CCNA 3 Labs and Study Guide - BINARYBB.INFO – @jagalbraith

Switching Basics and Intermediate Routing 

Cisco Press 

800 East 96th Street 

Indianapolis, Indiana 46240 USA 

CCNA 3 Labs and Study Guide 

Instructor Edition 

Allan Johnson

ii Switching Basics and Intermediate Routing CCNA 3 Labs and Study Guide 

Switching Basics and Intermediate Routing 

CCNA 3 Labs and Study Guide 

Instructor Edition 

Allan Johnson 

Copyrigh® 2007 Cisco Systems, Inc. 

Published by: 

Cisco Press 

800 East 96th Street 

Indianapolis, IN 46240 USA 

All rights reserved. No part of this book may be reproduced or transmitted 

in any form or by any means, electronic or mechanical, including photocopying, 

recording, or by any information storage and retrieval system, 

without written permission from the publisher, except for the inclusion of 

brief quotations in a review. 

Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 

First Printing July 2006 

Library of Congress Cataloging-in-Publication Number: 2006920177 

ISBN: 1-58713-186-2 

Warning and Disclaimer 

This book is designed to provide information about the CCNA 3: Switching 

Basics and Intermediate Routing course of the Cisco Networking Academy 

Program CCNA curriculum. Every effort has been made to make this book 

as complete and as accurate as possible, but no warranty or fitness is implied. 

The information is provided on an “as is” basis. The authors, Cisco Press, and 

Cisco Systems, Inc., shall have neither liability nor responsibility to any 

person or entity with respect to any loss or damages arising from the information 

contained in this book or from the use of the discs or programs that 

may accompany it. 

The opinions expressed in this book belong to the author and are not necessarily 

those of Cisco Systems, Inc. 

Feedback Information 

At Cisco Press, our goal is to create in-depth technical books of the highest 

quality and value. Each book is crafted with care and precision, undergoing 

rigorous development that involves the unique expertise of members from 

the professional technical community. 

Readers’ feedback is a natural continuation of this process. If you have any 

comments regarding how we could improve the quality of this book, or otherwise 

alter it to better suit your needs, you can contact us through e-mail 

at feedback@ciscopress.com. Please make sure to include the book title and 

ISBN in your message. 

We greatly appreciate your assistance. 

Publisher 

Paul Boger 

Cisco Representative 

Anthony Wolfenden 

Cisco Press 

Program Manager 

Jeff Brady 

Executive Editor 

Mary Beth Ray 

Production Manager 

Patrick Kanouse 

Development Editor 

Andrew Cupp 

Senior Project Editor 

San Dee Phillips 

Copy Editor 

Bill McManus 

Technical Editor 

Bernadette O’Brien 

Team Coordinator 

Vanessa Evans 

Book and Cover Designer 

Louisa Adair 

Composition 

Mark Shirar

Trademark Acknowledgments 

All terms mentioned in this book that are known to be trademarks or service marks have been appropriately 

capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information. Use of 

a term in this book should not be regarded as affecting the validity of any trademark or service mark. 

iii

iv Switching Basics and Intermediate Routing CCNA 3 Labs and Study Guide 

About the Author 

Allan Johnson entered the academic world in 1999 after 10 years as a business owner/operator to dedicate 

his efforts to his passion for teaching. He has an MBA and an M.Ed in occupational training and development. 

Allan is currently pursuing an MS in information security. He is an information technology instructor 

at Mary Carroll High School and Del Mar College in Corpus Christi, Texas. Since 2003, Allan has 

committed much of his time and energy to the CCNA Instructional Support Team providing services for 

instructors worldwide and creating training materials. He is a familiar voice on the Cisco Networking 

Academy Community forum, “Ask the Experts” series. He currently holds CCNA and CCAI certifications. 

About the Technical Reviewer 

Bernadette O’Brien has been teaching in the Cisco Networking Academy since 1998 in Schenectady, 

New York. Schenectady High School is a Regional Academy for CCNA and a CATC for Sponsored 

Curriculum, which Bernadette coordinates. 

Bernadette received her BS degree from SUNY College at Buffalo and her MS degree in curriculum and 

instruction from SUNY Albany. She is also CCNA and CCAI certified. 

Bernadette, her husband, and two children live in a Victorian village very near the Adirondack Mountains 

in upstate New York. They enjoy rehabbing their 120-year-old Victorian house, skiing, and hiking.

Dedications 

To my wife Becky, and my daughter Christina. Thank you both for your love and patience. 

v

vi Switching Basics and Intermediate Routing CCNA 3 Labs and Study Guide 

Acknowledgments 

As technical editor, Bernadette O’Brien served admirably as my second pair of eyes, finding and correcting 

technical inaccuracies as well as grammatical errors that helped make this project a first-class production. 

Mary Beth Ray, executive editor, did an outstanding job from beginning to end steering this project 

through to completion. I can always count on Mary Beth to make the tough decisions. 

Andrew Cupp, development editor, has a dedication to perfection that pays dividends in countless, unseen 

ways. Thank you for providing me much-needed guidance and support. This book could not be a reality 

without your persistence. 

Lastly, I cannot forget to thank all my students—past and present—who have helped me over the years to 

create engaging and exciting activities and labs. There is no better way to test the effectiveness of an activity 

than to give it to a team of dedicated students. They excel at finding the obscurest of errors! I could have 

never done this without all of your support.

Contents at a Glance 

Chapter 1: Introduction to Classless Routing 1 

Chapter 2: Single-Area OSPF 99 

Chapter 3: EIGRP and Troubleshooting Routing Protocols 175 

Chapter 4: Switching Concepts 219 

Chapter 5: LAN Design and Switches 233 

Chapter 6: Catalyst Switch Configuration 243 

Chapter 7: Spanning Tree Protocol 313 

Chapter 8: Virtual LANs 341 

Chapter 9: VLAN Trunking Protocol 379 

Appendix A Router Interface Summary Chart 469 

Appendix B Erasing and Reloading the Switch 471 

Appendix C Erasing and Reloading the Router 473 

Appendix D CCNA 3 Skills-Based Assessment Practice 475 

vii

viii Switching Basics and Intermediate Routing CCNA 3 Labs and Study Guide 

Contents 


Study Guide 2 

VLSM 2 

Vocabulary Exercise: Matching 3 

Vocabulary Exercise: Completion 4 

Subnetting Review Exercises 4 

Prefix Length Use Exercises 7 

VLSM Subnetting a Subnet Exercises 9 

VLSM Addressing Design Exercises 12 

VLSM Addressing Design Scenarios 16 

Summary Route Exercises 23 

Default and Static Routing Scenario 30 

Concept Questions 31 

VLSM Case Study 32 

RIP Version 2 34 

Compare and Contrast Exercise 34 

Internet Research 34 

Lab Exercises 37 

Command Reference 37 

Curriculum Lab 1-1: Calculating VLSM Subnets (1.1.4) 37 

Task 1: Divide the Allocated Addresses into Four Equal-Sized Address Blocks 38 

Task 2: Allocate the Next Level After All the Requirements Are Met for the Higher 

Level(s) 39 

Task 3: Allocate Address Space for Sydney 39 

Task 4: Allocate Address Space for Singapore 40 

Task 5: Allocate Address Space for WAN Links 41 

Curriculum Lab 1-2: Review of Basic Router Configuration with RIP 

(1.2.3) 43 

Task 1: Basic Router Configuration 45 

Task 2: Start the HyperTerminal Program 45 

Task 3: Name the HyperTerminal Session 45 

Task 4: Specify the Computer’s Connecting Interface 45 

Task 5: Specify the Interface Connection Properties 46 

Task 6: Close the Session 48 

Task 7: Reopen the HyperTerminal Connection 48 

Task 8: Configure Hostname and Passwords on Router GAD 49 

Task 9: Configure Interface Serial 0 on Router GAD 49 

Task 10: Configure the Fast Ethernet 0 Interface on Router GAD 49 

Task 11: Configure the IP Host Statements on Router GAD 49 

Task 12: Configure RIP Routing on Router GAD 50 

Task 13: Save the GAD Router Configuration 50 

Task 14: Configure Hostname and Passwords on Router BHM 50 

Task 15: Configure Interface Serial 0 on Router BHM 50

Task 16: Configure the Fast Ethernet 0 Interface on Router BHM 50 

Task 17: Configure the IP Host Statements on Router BHM 51 

Task 18: Configure RIP Routing on Router BHM 51 

Task 19: Save the BHM Router Configuration 51 

Task 20: Configure the Hosts 51 

Task 21: Verify the Internetwork Is Functioning by Pinging the Fast Ethernet 

Interface of the Other Router 51 

Task 22: Show the Routing Tables for Each Router 52 

Curriculum Lab 1-3: Converting RIPv1 to RIPv2 (1.2.4) 53 

Task 1: Configure the Routers 54 

Task 2: Configure the Routing Protocol on Router GAD 55 


Task 4: Configure the Routing Protocol on Router BHM 55 



Task 7: Verify that the Internetwork Is Functioning 56 

Task 8: Enable RIPv2 Routing 56 

Task 9: Ping All Interfaces on the Network from Each Host 56 

Curriculum Lab 1-4: Verifying RIPv2 Configuration (1.2.5) 57 


Task 2: Configure the Routing Protocol on Router Gadsden 58 

Task 3: Save the Gadsden Router Configuration 58 




Task 7: Verify that the Internetwork Is Functioning 59 

Task 8: Show the Routing Tables for Each Router 59 

Task 9: Enable RIPv2 Routing 60 

Task 10: Show the Routing Tables 60 

Task 11: Change the Fast Ethernet IP Subnet Mask on Router GAD 61 

Task 12: Show the GAD Routing Table 61 

Task 13: Show the BHM Routing Table 61 

Task 14: Change the Network Addressing Scheme 62 

Task 15: Show the Routing Table for Router GAD 62 

Task 16: Show the Routing Table for Router BHM 63 

Task 17: Change the Host Configurations 63 

Task 18: Ping All Interfaces on the Network from Each Host 64 

Task 19: Use show ip route to See Different Routes by Type 64 

Task 20: Use the show ip protocol Command 64 

Task 21: Remove the Version 2 Option for RIP 65 

Task 22: Show the Routing Table for Router GAD 65 

Task 23: Show the Routing Table for Router BHM 66 

Curriculum Lab 1-5: Troubleshooting RIPv2 Using debug (1.2.6) 66 


Task 2: Configure the Routing Protocol on Router GAD 67 


ix

x Switching Basics and Intermediate Routing CCNA 3 Labs and Study Guide 




Task 7: Verify the Internetwork Is Functioning 68 

Task 8: Show the debug ip Command Options 68 

Task 9: Show the debug ip rip Command Options 69 

Task 10: Show the RIP Routing Updates 69 

Task 11: Enable RIPv2 Routing on Router GAD Only 69 

Task 12: Restart the Debug Function on Router GAD 69 

Task 13: Clear the Routing Table 70 

Task 14: Start the Debug RIP Function 70 

Task 15: Clear the Routing Table 70 

Task 16: Enable RIPv2 Routing on Router BHM 71 

Task 17: Use the Debug Function to See Packet Traffic on a Router 71 

Task 18: Start the debug ip rip database Function on Router BHM 71 

Task 19: Use the Debug Function to See Routing Updates 71 

Comprehensive Lab 1-6: Default Routing and RIPv2 72 

Task 1: Cable the Topology and Basic Configurations 73 

Task 2: Configure Interfaces and Enable RIPv2 74 

Task 3: Verify Connectivity 75 

Task 4: Add ISP Router 76 

Task 5: Configure Static and Default Routing 77 

Task 6: Verify Connectivity and Capture Scripts 77 

Challenge Lab 1-7: VLSM Design, RIPv2, and Default Routing 85 

Task 1: Design the Addressing Scheme 86 


Task 3: Configure the Interfaces and Enable RIPv2 87 

Task 4: Configure Static and Default Routing 87 


Task 6: Challenge 89 



Link-State Routing Overview 100 



Compare and Contrast Exercise 101 


Journal Entry 102 

Single-Area OSPF Concepts 102 


Build the SPF Loop-Free Topology 103 


Single-Area OSPF Configuration 106 

Learn the OSPF Commands Exercise 107

DR/BDR Election Exercise 114 




Curriculum Lab 2-1: Configuring the OSPF Routing Process (2.3.1) 

