strong> lines. Configure each of the switches with the<br />
correct VLAN 1 IP addresses <strong>and</strong> the correct default gateway.<br />
Step 3. Verify connectivity between SWA <strong>and</strong> SWB. Pings should be successful. If not, troubleshoot.<br />
Note: Switches should not be able to ping the router yet.<br />
Task 2: Configure VLANs<br />
Step 1. Configure the following VLANs on both SWA <strong>and</strong> SWB:<br />
■ VLAN 10 is the Accounting VLAN<br />
■ VLAN 20 is the Marketing VLAN<br />
■ VLAN 30 is the Purchasing VLAN<br />
Step 2. Configure the appropriate ports on SWA <strong>and</strong> SWB for trunking with the switchport mode<br />
trunk comm<strong>and</strong>. Verify trunking is properly configured with the show interface trunk comm<strong>and</strong><br />
on both SWA <strong>and</strong> SWB.<br />
SWA#show interface trunk<br />
Port Mode Encapsulation Status Native vlan<br />
Fa0/2 on 802.1q trunking 1<br />
Fa0/3 on 802.1q trunking 1<br />
Port Vlans allowed on trunk<br />
Fa0/2 1-4094<br />
Fa0/3 1-4094<br />
Port Vlans allowed <strong>and</strong> active in management domain<br />
Fa0/2 1,10,20,30<br />
Fa0/3 1,10,20,30<br />
Port Vlans in spanning tree forwarding state <strong>and</strong> not pruned<br />
Fa0/2 1,10,20,30<br />
Fa0/3 1,10,20,30<br />
Step 3. The Fa0/1 port is unused on both SWA <strong>and</strong> SWB. For enhanced security, administratively shut<br />
down this port. Otherwise, the port will activate whenever it detects a device on the other end.<br />
Step 4. Configure access mode on the rest of the ports using the switchport mode access comm<strong>and</strong>.<br />
Assign the access ports to their correct VLAN as specified in the topology.<br />
Step 5. Verify the VLAN configuration on both switches with the show vlan brief comm<strong>and</strong>. Your output<br />
should look similar to the following output:<br />
SWA#show vlan brief<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1<br />
10 Accounting active Fa0/4, Fa0/5, Fa0/6, Fa0/7<br />
Fa0/8<br />
20 Marketing active Fa0/9, Fa0/10, Fa0/11,<br />
Fa0/12<br />
Fa0/13, Fa0/14, Fa0/15,<br />
Fa0/16
30 Purchasing active Fa0/17, Fa0/18, Fa0/19,<br />
Fa0/20<br />
Fa0/21, Fa0/22, Fa0/23,<br />
Fa0/24<br />
1002 fddi-default active<br />
1003 token-ring-default active<br />
1004 fddinet-default active<br />
1005 trnet-default active<br />
Task 3: Configure the Root Bridge for STP<br />
Step 1. For VLANs 1, 10, <strong>and</strong> 30, SWA should always be the root bridge. Configure SWA with a spanning-tree<br />
priority of 4096 for these three VLANs.<br />
For VLAN 20, SWA is to never be the root bridge. Configure SWA with a spanning-tree priority<br />
of 61,440.<br />
What is the default priority?<br />
32768<br />
Why would you want to configure some VLANs with a different STP root bridge?<br />
By using different spanning-tree instances for different VLANs, redundant trunk ports can be<br />
used for forwarding traffic for some VLANs while blocking for others.<br />
Step 2. Verify SWA is the root with the show spanning-tree summary comm<strong>and</strong>. SWA should be listed<br />
as the root bridge, as shown in the following output below:<br />
SWA#show spanning-tree summary<br />
Switch is in pvst mode<br />
Root bridge for: VLAN0001, VLAN0010, VLAN0030<br />
EtherChannel misconfiguration guard is enabled<br />
Extended system ID is enabled<br />
Portfast is disabled by default<br />
PortFast BPDU Guard is disabled by default<br />
Portfast BPDU Filter is disabled by default<br />
Loopguard is disabled by default<br />
UplinkFast is disabled<br />
BackboneFast is disabled<br />
Pathcost method used is short<br />
Chapter 8: Virtual LANs 373<br />
Name Blocking Listening Learning Forwarding STP Active<br />
——————————— ———— ————- ———— ————— —————<br />
VLAN0001 0 0 0 3 3<br />
VLAN0010 0 0 0 3 3<br />
VLAN0020 1 0 0 2 3<br />
VLAN0030 0 0 0 3 3<br />
——————————— ———— ————- ———— ————— —————<br />
4 vlans 1 0 0 11 12<br />
SWB#show spanning-tree summary<br />
Switch is in pvst mode<br />
Root bridge for: VLAN0020<br />
EtherChannel misconfiguration guard is enabled<br />
Extended system ID is enabled<br />
Portfast is disabled by default
374 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
PortFast BPDU Guard is disabled by default<br />
Portfast BPDU Filter is disabled by default<br />
Loopguard is disabled by default<br />
UplinkFast is disabled<br />
BackboneFast is disabled<br />
Pathcost method used is short<br />
Name Blocking Listening Learning Forwarding STP Active<br />
——————————— ———— ————- ———— ————— —————<br />
VLAN0001 1 0 0 1 2<br />
VLAN0010 1 0 0 1 2<br />
VLAN0020 0 0 1 1 2<br />
VLAN0030 1 0 0 1 2<br />
——————————— ———— ————- ———— ————— —————<br />
4 vlans 3 0 1 4 8<br />
Task 4: Configure Port Security<br />
Step 1. Configure the access ports (Fa0/4 through 24) for access mode <strong>and</strong> turn on port security.<br />
Step 2. Enter the comm<strong>and</strong> to make the first MAC address learned “stick” to the port. No other MAC<br />
addresses should be allowed (maximum of one MAC per port).<br />
Step 3. Enter the comm<strong>and</strong> that will automatically shut down the port if a security violation occurs.<br />
Step 4. Verify port security with the show port-security comm<strong>and</strong>. Your output should look similar to<br />
the following output:<br />
SWA#show port-security<br />
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security<br />
Action<br />
(Count) (Count) (Count)<br />
———————————————————————————————————————-<br />
Fa0/4 1 0 0 Shutdown<br />
Fa0/5 1 0 0 Shutdown<br />
Fa0/6 1 0 0 Shutdown<br />
Fa0/7 1 0 0 Shutdown<br />
Fa0/8 1 0 0 Shutdown<br />
Fa0/9 1 0 0 Shutdown<br />
Fa0/10 1 0 0 Shutdown<br />
Fa0/11 1 0 0 Shutdown<br />
Fa0/12 1 0 0 Shutdown<br />
Fa0/13 1 0 0 Shutdown<br />
Fa0/14 1 0 0 Shutdown<br />
Fa0/15 1 0 0 Shutdown<br />
Fa0/16 1 0 0 Shutdown<br />
Fa0/17 1 0 0 Shutdown<br />
Fa0/18 1 0 0 Shutdown<br />
Fa0/19 1 0 0 Shutdown<br />
Fa0/20 1 0 0 Shutdown<br />
Fa0/21 1 0 0 Shutdown<br />
Fa0/22 1 0 0 Shutdown<br />
Fa0/23 1 0 0 Shutdown<br />
Fa0/24 1 0 0 Shutdown<br />
———————————————————————————————————————-
Total Addresses in System : 0<br />
Max Addresses limit in System : 1024<br />
Task 5: Verify VLANs <strong>and</strong> Port Security<br />
Step 1. Test the VLAN configuration by verifying that a host attached to VLAN 10 cannot ping the<br />
hosts of VLAN 20 or VLAN 30.<br />
Step 2. Test the port security configuration by disconnecting a host from a port <strong>and</strong> connecting a different<br />
host to the same port. The port should automatically shut down. How do you, as the<br />
administrator, re-enable the port?<br />
First, reset port security with the clear port-security sticky comm<strong>and</strong>. Second, administratively<br />
disable the port with the shutdown comm<strong>and</strong>. Third, reactivate the port with the no shutdown<br />
comm<strong>and</strong>. The new MAC address will now stick to the configuration.<br />
SWA !—————————————————<br />
!VLAN configurations do not show<br />
!—————————————————<br />
vlan 10<br />
name Accounting<br />
vlan 20<br />
name Marketing<br />
vlan 30<br />
name Purchasing<br />
!—————————————————<br />
!<br />
hostname SWA<br />
!<br />
enable secret class<br />
!<br />
no ip domain-lookup<br />
ip host SWB 10.1.0.3<br />
!<br />
interface FastEthernet0/1<br />
!<br />
shutdown<br />
interface FastEthernet0/2<br />
!<br />
switchport mode trunk<br />
interface FastEthernet0/3<br />
!<br />
switchport mode trunk<br />
interface range FastEthernet0/4 - 8<br />
switchport access vlan 10<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
Chapter 8: Virtual LANs 375
376 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
!The ‘maximum’ comm<strong>and</strong> does not show in configuration<br />
!<br />
switchport port-security maximum 1<br />
interface range FastEthernet0/9 - 16<br />
switchport access vlan 20<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
!The ‘maximum’ comm<strong>and</strong> does not show in configuration<br />
!<br />
switchport port-security maximum 1<br />
interface range FastEthernet0/17 - 24<br />
switchport access vlan 30<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
!The ‘maximum’ comm<strong>and</strong> does not show in configuration<br />
!<br />
switchport port-security maximum 1<br />
interface Vlan1<br />
!<br />
ip address 10.1.0.2 255.255.0.0<br />
no shutdown<br />
ip default-gateway 10.1.0.1<br />
!<br />
banner motd $<br />
***********************************<br />
!!!AUTHORIZED ACCESS ONLY!!!<br />
***********************************<br />
$<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 5 15<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login
!<br />
end<br />
SWB !—————————————————<br />
!VLAN configurations do not show<br />
!—————————————————<br />
vlan 10<br />
name Accounting<br />
vlan 20<br />
name Marketing<br />
vlan 30<br />
name Purchasing<br />
!—————————————————<br />
!<br />
hostname SWB<br />
!<br />
enable secret class<br />
!<br />
no ip domain-lookup<br />
ip host SWA 10.1.0.2<br />
!<br />
interface FastEthernet0/1<br />
!<br />
shutdown<br />
interface FastEthernet0/2<br />
!<br />
switchport mode trunk<br />
interface FastEthernet0/3<br />
!<br />
switchport mode trunk<br />
interface range FastEthernet0/4 - 8<br />
switchport access vlan 10<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
!The ‘maximum’ comm<strong>and</strong> does not show in configuration<br />
!<br />
switchport port-security maximum 1<br />
interface range FastEthernet0/9 - 16<br />
switchport access vlan 20<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
!The ‘maximum’ comm<strong>and</strong> does not show in configuration<br />
switchport port-security maximum 1<br />
Chapter 8: Virtual LANs 377
378 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
!<br />
interface range FastEthernet0/17 - 24<br />
switchport access vlan 30<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
!The ‘maximum’ comm<strong>and</strong> does not show in configuration<br />
!<br />
switchport port-security maximum 1<br />
interface Vlan1<br />
!<br />
ip address 10.1.0.3 255.255.0.0<br />
no shutdown<br />
ip default-gateway 10.1.0.1<br />
!<br />
banner motd $<br />
***********************************<br />
!!!AUTHORIZED ACCESS ONLY!!!<br />
***********************************<br />
$<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 5 15<br />
!<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
end
CHAPTER 9<br />
VLAN Trunking Protocol<br />
The <strong>Study</strong> <strong>Guide</strong> portion of this chapter uses a combination of fill in the blank, open-ended question, <strong>and</strong><br />
unique custom exercises to test your knowledge on the theory of VLAN Trunking Protocol.<br />
The Lab Exercises portion of this chapter includes all of the online curriculum labs as well as a comprehensive<br />
lab <strong>and</strong> a challenge lab to ensure that you have mastered the practical, h<strong>and</strong>s-on skills needed<br />
about VTP.
380 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
<strong>Study</strong> <strong>Guide</strong><br />
Trunking<br />
For the purposes of this chapter, a trunk is a physical <strong>and</strong> logical connection between two switches across<br />
which network traffic travels. In a switched network, a trunk is a point-to-point link that supports several<br />
VLANs. The purpose of a trunk is to conserve ports when a link between two devices that implement<br />
VLANs is created.<br />
In this section, you work through exercises that review trunking, the concept of frame tagging, <strong>and</strong> basic<br />
trunk configuration.<br />
Vocabulary Exercise: Completion<br />
Directions: Complete the paragraphs that follow by filling in appropriate words <strong>and</strong> phrases.<br />
Two switches directly connected can send <strong>and</strong> receive traffic for multiple VLANs across a trunk link. The<br />
term trunk originated in the telephone industry to describe a link used to carry multiple conversations. In<br />
switching technologies, you need to identify which VLAN a frame belongs to. To make this identification<br />
possible, switches can use one of two major methods of frame tagging: Inter-Switch Link (ISL), a Cisco<br />
proprietary protocol that used to be the most common, <strong>and</strong> IEEE 802.1q, which is now the st<strong>and</strong>ard for<br />
frame tagging. Newer Cisco IOS Software Releases do not even support ISL anymore. It is important to<br />
underst<strong>and</strong> that a trunk link does not belong to a specific VLAN. A trunk link is a conduit for VLANs<br />
between switches <strong>and</strong> routers.<br />
With ISL, an Ethernet frame is encapsulated with an additional header that contains a VLAN ID. With<br />
IEEE 802.1q, a tag containing the VLAN ID is embedded into the Ethernet frame.<br />
A port can be configured as a trunk port, an access port, or a dynamic port. Trunk links should be manually<br />
configured, although the Cisco IOS will, by default, detect a trunk link because all ports are set to<br />
dynamic desirable. Record the comm<strong>and</strong>, including correct prompt, to configure a port for trunking.<br />
Switch(config-if)#switchport mode trunk<br />
For the 1900 series switches <strong>and</strong> the 2950 series switches, you do not have to configure the encapsulation<br />
type on a trunk link. However, if you are using a 2900 series switch, which supports both ISL <strong>and</strong> IEEE<br />
802.1q, then you have to configure the encapsulation type. Record the comm<strong>and</strong>, including correct prompt,<br />
to configure a port to use ISL encapsulation.<br />
Switch(config-if)#switchport trunk encapsulation isl<br />
Note: If you are not sure about this comm<strong>and</strong>, check Curriculum Lab 9-1, “Trunking with ISL (9.1.5a).”<br />
Now record the comm<strong>and</strong>, including correct prompt, to configure a port to use IEEE 802.1q encapsulation.<br />
Switch(config-if)#switchport trunk encapsulation dot1q<br />
If your switch is a 2950 series, you do not configure the encapsulation type. The comm<strong>and</strong> is not even<br />
available. However, when configuring a router with a VLAN trunk to a switch, you must specify the<br />
encapsulation type because the router IOS does not auto-detect it. These comm<strong>and</strong>s are reviewed later in<br />
the chapter, in the section, “Inter-VLAN Routing Overview.”
Chapter 9: VLAN Trunking Protocol 381<br />
To quickly verify trunking, you can use the show interface trunk comm<strong>and</strong> to display output similar to the<br />
following:<br />
Port Mode Encapsulation Status Native vlan<br />
Fa0/1 on 802.1q trunking 1<br />
Fa0/2 on 802.1q trunking 1<br />
Fa0/3 on 802.1q trunking 1<br />
Port Vlans allowed on trunk<br />
Fa0/1 1-4094<br />
Fa0/2 1-4094<br />
Fa0/3 1-4094<br />
Port Vlans allowed <strong>and</strong> active in management domain<br />
Fa0/1 1,10,20,30<br />
Fa0/2 1,10,20,30<br />
Fa0/3 1,10,20,30<br />
Port Vlans in spanning tree forwarding state <strong>and</strong> not pruned<br />
Fa0/1 1,10,20,30<br />
Fa0/2 1,10,20,30<br />
Fa0/3 1,10,30<br />
You can also view more specific information about a port by using the show interface fa0/1 switchport<br />
comm<strong>and</strong> to display output similar to the following:<br />
Name: Fa0/1<br />
Switchport: Enabled<br />
Administrative Mode: trunk<br />
Operational Mode: trunk<br />
Administrative Trunking Encapsulation: dot1q<br />
Operational Trunking Encapsulation: dot1q<br />
Negotiation of Trunking: On<br />
Access Mode VLAN: 1 (default)<br />
Trunking Native Mode VLAN: 1 (default)<br />
Administrative private-vlan host-association: none<br />
Administrative private-vlan mapping: none<br />
Operational private-vlan: none<br />
Trunking VLANs Enabled: ALL<br />
Pruning VLANs Enabled: 2-1001<br />
Protected: false<br />
Voice VLAN: none (Inactive)<br />
Appliance trust: none
382 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Basic Trunk Configuration Exercise<br />
Use Figure 9-1 to answer the following configuration scenario questions.<br />
Figure 9-1 Basic Trunk Configuration<br />
SWA <strong>and</strong> SWB are both 1900 switches. Record the comm<strong>and</strong> or comm<strong>and</strong>s, including prompt, needed to<br />
set the Fa0/2 <strong>and</strong> Fa0/3 interfaces to trunking. If necessary, specify ISL as the encapsulation. You may<br />
need to research the answer for this question. Try your favorite search engine or Cisco.com.<br />
Switch(config)#interface fa 0/2<br />
Switch(config-if)#trunk on<br />
Switch(config)#interface fa 0/3<br />
Switch(config-if)#trunk on<br />
!Trunk configuration is always ISL so no configuration needed<br />
SWA <strong>and</strong> SWB are both 2900 switches. Record the comm<strong>and</strong> or comm<strong>and</strong>s, including prompt, needed to<br />
set the Fa0/2 <strong>and</strong> Fa0/3 interfaces to trunking. If necessary, specify ISL as the encapsulation.<br />
Switch(config)#interface fa 0/2<br />
Switch(config-if)#switchport mode trunk<br />
Switch(config-if)#switchport trunk encapsulation isl<br />
Switch(config)#interface fa 0/3<br />
Switch(config-if)#switchport mode trunk<br />
Switch(config-if)#switchport trunk encapsulation isl<br />
SWA <strong>and</strong> SWB are both 2950 switches. Record the comm<strong>and</strong> or comm<strong>and</strong>s, including prompt, needed to<br />
set the Fa0/2 <strong>and</strong> Fa0/3 interfaces to trunking. If necessary, specify IEEE 802.1q as the encapsulation.<br />
VTP<br />
000e.385d.e380<br />
Priority: Default<br />
SWA<br />
Switch(config)#interface fa 0/2<br />
Switch(config-if)#switchport mode trunk<br />
Switch(config)#interface fa 0/3<br />
fa0/2<br />
fa0/3<br />
Switch(config-if)#switchport mode trunk<br />
!Trunk configuration is always IEEE 802.1q so no configuration needed<br />
Which switch is the STP root bridge <strong>and</strong> why?<br />
000d.6562.e380<br />
Priority: Default<br />
SWB is the STP root bridge, because it has the lowest MAC address.<br />
VTP was created by Cisco to solve operational problems in a switched network with VLANs. It is a Cisco<br />
proprietary protocol. With VTP, VLAN configuration is consistently maintained across a common administrative<br />
domain. Additionally, VTP reduces management <strong>and</strong> monitoring complexities of networks with<br />
VLANs.<br />
In this section, you will work through exercises that cover the basic concepts <strong>and</strong> configurations of VTP.<br />
You will also find several concept questions to answer. A lesson from Cisco.com will round out your study<br />
of VTP.<br />
fa0/2<br />
fa0/3<br />
SWB
Vocabulary Exercise: Completion<br />
Directions: Complete the paragraphs that follow by filling in appropriate words <strong>and</strong> phrases.<br />
The role of VLAN Trunking Protocol, or VTP, is to maintain VLAN configuration consistency across a<br />
common network administration domain. Although switch ports are normally assigned to only a single<br />
VLAN, trunk ports by default carry frames from all VLANs.<br />
Switches can operate in one of three VTP modes. The default mode is VTP server. A switch operating in<br />
VTP server mode propagates configuration changes as VTP messages across trunk links to all connected<br />
switches in the network. Switches that are in VTP client mode <strong>and</strong> share the same domain name <strong>and</strong> password<br />
as the server use VTP messages to adjust the local VLAN database. Switches that are in VTP transparent<br />
mode do not use VTP messages. However, a switch in this mode forwards the VTP messages out all<br />
trunk links except for the link the messages were originally received on. In addition, a switch in transparent<br />
mode can create, modify, <strong>and</strong> delete its own local VLANs. Provide the missing information in Table 9-1.<br />
Table 9-1 VTP Mode Comparisons<br />
Feature Server Mode Client Mode Transparent Mode<br />
Source VTP messages Yes Yes No<br />
Listen to VTP messages Yes Yes No<br />
Create VLANs Yes No Yes 1<br />
Remember VLANs Yes No Yes 1<br />
1. Locally significant only.<br />
Before the VTP server will propagate VTP messages, it must be configured with a VTP domain name. The<br />
default name is null. Because all switches are in VTP server mode by default, there must be a method to<br />
determine which VLAN database will have priority. This is done through the concept of a configuration<br />
revision number, which is 0 when the switch first boots. Each time a VLAN is added, deleted, or modified<br />
by the VTP server, the configuration revision number is incremented <strong>and</strong> a VTP message is sent out all<br />
trunk ports. If more than one VTP server exists in the same VTP domain, then messages from the server<br />
with the highest configuration revision number take precedence over all other messages. As a precaution<br />
against misconfigurations, it is always a good idea to configure both VTP servers <strong>and</strong> VTP clients with a<br />
VTP password.<br />
VTP Basic Configuration Exercise<br />
Use Figure 9-2 to answer the following configuration scenario questions.<br />
Figure 9-2 VTP Basic Configuration<br />
You want to configure local VLANs on SWB that will not be propagated to SWA or SWC. In addition,<br />
you do not want SWB to apply any VLANs created by SWA or SWC. Therefore, you need to configure<br />
SWB to be in VTP transparent mode. Record the comm<strong>and</strong>s, including prompt, to configure SWB in this<br />
mode.<br />
Switch#vlan database<br />
Switch(vlan)#vtp transparent<br />
!or<br />
SWA<br />
Domain: <strong>CCNA</strong>3<br />
Server Transparent<br />
SWB<br />
Chapter 9: VLAN Trunking Protocol 383<br />
SWC<br />
Client
384 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Switch#config t<br />
Switch(config)#vtp mode transparent<br />
All your domain-wide VLANs are going to be created on SWA <strong>and</strong> propagated throughout the domain.<br />
Therefore, you need to configure SWA to be in VTP server mode. Record the comm<strong>and</strong>s, including<br />
prompt, to configure SWA in this mode.<br />
Switch#vlan database<br />
Switch(vlan)#vtp server<br />
!or<br />
Switch#config t<br />
Switch(config)#vtp mode server<br />
You do not want SWC to inadvertently be able to create VLANs. Therefore, you need to configure SWC<br />
to be in VTP client mode. Record the comm<strong>and</strong>s, including prompt, to configure SWC in this mode.<br />
Switch#vlan database<br />
Switch(vlan)#vtp client<br />
!or<br />
Switch#config t<br />
Switch(config)#vtp mode client<br />
Are there any problems with your configuration? Will SWC update its VLANs when SWA makes VLAN<br />
changes? Explain any problems <strong>and</strong> how to fix them.<br />
You need to make sure that SWC has a lower configuration revision number than SWA or it will disregard<br />
any VTP messages sent by SWA. You can verify that SWC has a lower revision number by using the show<br />
vtp status comm<strong>and</strong> on both switches. However, it is best to delete the VLAN database <strong>and</strong> then reload the<br />
switch:<br />
SWC#delete flash:vlan.dat<br />
Because SWB is in transparent mode, SWC will receive all VTP messages from SWA. However, no<br />
VLAN updates will occur until the domain name has been specified on switches wishing to participate in<br />
the domain. The following comm<strong>and</strong> needs to be entered on both SWA <strong>and</strong> SWC:<br />
Switch#vlan database<br />
Switch(vlan)#vtp domain <strong>CCNA</strong>3<br />
!or<br />
Switch#config t<br />
Switch(config)#vtp domain <strong>CCNA</strong>3<br />
Concept Questions<br />
Explain why VTP was developed by Cisco to solve operational problems in a switched network with<br />
VLANs.<br />
With VTP, VLAN configuration consistency is maintained across a common administration domain.<br />
Additionally, VTP reduces the complexity of managing <strong>and</strong> monitoring VLAN networks. A network engineer<br />
can make changes on a central switch <strong>and</strong> have those changes automatically communicated to all<br />
other switches in the same domain.<br />
List the two main types of VTP advertisements.<br />
Requests from clients that want information at bootup <strong>and</strong> responses from servers are the two main types<br />
of VTP advertisements.
List <strong>and</strong> describe the three types of VTP messages.<br />
■ Advertisement requests—Clients request VLAN information <strong>and</strong> the server responds with summary<br />
<strong>and</strong> subset advertisements.<br />
■ Summary advertisements—Sent by clients <strong>and</strong> servers every 5 minutes. If the switch receives a revision<br />
number that is higher than the current revision number in that switch, it issues an advertisement<br />
request for new VLAN information.<br />
■ Subset advertisements—Detailed information about VLANs such as VTP version type, domain name<br />
<strong>and</strong> related fields, <strong>and</strong> the configuration revision number.<br />
List at least three actions that can trigger a server to send subset advertisements.<br />
■ Create a VLAN<br />
■ Delete a VLAN<br />
■ Suspend a VLAN<br />
■ Change the name of a VLAN<br />
■ Change the MTU of a VLAN<br />
Internet Research: VTP<br />
At Cisco.com, you will find a very thorough review of VTP including information not covered in this<br />
chapter. Use the following link to access this VTP lesson online:<br />
http://www.cisco.com/warp/public/473/vtp_flash/<br />
When you are done, answer the questions that follow.<br />
Introduction to VTP<br />
VTP is a Layer 2 messaging protocol used to maintain VLAN configuration consistency by managing the<br />
addition, deletion, <strong>and</strong> renaming of VLANs on a network-wide basis.<br />
In a network with six switches <strong>and</strong> VLANs that are shared across switches, what would you have to do if<br />
you did not use VTP?<br />
Manually configure <strong>and</strong> maintain the VLANs on every switch.<br />
A VTP frame consists of a VTP header <strong>and</strong> a VTP message type. The VTP information is inserted in the<br />
data portion of an Ethernet frame.<br />
What kind of address do VTP messages use?<br />
VTP messages use a reserved multicast address.<br />
How often are summary advertisements sent <strong>and</strong> what is their purpose?<br />
Summary advertisements are sent every 5 minutes by servers <strong>and</strong> clients to inform other switches in the<br />
domain of what they believe the current configuration revision number to be. They are also sent when a<br />
configuration change is made.<br />
What does an advertisement request cause to happen?<br />
Chapter 9: VLAN Trunking Protocol 385<br />
An advertisement request causes the server to send both a summary <strong>and</strong> subset advertisements.
386 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
VTP Domain <strong>and</strong> VTP Modes<br />
When a switch has been cleared <strong>and</strong> rebooted, it has the following VTP configuration:<br />
■ VTP Domain Name = null<br />
■ VTP Mode = Server<br />
■ Configuration Revision = 0<br />
■ VLANs = 1<br />
The VTP server can add, delete, or rename VLANs. It also advertises the domain name, VLAN configuration,<br />
<strong>and</strong> configuration revision number to all other switches in the VTP domain. It also maintains a list of<br />
all VLANs in NVRAM so that it can retrieve this information if the switch is reset.<br />
A VTP client cannot add, delete, or rename VLANs. It does not store VLANs in NVRAM.<br />
Switches in VTP transparent mode must have their VLANs configured manually. They do not participate<br />
in VTP or advertise their VLAN configuration. When is it useful to configure a switch in this mode?<br />
When you want to manually configure VLANs or when VLANs are only locally significant <strong>and</strong> do not<br />
span the rest of the network.<br />
Before VLANs will be advertised by the VTP server, you must configure a domain name.<br />
Assume that VLANs 10, 20, <strong>and</strong> 30 have been added to a VTP server with appropriate names. What is the<br />
configuration revision number? 3<br />
Now assume that the name for VLAN 10 is changed, VLAN 30 is deleted, <strong>and</strong> VLAN 40 is added. What is<br />
the configuration revision number? 6<br />
List the three types of trunk links that VTP messages will be sent across.<br />
ISL, 802.1q, <strong>and</strong> LANE trunks<br />
What MAC address are VTP messages sent to?<br />
Multicast MAC 01-00-0C-CC-CC-CC<br />
Assume that you configure six VLANs on a VTP transparent switch. What would be the configuration<br />
revision number? 0<br />
The configuration revision number is not incremented in transparent mode.<br />
It what situations will a VTP transparent switch forward VTP messages to other switches.<br />
When it is configured in the same domain as the server or when it is configured in the null domain.<br />
Common VTP Issues<br />
Assuming that a new switch was configured with the correct domain name, what would happen if you<br />
were to add a VTP client or server switch with a higher configuration revision number to the network?<br />
As soon as a trunk link is established with the new switch, it will send out a summary advertisement. The<br />
other switches in the network will note the higher configuration revision number <strong>and</strong> send advertisement<br />
requests to the new switch. The new switch will then send out summary <strong>and</strong> subset advertisements with<br />
the VLAN configuration. All other switches will delete any existing VLAN configuration <strong>and</strong> update their<br />
VLANs with the VLANs advertised by the new switch. They will also update their configuration revision<br />
number. This scenario will occur regardless of whether the new switch is in client or server mode.
List three possible ways to reset the configuration revision number on a switch. (Only two methods are<br />
discussed in the presentation. Can you think of another way?)<br />
The quickest way to reset a configuration revision number is to temporarily set the VTP mode to transparent.<br />
You could also temporarily change the domain name. A third way is to delete the vlan.dat file <strong>and</strong><br />
reload the switch.<br />
Internet Research: VTP Pruning<br />
There will be a lot of traffic on a large switched network with VLANs that span multiple switches. VTP<br />
pruning is a method of reducing traffic. Research VTP pruning <strong>and</strong> briefly describe what it is, how it operates,<br />
<strong>and</strong> what configuration comm<strong>and</strong>s, if any, you would use. Make sure to list your sources.<br />
If the student simply enters “vtp pruning” in the Google search engine, one of the first links should be<br />
Cisco.com. Encourage students to use the Cisco.com explanation as their primary source of information,<br />
especially when learning about a Cisco proprietary technology like VTP. However, also encourage them to<br />
explore third-party explanations that might come at a difficult topic from a different perspective.<br />
The following link provides the Cisco.com discussion of VTP pruning:<br />
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_4_2/config/vlans.htm<br />
The following links are helpful third-party sources:<br />
http://www.certificationzone.com/cisco/newsletter/SL/nla_11-30-04_newage.html<br />
http://www.firewall.cx/vlans-vtp-pruning.php<br />
http://www.networknewz.com/2004/0317.html<br />
Inter-VLAN Routing Overview<br />
Inter-VLAN communication cannot occur without a Layer 3 device, such as a router. You will use ISL or<br />
IEEE 802.1q to enable trunking on a router subinterface. In this section, you will briefly review the concept<br />
of inter-VLAN routing. Then, you will work through a inter-VLAN routing configuration exercise.<br />
Vocabulary Exercise: Completion<br />
Chapter 9: VLAN Trunking Protocol 387<br />
Directions: Complete the paragraphs that follow by filling in appropriate words <strong>and</strong> phrases.<br />
Inter-VLAN communication crosses broadcast domains. When a host in one broadcast domain wishes to<br />
communicate with a host in another broadcast domain, you must use a router. When connecting a router to<br />
a switched network with multiple VLANs, one interface is needed per VLAN because each is on its own<br />
logical network or subnet. You can reduce the number of physical interfaces needed to route VLANs by<br />
using a trunk link between the switch <strong>and</strong> router. You achieve logical division of a physical interface by<br />
implementing subinterfaces. One subinterface would be configured per VLAN. Each subinterface would<br />
also be configured with an IP address from a separate logical subnet.