117 


Task 2: Save the Configuration Information from Privileged EXEC Command Mode 

120 


Task 4: View the Router’s Configuration and Interface Information 120 

Task 5: Configure OSPF Routing on Router BERLIN 121 

Task 6: Configure OSPF Routing on Router ROME 121 

Task 7: Test Network Connectivity 122 

Curriculum Lab 2-2: Configuring OSPF with Loopback Addresses 

(2.3.2) 122 


Task 2: Save the Configuration Information for All the Routers 125 



Task 5: Verify Connectivity of the Routers 126 

Task 6: Configure OSPF Routing on Router London 126 

Task 7: Configure OSPF Routing on Router Ottawa 127 

Task 8: Configure OSPF Routing on Router Brasilia 127 


Task 10: Show OSPF Adjacencies 127 

Task 11: Configure the Loopback Interfaces 128 

Task 12: Save the Configuration Information for All the Routers 128 


Task 14: Verify OSPF Interface Configuration 129 

Task 15: Configure London to Always Be the DR 129 

Task 16: Watch the Election Process 129 


Curriculum Lab 2-3: Modifying OSPF Cost Metric (2.3.3) 130 



132 



Task 5: Configure OSPF Routing on Router Cairo 134 

Task 6: Configure OSPF Routing on the Moscow Router 134 

Task 7: Show the Routing Table Entries 135 


Task 9: Look at the OSPF Cost on the Cairo Router Interfaces 135 

Task 10: Record the OSPF Cost of the Serial and Fast Ethernet Interfaces 136 

Task 11: Manually Set the Cost on the Serial Interface 136 

xi

xii Switching Basics and Intermediate Routing CCNA 3 Labs and Study Guide 

Task 12: Verify Cost 136 

Curriculum Lab 2-4: Configuring OSPF Authentication (2.3.4) 137 



140 



Task 5: Configure OSPF Routing on Both Routers 140 


Task 7: Set Up OSPF Authentication 141 

Task 8: Enable OSPF Authentication in this Area, Area 0 142 

Curriculum Lab 2-5: Configuring OSPF Timers (2.3.5) 143 



145 



Task 5: Configure OSPF Routing on both Routers 146 


Task 7: Observe OSPF Traffic 147 

Task 8: Show Interface Timer Information 147 

Task 9: Modify the OSPF Timers 147 

Task 10: Examine the Routing Table 147 

Task 11: Look at the OSPF Data Transmissions 147 

Task 12: Check the Rome Router Routing Table Status 148 

Task 13: Set the Rome Router Interval Timers 148 

Task 14: Reset the Router’s Interval Timers to the Default Values 148 

Task 15: Verify that the Interval Timers Are Returned to the Default Values 148 

Curriculum Lab 2-6: Propagating Default Routes in an OSPF Domain 

(2.3.6) 149 

Task 1: Configure the ISP Router 150 

Task 2: Configure the Area 0 OSPF Routers 151 


152 



Task 6: Configure OSPF Routing on Both Area 0 Routers 153 


Task 8: Observe OSPF Traffic 154 

Task 9: Create a Default Route to the ISP 154 

Task 10: Verify the Default Static Route 154 

Task 11: Verify Connectivity from the Madrid Router 155 

Task 12: Verify Connectivity from the Tokyo Router 155 

Task 13: Redistribute the Static Default Route 155

Comprehensive Lab 2-7: OSPF Configuration 156 


Task 2: Configure Interfaces and OSPF Routing 158 


Task 4: Modify OSPF Cost 159 

Task 5: Configure MD5 Authentication 160 

Task 6: Adjust OSPF Timers 161 

Task 7: Configure and Propagate a Default Route 162 

Challenge Lab 2-8: OSPF Design and Configuration 167 


Task 2: Cable the Topology and Basic Configuration 169 

Task 3: Configure OSPF Routing and Default Routing 169 

Task 4: Other OSPF Configurations 169 

Task 5: Verification and Documentation 170 



EIGRP Concepts 176 



EIGRP Packet Type Exercise 177 

EIGRP Configuration 178 

Learn the EIGRP Commands Exercise 178 

Troubleshooting Routing Protocols 181 

Problem-Solving Cycle 181 

Troubleshooting RIP 182 

Troubleshooting EIGRP 185 

Troubleshooting OSPF 187 

Internet Research Exercise 191 



Curriculum Lab 3-1: Configuring EIGRP Routing (3.2.1) 195 



197 



Task 5: Configure EIGRP Routing on Router Paris 198 

Task 6: Configure EIGRP Routing on Router Warsaw 199 


Curriculum Lab 3-2: Verifying Basic EIGRP Configuration (3.2.3) 

199 



202 

xiii

xiv Switching Basics and Intermediate Routing CCNA 3 Labs and Study Guide 



Task 5: Configure EIGRP Routing on Router Paris 203 

Task 6: Configure EIGRP Routing on Router Warsaw 203 

Task 7: Show EIGRP Neighbors 203 


Task 9: View the Topology Table 204 

Comprehensive Lab 3-3: Comprehensive EIGRP Configuration 204 


Task 2: Configure Interfaces and EIGRP Routing 206 

Task 3: Configure Bandwidth and Automatic Summarization 207 

Task 4: Configure Manual Summarization 208 

Challenge Lab 3-4: EIGRP Design and Configuration 209 



Task 3: Configure EIGRP Routing and Default Routing 211 

Task 4: Manual Summarization 212 

Task 5: Verification and Documentation 212 



Introduction to Ethernet/802.3 LANs 220 



CSMA/CD Process Flow Chart Exercise 223 



Introduction to LAN Switching 225 


Building the MAC Address Table Exercise 225 



Switch Operation 228 


Collision and Broadcast Domains Exercises 228 

Choose the Correct Cable Exercise 230 




LAN Design 234 



Concept Questions 236

LAN Switches 237 


Three-Layer Hierarchical Model Exercise 238 





Starting the Switch 244 


Switch LED Interpretation Exercise 245 

Configuring the Switch 246 

Learn Basic Switch Commands Exercise 246 



Curriculum Lab 6-1: Verifying Default Switch Configuration (6.2.1) 

250 

Task 1: Enter Privileged Mode 251 

Task 2: Examine the Current Switch Configuration 251 

Task 3: Get Cisco IOS Software Information 252 

Task 4: Examine the Fast Ethernet Interfaces 252 

Task 5: Examine VLAN Information 253 

Task 6: Examine Flash Memory (1900: Skip to Step 8) 253 

Task 7: Examine the Startup Configuration File 254 

Task 8: Exit the Switch 254 

Curriculum Lab 6-2: Basic Switch Configuration (6.2.2) 255 

Task 1: Enter Privileged Mode 256 

Task 2: Examine the Current Switch Configuration 256 

Task 3: Assign a Name to the Switch 258 

Task 4: Examine the Current Running Configuration 259 

Task 5: Set the Access Passwords (1900: Skip to Task 6) 261 

Task 6: Set the Command Mode Passwords 261 

Task 7: Configure Layer 3 Access to the Switch 261 

Task 8: Verify the Management LAN Settings (1900: Skip to Step 9) 262 

Task 9: Configure Port Speed and Duplex Properties for a Fast Ethernet Interface 

262 

Task 10: Verify the Settings on a Fast Ethernet Interface 263 

Task 11: Save the Configuration 263 

Task 12: Examine the Startup Configuration File (1900: Skip to Task 13) 264 

Task 13: Remove the Enable and Enable Secret Passwords 266 

Task 14: Access the Switch Web Interface 266 


xv

xvi Switching Basics and Intermediate Routing CCNA 3 Labs and Study Guide 

Curriculum Lab 6-3: Managing the MAC Address Table (6.2.3) 267 

Task 1: Configure the Switch 268 

Task 2: Configure the Hosts that Are Attached to the Switch 268 


Task 4: Record the Host MAC Addresses 268 

Task 5: Determine the MAC Addresses that the Switch Has Learned 268 

Task 6: Determine the show mac-address-table Options 269 

Task 7: Clear the MAC Address Table 269 

Task 8: Verify the Results 270 

Task 9: Determine the clear mac-address-table Options 270 

Task 10: Examine the MAC Table Again 270 


Curriculum Lab 6-4: Configuring Static MAC Addresses (6.2.4) 271 


Task 2: Configure the Hosts Attached to the Switch 272 


Task 4: Record the Host MAC Addresses 272 


Task 6: Determine the mac-address-table Options 273 

Task 7: Set Up a Static MAC Address 273 


Task 9: Remove the Static MAC Entry 274 



Curriculum Lab 6-5: Configuring Port Security (6.2.5) 275 




Task 4: Record the Hosts’ MAC Addresses 276 





Task 9: List Port Security Options 278 


Task 11: Show the Running Configuration File 279 

Task 12: Limit the Number of Hosts Per Port 280 

Task 13: Configure the Port to Shut Down if a Security Violation Occurs 280 

Task 14: Show Port 0/4 Configuration Information 280 

Task 15: Reactivate the Port 281 


Curriculum Lab 6-6: Add, Move, and Change MAC Addresses (6.2.6) 

282 


Task 2: Configure the Hosts Attached to the Switch 283


Task 4: Record the Hosts’ MAC Addresses 283 





Task 9: List Port Security Options 285 


Task 11: Show the Running Configuration File 286 

Task 12: Limit the Number of Hosts Per Port 286 

Task 13: Move Host 286 

Task 14: Clear the MAC Address Table 287 

Task 15: Change the Security Settings 287 



Curriculum Lab 6-7: Managing Switch Operating System Files (6.2.7a) 

289 


Task 2: Configure the Host that Is Attached to the Switch 290 


Task 4: Start and Configure the Cisco TFTP Server 290 

Task 5: Copy the IOS Image to the TFTP Server (1900: Skip to Step 9) 291 

Task 6: Verify the Transfer to the TFTP Server 291 

Task 7: Copy the IOS Image from the TFTP Server 292 

Task 8: Test the Restored IOS Image 292 

Task 9: Procedure for 1900 Switch Firmware Upgrade Using TFTP 293 

Curriculum Lab 6-8: Managing Switch Startup Configuration Files 

(6.2.7b) 294 




Task 4: Start and Configure the Cisco TFTP Server 295 

Task 5: Copy the Startup Configuration File to the TFTP Server 296 

Task 6: Verify the Transfer to the TFTP Server 297 

Task 7: Restore the Startup Configuration File from the TFTP Server 297 

Task 8: Test the Restored Startup Configuration Image (Not Supported on the 1900) 

298 

Curriculum Lab 6-9: Password Recovery Procedure on a Catalyst 

2900 Series Switch (6.2.8) 300 




Task 4: Reset the Console Password 301 

Task 5: Recover Access to the Switch 301 

Task 6: Restart the System 302 

Task 7: Procedure for the 1900 and 2800 Switches 303 

xvii

xviii Switching Basics and Intermediate Routing CCNA 3 Labs and Study Guide 

Curriculum Lab 6-10: Firmware Upgrade of a Catalyst 2950 Series 

Switch (6.2.9) 305 


Task 2: Configure the Host Attached to the Switch 306 


Task 4: Display the Name of the Running Image File 306 

Task 5: Prepare for the New Image 307 

Task 6: Extract the New IOS Image and HTML Files into Flash Memory 307 

Task 7: Associate the New Boot File 307 

Task 8: Restart the Switch 308 

Challenge Lab 6-11: Basic Switch Configuration with Port Security 

308 

Task 1: Cable the Topology and Clear the Configuration 309 


Task 3: Configure and Test Port Security 310 



Redundant Topologies 314 




Spanning Tree Protocol 315 



Determine the Root Bridge and Port Roles Exercise 318 

Spanning-Tree Recalculation Exercise 322 




Curriculum Lab 7-1: Selecting the Root Bridge (7.2.4) 324 

Task 1: Configure the Switches 325 

Task 2: Configure the Hosts that Are Attached to the Switches 325 


Task 4: Look at the show interface vlan Options 326 

Task 5: Look at the VLAN Interface Information 327 

Task 6: Look at the Switches’ Spanning-Tree Tables 327 

Task 7: Reassign the Root Bridge 329 

Task 8: Look at the Switch Spanning-Tree Table 330 

Task 9: Verify the Running Configuration File on the Root Switch 331 

Curriculum Lab 7-2: Spanning-Tree Recalculation (7.2.6) 332 


Task 2: Configure the Hosts that Are Attached to the Switches 333 


Task 4: Look at the VLAN Interface Information 333

Task 5: Look at the Switches’ Spanning-Tree Tables 334 

Task 6: Remove a Cable on the Switch 336 

Task 7: Look at the Spanning-Tree Table for the Switches 337 

Task 8: Replace the Cable in the Switch 338 

Task 9: Redisplay the Spanning-Tree Table for the Switches 338 



VLAN Concepts 342 


VLAN Configuration 342 

Learn VLAN Configuration Commands Exercise 342 

Troubleshooting VLANs 345 

Identify the Troubleshooting Command Exercise 345 



Curriculum Lab 8-1: Configuring Static VLANs (8.2.3) 348 




Task 4: Show the Cisco IOS Version 349 

Task 5: Display the VLAN Interface Information 350 

Task 6: Create and Name Two VLANs 351 


Task 8: Assign a Port to VLAN 2 352 


Task 10: Assign a Port to VLAN 3 354 


Task 12: Look Only at VLAN 2 Information 355 

Task 13: Look Only at VLAN 2 Information with a Different Command (1900: Skip 

this Task) 355 

Curriculum Lab 8-2: Verifying VLAN Configurations (8.2.4) 356 






Task 6: Assign Ports to VLAN 2 358 




Task 10: Test the VLANs 361 

Task 11: Move a Host 362 


Task 13: Move Hosts 362 

xix

xx Switching Basics and Intermediate Routing CCNA 3 Labs and Study Guide 


Task 15: Move the Hosts 362 


Curriculum Lab 8-3: Deleting VLAN Configurations (8.2.6) 363 











Task 11: Delete a Host from a VLAN 368 


Task 13: Delete a VLAN 369 


Task 15: Delete VLAN 1 370 

Challenge Lab 8-4: Static VLANs, STP, and Port Security 371 


Task 2: Configure VLANs 372 

Task 3: Configure the Root Bridge for STP 373 

Task 4: Configure Port Security 374 

Task 5: Verify VLANs and Port Security 375 



Trunking 380 


Basic Trunk Configuration Exercise 382 

VTP 382 


VTP Basic Configuration Exercise 383 


Internet Research: VTP 385 

Internet Research: VTP Pruning 387 

Inter-VLAN Routing Overview 387 


Basic Inter-VLAN Configuration Exercise 388 



Curriculum Lab 9-1: Trunking with ISL (9.1.5a) 391 

Task 1: Configure the Switch 392




Task 5: Create and Name Three VLANs 393 




Task 9: Create VLANs on Switch_B 395 



Task 12: Create the ISL Trunk 396 

Task 13: Verify the ISL Trunk 396 

Task 14: Test the VLANs and the Trunk 397 









Curriculum Lab 9-2: Trunking with 802.1q (9.1.5b) 402 









Task 9: Create VLANs on Switch_B 405 



Task 12: Create the Trunk 407 

Task 13: Verify the Trunk 407 










xxi

xxii Switching Basics and Intermediate Routing CCNA 3 Labs and Study Guide 

Curriculum Lab 9-3: VTP Client and Server Configurations (9.2.5) 

411 





Task 5: Configure VTP 413 






Task 11: Configure the VTP Client 416 


Task 13: Verify the Trunk 416 









Curriculum Lab 9-4: Configuring Inter-VLAN Routing (9.3.6) 421 









Task 9: Configure the Router 425 

Task 10: Save the Router Configuration 426 

Task 11: Display the Router Routing Table 426 



Comprehensive Lab 9-5: Inter-VLAN and VTP Configuration 431 


Task 2: Configure VTP Parameters 432 

Task 3: Configure Inter-VLAN Routing 435 

Task 4: Adding, Moving, and Deleting VLANs 436 

Task 5: Documentation 440

Challenge Lab 9-6: Advanced Switching 447 


Task 2: Configure the Root Bridge for STP 448 

Task 3: Configure Port Security 449 

Task 4: Configure VTP and VLANs 450 

Task 5: Set Up DHCP on the DIST Router 453 

Task 6: Configure Inter-VLAN Routing 453 

Task 7: Verify Inter-VLAN Routing 454 

Task 8: Documentation 458 

Appendix A Router Interface Summary Chart 469 

Appendix B Erasing and Reloading the Switch 471 

Appendix C Erasing and Reloading the Router 473 

Appendix D CCNA 3 Skills-Based Assessment Practice 475 

xxiii

xxiv Switching Basics and Intermediate Routing CCNA 3 Labs and Study Guide 

Icons Used in This Book 

Communication 

Server 

Token 

Ring 

Token Ring 

PC PC with 

Software 

Terminal File 

Server 

Command Syntax Conventions 

The conventions that present command syntax in this book are the same conventions used in the IOS 

Command Reference. The Command Reference describes these conventions as follows: 

■ Boldface indicates commands and keywords that are entered literally as shown. In actual 

configuration examples and output (not general command syntax), boldface indicates commands 

that are manually input by the user (such as a show command). 

■ Italics indicate arguments for which you supply actual values. 

■ Vertical bars (|) separate alternative, mutually exclusive elements. 

■ Square brackets [ ] indicate optional elements. 

■ Braces { } indicate a required choice. 

Sun 

Workstation 

Web 

Server 

Printer Laptop IBM 

Mainframe 

Gateway 

Network Cloud 

Macintosh 

Cisco Works 

Workstation 

Front End 

Processor 

Access 

Server 

ATM 

Switch 

Cluster 

Controller 

■ Braces within brackets [{ }] indicate a required choice within an optional element. 

ISDN/Frame Relay 

Switch 

Modem 

Multilayer 

Switch 

Router Bridge Hub 

DSU/CSU 

DSU/CSU FDDI Catalyst 

Switch 

Line: Ethernet 

FDDI 

Line: Serial Line: Switched Serial

Introduction 

Switching Basics and Intermediate Routing CCNA 3 Labs and Study Guide is a supplement to your classroom 

and laboratory experience with the Cisco Networking Academy Program. Specifically, this book 

covers the third of four courses. To be successful in this course and achieve your CCNA certification, you 

should do everything in your power to arm yourself with a variety of tools and training materials to support 

your learning efforts. This Labs and Study Guide is just such a collection of tools. Used to its fullest 

extent, it will help you gain the knowledge as well as practice the skills associated with the content area of 

the CCNA 3 Switching Basics and Intermediate Routing course. Specifically, this book will help you to 

work on these main areas of CCNA 3: 

■ Advanced IP addressing techniques (VLSM) 

■ Routing protocols: RIPv2, single-area OSPF, and EIGRP 

■ Switching technologies and LAN design 

■ Switch configurations: security, STP, VLANs, and VTP 

Lab Study Guides similar to this one are also available for the other three courses: Networking Basics 

CCNA 1 Labs and Study Guide, Routers and Routing Basics CCNA 2 Labs and Study Guide, and WAN 

Technologies CCNA 4 Labs and Study Guide. 

Goals and Methods 

One of the most important goals of this book is to help you prepare for either the CCNA exam (640-801) 

or the ICND exam (640-811). Whether you are studying for the full exam or the second part of your 

CCNA, passing either of these exams means that you not only have the required knowledge of the technologies 

covered by the exam, but also can plan, design, implement, operate, and troubleshoot these technologies. 

In other words, these exams are rigorously application-based. In fact, if you view the topics for 

the CCNA exam at http://www.cisco.com/web/learning/le3/current_exams/640-801.html, you will see the 

following four categories: 

■ Planning & Designing 

■ Implementation & Operation 

■ Troubleshooting 

■ Technology 

Although Technology is listed last, a CCNA student cannot possibly plan, design, implement, operate, and 

troubleshoot networks without first fully grasping the technology. So, you need to devote a certain amount 

of time and effort in the Study Guide section of each chapter learning the concepts and theories before 

applying them in the Lab Exercises portion. 

The Study Guide section of each chapter offers exercises that help you learn the concepts and configurations 

crucial to your success as a CCNA exam candidate. Each chapter is slightly different and includes 

some or all of the following types of exercises: 

■ Vocabulary matching and completion 

■ Skill-building activities and scenarios 

■ Configuration scenarios 

■ Concept questions 

■ Journal entries 

■ Internet research 

xxv

xxvi Switching Basics and Intermediate Routing CCNA 3 Labs and Study Guide 

The Lab Exercises sections include a Command Reference table, all the online Curriculum Labs, and 

brand-new Comprehensive Labs and Challenge Labs. The Curriculum Labs typically walk you through the 

configuration tasks step by step. The Comprehensive Labs combine many, if not all, of the configuration 

tasks of the Curriculum Labs without actually providing you with all the commands. The Challenge Labs 

take this a step further, often giving you only a general requirement that you must implement fully without 

the details of each small step. In other words, you must use the knowledge and skills you gained in the 

Curriculum Labs to successfully complete the Comprehensive and Challenge Labs. In fact, you should not 

attempt the Comprehensive or Challenge Labs until you have worked through all the Study Guide activities 

and the Curriculum Labs. When you work through the Comprehensive and Challenge Labs, avoid the 

temptation to flip back through the Curriculum Labs when you are not sure of a command. Do not try to 

short-circuit your CCNA training. Study the chapter’s topics until you can do the Comprehensive and 

Challenge Labs without any help. You need a deep understanding of CCNA knowledge and skills to ultimately 

be successful on the CCNA exam. 

How This Book Is Organized 

Although you could work through the Study Guides and Lab Exercises in this book in order, the content of 

knowledge and skills actually flows down three separate paths. The flow chart shown in Figure I-1 graphically 

displays these paths. 