388 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Basic Inter-VLAN Configuration Exercise<br />
Use Figure 9-3 to answer the following configuration scenario questions.<br />
Figure 9-3 Basic Inter-VLAN Configuration<br />
What does a router like RTA require in order to route between VLANs?<br />
It requires a Fast Ethernet interface <strong>and</strong> an IOS that supports inter-VLAN routing.<br />
Record the comm<strong>and</strong>s, including prompt, to configure RTA to route for all the VLANs shown in Figure 9-<br />
3. Use IEEE 802.1q encapsulation. Describe all interfaces <strong>and</strong> make sure you append the word native to<br />
the end of the encapsulation configuration for VLAN 1. Use the first available IP address in each network.<br />
RTA(config)#interface FastEthernet 0<br />
! Activate the physical interface if it won’t come up<br />
RTA(config-if)#no shutdown<br />
VLAN 1 192.168.1.0/24<br />
VLAN 100 192.168.100.0/24<br />
VLAN 200 192.168.200.0/24<br />
VLAN 300 192.168.300.0/24<br />
! Configure the Management VLAN 1. Don’t forget ‘native’<br />
RTA(config-if)#interface FastEthernet 0.1<br />
RTA(config-subif)#description Management VLAN 1<br />
RTA(config-subif)#encapsulation dot1Q 1 native<br />
RTA(config-subif)#ip address 192.168.1.1 255.255.255.0<br />
! Configure routing for VLAN 100<br />
RTA(config-subif)#interface FastEthernet0.100<br />
RTA(config-subif)#description Accounting VLAN 100<br />
RTA(config-subif)#encapsulation dot1Q 100<br />
RTA(config-subif)#ip address 192.168.100.1 255.255.255.0<br />
! Configure routing for VLAN 200<br />
RTA(config-subif)#interface FastEthernet0.200<br />
RTA(config-subif)#description Marketing VLAN 200<br />
RTA(config-subif)#encapsulation dot1Q 200<br />
RTA(config-subif)#ip address 192.168.200.1 255.255.255.0<br />
! Configure routing for VLAN 300<br />
VLAN 100<br />
Accounting<br />
RTA(config-subif)#interface FastEthernet0.300<br />
RTA(config-subif)#description Purchasing VLAN 300<br />
RTA(config-subif)#encapsulation dot1Q 300<br />
RTA<br />
fa0<br />
SWA<br />
VLAN 200<br />
Marketing<br />
RTA(config-subif)#ip address 192.168.300.1 255.255.255.0<br />
VLAN 300<br />
Purchasing
Lab Exercises<br />
Comm<strong>and</strong> Reference<br />
In the table that follows, record the comm<strong>and</strong>, including the correct switch prompt, that fits the description<br />
for a 1900 Catalyst switch.<br />
1900 Switch Comm<strong>and</strong> Description<br />
Switch(config)#interface fa 0/26<br />
Switch(config-if)#trunk on Turns port to trunking mode<br />
Switch#show trunk A Displays trunking information about port 0/26, which is<br />
trunk A<br />
Switch(config)#vtp client Changes the switch to client mode<br />
Switch(config)#vtp server Changes the switch to server mode<br />
Switch(config)#vtp transparent Changes the switch to transparent mode<br />
Switch(config)#vtp domain <strong>CCNA</strong>3 Sets the name of the VTP management domain to <strong>CCNA</strong>3<br />
Switch(config)#vtp password cisco Set the VTP password to cisco<br />
Switch#show vtp Displays all VTP information<br />
In the table that follows, record the comm<strong>and</strong>, including the correct switch prompt, that fits the description<br />
for a 2900 Catalyst switch. When appropriate, use VLAN database configuration mode.<br />
2900 Switch Comm<strong>and</strong> Description<br />
Switch(config)#interface fa 0/1<br />
Switch(config-if)#switchport mode trunk Turns port to trunking mode<br />
Switch(config-if)#switchport trunk encapsulation isl Sets encapsulation type to ISL<br />
Switch(config-if)#switchport trunk encapsulation dot1q Sets encapsulation type to Dot1Q—<br />
the default encapsulation type<br />
Switch#vlan database Enters VLAN database mode<br />
Switch(vlan)#vtp client Changes the switch to client mode<br />
Switch(vlan)#vtp server Changes the switch to server mode<br />
Switch(vlan)#vtp transparent Changes the switch to transparent mode<br />
Switch(vlan)#vtp domain <strong>CCNA</strong>3 Sets the name of the VTP management<br />
domain to <strong>CCNA</strong>3<br />
Switch(vlan)#vtp password cisco Set the VTP password to cisco<br />
Switch(vlan)#vtp v2-mode Sets VTP mode to version 2<br />
Switch(vlan)#vtp pruning Enables VTP pruning<br />
Chapter 9: VLAN Trunking Protocol 389<br />
Switch(vlan)#exit Applies the VLAN database changes <strong>and</strong><br />
exits the mode
390 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
In the table that follows, record the comm<strong>and</strong>, including the correct switch prompt, that fits the description<br />
for a 2950 Catalyst switch. When appropriate, use global configuration mode. Do not use VLAN database<br />
configuration mode.<br />
2950 Switch Comm<strong>and</strong> Description<br />
Switch(config)#interface fa 0/1<br />
Switch(config-if)#switchport mode trunk Turns port to trunking mode<br />
Switch#show int fa 0/1 switchport Shows the status of interface Fa0/1, including trunking<br />
information (works with both 2900 <strong>and</strong> 2950 switches)<br />
Switch(config)#vtp mode client Changes the switch to client mode<br />
Switch(config)#vtp mode server Changes the switch to server mode<br />
Switch(config)#vtp mode transparent Changes the switch to transparent mode<br />
Switch(config)#vtp domain <strong>CCNA</strong>3 Sets the name of the VTP management domain to <strong>CCNA</strong>3<br />
Switch(config)#vtp password cisco Set the VTP password to cisco<br />
Switch(config)#vtp v2-mode Sets VTP mode to version 2<br />
Switch(config)#vtp pruning Enables VTP pruning<br />
Switch#show vtp status Displays VTP domain status (works with both 2900 <strong>and</strong><br />
2950 switches)<br />
Switch#show vtp counters Displays VTP statistics (works with both 2900 <strong>and</strong> 2950<br />
switches)<br />
In the table that follows, record the comm<strong>and</strong>, including the correct router prompt, that fits the description<br />
for a 2600 series router.<br />
2600 Comm<strong>and</strong> Description<br />
Router(config)#int fa0/0 Enters interface mode for interface Fa0/0<br />
Router(config-if)#no shutdown Turns on the interface<br />
Router(config-if)#int fa 0/0.1 Creates subinterface 0/0.1<br />
Router(config-subif)#encapsulation dot1q 1 native Assigns the native VLAN to this logical<br />
subinterface using Dot1Q encapsulation<br />
Router(config-subif)#ip address 192.168.1.1 255.255.255.0 Assigns the IP address 192.168.1.1/24 to<br />
this logical interface<br />
Router(config-subif)#int fa0/0.10 Creates subinterface 0/0.10<br />
Router(config-subif)#encapsulation dot1q 10 Assigns VLAN 10 to this logical interface<br />
using Dot1Q encapsulation<br />
Router(config-subif)#ip address 192.168.10.1 255.255.255.0 Assigns the IP address 192.168.10.1/24 to<br />
this logical interface
Curriculum Lab 9-1: Trunking with ISL (9.1.5a)<br />
Figure 9-4 Topology for Lab 9-1<br />
Table 9-2 Lab Equipment Configuration<br />
Switch Switch Name VLAN 1 IP Address VLAN Names Switch Port<br />
Designation <strong>and</strong> Numbers Assignments<br />
Switch 1 Switch_A 192.168.1.2 VLAN 1 Native Fa0/2<strong>–</strong>0/3<br />
VLAN 10 Accounting Fa0/4<strong>–</strong>0/6<br />
VLAN 20 Marketing Fa0/7<strong>–</strong>0/9<br />
VLAN 30 Engineering Fa0/10<strong>–</strong>0/12<br />
Switch 2 Switch_B 192.168.1.3 VLAN 1 Native Fa0/2<strong>–</strong>0/3<br />
VLAN 10 Accounting Fa0/4<strong>–</strong>0/6<br />
VLAN 20 Marketing Fa0/7<strong>–</strong>0/9<br />
VLAN 30 Engineering Fa0/10<strong>–</strong>0/12<br />
The enable secret password for both routers is class.<br />
The enable, VTY, <strong>and</strong> console password for both routers is cisco.<br />
The subnet mask for both routers is 255.255.255.0.<br />
Objectives<br />
FA0/1 FA0/1<br />
FA0/12 Trunk 802.1q<br />
FA0/12<br />
Switch 1 Switch 2<br />
Straight-Through Cable<br />
Crossover Cable<br />
Rollover (Console) Cable<br />
Serial Cable<br />
■ Create a basic switch configuration <strong>and</strong> verify it.<br />
■ Create multiple VLANs, name them, <strong>and</strong> assign multiple member ports to them.<br />
Chapter 9: VLAN Trunking Protocol 391<br />
■ Create an ISL trunk line between the two switches to allow communication between paired VLANs.<br />
■ Test the VLANs’ functionality by moving a workstation from one VLAN to another.
392 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Background/Preparation<br />
Important Note: The use of Catalyst 2950 switches is not appropriate for this lab, because those switches support<br />
only 802.1q trunking.<br />
Trunking changes the formatting of the packets. The ports need to be in agreement as to which format is<br />
being used to transmit data on the trunk, or no data will be passed. If different trunking encapsulation<br />
occurs on the two ends of the link, they will not able to communicate. A similar situation will occur if one<br />
of your ports is configured in trunking mode (unconditionally) <strong>and</strong> the other one is in access mode (unconditionally).<br />
When you are managing a switch, the management domain is always VLAN 1. The network administrator’s<br />
workstation must have access to a port in the VLAN 1 management domain. All ports are assigned to<br />
VLAN 1 by default. This lab will help demonstrate how you can use VLANs to separate traffic <strong>and</strong> reduce<br />
broadcast domains.<br />
Cable a network that is similar to the one in Figure 9-4. The configuration output used in this lab is produced<br />
from a 2900 switch. Another switch might produce different output. You should execute the following<br />
steps on each switch unless you are specifically instructed otherwise.<br />
Start a HyperTerminal session.<br />
Implement the procedure documented in Appendix B, “Erasing <strong>and</strong> Reloading the Switch,” before you<br />
continue with this lab.<br />
Task 1: Configure the Switch<br />
Configure the hostname, access, <strong>and</strong> comm<strong>and</strong> mode passwords, as well as the management LAN settings.<br />
These values are shown in Table 9-2. If you have problems while performing this configuration, refer to<br />
Lab 6-2, “Basic Switch Configuration.”<br />
Task 2: Configure the Hosts Attached to the Switch<br />
Configure the host to use the same subnet for addresses, masks, <strong>and</strong> the default gateway as the switch.<br />
Task 3: Verify Connectivity<br />
To verify that the hosts <strong>and</strong> switch are correctly configured, ping the switch from the hosts.<br />
Were the pings successful? Yes<br />
If the answer is no, troubleshoot the hosts <strong>and</strong> switch configurations.<br />
Task 4: Display the VLAN Interface Information<br />
On Switch_A, enter the comm<strong>and</strong> show vlan at the privileged EXEC mode prompt.<br />
Switch_A#show vlan<br />
Switch_A#show vlan<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4<br />
Fa0/5, Fa0/6, Fa0/7, Fa0/8<br />
Fa0/5, Fa0/6, Fa0/7, Fa0/8<br />
Fa0/13, Fa0/14, Fa0/15, Fa0/16
1002 fddi-default act/unsup<br />
1003 token-ring-default act/unsup<br />
1004 fddinet-default act/unsup<br />
1005 trnet-default act/unsup<br />
Fa0/17, Fa0/18, Fa0/19, Fa0/20<br />
Fa0/21, Fa0/22, Fa0/23, Fa0/24<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1 enet 100001 1500 - - - - - 0 0<br />
1002 fddi 101002 1500 - - - - - 0 0<br />
1003 tr 101003 1500 - - - - - 0 0<br />
1004 fdnet 101004 1500 - - - ieee - 0 0<br />
1005 trnet 101005 1500 - - - ibm - 0 0<br />
Remote SPAN VLANs<br />
———————————————————————————————————————<br />
Primary Secondary Type Ports<br />
———- ————- ————————- —————————————————————<br />
Task 5: Create <strong>and</strong> Name Three VLANs<br />
Use the following comm<strong>and</strong>s to create three named VLANs:<br />
2900 Switch<br />
Switch_A#vlan database<br />
Switch_A(vlan)#vlan 10 name Accounting<br />
Switch_A(vlan)#vlan 20 name Marketing<br />
Switch_A(vlan)#vlan 30 name Engineering<br />
Switch_A(config)#exit<br />
2950 Switch<br />
Switch_A#configure terminal<br />
Switch_A(config)#vlan 10<br />
Switch_A(config-vlan)#name Accounting<br />
Switch_A(config-vlan)#vlan 20<br />
Switch_A(config-vlan)#name Marketing<br />
Switch_A(config-vlan)#vlan 30<br />
Switch_A(config-vlan)#name Engineering<br />
Note: VLAN database mode is being deprecated in future releases of Cisco IOS. For now, both VLAN database mode<br />
<strong>and</strong> global configuration mode are supported for creating VLANs.<br />
Task 6: Assign Ports to VLAN 10<br />
Chapter 9: VLAN Trunking Protocol 393
394 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
You must assign ports to VLANs from the interface mode. Enter the following comm<strong>and</strong>s to add ports 0/4<br />
to 0/6 to VLAN 10:<br />
Switch_A#configure terminal<br />
Switch_A(config)#interface fastethernet 0/4<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 10<br />
Switch_A(config-if)#interface fastethernet 0/5<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 10<br />
Switch_A(config-if)#interface fastethernet 0/6<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 10<br />
Switch_A(config-if)#end<br />
Note: Use the range parameter to quickly configure several interfaces with the same comm<strong>and</strong>. For example:<br />
Switch_A#configure terminal<br />
Switch_A(config)#interface range fastethernet 0/4 - 6<br />
Switch_A(config-if-range)#switchport mode access<br />
Switch_A(config-if-range)#switchport access vlan 10<br />
Switch_A(config-if-range)#end<br />
Task 7: Assign Ports to VLAN 20<br />
Enter the following comm<strong>and</strong>s to add ports 0/7 to 0/9 to VLAN 20:<br />
Switch_A#configure terminal<br />
Switch_A(config)#interface fastethernet 0/7<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 20<br />
Switch_A(config-if)#interface fastethernet 0/8<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 20<br />
Switch_A(config-if)#interface fastethernet 0/9<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 20<br />
Switch_A(config-if)#end<br />
Task 8: Assign Ports to VLAN 30<br />
Enter the following comm<strong>and</strong>s to add ports 0/10 to 0/12 to VLAN 30:<br />
Switch_A#configure terminal<br />
Switch_A(config)#interface fastethernet 0/10<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 30<br />
Switch_A(config-if)#interface fastethernet 0/11<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 30
Switch_A(config-if)#interface fastethernet 0/12<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 30<br />
Switch_A(config-if)#end<br />
Task 9: Create VLANs on Switch_B<br />
Repeat Tasks 5 through 8 on Switch_B to create its VLANs.<br />
Task 10: Display the VLAN Interface Information<br />
On Switch_A, enter the comm<strong>and</strong> show vlan at the privileged EXEC mode prompt.<br />
Switch_A#show vlan<br />
Are ports 0/10 to 0/12 assigned to VLAN 30? Yes<br />
Switch_A#sh vlan<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/13<br />
Fa0/14, Fa0/15, Fa0/16, Fa0/17<br />
Fa0/18, Fa0/19, Fa0/20, Fa0/21<br />
Fa0/22, Fa0/23, Fa0/24<br />
10 Accounting active Fa0/4, Fa0/5, Fa0/6<br />
20 Marketing active Fa0/7, Fa0/8, Fa0/9<br />
30 Engineering active Fa0/10, Fa0/11, Fa0/12<br />
1002 fddi-default act/unsup<br />
1003 token-ring-default act/unsup<br />
1004 fddinet-default act/unsup<br />
1005 trnet-default act/unsup<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1 enet 100001 1500 - - - - - 0 0<br />
10 enet 100010 1500 - - - - - 0 0<br />
20 enet 100020 1500 - - - - - 0 0<br />
30 enet 100030 1500 - - - - - 0 0<br />
1002 fddi 101002 1500 - - - - - 0 0<br />
1003 tr 101003 1500 - - - - - 0 0<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1004 fdnet 101004 1500 - - - ieee - 0 0<br />
1005 trnet 101005 1500 - - - ibm - 0 0<br />
Remote SPAN VLANs<br />
Chapter 9: VLAN Trunking Protocol 395<br />
———————————————————————————————————————
396 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Primary Secondary Type Ports<br />
———- ————- ————————- —————————————————————<br />
Task 11: Test the VLANs<br />
Step 1. Ping from the host in Switch_A port 0/12 to the host in Switch_B port 0/12.<br />
Was the ping successful? No<br />
Why?<br />
No trunk has been configured.<br />
Step 2. Ping from the host in Switch_A port 0/12 to the switch IP 192.168.1.2.<br />
Was the ping successful? No<br />
Why?<br />
The interfaces are in different VLANs.<br />
Task 12: Create the ISL Trunk<br />
On both Switch_A <strong>and</strong> Switch_B, enter the following comm<strong>and</strong> at the Fast Ethernet 0/1 interface comm<strong>and</strong><br />
prompt:<br />
Switch_A(config)#interface fastethernet 0/1<br />
Switch_A(config-if)#switchport mode trunk<br />
Switch_A(config-if)#switchport trunk encapsulation isl<br />
Switch_A(config-if)#end<br />
Switch_B(config)#interface fastethernet 0/1<br />
Switch_B(config-if)#switchport mode trunk<br />
Switch_B(config-if)#switchport trunk encapsulation isl<br />
Switch_B(config-if)#end<br />
Task 13: Verify the ISL Trunk<br />
To verify that port Fast Ethernet 0/1 has been established as a trunk port, enter show interface fastethernet<br />
0/1 switchport at the privileged EXEC mode prompt.<br />
What type of trunking encapsulation is shown in the output? ISL<br />
According to the output with show interface fastethernet 0/1 switchport on Switch_B, is there a difference<br />
between the Administrative Trunking Encapsulation <strong>and</strong> the Operational Trunking Encapsulation?<br />
Switch_A#show interface fastEthernet 0/1 switchport<br />
Name: Fa0/1<br />
Switchport: Enabled<br />
Administrative mode: trunk<br />
Operational Mode: trunk<br />
Administrative Trunking Encapsulation: isl<br />
Operational Trunking Encapsulation: isl<br />
Negotiation of Trunking: Disabled<br />
Access Mode VLAN: 0 ((Inactive))
Trunking Native Mode VLAN: 1 (default)<br />
Trunking VLANs Enabled: ALL<br />
Trunking VLANs Active: 1,10,20,30<br />
Pruning VLANs Enabled: 2-1001<br />
Priority for untagged frames: 0<br />
Override vlan tag priority: FALSE<br />
Voice VLAN: none<br />
Appliance trust: none<br />
Self Loopback: No<br />
No, both encapsulation types are ISL.<br />
On the fragment “Trunking VLANs Enable” from the last output, what does the word ALL mean?<br />
It means that traffic from all VLANs is allowed to cross the trunked link.<br />
What would happen if the two ports of the trunk were using different encapsulation?<br />
It would not form a trunk.<br />
Explain.<br />
The encapsulation must match on both sides of the link in order for the trunk to form.<br />
Task 14: Test the VLANs <strong>and</strong> the Trunk<br />
Step 1. To test the VLANs <strong>and</strong> the trunk, ping from the host in Switch_A port 0/12 to the host in<br />
Switch_B port 0/12.<br />
Was the ping successful? Yes<br />
Why?<br />
The hosts are on the same VLAN with trunking enabled on port 0/1.<br />
Step 2. Ping from the host in Switch_A port 0/12 to the switch IP 192.168.1.2.<br />
Was the ping successful? No<br />
Why?<br />
The interfaces are on different VLANs.<br />
Task 15: Move the Hosts<br />
Move the host in Switch_A from port 0/12 to port 0/8, wait until the port LED turns green, <strong>and</strong> then go to<br />
the next task.<br />
Task 16: Test the VLANs <strong>and</strong> the Trunk<br />
Step 1. To test the VLANs <strong>and</strong> the trunk, ping from the host in Switch_A port 0/8 to the host in<br />
Switch_B port 0/12.<br />
Was the ping successful? No<br />
Why?<br />
The hosts are on different VLANs.<br />
Step 2. Ping from the host in Switch_A port 0/8 to the switch IP 192.168.1.2.<br />
Chapter 9: VLAN Trunking Protocol 397
398 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Was the ping successful? No<br />
Why?<br />
The hosts are on different VLANs.<br />
Task 17: Move the Hosts<br />
Move the host in Switch_B from port 0/12 to port 0/7, wait until the port LED turns green, <strong>and</strong> then go to<br />
the next task.<br />
Task 18: Test the VLANs <strong>and</strong> the Trunk<br />
Step 1. To test the VLANs <strong>and</strong> the trunk, ping from the host in Switch_A port 0/8 to the host in<br />
Switch_B port 0/7.<br />
Was the ping successful? Yes<br />
Why?<br />
The hosts are now on the same VLAN (VLAN 20).<br />
Step 2. Ping from the host in Switch_A port 0/8 to the switch IP 192.168.1.2.<br />
Was the ping successful? No<br />
Why?<br />
The interfaces are on different VLANs.<br />
Task 19: Move the Hosts<br />
Move the host in Switch_A from port 0/8 to port 0/2, wait until the port LED turns green, <strong>and</strong> then go to<br />
the next task.<br />
Task 20: Test the VLANs <strong>and</strong> the Trunk<br />
Step 1. To test the VLANs <strong>and</strong> the trunk, ping from the host in Switch_A port 0/2 to the host in<br />
Switch_B port 0/7.<br />
Was the ping successful? No<br />
Step 2. Ping from the host in Switch_A port 0/2 to the switch IP 192.168.1.2.<br />
Was the ping successful? Yes<br />
Why?<br />
Both interfaces are assigned to the same VLAN (VLAN 1).<br />
Task 21: Move the Hosts<br />
Move the host in Switch_B from port 0/7 to port 0/3, wait until the port LED turns green, <strong>and</strong> then go to<br />
the next task.<br />
Task 22: Test the VLANs <strong>and</strong> the Trunk
Step 1. To test the VLANs <strong>and</strong> the trunk, ping from the host in Switch_A port 0/2 to the host in<br />
Switch_B port 0/3.<br />
Was the ping successful? Yes<br />
Why?<br />
Both hosts now belong to the same VLAN.<br />
Step 2. Ping from the host in Switch_B port 0/3 to the switch IP 192.168.1.2.<br />
Was the ping successful? Yes<br />
Why?<br />
Both interfaces are assigned to the same VLAN (VLAN 1).<br />
Step 3. Ping from the host in Switch_B port 0/3 to the switch IP 192.168.1.3.<br />
Was the ping successful? Yes<br />
Why?<br />
Both interfaces are assigned to the same VLAN (VLAN 1).<br />
What conclusions can you draw from the testing that you just performed in regard to VLAN<br />
membership <strong>and</strong> VLANs across a trunk?<br />
Hosts must be grouped together into the same VLAN before they can communicate with each<br />
other. Trunk links carry VLAN traffic across switches.<br />
Step 4. After you complete the previous steps, log off (by typing exit) <strong>and</strong> turn all the devices off.<br />
Then, remove <strong>and</strong> store the cables <strong>and</strong> adapter.<br />
Switch_A<br />
Switch_A#show running-config<br />
Building configuration...<br />
Current configuration:<br />
!<br />
version 12.0<br />
no service pad<br />
service timestamps debug uptime<br />
service timestamps log uptime<br />
no service password-encryption<br />
!<br />
hostname Switch_A<br />
!<br />
enable secret 5 $1$Spup$4rLiyqQseDcu2xWzhd9Ko.<br />
Chapter 9: VLAN Trunking Protocol 399
400 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
!<br />
ip subnet-zero<br />
!<br />
interface FastEthernet0/1<br />
switchport mode trunk<br />
!<br />
interface FastEthernet0/2<br />
!<br />
interface FastEthernet0/3<br />
!<br />
interface FastEthernet0/4<br />
switchport access vlan 10<br />
!<br />
interface FastEthernet0<br />
switchport access vlan 10<br />
!<br />
interface FastEthernet0/6<br />
switchport access vlan 10<br />
!<br />
interface FastEthernet0/7<br />
switchport access vlan 20<br />
!<br />
interface FastEthernet0/8<br />
switchport access vlan 20<br />
!<br />
interface FastEthernet0/9<br />
switchport access vlan 20<br />
!
interface FastEthernet0/10<br />
switchport access vlan 30<br />
!<br />
interface FastEthernet0/11<br />
switchport access vlan 30<br />
!<br />
interface FastEthernet0/12<br />
switchport access vlan 30<br />
!<br />
interface VLAN1<br />
ip address 192.168.1.2 255.255.255.0<br />
no ip directed-broadcast<br />
no ip route-cache<br />
!<br />
ip default-gateway 192.168.1.1<br />
!<br />
line con 0<br />
password cisco<br />
login<br />
transport input none<br />
stopbits 1<br />
line vty 0 4<br />
password cisco<br />
login<br />
line vty 5 15<br />
password cisco<br />
login<br />
!<br />
end<br />
Chapter 9: VLAN Trunking Protocol 401
402 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Curriculum Lab 9-2: Trunking with 802.1q (9.1.5b)<br />
Figure 9-5 Topology for Lab 9-2<br />
Table 9-3 Lab Equipment Configuration<br />
Switch Switch VLAN 1 IP VLAN Names Switch Port<br />
Designation Name Address <strong>and</strong> Numbers Assignments<br />
Switch 1 Switch_A 192.168.1.2 VLAN 1 Native Fa0/2<strong>–</strong>0/3<br />
VLAN 10 Accounting Fa0/4<strong>–</strong>0/6<br />
VLAN 20 Marketing Fa0/7<strong>–</strong>0/9<br />
VLAN 30 Engineering Fa0/10<strong>–</strong>0/12<br />
Switch 2 Switch_B 192.168.1.3 VLAN 1 Native Fa0/2<strong>–</strong>0/3<br />
VLAN 10 Accounting Fa0/4<strong>–</strong>0/6<br />
VLAN 20 Marketing Fa0/7<strong>–</strong>0/9<br />
VLAN 30 Engineering Fa0/10<strong>–</strong>0/12<br />
The enable secret password for both routers is class.<br />
The enable, VTY, <strong>and</strong> console password for both routers is cisco.<br />
The subnet mask for both routers is 255.255.255.0.<br />
Objectives<br />
■ Create a basic switch configuration <strong>and</strong> verify it.<br />
■ Create multiple VLANs, name them, <strong>and</strong> assign multiple member ports to them.<br />
■ Create an 802.1q trunk line between the two switches to allow communication between paired VLANs.<br />
■ Test the VLANs’ functionality by moving a workstation from one VLAN to another.<br />
Background/Preparation<br />
FA0/1 FA0/1<br />
FA0/12 Trunk 802.1q<br />
FA0/12<br />
Switch 1 Switch 2<br />
Straight-Through Cable<br />
Rollover (Console) Cable<br />
Crossover Cable<br />
Serial Cable<br />
Trunking changes the formatting of the packets. The ports need to be in agreement as to which format is<br />
being used to transmit data on the trunk, or no data will be passed. If the two ends of the link have a different<br />
trunking encapsulation, they will not be able to communicate. A similar situation will occur if one<br />
of your ports is configured in trunking mode (unconditionally) <strong>and</strong> the other one is in access mode (unconditionally).<br />
When you are managing a switch, the management domain is always VLAN 1. The network administrator’s<br />
workstation must have access to a port in the VLAN 1 management domain. All ports are assigned to<br />
VLAN 1 by default. This lab will help demonstrate how you can use VLANs to separate traffic <strong>and</strong> reduce<br />
broadcast domains.
Cable a network that is similar to the one in Figure 9-5. The configuration output that is used in this lab is<br />
produced from a 2950 series switch. Another switch might produce different output. You should execute<br />
the following steps on each switch unless you are specifically instructed otherwise.<br />
Start a HyperTerminal session.<br />
Implement the procedure documented in Appendix B before you continue with this lab.<br />
Task 1: Configure the Switch<br />
Configure the hostname, access, <strong>and</strong> comm<strong>and</strong> mode passwords, as well as the management LAN settings.<br />
These values are shown in Table 9-3. If you have problems while performing this configuration, refer to<br />
Lab 6-2, “Basic Switch Configuration.” Do not configure VLANs <strong>and</strong> trunking yet.<br />
Task 2: Configure the Hosts Attached to the Switch<br />
Configure the host to use the same subnet for addresses, masks, <strong>and</strong> the default gateway as the switch.<br />
Task 3: Verify Connectivity<br />
To verify that the hosts <strong>and</strong> switch are configured correctly, ping the switch from the hosts.<br />
Were the pings successful? Yes<br />
If the answer is no, troubleshoot the hosts <strong>and</strong> switch configurations.<br />
Task 4: Display the VLAN Interface Information<br />
On Switch_A, enter the comm<strong>and</strong> show vlan at the privileged EXEC mode prompt.<br />
Switch_A#show vlan<br />
Chapter 9: VLAN Trunking Protocol 403<br />
Switch_A#show vlan<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4<br />
Fa0/5, Fa0/6, Fa0/7, Fa0/8<br />
Fa0/5, Fa0/6, Fa0/7, Fa0/8<br />
Fa0/13, Fa0/14, Fa0/15, Fa0/16<br />
Fa0/17, Fa0/18, Fa0/19, Fa0/20<br />
Fa0/21, Fa0/22, Fa0/23, Fa0/24<br />
1002 fddi-default act/unsup<br />
1003 token-ring-default act/unsup<br />
1004 fddinet-default act/unsup<br />
1005 trnet-default act/unsup<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1 enet 100001 1500 - - - - - 0 0
404 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
1002 fddi 101002 1500 - - - - - 0 0<br />
1003 tr 101003 1500 - - - - - 0 0<br />
1004 fdnet 101004 1500 - - - ieee - 0 0<br />
1005 trnet 101005 1500 - - - ibm - 0 0<br />
Remote SPAN VLANs<br />
———————————————————————————————————————<br />
Primary Secondary Type Ports<br />
———- ————- ————————- —————————————————————<br />
Task 5: Create <strong>and</strong> Name Three VLANs<br />
Enter the following comm<strong>and</strong>s to create three named VLANs:<br />
2900 Switch<br />
Switch_A#vlan database<br />
Switch_A(vlan)#vlan 10 name Accounting<br />
Switch_A(vlan)#vlan 20 name Marketing<br />
Switch_A(vlan)#vlan 30 name Engineering<br />
Switch_A(vlan)#exit<br />
2950 Switch<br />
Switch_A#configure terminal<br />
Switch_A(config)#vlan 10<br />
Switch_A(config-vlan)#name Accounting<br />
Switch_A(config-vlan)#vlan 20<br />
Switch_A(config-vlan)#name Marketing<br />
Switch_A(config-vlan)#vlan 30<br />
Switch_A(config-vlan)#name Engineering<br />
Note: VLAN database mode is being deprecated in future releases of Cisco IOS. For now, both VLAN database mode<br />
<strong>and</strong> global configuration mode are supported for creating VLANs.<br />
Task 6: Assign Ports to VLAN 10<br />
You must assign ports to VLANs from the interface mode. Enter the following comm<strong>and</strong>s to add ports 0/4<br />
to 0/6 to VLAN 10:<br />
Switch_A#configure terminal<br />
Switch_A(config)#interface fastethernet 0/4<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 10<br />
Switch_A(config-if)#interface fastethernet 0/5<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 10<br />
Switch_A(config-if)#interface fastethernet 0/6<br />
Switch_A(config-if)#switchport mode access
Switch_A(config-if)#switchport access vlan 10<br />
Switch_A(config-if)#end<br />
Note: Use the range parameter to quickly configure several interfaces with the same comm<strong>and</strong>. For example:<br />
Switch_A#configure terminal<br />
Switch_A(config)#interface range fastethernet 0/4 - 6<br />
Switch_A(config-if-range)#switchport mode access<br />
Switch_A(config-if-range)#switchport access vlan 10<br />
Switch_A(config-if-range)#end<br />
Task 7: Assign Ports to VLAN 20<br />
Enter the following comm<strong>and</strong>s to add ports 0/7 to 0/9 to VLAN 20:<br />
Switch_A#configure terminal<br />
Switch_A(config)#interface fastethernet 0/7<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 20<br />
Switch_A(config-if)#interface fastethernet 0/8<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 20<br />
Switch_A(config-if)#interface fastethernet 0/9<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 20<br />
Switch_A(config-if)#end<br />
Task 8: Assign Ports to VLAN 30<br />
Enter the following comm<strong>and</strong>s to add ports 0/10 to 0/12 to VLAN 30:<br />
Switch_A#configure terminal<br />
Switch_A(config)#interface fastethernet 0/10<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 30<br />
Switch_A(config-if)#interface fastethernet 0/11<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 30<br />
Switch_A(config-if)#interface fastethernet 0/12<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 30<br />
Switch_A(config-if)#end<br />
Task 9: Create VLANs on Switch_B<br />
Repeat Tasks 5 through 8 on Switch_B to create its VLANs.<br />
Chapter 9: VLAN Trunking Protocol 405
406 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 10: Display the VLAN Interface Information<br />
On both switches, enter the comm<strong>and</strong> show vlan at the privileged EXEC mode prompt.<br />
Switch_A#show vlan<br />
Are ports 0/10 to 0/12 assigned to VLAN 30? Yes<br />
Switch_A#sh vlan<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/13<br />
Fa0/14, Fa0/15, Fa0/16, Fa0/17<br />
Fa0/18, Fa0/19, Fa0/20, Fa0/21<br />
Fa0/22, Fa0/23, Fa0/24<br />
10 Accounting active Fa0/4, Fa0/5, Fa0/6<br />
20 Marketing active Fa0/7, Fa0/8, Fa0/9<br />
30 Engineering active Fa0/10, Fa0/11, Fa0/12<br />
1002 fddi-default act/unsup<br />
1003 token-ring-default act/unsup<br />
1004 fddinet-default act/unsup<br />
1005 trnet-default act/unsup<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1 enet 100001 1500 - - - - - 0 0<br />
10 enet 100010 1500 - - - - - 0 0<br />
20 enet 100020 1500 - - - - - 0 0<br />
30 enet 100030 1500 - - - - - 0 0<br />
1002 fddi 101002 1500 - - - - - 0 0<br />
1003 tr 101003 1500 - - - - - 0 0<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1004 fdnet 101004 1500 - - - ieee - 0 0<br />
1005 trnet 101005 1500 - - - ibm - 0 0<br />
Remote SPAN VLANs<br />
———————————————————————————————————————<br />
Primary Secondary Type Ports<br />
———- ————- ————————- —————————————————————<br />
Task 11: Test the VLANs<br />
Step 1. Ping from the host in Switch_A port 0/12 to the host in Switch_B port 0/12.<br />
Was the ping successful? No
Why?<br />
No trunk has been configured yet.<br />
Step 2. Ping from the host in Switch_A port 0/12 to the switch IP 192.168.1.2.<br />
Was the ping successful? No<br />
Why?<br />
The interfaces are in different VLANs.<br />
Task 12: Create the Trunk<br />
On both switches, Switch_A <strong>and</strong> Switch_B, enter the following comm<strong>and</strong> at the Fast Ethernet 0/1 interface<br />
comm<strong>and</strong> prompt. Note that it is not necessary to specify the encapsulation on a 2950, because it only<br />
supports 802.1q.<br />
Switch_A(config)#interface fastethernet 0/1<br />
Switch_A(config-if)#switchport mode trunk<br />
Switch_A(config-if)#end<br />
Switch_B(config)#interface fastethernet 0/1<br />
Switch_B(config-if)#switchport mode trunk<br />
Switch_B(config-if)#end<br />
2900:<br />
Switch_A(config)#interface fastethernet0/1<br />
Switch_A(config-if)#switchport mode trunk<br />
Switch_A(config-if)#switchport trunk encapsulation dot1q<br />
Switch_A(config-if)#end<br />
Switch_B(config)#interface fastethernet0/1<br />
Switch_B(config-if)#switchport mode trunk<br />
Switch_B(config-if)#switchport trunk encapsulation dot1q<br />
Switch_B(config-if)#end<br />
Task 13: Verify the Trunk<br />
To verify that port Fast Ethernet 0/1 has been established as a trunk port, enter show interface fastethernet<br />
0/1 switchport at the privileged EXEC mode prompt.<br />
What type of trunking encapsulation is shown on the output results? Dot1q<br />
According to the output with show interface fastethernet 0/1 switchport on Switch_B, is there a difference<br />
between the Administrative Trunking Encapsulation <strong>and</strong> the Operational Trunking Encapsulation?<br />
Switch_A#show interface fastEthernet 0/1 switchport<br />
Name: Fa0/1<br />
Switchport: Enabled<br />
Administrative Mode: trunk<br />
Operational Mode: trunk<br />
Administrative Trunking Encapsulation: dot1q<br />
Operational Trunking Encapsulation: dot1q<br />
Negotiation of Trunking: On<br />
Chapter 9: VLAN Trunking Protocol 407
408 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Access Mode VLAN: 1 (default)<br />
Trunking Native Mode VLAN: 1 (default)<br />
Voice VLAN: none<br />
Administrative private-vlan host-association: none<br />
Administrative private-vlan mapping: none<br />
Operational private-vlan: none<br />
Trunking VLANs Enabled: ALL<br />
Pruning VLANs Enabled: 2-1001<br />
Capture Mode Disabled<br />
Capture VLANs Allowed: ALL<br />
Protected: false<br />
Voice VLAN: none (Inactive)<br />
Appliance trust: none<br />
No, both encapsulation types were Dot1q.<br />
On the fragment “Trunking VLANs Enable” from the last output, what does the word ALL mean?<br />
It means that traffic from all VLANs is allowed to cross the trunk link.<br />
What would happen if the two ports of the trunk were using different encapsulation?<br />
It would not form a trunk.<br />
Explain.<br />
The encapsulation must match on both sides of the link in order for the trunk to form.<br />
Task 14: Test the VLANs <strong>and</strong> the Trunk<br />
Step 1. To test the VLANs <strong>and</strong> the trunk, ping from the host in Switch_A port 0/12 to the host in<br />
Switch_B port 0/12.<br />
Was the ping successful? Yes<br />
Why?<br />
Both hosts are in the same VLAN <strong>and</strong> the trunk has been configured.<br />
Step 2. Ping from the host in Switch_A port 0/12 to the switch IP 192.168.1.2.<br />
Was the ping successful? No<br />
Why?<br />
The interfaces belong to different VLANs.<br />
Task 15: Move the Hosts<br />
Move the host in Switch_A from port 0/12 to port 0/8, wait until the port LED turns green, <strong>and</strong> then go to<br />
the next task.