Figure I-1 Paths for Using This Book 

Intermediate 

Routing 

Chapter 1: 

Introduction to 

Classless Routing 

Chapter 2: 

Single-Area 

OSPF 

Chapter 3: 

EIGRP and 

Troubleshooting 

Routing Protocols 

Intermediate 

Routing and 

Switching Basics 

CCNA 3 

Switching and 

Design 

Chapter 4: 

Switching 

Concepts 

Chapter 5: 

LAN Design 

and Switches 

Appendix D: 

CCNA 3 Skills-Based 

Assessment Practice 

Switching 

Configuration 

Chapter 6: 

Catalyst Switch 

Configuration 

Chapter 7: 

Spanning Tree 

Protocol 

Chapter 8: 

Virtual LANs 

Chapter 9: 

VLAN 

Trunking Protocol 

Chapters 1, 2, and 3 belong to the Intermediate Routing path and focus on VLSM and routing configuration. 

Chapters 4 and 5 belong to the Switching and Design path and focus on switching technologies and 

LAN design. Chapters 6, 7, 8, and 9 belong to the Switching Configuration path and focus on basic 

switching protocols and configurations. No path is dependent upon another path. Appendix D provides you 

with three different CCNA 3 Skills-Based Assessment practice labs.

Work through the Study Guide and Lab Exercises in the sequence in which they are presented. The 

sequence is designed to take you from a basic understanding of the knowledge topics through the full 

application and implementation of the skills. Individually, the chapters and appendixes include exercises 

and labs covering the following knowledge and skills: 

■ Chapter 1, “Introduction to Classless Routing”—Variable-Length Subnet Masking (VLSM) is 

arguably one of the most challenging skills you must master as a CCNA candidate. Therefore, this 

chapter spends a great deal of time on this topic. Use the large variety of exercises to solidify your 

VLSM skills. In the RIPv2 discussion of the Study Guide portion, you compare and contrast RIPv1 

and RIPv2 and complete an Internet Research exercise. In the Lab Exercises portion is a Command 

Reference exercise to help you review all the commands covered in the chapter. The five Curriculum 

Labs focus your attention on the configuration tasks covered in the chapter. Two additional labs, a 

Comprehensive Lab and a Challenge Lab, help you review the commands and skills learned in the 

Curriculum Labs. 

■ Chapter 2, “Single-Area OSPF”—This chapter has plenty of vocabulary exercises to help you get a 

firm grasp of OSPF terminology. Additional exercises focus on specific concepts and skills. For example, 

the DR/BDR Election exercise concentrates on this challenging OSPF topic. Concept questions 

round out your study of the operation of OSPF. In the Lab Exercises portion is a Command Reference 

exercise to help you review all the commands covered in the chapter. The six Curriculum Labs focus 

your attention on the configuration tasks covered in the chapter. Two additional labs, a Comprehensive 

Lab and a Challenge Lab, help you review the commands and skills learned in the Curriculum Labs. 

■ Chapter 3, “EIGRP and Troubleshooting Routing Protocols”—This chapter covers the concepts 

and configurations of the Cisco-proprietary Enhanced Interior Gateway Routing Protocol (EIGRP). 

Exercises cover vocabulary and the EIGRP packet types. In the “EIGRP Configuration” section, you 

work through a comprehensive EIGRP configuration exercise. Finally, you work on your troubleshooting 

skills in the “Troubleshooting Routing Protocols” section. The Lab Exercises portion has a 

Command Reference exercise to help you review all the commands covered in the chapter. The two 

Curriculum Labs focus your attention on the configuration tasks covered in the chapter. Two additional 

labs, a Comprehensive Lab and a Challenge Lab, help you review the commands and skills learned 

in the Curriculum Labs. 

■ Chapter 4, “Switching Concepts”—This chapter is in many ways a review of concepts you have 

already learned in previous course work. Therefore, in addition to some vocabulary exercises, additional 

exercises concentrate on a few of the more difficult concepts, including CSMA/CD, the MAC 

address table, collision and broadcast domains, and cabling. There are no Lab Exercises for this chapter. 

■ Chapter 5, “LAN Design and Switches”—This chapter is mostly vocabulary and concepts. The 

exercises in this chapter ensure that you have a firm grasp of the vocabulary and concepts pertaining 

to LAN design and the three-layer hierarchical model. There are no Lab Exercises for this chapter. 

xxvii 

■ Chapter 6, “Catalyst Switch Configuration”—This chapter includes some vocabulary exercises and 

LED switch identification exercises. Most of the Study Guide section is devoted to a basic switch configuration 

exercise. In the Lab Exercises section of this chapter, you will find a Command Reference 

exercise to help you review all the commands covered in the chapter. The ten Curriculum Labs focus 

your attention on the configuration tasks covered in the chapter. A Challenge Lab will help you review 

the commands and skills you learned in the Curriculum Labs.

xxviii Switching Basics and Intermediate Routing CCNA 3 Labs and Study Guide 

■ Chapter 7, “Spanning Tree Protocol”—This chapter covers the need for redundancy in today’s production 

networks and explains how the Spanning Tree Protocol (STP) avoids switching loops in a 

redundant configuration. Study Guide exercises include vocabulary, concept questions, determining 

the root bridge, and spanning-tree recalculation. Because commands are limited to configuring the 

root bridge and verifying STP operation, the Lab Exercises are limited to the two online Curriculum 

Labs. However, STP configuration and verification commands are used in the Comprehensive and 

Challenge Labs of both Chapter 8 and Chapter 9. 

■ Chapter 8, “Virtual LANs”—This chapter begins the study of VLANs, which are increasingly 

becoming more prominent in production networks. Exercises focus on vocabulary, concepts, configuration, 

and troubleshooting. In the Lab Exercises section of this chapter, you will find a Command 

Reference exercise to help you review all the commands covered in the chapter. The three Curriculum 

Labs focus your attention on the configuration tasks covered in the chapter. An additional Challenge 

Lab combines VLAN configuration with port security (Chapter 6) and STP (Chapter 7). 

■ Chapter 9, “VLAN Trunking Protocol”—This chapter rounds out your CCNA study of VLANs 

with the VLAN Trunking Protocol. Exercises include vocabulary, concept questions, Internet research, 

and a journal entry. Also included are configuration exercises covering trunk configuration, VTP configuration, 

and inter-VLAN configuration. In the Lab Exercises section of this chapter, you will find a 

Command Reference exercise to help you review all the commands covered in the chapter. The four 

Curriculum Labs focus your attention on the configuration tasks covered in the chapter. Two additional 

labs, a Comprehensive Lab and a Challenge Lab, help you review the commands and skills learned 

in the Curriculum Labs as well as reinforce commands from Chapters 6, 7, and 8. 

■ Appendix A, “Router Interface Summary Chart”—This appendix has a table that you can reference 

for the appropriate IOS interface names to use on Cisco 800, 1600, 1700, 2500, and 2600 series 

routers. 

■ Appendix B, “Erasing and Reloading the Switch”—Because many of the labs require a clean 

switch configuration, this appendix includes the procedures you should complete before beginning. 

■ Appendix C, “Erasing and Reloading the Router”—Because many of the labs require a clean 

router configuration, this appendix includes the procedures you should complete before beginning. 

■ Appendix D, “CCNA 3 Skills-Based Assessment Practice”—This appendix contains three practice 

labs for the skills-based assessment. The first lab focuses on routing. The second lab focuses on 

switching. The third lab is comprehensive, including most of the commands and configurations you 

must master as a CCNA 3 student.

CHAPTER 1 

Introduction to Classless Routing 

The Study Guide portion of this chapter uses a combination of exercises to test your knowledge on classless 

routing. 

The Lab Exercises portion of this chapter includes all of the online curriculum labs as well as a 

Comprehensive Lab and a Challenge Lab to ensure that you have mastered the practical, hands-on skills 

needed about classless routing.

2 Switching Basics and Intermediate Routing CCNA 3 Labs and Study Guide 

Study Guide 

VLSM 

Today’s networks must be stable yet scalable. Scalability means the initial design of the network must 

allow for change and growth without any major modifications to the overall design. A key element of good 

network design is an IP addressing plan that optimizes the use of IP addresses and minimizes the size of 

routing tables. This is achieved through the use of VLSM, CIDR, and route summarization. These are fundamental 

concepts and must be incorporated in your CCNA skill set before you move on to the more challenging 

topics of OSPF and EIGRP, which both incorporate VLSM and scalable network design. 

The exercises in this section will help you build your skills in implementing VLSM addressing schemes, 

determining efficient route summaries, and configuring static and default routing. The exercises are meant 

to progress logically from establishing the use of terminology in the Vocabulary Exercises through applying 

your skill in design scenarios and application exercises. If you are new to the topic of VLSM, you 

should proceed through the exercises in the order presented. However if you are refreshing your skill, try 

one of the VLSM Addressing Design Scenarios or even Challenge Lab 1-7 to effectively gauge where you 

are weak. Then, choose additional exercises to reinforce your knowledge and skill.

Vocabulary Exercise: Matching 


Match the definition on the left with a term on the right. This exercise is not necessarily a one-to-one 

matching. Some definitions may be used more than once and some terms may have multiple definitions. 

Definition 

a. With classful routing, __________ must be 

avoided because they are not visible across 

classful network boundaries. 

b. does not advertise subnet mask information. 

c. describes the combination of multiple contiguous 

classful network addresses into one 

advertisement. 

d. the policy of advertising routes at the classful 

boundary. 

e. When using a classful routing protocol, it is 

important that all subnets have the same as 

mask. This is sometimes referred to as 

__________. 

f. process of combining multiple subnets into 

one advertisement with a common prefix 

length (not necessarily on a classful boundary). 

g. advertises subnet mask information. 

h. When a router does not have an interface for 

the destination network, it sends traffic to its 

_____________. 

i. With classless routing protocols, the subnet 

mask can be different from subnet to subnet. 

This is called __________. 

j. also referred to as CIDR notation, bitmask, 

and network mask, the number of bits that are 

shared in common by all addresses in the 

address space. 

k. specified by RFC 1519 to address the critical 

problems of exhaustion of Class B address 

space and the growth in size of Internet routing 

tables. 

Term 

k classless inter-domain routing 

g classless routing protocol 

j prefix length 

a discontiguous subnets 

f route aggregation 

e fixed-length subnet masking (FLSM) 

h default route 

d automatic summarization 

i variable-length subnet mask (VLSM) 

f route summarization 

c supernetting 

b classful routing protocol


Instructor Note: Supernetting can be referred to as route summarization or route aggregation, but route summarization 

cannot always be referred to as supernetting. They are not technically the same thing. For example, 

192.168.1.0/25 can be a summary route of the 192.168.1.0/26 and 192.168.1.64/26 subnets, but it is not a supernet of 

them. Supernetting is a term used to describe the combination of multiple contiguous classful network addresses into 

one advertisement. For example, 192.168.0.0/22 includes Class C networks 192.168.0.0 through 192.168.3.0. 

However, the supernet 192.168.0.0/22 is more often referred to as a summary route. In fact, the show ip protocols 

command will list this summary as Address Summarization, not as a supernet. 

Classless inter-domain routing (CIDR, pronounced “cider”) is the method specified by RFC 1519 for assigning IP 

addresses without using the standard IP address classes such as Class A, Class B, and Class C. Thus, an organization 

could be assigned eight addresses such as 209.165.201.8/29. This is not a subnet; rather, it is a block of addresses from 

209.165.201.8 through 209.165.201.15. The CIDR notation, which is the prefix length, is /29, meaning that the first 

29 bits are assigned by the Internet Assigned Numbers Authority (http://www.iana.org). The remaining 3 bits are 

available to the assignee for addressing purposes. 

Vocabulary Exercise: Completion 

Complete the paragraphs that follow by filling in appropriate words and phrases. 

When using classful routing protocols such as RIP and IGRP, you must use fixed-length subnet masking 

(FLSM), which means that all subnets within the same addressing scheme must share the same subnet 

mask. With these routing protocols, it is also very important to avoid discontiguous subnets, because they 

perform automatic summarization at classful network boundaries. Subnets must be assigned to networks in 

sequential order because they are not advertised across the network boundary. 

Classless inter-domain routing is specified in RFC 1519 as a way to assign addresses by delineating the 

prefix length of the common bits in the network portion of the address space instead of relying on the 

default subnet masks of Classes A, B, and C. 

The implementation of CIDR allows the use of classless routing protocols such as OSPF, IS-IS, EIGRP, 

and BGPv4. These protocols effectively preserve address space and reduce the size of routing tables 

through the use of variable-length subnet masks (or masking) (VLSM). These protocols are capable of 

advertising a collection of classful addresses in one big supernet, which is a type of route summarization 

(or aggregation) with which multiple address spaces can be combined into one route with a common network 

prefix. 

The process of using routing protocols such as RIP or OSPF is often referred to as dynamic routing. Two 

other types of routing are available to the network administrator: static routing, which is the manual configuration 

of a network/subnet mask combination, and default routing, which is the manual configuration 

of a gateway of last resort. 

Subnetting Review Exercises 

Three basic subnetting review exercises follow, which will help you refresh your subnetting skills. You 

must be able to demonstrate a basic level of competency in subnetting before proceeding into VLSM. 

Note: CIDR notation refers to the practice of representing the prefix length of the network portion of an address in 

“slash” format. For example, the CIDR notation of the Class C default subnet mask 255.255.255.0 is /24.

Class C Subnetting Scenario 

Use the address space 192.168.1.0/24 and subnet it to provide enough addresses for 40 hosts. 

What are the most bits you can borrow? 2 

Assuming subnet 0 and the all-1s subnet are both useable, what is the total number of subnets? 4 

What is the total number of useable hosts per subnet? 26 – 2 = 62 

What is the new subnet mask in dotted-decimal notation? 255.255.255.192 

What is the new subnet mask in CIDR notation? /26 

What is the magic number or subnet multiplier? 64 

Fill in the following table for the first ten useable subnets. All rows in the table may not be used. 

Subnet No. Subnet Address Host Range Broadcast Address 

0 192.168.1.0 192.168.1.1–192.168.1.62 192.168.1.63 

1 192.168.1.64 192.168.1.65–192.168.1.126 192.168.1.127 

2 192.168.1.128 192.168.1.129–192.168.1.190 192.168.1.191 

3 192.168.1.192 192.168.1.193–192.168.1.254 192.168.1.255 

4 

5 

6 

7 

8 

9 

Class B Subnetting Scenario 

Use the address space 172.16.0.0/16 and subnet it to provide 2000 subnets. 

How many bits do you need to borrow? 11 


What is the total number of useable hosts per subnet? 25 – 2 = 30 





Fill in the following table for the first ten useable subnets. Note: All blanks may not be used.



0 172.16.0.32 172.16.0.33–172.16.0.62 172.16.0.63 

1 172.16.0.64 172.16.0.65–172.16.0.94 172.16.0.95 

2 172.16.0.96 172.16.0.97–172.16.0.126 172.16.0.127 

3 172.16.0.128 172.16.0.129–172.16.0.158 172.16.0.159 

4 172.16.0.160 172.16.0.161–172.16.0.190 172.16.0.191 

5 172.16.0.192 172.16.0.193–172.16.0.222 172.16.0.223 

6 172.16.0.224 172.16.0.225–172.16.0.254 172.16.0.255 

7 172.16.1.0 172.16.1.1–172.16.1.30 172.16.1.31 

8 172.16.1.32 172.16.1.33–172.16.1.64 172.16.1.63 

9 172.16.1.64 172.16.1.65–172.16.1.94 172.16.1.95 

Class A Subnetting Scenario 

Use the address space 10.0.0.0/8 and subnet it to provide enough addresses for 30,000 hosts. 

What are the most bits you can borrow? 9 


What is the total number of useable hosts per subnet? 215 – 2 = 32,764 




Fill in the following table for the first ten useable subnets. Note: All blanks may not be used. 


0 10.0.0.0 10.0.0.1–10.0.127.254 10.0.127.255 

1 10.0.128.0 10.0.128.1–10.0.255.254 10.0.255.255 

2 10.1.0.0 10.1.0.1–10.1.127.254 10.1.127.255 

3 10.1.128.0 10.1.128.1–10.1.255.254 10.1.255.255 

4 10.2.0.0 10.2.0.1–10.2.127.254 10.2.127.255 

5 10.2.128.0 10.2.128.1–10.2.255.254 10.2.255.255 

6 10.3.0.0 10.3.0.1–10.3.127.254 10.3.127.255 

7 10.3.128.0 10.3.128.1–10.3.255.254 10.3.255.255 

8 10.4.0.0 10.4.0.1–10.4.127.254 10.4.127.255 

9 10.4.128.0 10.4.128.1–10.4.255.254 10.4.255.255

Prefix Length Use Exercises 

Use the following exercises to practice converting between dotted-decimal and prefix length representations 

(CIDR notation) of subnet masks. 

Dotted-Decimal to Prefix Length Conversion 

Convert the following subnets and subnet masks shown in dotted-decimal format into the equivalent prefix 

length format. 

Example: 

192.168.1.0 255.255.255.0; Answer: 192.168.1.0/24 

192.168.1.0 255.255.255.128; Answer: 192.168.1.0/25 

192.168.1.128 255.255.255.192; Answer: 192.168.1.0/26 

192.168.1.32 255.255.255.224; Answer: 192.168.1.31/27 

192.168.1.96 255.255.255.248; Answer: 192.168.1.96/29 

192.168.1.48 255.255.255.252; Answer: 192.168.1.48/30 

172.16.128.0 255.255.224.0; Answer: 172.16.128.0/19 

172.16.8.0 255.255.255.128; Answer: 172.16.8.0/25 

172.16.160.0 255.255.254.0; Answer: 172.16.160.0/23 

172.16.80.0 255.255.240.0; Answer: 172.16.80.0/20 

172.16.240.0 255.255.248.0; Answer: 172.16.240.0/21 

172.16.39.0 255.255.255.0; Answer: 172.16.39.0/24 

172.16.224.0 255.255.255.224; Answer: 172.16.224.0/27 

172.16.45.24 255.255.255.248; Answer: 172.16.45.24/29 

172.16.16.16 255.255.255.240; Answer: 172.16.16.16/28 

172.16.200.192 255.255.255.192; Answer: 172.16.200.192/26 

10.0.0.0 255.254.0.0; Answer: 10.0.0.0/15 

10.5.160.32 255.255.255.224; Answer: 10.0.160.32/27 

10.96.128.0 255.255.224.0; Answer: 10.96.128.0/19 

10.64.48.0 255.255.255.240; Answer: 10.64.48.0/28 

10.52.0.0 255.252.0.0; Answer: 10.52.0.0/14 

Prefix Length to Dotted-Decimal Conversion 

Convert the following subnets and subnet masks shown in prefix length format into the equivalent dotteddecimal 

format. 

Example: 

172.16.0.0/16; Answer: 172.16.0.0 255.255.0.0 

192.168.2.240/29; Answer: 192.168.2.240 255.255.255.248 

192.168.2.32/28; Answer: 192.168.2.32 255.255.255.240 

Chapter 1: Introduction to Classless Routing 7


192.168.2.0/25; Answer: 192.168.2.0 255.255.255.128 

192.168.2.240/30; Answer: 192.168.2.240 255.255.255.252 

192.168.2.192/26; Answer: 192.168.2.192 255.255.255.192 

172.20.34.0/25; Answer: 172.20.34.0 255.255.255.128 

172.20.64.0/18; Answer: 172.20.64.0 255.255.192.0 

172.20.224.0/20; Answer: 172.20.224.0 255.255.240.0 

172.20.16.0/23; Answer: 172.20.16.0 255.255.254.0 

172.20.180.0/28; Answer: 172.20.180.0 255.255.255.240 

172.20.36.0/22; Answer: 172.20.36.0 255.255.252.0 

172.20.0.0/19; Answer: 172.20.0.0 255.255.224.0 

172.20.128.0/17; Answer: 172.20.0.0 255.255.128.0 

172.20.144.0/21; Answer: 172.20.144.0 255.255.248.0 

172.20.96.96/27; Answer: 172.20.96.96 255.255.255.224 

10.0.0.0/17; Answer: 10.0.0.0 255.255.128.0 

10.0.154.32/28; Answer: 10.0.154.32 255.255.255.240 

10.224.0.0/13; Answer: 10.72.224.0 255.248.0.0 

10.32.0.0/22; Answer: 10.32.0.0 255.255.252.0 

10.10.0.0/24; Answer: 10.10.0.0 255.255.255.0 

Using Binary Math to AND the Subnet Address 

Understanding how a router determines the network or subnet address for a given IP address is a fundamental 

skill to implementing VLSM and interpreting routing tables. 

In the following exercises, use binary math to “AND” the host IP address and subnet mask to determine 

the subnet address. After completing the binary math, write the subnet address in dotted-decimal format. 

In binary math, the AND operation is as follows: 

1 AND 1 = 1; all other possibilities equal 0 

Example: 

192.168.1.67/28 

IP address 11000000.10101000.00000001.01000011 

Subnet mask 11111111.11111111.11111111.11110000 

Subnet address 11000000.10101000.00000001.01000000 

Dotted-decimal 192.168.1.64 

1. 192.168.18.237/27 

IP address 11000000.10101000.00010010.11101101 

Subnet mask 11111111.11111111.11111111.11100000 


Dotted-decimal 192.168.18.224

2. 192.168.35.142/29 

IP address 11000000.10101000.00100011.10001110 

Subnet mask 11111111.11111111.11111111.11111000 



3. 172.28.23.54/21 

IP address 10101100.00011100.00010111.00110110 

Subnet mask 11111111.11111111.11111000.00000000 



4. 172.31.32.69/25 

IP address 10101100.00011111.00100000.01000101 

Subnet mask 11111111.11111111.11111111.10000000 



5. 10.64.150.197/18 

IP address 00001010.01000000.10010110.11000101 

Subnet mask 11111111.11111111.11000000.00000000 



VLSM Subnetting a Subnet Exercises 

Note: Now is a good time to complete Curriculum Lab 1-1: Calculating VLSM Subnets (1.1.4), which walks you 

through a VLSM addressing scenario. 

VLSM is simply “subnetting a subnet.” In the following exercises, use your subnetting skills to further 

subnet a given subnet. If it helps you, draw a topology that represents the requirement you are given. 

Example: 


Use the subnet 192.168.1.64/27 and further subnet this address to provide four additional subnets with at 

least six hosts per subnet. List all four subnets in network address/prefix format. 

Step 1. Determine how many host bits you have available in the given subnet. For subnet 

192.168.1.64/27, you have a total of 5 host bits. 

Step 2. Determine how many host bits you can borrow to make an additional four subnets with at least 

six hosts per subnet. Borrowing an additional 2 bits will make four subnets (2 2 = 4). Because 

there are 3 host bits left after borrowing, each subnet will have exactly six host addresses 

(2 3 – 2 = 6). 

Step 3. Determine the new prefix and list the new subnets. Because you borrowed 2 bits, the new 

prefix is /29. You start with the first address 192.168.1.64 and list the four subnets.


Subnet No. Network Address/Prefix 

0 192.168.1.64/29 

1 192.168.1.72/29 

2 192.168.1.80/29 

3 192.168.1.88/29 

1. Use the subnet 192.168.1.128/25 and further subnet this address to provide eight additional subnets 

with at least ten hosts per subnet. List the first five subnets in network address/prefix format. What 

would be the last subnet? 