Task 16: Test the VLANs <strong>and</strong> the Trunk<br />
Step 1. To test the VLANs <strong>and</strong> the trunk, ping from the host in Switch_A port 0/8 to the host in<br />
Switch_B port 0/12.<br />
Was the ping successful? No<br />
Why?<br />
The hosts are on separate VLANs.<br />
Step 2. Ping from the host in Switch_A port 0/8 to the switch IP 192.168.1.2.<br />
Was the ping successful? No<br />
Why?<br />
The interfaces belong to different VLANs.<br />
Task 17: Move the Hosts<br />
Move the host in Switch_B from port 0/12 to port 0/7, wait until the port LED turns green, <strong>and</strong> then go to<br />
the next task.<br />
Task 18: Test the VLANs <strong>and</strong> the Trunk<br />
Step 1. To test the VLANs <strong>and</strong> the trunk, ping from the host in Switch_A port 0/8 to the host in<br />
Switch_B port 0/7.<br />
Was the ping successful? Yes<br />
Why?<br />
The hosts are now on the same VLAN (VLAN 20).<br />
Step 2. Ping from the host in Switch_A port 0/8 to the switch IP 192.168.1.2.<br />
Was the ping successful? No<br />
Why?<br />
The interfaces belong to different VLANs.<br />
Task 19: Move the Hosts<br />
Chapter 9: VLAN Trunking Protocol 409<br />
Move the host in Switch_A from port 0/8 to port 0/2, wait until the port LED turns green, <strong>and</strong> then go to<br />
the next task.
410 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 20: Test the VLANs <strong>and</strong> the Trunk<br />
Step 1. To test the VLANs <strong>and</strong> the trunk, ping from the host in Switch_A port 0/2 to the host in<br />
Switch_B port 0/7.<br />
Was the ping successful? No<br />
Step 2. Ping from the host in Switch_A port 0/2 to the switch IP 192.168.1.2.<br />
Was the ping successful? Yes<br />
Why?<br />
Both interfaces are assigned to the same VLAN (VLAN 1).<br />
Task 21: Move the Hosts<br />
Move the host in Switch_B from port 0/7 to port 0/3, wait until the port LED turns green, <strong>and</strong> then go to<br />
the next task.<br />
Task 22: Test the VLANs <strong>and</strong> the Trunk<br />
Step 1. To test the VLANs <strong>and</strong> the trunk, ping from the host in Switch_A port 0/2 to the host in<br />
Switch_B port 0/3.<br />
Was the ping successful? Yes<br />
Why?<br />
Both hosts now belong to the same VLAN.<br />
Step 2. Ping from the host in Switch_B port 0/3 to the switch IP 192.168.1.2.<br />
Was the ping successful? Yes<br />
Why?<br />
Both hosts now belong to the same VLAN.<br />
Step 3. Ping from the host in Switch_B port 0/3 to the switch IP 192.168.1.3.<br />
Was the ping successful? Yes<br />
Why?<br />
Both interfaces are assigned to the same VLAN (VLAN 1).<br />
What conclusions can you draw from the testing that you just performed in regard to VLAN<br />
membership <strong>and</strong> VLANs across a trunk?<br />
Hosts must be grouped together into the same VLAN before they can communicate with each<br />
other. Trunk links carry VLAN traffic across switches.<br />
After you complete the previous steps, log off (by typing exit) <strong>and</strong> turn all the devices off. Then, remove<br />
<strong>and</strong> store the cables <strong>and</strong> adapter.
Curriculum Lab 9-3: VTP Client <strong>and</strong> Server<br />
Configurations (9.2.5)<br />
Figure 9-6 Topology for Lab 9-3<br />
Table 9-4 Lab Equipment Configuration<br />
Switch Switch Name VLAN 1 VLAN Names Switch Port<br />
Designation IP Address <strong>and</strong> Numbers Assignments<br />
Switch 1 Switch_A 192.168.1.2 VLAN 1 Native Fa0/2<strong>–</strong>0/3<br />
VLAN 10 Accounting Fa0/4<strong>–</strong>0/6<br />
VLAN 20 Marketing Fa0/7<strong>–</strong>0/9<br />
VLAN 30 Engineering Fa0/10<strong>–</strong>0/12<br />
Switch 2 Switch_B 192.168.1.3 VLAN 1 Native Fa0/2<strong>–</strong>0/3<br />
VLAN 10 Accounting Fa0/4<strong>–</strong>0/6<br />
VLAN 20 Marketing Fa0/7<strong>–</strong>0/9<br />
VLAN 30 Engineering Fa0/10<strong>–</strong>0/12<br />
The enable secret password for both routers is class.<br />
The enable, VTY, <strong>and</strong> console password for both routers is cisco.<br />
The subnet mask for both routers is 255.255.255.0.<br />
Objectives<br />
■ Create a basic switch configuration <strong>and</strong> verify it.<br />
■ Create multiple VLANs, name them, <strong>and</strong> assign multiple member ports to them.<br />
■ Configure the VTP protocol to establish server <strong>and</strong> client switches.<br />
■ Create an 802.1q trunk line between the two switches to allow communication between paired<br />
VLANs.<br />
■ Test the VLANs’ functionality by moving a workstation from one VLAN to another.<br />
Background/Preparation<br />
FA0/1 FA0/1<br />
FA0/12 Trunk 802.1q<br />
FA0/12<br />
Switch 1 Switch 2<br />
Straight-Through Cable<br />
Rollover (Console) Cable<br />
Chapter 9: VLAN Trunking Protocol 411<br />
Crossover Cable<br />
Serial Cable<br />
When you are managing a switch, the management domain is always VLAN 1. The network administrator’s<br />
workstation must have access to a port in the VLAN 1 management domain. All ports are assigned to<br />
VLAN 1 by default.
412 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Cable a network that is similar to the one in Figure 9-6. The configuration output used in this lab is produced<br />
from a 2950 series switch. Another switch might produce different output. You should execute the<br />
following steps on each switch unless you are specifically instructed otherwise.<br />
Start a HyperTerminal session.<br />
Implement the procedure documented in Appendix B before you continue with this lab.<br />
Task 1: Configure the Switches<br />
Configure the hostname, access, <strong>and</strong> comm<strong>and</strong> mode passwords, as well as the management LAN settings.<br />
These values are shown in Table 9-4. If you have problems while performing this configuration, refer to<br />
Lab 6-2, “Basic Switch Configuration.”<br />
Task 2: Configure the Hosts Attached to the Switch<br />
Configure the host to use the same subnet for addresses, masks, <strong>and</strong> the default gateway as the switch.<br />
Task 3: Verify Connectivity<br />
To verify that the hosts <strong>and</strong> switch are configured correctly, ping the switch from the hosts.<br />
Were the pings successful? Yes<br />
If the answer is no, troubleshoot the hosts <strong>and</strong> switch configurations.<br />
Task 4: Display the VLAN Interface Information<br />
On Switch_A, enter the comm<strong>and</strong> show vlan at the privileged EXEC mode prompt.<br />
Switch_A#show vlan<br />
Switch_A#show vlan<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4<br />
Fa0/5, Fa0/6, Fa0/7, Fa0/8<br />
Fa0/5, Fa0/6, Fa0/7, Fa0/8<br />
Fa0/13, Fa0/14, Fa0/15, Fa0/16<br />
Fa0/17, Fa0/18, Fa0/19, Fa0/20<br />
Fa0/21, Fa0/22, Fa0/23, Fa0/24<br />
1002 fddi-default act/unsup<br />
1003 token-ring-default act/unsup<br />
1004 fddinet-default act/unsup<br />
1005 trnet-default act/unsup<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1 enet 100001 1500 - - - - - 0 0<br />
1002 fddi 101002 1500 - - - - - 0 0<br />
1003 tr 101003 1500 - - - - - 0 0<br />
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0<br />
Remote SPAN VLANs<br />
———————————————————————————————————————<br />
Primary Secondary Type Ports<br />
———- ————- ————————- —————————————————————<br />
Task 5: Configure VTP<br />
You need to configure VLAN Trunking Protocol (VTP) on both switches. VTP is the protocol that communicates<br />
information about which VLANs exist from one switch to another. If VTP did not provide this<br />
information, you would have to create VLANs on all switches individually.<br />
By default, the Catalyst switch series are configured as VTP servers. If the server services are turned off,<br />
use the following comm<strong>and</strong> to turn it back on.<br />
2900 Switch<br />
Switch_A#vlan database<br />
Switch_A(vlan)#vtp server<br />
Switch_A(vlan)#exit<br />
2950 Switch<br />
Switch_A#configure terminal<br />
Switch_A(config)#vtp mode server<br />
Switch_A(config)#end<br />
Note: VLAN database mode is being deprecated in future releases of Cisco IOS. For now, both VLAN database mode<br />
<strong>and</strong> global configuration mode are supported for creating VLANs.<br />
Task 6: Create <strong>and</strong> Name Three VLANs<br />
Enter the following comm<strong>and</strong>s to create three named VLANs:<br />
2900 Switch<br />
Switch_A#vlan database<br />
Switch_A(vlan)#vlan 10 name Accounting<br />
Switch_A(vlan)#vlan 20 name Marketing<br />
Switch_A(vlan)#vlan 30 name Engineering<br />
Switch_A(vlan)#exit<br />
2950 Switch<br />
Switch_A#configure terminal<br />
Switch_A(config)#vlan 10<br />
Switch_A(config-vlan)#name Accounting<br />
Switch_A(config-vlan)#vlan 20<br />
Switch_A(config-vlan)#name Marketing<br />
Switch_A(config-vlan)#vlan 30<br />
Switch_A(config-vlan)#name Engineering<br />
Chapter 9: VLAN Trunking Protocol 413
414 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 7: Assign Ports to VLAN 10<br />
You must assign ports to VLANs from the interface mode. Enter the following comm<strong>and</strong>s to add ports 0/4<br />
to 0/6 to VLAN 10:<br />
Switch_A#configure terminal<br />
Switch_A(config)#interface fastethernet 0/4<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 10<br />
Switch_A(config-if)#interface fastethernet 0/5<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 10<br />
Switch_A(config-if)#interface fastethernet 0/6<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 10<br />
Switch_A(config-if)#end<br />
Note: Use the range parameter to quickly configure several interfaces with the same comm<strong>and</strong>. For example:<br />
Switch_A#configure terminal<br />
Switch_A(config)#interface range fastethernet 0/4 - 6<br />
Switch_A(config-if-range)#switchport mode access<br />
Switch_A(config-if-range)#switchport access vlan 10<br />
Switch_A(config-if-range)#end<br />
Task 8: Assign Ports to VLAN 20<br />
Enter the following comm<strong>and</strong>s to add ports 0/7 to 0/9 to VLAN 20:<br />
Switch_A#configure terminal<br />
Switch_A(config)#interface fastethernet 0/7<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 20<br />
Switch_A(config-if)#interface fastethernet 0/8<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 20<br />
Switch_A(config-if)#interface fastethernet 0/9<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 20<br />
Switch_A(config-if)#end<br />
Task 9: Assign Ports to VLAN 30<br />
Enter the following comm<strong>and</strong>s to add ports 0/10 to 0/12 to VLAN 30:<br />
Switch_A#configure terminal<br />
Switch_A(config)#interface fastethernet 0/10<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 30<br />
Switch_A(config-if)#interface fastethernet 0/11<br />
Switch_A(config-if)#switchport mode access
Switch_A(config-if)#switchport access vlan 30<br />
Switch_A(config-if)#interface fastethernet 0/12<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 30<br />
Switch_A(config-if)#end<br />
Task 10: Display the VLAN Interface Information<br />
On Switch_A, enter the comm<strong>and</strong> show vlan at the privileged EXEC mode prompt.<br />
Switch_A#show vlan<br />
Switch_A#show vlan<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/13<br />
Fa0/14, Fa0/15, Fa0/16, Fa0/17<br />
Fa0/18, Fa0/19, Fa0/20, Fa0/21<br />
Fa0/22, Fa0/23, Fa0/24<br />
10 Accounting active Fa0/4, Fa0/5, Fa0/6<br />
20 Marketing active Fa0/7, Fa0/8, Fa0/9<br />
30 Engineering active Fa0/10, Fa0/11, Fa0/12<br />
1002 fddi-default act/unsup<br />
1003 token-ring-default act/unsup<br />
1004 fddinet-default act/unsup<br />
1005 trnet-default act/unsup<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1 enet 100001 1500 - - - - - 0 0<br />
10 enet 100010 1500 - - - - - 0 0<br />
20 enet 100020 1500 - - - - - 0 0<br />
30 enet 100030 1500 - - - - - 0 0<br />
1002 fddi 101002 1500 - - - - - 0 0<br />
1003 tr 101003 1500 - - - - - 0 0<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1004 fdnet 101004 1500 - - - ieee - 0 0<br />
1005 trnet 101005 1500 - - - ibm - 0 0<br />
Remote SPAN VLANs<br />
———————————————————————————————————————<br />
Primary Secondary Type Ports<br />
———- ————- ————————- —————————————————————<br />
Are ports 0/10 to 0/12 assigned to VLAN 30? Yes<br />
Chapter 9: VLAN Trunking Protocol 415
416 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 11: Configure the VTP Client<br />
Configure Switch_B to be a VTP client.<br />
Switch_B#vlan database<br />
Switch_B(vlan)#vtp client<br />
Switch_B(vlan)#vtp domain group1<br />
Switch_B(vlan)#exit<br />
Task 12: Create the Trunk<br />
On both Switch_A <strong>and</strong> Switch_B, enter the following comm<strong>and</strong> at the Fast Ethernet 0/1 interface comm<strong>and</strong><br />
prompt. Note that it is not necessary to specify the encapsulation on a 2950, because it only supports<br />
802.1q.<br />
Switch_A(config)#interface fastethernet 0/1<br />
Switch_A(config-if)#switchport mode trunk<br />
Switch_A(config-if)#end<br />
Switch_B(config)#interface fastethernet 0/1<br />
Switch_B(config-if)#switchport mode trunk<br />
Switch_B(config-if)#end<br />
2900:<br />
Switch_A(config)#interface fastethernet0/1<br />
Switch_A(config-if)#switchport mode trunk<br />
Switch_A(config-if)#switchport trunk encapsulation dot1q<br />
Switch_A(config-if)#end<br />
Switch_B(config)#interface fastethernet0/1<br />
Switch_B(config-if)#switchport mode trunk<br />
Switch_B(config-if)#switchport trunk encapsulation dot1q<br />
Switch_B(config-if)#end<br />
Task 13: Verify the Trunk<br />
To verify that port Fast Ethernet 0/1 has been established as a trunk port, enter show interface fastethernet<br />
0/1 switchport at the privileged EXEC mode prompt.<br />
Switch_A#show interface fastEthernet 0/1 switchport<br />
Name: Fa0/1<br />
Switchport: Enabled<br />
Administrative Mode: trunk<br />
Operational Mode: trunk<br />
Administrative Trunking Encapsulation: dot1q<br />
Operational Trunking Encapsulation: dot1q<br />
Negotiation of Trunking: On<br />
Access Mode VLAN: 1 (default)<br />
Trunking Native Mode VLAN: 1 (default)<br />
Voice VLAN: none
Administrative private-vlan host-association: none<br />
Administrative private-vlan mapping: none<br />
Operational private-vlan: none<br />
Trunking VLANs Enabled: ALL<br />
Pruning VLANs Enabled: 2-1001<br />
Capture Mode Disabled<br />
Capture VLANs Allowed: ALL<br />
Protected: false<br />
Voice VLAN: none (Inactive)<br />
Appliance trust: none<br />
What type of trunking encapsulation is shown in the output? Dot1q<br />
Task 14: Display the VLAN Interface Information<br />
On Switch_B, enter the comm<strong>and</strong> show vlan at the privileged EXEC mode prompt.<br />
Switch_B#show vlan<br />
Switch_B#show vlan<br />
Chapter 9: VLAN Trunking Protocol 417<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4<br />
Fa0/5, Fa0/6, Fa0/7, Fa0/8<br />
Fa0/9, Fa0/10, Fa0/11, Fa0/12<br />
Fa0/13, Fa0/14, Fa0/15, Fa0/16<br />
Fa0/17, Fa0/18, Fa0/19, Fa0/20<br />
Fa0/21, Fa0/22, Fa0/23, Fa0/24<br />
10 Accounting active<br />
20 Marketing active<br />
30 Engineering active<br />
1002 fddi-default act/unsup<br />
1003 token-ring-default act/unsup<br />
1004 fddinet-default act/unsup<br />
1005 trnet-default act/unsup<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1 enet 100001 1500 - - - - - 0 0<br />
10 enet 100010 1500 - - - - - 0 0<br />
20 enet 100020 1500 - - - - - 0 0<br />
30 enet 100030 1500 - - - - - 0 0<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1002 fddi 101002 1500 - - - - - 0 0<br />
1003 tr 101003 1500 - - - - - 0 0
418 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
1004 fdnet 101004 1500 - - - ieee - 0 0<br />
1005 trnet 101005 1500 - - - ibm - 0 0<br />
Remote SPAN VLANs<br />
———————————————————————————————————————<br />
Primary Secondary Type Ports<br />
———- ————- ————————- —————————————————————<br />
Do VLANs 10, 20, <strong>and</strong> 30 show without your having to type them in? Yes<br />
Why did this happen?<br />
Because Switch_A is a VTP server <strong>and</strong> it sent VLAN information to Switch_B.<br />
Task 15: Assign Ports to VLAN 10<br />
Although the VLAN definitions have migrated to Switch_B by using VTP, you still must assign ports to<br />
these VLANs on Switch_B. You must assign ports to VLANs from the interface mode. Enter the following<br />
comm<strong>and</strong>s to add ports 0/4 to 0/6 to VLAN 10:<br />
Switch_B#configure terminal<br />
Switch_B(config)#interface fastethernet 0/4<br />
Switch_B(config-if)#switchport mode access<br />
Switch_B(config-if)#switchport access vlan 10<br />
Switch_B(config-if)#interface fastethernet 0/5<br />
Switch_B(config-if)#switchport mode access<br />
Switch_B(config-if)#switchport access vlan 10<br />
Switch_B(config-if)#interface fastethernet 0/6<br />
Switch_B(config-if)#switchport mode access<br />
Switch_B(config-if)#switchport access vlan 10<br />
Switch_B(config-if)#end<br />
Task 16: Assign Ports to VLAN 20<br />
Enter the following comm<strong>and</strong>s to add ports 0/7 to 0/9 to VLAN 20:<br />
Switch_B#configure terminal<br />
Switch_B(config)#interface fastethernet 0/7<br />
Switch_B(config-if)#switchport mode access<br />
Switch_B(config-if)#switchport access vlan 20<br />
Switch_B(config-if)#interface fastethernet 0/8<br />
Switch_B(config-if)#switchport mode access<br />
Switch_B(config-if)#switchport access vlan 20<br />
Switch_B(config-if)#interface fastethernet 0/9<br />
Switch_B(config-if)#switchport mode access<br />
Switch_B(config-if)#switchport access vlan 20<br />
Switch_B(config-if)#end
Task 17: Assign Ports to VLAN 30<br />
Enter the following comm<strong>and</strong>s to add ports 0/10 to 0/12 to VLAN 30:<br />
Switch_B#configure terminal<br />
Switch_B(config)#interface fastethernet 0/10<br />
Switch_B(config-if)#switchport mode access<br />
Switch_B(config-if)#switchport access vlan 30<br />
Switch_B(config-if)#interface fastethernet 0/11<br />
Switch_B(config-if)#switchport mode access<br />
Switch_B(config-if)#switchport access vlan 30<br />
Switch_B(config-if)#interface fastethernet 0/12<br />
Switch_B(config-if)#switchport mode access<br />
Switch_B(config-if)#switchport access vlan 30<br />
Switch_B(config-if)#end<br />
Task 18: Display the VLAN Interface Information<br />
On Switch_B, enter the comm<strong>and</strong> show vlan at the privileged EXEC mode prompt.<br />
Switch_B#show vlan<br />
Switch_B#show vlan<br />
Chapter 9: VLAN Trunking Protocol 419<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/13<br />
Fa0/14, Fa0/15, Fa0/16, Fa0/17<br />
Fa0/18, Fa0/19, Fa0/20, Fa0/21<br />
Fa0/22, Fa0/23, Fa0/24<br />
10 Accounting active Fa0/4, Fa0/5, Fa0/6<br />
20 Marketing active Fa0/7, Fa0/8, Fa0/9<br />
30 Engineering active Fa0/10, Fa0/11, Fa0/12<br />
1002 fddi-default act/unsup<br />
1003 token-ring-default act/unsup<br />
1004 fddinet-default act/unsup<br />
1005 trnet-default act/unsup<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———<br />
1 enet 100001 1500 - - - - - 0 0<br />
10 enet 100010 1500 - - - - - 0 0<br />
20 enet 100020 1500 - - - - - 0 0<br />
30 enet 100030 1500 - - - - - 0 0<br />
1002 fddi 101002 1500 - - - - - 0 0<br />
1003 tr 101003 1500 - - - - - 0 0<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———
420 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
1004 fdnet 101004 1500 - - - ieee - 0 0<br />
1005 trnet 101005 1500 - - - ibm - 0 0<br />
Remote SPAN VLANs<br />
———————————————————————————————————————<br />
Primary Secondary Type Ports<br />
———- ————- ————————- —————————————————————<br />
Are ports 0/10 to 0/12 assigned to VLAN 30? Yes<br />
Task 19: Test the VLANs <strong>and</strong> the Trunk<br />
Step 1. To test the VLANs <strong>and</strong> the trunk, ping from the host in Switch_A port 0/12 to the host in<br />
Switch_B port 0/12.<br />
Was the ping successful? Yes<br />
Why?<br />
Both hosts are in the same VLAN with the trunk link properly configured.<br />
Step 2. Ping from the host in Switch_A port 0/12 to the switch IP 192.168.1.2.<br />
Was the ping successful? No<br />
Why?<br />
The interfaces belong to different VLANs.<br />
Task 20: Move the Hosts<br />
Move the host in Switch_A from port 0/12 to port 0/8, wait until the port LED turns green, <strong>and</strong> then go to<br />
the next task.<br />
Task 21: Test the VLANs <strong>and</strong> the Trunk<br />
Step 1. To test the VLANs <strong>and</strong> the trunk, ping from the host in Switch_A port 0/8 to the host in<br />
Switch_B port 0/12.<br />
Was the ping successful? No<br />
Why?<br />
The hosts are on separate VLANs.<br />
Step 2. Ping from the host in Switch_A port 0/8 to the switch IP 192.168.1.2.<br />
Was the ping successful? No<br />
Why?<br />
The interfaces belong to different VLANs.<br />
After you complete the previous steps, log off (by typing exit) <strong>and</strong> turn all the devices off. Then, remove<br />
<strong>and</strong> store the cables <strong>and</strong> adapter.
Curriculum Lab 9-4: Configuring Inter-VLAN Routing<br />
(9.3.6)<br />
Figure 9-7 Topology for Lab 9-4<br />
Table 9-5 Lab Equipment Configuration<br />
Switch Switch Name VLAN 1 VLAN Names Switch Port<br />
Designation IP Address <strong>and</strong> Numbers Assignments<br />
Switch 1 Switch_A 192.168.1.2 VLAN 1 Native<br />
VLAN 10 Sales<br />
VLAN 20 SupportFa0/1<strong>–</strong>0/4<br />
Fa0/5<strong>–</strong>0/8<br />
Fa0/9<strong>–</strong>0/12<br />
The enable secret password is class.<br />
The enable, VTY, <strong>and</strong> console password is cisco.<br />
The subnet mask is 255.255.255.0.<br />
Objectives<br />
■ Create a basic switch configuration <strong>and</strong> verify it.<br />
■ Create multiple VLANs, name them, <strong>and</strong> assign multiple member ports to them.<br />
■ Create a basic configuration on a router.<br />
■ Create an 802.1q trunk line between the switch <strong>and</strong> router to allow communication between VLANs.<br />
■ Test the routing functionality.<br />
Background/Preparation<br />
FA0/5<br />
FA0/9<br />
Straight-Through Cable<br />
Rollover (Console) Cable<br />
Chapter 9: VLAN Trunking Protocol 421<br />
Cable a network that is similar to the one in Figure 9-7. The configuration output that is used in this lab is<br />
produced from a 2950 series switch. Another switch might produce different output. You should execute<br />
erase <strong>and</strong> reload procedures on each switch unless you are specifically instructed otherwise. Instructions<br />
are also provided for the 1900 series switch, which initially displays a User Interface Menu. Select the<br />
FA0/1<br />
Crossover Cable<br />
Serial Cable
422 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Comm<strong>and</strong> Line option from the menu to perform the steps for this lab.<br />
Note: The router used must have a Fast Ethernet interface in order to support trunking <strong>and</strong> inter-VLAN routing. The<br />
2500 series router cannot be used for this lab.<br />
Start a HyperTerminal session.<br />
Implement the procedure documented in Appendix B before you continue with this lab.<br />
Task 1: Configure the Switch<br />
Configure the hostname, access, <strong>and</strong> comm<strong>and</strong> mode passwords, as well as the management LAN settings.<br />
These values are shown in Table 9-5. If you have problems while performing this configuration, refer to<br />
Lab 6-2, “Basic Switch Configuration.”<br />
Task 2: Configure the Hosts Attached to the Switch<br />
Configure the hosts by using the following information.<br />
The host in port 0/5:<br />
IP address: 192.168.5.2<br />
Subnet mask: 255.255.255.0<br />
Default gateway: 192.168.5.1<br />
The host in port 0/9:<br />
IP address: 192.168.7.2<br />
Subnet mask: 255.255.255.0<br />
Default gateway: 192.168.7.1<br />
Task 3: Verify Connectivity<br />
Step 1. Verify that the switch ports <strong>and</strong> host NIC link lights are lit.<br />
Step 2. Ping the switch IP address from the hosts.<br />
Were the pings successful? No<br />
Why or why not?<br />
The hosts are on different networks.<br />
Task 4: Create <strong>and</strong> Name Two VLANs<br />
Enter the following comm<strong>and</strong>s to create two named VLANs:<br />
Switch_A#vlan database<br />
Switch_A(vlan)#vlan 10 name Sales<br />
Switch_A(vlan)#vlan 20 name Support<br />
Switch_A(vlan)#exit
1900:<br />
Switch_A#config t<br />
Switch_A(config)#vlan 10 name Sales<br />
Switch_A(config)#vlan 20 name Support<br />
Switch_A(config)#exit<br />
Task 5: Assign Ports to VLAN 10<br />
You must assign ports to VLANs from the interface mode. Enter the following comm<strong>and</strong>s to add ports 0/5<br />
to 0/8 to VLAN 10:<br />
Switch_A#configure terminal<br />
Switch_A(config)#interface fastethernet0/5<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 10<br />
Switch_A(config-if)#interface fastethernet0/6<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 10<br />
Switch_A(config-if)#interface fastethernet0/7<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 10<br />
Switch_A(config-if)#interface fastethernet0/8<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 10<br />
Switch_A(config-if)#end<br />
1900:<br />
Switch_A#config t<br />
Switch_A(config)#interface ethernet 0/5<br />
Switch_A(config-if)#vlan static 10<br />
Switch_A(config-if)#interface ethernet 0/6<br />
Switch_A(config-if)#vlan static 10<br />
Switch_A(config-if)#interface ethernet 0/7<br />
Switch_A(config-if)#vlan static 10<br />
Switch_A(config-if)#interface ethernet 0/8<br />
Switch_A(config-if)#vlan static 10<br />
Switch_A(config-if)#end<br />
Task 6: Assign Ports to VLAN 20<br />
Enter the following comm<strong>and</strong>s to add ports 0/9 to 0/12 to VLAN 20:<br />
Switch_A#configure terminal<br />
Switch_A(config)#interface fastethernet0/9<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 20<br />
Chapter 9: VLAN Trunking Protocol 423
424 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Switch_A(config-if)#interface fastethernet0/10<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 20<br />
Switch_A(config-if)#interface fastethernet0/11<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 20<br />
Switch_A(config-if)#interface fastethernet0/12<br />
Switch_A(config-if)#switchport mode access<br />
Switch_A(config-if)#switchport access vlan 20<br />
Switch_A(config-if)#end<br />
1900:<br />
Switch_A#config t<br />
Switch_A(config)#interface ethernet 0/9<br />
Switch_A(config-if)#vlan static 20<br />
Switch_A(config-if)#interface ethernet 0/10<br />
Switch_A(config-if)#vlan static 20<br />
Switch_A(config-if)#interface ethernet 0/11<br />
Switch_A(config-if)#vlan static 20<br />
Switch_A(config-if)#interface ethernet 0/12<br />
Switch_A(config-if)#vlan static 20<br />
Switch_A(config-if)#end<br />
Task 7: Display the VLAN Interface Information<br />
On Switch_A, enter the comm<strong>and</strong> show VLAN at the privileged EXEC mode prompt.<br />
Switch_A#show vlan<br />
Switch_A#show vlan<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4<br />
Fa0/13, Fa0/14, Fa0/15, Fa0/16<br />
Fa0/17, Fa0/18, Fa0/19, Fa0/20<br />
Fa0/21, Fa0/22, Fa0/23, Fa0/24<br />
10 Sales active Fa0/5, Fa0/6, Fa0/7, Fa0/8<br />
20 Support active Fa0/9, Fa0/10, Fa0/11, Fa0/12<br />
1002 fddi-default act/unsup<br />
1003 token-ring-default act/unsup<br />
1004 fddinet-default act/unsup<br />
1005 trnet-default act/unsup<br />
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2<br />
—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———
1 enet 100001 1500 - - - - - 0 0<br />
10 enet 100010 1500 - - - - - 0 0<br />
20 enet 100020 1500 - - - - - 0 0<br />
1002 fddi 101002 1500 - - - - - 0 0<br />
1003 tr 101003 1500 - - - - - 0 0<br />
1004 fdnet 101004 1500 - - - ieee - 0 0<br />
1005 trnet 101005 1500 - - - ibm - 0 0<br />
Remote SPAN VLANs<br />
———————————————————————————————————————<br />
Primary Secondary Type Ports<br />
———- ————- ————————- —————————————————————<br />
Are ports assigned correctly? Yes<br />
Task 8: Create the Trunk<br />
On Switch_A, enter the following comm<strong>and</strong> at the Fast Ethernet 0/1 interface comm<strong>and</strong> prompt. Note that<br />
Fast Ethernet 0/1 <strong>and</strong> the other access ports on a 1900 switch only support 10-Mbps Ethernet <strong>and</strong> cannot<br />
be used as trunk ports. The trunk ports (if present) on a 24-port 1900 are typically Fast Ethernet 0/26 <strong>and</strong><br />
0/27.<br />
Switch_A(config)#interface fastethernet0/1<br />
Switch_A(config-if)#switchport mode trunk<br />
Switch_A(config-if)#end<br />
2900:<br />
Switch_A(config)#interface fastethernet0/1<br />
Switch_A(config-if)#switchport mode trunk<br />
Switch_A(config-if)#switchport trunk encapsulation dot1q<br />
Switch_A(config-if)#end<br />
1900:<br />
Switch_A#config t<br />
Switch_A(config)#interface fastethernet0/26<br />
Switch_A(config-if)#trunk on<br />
Task 9: Configure the Router<br />
Step 1. Configure the router with the following data. Note that, to support trunking <strong>and</strong> inter-VLAN<br />
routing, the router must have a Fast Ethernet interface.<br />
Hostname: Router_A<br />
Console, VTY, <strong>and</strong> enable passwords: cisco<br />
Enable secret password: class<br />
Chapter 9: VLAN Trunking Protocol 425
426 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Step 2. Configure the Fast Ethernet interface by using the following comm<strong>and</strong>s:<br />
Note: If working with a 1900 switch, replace the dot1.q encapsulation with isl in the following router configuration<br />
comm<strong>and</strong>s.<br />
Router_A(config)#interface fastethernet 0/0<br />
Router_A(config-if)#no shutdown<br />
Router_A(config-if)#interface fastethernet 0/0.1<br />
Router_A(config-subif)#encapsulation dot1q 1<br />
Router_A(config-subif)#ip address 192.168.1.1 255.255.255.0<br />
Router_A(config-if)#interface fastethernet 0/0.2<br />
Router_A(config-subif)#encapsulation dot1q 10<br />
Router_A(config-subif)#ip address 192.168.5.1 255.255.255.0<br />
Router_A(config-if)#interface fastethernet 0/0.3<br />
Router_A(config-subif)#encapsulation dot1q 20<br />
Router_A(config-subif)#end<br />
Task 10: Save the Router Configuration<br />
Enter the copy run start comm<strong>and</strong> to save the current running configuration to NVRAM.<br />
Task 11: Display the Router Routing Table<br />
Enter show ip route at the privileged EXEC mode prompt.<br />
Router_A#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter<br />
area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is not set<br />
C 192.168.5.0/24 is directly connected, FastEthernet0/0.2<br />
C 192.168.7.0/24 is directly connected, FastEthernet0/0.3<br />
C 192.168.1.0/24 is directly connected, FastEthernet0/0.1<br />
Router_A#<br />
Do entries exist in the routing table? Yes, 3<br />
What interface are the entries pointing to? Fast Ethernet 0/0<br />
Why is there not a need to run a routing protocol?<br />
All interfaces are connected.