192.168.1.240/28 


0 192.168.1.128/28 

1 192.168.1.144/28 

2 192.168.1.160/28 

3 192.168.1.176/28 

4 192.168.1.192/28 

2. Use the subnet 172.16.32.0/19 and further subnet this address to provide eight additional subnets with 

at least 1000 hosts per subnet. List the first five subnets in network address/prefix format. What would 

be the last subnet? 

172.16.60/22 


0 172.16.32.0/22 

1 172.16.36.0/22 

2 172.16.40.0/22 

3 172.16.44.0/22 

4 172.16.48.0/22 

3. Use subnet 2 from the last question and further subnet this address to provide eight additional subnets 

with at least 100 hosts per subnet. List the first five subnets in network address/prefix format. What 


172.16.43.128/25 


0 172.16.40.0/25 

1 172.16.40.128/25 

2 172.16.41.0/25 

3 172.16.41.128/25 

4 172.16.42.0/25

4. Use subnet 4 from the last question and further subnet this address to provide eight additional subnets 

with at least ten hosts per subnet. List the first five subnets in network address/prefix format. What 


172.16.42.112/28 


0 172.16.42.0/28 

1 172.16.42.16/28 

2 172.16.42.32/28 

3 172.16.42.48/28 

4 172.16.42.64/28 

5. Use subnet 0 from the last question and further subnet this address to provide four additional subnets 

to be used for point-to-point links. List all four subnets in network address/prefix format. 


0 172.16.42.0/30 

1 172.16.42.4/30 

2 172.16.42.8/30 

3 172.16.42.12/30 

6. Use the subnet 10.1.0.0/16 and further subnet this address to provide 30 additional subnets with at 

least 2000 hosts per subnet. List the first five subnets in network address/prefix format. What would 


10.1.248.0/21 


0 10.1.0.0/21 

1 10.1.8.0/21 

2 10.1.16.0/21 

3 10.1.24.0/21 

4 10.1.32.0/21 



7. Use subnet 4 from the last question and further subnet this address to provide 30 additional subnets 

with at least 60 hosts per subnet. List the first five subnets in network address/prefix format. What 


10.1.39.192.0/26 


0 10.1.32.0/26 

1 10.1.32.64/26 

2 10.1.32.128/26 

3 10.1.32.192/26 

4 10.1.33.0/26 

8. Use subnet 1 from the last question and further subnet this address to provide 16 additional subnets to 

be used for point-to-point links. List the first 5 subnets in network address/prefix format. What would 


10.1.32.124/30 


0 10.1.32.64/30 

1 10.1.32.68/30 

2 10.1.32.72/30 

3 10.1.32.76/30 

4 10.1.32.80/30 

VLSM Addressing Design Exercises 

In the following VLSM Addressing Design Exercises, you apply your VLSM addressing skills to a three 

router topology. Each exercise is progressively more difficult than the last. There may be more than one 

correct answer in some situations. However, you should always practice good addressing design by assigning 

your subnets contiguously. This allows the summary of a group of subnets into one aggregate route, 

thus decreasing the size of routing tables. 

VLSM Addressing Design Exercise 1 

Assume that 4 bits were borrowed from the host portion of 192.168.1.0/24. You are not using VLSM. 

Starting with subnet 0, label Figure 1-1 contiguously with subnets. Start with the LAN on RTA and proceed 

clockwise.

Figure 1-1 Addressing Design Exercise 1 Topology: Subnets 

Address Space 

192.168.1.0/24 

192.168.1.64/28 

192.168.1.80/28 

192.168.1.0/28 

RTA 

RTC RTB 

192.168.1.48/28 

How many total valid host addresses will be wasted on the WAN links? 

You assigned 3 WAN subnets with 14 hosts each. Two hosts are used. Therefore, 12 hosts × 3 WAN subnets 

= 36 wasted host addresses. 

Now, come up with a better addressing scheme using VLSM. Start with the same 4 bits borrowed from the 

host portion of 192.168.1.0/24. Label each of the LANs with a subnet. Then, subnet the next available subnet 

to provide WAN subnets without wasting any host addresses. Label Figure 1-2 with the subnets. 

Figure 1-2 Addressing Design Exercise 1 Topology: VLSM Subnets 

Address Space 

192.168.1.0/24 

192.168.1.32/28 

192.168.1.56/30 

192.168.1.0/28 

RTA 


192.168.1.16/28 

192.168.1.48/30 

RTC RTB 

192.168.1.52/30 

192.168.1.32/28 

192.168.1.16/28


List the address space that is still available for future expansion. 

For the solution shown in Figure 1-2, address space still available is .60/30; .64/26; .128/25. 

The topology shown in Figure 1-3 has LAN subnets already assigned out of the 192.168.1.0/24 address 

space. Using VLSM, create and label the WANs with subnets from the remaining address space. 

Figure 1-3 Addressing Design Exercise 1 Topology: WAN Subnets 

Address Space 

192.168.1.0/24 

192.168.1.128/27 


Answers may vary. In the answer shown in Figure 1-3, the available address space is .172/30; .176/28; 

.192/26. 


192.168.1.0/26 

RTA 

192.168.1.168/30 192.168.1.160/30 

RTC RTB 

192.168.1.164/30 

Your address space is 192.168.1.192/26. Each LAN needs to support ten hosts. Use VLSM to create a contiguous 

IP addressing scheme. Label Figure 1-4 with your addressing scheme. Don’t forget the WAN links. 

Figure 1-4 Addressing Design Exercise 2 Topology 

Address Space 

192.168.1.192/26 

192.168.1.224/28 

192.168.1.248/30 

192.168.1.192/28 

RTA 

192.168.240./30 

RTC RTB 

192.168.1.244/30 

192.168.1.64/26 

192.168.1.208/28


There is only one subnet left: .252/30. 


Your address space is 192.168.6.0/23. The number of hosts needed for each LAN is shown in Figure 1-5. 

Use VLSM to create a contiguous IP addressing scheme. Label Figure 1-5 with your addressing scheme. 

Don’t forget the WAN links. 


Address Space 

192.168.6.0/23 

192.168.7.64/27 

30 Hosts 

192.168.7.104/30 


For the solution shown in Figure 1-5, the address space still available is .7.108/30; .7.112/28; .7.128/25. 


192.168.6.0/24 

150 Hosts 

RTA 

RTC RTB 

192.168.7.100/30 


192.168.7.96/30 

192.168.7.0/26 

60 Hosts 

Your address space is 10.10.96.0/21. The number of hosts needed for each LAN is shown in Figure 1-6. 

Use VLSM to create a contiguous IP addressing scheme. Label Figure 1-6 with your addressing scheme. 

Don’t forget the WAN links.



Address Space 

10.10.96.0/21 

10.10.102.0/24 

250 Hosts 

10.10.103.248/30 


For the solution shown in Figure 1-6, the address space still available is .103.252/30; .103.224/28; 

.103.192/27; .103.128/26; .103.0/25. 

VLSM Addressing Design Scenarios 

The following VLSM Addressing Design Scenarios will build upon your addressing design skills. In these 

scenarios, you will fully document your network design, including IP addresses for interfaces and hosts. 

Instructor Note: Once students have successfully completed a scenario, have them test it out on real routers or a simulator 

such as Packet Tracer. 

VLSM Addressing Design Scenario 1 

Complete Addressing Design Scenario 1 using the following list of requirements: 

■ Address space: 192.168.1.0/25. 

10.10.96.0/22 

1,000 Hosts 

RTA 

RTC RTB 

10.10.103.244/30 

■ RTA LAN, 60 hosts; RTB LAN, 30 hosts; RTC LAN, 10 hosts. 

■ Using good VLSM design practices, contiguously assign subnets to the topology shown in Figure 1-7. 

■ Fill in the table with all necessary IP address configuration information for all devices. Use dotteddecimal 

format for the subnet mask. 

■ List the address space that is still available for future expansion. 

10.10.103.240/30 

10.10.100.0/23 

500 Hosts

Figure 1-7 Addressing Design Scenario 1 Topology 

For the solution shown in Figure 1-7, the address space still available is .124/30. 

Because the given address space is /25, there is no more available space except for the one leftover WAN 

subnet. 

Device Interface IP Address Subnet Mask Default Gateway 

RTA Fa0/0 192.168.1.1 255.255.255.192 

S0/1 192.168.1.113 255.255.255.252 

S0/0 192.168.1.121 255.255.255.252 

RTB Fa0/0 192.168.1.65 255.255.255.224 

S0/1 192.168.1.114 255.255.255.252 

S0/0 192.168.1.117 255.255.255.252 

RTC Fa0/0 192.168.1.97 255.255.255.240 

S0/1 192.168.1.118 255.255.255.252 

S0/0 192.168.1.122 255.255.255.252 

Host A 192.168.1.2 255.255.255.192 192.168.1.1 

Host B 192.168.1.66 255.255.255.224 192.168.1.65 

Host C 192.168.1.98 255.255.255.240 192.168.1.97 



■ Address space: 192.168.18.0/23. 

Fa0/0 

RTA 

Fa0/0 Fa0/0 

RTC 

S0/1 

S0/0 

DCE 

RTB 

192.168.1.116/30 


S0/0 


60 Hosts 


S0/1 

DCE 

S0/0 

C DCE 

S0/1 

B 

10 Hosts 

Address Space 

192.168.1.0/25 

192.168.1.96/28 

192.168.1.120/30 

192.168.1.0/26 

A 

192.168.1.112/30 

192.168.1.64/27 

30 Hosts






Fa0/0 Fa0/0 

RTC 

S0/1 

S0/0 

DCE 

RTB 

192.168.19.196/30 

For the solution shown in Figure 1-8, the address space still available is .19.204/30; .19.208/28; 

.19.224/27. 


RTA Fa0/0 192.168.18.1 255.255.255.0 

S0/1 192.168.19.193 255.255.255.252 

S0/0 192.168.19.201 255.255.255.252 

RTB Fa0/0 192.168.19.1 255.255.255.128 

S0/1 192.168.19.194 255.255.255.252 

S0/0 192.168.19.197 255.255.255.252 

RTC Fa0/0 192.168.19.129 255.255.255.192 

S0/0 

S0/1 192.168.19.198 255.255.255.252 

S0/0 192.168.19.202 255.255.255.252 

Host A 192.168.18.2 255.255.255.0 192.168.18.1 

Host B 192.168.19.2 255.255.255.128 192.168.19.1 

Fa0/0 

Host C 192.168.19.130 255.255.255.192 192.168.19.129 

RTA 

250 Hosts 

S0/1 

DCE 

C 

S0/0 

DCE 

S0/1 

B 

60 Hosts 

Address Space 

192.168.18.0/23 

192.168.19.128/26 

192.168.19.200/30 

192.168.18.0/24 

A 

192.168.19.192/30 

192.168.19.0/25 

100 Hosts



■ Address space: 172.16.0.0/22. 







Fa0/0 Fa0/0 

RTC 

S0/1 

S0/0 

DCE 

RTB 

172.16.3.132/30 

For the solution shown in Figure 1-9, the address space still available is .3.140/30; .3.144/28; .3.160/27; 

.3.192/27. 


RTA Fa0/0 172.16.0.1 255.255.254.0 

S0/1 172.16.3.129 255.255.255.252 

S0/0 172.16.3.137 255.255.255.252 

RTB Fa0/0 172.16.2.1 255.255.255.0 

S0/1 172.16.3.130 255.255.255.252 

S0/0 172.16.3.133 255.255.255.252 

RTC Fa0/0 172.16.3.1 255.255.255.128 

S0/1 172.16.3.134 255.255.255.252 

S0/0 172.16.3.138 255.255.255.252 


Host A 172.16.0.2 255.255.254.0 172.16.0.1 

Host B 172.16.2.2 255.255.255.0 172.16.2.1 

Host C 172.16.3.2 255.255.255.128 172.16.3.1 

S0/0 

Fa0/0 

RTA 

500 Hosts 

S0/1 

DCE 

S0/0 

C DCE 

S0/1 

B 

100 Hosts 

Address Space 

172.16.0.0/22 

172.16.3.0/25 

172.16.3.136/30 

172.16.0.0/23 

A 

172.16.3.128/30 

172.16.2.0/24 

250 Hosts




■ Address space: 172.24.0.0/21. 


■ Using good VLSM design practices, contiguously assign subnets to the topology shown in 

Figure 1-10. 





Fa0/0 Fa0/0 

RTC 

S0/1 

S0/0 

DCE 

RTB 

172.24.7.4/30 

For the solution shown in Figure 1-10, the address space still available is .7.12/30; .7.16/28; .7.32/27; 

.7.64/26; .7.128/25. 


RTA Fa0/0 172.24.0.1 255.255.252.0 

S0/1 172.24.7.1 255.255.255.252 

S0/0 172.24.7.9 255.255.255.252 

RTB Fa0/0 172.24.4.1 255.255.254.0 

S0/1 172.24.7.2 255.255.255.252 

S0/0 172.24.7.5 255.255.255.252 

RTC Fa0/0 172.24.6.1 255.255.255.0 

S0/0 

S0/1 172.24.7.6 255.255.255.252 

S0/0 172.24.7.10 255.255.255.252 

Host A 172.24.0.2 255.255.252.0 172.24.0.1 

Fa0/0 

RTA 

1,000 Hosts 

S0/1 

DCE 

S0/0 

C DCE 

S0/1 

B 

250 Hosts 

Address Space 

172.24.0.0/21 

172.24.0.0/22 

A 

172.24.7.8/30 172.24.7.0/30 

172.24.6.0/24 172.24.4.0/23 

500 Hosts


Host B 172.24.4.2 255.255.254.0 172.24.4.1 

Host C 172.24.6.2 255.255.255.0 172.24.6.1 



■ Address space: 10.8.64.0/18. 







Fa0/0 

Fa0/0 Fa0/0 

RTC 

S0/1 

S0/0 RTB 

10.8.116.4/30 

DCE 

For the solution shown in Figure 1-11, the address space still available is 116.12/30; .116.16/28; 

.116.32/27; .116.64/26; .116.128/25; .117.0/24; .118.0/23; .120.0/21. 

RTA 


RTA Fa0/0 10.8.64.1 255.255.224.0 

S0/1 10.8.116.1 255.255.255.252 

S0/0 10.8.116.9 255.255.255.252 

RTB Fa0/0 10.8.96.1 255.255.240.0 

S0/0 

S0/1 10.8.116.2 255.255.255.252 

S0/0 10.8.116.5 255.255.255.252 


6,000 Hosts 

S0/1 

DCE 

S0/0 

C DCE 

S0/1 

B 

1,000 Hosts 

Address Space 

10.8.64.0/18 

10.8.116.8/30 

10.8.64.0/19 

A 

10.8.116.0/30 

10.8.112.0/22 10.8.96.0/20 

3,000 Hosts



RTC Fa0/0 10.8.112.1 255.255.252.0 

S0/1 10.8.116.6 255.255.255.252 

S0/0 10.8.116.10 255.255.255.252 

Host A 10.8.64.2 255.255.224.0 10.8.64.1 

Host B 10.8.96.2 255.255.240.0 10.8.96.1 

Host C 10.8.112.2 255.255.252.0 10.8.112.1 



■ Address space: 10.0.0.0/15. 

■ RTA LAN, 65,000 hosts; RTB LAN, 30,000 hosts; RTC LAN, 8000 hosts. 






S0/0 

Fa0/0 

RTA 

65,000 Hosts 

S0/1 

DCE 

S0/0 

C DCE 

S0/1 

B 

8,000 Hosts 

Address Space 

10.0.0.0/15 

10.1.128.0/19 

10.1.160.8/30 

10.0.0.0/16 

A 

10.1.160.0/30 

Fa0/0 Fa0/0 

RTC 

S0/1 

S0/0 

DCE 

RTB 

10.1.160.4/30 

10.1.0.0/17 

30,000 Hosts

For the solution shown in Figure 1-12, the address space still available is 10.1.160.12/30; 10.1.160.16/28; 

10.1.160.32/27; 10.1.160.64/26; 10.1.160.128/25; 10.1.161.0/24; 10.1.162.0/23; 10.1.164.0/22; 

10.1.168.0/21; 10.1.176.0/20; 10.1.192.0/18. 


RTA Fa0/0 10.0.0.1 255.255.0.0 

S0/1 10.1.160.1 255.255.255.252 

S0/0 10.1.160.9 255.255.255.252 

RTB Fa0/0 10.1.0.1 255.255.128.0 

S0/1 10.1.160.2 255.255.255.252 

S0/0 10.1.160.5 255.255.255.252 

RTC Fa0/0 10.1.128.1 255.255.224.0 

S0/1 10.1.160.6 255.255.255.252 

S0/0 10.1.160.10 255.255.255.252 

Host A 10.0.0.2 255.255.0.0 10.0.0.1 

Host B 10.1.0.2 255.255.128.0 10.1.0.1 

Host C 10.1.128.2 255.255.224.0 10.1.128.1 

Summary Route Exercises 

Use the following exercises to practice determining the summary route for a collection of subnets. 

The following is an example with the answer: 

Referring to Figure 1-13, what summary route would R1 send to BBR (Backbone Router) for the four networks? 

Write your answer in the space provided. 

Figure 1-13 Summary Route Example 

192.168.1.0/27 

192.168.1.32/27 

192.168.1.64/27 

192.168.1.96/27 


R1 BBR 

Summary Route 

192.168.1.0/25


Step 1. Find the number of highest-order bits that match in all the addresses, convert the addresses to 

binary format, and align them in a list. 

To make sure that you are including the entire address range from the lowest to the highest network 

address, find the lowest IP address, which is the network address 192.168.1.0 in the 

example. Then, find the highest IP address, which is 192.168.1.127, or the last address in the 

highest network, 192.168.1.96. 

Write the lowest and highest IP addresses in binary: 

192.168.1.0: 11000000.10101000.00000001.00000000 

192.168.1.127: 11000000.10101000.00000001.01111111 

Step 2. Locate where the common pattern of digits ends. The common bits are shaded in the following 

example. 

First IP 192.168.1.0 11000000.10101000.00000001.00000000 

Last IP 192.168.1.127 11000000.10101000.00000001.01111111 

Step 3. Count the number of common bits. This number is the prefix length of the summary route. It is 

represented at the end of the first IP address in the block and preceded by a slash. 

In this example, counting from left to right, you have 25 common bits. Your first address in the 

address block is 192.168.1.0. Therefore, your summary route is 192.168.1.0/25. 

Summary Route Exercise 1 

Referring to Figure 1-14, what summary route would R1 send to BBR for the four networks? Write your 

answer in the space provided. 

Figure 1-14 Summary Route Exercise 1 

192.168.1.0/25 

192.168.1.128/26 

192.168.1.192/27 

192.168.1.224/27 

R1 BBR 

Summary Route 

192.168.1.0/24

First IP 192.168.1.0 11000000.10101000.00000001.00000000 

Last IP 192.168.1.255 11000000.10101000.00000001.11111111 

Summary route 192.168.1.0/24 





192.168.4.0/24 

192.168.5.0/24 

192.168.6.0/24 

192.168.7.0/24 

First IP 192.168.4.0 11000000.10101000.00000100.00000000 

Last IP 192.168.7.255 11000000.10101000.00000111.11111111 




R1 BBR 

Summary Route 

192.168.4.0/22 


answer in the space provided.



192.168.64.0/21 

192.168.72.0/21 

192.168.80.0/21 

192.168.88.0/21 

First IP 192.168.64.0 11000000.10101000.01000000.00000000 

Last IP 192.168.95.255 11000000.10101000.01011111.11111111 



R1 BBR 

Summary Route 

192.168.64.0/19 




172.16.0.0/14 

172.20.0.0/14 

172.24.0.0/14 

172.28.0.0/14 

First IP 172.16.0.0 10101100.00010000.00000000.00000000 

Last IP 172.31.255.255 10101100.00011111.11111111.11111111 


Your students may be interested to know that the summary route 172.16.0.0/12 is also the entire range of 

Class B private IP addresses as defined by RFC 1918. 



R1 BBR 

Summary Route 

172.16.0.0/12 





172.16.0.0/17 

172.16.128.0/17 

172.17.0.0/16 

172.18.0.0/15 

First IP 172.16.0.0 10101100.00010000.00000000.00000000 

Last IP 172.19.255.255 10101100.00010011.11111111.11111111 



R1 BBR 

Summary Route 

172.16.0.0/14 




10.10.0.0/21 

10.10.8.0/21 

10.10.16.0/21 

10.10.24.0/21 

First IP 10.10.0.0 00001010.00001010.00000000.00000000 

Last IP 10.10.31.255 00001010.00001010.00011111.11111111 






10.0.0.0/16 

10.1.0.0/16 

10.2.0.0/15 

10.4.0.0/14 


R1 BBR 

Summary Route 

10.10.0.0/19 

R1 BBR 

Summary Route 

10.0.0.0/13


First IP 10.0.0.0 00001010.00000000.00000000.00000000 

Last IP 10.7.255.255 00001010.00000111.11111111.11111111 


Default and Static Routing Scenario 

In Figure 1-21, both static and default routing are used between RTA and ISP to route traffic. First, determine 

the summary route that would summarize all of the subnets from the 10.0.0.0 address space. Then, 

record the commands that would be configured on RTA and ISP to provide full connectivity. (Hint: RTA 

will use a default route and ISP will use a static route.) 

Figure 1-21 Default and Static Routing Scenario 

10.10.1.224/28 

To find the summary route, find the common bits shared by the first and last addresses in the address 

space. 

First IP 10.10.1.128 00001010.00001010.00000001.10000000 

Last IP 10.10.1.255 00001010.00001010.00000001.11111111 


10.10.1.128/26 

RTA 

RTC 10.10.1.244/30 

RTB 

Now configure ISP with a static route pointing to the summary of the address space: 

ISP(config)#ip route 10.10.1.128 255.255.255.128 209.165.201.2 

S1/0 

209.165.201.2/30 

10.10.1.248/30 10.10.1.240/30 

RTA will use a default route to ISP because ISP provides connectivity to destinations outside the 

10.10.1.128/25 address space: 

RTA(config)#ip route 0.0.0.0 0.0.0.0 209.165.201.1 

209.165.201.1/30 

S0/0 

DCE 

10.10.1.192/27 

ISP

Concept Questions 

List at least three reasons why you should use VLSM when designing your addressing scheme. 

■ More efficient use of IP addresses 

■ Greater capability to use route summarization 

■ Isolation of topology changes from other routers 

Why is VLSM described as “subnetting a subnet”? 

From the instructor version of the curriculum: 

VLSM is often referred to as “subnetting a subnet” because any network address space—whether a classful 

address like 192.168.1.0/24 or a classless address like 192.168.1.32/27—can be further subnetted to 

provide another level of logical addressing. 