Task 12: Test the VLANs <strong>and</strong> the Trunk<br />
Step 1. To test the VLANs <strong>and</strong> the trunk, ping from the host in Switch_A port 0/9 to the host in port<br />
0/5.<br />
Was the ping successful? Yes<br />
Why?<br />
The trunk to the router forwarded packets from VLAN 20 to VLAN 10.<br />
Step 2. Ping from the host in Switch_A port 0/5 to the switch IP 192.168.1.2.<br />
Was the ping successful? Yes<br />
Task 13: Move the Hosts<br />
Move the hosts to other VLANs <strong>and</strong> try pinging the management VLAN 1. Note the results.<br />
All pings should be successful with correct IP settings on the host.<br />
After you complete the previous step, log off (by typing exit) <strong>and</strong> turn all the devices off. Then, remove<br />
<strong>and</strong> store the cables <strong>and</strong> adapter.<br />
Switch_A<br />
Switch_A#show running-config<br />
Building configuration...<br />
Current configuration : 2053 bytes<br />
!<br />
version 12.1<br />
no service pad<br />
service timestamps debug uptime<br />
service timestamps log uptime<br />
no service password-encryption<br />
!<br />
hostname Switch_A<br />
!<br />
enable secret 5 $1$5kx7$u7JjZnEXhjhJ0cJIplN4t.<br />
!<br />
ip subnet-zero<br />
!<br />
spanning-tree mode pvst<br />
no spanning-tree optimize bpdu transmission<br />
spanning-tree extend system-id<br />
!<br />
interface FastEthernet0/1<br />
switchport mode trunk<br />
no ip address<br />
!<br />
interface FastEthernet0/2<br />
no ip address<br />
!<br />
interface FastEthernet0/3<br />
Chapter 9: VLAN Trunking Protocol 427
428 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
no ip address<br />
!<br />
interface FastEthernet0/4<br />
no ip address<br />
!<br />
interface FastEthernet0/5<br />
switchport access vlan 10<br />
switchport mode access<br />
no ip address<br />
!<br />
interface FastEthernet0/6<br />
switchport access vlan 10<br />
switchport mode access<br />
no ip address<br />
!<br />
interface FastEthernet0/7<br />
switchport access vlan 10<br />
switchport mode access<br />
no ip address<br />
!<br />
interface FastEthernet0/8<br />
switchport access vlan 10<br />
switchport mode access<br />
no ip address<br />
!<br />
interface FastEthernet0/9<br />
switchport access vlan 20<br />
switchport mode access<br />
no ip address<br />
!<br />
interface FastEthernet0/10<br />
switchport access vlan 20<br />
switchport mode access<br />
no ip address<br />
!<br />
interface FastEthernet0/11<br />
switchport access vlan 20<br />
switchport mode access<br />
no ip address<br />
!<br />
interface FastEthernet0/12<br />
switchport access vlan 20<br />
switchport mode access<br />
no ip address<br />
!<br />
interface FastEthernet0/13
no ip address<br />
!<br />
interface FastEthernet0/14<br />
no ip address<br />
!<br />
interface FastEthernet0/15<br />
no ip address<br />
!<br />
interface FastEthernet0/16<br />
no ip address<br />
!<br />
interface FastEthernet0/17<br />
no ip address<br />
!<br />
interface FastEthernet0/18<br />
no ip address<br />
!<br />
interface FastEthernet0/19<br />
no ip address<br />
!<br />
interface FastEthernet0/20<br />
no ip address<br />
!<br />
interface FastEthernet0/21<br />
no ip address<br />
!<br />
interface FastEthernet0/22<br />
no ip address<br />
!<br />
interface FastEthernet0/23<br />
no ip address<br />
!<br />
interface FastEthernet0/24<br />
no ip address<br />
!<br />
interface Vlan1<br />
ip address 192.168.1.2 255.255.255.0<br />
no ip route-cache<br />
!<br />
ip default-gateway 192.168.1.1<br />
ip http server<br />
!<br />
line con 0<br />
password cisco<br />
login<br />
line vty 0 4<br />
Chapter 9: VLAN Trunking Protocol 429
430 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
password cisco<br />
login<br />
line vty 5 15<br />
password cisco<br />
login<br />
!<br />
end<br />
Switch_B<br />
Router_A#show runnig-config<br />
Building configuration...<br />
Current configuration : 863 bytes<br />
!<br />
version 12.2<br />
service timestamps debug uptime<br />
service timestamps log uptime<br />
no service password-encryption<br />
!<br />
hostname Router_A<br />
!<br />
enable secret 5 $1$ihY0$.S.8M7iVky3u28ZYmHgWx1<br />
!<br />
ip subnet-zero<br />
!<br />
call rsvp-sync<br />
!<br />
interface FastEthernet0/0<br />
no ip address<br />
duplex auto<br />
speed auto<br />
!<br />
interface FastEthernet0/0.1<br />
encapsulation dot1Q 1 native<br />
ip address 192.168.1.1 255.255.255.0<br />
!<br />
interface FastEthernet0/0.2<br />
encapsulation dot1Q 10<br />
ip address 192.168.5.1 255.255.255.0<br />
!<br />
interface FastEthernet0/0.3<br />
encapsulation dot1Q 20<br />
ip address 192.168.7.1 255.255.255.0<br />
!<br />
interface Serial0/0<br />
no ip address
shutdown<br />
no fair-queue<br />
!<br />
interface Serial0/1<br />
no ip address<br />
shutdown<br />
!<br />
ip classless<br />
ip http server<br />
!<br />
!<br />
!<br />
dial-peer cor custom<br />
!<br />
line con 0<br />
password cisco<br />
login<br />
line aux 0<br />
line vty 0 4<br />
password cisco<br />
login<br />
!<br />
end<br />
Comprehensive Lab 9-5: Inter-VLAN <strong>and</strong> VTP<br />
Configuration<br />
Note: This lab continues where Challenge Lab 8-4, “Static VLANs, STP, <strong>and</strong> Port Security” ended. You need to complete<br />
that lab before proceeding with this lab. Another option is to continue on to Challenge Lab 9-6, “Advanced<br />
Switching,” which is not dependent on any previous labs.<br />
Figure 9-8 Inter-VLAN <strong>and</strong> VTP Configuration<br />
VLAN 1 10.1.0.0/16<br />
VLAN 10 10.10.0.0/16<br />
VLAN 20 10.20.0.0/16<br />
VLAN 30 10.30.0.0/16<br />
VLAN 10<br />
fa0/4<strong>–</strong>8<br />
fa0/1<br />
802.1q Trunk<br />
fa0/1<br />
RTA<br />
SWA<br />
VLAN 20<br />
fa0/9<strong>–</strong>16<br />
VLAN 1: 10.1.0.2<br />
DefGate: 10.1.0.1<br />
fa0/2<br />
fa0/3<br />
VLAN 30<br />
fa0/17<strong>–</strong>24<br />
VLAN 10<br />
fa0/4<strong>–</strong>8<br />
Chapter 9: VLAN Trunking Protocol 431<br />
VLAN 1: 10.1.0.3<br />
DefGate: 10.1.0.1<br />
fa0/2<br />
fa0/3 SWB<br />
VLAN 20<br />
fa0/9<strong>–</strong>16<br />
VLAN 30<br />
fa0/17<strong>–</strong>24
432 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Table 9-6 Addressing Scheme<br />
Device Interface IP Address Subnet<br />
Mask<br />
SWA VLAN 1 10.1.0.2 255.255.0.0<br />
SWB VLAN 1 10.1.0.3 255.255.0.0<br />
RTA Fa0/1.1 10.1.0.1 255.255.0.0<br />
Objectives<br />
■ Delete the VLAN database.<br />
■ Configure VTP parameters.<br />
■ Configure inter-VLAN routing.<br />
■ Modify VLANs.<br />
■ Verify <strong>and</strong> document configurations.<br />
Fa0/1.10 10.10.0.1 255.255.0.0<br />
Fa0/1.20 10.20.0.1 255.255.0.0<br />
Fa0/1.30 10.30.0.1 255.255.0.0<br />
The topology shown in Figure 9-8 is using 2950 switches <strong>and</strong> a 2621 router. You can also use a 1700<br />
series router that supports VLAN trunking.<br />
NetLab Compatibility Notes<br />
This lab is fully compatible with a st<strong>and</strong>ard NetLab Basic Switch Pod.<br />
Task 1: Cable the Topology <strong>and</strong> Basic Configuration<br />
Step 1. SWA <strong>and</strong> SWB should be loaded with your saved configurations for Challenge Lab 8-4, “Static<br />
VLANs, STP, <strong>and</strong> Port Security.” If you did not complete that lab, you need to do so now.<br />
Step 2. Configure RTA with basic router configurations, including:<br />
■ Hostname<br />
■ Line configurations<br />
■ Global passwords<br />
■ Host tables<br />
■ Banner<br />
■ Other instructor-required global configurations<br />
Task 2: Configure VTP Parameters<br />
Step 1. SWA will be the VTP server. Configure SWA with the domain name <strong>CCNA</strong>3 <strong>and</strong> password<br />
cisco. Verify your configuration with the show vtp status comm<strong>and</strong>.<br />
SWA#show vtp status<br />
VTP Version : 2<br />
Configuration Revision : 3<br />
Maximum VLANs supported locally : 250<br />
Number of existing VLANs : 8
VTP Operating Mode : Server<br />
VTP Domain Name : <strong>CCNA</strong>3<br />
VTP Pruning Mode : Disabled<br />
VTP V2 Mode : Disabled<br />
VTP Traps Generation : Disabled<br />
MD5 digest : 0x3B 0x01 0x37 0x7F 0x25 0x20 0xD0 0x0F<br />
Configuration last modified by 0.0.0.0 at 3-1-93 00:30:56<br />
Local updater ID is 10.1.0.2 on interface Vl1 (lowest numbered VLAN interface<br />
found)<br />
Step 2. Notice in the preceding output that the configuration revision number is 3. Why?<br />
Three VLANs have been added (Accounting VLAN 10, Marketing VLAN 20, <strong>and</strong> Purchasing<br />
VLAN 30). The configuration revision number increments by 1 each time a change is made.<br />
Step 3. On SWB, you need to remove the current VLAN configurations <strong>and</strong> reload the switch. What<br />
comm<strong>and</strong> will delete the VLAN database file?<br />
SWB#delete flash:vlan.dat<br />
Delete filename [vlan.dat]?<br />
Delete flash:vlan.dat? [confirm]<br />
SWB#reload<br />
Proceed with reload? [confirm]<br />
Step 4. After you delete the VLAN database <strong>and</strong> reload the switch, your show vlan brief comm<strong>and</strong><br />
should display the following:<br />
SWB#show vlan brief<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1<br />
1002 fddi-default active<br />
1003 token-ring-default active<br />
1004 fddinet-default active<br />
1005 trnet-default active<br />
SWB#show vlan brief<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1<br />
1002 fddi-default active<br />
1003 token-ring-default active<br />
1004 fddinet-default active<br />
1005 trnet-default active<br />
Step 5. Your VTP status should display the following output. Take note of the configuration revision<br />
number, the operating mode, <strong>and</strong> the domain name.<br />
SWB#show vtp status<br />
VTP Version : 2<br />
Configuration Revision : 0<br />
Maximum VLANs supported locally : 64<br />
Number of existing VLANs : 5<br />
VTP Operating Mode : Server<br />
VTP Domain Name :<br />
Chapter 9: VLAN Trunking Protocol 433
434 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
VTP Pruning Mode : Disabled<br />
VTP V2 Mode : Disabled<br />
VTP Traps Generation : Disabled<br />
MD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD<br />
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00<br />
Local updater ID is 10.1.0.3 on interface Vl1 (lowest numbered VLAN interface<br />
found)<br />
Step 6. Enter the comm<strong>and</strong>s to configure SWB as a VTP client on the <strong>CCNA</strong>3 VTP domain with the<br />
password cisco. Record the comm<strong>and</strong>s you used.<br />
SWB(config)#vtp mode client<br />
Setting device to VTP CLIENT mode.<br />
SWB(config)#vtp domain <strong>CCNA</strong>3<br />
Changing VTP domain name from NULL to <strong>CCNA</strong>3<br />
SWB(config)#vtp password cisco<br />
Setting device VLAN database password to cisco<br />
Step 7. It may take a while for SWB to receive a VTP message from the server, because, unless there<br />
is a change or unless a request is made, the server sends out VTP advertisements only every 5<br />
minutes. You can speed up the process by shutting down the trunks attached to SWA <strong>and</strong> then<br />
reactivating them. This will force an exchange of VTP messages. Verify SWB now has the<br />
VLAN information from SWA.<br />
SWB#show vtp status<br />
VTP Version : 2<br />
Configuration Revision : 3<br />
Maximum VLANs supported locally : 64<br />
Number of existing VLANs : 8<br />
VTP Operating Mode : Client<br />
VTP Domain Name : <strong>CCNA</strong>3<br />
VTP Pruning Mode : Disabled<br />
VTP V2 Mode : Disabled<br />
VTP Traps Generation : Disabled<br />
MD5 digest : 0x3B 0x01 0x37 0x7F 0x25 0x20 0xD0 0x0F<br />
Configuration last modified by 0.0.0.0 at 3-1-93 00:30:56<br />
SWB#show vlan brief<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1<br />
10 Accounting active Fa0/4, Fa0/5, Fa0/6, Fa0/7<br />
Fa0/8<br />
20 Marketing active Fa0/9, Fa0/10, Fa0/11,<br />
Fa0/12<br />
Fa0/13, Fa0/14, Fa0/15,<br />
Fa0/16<br />
30 Purchasing<br />
Fa0/24<br />
active Fa0/17, Fa0/18, Fa0/19,<br />
Fa0/20<br />
Fa0/21, Fa0/22, Fa0/23,<br />
1002 fddi-default active<br />
1003 token-ring-default active<br />
1004 fddinet-default active<br />
1005 trnet-default active
Task 3: Configure Inter-VLAN Routing<br />
Step 1. The Fast Ethernet interface on RTA that is attached to SWA will trunk VLANs. Make sure you<br />
configure the Fa0/1 port on SWA to trunking mode <strong>and</strong> activate it.<br />
RTA(config)#interface FastEthernet0/1<br />
RTA(config-if)#no shutdown<br />
Step 2. Configure RTA to trunk for all three VLANs by using the subinterface designations <strong>and</strong> IP<br />
addresses shown in Table 9-6. Make sure the physical interface is activated. Also, for VLAN 1,<br />
make sure you add the native argument to the end of the encapsulation comm<strong>and</strong>.<br />
RTA(config-if)#interface FastEthernet0/1.1<br />
RTA(config-subif)#encapsulation dot1Q 1 native<br />
RTA(config-subif)#ip address 10.1.0.1 255.255.0.0<br />
RTA(config-subif)#interface FastEthernet0/1.10<br />
RTA(config-subif)#encapsulation dot1Q 10<br />
RTA(config-subif)#ip address 10.10.0.1 255.255.0.0<br />
RTA(config-subif)#interface FastEthernet0/1.20<br />
RTA(config-subif)#encapsulation dot1Q 20<br />
RTA(config-subif)#ip address 10.20.0.1 255.255.0.0<br />
RTA(config-subif)#interface FastEthernet0/1.30<br />
RTA(config-subif)#encapsulation dot1Q 30<br />
RTA(config-subif)#ip address 10.40.0.1 255.255.0.0<br />
RTA(config-subif)#end<br />
Chapter 9: VLAN Trunking Protocol 435<br />
Output from the show ip interface brief comm<strong>and</strong> should look like the following:<br />
RTA#show ip interface brief<br />
Interface IP-Address OK? Method Status Protocol<br />
FastEthernet0/0 unassigned YES unset administratively down down<br />
Serial0/0 unassigned YES unset administratively down down<br />
FastEthernet0/1 unassigned YES unset up up<br />
FastEthernet0/1.1 10.1.0.1 YES manual up up<br />
FastEthernet0/1.10 10.10.0.1 YES manual up up<br />
FastEthernet0/1.20 10.20.0.1 YES manual up up<br />
FastEthernet0/1.30 10.30.0.1 YES manual up up<br />
Step 3. Attach two workstations to the network. One should be attached to a port on SWA. Attach the<br />
other to SWB on a port that belongs to a different VLAN from the workstation attached to<br />
SWA. Document your choices in the space provided. Remember that the default gateway will<br />
be the IP address of the router’s subinterface that belongs to the same VLAN.
436 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Workstation attached to SWA:<br />
Port __________<br />
VLAN __________<br />
IP address ________________<br />
Subnet mask _______________<br />
Workstation attached to SWB:<br />
Port __________<br />
VLAN __________<br />
IP address ________________<br />
Subnet mask _______________<br />
Step 4. Verify that the two workstations can ping each other. If they cannot, troubleshoot.<br />
Task 4: Adding, Moving, <strong>and</strong> Deleting VLANs<br />
Step 1. A few employees from the Warehousing department are relocating to the office serviced by the<br />
SWB switch. Create a new VLAN 40 named Warehousing. Record the comm<strong>and</strong>s, including<br />
switch prompt, to create this new VLAN.<br />
SWA(config)#vlan 40<br />
SWA(config-vlan)#name Warehousing<br />
Step 2. Verify that SWB has incremented its VTP configuration revision number <strong>and</strong> has the new<br />
VLAN listed.<br />
SWB#show vtp status<br />
VTP Version : 2<br />
Configuration Revision : 4<br />
Maximum VLANs supported locally : 64<br />
Number of existing VLANs : 9<br />
VTP Operating Mode : Client<br />
VTP Domain Name : <strong>CCNA</strong>3<br />
VTP Pruning Mode : Disabled<br />
VTP V2 Mode : Disabled<br />
VTP Traps Generation : Disabled<br />
MD5 digest : 0xBC 0xD2 0x4A 0x5B 0xF3 0x03 0x26 0x75<br />
Configuration last modified by 10.1.0.2 at 3-1-93 01:17:40<br />
SWB#show vlan brief<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1<br />
10 Accounting active Fa0/4, Fa0/5, Fa0/6, Fa0/7<br />
Fa0/8<br />
20 Marketing active Fa0/9, Fa0/10, Fa0/11, Fa0/12<br />
Fa0/13, Fa0/14, Fa0/15, Fa0/16<br />
30 Purchasing active Fa0/17, Fa0/18, Fa0/19, Fa0/20<br />
Fa0/21, Fa0/22, Fa0/23, Fa0/24
40 Warehousing active<br />
1002 fddi-default active<br />
1003 token-ring-default active<br />
1004 fddinet-default active<br />
1005 trnet-default active<br />
Step 3. Because the Purchasing department has only four employees in the office serviced by SWB,<br />
reassign the last four ports on SWB to the new Warehousing VLAN. Record the comm<strong>and</strong>s<br />
you used <strong>and</strong> verify your configuration with the show vlan brief comm<strong>and</strong>.<br />
SWB(config)#interface range fa0/21 - 24<br />
SWB(config-if-range)#switchport access vlan 40<br />
SWB#show vlan brief<br />
Chapter 9: VLAN Trunking Protocol 437<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1<br />
10 Accounting active Fa0/4, Fa0/5, Fa0/6, Fa0/7<br />
Fa0/8<br />
20 Marketing active Fa0/9, Fa0/10, Fa0/11, Fa0/12<br />
Fa0/13, Fa0/14, Fa0/15, Fa0/16<br />
30 Purchasing active Fa0/17, Fa0/18, Fa0/19, Fa0/20<br />
40 Warehousing active Fa0/21, Fa0/22, Fa0/23, Fa0/24<br />
1002 fddi-default active<br />
1003 token-ring-default active<br />
1004 fddinet-default active<br />
1005 trnet-default active<br />
Step 4. The Purchasing department has been consolidated with the Accounting department. The<br />
Purchasing employees on SWB have transferred to the office serviced by SWA. Record the<br />
comm<strong>and</strong> to delete VLAN 30. Verify with the show vtp status <strong>and</strong> show vlan brief comm<strong>and</strong>s<br />
on SWB.<br />
SWA(config)#no vlan 30<br />
SWA(config)#exit<br />
SWB#show vtp status<br />
VTP Version : 2<br />
Configuration Revision : 5<br />
Maximum VLANs supported locally : 64<br />
Number of existing VLANs : 8<br />
VTP Operating Mode : Client<br />
VTP Domain Name : <strong>CCNA</strong>3<br />
VTP Pruning Mode : Disabled<br />
VTP V2 Mode : Disabled<br />
VTP Traps Generation : Disabled<br />
MD5 digest : 0x80 0xED 0x23 0x29 0x92 0x92 0xBE 0x09<br />
Configuration last modified by 10.1.0.2 at 3-1-93 02:07:29<br />
SWB#show vlan brief
438 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1<br />
10 Accounting active Fa0/4, Fa0/5, Fa0/6, Fa0/7<br />
Fa0/8<br />
20 Marketing active Fa0/9, Fa0/10, Fa0/11, Fa0/12<br />
Fa0/13, Fa0/14, Fa0/15, Fa0/16<br />
40 Warehousing active Fa0/21, Fa0/22, Fa0/23, Fa0/24<br />
1002 fddi-default active<br />
1003 token-ring-default active<br />
1004 fddinet-default active<br />
1005 trnet-default active<br />
Step 5. Notice from the show vlan brief output for SWB that ports Fa0/17 through Fa0/20 are not<br />
assigned to any VLAN. Correct this by assigning them to the Warehousing VLAN. Record the<br />
comm<strong>and</strong>s you used <strong>and</strong> then verify with the show vlan brief comm<strong>and</strong>.<br />
SWB(config)#interface range fa0/17 - 20<br />
SWB(config-if-range)#switchport access vlan 40<br />
SWB#show vlan brief<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1<br />
10 Accounting active Fa0/4, Fa0/5, Fa0/6, Fa0/7<br />
Fa0/8<br />
20 Marketing active Fa0/9, Fa0/10, Fa0/11, Fa0/12<br />
Fa0/13, Fa0/14, Fa0/15, Fa0/16<br />
40 Warehousing active Fa0/17, Fa0/18, Fa0/19, Fa0/20<br />
Fa0/21, Fa0/22, Fa0/23, Fa0/24<br />
1002 fddi-default active<br />
1003 token-ring-default active<br />
1004 fddinet-default active<br />
1005 trnet-default active<br />
Step 6. On SWA, assign the ports that belonged to the Purchasing VLAN to the Accounting VLAN.<br />
Record the comm<strong>and</strong>s you used <strong>and</strong> then verify with the show vlan brief comm<strong>and</strong>.<br />
SWA(config)#interface range fa0/17 - 24<br />
SWA(config-if-range)#switchport access vlan 10<br />
SWA#show vlan brief<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1, Gi0/1, Gi0/2<br />
10 Accounting active Fa0/4, Fa0/5, Fa0/6, Fa0/7<br />
Fa0/8, Fa0/17, Fa0/18, Fa0/19<br />
Fa0/20, Fa0/21, Fa0/22, Fa0/23<br />
Fa0/24
20 Marketing active Fa0/9, Fa0/10, Fa0/11, Fa0/12<br />
Fa0/13, Fa0/14, Fa0/15, Fa0/16<br />
40 Warehousing active<br />
1002 fddi-default active<br />
1003 token-ring-default active<br />
1004 fddinet-default active<br />
1005 trnet-default active<br />
Step 7. If you attach a workstation to the Warehousing VLAN, it will not be able to ping any workstations<br />
outside its own VLAN. Try it. Why were the pings unsuccessful?<br />
Because RTA has not yet been configured to route for VLAN 40.<br />
Chapter 9: VLAN Trunking Protocol 439<br />
Step 8. Record <strong>and</strong> implement the configuration changes necessary to ensure that Warehousing workstations<br />
have inter-VLAN communication ability. Verify that a Warehousing workstation can<br />
ping another workstation attached to a different VLAN.<br />
RTA(config)#no interface fa0/1.30<br />
Not all config may be removed <strong>and</strong> may reappear after reactivating the subinterface<br />
RTA(config)#interface fa0/1.40<br />
RTA(config-subif)#description Warehousing VLAN 40<br />
RTA(config-subif)#encapsulation dot1q 40<br />
RTA(config-subif)#ip address 10.40.0.1 255.255.0.0<br />
RTA(config-subif)#end<br />
RTA#show ip interface brief<br />
Interface IP-Address OK? Method Status Protocol<br />
FastEthernet0/0 unassigned YES unset administratively down down<br />
Serial0/0 unassigned YES unset administratively down down<br />
FastEthernet0/1 unassigned YES unset up up<br />
FastEthernet0/1.1 10.1.0.1 YES manual up up<br />
FastEthernet0/1.10 10.10.0.1 YES manual up up<br />
FastEthernet0/1.20 10.20.0.1 YES manual up up<br />
FastEthernet0/1.30 unassigned YES manual deleted down<br />
FastEthernet0/1.40 10.40.0.1 YES manual up up
440 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 5: Documentation<br />
Document your configurations by capturing the following output:<br />
■ show run<br />
■ show vlan brief<br />
■ show vtp status<br />
■ On RTA, capture show run <strong>and</strong> show ip interface brief<br />
Final scripts <strong>and</strong> verification output:<br />
RTA<br />
!<br />
hostname RTA<br />
!<br />
enable secret class<br />
!<br />
no ip domain lookup<br />
ip host SWB 10.1.0.3<br />
ip host SWA 10.1.0.2<br />
!<br />
interface FastEthernet0/1<br />
no shutdown<br />
!<br />
interface FastEthernet0/1.1<br />
description Management VLAN 1<br />
encapsulation dot1Q 1 native<br />
ip address 10.1.0.1 255.255.0.0<br />
!<br />
interface FastEthernet0/1.10<br />
description Accounting VLAN 10<br />
encapsulation dot1Q 10<br />
ip address 10.10.0.1 255.255.0.0<br />
!<br />
interface FastEthernet0/1.20<br />
description Marketing VLAN 20<br />
encapsulation dot1Q 20<br />
ip address 10.20.0.1 255.255.0.0<br />
!<br />
interface FastEthernet0/1.40<br />
description Warehousing VLAN 40<br />
encapsulation dot1Q 40<br />
ip address 10.40.0.1 255.255.0.0<br />
!<br />
banner motd $<br />
***********************************<br />
!!!AUTHORIZE ACCESS ONLY!!!<br />
***********************************
$<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line aux 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
end<br />
RTA#show ip interface brief<br />
Interface IP-Address OK? Method Status Protocol<br />
FastEthernet0/0 unassigned YES unset administratively down down<br />
Serial0/0 unassigned YES unset administratively down down<br />
FastEthernet0/1 unassigned YES unset up up<br />
FastEthernet0/1.1 10.1.0.1 YES manual up up<br />
FastEthernet0/1.10 10.10.0.1 YES manual up up<br />
FastEthernet0/1.20 10.20.0.1 YES manual up up<br />
FastEthernet0/1.30 unassigned YES manual deleted down<br />
FastEthernet0/1.40 10.40.0.1 YES manual up up<br />
SWA !————————————————————<br />
!VTP <strong>and</strong> VLAN configuration does not show<br />
!————————————————————<br />
enable<br />
config t<br />
vtp mode server<br />
vtp domain <strong>CCNA</strong>3<br />
vtp password cisco<br />
Chapter 9: VLAN Trunking Protocol 441
442 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
vlan 10<br />
name Accounting<br />
vlan 20<br />
name Marketing<br />
vlan 40<br />
name Warehousing<br />
!————————————————————<br />
!<br />
hostname SWA<br />
!<br />
enable secret class<br />
!<br />
no ip domain-lookup<br />
ip host SWB 10.1.0.3<br />
ip host RTA 10.1.0.1<br />
!<br />
interface FastEthernet0/1<br />
!<br />
switchport mode trunk<br />
interface FastEthernet0/2<br />
!<br />
switchport mode trunk<br />
interface FastEthernet0/3<br />
!<br />
switchport mode trunk<br />
interface range FastEthernet0/4 - 8<br />
switchport access vlan 10<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
!The ‘maximum’ comm<strong>and</strong> does not show in configuration<br />
!<br />
switchport port-security maximum 1<br />
interface range FastEthernet0/9 - 16<br />
switchport access vlan 20<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
!The ‘maximum’ comm<strong>and</strong> does not show in configuration<br />
!<br />
switchport port-security maximum 1<br />
interface range FastEthernet0/17 - 24<br />
switchport access vlan 10<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky
!The ‘maximum’ comm<strong>and</strong> does not show in configuration<br />
!<br />
switchport port-security maximum 1<br />
interface Vlan1<br />
!<br />
ip address 10.1.0.2 255.255.0.0<br />
no shutdown<br />
ip default-gateway 10.1.0.1<br />
!<br />
banner motd $<br />
***********************************<br />
!!!AUTHORIZE ACCESS ONLY!!!<br />
***********************************<br />
$<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 5 15<br />
!<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
end<br />
SWA#show vlan brief<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1, Gi0/1, Gi0/2<br />
10 Accounting active Fa0/4, Fa0/5, Fa0/6, Fa0/7<br />
Fa0/8, Fa0/17, Fa0/18, Fa0/19<br />
Fa0/20, Fa0/21, Fa0/22, Fa0/23<br />
Fa0/24<br />
20 Marketing active Fa0/9, Fa0/10, Fa0/11, Fa0/12<br />
40 Warehousing active<br />
1002 fddi-default active<br />
Chapter 9: VLAN Trunking Protocol 443<br />
Fa0/13, Fa0/14, Fa0/15, Fa0/16
444 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
1003 token-ring-default active<br />
1004 fddinet-default active<br />
1005 trnet-default active<br />
SWA#show vtp status<br />
VTP Version : 2<br />
Configuration Revision : 5<br />
Maximum VLANs supported locally : 250<br />
Number of existing VLANs : 8<br />
VTP Operating Mode : Server<br />
VTP Domain Name : <strong>CCNA</strong>3<br />
VTP Pruning Mode : Disabled<br />
VTP V2 Mode : Disabled<br />
VTP Traps Generation : Disabled<br />
MD5 digest : 0x80 0xED 0x23 0x29 0x92 0x92 0xBE 0x09<br />
Configuration last modified by 10.1.0.2 at 3-1-93 02:07:29<br />
Local updater ID is 10.1.0.2 on interface Vl1 (lowest numbered VLAN interface found)<br />
SWB !————————————————————<br />
!VTP <strong>and</strong> VLAN configuration does not show<br />
!————————————————————<br />
enable<br />
config t<br />
vtp mode client<br />
vtp domain <strong>CCNA</strong>3<br />
vtp password cisco<br />
!————————————————————<br />
!<br />
hostname SWB<br />
!<br />
enable secret class<br />
!<br />
no ip domain-lookup<br />
ip host SWA 10.1.0.2<br />
ip host RTA 10.1.0.1<br />
!<br />
interface FastEthernet0/1<br />
!<br />
shutdown<br />
interface FastEthernet0/2<br />
!<br />
switchport mode trunk<br />
interface FastEthernet0/3<br />
!<br />
switchport mode trunk
interface range FastEthernet0/4 - 8<br />
switchport access vlan 10<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
!The ‘maximum’ comm<strong>and</strong> does not show in configuration<br />
!<br />
switchport port-security maximum 1<br />
interface range FastEthernet0/9 - 16<br />
switchport access vlan 20<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
!The ‘maximum’ comm<strong>and</strong> does not show in configuration<br />
!<br />
switchport port-security maximum 1<br />
interface range FastEthernet0/17 - 24<br />
switchport access vlan 40<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
!The ‘maximum’ comm<strong>and</strong> does not show in configuration<br />
!<br />
switchport port-security maximum 1<br />
interface Vlan1<br />
!<br />
ip address 10.1.0.3 255.255.0.0<br />
no shutdown<br />
ip default-gateway 10.1.0.1<br />
!<br />
banner motd $<br />
***********************************<br />
!!!AUTHORIZE ACCESS ONLY!!!<br />
***********************************<br />
$<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
Chapter 9: VLAN Trunking Protocol 445
446 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
line vty 5 15<br />
!<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
end<br />
SWB#show vlan brief<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1<br />
10 Accounting active Fa0/4, Fa0/5, Fa0/6, Fa0/7<br />
Fa0/8<br />
20 Marketing active Fa0/9, Fa0/10, Fa0/11, Fa0/12<br />
Fa0/13, Fa0/14, Fa0/15, Fa0/16<br />
40 Warehousing active Fa0/17, Fa0/18, Fa0/19, Fa0/20<br />
1002 fddi-default active<br />
1003 token-ring-default active<br />
1004 fddinet-default active<br />
1005 trnet-default active<br />
SWB#show vtp status<br />
VTP Version : 2<br />
Configuration Revision : 5<br />
Maximum VLANs supported locally : 64<br />
Number of existing VLANs : 8<br />
VTP Operating Mode : Client<br />
VTP Domain Name : <strong>CCNA</strong>3<br />
VTP Pruning Mode : Disabled<br />
VTP V2 Mode : Disabled<br />
VTP Traps Generation : Disabled<br />
Fa0/21, Fa0/22, Fa0/23, Fa0/24<br />
MD5 digest : 0x80 0xED 0x23 0x29 0x92 0x92 0xBE 0x09<br />
Configuration last modified by 10.1.0.2 at 3-1-93 02:07:29
Challenge Lab 9-6: Advanced Switching<br />
Figure 9-9 Advanced Switching Challenge Lab<br />
Table 9-7 Addressing Scheme<br />
Device Interface IP Address Subnet Mask<br />
SWA VLAN 1 172.16.39.2 255.255.255.248<br />
SWB VLAN 1 172.16.39.3 255.255.255.248<br />
DIST Fa0/1.1 172.16.39.1 255.255.255.248<br />
Objectives<br />
■ Configure STP.<br />
■ Configure port security.<br />
■ Configure the VTP server <strong>and</strong> client.<br />
■ Configure <strong>and</strong> assign VLANs.<br />
■ Configure inter-VLAN routing.<br />
■ Verify <strong>and</strong> document configurations.<br />
Equipment<br />
VLAN 10<br />
fa0/4<strong>–</strong>8<br />
fa0/1<br />
802.1q Trunk<br />
fa0/1<br />
Fa0/1.10 172.16.32.1 255.255.252.0<br />
Fa0/1.20 172.16.36.1 255.255.254.0<br />
Fa0/1.30 172.16.38.1 255.255.255.0<br />
The topology shown in Figure 9-9 is using 2950 switches <strong>and</strong> a 2621 router. You can also use a 1700<br />
series router that supports VLAN trunking.<br />
NetLab Compatibility Notes<br />
DIST<br />
SWA<br />
VLAN 20<br />
fa0/9<strong>–</strong>16<br />
fa0/2<br />
fa0/3 802.1q Trunk<br />
VLAN 30<br />
fa0/17<strong>–</strong>24<br />
VLAN 10<br />
fa0/4<strong>–</strong>8<br />
Chapter 9: VLAN Trunking Protocol 447<br />
VLAN 1 172.16.39.0/29<br />
VLAN 10 172.16.32.0/22<br />
VLAN 20 172.16.36.0/23<br />
VLAN 30 172.16.38.0/24<br />
This lab is fully compatible with a st<strong>and</strong>ard NetLab Basic Switch Pod although you will not be able to<br />
fully test your VLANs or port security.<br />
fa0/2<br />
fa0/3<br />
SWB<br />
VLAN 20<br />
fa0/9<strong>–</strong>16<br />
VLAN 30<br />
fa0/17<strong>–</strong>24
448 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 1: Cable the Topology <strong>and</strong> Basic Configuration<br />
Step 1. Choose two 2950 switches <strong>and</strong> one router with a Fast Ethernet interface (1700 or 2600) <strong>and</strong><br />
cable them according to the topology. (If using NetLab, choose a switch router pod.)<br />
Step 2. Configure the switches <strong>and</strong> router according to your instructor’s required basic configuration<br />
hostnames, host tables, lines, <strong>and</strong> banner. Configure each of the switches with the correct<br />
VLAN 1 IP addresses <strong>and</strong> the correct default gateway.<br />
Step 3. Verify connectivity between SWA <strong>and</strong> SWB. Pings should be successful. If they are not, troubleshoot.<br />
Task 2: Configure the Root Bridge for STP<br />
Step 1. SWA should always be the root bridge. Configure SWA with a spanning-tree priority of 4096<br />
for all four VLANs (1, 10, 20, <strong>and</strong> 30).<br />
Step 2. Verify that SWA is the root with the show spanning-tree summary comm<strong>and</strong>. SWA should be<br />
listed as the root bridge, as shown in the following output.<br />
SWA#show spanning-tree summary<br />
Switch is in pvst mode<br />
Root bridge for: VLAN0001, VLAN0010, VLAN0020, VLAN0030<br />
EtherChannel misconfiguration guard is enabled<br />
Extended system ID is enabled<br />
Portfast is disabled by default<br />
PortFast BPDU Guard is disabled by default<br />
Portfast BPDU Filter is disabled by default<br />
Loopguard is disabled by default<br />
UplinkFast is disabled<br />
BackboneFast is disabled<br />
Pathcost method used is short<br />
Name Blocking Listening Learning Forwarding STP Active<br />
——————————— ———— ————- ———— ————— —————<br />
VLAN0001 0 0 0 3 3<br />
VLAN0010 0 0 0 3 3<br />
VLAN0020 0 0 0 3 3<br />
VLAN0030 0 0 0 3 3<br />
——————————— ———— ————- ———— ————— —————<br />
4 vlans 0 0 0 12 12<br />
SWB#show spanning-tree summary<br />
Switch is in pvst mode<br />
Root bridge for: none<br />
EtherChannel misconfiguration guard is enabled<br />
Extended system ID is enabled<br />
Portfast is disabled by default<br />
PortFast BPDU Guard is disabled by default<br />
Portfast BPDU Filter is disabled by default<br />
Loopguard is disabled by default<br />
UplinkFast is disabled<br />
BackboneFast is disabled<br />
Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active<br />
——————————— ———— ————- ———— ————— —————<br />
VLAN0001 1 0 0 1 2<br />
VLAN0010 1 0 0 1 2<br />
VLAN0020 1 0 0 1 2<br />
VLAN0030 1 0 0 1 2<br />
——————————— ———— ————- ———— ————— —————<br />
4 vlans 4 0 0 4 8<br />
Task 3: Configure Port Security<br />
Step 1. As a security precaution, disable the Fast Ethernet 0/1 interface on SWB, because this interface<br />
will not be used for access mode or trunk mode.<br />
Perform the following steps on both SWA <strong>and</strong> SWB.<br />
Chapter 9: VLAN Trunking Protocol 449<br />
Step 2. Configure the access ports (Fa0/4 to 24) for access mode <strong>and</strong> turn on port security.<br />
Step 3. Enter the comm<strong>and</strong> to make the first MAC address learned “stick” to the port. No other MAC<br />
addresses should be allowed (maximum of one MAC per port).<br />
Step 4. Enter the comm<strong>and</strong> that will automatically shut down the port if a security violation occurs.<br />
Step 5. Verify port security with the show port-security comm<strong>and</strong>. Your output should look similar to<br />
the following:<br />
SWA#show port-security<br />
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security<br />
Action<br />
(Count) (Count) (Count)<br />
———————————————————————————————————————-<br />
Fa0/4 1 0 0 Shutdown<br />
Fa0/5 1 0 0 Shutdown<br />
Fa0/6 1 0 0 Shutdown<br />
Fa0/7 1 0 0 Shutdown<br />
Fa0/8 1 0 0 Shutdown<br />
Fa0/9 1 0 0 Shutdown<br />
Fa0/10 1 0 0 Shutdown<br />
Fa0/11 1 0 0 Shutdown<br />
Fa0/12 1 0 0 Shutdown<br />
Fa0/13 1 0 0 Shutdown<br />
Fa0/14 1 0 0 Shutdown<br />
Fa0/15 1 0 0 Shutdown<br />
Fa0/16 1 0 0 Shutdown<br />
Fa0/17 1 0 0 Shutdown<br />
Fa0/18 1 0 0 Shutdown<br />
Fa0/19 1 0 0 Shutdown<br />
Fa0/20 1 0 0 Shutdown<br />
Fa0/21 1 0 0 Shutdown<br />
Fa0/22 1 0 0 Shutdown<br />
Fa0/23 1 0 0 Shutdown<br />
Fa0/24 1 0 0 Shutdown<br />
———————————————————————————————————————-<br />
Total Addresses in System : 0<br />
Max Addresses limit in System : 1024
450 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
SWB#show port-security<br />
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security<br />
Action<br />
(Count) (Count) (Count)<br />
———————————————————————————————————————-<br />
Fa0/4 1 0 0 Shutdown<br />
Fa0/5 1 0 0 Shutdown<br />
Fa0/6 1 0 0 Shutdown<br />
Fa0/7 1 0 0 Shutdown<br />
Fa0/8 1 0 0 Shutdown<br />
Fa0/9 1 0 0 Shutdown<br />
Fa0/10 1 0 0 Shutdown<br />
Fa0/11 1 0 0 Shutdown<br />
Fa0/12 1 0 0 Shutdown<br />
Fa0/13 1 0 0 Shutdown<br />
Fa0/14 1 0 0 Shutdown<br />
Fa0/15 1 0 0 Shutdown<br />
Fa0/16 1 0 0 Shutdown<br />
Fa0/17 1 0 0 Shutdown<br />
Fa0/18 1 0 0 Shutdown<br />
Fa0/19 1 0 0 Shutdown<br />
Fa0/20 1 0 0 Shutdown<br />
Fa0/21 1 0 0 Shutdown<br />
Fa0/22 1 0 0 Shutdown<br />
Fa0/23 1 0 0 Shutdown<br />
Fa0/24 1 0 0 Shutdown<br />
———————————————————————————————————————-<br />
Total Addresses in System : 0<br />
Max Addresses limit in System : 1024<br />
Task 4: Configure VTP <strong>and</strong> VLANs<br />
Step 1. Configure SWA as the VTP server with the domain name <strong>CCNA</strong>3 <strong>and</strong> password cisco.<br />
Configure SWB as a VTP client in the same domain using the same password.<br />
Step 2. Configure VLANs with names on the VTP server.<br />
■ VLAN 10 is the Accounting VLAN.<br />
■ VLAN 20 is the Marketing VLAN.<br />
■ VLAN 30 is the Purchasing VLAN.<br />
Step 3. Configure the appropriate ports on SWA <strong>and</strong> SWB for trunking. Verify trunking is properly<br />
configured with the show interface trunk comm<strong>and</strong> on both SWA <strong>and</strong> SWB.<br />
SWA#show interface trunk<br />
Port Mode Encapsulation Status Native vlan<br />
Fa0/1 on 802.1q trunking 1<br />
Fa0/2 on 802.1q trunking 1<br />
Fa0/3 on 802.1q trunking 1<br />
Port Vlans allowed on trunk<br />
Fa0/1 1-4094<br />
Fa0/2 1-4094
Fa0/3 1-4094<br />
Port Vlans allowed <strong>and</strong> active in management domain<br />
Fa0/1 1,10,20,30<br />
Fa0/2 1,10,20,30<br />
Fa0/3 1,10,20,30<br />
Port Vlans in spanning tree forwarding state <strong>and</strong> not pruned<br />
Fa0/1 1,10,20,30<br />
Fa0/2 1,10,20,30<br />
Fa0/3 1,10,20,30<br />
SWB#show interface trunk<br />
Port Mode Encapsulation Status Native vlan<br />
Fa0/2 on 802.1q trunking 1<br />
Fa0/3 on 802.1q trunking 1<br />
Port Vlans allowed on trunk<br />
Fa0/2 1-4094<br />
Fa0/3 1-4094<br />
Port Vlans allowed <strong>and</strong> active in management domain<br />
Fa0/2 1,10,20,30<br />
Fa0/3 1,10,20,30<br />
Port Vlans in spanning tree forwarding state <strong>and</strong> not pruned<br />
Fa0/2 1,10,20,30<br />
Fa0/3 none<br />
Step 4. Assign access ports to their correct VLAN as specified in the topology.<br />
Step 5. Verify both the VTP status <strong>and</strong> VLAN configuration on both switches with the show vtp status<br />
<strong>and</strong> show vlan brief comm<strong>and</strong>s. Your output should look similar to the following:<br />
SWA#show vtp status<br />
VTP Version : 2<br />
Configuration Revision : 1<br />
Maximum VLANs supported locally : 64<br />
Number of existing VLANs : 8<br />
VTP Operating Mode : Server<br />
VTP Domain Name : <strong>CCNA</strong>3<br />
VTP Pruning Mode : Disabled<br />
VTP V2 Mode : Disabled<br />
VTP Traps Generation : Disabled<br />
MD5 digest : 0xE0 0x67 0x70 0x4A 0x3C 0xAB 0x44 0x67<br />
Configuration last modified by 172.16.39.2 at 3-10-93 01:23:32<br />
Local updater ID is 172.16.39.2 on interface Vl1 (lowest numbered VLAN interface<br />
found)<br />
SWA#show vlan brief<br />
Chapter 9: VLAN Trunking Protocol 451<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-
452 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
1 default active<br />
10 Accounting active Fa0/4, Fa0/5, Fa0/6, Fa0/7<br />
Fa0/8<br />
20 Marketing active Fa0/9, Fa0/10, Fa0/11, Fa0/12<br />
Fa0/13, Fa0/14, Fa0/15, Fa0/16<br />
30 Purchasing active Fa0/17, Fa0/18, Fa0/19, Fa0/20<br />
Fa0/21, Fa0/22, Fa0/23, Fa0/24<br />
1002 fddi-default active<br />
1003 token-ring-default active<br />
1004 fddinet-default active<br />
1005 trnet-default active<br />
SWB#show vtp status<br />
VTP Version : 2<br />
Configuration Revision : 1<br />
Maximum VLANs supported locally : 64<br />
Number of existing VLANs : 8<br />
VTP Operating Mode : Client<br />
VTP Domain Name : <strong>CCNA</strong>3<br />
VTP Pruning Mode : Disabled<br />
VTP V2 Mode : Disabled<br />
VTP Traps Generation : Disabled<br />
MD5 digest : 0xE0 0x67 0x70 0x4A 0x3C 0xAB 0x44 0x67<br />
Configuration last modified by 172.16.39.2 at 3-10-93 01:23:32<br />
SWB#show vlan brief<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1<br />
10 Accounting active Fa0/4, Fa0/5, Fa0/6, Fa0/7<br />
Fa0/8<br />
20 Marketing active Fa0/9, Fa0/10, Fa0/11, Fa0/12<br />
Fa0/13, Fa0/14, Fa0/15, Fa0/16<br />
30 Purchasing active Fa0/17, Fa0/18, Fa0/19, Fa0/20<br />
Fa0/21, Fa0/22, Fa0/23, Fa0/24<br />
1002 fddi-default active<br />
1003 token-ring-default active<br />
1004 fddinet-default active<br />
1005 trnet-default active
Task 5: Set Up DHCP on the DIST Router<br />
Although DHCP (Dynamic Host Configuration Protocol) is a <strong>CCNA</strong> 4 objective, it will help in this lab to<br />
use dynamic assignment of IP addresses. Later in the lab, when you connect a workstation to one of the<br />
switches, a DHCP broadcast will be sent to DIST. DIST will send a DHCP offer to your workstation with<br />
an appropriate IP address for the VLAN the workstation is attached to. Make sure your workstations are<br />
set to “Obtain IP address automatically.” Add the following comm<strong>and</strong>s while in global configuration mode<br />
on DIST:<br />
ip dhcp excluded-address 172.16.32.1 172.16.32.10<br />
ip dhcp excluded-address 172.16.36.1 172.16.36.10<br />
ip dhcp excluded-address 172.16.38.1 172.16.38.10<br />
!<br />
ip dhcp pool VLAN10<br />
network 172.16.32.0 255.255.252.0<br />
default-router 172.16.32.1<br />
!<br />
ip dhcp pool VLAN20<br />
network 172.16.36.0 255.255.254.0<br />
default-router 172.16.36.1<br />
!<br />
ip dhcp pool VLAN30<br />
network 172.16.38.0 255.255.255.0<br />
default-router 172.16.38.1<br />
Task 6: Configure Inter-VLAN Routing<br />
Configure DIST to route all VLANs by completing the following:<br />
Step 1. Activate the physical interface.<br />
Step 2. Create subinterfaces for each of the four VLANs. Number each subinterface with the VLAN<br />
number. For example, the VLAN 1 subinterface should be numbered fa0.1 or fa0/0.1, depending<br />
on the router.<br />
Step 3. Configure each subinterface for 802.1q trunking <strong>and</strong> assign each subinterface the first IP<br />
address in the appropriate subnet for that VLAN (refer to the topology).<br />
Step 4. Configure each subinterface with an appropriate description.<br />
Chapter 9: VLAN Trunking Protocol 453<br />
Step 5. Verify that the show ip interface brief comm<strong>and</strong> output is similar to the following output:<br />
DIST#show ip interface brief<br />
Interface IP-Address OK? Method Status Protocol<br />
FastEthernet0/0 unassigned YES unset administratively down down<br />
Serial0/0 unassigned YES unset administratively down down<br />
FastEthernet0/1 unassigned YES unset up up<br />
FastEthernet0/1.1 172.16.39.1 YES manual up up<br />
FastEthernet0/1.10 172.16.32.1 YES manual up up<br />
FastEthernet0/1.20 172.16.36.1 YES manual up up<br />
FastEthernet0/1.30 172.16.38.1 YES manual up up
454 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Step 6. Verify connectivity between all three devices. Each device should be able to ping the other two<br />
devices.<br />
DIST#ping SWA<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 172.16.39.2, timeout is 2 seconds:<br />
!!!!!<br />
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/8 ms<br />
DIST#ping SWB<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 172.16.39.3, timeout is 2 seconds:<br />
!!!!!<br />
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms<br />
SWB#ping SWA<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 172.16.39.2, timeout is 2 seconds:<br />
!!!!!<br />
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms<br />
Task 7: Verify Inter-VLAN Routing<br />
Step 1. Attach two workstations to different VLANs.<br />
Step 2. Verify that each workstation received an IP address from the DHCP server on DIST.<br />
Step 3. Verify that the two workstations can ping each other. Traceroute should show that the ping<br />
packets are going through the router. The following is some sample output of this verification.<br />
Yours should look similar.<br />
——————————————————————————-<br />
Configuration for a Workstation attached to VLAN 10<br />
——————————————————————————-<br />
C:\>ipconfig<br />
Windows IP Configuration<br />
Ethernet adapter Local Area Connection:<br />
Connection-specific DNS Suffix . :<br />
IP Address. . . . . . . . . . . . : 172.16.32.11<br />
Subnet Mask . . . . . . . . . . . : 255.255.252.0<br />
Default Gateway . . . . . . . . . : 172.16.32.1<br />
——————————————————————————-<br />
Configuration for a Workstation attached to VLAN 20<br />
——————————————————————————-<br />
C:\>ipconfig
Windows IP Configuration<br />
Ethernet adapter Local Area Connection:<br />
Connection-specific DNS Suffix . :<br />
IP Address. . . . . . . . . . . . : 172.16.36.11<br />
Subnet Mask . . . . . . . . . . . : 255.255.255.0<br />
Default Gateway . . . . . . . . . : 172.16.36.1<br />
——————————————————————-<br />
VLAN 10 Workstation pings VLAN 20 workstation<br />
——————————————————————-<br />
C:\>ping 172.16.36.11<br />
Pinging 172.16.36.11 with 32 bytes of data:<br />
Reply from 172.16.36.11: bytes=32 time=2ms TTL=127<br />
Reply from 172.16.36.11: bytes=32 time=1ms TTL=127<br />
Reply from 172.16.36.11: bytes=32 time=1ms TTL=127<br />
Reply from 172.16.36.11: bytes=32 timetracert 172.16.36.11<br />
Tracing route to 172.16.36.12 over a maximum of 30 hops<br />
1 1 ms 1 ms
456 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
All 0100.0ccc.cccc STATIC CPU<br />
All 0100.0ccc.cccd STATIC CPU<br />
All 0100.0cdd.dddd STATIC CPU<br />
1 000c.857f.9ea0 DYNAMIC Fa0/1<br />
1 000d.28f2.6942 DYNAMIC Fa0/2<br />
1 000d.28f2.6943 DYNAMIC Fa0/3<br />
10 000c.857f.9ea0 DYNAMIC Fa0/1<br />
10 000d.56a1.a975 STATIC Fa0/4<br />
20 000c.857f.9ea0 DYNAMIC Fa0/1<br />
20 000d.56a1.c8f7 STATIC Fa0/9<br />
Total Mac Addresses for this criterion: 11<br />
SWA#show run<br />
<br />
!<br />
interface FastEthernet0/4<br />
switchport port-security mac-address sticky 000d.56a1.a975<br />
!<br />
interface FastEthernet0/9<br />
switchport port-security mac-address sticky 000d.56a1.c8f7<br />
Step 5. Enter the show port-security comm<strong>and</strong>. The output should now show that the two ports are<br />
counted.<br />
SWA#show port-security<br />
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security<br />
Action<br />
(Count) (Count) (Count)<br />
———————————————————————————————————————-<br />
Fa0/4 1 1 0 Shutdown<br />
Fa0/5 1 0 0 Shutdown<br />
Fa0/6 1 0 0 Shutdown<br />
Fa0/7 1 0 0 Shutdown<br />
Fa0/8 1 0 0 Shutdown<br />
Fa0/9 1 1 0 Shutdown<br />
Fa0/10 1 0 0 Shutdown<br />
Fa0/11 1 0 0 Shutdown<br />
Fa0/12 1 0 0 Shutdown<br />
Fa0/13 1 0 0 Shutdown<br />
Fa0/14 1 0 0 Shutdown<br />
Fa0/15 1 0 0 Shutdown<br />
Fa0/16 1 0 0 Shutdown<br />
Fa0/17 1 0 0 Shutdown<br />
Fa0/18 1 0 0 Shutdown<br />
Fa0/19 1 0 0 Shutdown<br />
Fa0/20 1 0 0 Shutdown<br />
Fa0/21 1 0 0 Shutdown<br />
Fa0/22 1 0 0 Shutdown<br />
Fa0/23 1 0 0 Shutdown<br />
Fa0/24 1 0 0 Shutdown<br />
———————————————————————————————————————-<br />
Total Addresses in System : 2<br />
Max Addresses limit in System : 1024
Chapter 9: VLAN Trunking Protocol 457<br />
Step 6. Verify that a port currently used by one of your workstations will shut down when another<br />
workstation is attached to the same port. When you attach the workstation, you will see the link<br />
beat light go green for a brief moment. Then it will go dark as the port is automatically shut<br />
down. On the switch console, you may get syslog messages similar to the following output.<br />
2d23h: %LINK-3-UPDOWN: Interface FastEthernet0/4, changed state to down<br />
2d23h: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred,<br />
caused by MAC address 000d.56a1.acfc on port Fa0/4.<br />
2d23h: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/4,<br />
putting Fa0/4 in err-disable state<br />
Step 7. Verify that the port is shut down with the show interface <strong>and</strong> show port-security comm<strong>and</strong>s.<br />
SWA#show interface fastethernet 0/4<br />
FastEthernet0/4 is down, line protocol is down (err-disabled)<br />
SWA#show port-security<br />
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security<br />
Action<br />
(Count) (Count) (Count)<br />
———————————————————————————————————————-<br />
Fa0/4 1 1 1 Shutdown<br />
Fa0/5 1 0 0 Shutdown<br />
Fa0/6 1 0 0 Shutdown<br />
Fa0/7 1 0 0 Shutdown<br />
Fa0/8 1 0 0 Shutdown<br />
Fa0/9 1 1 0 Shutdown<br />
Fa0/10 1 0 0 Shutdown<br />
Fa0/11 1 0 0 Shutdown<br />
Fa0/12 1 0 0 Shutdown<br />
Fa0/13 1 0 0 Shutdown<br />
Fa0/14 1 0 0 Shutdown<br />
Fa0/15 1 0 0 Shutdown<br />
Fa0/16 1 0 0 Shutdown<br />
Fa0/17 1 0 0 Shutdown<br />
Fa0/18 1 0 0 Shutdown<br />
Fa0/19 1 0 0 Shutdown<br />
Fa0/20 1 0 0 Shutdown<br />
Fa0/21 1 0 0 Shutdown<br />
Fa0/22 1 0 0 Shutdown<br />
Fa0/23 1 0 0 Shutdown<br />
Fa0/24 1 0 0 Shutdown<br />
———————————————————————————————————————-<br />
Total Addresses in System : 2<br />
Max Addresses limit in System : 1024<br />
Step 8. Complete the procedures necessary to remove this port from the err-disabled state <strong>and</strong> allow<br />
the new workstation’s MAC address to “stick” to the configuration.
458 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 8: Documentation<br />
Document your configurations by capturing the following output:<br />
■ show run<br />
■ show vlan brief<br />
■ show spanning-tree summary<br />
■ show vtp status<br />
■ show port-security<br />
■ show mac-address-table<br />
■ On DIST, capture show run<br />
Final scripts <strong>and</strong> verification output:<br />
DIST#<br />
!<br />
ena<br />
config t<br />
!<br />
hostname DIST<br />
!<br />
enable secret class<br />
!<br />
ip dhcp excluded-address 172.16.32.1 172.16.32.10<br />
ip dhcp excluded-address 172.16.36.1 172.16.36.10<br />
ip dhcp excluded-address 172.16.38.1 172.16.38.10<br />
!<br />
ip dhcp pool VLAN10<br />
network 172.16.32.0 255.255.252.0<br />
default-router 172.16.32.1<br />
!<br />
ip dhcp pool VLAN20<br />
network 172.16.36.0 255.255.254.0<br />
default-router 172.16.36.1<br />
!<br />
ip dhcp pool VLAN30<br />
network 172.16.38.0 255.255.255.0<br />
default-router 172.16.38.1<br />
!<br />
no ip domain lookup<br />
ip host SWB 172.16.39.3<br />
ip host SWA 172.16.39.2<br />
!<br />
interface FastEthernet0/1<br />
no shutdown<br />
!<br />
interface FastEthernet0/1.1
!<br />
description Management VLAN 1<br />
encapsulation dot1Q 1 native<br />
ip address 172.16.39.1 255.255.255.248<br />
interface FastEthernet0/1.10<br />
!<br />
description Accounting VLAN 10<br />
encapsulation dot1Q 10<br />
ip address 172.16.32.1 255.255.252.0<br />
interface FastEthernet0/1.20<br />
!<br />
description Marketing VLAN 20<br />
encapsulation dot1Q 20<br />
ip address 172.16.36.1 255.255.254.0<br />
interface FastEthernet0/1.30<br />
!<br />
description Purchasing VLAN 30<br />
encapsulation dot1Q 30<br />
ip address 172.16.38.1 255.255.255.0<br />
banner motd $<br />
***********************************<br />
!!!AUTHORIZE ACCESS ONLY!!!<br />
***********************************<br />
$<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line aux 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
end<br />
SWA ena<br />
config t<br />
!————————————————————<br />
Chapter 9: VLAN Trunking Protocol 459
460 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
!VTP <strong>and</strong> VLAN configuration does not show<br />
!————————————————————<br />
vtp mode server<br />
vtp domain <strong>CCNA</strong>3<br />
vtp password cisco<br />
vlan 10<br />
name Accounting<br />
vlan 20<br />
name Marketing<br />
vlan 30<br />
name Purchasing<br />
!————————————————————<br />
!<br />
hostname SWA<br />
!<br />
enable secret class<br />
!<br />
ip host SWB 172.16.39.3<br />
ip host DIST 172.16.39.1<br />
!<br />
!<br />
spanning-tree vlan 1 priority 4096<br />
spanning-tree vlan 10 priority 4096<br />
spanning-tree vlan 20 priority 4096<br />
spanning-tree vlan 30 priority 4096<br />
!<br />
!<br />
interface FastEthernet0/1<br />
!<br />
switchport mode trunk<br />
interface FastEthernet0/2<br />
!<br />
switchport mode trunk<br />
interface FastEthernet0/3<br />
!<br />
switchport mode trunk<br />
interface range FastEthernet0/4 - 8<br />
switchport access vlan 10<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
!The ‘maximum’ comm<strong>and</strong> does not show in configuration<br />
!<br />
switchport port-security maximum 1<br />
interface range FastEthernet0/9 - 16<br />
switchport access vlan 20
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
!The ‘maximum’ comm<strong>and</strong> does not show in configuration<br />
!<br />
switchport port-security maximum 1<br />
interface range FastEthernet0/17 - 24<br />
switchport access vlan 30<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
!The ‘maximum’ comm<strong>and</strong> does not show in configuration<br />
!<br />
switchport port-security maximum 1<br />
interface Vlan1<br />
!<br />
ip address 172.16.39.2 255.255.255.248<br />
no shutdown<br />
ip default-gateway 172.16.39.1<br />
!<br />
banner motd $<br />
***********************************<br />
!!!AUTHORIZE ACCESS ONLY!!!<br />
***********************************<br />
$<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 5 15<br />
!<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
end<br />
SWA#show vlan brief<br />
Chapter 9: VLAN Trunking Protocol 461
462 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Gi0/1, Gi0/2<br />
10 Accounting active Fa0/4, Fa0/5, Fa0/6, Fa0/7<br />
Fa0/8<br />
20 Marketing active Fa0/9, Fa0/10, Fa0/11, Fa0/12<br />
Fa0/13, Fa0/14, Fa0/15, Fa0/16<br />
30 Purchasing active Fa0/17, Fa0/18, Fa0/19, Fa0/20<br />
1002 fddi-default active<br />
1003 token-ring-default active<br />
1004 fddinet-default active<br />
1005 trnet-default active<br />
SWA#show spanning-tree summary<br />
Switch is in pvst mode<br />
Root bridge for: VLAN0001, VLAN0010, VLAN0020, VLAN0030<br />
EtherChannel misconfiguration guard is enabled<br />
Extended system ID is enabled<br />
Portfast is disabled by default<br />
PortFast BPDU Guard is disabled by default<br />
Portfast BPDU Filter is disabled by default<br />
Loopguard is disabled by default<br />
UplinkFast is disabled<br />
BackboneFast is disabled<br />
Pathcost method used is short<br />
Fa0/21, Fa0/22, Fa0/23, Fa0/24<br />
Name Blocking Listening Learning Forwarding STP Active<br />
——————————— ———— ————- ———— ————— —————<br />
VLAN0001 0 0 0 3 3<br />
VLAN0010 0 0 0 3 3<br />
VLAN0020 0 0 0 3 3<br />
VLAN0030 0 0 0 3 3<br />
——————————— ———— ————- ———— ————— —————<br />
4 vlans 0 0 0 12 12<br />
SWA#show vtp status<br />
VTP Version : 2<br />
Configuration Revision : 4<br />
Maximum VLANs supported locally : 250<br />
Number of existing VLANs : 8<br />
VTP Operating Mode : Server<br />
VTP Domain Name : <strong>CCNA</strong>3<br />
VTP Pruning Mode : Disabled<br />
VTP V2 Mode : Disabled<br />
VTP Traps Generation : Disabled
MD5 digest : 0xDB 0xC6 0x01 0xD9 0x27 0x8E 0x51 0xF3<br />
Configuration last modified by 172.16.39.2 at 3-1-93 00:07:50<br />
Local updater ID is 172.16.39.2 on interface Vl1 (lowest numbered VLAN interface found)<br />
!The output below was captured from a NetLab switch<br />
!No workstations show. Your output should show ‘CurrentAddr’ for workstations<br />
SWA#show port-security<br />
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action<br />
(Count) (Count) (Count)<br />
———————————————————————————————————————-<br />
Fa0/4 1 0 0 Shutdown<br />
Fa0/5 1 0 0 Shutdown<br />
Fa0/6 1 0 0 Shutdown<br />
Fa0/7 1 0 0 Shutdown<br />
Fa0/8 1 0 0 Shutdown<br />
Fa0/9 1 0 0 Shutdown<br />
Fa0/10 1 0 0 Shutdown<br />
Fa0/11 1 0 0 Shutdown<br />
Fa0/12 1 0 0 Shutdown<br />
Fa0/13 1 0 0 Shutdown<br />
Fa0/14 1 0 0 Shutdown<br />
Fa0/15 1 0 0 Shutdown<br />
Fa0/16 1 0 0 Shutdown<br />
Fa0/17 1 0 0 Shutdown<br />
Fa0/18 1 0 0 Shutdown<br />
Fa0/19 1 0 0 Shutdown<br />
Fa0/20 1 0 0 Shutdown<br />
Fa0/21 1 0 0 Shutdown<br />
Fa0/22 1 0 0 Shutdown<br />
Fa0/23 1 0 0 Shutdown<br />
Fa0/24 1 0 0 Shutdown<br />
———————————————————————————————————————-<br />
Total Addresses in System : 0<br />
Max Addresses limit in System : 1024<br />
!The output below was captured from a NetLab switch<br />
!No workstations show. Your output should show workstation MACs<br />
SWA#show mac-address-table<br />
Mac Address Table<br />
—————————————————————-<br />
Vlan Mac Address Type Ports<br />
—— —————- ———— ——-<br />
All 000e.385d.e380 STATIC CPU<br />
Chapter 9: VLAN Trunking Protocol 463
464 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
SWB ena<br />
All 0100.0ccc.cccc STATIC CPU<br />
All 0100.0ccc.cccd STATIC CPU<br />
All 0100.0cdd.dddd STATIC CPU<br />
1 000d.6562.e380 DYNAMIC Fa0/2<br />
1 000d.6562.e382 DYNAMIC Fa0/2<br />
1 000d.6562.e383 DYNAMIC Fa0/3<br />
1 000e.382f.4d81 DYNAMIC Fa0/1<br />
Total Mac Addresses for this criterion: 8<br />
config t<br />
!———————————————————<br />
!VTP configuration does not show<br />
!———————————————————<br />
vtp mode client<br />
vtp domain <strong>CCNA</strong>3<br />
vtp password cisco<br />
!———————————————————<br />
!<br />
hostname SWB<br />
!<br />
enable secret class<br />
!<br />
no ip domain-lookup<br />
ip host SWA 172.16.39.2<br />
ip host DIST 172.16.39.1<br />
!<br />
interface FastEthernet0/1<br />
!<br />
shutdown<br />
interface FastEthernet0/2<br />
!<br />
switchport mode trunk<br />
interface FastEthernet0/3<br />
!<br />
switchport mode trunk<br />
interface range FastEthernet0/4 - 8<br />
switchport access vlan 10<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
!The ‘maximum’ comm<strong>and</strong> does not show in configuration<br />
!<br />
switchport port-security maximum 1<br />
interface range FastEthernet0/9 - 16
switchport access vlan 20<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
!The ‘maximum’ comm<strong>and</strong> does not show in configuration<br />
!<br />
switchport port-security maximum 1<br />
interface range FastEthernet0/17 - 24<br />
switchport access vlan 30<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
!The ‘maximum’ comm<strong>and</strong> does not show in configuration<br />
!<br />
switchport port-security maximum 1<br />
interface Vlan1<br />
!<br />
ip address 172.16.39.3 255.255.255.248<br />
no shutdown<br />
ip default-gateway 172.16.39.1<br />
!<br />
banner motd $<br />
***********************************<br />
!!!AUTHORIZE ACCESS ONLY!!!<br />
***********************************<br />
$<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 5 15<br />
!<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
end<br />
Chapter 9: VLAN Trunking Protocol 465
466 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
SWB#show vlan brief<br />
VLAN Name Status Ports<br />
—— ———————————————— ————- ———————————————-<br />
1 default active Fa0/1<br />
10 Accounting active Fa0/4, Fa0/5, Fa0/6, Fa0/7<br />
Fa0/8<br />
20 Marketing active Fa0/9, Fa0/10, Fa0/11, Fa0/12<br />
Fa0/13, Fa0/14, Fa0/15, Fa0/16<br />
30 Purchasing active Fa0/17, Fa0/18, Fa0/19, Fa0/20<br />
1002 fddi-default active<br />
1003 token-ring-default active<br />
1004 fddinet-default active<br />
1005 trnet-default active<br />
SWB#show spanning-tree summary<br />
Switch is in pvst mode<br />
Root bridge for: none<br />
EtherChannel misconfiguration guard is enabled<br />
Extended system ID is enabled<br />
Portfast is disabled by default<br />
PortFast BPDU Guard is disabled by default<br />
Portfast BPDU Filter is disabled by default<br />
Loopguard is disabled by default<br />
UplinkFast is disabled<br />
BackboneFast is disabled<br />
Pathcost method used is short<br />
Fa0/21, Fa0/22, Fa0/23, Fa0/24<br />
Name Blocking Listening Learning Forwarding STP Active<br />
——————————— ———— ————- ———— ————— —————<br />
VLAN0001 1 0 0 1 2<br />
VLAN0010 1 0 0 1 2<br />
VLAN0020 1 0 0 1 2<br />
VLAN0030 1 0 0 1 2<br />
——————————— ———— ————- ———— ————— —————<br />
4 vlans 4 0 0 4 8<br />
SWB#show vtp status<br />
VTP Version : 2<br />
Configuration Revision : 4<br />
Maximum VLANs supported locally : 64<br />
Number of existing VLANs : 8<br />
VTP Operating Mode : Client<br />
VTP Domain Name : <strong>CCNA</strong>3<br />
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled<br />
VTP Traps Generation : Disabled<br />
MD5 digest : 0xDB 0xC6 0x01 0xD9 0x27 0x8E 0x51 0xF3<br />
Configuration last modified by 172.16.39.2 at 3-1-93 00:07:50<br />
!The output below was captured from a NetLab switch<br />
!No workstations show. Your output should show ‘CurrentAddr’ for workstations<br />
SWB#show port-security<br />
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action<br />
(Count) (Count) (Count)<br />
———————————————————————————————————————-<br />
Fa0/4 1 0 0 Shutdown<br />
Fa0/5 1 0 0 Shutdown<br />
Fa0/6 1 0 0 Shutdown<br />
Fa0/7 1 0 0 Shutdown<br />
Fa0/8 1 0 0 Shutdown<br />
Fa0/9 1 0 0 Shutdown<br />
Fa0/10 1 0 0 Shutdown<br />
Fa0/11 1 0 0 Shutdown<br />
Fa0/12 1 0 0 Shutdown<br />
Fa0/13 1 0 0 Shutdown<br />
Fa0/14 1 0 0 Shutdown<br />
Fa0/15 1 0 0 Shutdown<br />
Fa0/16 1 0 0 Shutdown<br />
Fa0/17 1 0 0 Shutdown<br />
Fa0/18 1 0 0 Shutdown<br />
Fa0/19 1 0 0 Shutdown<br />
Fa0/20 1 0 0 Shutdown<br />
Fa0/21 1 0 0 Shutdown<br />
Fa0/22 1 0 0 Shutdown<br />
Fa0/23 1 0 0 Shutdown<br />
Fa0/24 1 0 0 Shutdown<br />
———————————————————————————————————————-<br />
Total Addresses in System : 0<br />
Max Addresses limit in System : 1024<br />
!The output below was captured from a NetLab switch<br />
!No workstations show. Your output should show workstation MACs<br />
SWB#show mac-address-table<br />
Mac Address Table<br />
—————————————————————-<br />
Vlan Mac Address Type Ports<br />
—— —————- ———— ——-<br />
Chapter 9: VLAN Trunking Protocol 467
468 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
All 000d.6562.e380 STATIC CPU<br />
All 0100.0ccc.cccc STATIC CPU<br />
All 0100.0ccc.cccd STATIC CPU<br />
All 0100.0cdd.dddd STATIC CPU<br />
1 000e.382f.4d81 DYNAMIC Fa0/2<br />
1 000e.385d.e382 DYNAMIC Fa0/2<br />
10 000e.385d.e382 DYNAMIC Fa0/2<br />
20 000e.385d.e382 DYNAMIC Fa0/2<br />
30 000e.385d.e382 DYNAMIC Fa0/2<br />
Total Mac Addresses for this criterion: 9
APPENDIX A<br />
Router Interface Summary Chart<br />
For most of the <strong>CCNA</strong> 3 labs, you need to examine the following chart to correctly reference the router<br />
interface identifiers to use in comm<strong>and</strong>s based on the equipment in your lab.<br />
Router Ethernet Ethernet Serial Serial<br />
Model Interface 1 Interface 2 Interface 1 Interface 2<br />
800 (806) Ethernet 0 (E0) Ethernet 1 (E1)<br />
1600 Ethernet 0 (E0) Ethernet 1 (E1) Serial 0 (S0) Serial 1 (S1)<br />
1700 FastEthernet 0 (FA0) FastEthernet 1 (FA1) Serial 0 (S0) Serial 1 (S1)<br />
2500 Ethernet 0 (E0) Ethernet 1 (E1) Serial 0 (S0) Serial 1 (S1)<br />
2600 FastEthernet 0/0 (FA0/0) FastEthernet 0/1 (FA0/1) Serial 0/0 (S0/0) Serial 0/1 (S0/1)<br />
To find out exactly how the router is configured, look at the interfaces to identify what type <strong>and</strong> how many<br />
the router has. There is no way to effectively list all of the combinations of configurations for each router<br />
class. The chart provides the identifiers for the possible combinations of interfaces in the device. This<br />
interface chart does not include any other type of interface even though a specific router might contain<br />
one. An example of this is an ISDN BRI interface. The string in parentheses is the legal abbreviation that<br />
you can use in Cisco IOS Software comm<strong>and</strong>s to represent the interface.
This page intentionally left blank
APPENDIX B<br />
Erasing <strong>and</strong> Reloading the Switch<br />
For the majority of the labs in <strong>CCNA</strong> 3 focusing on switch configuration, it is necessary to start with a<br />
basic unconfigured switch; otherwise, the configuration parameters you enter might combine with previous<br />
ones <strong>and</strong> produce unpredictable results. The instructions here enable you to prepare the switch prior to performing<br />
the lab so that previous configuration options do not interfere with your configurations.<br />
The following is the procedure for clearing out previous configurations <strong>and</strong> starting with an unconfigured<br />
switch. Instructions are provided for the 2900, 2950, <strong>and</strong> 1900 series switches.<br />
2900 <strong>and</strong> 2950 Series Switches<br />
Step 1. Disconnect the switch to be erased from all other switches. Verify that there is no uplink or<br />
backbone cabling to any other switch, otherwise VLAN configuration information can be transferred<br />
automatically.<br />
Step 2. Enter into privileged EXEC mode by typing enable. If prompted for a password, enter class (if<br />
that does not work, ask the instructor).<br />
Switch> enable<br />
Step 3. Remove the VLAN database information file:<br />
Switch# delete flash:vlan.dat<br />
Delete filename [vlan.dat]?[Enter]<br />
Delete flash:vlan.dat? [confirm][Enter]<br />
If there was no VLAN file, the following message appears:<br />
%Error deleting flash:vlan.dat (No such file or directory)<br />
Step 4. Remove the switch startup configuration file from NVRAM:<br />
Switch#erase startup-config<br />
The responding line prompt will be<br />
Erasing the nvram filesystem will remove all files! Continue? [confirm]<br />
Press Enter to confirm.<br />
The response should be<br />
Erase of nvram: complete<br />
Step 5. Check that VLAN information was deleted.<br />
Verify that the VLAN configuration was deleted in Step 3 using the show vlan comm<strong>and</strong>. If<br />
previous VLAN configuration information (other than the default management VLAN 1) is still<br />
present, it will be necessary to power cycle the switch (hardware restart) instead of issuing the<br />
reload comm<strong>and</strong>. To power cycle the switch, remove the power cord from the back of the<br />
switch or unplug it. Then plug it back in.<br />
If the VLAN information was successfully deleted in Step 3, go to Step 6 <strong>and</strong> restart the switch<br />
using the reload comm<strong>and</strong>.
472 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Step 6. Restart the software (using the reload comm<strong>and</strong>):<br />
Note: This step is not necessary if the switch was restarted using the power cycle method.<br />
1. In privileged EXEC mode, enter the comm<strong>and</strong> reload:<br />
Switch(config)# reload<br />
The responding line prompt will be<br />
System configuration has been modified. Save? [yes/no]:<br />
2. Type n <strong>and</strong> then press Enter.<br />
The responding line prompt will be<br />
Proceed with reload? [confirm][Enter]<br />
The first line of the response will be<br />
Reload requested by console.<br />
After the switch has reloaded, the line prompt will be<br />
Would you like to enter the initial configuration dialog? [yes/no]:<br />
3. Type n <strong>and</strong> then press Enter.<br />
The responding line prompt will be<br />
Press RETURN to get started![Enter]<br />
1900 Series Switches<br />
Step 1. Remove VLAN Trunking Protocol (VTP) information:<br />
#delete vtp<br />
This comm<strong>and</strong> resets the switch with VTP parameters set to factory defaults.<br />
All other parameters will be unchanged.<br />
Reset system with VTP parameters set to factory defaults, [Y]es or [N]o?<br />
Enter y <strong>and</strong> press Enter.<br />
Step 2. Remove the switch startup configuration from NVRAM:<br />
#delete nvram<br />
This comm<strong>and</strong> resets the switch with factory defaults. All system<br />
parameters will revert to their default factory settings. All static<br />
<strong>and</strong> dynamic addresses will be removed.<br />
Reset system with factory defaults, [Y]es or [N]o?<br />
Enter y <strong>and</strong> press Enter.
APPENDIX C<br />
Erasing <strong>and</strong> Reloading the Router<br />
For some of the <strong>CCNA</strong> 3 labs, it is necessary to start with a basic unconfigured router; otherwise, the configuration<br />
parameters you enter might combine with previous ones <strong>and</strong> produce unpredictable results. The<br />
instructions here allow you to prepare the router prior to performing the lab so that previous configuration<br />
options do not interfere with your configurations.<br />
The following is the procedure for clearing out previous configurations <strong>and</strong> starting with an unconfigured<br />
router.<br />
Step 1. Enter into privileged EXEC mode by typing enable.<br />
Router>enable<br />
If prompted for a password, enter class. (If that does not work, ask your instructor.)<br />
Step 2. In privileged EXEC mode, enter the comm<strong>and</strong> erase startup-config.<br />
Router#erase startup-config<br />
The response from the router will be<br />
Erasing the nvram filesystem will remove all files! Continue? [confirm]<br />
Step 3. Press Enter to confirm.<br />
The response will be<br />
Erase of nvram: complete<br />
Step 4. Now in privileged EXEC mode, enter the comm<strong>and</strong> reload.<br />
Router#reload<br />
response:<br />
System configuration has been modified. Save? [yes/no]:<br />
Step 5. Type n <strong>and</strong> then press Enter.<br />
The router will respond with the following:<br />
Proceed with reload? [confirm]<br />
Step 6. Press Enter to confirm.<br />
The first line of the response will be<br />
Reload requested by console.<br />
After the router reloads, the prompt will be<br />
Would you like to enter the initial configuration dialog? [yes/no]:<br />
Step 7. Type n <strong>and</strong> then press Enter.<br />
The responding prompt will be<br />
Press RETURN to get started!<br />
Step 8. Press Enter.<br />
Now, the router is ready for you to perform the assigned lab.
This page intentionally left blank
APPENDIX D<br />
<strong>CCNA</strong> 3 Skills-Based Assessment Practice<br />
Ultimately, your success on the <strong>CCNA</strong> exams, <strong>and</strong> in your networking career, will depend heavily upon<br />
your ability to plan, design, implement, operate, <strong>and</strong> troubleshoot internetworks. In Switching Basics <strong>and</strong><br />
Intermediate Routing <strong>CCNA</strong> 3, you have learned many new skills. Now it is time to apply what you have<br />
learned to comprehensive skills-based assessments. Because your <strong>CCNA</strong> 3 coursework is divided into<br />
routing <strong>and</strong> switching, this appendix includes a skills-based assessment for routing <strong>and</strong> a skills-based<br />
assessment for switching. Then, you will combine skills from both routing <strong>and</strong> switching in the <strong>CCNA</strong> 3<br />
comprehensive skills-based assessment.<br />
<strong>CCNA</strong> 3 Skills-Based Assessment: Routing<br />
Figure D-1 <strong>CCNA</strong> 3 Skills-Based Assessment: Routing<br />
Objectives<br />
■ Configure OSPF with authentication<br />
■ Configure EIGRP<br />
■ Configure a default route <strong>and</strong> propagate it using OSPF<br />
■ Verify network connectivity <strong>and</strong> gather documentation<br />
Equipment<br />
The topology shown in Figure D-1 is using 2600 series routers. However, you can use any router series<br />
that supports OSPF, including the 1700 <strong>and</strong> 2500 series.<br />
NetLab Compatibility Notes<br />
OSPF<br />
Area 0<br />
172.16.1.2/30<br />
S0/0<br />
DCE<br />
Router2<br />
S0/0<br />
DTE<br />
10.10.1.1/30<br />
S0/1<br />
DCE<br />
S0/1<br />
DTE<br />
Router1 Router3<br />
Fa0/0<br />
172.16.1.1/30<br />
172.16.2.33/27<br />
Fa0/0<br />
172.30.1.1/24<br />
This lab is fully compatible with a st<strong>and</strong>ard NetLab Basic Router Pod.<br />
10.10.1.2/30<br />
Fa0/0<br />
172.30.2.1/24
476 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Preconfigurations<br />
Use the following scripts to preconfigure the routers:<br />
Router1<br />
hostname Router1<br />
interface FastEthernet0/0<br />
ip address 172.16.2.33 255.255.255.224<br />
no shutdown<br />
interface Serial0/0<br />
ip address 172.16.1.2 255.255.255.252<br />
clockrate 56000<br />
no shutdown<br />
Router2<br />
hostname Router2<br />
interface FastEthernet0/0<br />
ip address 172.30.1.1 255.255.255.0<br />
no shutdown<br />
interface Serial0/0<br />
ip address 172.16.1.1 255.255.255.252<br />
no shutdown<br />
interface serial0/1<br />
ip address 10.10.1.1 255.255.255.252<br />
clockrate 56000<br />
no shutdown<br />
Router3<br />
hostname Router3<br />
interface FastEthernet0/0<br />
ip address 172.30.2.1 255.255.255.0<br />
no shutdown<br />
interface serial0/1<br />
ip address 10.10.1.2 255.255.255.252<br />
no shutdown<br />
Task 1: Configure OSPF with Authentication<br />
Step 1. Use a loopback interface to configure Router1 with an OSPF router ID of 192.168.1.1.<br />
Step 2. Use a loopback interface to configure Router2 with an OSPF router ID of 192.168.2.1.<br />
Step 3. Configure OSPF routing between Router1 <strong>and</strong> Router2 with a process ID of 50.<br />
Step 4. Configure OSPF so that only the following 172.16.0.0 subnets will be routed:<br />
■ 172.16.2.32/27<br />
■ 172.16.1.0/30<br />
Step 5. Configure the OSPF hello interval to 5 seconds <strong>and</strong> the OSPF dead interval to 20 seconds.<br />
Step 6. Configure the OSPF communication between the routers to use authentication with MD5<br />
encryption.
Task 2: Configure EIGRP<br />
Step 1. Configure EIGRP between Router2 <strong>and</strong> Router3 with an AS of 100.<br />
Step 2. Configure EIGRP should only to route only for the following networks:<br />
■ 10.10.1.0/30<br />
■ 172.30.1.0/24<br />
■ 172.30.2.0/24<br />
Task 3: Configure Default Routing <strong>and</strong> Propagate It Using OSPF<br />
Step 1. On Router2, configure a default static route to Router3.<br />
Step 2. Propagate that default route to all routers in the OSPF routing domain.<br />
Task 4: Verify Connectivity <strong>and</strong> Gather Documentation<br />
Step 1. From Router2, verify connectivity by pinging all interfaces on all routers.<br />
Step 2. From Router1, ping all OSPF-enabled interfaces.<br />
Step 3. From Router3, ping all EIGRP-enabled interfaces.<br />
Note: Router1 <strong>and</strong> Router3 will not be able to ping all interfaces, because there is no redistribution between OSPF<br />
<strong>and</strong> EIGRP in this scenario.<br />
Step 4. For each of the routers, capture the following output:<br />
■ show run<br />
■ show ip route<br />
■ ping output showing successful pings according to Steps 1 to 3<br />
Router1<br />
Router1#show run<br />
Building configuration...<br />
hostname Router1<br />
!<br />
enable secret class<br />
!<br />
no ip domain lookup<br />
ip host R2 172.16.1.1<br />
!<br />
interface Loopback0<br />
ip address 192.168.1.1 255.255.255.0<br />
!<br />
interface FastEthernet0/0<br />
ip address 172.16.2.33 255.255.255.224<br />
no shutdown<br />
!<br />
Appendix D: <strong>CCNA</strong> 3 Skills-Based Assessment Practice 477
478 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
interface Serial0/0<br />
description Link to R2<br />
ip address 172.16.1.2 255.255.255.252<br />
ip ospf message-digest-key 1 md5 allrouters<br />
ip ospf hello-interval 5<br />
ip ospf dead-interval 20<br />
clock rate 56000<br />
no shutdown<br />
!<br />
router ospf 50<br />
log-adjacency-changes<br />
area 0 authentication message-digest<br />
network 172.16.1.0 0.0.0.3 area 0<br />
network 172.16.2.32 0.0.0.31 area 0<br />
!<br />
banner motd $<br />
***********************************<br />
!!!AUTHORIZE ACCESS ONLY!!!<br />
***********************************<br />
$<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line aux 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
end<br />
Router1#show ip route<br />
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2<br />
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2<br />
ia - IS-IS inter area, * - c<strong>and</strong>idate default, U - per-user static route
o - ODR, P - periodic downloaded static route<br />
Gateway of last resort is 172.16.1.1 to network 0.0.0.0<br />
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks<br />
C 172.16.2.32/27 is directly connected, FastEthernet0/0<br />
C 172.16.1.0/30 is directly connected, Serial0/0<br />
C 192.168.1.0/24 is directly connected, Loopback0<br />
O*E2 0.0.0.0/0 [110/1] via 172.16.1.1, 00:06:43, Serial0/0<br />
Router1#ping 172.16.1.1<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:<br />
!!!!!<br />
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/36 ms<br />
Router1#ping 172.30.1.1<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 172.30.1.1, timeout is 2 seconds:<br />
!!!!!<br />
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/33/36 ms<br />
Router1#show version<br />
Cisco Internetwork Operating System Software<br />
IOS (tm) C2600 Software (C2600-J1S3-M), Version 12.3(17a), RELEASE SOFTWARE (fc2)<br />
Technical Support: http://www.cisco.com/techsupport<br />
Copyright (c) 1986-2005 by cisco Systems, Inc.<br />
Compiled Mon 12-Dec-05 14:12 by evmiller<br />
Image text-base: 0x80008098, data-base: 0x81A33618<br />
ROM: System Bootstrap, Version 12.2(7r) [cmong 7r], RELEASE SOFTWARE (fc1)<br />
ROM: C2600 Software (C2600-J1S3-M), Version 12.3(17a), RELEASE SOFTWARE (fc2)<br />
Router1 uptime is 44 minutes<br />
System returned to ROM by power-on<br />
System image file is "flash:c2600-j1s3-mz.123-17a.bin"<br />
Appendix D: <strong>CCNA</strong> 3 Skills-Based Assessment Practice 479<br />
cisco 2611XM (MPC860P) processor (revision 0x100) with 89088K/9216K bytes of mem<br />
ory.<br />
Processor board ID JAE07460SS1 (4270759778)<br />
M860 processor: part number 5, mask 2<br />
Bridging software.<br />
X.25 software, Version 3.0.0.<br />
TN3270 Emulation software.<br />
2 FastEthernet/IEEE 802.3 interface(s)
480 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
2 Serial network interface(s)<br />
32K bytes of non-volatile configuration memory.<br />
32768K bytes of processor board System flash (Read/Write)<br />
Configuration register is 0x2102<br />
Router2<br />
Router2#show run<br />
Building configuration...<br />
hostname Router2<br />
!<br />
enable secret class<br />
!<br />
no ip domain lookup<br />
ip host R1 172.16.1.2<br />
ip host R3 10.10.1.2<br />
!<br />
interface Loopback0<br />
ip address 192.168.2.1 255.255.255.0<br />
!<br />
interface FastEthernet0/0<br />
ip address 172.30.1.1 255.255.255.0<br />
no shutdown<br />
!<br />
interface Serial0/0<br />
description Link to R1<br />
ip address 172.16.1.1 255.255.255.252<br />
ip ospf message-digest-key 1 md5 allrouters<br />
ip ospf hello-interval 5<br />
ip ospf dead-interval 20<br />
no shutdown<br />
!<br />
interface Serial0/1<br />
description Link to R3<br />
ip address 10.10.1.1 255.255.255.252<br />
clock rate 56000<br />
no clockrate<br />
!<br />
router eigrp 100<br />
network 10.0.0.0<br />
network 172.30.0.0<br />
no auto-summary<br />
!<br />
router ospf 50<br />
area 0 authentication message-digest
network 172.16.1.0 0.0.0.3 area 0<br />
default-information originate<br />
!<br />
ip route 0.0.0.0 0.0.0.0 Serial0/1<br />
!<br />
banner motd $<br />
***********************************<br />
!!!AUTHORIZE ACCESS ONLY!!!<br />
***********************************<br />
$<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line aux 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
end<br />
Router2#show ip route<br />
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2<br />
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2<br />
ia - IS-IS inter area, * - c<strong>and</strong>idate default, U - per-user static route<br />
o - ODR, P - periodic downloaded static route<br />
Gateway of last resort is 0.0.0.0 to network 0.0.0.0<br />
Appendix D: <strong>CCNA</strong> 3 Skills-Based Assessment Practice 481<br />
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks<br />
O 172.16.2.32/27 [110/65] via 172.16.1.2, 00:08:04, Serial0/0<br />
C 172.16.1.0/30 is directly connected, Serial0/0<br />
172.30.0.0/16 is variably subnetted, 2 subnets, 2 masks<br />
D 172.30.0.0/16 [90/2172416] via 10.10.1.2, 00:08:31, Serial0/1<br />
C 172.30.1.0/24 is directly connected, FastEthernet0/0<br />
10.0.0.0/30 is subnetted, 1 subnets
482 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
C 10.10.1.0 is directly connected, Serial0/1<br />
C 192.168.2.0/24 is directly connected, Loopback0<br />
S* 0.0.0.0/0 is directly connected, Serial0/1<br />
Router2#ping 172.16.2.33<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 172.16.2.33, timeout is 2 seconds:<br />
!!!!!<br />
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/44/60 ms<br />
Router2#ping 172.30.2.1<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 172.30.2.1, timeout is 2 seconds:<br />
!!!!!<br />
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/33/36 ms<br />
Router2#show version<br />
Cisco Internetwork Operating System Software<br />
IOS (tm) C2600 Software (C2600-J1S3-M), Version 12.3(17a), RELEASE SOFTWARE (fc2)<br />
Technical Support: http://www.cisco.com/techsupport<br />
Copyright (c) 1986-2005 by cisco Systems, Inc.<br />
Compiled Mon 12-Dec-05 14:12 by evmiller<br />
Image text-base: 0x80008098, data-base: 0x81A33618<br />
ROM: System Bootstrap, Version 12.2(7r) [cmong 7r], RELEASE SOFTWARE (fc1)<br />
ROM: C2600 Software (C2600-J1S3-M), Version 12.3(17a), RELEASE SOFTWARE (fc2)<br />
Router2 uptime is 43 minutes<br />
System returned to ROM by power-on<br />
System image file is "flash:c2600-j1s3-mz.123-17a.bin"<br />
cisco 2621XM (MPC860P) processor (revision 0x100) with 118784K/12288K bytes of m<br />
emory.<br />
Processor board ID JAE07420G4S (1562611187)<br />
M860 processor: part number 5, mask 2<br />
Bridging software.<br />
X.25 software, Version 3.0.0.<br />
TN3270 Emulation software.<br />
2 FastEthernet/IEEE 802.3 interface(s)<br />
2 Serial network interface(s)<br />
32K bytes of non-volatile configuration memory.<br />
49152K bytes of processor board System flash (Read/Write)<br />
Configuration register is 0x2102
Router3<br />
Router3#show run<br />
Building configuration...<br />
!<br />
hostname Router3<br />
!<br />
enable secret class<br />
!<br />
no ip domain lookup<br />
ip host R2 10.10.1.1<br />
!<br />
interface FastEthernet0/0<br />
ip address 172.30.2.1 255.255.255.0<br />
no shutdown<br />
!<br />
interface Serial0/1<br />
description Link to R2<br />
ip address 10.10.1.2 255.255.255.252<br />
no shutdown<br />
!<br />
router eigrp 100<br />
network 10.0.0.0<br />
network 172.30.0.0<br />
auto-summary<br />
!<br />
banner motd $<br />
***********************************<br />
!!!AUTHORIZE ACCESS ONLY!!!<br />
***********************************<br />
$<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line aux 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
Appendix D: <strong>CCNA</strong> 3 Skills-Based Assessment Practice 483
484 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
end<br />
Router3#show ip route<br />
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2<br />
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2<br />
ia - IS-IS inter area, * - c<strong>and</strong>idate default, U - per-user static route<br />
o - ODR, P - periodic downloaded static route<br />
Gateway of last resort is not set<br />
172.30.0.0/16 is variably subnetted, 3 subnets, 2 masks<br />
C 172.30.2.0/24 is directly connected, FastEthernet0/0<br />
D 172.30.0.0/16 is a summary, 00:12:12, Null0<br />
D 172.30.1.0/24 [90/2172416] via 10.10.1.1, 00:12:11, Serial0/1<br />
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks<br />
C 10.10.1.0/30 is directly connected, Serial0/1<br />
D 10.0.0.0/8 is a summary, 00:12:12, Null0<br />
Router3#ping 172.30.1.1<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 172.30.1.1, timeout is 2 seconds:<br />
!!!!!<br />
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/44/64 ms<br />
Router3#show version<br />
Cisco Internetwork Operating System Software<br />
IOS (tm) C2600 Software (C2600-J1S3-M), Version 12.3(17a), RELEASE SOFTWARE (fc2)<br />
Technical Support: http://www.cisco.com/techsupport<br />
Copyright (c) 1986-2005 by cisco Systems, Inc.<br />
Compiled Mon 12-Dec-05 14:12 by evmiller<br />
Image text-base: 0x80008098, data-base: 0x81A33618<br />
ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)<br />
ROM: C2600 Software (C2600-J1S3-M), Version 12.3(17a), RELEASE SOFTWARE (fc2)<br />
Router3 uptime is 44 minutes<br />
System returned to ROM by power-on
System image file is "flash:c2600-j1s3-mz.123-17a.bin"<br />
Appendix D: <strong>CCNA</strong> 3 Skills-Based Assessment Practice 485<br />
cisco 2621 (MPC860) processor (revision 0x102) with 56320K/9216K bytes of memory<br />
.<br />
Processor board ID JAD04300B3P (4106725847)<br />
M860 processor: part number 0, mask 49<br />
Bridging software.<br />
X.25 software, Version 3.0.0.<br />
TN3270 Emulation software.<br />
2 FastEthernet/IEEE 802.3 interface(s)<br />
2 Serial network interface(s)<br />
32K bytes of non-volatile configuration memory.<br />
16384K bytes of processor board System flash (Read/Write)
486 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Configuration register is 0x2102<br />
<strong>CCNA</strong> 3 Skills-Based Assessment: Switching<br />
Figure D-2 <strong>CCNA</strong> 3 Skills-Based Assessment: Switching<br />
Objectives<br />
■ Router VLAN configuration<br />
■ Basic switch configuration<br />
■ Configure trunk links <strong>and</strong> port security<br />
■ Configure STP, VTP, <strong>and</strong> VLANs<br />
■ Configure VLAN interfaces on switches<br />
■ Configure VLAN trunking <strong>and</strong> spanning tree<br />
■ Verify connectivity <strong>and</strong> gather documentation<br />
Equipment<br />
VLAN 1<br />
172.16.1.0/24<br />
R1<br />
Fa0/1<br />
Trunk<br />
802.1Q<br />
Fa0/1<br />
The topology shown in Figure D-2 has been designed for the 2950 series switch. Other hardware may have<br />
different interface types <strong>and</strong> numbers. 1900 series switches do not support 802.1Q encapsulation <strong>and</strong> thus<br />
require ISL encapsulation.<br />
NetLab Compatibility Notes<br />
This lab is fully compatible with a st<strong>and</strong>ard NetLab Basic Switch Pod.<br />
Task 1: Router VLAN Configuration<br />
Step 1. Configure the router hostname <strong>and</strong> any other basic configurations required by your instructor.<br />
Step 2. Configure the Ethernet interface to trunk for each VLAN on S1—VLAN 1, VLAN 10, <strong>and</strong><br />
VLAN 20 using 802.1Q encapsulation:<br />
Note: 1900 series switches do not support 802.1Q encapsulation. Use ISL encapsulation for 1900 series switches.<br />
■ VLAN 1 = 172.16.1.0/24<br />
Fa0/2 Trunk<br />
Fa0/2<br />
S1 Fa0/3 802.1Q Fa0/3 S2<br />
VLAN 10<br />
Accounting<br />
172.16.10.0/24<br />
VLAN 20<br />
Marketing<br />
172.16.20.0/24<br />
VLAN 1<br />
172.16.1.0/24<br />
VLAN 10<br />
Accounting<br />
172.16.10.0/24<br />
VLAN 20<br />
Marketing<br />
172.16.20.0/24
■ VLAN 10 = 172.16.10.0/24<br />
■ VLAN 20 = 172.16.20.0/24<br />
Task 2: Basic Switch Configuration<br />
Step 1. Configure the hostname on switch S1 to S1.<br />
Step 2. Configure S1 with a VLAN 1 IP address of 172.16.1.3/24.<br />
Step 3. Configure the hostname on S2 to S2.<br />
Step 4. Configure S2 with a VLAN 1 IP address of 172.16.1.4/24.<br />
Step 5. Configure both switches with a default gateway address of 172.16.1.1.<br />
Task 3: Configure Trunk Links <strong>and</strong> Port Security<br />
Step 1. On S1, configure interfaces Fa0/1<strong>–</strong>3 in trunking mode.<br />
Step 2. On S2, configure interface Fa0/2<strong>–</strong>3 in trunking mode. Shut down interface Fa0/1, because it<br />
will not be used.<br />
Note: If you are using a 2900 series switch, you have to specify the encapsulation type used on the<br />
switch’s trunk links.<br />
Step 3. On both switches, configure the following on interfaces Fa0/4<strong>–</strong>24 (or 12 if using a 12-port<br />
switch):<br />
■ Set the ports to access mode.<br />
■ Enable port security.<br />
■ Enable the first MAC address to stick to the configuration.<br />
■ Enable port shutdown if there is a security violation.<br />
Task 4: Configure STP, VTP, <strong>and</strong> VLANs<br />
Step 1. Configure S1 to be the root bridge for VLAN 1 <strong>and</strong> VLAN 10.<br />
Step 2. Configure S2 to be the root bridge for VLAN 20.<br />
Step 3. Configure both S1 <strong>and</strong> S2 as part of VTP domain Group1.<br />
Step 4. Configure S1 as the VTP server <strong>and</strong> S2 as the VTP client.<br />
Step 5. Configure cisco as the VTP password.<br />
Step 6. Create VLAN 10 with the name Accounting.<br />
Step 7. Create VLAN 20 with the name Marketing.<br />
Task 5: Configure VLAN Interfaces on Switches<br />
Step 1. Configure the following on switch S1:<br />
■ Assign interfaces Fa0/4<strong>–</strong>6 to VLAN 10.<br />
■ Assign interfaces Fa0/7<strong>–</strong>9 to VLAN 20.<br />
■ Verify that all other interfaces are in VLAN 1.<br />
Step 2. Configure the following on switch S2:<br />
■ Assign interfaces Fa0/4<strong>–</strong>6 to VLAN 10.<br />
Appendix D: <strong>CCNA</strong> 3 Skills-Based Assessment Practice 487
488 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
■ Assign interfaces Fa0/7<strong>–</strong>9 to VLAN 20.<br />
■ Verify that all other interfaces are in VLAN 1.<br />
Task 6: Configure VLAN Trunking <strong>and</strong> Spanning Tree<br />
Step 1. Configure trunking between S1 <strong>and</strong> S2 with 802.1Q encapsulation using ports Fa0/2 <strong>and</strong> Fa0/3<br />
on both switches.<br />
Note: Use ISL encapsulation for 1900 series switches.<br />
Step 2. Configure S1 for trunking between S1 <strong>and</strong> R1 with 802.1Q encapsulation using port Fa0/1.<br />
Step 3. Configure S1 to be the root bridge for VLAN 1<br />
Task 7: Verify Connectivity <strong>and</strong> Gather Documentation<br />
Step 1. It is not possible to verify inter-VLAN routing, because there are no hosts attached. However,<br />
the router <strong>and</strong> the two switches should be able to ping each other on their VLAN 1 interfaces.<br />
Step 2. For the router, capture the following output:<br />
■ show run<br />
■ show ip interface brief<br />
Step 3. For the switches, capture the following output:<br />
R1<br />
■ show run<br />
■ show vlan brief<br />
■ show vtp status<br />
■ show spanning-tree summary<br />
R1#show run<br />
Building configuration...<br />
hostname R1<br />
!<br />
enable secret class<br />
!<br />
no ip domain lookup<br />
ip host S2 172.16.1.4<br />
ip host S1 172.16.1.3<br />
!<br />
interface FastEthernet0/1<br />
no shutdown<br />
!<br />
interface FastEthernet0/1.1<br />
description Managment VLAN 1<br />
encapsulation dot1Q 1 native<br />
ip address 172.16.1.1 255.255.255.0<br />
!<br />
interface FastEthernet0/1.10
description Accounting VLAN 10<br />
encapsulation dot1Q 10<br />
ip address 172.16.10.1 255.255.255.0<br />
!<br />
interface FastEthernet0/1.20<br />
description Marketing VLAN 20<br />
encapsulation dot1Q 20<br />
ip address 172.16.20.1 255.255.255.0<br />
!<br />
banner motd $<br />
***********************************<br />
!!!AUTHORIZE ACCESS ONLY!!!<br />
***********************************<br />
$<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line aux 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
end<br />
Appendix D: <strong>CCNA</strong> 3 Skills-Based Assessment Practice 489<br />
R1#show ip interface brief<br />
Interface IP-Address OK? Method Status Prot<br />
ocol<br />
FastEthernet0/0 unassigned YES unset administratively down down<br />
Serial0/0 unassigned YES unset administratively down down<br />
FastEthernet0/1 unassigned YES unset up up<br />
FastEthernet0/1.1 172.16.1.1 YES manual up up<br />
FastEthernet0/1.10 172.16.10.1 YES manual up up<br />
FastEthernet0/1.20 172.16.20.1 YES manual up up
490 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
R1#show version<br />
Cisco Internetwork Operating System Software<br />
IOS (tm) C2600 Software (C2600-IPBASE-M), Version 12.3(1a), RELEASE SOFTWARE (fc1)<br />
Copyright (c) 1986-2003 by cisco Systems, Inc.<br />
Compiled Fri 06-Jun-03 22:08 by dchih<br />
Image text-base: 0x80008098, data-base: 0x80F9CF68<br />
ROM: System Bootstrap, Version 12.2(7r) [cmong 7r], RELEASE SOFTWARE (fc1)<br />
R1 uptime is 1 hour, 47 minutes<br />
System returned to ROM by power-on<br />
System image file is "flash:c2600-ipbase-mz.123-1a.bin"<br />
cisco 2621XM (MPC860P) processor (revision 0x100) with 125952K/5120K bytes of me<br />
mory.<br />
Processor board ID JAE07420G7D (326445113)<br />
M860 processor: part number 5, mask 2<br />
Bridging software.<br />
X.25 software, Version 3.0.0.<br />
2 FastEthernet/IEEE 802.3 interface(s)<br />
1 Serial network interface(s)<br />
32K bytes of non-volatile configuration memory.<br />
49152K bytes of processor board System flash (Read/Write)<br />
Configuration register is 0x2142 (will be 0x2102 at next reload)<br />
S1<br />
S1#show run<br />
Building configuration...<br />
hostname S1<br />
!<br />
enable secret class<br />
!<br />
no ip domain-lookup<br />
ip host R1 172.16.1.1<br />
ip host S2 172.16.1.4<br />
!<br />
!<br />
spanning-tree vlan 1 priority 24576<br />
spanning-tree vlan 10 priority 24576<br />
!<br />
!------------------------------------------<br />
!VTP <strong>and</strong> VLAN Configurations<br />
!----------------------------------------vtp<br />
mode server
vtp domain Group1<br />
vtp password cisco<br />
vlan 10<br />
name Accounting<br />
vlan 20<br />
name Marketing<br />
!------------------------------------------<br />
!<br />
interface FastEthernet0/1<br />
switchport mode trunk<br />
!<br />
interface FastEthernet0/2<br />
switchport mode trunk<br />
!<br />
interface FastEthernet0/3<br />
switchport mode trunk<br />
!<br />
interface range FastEthernet0/4 - 6<br />
switchport access vlan 10<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
switchport port-security maximum 1<br />
switchport port-security violation shutdown<br />
!<br />
interface range FastEthernet0/7 - 9<br />
switchport access vlan 20<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
switchport port-security maximum 1<br />
switchport port-security violation shutdown<br />
!<br />
interface range FastEthernet0/10 - 24<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
switchport port-security maximum 1<br />
switchport port-security violation shutdown<br />
!<br />
interface Vlan1<br />
ip address 172.16.1.3 255.255.255.0<br />
no shutdown<br />
!<br />
ip default-gateway 172.16.1.1=<br />
!<br />
Appendix D: <strong>CCNA</strong> 3 Skills-Based Assessment Practice 491
492 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
banner motd $<br />
***********************************<br />
!!!AUTHORIZE ACCESS ONLY!!!<br />
***********************************<br />
$<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 5 15<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
!<br />
end<br />
S1#show vlan brief<br />
VLAN Name Status Ports<br />
---- -------------------------------- --------- -------------------------------<br />
1 default active Fa0/10, Fa0/11, Fa0/12, Fa0/13<br />
Fa0/14, Fa0/15, Fa0/16, Fa0/17<br />
Fa0/18, Fa0/19, Fa0/20, Fa0/21<br />
Fa0/22, Fa0/23, Fa0/24, Gi0/1<br />
Gi0/2<br />
10 Accounting active Fa0/4, Fa0/5, Fa0/6<br />
20 Marketing active Fa0/7, Fa0/8, Fa0/9<br />
1002 fddi-default active<br />
1003 token-ring-default active<br />
1004 fddinet-default active<br />
1005 trnet-default active<br />
S1#show vtp status<br />
VTP Version : 2<br />
Configuration Revision : 2<br />
Maximum VLANs supported locally : 250<br />
Number of existing VLANs : 7<br />
VTP Operating Mode : Server
VTP Domain Name : Group1<br />
VTP Pruning Mode : Disabled<br />
VTP V2 Mode : Disabled<br />
VTP Traps Generation : Disabled<br />
MD5 digest : 0xB9 0x8C 0x14 0x31 0x5F 0x85 0x67 0xFC<br />
Configuration last modified by 172.16.1.3 at 3-1-93 00:02:29<br />
Local updater ID is 172.16.1.3 on interface Vl1 (lowest numbered VLAN interface found)<br />
S1#show spanning-tree summary<br />
Switch is in pvst mode<br />
Root bridge for: VLAN0001, VLAN0010<br />
EtherChannel misconfiguration guard is enabled<br />
Extended system ID is enabled<br />
Portfast is disabled by default<br />
PortFast BPDU Guard is disabled by default<br />
Portfast BPDU Filter is disabled by default<br />
Loopguard is disabled by default<br />
UplinkFast is disabled<br />
BackboneFast is disabled<br />
Pathcost method used is short<br />
Name Blocking Listening Learning Forwarding STP Active<br />
---------------------- -------- --------- -------- ---------- ----------<br />
VLAN0001 0 0 0 3 3<br />
VLAN0010 0 0 0 3 3<br />
VLAN0020 1 0 0 2 3<br />
---------------------- -------- --------- -------- ---------- ----------<br />
3 vlans 1 0 0 8 9<br />
S1#show version<br />
Cisco Internetwork Operating System Software<br />
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(13)EA1, RELEASE SOFTWARE (fc1)<br />
Copyright (c) 1986-2003 by cisco Systems, Inc.<br />
Compiled Tue 04-Mar-03 02:14 by yenanh<br />
Image text-base: 0x80010000, data-base: 0x805A8000<br />
ROM: Bootstrap program is CALHOUN boot loader<br />
S1 uptime is 34 minutes<br />
System returned to ROM by power-on<br />
System image file is "flash:c2950-i6q4l2-mz.121-13.EA1.bin"<br />
Appendix D: <strong>CCNA</strong> 3 Skills-Based Assessment Practice 493<br />
cisco WS-C2950T-24 (RC32300) processor (revision K0) with 20839K bytes of memory<br />
.<br />
Processor board ID FOC0743Y1E3<br />
Last reset from system-reset
494 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Running Enhanced Image<br />
24 FastEthernet/IEEE 802.3 interface(s)<br />
2 Gigabit Ethernet/IEEE 802.3 interface(s)<br />
32K bytes of flash-simulated non-volatile configuration memory.<br />
Base ethernet MAC Address: 00:0E:38:5D:E3:80<br />
Motherboard assembly number: 73-6114-09<br />
Power supply part number: 34-0965-01<br />
Motherboard serial number: FOC07430LSF<br />
Power supply serial number: DAB0742EDCL<br />
Model revision number: K0<br />
Motherboard revision number: A0<br />
Model number: WS-C2950T-24<br />
System serial number: FOC0743Y1E3<br />
Configuration register is 0xF<br />
S2<br />
S2#show run<br />
Building configuration...<br />
hostname S2<br />
!<br />
enable secret class<br />
!<br />
no ip domain-lookup<br />
ip host S1 172.16.1.3<br />
ip host R1 172.16.1.1<br />
!<br />
!<br />
spanning-tree vlan 20 priority 24576<br />
!<br />
!------------------------------------------<br />
!VTP <strong>and</strong> VLAN Configurations<br />
!----------------------------------------vtp<br />
mode client<br />
vtp domain Group1<br />
vtp password cisco<br />
!------------------------------------------<br />
!<br />
interface FastEthernet0/1<br />
shutdown<br />
!<br />
interface FastEthernet0/2<br />
switchport mode trunk<br />
!<br />
interface FastEthernet0/3
switchport mode trunk<br />
!<br />
interface range FastEthernet0/4 - 6<br />
switchport access vlan 10<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
switchport port-security maximum 1<br />
switchport port-security violation shutdown<br />
!<br />
interface range FastEthernet0/7 - 9<br />
switchport access vlan 20<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
switchport port-security maximum 1<br />
switchport port-security violation shutdown<br />
!<br />
interface range FastEthernet0/10 - 24<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
switchport port-security maximum 1<br />
switchport port-security violation shutdown<br />
!<br />
interface Vlan1<br />
ip address 172.16.1.4 255.255.255.0<br />
no shutdown<br />
!<br />
ip default-gateway 172.16.1.1<br />
ip http server<br />
!<br />
banner motd $<br />
***********************************<br />
!!!AUTHORIZE ACCESS ONLY!!!<br />
***********************************<br />
$<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
exec-timeout 0 0<br />
password cisco<br />
Appendix D: <strong>CCNA</strong> 3 Skills-Based Assessment Practice 495
496 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
logging synchronous<br />
login<br />
line vty 5 15<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
end<br />
S2#show vlan brief<br />
VLAN Name Status Ports<br />
---- -------------------------------- --------- -------------------------------<br />
1 default active Fa0/1, Fa0/10, Fa0/11, Fa0/12<br />
Fa0/13, Fa0/14, Fa0/15, Fa0/16<br />
Fa0/17, Fa0/18, Fa0/19, Fa0/20<br />
Fa0/21, Fa0/22, Fa0/23, Fa0/24<br />
10 Accounting active Fa0/4, Fa0/5, Fa0/6<br />
20 Marketing active Fa0/7, Fa0/8, Fa0/9<br />
1002 fddi-default active<br />
1003 token-ring-default active<br />
1004 fddinet-default active<br />
1005 trnet-default active<br />
S2#show vtp status<br />
VTP Version : 2<br />
Configuration Revision : 2<br />
Maximum VLANs supported locally : 64<br />
Number of existing VLANs : 7<br />
VTP Operating Mode : Client<br />
VTP Domain Name : Group1<br />
VTP Pruning Mode : Disabled<br />
VTP V2 Mode : Disabled<br />
VTP Traps Generation : Disabled<br />
MD5 digest : 0xB9 0x8C 0x14 0x31 0x5F 0x85 0x67 0xFC<br />
Configuration last modified by 172.16.1.3 at 3-1-93 00:02:29<br />
S2#show spanning-tree summary<br />
Switch is in pvst mode<br />
Root bridge for: VLAN0020<br />
EtherChannel misconfiguration guard is enabled<br />
Extended system ID is enabled<br />
Portfast is disabled by default<br />
PortFast BPDU Guard is disabled by default<br />
Portfast BPDU Filter is disabled by default<br />
Loopguard is disabled by default
UplinkFast is disabled<br />
BackboneFast is disabled<br />
Pathcost method used is short<br />
Name Blocking Listening Learning Forwarding STP Active<br />
---------------------- -------- --------- -------- ---------- ----------<br />
VLAN0001 1 0 0 1 2<br />
VLAN0010 1 0 0 1 2<br />
VLAN0020 0 0 0 2 2<br />
---------------------- -------- --------- -------- ---------- ----------<br />
3 vlans 2 0 0 4 6<br />
S2#show version<br />
Cisco Internetwork Operating System Software<br />
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(13)EA1, RELEASE SOFTWARE (fc1)<br />
Copyright (c) 1986-2003 by cisco Systems, Inc.<br />
Compiled Tue 04-Mar-03 02:14 by yenanh<br />
Image text-base: 0x80010000, data-base: 0x805A8000<br />
ROM: Bootstrap program is CALHOUN boot loader<br />
S2 uptime is 35 minutes<br />
System returned to ROM by power-on<br />
System image file is "flash:/c2950-i6q4l2-mz.121-13.EA1.bin"<br />
cisco WS-C2950-24 (RC32300) processor (revision J0) with 20839K bytes of memory.<br />
Processor board ID FHK0728W0XH<br />
Last reset from system-reset<br />
Running St<strong>and</strong>ard Image<br />
24 FastEthernet/IEEE 802.3 interface(s)<br />
32K bytes of flash-simulated non-volatile configuration memory.<br />
Base ethernet MAC Address: 00:0D:65:62:E3:80<br />
Motherboard assembly number: 73-5781-11<br />
Power supply part number: 34-0965-01<br />
Motherboard serial number: FOC07280RA4<br />
Power supply serial number: DAB07278PCM<br />
Model revision number: J0<br />
Motherboard revision number: A0<br />
Model number: WS-C2950-24<br />
System serial number: FHK0728W0XH<br />
Configuration register is 0xF<br />
S2#<br />
Appendix D: <strong>CCNA</strong> 3 Skills-Based Assessment Practice 497
498 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
<strong>CCNA</strong> 3 Comprehensive Skills-Based Assessment<br />
Table D-1 VLSM Addressing Scheme<br />
Device Name Interface Address Subnet Mask<br />
ISP Lo0 209.165.202.192 255.255.255.255<br />
S0 209.165.201.1 255.255.255.252<br />
CORE S0 209.165.201.2 255.255.255.252<br />
E0 172.16.7.65 255.255.255.248<br />
DIST-A Lo0 209.165.200.225 255.255.255.255<br />
S0 172.16.7.81 255.255.255.252<br />
E0 172.16.7.66 255.255.255.248<br />
DIST-B Lo0 172.16.7.1 255.255.255.192<br />
S0 172.16.7.85 255.255.255.252<br />
E0 172.16.7.67 255.255.255.248<br />
DIST-C S0 172.16.7.82 255.255.255.252<br />
S1 172.16.7.86 255.255.255.252<br />
F0.1 172.16.7.73 255.255.255.248<br />
F0.10 172.16.0.1 255.255.252.0<br />
F0.20 172.16.4.1 255.255.254.0<br />
F0.30 172.16.6.1 255.255.255.0<br />
ALSw-A VLAN 1 172.16.7.74 255.255.255.248<br />
ALSw-B VLAN 1 172.16.7.75 255.255.255.248<br />
Objectives<br />
Demonstrate a comprehensive implementation of <strong>CCNA</strong> 3 skills by completing the following:<br />
■ Design a VLSM addressing scheme to meet requirements<br />
■ Configure OSPF, static, <strong>and</strong> default routing<br />
■ Configure STP <strong>and</strong> port security<br />
■ Configure VTP <strong>and</strong> VLANs<br />
■ Verify your configuration <strong>and</strong> gather documentation<br />
Scenario<br />
You are the network administrator for a small corporation. You are planning a migration to a three-layer<br />
hierarchical design using OSPF <strong>and</strong> VLANs. At the core layer, your router will provide access to the<br />
Internet. At the distribution layer, you will use one router for access to your public Web servers (DIST-A),<br />
one router for access to the enterprise server farm (DIST-B), <strong>and</strong> one router for routing VLANs (DIST-C).<br />
At the access layer, you will trunk two switches with VLAN implementation. In addition, you will completely<br />
redesign your addressing scheme using VLSM.
Design Considerations<br />
You can use any five routers at your disposal. However, DIST-C must be a 1700 or 2600 series router that<br />
will support routing VLANs. The server LANs off of ISP, DIST-A, <strong>and</strong> DIST-B can be simulated with<br />
loopback interfaces.<br />
Task 1: Lab Setup<br />
Step 1. Cable the lab with available equipment in the configuration shown in Figure D-3.<br />
Step 2. Label Figure D-3 with the appropriate interface names (such as S0, S0/0, E0, Fa0, <strong>and</strong> so on).<br />
Step 3. Label serial interfaces with the appropriate DTE or DCE designation.<br />
Task 2: Addressing Scheme<br />
Appendix D: <strong>CCNA</strong> 3 Skills-Based Assessment Practice 499<br />
Design an appropriate VLSM addressing scheme using the following method to assign subnets <strong>and</strong> interface<br />
addresses. Maximize the number of host addresses at each level of subnetting.<br />
Step 1. VLSM Level 1: Subnet the given address space 172.16.0.0/16 to provide enough addresses for<br />
1000 hosts <strong>and</strong> assign subnet zero to VLAN 10.<br />
Step 2. VLSM Level 2: Using subnet 1 left over from VLSM Level 1, subnet it to provide enough<br />
addresses for 500 hosts <strong>and</strong> assign subnet 0 to VLAN 20.<br />
Step 3. VLSM Level 3: Using subnet 1 left over from VLSM Level 2, subnet it to provide enough<br />
addresses for 250 hosts <strong>and</strong> assign subnet 0 to VLAN 30.<br />
Step 4. VLSM Level 4: Using subnet 1 left over from VLSM Level 3, subnet it to provide enough<br />
addresses for 60 hosts <strong>and</strong> assign subnet 0 to the server farm.<br />
Step 5. VLSM Level 5: Using subnet 1 left over from VLSM Level 4, subnet it to provide enough<br />
addresses for three hosts. Assign subnet 0 to the CORE LAN (three hosts) <strong>and</strong> subnet 1 to<br />
VLAN 1 (three hosts).<br />
Step 6. VLSM Level 6: Using subnet 2 left over from VLSM Level 5, subnet it to provide enough<br />
addresses for the remaining two WAN links. Assign subnet 0 to the WAN link between DIST-A<br />
<strong>and</strong> DIST-C <strong>and</strong> subnet 1 to the WAN link between DIST-B <strong>and</strong> DIST-C.<br />
Step 7. Fill in Table D-1 with your addressing design <strong>and</strong> label the topology with the assigned subnets.<br />
Step 8. On the topology in Figure D-3, label each interface with the last two octets of the interface’s IP<br />
address.
500 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Figure D-3 <strong>CCNA</strong> 3 Comprehensive Skills-Based Assessment (Answer)<br />
Outside Public Web<br />
Server:<br />
209.165.202.129/32<br />
Lo0<br />
ISP<br />
Private Address<br />
Space<br />
172.16.0.0/16<br />
S0<br />
.201.1/30<br />
Task 3: Basic Router <strong>and</strong> Switch Configuration<br />
Erase the stored configuration on all routers <strong>and</strong> switches <strong>and</strong> reload without saving changes. Configure<br />
each with the following basic configurations:<br />
■ Hostnames<br />
■ Passwords<br />
■ Host table<br />
209.165.201.0/30<br />
Interface designations will<br />
depend on equipment used.<br />
S0<br />
.201.2/30<br />
CORE<br />
E0<br />
.7.65/29<br />
Lo0<br />
E0 E0<br />
.7.66/29 .7.67/29<br />
Lo0<br />
DIST-A S0<br />
S0 DIST-B<br />
OSPF<br />
Server Farm<br />
.7.85/30<br />
.7.81/30<br />
S0 S1<br />
Inside Public Web<br />
Server:<br />
209.165.200.225/32<br />
.7.82/30 .7.86/30<br />
DIST-C<br />
VLAN 1 .7.75/29<br />
Fa0.1 .7.73/20<br />
Fa0.10 0.1/22<br />
Fa0.20 .4.1/23<br />
Fa0.30 .6.1/24<br />
VLAN 1 .7.74/29<br />
ALSw-A 802.1Q Trunk<br />
ALSw-B<br />
VLAN 10 VLAN 20 VLAN 30 VLAN 10 VLAN 20 VLAN 30
■ Console line <strong>and</strong> Telnet lines<br />
■ Interface addresses<br />
Task 4: Configure OSPF, Static, <strong>and</strong> Default Routing<br />
Step 1. Configure OSPF to advertise all inside routes:<br />
■ The ISP router is not to participate in OSPF.<br />
■ CORE is not to advertise the WAN link it shares with ISP.<br />
■ Make sure DIST-A advertises the inside public web server.<br />
Step 2. CORE must never be DR <strong>and</strong> DIST-A must always be DR.<br />
Step 3. Configure a 5-second hello interval on OSPF enabled routers.<br />
Step 4. Configure OSPF routers to use MD5 authentication.<br />
Step 5. Set the LAN interface on DIST-C to passive so that OSPF updates do not get sent out to<br />
ALSw-A.<br />
Step 6. Configure CORE with a default static route to ISP.<br />
Step 7. Advertise the default route to the rest of the inside routers.<br />
Step 8. Configure ISP with a static route to the 172.16.0.0/16 address space <strong>and</strong> a static route to the<br />
inside web server at 209.165.200.225/32.<br />
Step 9. Verify that inside routers can now ping the outside web server.<br />
Task 5: Spanning Tree <strong>and</strong> Port Security<br />
Step 1. Configure ALSw-A to be the STP root bridge for VLAN 1 <strong>and</strong> VLAN 10.<br />
Step 2. Configure ALSw-B to be the STP root bridge for VLAN 20 <strong>and</strong> VLAN 30.<br />
Step 3. On both switches, configure the following on all access ports:<br />
■ Set the ports to access mode.<br />
■ Enable port security.<br />
■ Enable the first MAC address to stick to the configuration.<br />
■ Enable port shutdown if there is a security violation.<br />
Step 4. If necessary for your switch platform, configure the switch trunk links to use IEEE 802.1Q.<br />
Task 6: VLAN <strong>and</strong> VTP Configuration<br />
Step 1. Configure ALSw-A to be the VTP server in the VTP domain <strong>CCNA</strong>3 with an appropriate<br />
password.<br />
Step 2. Configure ALSw-B to be a VTP client in the VTP domain <strong>CCNA</strong>3 with the correct password.<br />
Step 3. Configure the VTP server with the following VLANs:<br />
Appendix D: <strong>CCNA</strong> 3 Skills-Based Assessment Practice 501<br />
■ VLAN 10: Finance<br />
■ VLAN 20: Sales<br />
■ VLAN 30: Purchasing<br />
Step 4. Choose the ports to assign to each VLAN. It is not necessary to configure every port with a<br />
VLAN.
502 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
Task 7: Verify Configurations <strong>and</strong> Gather Documentation<br />
Step 1. You should now have full connectivity from any host on the network to any other host. Verify<br />
end-to-end connectivity.<br />
Step 2. When satisfied with your configurations, gather documentation for future reference. On all five<br />
routers, capture the following output:<br />
■ show run<br />
■ show ip route<br />
■ show ip interface brief<br />
■ show ip ospf neighbors<br />
Step 3. On the two switches, capture the following output:<br />
ISP<br />
■ show run<br />
■ show vlan brief<br />
■ show vtp status<br />
ISP#show run<br />
Building configuration...<br />
hostname ISP<br />
!<br />
enable secret class<br />
!<br />
no ip domain-lookup<br />
ip host DA 172.16.7.66 172.16.7.81<br />
ip host DB 172.16.7.67 172.16.7.85<br />
ip host DC 172.16.7.82 172.16.7.86<br />
ip host CORE 209.165.201.2<br />
ip host SA 172.16.7.74<br />
ip host SB 172.16.7.75<br />
!<br />
interface Loopback0<br />
description Simulated Outside Public Web Server<br />
ip address 209.165.202.129 255.255.255.255<br />
!<br />
interface Serial0<br />
description Link to Enterprise<br />
ip address 200.20.2.1 255.255.255.252<br />
clockrate 64000<br />
no shutdown<br />
!<br />
ip route 209.165.200.225 255.255.255.255 Serial0<br />
ip route 172.16.0.0 255.255.0.0 Serial0<br />
!
!<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line aux 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
!<br />
end<br />
ISP#show ip interface brief<br />
Interface IP-Address OK? Method Status Protocol<br />
Ethernet0 unassigned YES unset administratively down down<br />
Loopback0 209.165.202.129 YES manual up up<br />
Serial0 200.20.2.1 YES manual up up<br />
Serial1 unassigned YES unset administratively down down<br />
ISP#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
209.165.201.0/30 is subnetted, 1 subnets<br />
C 209.165.201.0 is directly connected, Serial0<br />
S 172.16.0.0/16 is directly connected, Serial0<br />
209.165.200.0/32 is subnetted, 1 subnets<br />
S 209.165.200.225 is directly connected, Serial0<br />
209.165.202.0/32 is subnetted, 1 subnets<br />
C 209.165.202.129 is directly connected, Loopback0<br />
ISP#show version<br />
Cisco Internetwork Operating System Software<br />
Appendix D: <strong>CCNA</strong> 3 Skills-Based Assessment Practice 503
504 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
IOS (tm) 2500 Software (C2500-JS-L), Version 12.2(13b), RELEASE SOFTWARE (fc1)<br />
Copyright (c) 1986-2003 by cisco Systems, Inc.<br />
Compiled Thu 20-Feb-03 14:09 by pwade<br />
Image text-base: 0x0307C780, data-base: 0x00001000<br />
ROM: System Bootstrap, Version 11.0(10c), SOFTWARE<br />
BOOTLDR: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFTWARE (fc1)<br />
ISP uptime is 6 days, 2 hours, 55 minutes<br />
System returned to ROM by reload<br />
System image file is "flash:c2500-js-l.122-13b.bin"<br />
cisco 2500 (68030) processor (revision N) with 14336K/2048K bytes of memory.<br />
Processor board ID 18423267, with hardware revision 00000000<br />
Bridging software.<br />
X.25 software, Version 3.0.0.<br />
SuperLAT software (copyright 1990 by Meridian Technology Corp).<br />
TN3270 Emulation software.<br />
1 Ethernet/IEEE 802.3 interface(s)<br />
2 Serial network interface(s)<br />
32K bytes of non-volatile configuration memory.<br />
16384K bytes of processor board System flash (Read ONLY)<br />
Configuration register is 0x2102<br />
CORE<br />
CORE#show run<br />
Building configuration...<br />
hostname CORE<br />
!<br />
enable secret class<br />
!<br />
ip subnet-zero<br />
no ip domain-lookup<br />
ip host SB 172.16.7.75<br />
ip host SA 172.16.7.74<br />
ip host ISP 209.165.201.2<br />
ip host DC 172.16.7.82 172.16.7.86<br />
ip host DB 172.16.7.67 172.16.7.85<br />
ip host DA 172.16.7.66 172.16.7.81<br />
ip host WEB 209.165.202.129<br />
!<br />
interface Ethernet0<br />
description Link to Distribution Layer
ip address 172.16.7.65 255.255.255.248<br />
ip ospf priority 0<br />
ip ospf message-digest-key 1 md5 allrouters<br />
ip ospf hello-interval 5<br />
no shutdown<br />
!<br />
interface Serial0<br />
description Link to ISP<br />
ip address 209.165.201.2 255.255.255.252<br />
no shutdown<br />
!<br />
router ospf 1<br />
network 172.16.7.64 0.0.0.7 area 0<br />
area 0 authentication message-digest<br />
default-information originate<br />
!<br />
ip route 0.0.0.0 0.0.0.0 Serial0<br />
!<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line aux 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
!<br />
end<br />
Appendix D: <strong>CCNA</strong> 3 Skills-Based Assessment Practice 505<br />
CORE#show ip interface brief<br />
Interface IP-Address OK? Method Status Protocol<br />
Ethernet0 172.16.7.65 YES NVRAM up up<br />
Serial0 209.165.201.2 YES NVRAM up up<br />
Serial1 unassigned YES NVRAM administratively down down<br />
CORE#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
506 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is 0.0.0.0 to network 0.0.0.0<br />
209.165.201.2/30 is subnetted, 1 subnets<br />
C 209.165.201.0 is directly connected, Serial0<br />
172.16.0.0/16 is variably subnetted, 8 subnets, 6 masks<br />
O 172.16.4.0/23 [110/75] via 172.16.7.67, 1d21h, Ethernet0<br />
[110/75] via 172.16.7.66, 1d21h, Ethernet0<br />
O 172.16.7.1/32 [110/11] via 172.16.7.67, 1d21h, Ethernet0<br />
O 172.16.6.0/24 [110/75] via 172.16.7.67, 1d21h, Ethernet0<br />
[110/75] via 172.16.7.66, 1d21h, Ethernet0<br />
O 172.16.0.0/22 [110/75] via 172.16.7.67, 1d21h, Ethernet0<br />
[110/75] via 172.16.7.66, 1d21h, Ethernet0<br />
O 172.16.7.80/30 [110/74] via 172.16.7.66, 1d21h, Ethernet0<br />
O 172.16.7.84/30 [110/74] via 172.16.7.67, 1d21h, Ethernet0<br />
O 172.16.7.72/29 [110/75] via 172.16.7.67, 1d21h, Ethernet0<br />
[110/75] via 172.16.7.66, 1d21h, Ethernet0<br />
C 172.16.7.64/29 is directly connected, Ethernet0<br />
209.165.200.0/32 is subnetted, 1 subnets<br />
O 209.165.200.255 [110/11] via 172.16.7.66, 1d21h, Ethernet0<br />
S* 0.0.0.0/0 is directly connected, Serial0<br />
CORE#show ip ospf 1<br />
Routing Process "ospf 1" with ID 209.165.201.0<br />
Supports only single TOS(TOS0) routes<br />
Supports opaque LSA<br />
It is an autonomous system boundary router<br />
Redistributing External Routes from,<br />
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs<br />
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs<br />
Number of external LSA 1. Checksum Sum 0x00C4B6<br />
Number of opaque AS LSA 0. Checksum Sum 0x000000<br />
Number of DCbitless external <strong>and</strong> opaque AS LSA 0<br />
Number of DoNotAge external <strong>and</strong> opaque AS LSA 0<br />
Number of areas in this router is 1. 1 normal 0 stub 0 nssa<br />
External flood list length 0<br />
Area BACKBONE(0)<br />
Number of interfaces in this area is 1<br />
Area has no authentication<br />
SPF algorithm executed 14 times
Area ranges are<br />
Number of LSA 5. Checksum Sum 0x01DCA5<br />
Number of opaque link LSA 0. Checksum Sum 0x000000<br />
Number of DCbitless LSA 0<br />
Number of indication LSA 0<br />
Number of DoNotAge LSA 0<br />
Flood list length 0<br />
CORE#<br />
CORE#show version<br />
Cisco Internetwork Operating System Software<br />
IOS (tm) 2500 Software (C2500-JS-L), Version 12.2(13b), RELEASE SOFTWARE (fc1)<br />
Copyright (c) 1986-2003 by cisco Systems, Inc.<br />
Compiled Thu 20-Feb-03 14:09 by pwade<br />
Image text-base: 0x0307C780, data-base: 0x00001000<br />
ROM: System Bootstrap, Version 11.0(10c), SOFTWARE<br />
BOOTLDR: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFTWARE (fc1)<br />
CORE uptime is 2 days, 34 minutes<br />
System returned to ROM by power-on<br />
System image file is "flash:/c2500-js-l.122-13b.bin"<br />
cisco 2500 (68030) processor (revision N) with 14336K/2048K bytes of memory.<br />
Processor board ID 18423246, with hardware revision 00000000<br />
Bridging software.<br />
X.25 software, Version 3.0.0.<br />
SuperLAT software (copyright 1990 by Meridian Technology Corp).<br />
TN3270 Emulation software.<br />
1 Ethernet/IEEE 802.3 interface(s)<br />
2 Serial network interface(s)<br />
32K bytes of non-volatile configuration memory.<br />
16384K bytes of processor board System flash (Read ONLY)<br />
Configuration register is 0x2102<br />
DIST-A<br />
DIST-A#show run<br />
Building configuration...<br />
hostname DIST-A<br />
!<br />
enable secret class<br />
!<br />
Appendix D: <strong>CCNA</strong> 3 Skills-Based Assessment Practice 507
508 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
no ip domain-lookup<br />
ip host CORE 172.16.7.65<br />
ip host WEB 209.165.202.129<br />
ip host DB 172.16.7.67 172.16.7.85<br />
ip host DC 172.16.7.82 172.16.7.86<br />
ip host ISP 209.165.201.1<br />
ip host SA 172.16.7.74<br />
ip host SB 172.16.7.75<br />
!<br />
interface Loopback0<br />
description Simulated Inside Public Web Server<br />
ip address 145.46.47.48 255.255.255.255<br />
!<br />
interface Ethernet0<br />
description Link to CORE <strong>and</strong> DIST-B<br />
ip address 172.16.7.66 255.255.255.248<br />
ip ospf message-digest-key 1 md5 allrouters<br />
ip ospf hello-interval 5<br />
ip ospf priority 2<br />
!<br />
interface Serial0<br />
description Link to DIST-C<br />
ip address 172.16.7.81 255.255.255.252<br />
ip ospf message-digest-key 1 md5 allrouters<br />
ip ospf hello-interval 5<br />
clockrate 64000<br />
!<br />
router ospf 1<br />
area 0 authentication message-digest<br />
network 145.46.47.48 0.0.0.0 area 0<br />
network 172.16.7.64 0.0.0.7 area 0<br />
network 172.16.7.80 0.0.0.3 area 0<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line aux 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
exec-timeout 0 0
password cisco<br />
logging synchronous<br />
login<br />
!<br />
end<br />
DIST-A#show ip interface brief<br />
Interface IP-Address OK? Method Status Protocol<br />
Ethernet0 172.16.7.66 YES manual up up<br />
Loopback0 145.46.47.48 YES manual up up<br />
Serial0 172.16.7.81 YES manual up up<br />
Serial1 unassigned YES unset administratively down down<br />
DIST-A#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is 172.16.7.65 to network 0.0.0.0<br />
172.16.0.0/16 is variably subnetted, 8 subnets, 6 masks<br />
O 172.16.4.0/23 [110/65] via 172.16.7.82, 1d21h, Serial0<br />
O 172.16.7.1/32 [110/11] via 172.16.7.67, 1d21h, Ethernet0<br />
O 172.16.6.0/24 [110/65] via 172.16.7.82, 1d21h, Serial0<br />
O 172.16.0.0/22 [110/65] via 172.16.7.82, 1d21h, Serial0<br />
C 172.16.7.80/30 is directly connected, Serial0<br />
O 172.16.7.84/30 [110/74] via 172.16.7.67, 1d21h, Ethernet0<br />
O 172.16.7.72/29 [110/65] via 172.16.7.82, 1d21h, Serial0<br />
C 172.16.7.64/29 is directly connected, Ethernet0<br />
209.165.200.0/32 is subnetted, 1 subnets<br />
C 209.165.200.225 is directly connected, Loopback0<br />
O*E2 0.0.0.0/0 [110/1] via 172.16.7.65, 1d21h, Ethernet0<br />
DIST-A#show ip ospf neighbor<br />
Appendix D: <strong>CCNA</strong> 3 Skills-Based Assessment Practice 509<br />
Neighbor ID Pri State Dead Time Address Interface<br />
209.165.201.2 0 FULL/DROTHER 00:00:35 172.16.7.65 Ethernet0<br />
172.16.7.67 1 FULL/BDR 00:00:34 172.16.7.67 Ethernet0<br />
172.16.7.82 1 FULL/ - 00:00:36 172.16.7.82 Serial0
510 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
DIST-A#show ip ospf 1<br />
Routing Process "ospf 1" with ID 172.16.7.81<br />
Supports only single TOS(TOS0) routes<br />
Supports opaque LSA<br />
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs<br />
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs<br />
Number of external LSA 1. Checksum Sum 0x00C4B6<br />
Number of opaque AS LSA 0. Checksum Sum 0x000000<br />
Number of DCbitless external <strong>and</strong> opaque AS LSA 0<br />
Number of DoNotAge external <strong>and</strong> opaque AS LSA 0<br />
Number of areas in this router is 1. 1 normal 0 stub 0 nssa<br />
External flood list length 0<br />
Area BACKBONE(0)<br />
Number of interfaces in this area is 3<br />
Area has no authentication<br />
SPF algorithm executed 36 times<br />
Area ranges are<br />
Number of LSA 5. Checksum Sum 0x01DCA5<br />
Number of opaque link LSA 0. Checksum Sum 0x000000<br />
Number of DCbitless LSA 0<br />
Number of indication LSA 0<br />
Number of DoNotAge LSA 0<br />
Flood list length 0<br />
DIST-A#show version<br />
Cisco Internetwork Operating System Software<br />
IOS (tm) 2500 Software (C2500-JS-L), Version 12.2(13b), RELEASE SOFTWARE (fc1)<br />
Copyright (c) 1986-2003 by cisco Systems, Inc.<br />
Compiled Thu 20-Feb-03 14:09 by pwade<br />
Image text-base: 0x0307C780, data-base: 0x00001000<br />
ROM: System Bootstrap, Version 11.0(10c), SOFTWARE<br />
BOOTLDR: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFTWARE (fc1)<br />
DIST-A uptime is 6 days, 3 hours, 3 minutes<br />
System returned to ROM by reload<br />
System image file is "flash:/c2500-js-l.122-13b.bin"<br />
cisco 2500 (68030) processor (revision N) with 14336K/2048K bytes of memory.<br />
Processor board ID 18424578, with hardware revision 00000000<br />
Bridging software.<br />
X.25 software, Version 3.0.0.<br />
SuperLAT software (copyright 1990 by Meridian Technology Corp).<br />
TN3270 Emulation software.<br />
1 Ethernet/IEEE 802.3 interface(s)<br />
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.<br />
16384K bytes of processor board System flash (Read ONLY)<br />
Configuration register is 0x2102<br />
DIST-B<br />
DIST-B#show run<br />
Building configuration...<br />
hostname DIST-B<br />
!<br />
enable secret class<br />
!<br />
ip subnet-zero<br />
no ip domain-lookup<br />
ip host CORE 172.16.7.65<br />
ip host DC 172.16.7.82 172.16.7.86<br />
ip host WEB 209.165.202.129<br />
ip host DA 172.16.7.66 172.16.7.81<br />
ip host ISP 209.165.201.1<br />
ip host SA 172.16.7.74<br />
ip host SB 172.16.7.75<br />
!<br />
!<br />
interface Loopback0<br />
description Link to Simulated Enterprise Server Farm<br />
ip address 172.16.7.1 255.255.255.192<br />
!<br />
interface Ethernet0<br />
description Link to CORE <strong>and</strong> DIST-A<br />
ip address 172.16.7.67 255.255.255.248<br />
ip ospf message-digest-key 1 md5 allrouters<br />
ip ospf hello-interval 5<br />
no shutdown<br />
!<br />
interface Serial0<br />
description Link to DIST-C<br />
ip address 172.16.7.85 255.255.255.252<br />
ip ospf message-digest-key 1 md5 allrouters<br />
ip ospf hello-interval 5<br />
no shutdown<br />
!<br />
router ospf 1<br />
area 0 authentication message-digest<br />
network 172.16.7.0 0.0.0.63 area 0<br />
Appendix D: <strong>CCNA</strong> 3 Skills-Based Assessment Practice 511
512 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
network 172.16.7.64 0.0.0.7 area 0<br />
network 172.16.7.84 0.0.0.3 area 0<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line aux 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
!<br />
end<br />
DIST-B#show ip interface brief<br />
Interface IP-Address OK? Method Status Protocol<br />
Ethernet0 172.16.7.67 YES manual up up<br />
Ethernet1 unassigned YES unset administratively down down<br />
Loopback0 172.16.7.1 YES manual up up<br />
Serial0 172.16.7.85 YES manual up up<br />
Serial1 unassigned YES unset administratively down down<br />
DIST-B#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is 172.16.7.65 to network 0.0.0.0<br />
172.16.0.0/16 is variably subnetted, 8 subnets, 6 masks<br />
O 172.16.4.0/23 [110/65] via 172.16.7.86, 1d21h, Serial0<br />
O 172.16.6.0/24 [110/65] via 172.16.7.86, 1d21h, Serial0<br />
C 172.16.7.0/26 is directly connected, Loopback0<br />
O 172.16.0.0/22 [110/65] via 172.16.7.86, 1d21h, Serial0<br />
O 172.16.7.80/30 [110/74] via 172.16.7.66, 1d21h, Ethernet0
C 172.16.7.84/30 is directly connected, Serial0<br />
O 172.16.7.72/29 [110/65] via 172.16.7.86, 1d21h, Serial0<br />
C 172.16.7.64/29 is directly connected, Ethernet0<br />
209.165.200.0/32 is subnetted, 1 subnets<br />
O 209.165.200.225 [110/11] via 172.16.7.66, 1d21h, Ethernet0<br />
O*E2 0.0.0.0/0 [110/1] via 172.16.7.65, 1d21h, Ethernet0<br />
DIST-B#show ip ospf neighbor<br />
Appendix D: <strong>CCNA</strong> 3 Skills-Based Assessment Practice 513<br />
Neighbor ID Pri State Dead Time Address Interface<br />
172.16.7.82 1 FULL/ - 00:00:39 172.16.7.86 Serial0<br />
200.20.2.2 0 FULL/DROTHER 00:00:38 172.16.7.65 Ethernet0<br />
172.16.7.81 2 FULL/DR 00:00:35 172.16.7.66 Ethernet0<br />
DIST-B# show ip ospf 1<br />
Routing Process "ospf 1" with ID 172.16.7.67<br />
Supports only single TOS(TOS0) routes<br />
Supports opaque LSA<br />
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs<br />
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs<br />
Number of external LSA 1. Checksum Sum 0x00C4B6<br />
Number of opaque AS LSA 0. Checksum Sum 0x000000<br />
Number of DCbitless external <strong>and</strong> opaque AS LSA 0<br />
Number of DoNotAge external <strong>and</strong> opaque AS LSA 0<br />
Number of areas in this router is 1. 1 normal 0 stub 0 nssa<br />
External flood list length 0<br />
Area BACKBONE(0)<br />
Number of interfaces in this area is 3<br />
Area has no authentication<br />
SPF algorithm executed 36 times<br />
Area ranges are<br />
Number of LSA 5. Checksum Sum 0x01DCA5<br />
Number of opaque link LSA 0. Checksum Sum 0x000000<br />
Number of DCbitless LSA 0<br />
Number of indication LSA 0<br />
Number of DoNotAge LSA 0<br />
Flood list length 0<br />
DIST-B#show version<br />
Cisco Internetwork Operating System Software<br />
IOS (tm) 2500 Software (C2500-JS-L), Version 12.2(13b), RELEASE SOFTWARE (fc1)<br />
Copyright (c) 1986-2003 by cisco Systems, Inc.<br />
Compiled Thu 20-Feb-03 14:09 by pwade<br />
Image text-base: 0x0307C780, data-base: 0x00001000<br />
ROM: System Bootstrap, Version 11.0(10c)XB2, PLATFORM SPECIFIC RELEASE SOFTWARE (fc1)
514 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
BOOTLDR: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c)XB2, PLATFORM SPECIFIC<br />
RELEASE SOFTWARE (fc1)<br />
DIST-B uptime is 6 days, 2 hours, 57 minutes<br />
System returned to ROM by reload<br />
System image file is "flash:c2500-js-l.122-13b.bin"<br />
cisco 2500 (68030) processor (revision L) with 14336K/2048K bytes of memory.<br />
Processor board ID 19482472, with hardware revision 00000000<br />
Bridging software.<br />
X.25 software, Version 3.0.0.<br />
SuperLAT software (copyright 1990 by Meridian Technology Corp).<br />
TN3270 Emulation software.<br />
2 Ethernet/IEEE 802.3 interface(s)<br />
2 Serial network interface(s)<br />
32K bytes of non-volatile configuration memory.<br />
16384K bytes of processor board System flash (Read ONLY)<br />
Configuration register is 0x2102<br />
DIST-C<br />
DIST-C#show run<br />
Building configuration...<br />
hostname DIST-C<br />
!<br />
enable secret class<br />
!<br />
ip subnet-zero<br />
no ip domain-lookup<br />
ip host CORE 172.16.7.65<br />
ip host WEB 183.84.85.86<br />
ip host DB 172.16.7.85 172.16.7.67<br />
ip host DA 172.16.7.81 172.16.7.66<br />
ip host ISP 200.20.2.1<br />
ip host SA 172.16.7.74<br />
ip host SB 172.16.7.75<br />
!<br />
!------------------------------------------------<br />
!Although DHCP is not taught until Module 1<br />
!in <strong>CCNA</strong>4, it is useful in this Super Lab.<br />
!So the configuration is provided for instructors<br />
!----------------------------------------------ip<br />
dhcp excluded-address 172.16.0.1 172.16.0.10<br />
ip dhcp excluded-address 172.16.4.1 172.16.4.10
ip dhcp excluded-address 172.16.6.1 172.16.6.10<br />
!<br />
ip dhcp pool VLAN10<br />
network 172.16.0.0 255.255.252.0<br />
default-router 172.16.0.1<br />
!<br />
ip dhcp pool VLAN20<br />
network 172.16.4.0 255.255.254.0<br />
default-router 172.16.4.1<br />
!<br />
ip dhcp pool VLAN30<br />
network 172.16.6.0 255.255.255.0<br />
default-router 172.16.6.1<br />
!------------------------------------------------<br />
!<br />
interface FastEthernet0<br />
no shutdown<br />
!<br />
interface FastEthernet0.1<br />
description Management VLAN 1<br />
encapsulation dot1Q 1 native<br />
ip address 172.16.7.73 255.255.255.248<br />
!<br />
interface FastEthernet0.10<br />
description FINANCE subnet VLAN 10<br />
encapsulation dot1Q 10<br />
ip address 172.16.0.1 255.255.252.0<br />
!<br />
interface FastEthernet0.20<br />
description SALES subnet VLAN 20<br />
encapsulation dot1Q 20<br />
ip address 172.16.4.1 255.255.254.0<br />
ip access-group SALES_TRAFFIC in<br />
!<br />
interface FastEthernet0.30<br />
description PURCHASING subnet VLAN 30<br />
encapsulation dot1Q 30<br />
ip address 172.16.6.1 255.255.255.0<br />
ip access-group PURCHASING_TRAFFIC in<br />
!<br />
interface Serial0<br />
description Link to DIST-B<br />
ip ospf message-digest-key 1 md5 allrouters<br />
ip ospf hello-interval 5<br />
ip address 172.16.7.82 255.255.255.252<br />
no shutdown<br />
Appendix D: <strong>CCNA</strong> 3 Skills-Based Assessment Practice 515
516 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
!<br />
interface Serial1<br />
description Link to DIST-A<br />
ip ospf message-digest-key 1 md5 allrouters<br />
ip ospf hello-interval 5<br />
ip address 172.16.7.86 255.255.255.252<br />
clock rate 64000<br />
no shutdown<br />
!<br />
router ospf 1<br />
area 0 authentication message-digest<br />
network 172.16.0.0 0.0.3.255 area 0<br />
network 172.16.4.0 0.0.0.1 area 0<br />
network 172.16.6.0 0.0.0.255 area 0<br />
network 172.16.7.72 0.0.0.7 area 0<br />
network 172.16.7.80 0.0.0.3 area 0<br />
network 172.16.7.84 0.0.0.3 area 0<br />
passive-interface FastEthernet 0<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line aux 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
!<br />
no scheduler allocate<br />
end<br />
DIST-C#show ip interface brief<br />
Interface IP-Address OK? Method Status Protocol<br />
FastEthernet0 unassigned YES unset up up<br />
FastEthernet0.1 172.16.7.73 YES manual up up<br />
FastEthernet0.10 172.16.0.1 YES manual up up<br />
FastEthernet0.20 172.16.4.1 YES manual up up
FastEthernet0.30 172.16.6.1 YES manual up up<br />
Serial0 172.16.7.82 YES manual up up<br />
Serial1 172.16.7.86 YES manual up up<br />
DIST-C#show ip route<br />
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP<br />
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area<br />
* - c<strong>and</strong>idate default, U - per-user static route, o - ODR<br />
P - periodic downloaded static route<br />
Gateway of last resort is 172.16.7.85 to network 0.0.0.0<br />
Appendix D: <strong>CCNA</strong> 3 Skills-Based Assessment Practice 517<br />
172.16.0.0/16 is variably subnetted, 8 subnets, 6 masks<br />
C 172.16.4.0/23 is directly connected, FastEthernet0.20<br />
C 172.16.6.0/24 is directly connected, FastEthernet0.30<br />
O 172.16.7.1/32 [110/782] via 172.16.7.85, 1d21h, Serial1<br />
C 172.16.0.0/22 is directly connected, FastEthernet0.10<br />
C 172.16.7.80/30 is directly connected, Serial0<br />
C 172.16.7.84/30 is directly connected, Serial1<br />
C 172.16.7.72/29 is directly connected, FastEthernet0.1<br />
O 172.16.7.64/29 [110/791] via 172.16.7.81, 1d21h, Serial0<br />
[110/791] via 172.16.7.85, 1d21h, Serial1<br />
209.165.200.0/32 is subnetted, 1 subnets<br />
O 209.165.200.225 [110/782] via 172.16.7.81, 1d21h, Serial0<br />
O*E2 0.0.0.0/0 [110/1] via 172.16.7.85, 1d21h, Serial1<br />
[110/1] via 172.16.7.81, 1d21h, Serial0<br />
DIST-C#show ip ospf 1<br />
Routing Process "ospf 1" with ID 172.16.7.82<br />
Supports only single TOS(TOS0) routes<br />
Supports opaque LSA<br />
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs<br />
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs<br />
LSA group pacing timer 240 secs<br />
Interface flood pacing timer 33 msecs<br />
Retransmission pacing timer 66 msecs<br />
Number of external LSA 1. Checksum Sum 0xC4B6<br />
Number of opaque AS LSA 0. Checksum Sum 0x0<br />
Number of DCbitless external <strong>and</strong> opaque AS LSA 0<br />
Number of DoNotAge external <strong>and</strong> opaque AS LSA 0<br />
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
518 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
External flood list length 0<br />
Area BACKBONE(0)<br />
Number of interfaces in this area is 6<br />
Area has no authentication<br />
SPF algorithm executed 26 times<br />
Area ranges are<br />
Number of LSA 5. Checksum Sum 0x1DCA5<br />
Number of opaque link LSA 0. Checksum Sum 0x0<br />
Number of DCbitless LSA 0<br />
Number of indication LSA 0<br />
Number of DoNotAge LSA 0<br />
Flood list length 0<br />
DIST-C#show ip ospf neighbors<br />
Neighbor ID Pri State Dead Time Address Interface<br />
172.16.7.67 1 FULL/ - 00:00:31 172.16.7.85 Serial1<br />
172.16.7.81 1 FULL/ - 00:00:30 172.16.7.81 Serial0<br />
DIST-C#show version<br />
Cisco Internetwork Operating System Software<br />
IOS (tm) C1700 Software (C1700-Y-M), Version 12.2(4)YB, EARLY DEPLOYMENT RELEASE SOFT-<br />
WARE (fc1)<br />
Synched to technology version 12.2(6.8)T2<br />
TAC Support: http://www.cisco.com/tac<br />
Copyright (c) 1986-2002 by cisco Systems, Inc.<br />
Compiled Fri 15-Mar-02 20:32 by ealyon<br />
Image text-base: 0x80008124, data-base: 0x807D8744<br />
ROM: System Bootstrap, Version 12.2(7r)XM1, RELEASE SOFTWARE (fc1)<br />
ROM: C1700 Software (C1700-Y-M), Version 12.2(4)YB, EARLY DEPLOYMENT RELEASE SOFTWARE<br />
(fc1)<br />
DIST-C uptime is 6 days, 31 minutes<br />
System returned to ROM by power-on<br />
System image file is "flash:c1700-y-mz.122-4.YB.bin"<br />
cisco 1721 (MPC860P) processor (revision 0x100) with 29492K/3276K bytes of memory.<br />
Processor board ID FOC07190RE7 (3108345534), with hardware revision 0000<br />
MPC860P processor: part number 5, mask 2<br />
Bridging software.<br />
X.25 software, Version 3.0.0.<br />
1 FastEthernet/IEEE 802.3 interface(s)<br />
2 Low-speed serial(sync/async) network interface(s)
32K bytes of non-volatile configuration memory.<br />
16384K bytes of processor board System flash (Read/Write)<br />
Configuration register is 0x2102<br />
ALSw-A<br />
ALSw-A#show run<br />
Building configuration...<br />
hostname ALSw-A<br />
!<br />
enable secret class<br />
!<br />
no ip domain-lookup<br />
ip host CORE 172.16.7.65<br />
ip host WEB 209.165.202.129<br />
ip host DC 172.16.7.73<br />
ip host DB 172.16.7.85 172.16.7.67<br />
ip host DA 172.16.7.81 172.16.7.66<br />
ip host ISP 209.165.201.1<br />
ip host SB 172.16.7.75<br />
!<br />
!<br />
spanning-tree vlan 1 priority 4096<br />
spanning-tree vlan 10 priority 24576<br />
!<br />
!<br />
interface FastEthernet0/1<br />
switchport mode trunk<br />
!<br />
interface FastEthernet0/2<br />
switchport mode trunk<br />
!<br />
interface range FastEthernet0/3 - 8<br />
switchport access vlan 10<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
switchport port-security maximum 1<br />
switchport port-security violation shutdown<br />
!<br />
interface range FastEthernet0/9 - 16<br />
switchport access vlan 20<br />
switchport mode access<br />
switchport port-security<br />
Appendix D: <strong>CCNA</strong> 3 Skills-Based Assessment Practice 519
520 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
switchport port-security mac-address sticky<br />
switchport port-security maximum 1<br />
switchport port-security violation shutdown<br />
!<br />
interface range FastEthernet0/17 - 24<br />
switchport access vlan 30<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
switchport port-security maximum 1<br />
switchport port-security violation shutdown<br />
!<br />
interface Vlan1<br />
ip address 172.16.7.74 255.255.255.248<br />
no shutdown<br />
!<br />
ip default-gateway 172.16.7.73<br />
!<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 5 15<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
!<br />
end<br />
ALSw-A#show vlan brief<br />
VLAN Name Status Ports<br />
---- -------------------------------- --------- -------------------------------<br />
1 default active<br />
10 FINANCE active Fa0/3, Fa0/4, Fa0/5, Fa0/6<br />
Fa0/7, Fa0/8<br />
20 SALES active Fa0/9, Fa0/10, Fa0/11, Fa0/12<br />
Fa0/13, Fa0/14, Fa0/15, Fa0/16
30 PURCHASING active Fa0/17, Fa0/18, Fa0/19, Fa0/20<br />
Fa0/21, Fa0/22, Fa0/23, Fa0/24<br />
1002 fddi-default active<br />
1003 token-ring-default active<br />
1004 fddinet-default active<br />
1005 trnet-default active<br />
ALSw-A#show vtp status<br />
VTP Version : 2<br />
Configuration Revision : 1<br />
Maximum VLANs supported locally : 64<br />
Number of existing VLANs : 8<br />
VTP Operating Mode : Server<br />
VTP Domain Name : <strong>CCNA</strong>3<br />
VTP Pruning Mode : Disabled<br />
VTP V2 Mode : Disabled<br />
VTP Traps Generation : Disabled<br />
MD5 digest : 0x3E 0x12 0x21 0x3C 0x7D 0x09 0xAB 0x97<br />
Configuration last modified by 172.16.7.74 at 3-1-93 04:07:07<br />
Local updater ID is 172.16.7.74 on interface Vl1 (lowest numbered VLAN interface found)<br />
ALSw-B<br />
ALSw-B#show run<br />
Building configuration...<br />
hostname ALSw-B<br />
!<br />
enable secret class<br />
!<br />
no ip domain-lookup<br />
ip host CORE 172.16.7.65<br />
ip host SA 172.16.7.74<br />
ip host ISP 209.165.201.1<br />
ip host DA 172.16.7.81 172.16.7.66<br />
ip host DB 172.16.7.85 172.16.7.67<br />
ip host DC 172.16.7.73<br />
ip host WEB 209.165.202.129<br />
!<br />
!<br />
spanning-tree vlan 20 priority 4096<br />
spanning-tree vlan 30 priority 24576<br />
!<br />
!<br />
Appendix D: <strong>CCNA</strong> 3 Skills-Based Assessment Practice 521
522 Switching Basics <strong>and</strong> Intermediate Routing <strong>CCNA</strong> 3 <strong>Labs</strong> <strong>and</strong> <strong>Study</strong> <strong>Guide</strong><br />
interface FastEthernet0/1<br />
shutdown<br />
!<br />
interface FastEthernet0/2<br />
switchport mode trunk<br />
!<br />
interface range FastEthernet0/3 - 8<br />
switchport access vlan 10<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
switchport port-security maximum 1<br />
switchport port-security violation shutdown<br />
!<br />
interface range FastEthernet0/9 - 16<br />
switchport access vlan 20<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
switchport port-security maximum 1<br />
switchport port-security violation shutdown<br />
!<br />
interface range FastEthernet0/17 - 24<br />
switchport access vlan 30<br />
switchport mode access<br />
switchport port-security<br />
switchport port-security mac-address sticky<br />
switchport port-security maximum 1<br />
switchport port-security violation shutdown<br />
!<br />
!<br />
interface Vlan1<br />
ip address 172.16.7.75 255.255.255.248<br />
no shutdwon<br />
!<br />
ip default-gateway 172.16.7.73<br />
!<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
line vty 0 4<br />
exec-timeout 0 0<br />
password cisco
logging synchronous<br />
login<br />
line vty 5 15<br />
exec-timeout 0 0<br />
password cisco<br />
logging synchronous<br />
login<br />
end<br />
ALSw-B#show vlan brief<br />
Appendix D: <strong>CCNA</strong> 3 Skills-Based Assessment Practice 523<br />
VLAN Name Status Ports<br />
---- -------------------------------- --------- -------------------------------<br />
1 default active<br />
10 FINANCE active Fa0/2, Fa0/3, Fa0/4, Fa0/5<br />
Fa0/6, Fa0/7, Fa0/8<br />
20 SALES active Fa0/9, Fa0/10, Fa0/11, Fa0/12<br />
Fa0/13, Fa0/14, Fa0/15, Fa0/16<br />
30 PURCHASING active Fa0/17, Fa0/18, Fa0/19, Fa0/20<br />
Fa0/21, Fa0/22, Fa0/23, Fa0/24<br />
1002 fddi-default active<br />
1003 token-ring-default active<br />
1004 fddinet-default active<br />
1005 trnet-default active<br />
ALSw-B#show vtp status<br />
VTP Version : 2<br />
Configuration Revision : 1<br />
Maximum VLANs supported locally : 64<br />
Number of existing VLANs : 8<br />
VTP Operating Mode : Client<br />
VTP Domain Name : <strong>CCNA</strong>3<br />
VTP Pruning Mode : Disabled<br />
VTP V2 Mode : Disabled<br />
VTP Traps Generation : Disabled<br />
MD5 digest : 0x3E 0x12 0x21 0x3C 0x7D 0x09 0xAB 0x97<br />
Configuration last modified by 172.16.7.74 at 3-1-93 04:07:07