Why was VLSM not used in CCNA 1 and CCNA 2? 


There are two main reasons why VLSM is not used in CCNA 1 and CCNA 2: 

■ Historically, subnetting has proved to be one of the more challenging skills students must master during 

the first two CCNA courses. Adding the concept of VLSM to this already difficult task is unnecessary, 

namely because…. 

■ CCNA 2 only deals with classful routing. Students do not yet implement classless addressing schemes 

in their network designs. 

What is the difference between CIDR and supernetting or router summarization? 


Classless Interdomain Routing (CIDR) is the mechanism that allows advertising of both supernets and subnets 

outside of the normal bounds of a classful network number. Supernetting is a representation that 

allows masks that are shorter than the natural masks, therefore creating supernets. 

From Switching Basics and Intermediate Routing CCNA 3 Companion Guide, by Wayne Lewis (Cisco 

Networking Academy Program): 

Although there is no consensus, the term route summarization often applies to summarizing within a classful 

boundary; on the other hand, CIDR almost always refers to combining several classful networks. With 

both CIDR and route summarization, the point is to optimize routing. To illustrate the difference between 

route summarization and CIDR, a network engineer may define a summary route on a Cisco router for a 

company’s network, but this has nothing to do with allocating a block of addresses to a customer. 

List the two ways a router running a classful routing protocol can calculate the network portion of routes 

received in routing updates. 

From Switching Basics and Intermediate Routing CCNA 3 Companion Guide: 

■ If the routing update information contains the same major network number as configured on the 

receiving interface, the router applies the subnet mask that is configured on the receiving interface. 

■ If the routing update information contains a different major network than the one configured on the 

receiving interface, the router applies the default classful mask by IP address class. 

Explain three ways a router can learn paths to destination networks. 



■ Static routes are manually defined by the system administrator via an attached interface or the next 

hop to a destination. These are useful for security and reducing routing traffic.


■ Default routes are also manually defined by the network engineer as the path to take when no known 

route exists to the destination. Default routes are essential to minimizing the size of a routing table. 

When an entry for a destination network does not exist in a routing table, the packet is sent via the 

route. 

■ Dynamic routing is where the router learns of paths to destinations by receiving routing updates from 

other routers via a routing protocol such as RIP. 

Explain the effect of the command ip classless on both classful and classless routing protocols. 


The ip classless command causes a classful routing protocol to evaluate all packets using the longestmatch 

criterion. Instead of discarding traffic bound for unknown subnets of a known classful network, a 

router tries to match the largest number of bits possible against the route in its routing table. 

Note that ip classless has no effect on routers running classless routing protocols, because they already use 

the longest-match criterion in making routing decisions. 

List the two classful routing protocols and explain the most serious limitation of these two protocols. 

RIPv1 and IGRP are both classful routing protocols. Neither RIPv1 nor IGRP sends subnet mask information 

in routing updates. Therefore, subnets must use the same mask and must be assigned contiguously. 

Not only does this waste address space, but classful routing is not very scalable. Adding a new subnet 

between two contiguously addressed subnets will necessitate designing a new addressing scheme. 

Which classless routing protocols automatically summarize at the classful boundary? Why do these protocols 

operate in a classful manner? What command will turn off automatic summarization and with which 

IOS versions must you enter the command? 

By default RIPv2, EIGRP, and BGP all summarize at the classful boundary. Automatic summarization 

enables RIPv2 and EIGRP to be backward compatible with their predecessors, RIPv1 and IGRP. In situations 

in which you want to manually summarize routes at a different bit boundary or want to be able to 

assign subnets discontiguously, turn off automatic summarization with the no auto-summary command. 

With Cisco IOS Release 12.2(8)T, EIGRP and BGP have auto-summary disabled by default; prior to 

12.2(8)T, EIGRP and BGP had auto-summary enabled by default. With RIPv2, auto-summary has 

always been and remains enabled by default. 

VLSM Case Study 

You are the new network administrator for Mom and Pop’s Stop & Shop, a multibranch convenience store 

corporation. The previous network administrator used the 192.168.1.0/24 private network exclusively to 

communicate between branch locations and corporate headquarters. The current topology and addressing 

scheme is shown in Figure 1-22. 

Mom and Pop’s Stop & Shop plans to add two new locations this year. With the current addressing 

scheme, how many subnets are left to provide address space for the new locations? As the new network 

administrator, what plan would you have for adding additional address space when needed? What routing 

protocol would you use?

Figure 1-22 Mom and Pop’s Stop & Shop Network Topology 

172.16.7.0/24 

192.168.1.192/28 

172.16.8.0/24 

Store8 

Store7 HQ 192.168.1.80/28 Store3 

192.168.1.176/28 

Store6 

172.16.6.0/24 

172.16.0.20/30 

172.16.0.28/30 

172.16.0.24/30 

172.16.0.16/30 

192.168.1.144/28 

172.16.1.0/24 

The current addressing scheme only allows for an additional four subnets: 192.168.1.0/28, 

192.168.1.208/28, 192.168.1.224/28, and 192.168.240/28. This is enough for the current needs. However, 

no more subnets will be available for future expansion. In addition, the current design is wasting 

12 addresses on each WAN link. A better solution would be to implement VLSM and a classless 

routing protocol. 

Allow students to design their own addressing scheme to reinforce the VLSM concepts learned in this 

chapter. This will provide you with several examples to compare and contrast. Discuss with the students as 

a class the benefits and drawbacks of different solutions. 

The following is a sample solution using the 172.16.0.0/16 address space: 


192.168.1.32/28 

Store1 

172.16.0.0/30 

192.168.1.16/28 

192.168.1.112/28 

Store5 

192.168.1.160/28 

172.16.5.0/24 

172.16.0.8/30 

172.16.0.12/30 

172.16.2.0/24 

Store2 

192.168.1.48/28 

172.16.0.4/30 

Store4 

172.16.4.0/24 

192.168.1.64/28 

172.16.3.0/24 

192.168.1.96/28 

192.168.1.128/28 

Although the current stores need only a handful of IP addresses, future needs are always more demanding. 

To provide enough address space for any possible future needs at each store, give each store a /24 subnet. 

WAN links will be assigned exclusively from the 172.16.0.0/24 address space. (You just as easily could 

have used the last /24 subnet or 172.16.255.0/24.) Store subnets will match the store numbers already used 

by Mom and Pop’s. The addressing convention will be 172.16.x.0/24, where x is the store number. Using a 

numbering scheme that also denotes the location helps tremendously when troubleshooting. For example, a 

poorly performing or failing NIC can cause a flood of meaningless traffic. This traffic can be identified by 

its IP address using network monitoring software. The IP address alone is enough to tell you which store is 

generating the excess traffic. 

For routing, you can use any classless routing protocol, including RIPv2, OSPF, and EIGRP. However, 

although the network is large, it is not overly complex. There is no need to complicate the situation with a 

more complex routing protocol. RIPv2 is probably the best choice in this situation.


RIP Version 2 

RIP was designed to work as a simple Interior Gateway Protocol (IGP) within small and moderate-sized 

autonomous systems. The first version of RIP did not support VLSM, but rather simply advertised the 

classful network to RIP neighbors. However, the original RIP specification (RFC 1058) provided several 

empty fields in the RIP update that are now used by RIP version 2 (RFC 2453). In the following two exercises, 

you will compare and contrast RIPv1 and RIPv2. Then, you will complete a research exercise to discover 

more details about the two versions of RIP. 

Compare and Contrast Exercise 

Compare and contrast RIPv1 and RIPv2 by listing the features of each protocol in the following table. 

RIPv1 Features RIPv2 Features 

Hop count is the metric. Hop count is the metric. 

Maximum hop count is 15. Maximum hop count is 15. 

Uses hold-down timers to prevent routing loops. Uses hold-down timers to prevent routing loops. 

Uses split-horizon to prevent routing loops. Uses split-horizon to prevent routing loops. 

Failure to receive updates in a timely manner Failure to receive updates in a timely manner results in 

results in removal of routes previously learned removal of routes previously learned from a neighbor. 

from a neighbor. 

The administrative distance is 120. The administrative distance is 120. 

Routing updates are broadcast every Routing updates are multicast every 30 seconds by 30 

seconds by default. default. 

Capable of load balancing over as many as six Capable of load balancing over as many as six 

equal-cost paths—four paths by default. equal-cost paths—four paths by default. 

Authentication is not supported. Supports clear-text and Message Digest 5 (MD5) 

authentication. 

VLSM is not supported— VLSM is supported—sends mask in the update. 

it is a classful routing protocol. 

Does not support manual route summarization. Supports manual route summarization. 

From your preceding list of features, what are the four improvements added to RIPv2? 

■ Multicasting of updates 

■ Support for simple and MD5 authentication 

■ Support for VLS because subnet mask information is sent in updates 

■ Support for route summarization 

Internet Research 

RIP is an open standard, which means the specifications for the format of RIP messages is not proprietary 

and can be implemented by any vendor or software developer. When you are not sure about an open standard 

such as RIP or OSPF, you can always refer to the original Request For Comments (RFC) for that 

standard. For this research exercise, use the Internet to find the RFC for RIPv2 and answer the following 

questions.

Students should be well versed in using search tools. The RFCs for RIPv1 and RIPv2 exist is several 

places on the Internet. Emphasize that they should look for the most recent version of the RFC. In this 

case, RFC 2453 is sufficient to answer all of the following questions. Students should also be encouraged 

to find the original source for RFCs—the Internet Engineering Task Force (IETF). According to 

http://www.ietf.org, IETF “…is a large open international community of network designers, operators, 

vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation 

of the Internet.” The IETF collection of RFCs can be found at http://www.ietf.org/rfc/rfc#, where # is 

the number of the RFC. 

What Layer 4 protocol does RIP use and what is its port number? 

RIP used UDP and its port number is 520. 

How many routing updates can a RIP update contain? 

A RIP update can contain up to 25 routing updates. 

RIPv1 and RIPv2 both use the same header information. RIPv2 uses empty fields in the 20-byte RIPv1 

route entry. Fill in the names of the fields for both the RIPv1 and RIPv2 route entries in Figure 1-23 and 

Figure 1-24, respectively. (Hint: Look for phrases “message format” and “protocol extensions.”) 

Figure 1-23 RIPv1 Header and Route Entry 

Command (1) 

Address Family Identifier (2) 

IPv4 Address (4) 


Version (1) Must be Zero (2) 

Must be Zero (4) 

Must be Zero (4) 

Metric (4) 

Must be Zero (4)


Figure 1-24 RIPv2 Header and Route Entry 

Command (1) Version (1) Must be Zero (2) 

Address Family Identifier (2) 

IPv4 Address (4) 

Subnet Mask (4) 

Next Hop (4) 

Metric (4) 

Notice that authentication is not listed in any of the fields. Briefly explain how RIPv2 allows authentication 

of messages. 

From RFC 2453: 

Since authentication is a per message function, and since there is only one 2-octet field available in the 

message header, and since any reasonable authentication scheme will require more than two octets, the 

authentication scheme for RIP version 2 will use the space of an entire RIP entry. If the Address Family 

Identifier of the first (and only the first) entry in the message is 0xFFFF, then the remainder of the entry 

contains the authentication. This means that there can be, at most, 24 RIP entries in the remainder of the 

message. If authentication is not in use, then no entries in the message should have an Address Family 

Identifier of 0xFFFF. 

Briefly explain the use of the fields Route Tag and Next Hop. 

Route Tag (2) 

From RFC 2453: 

4.2 Route Tag 

The intended use of the Route Tag is to provide a method of separating “internal” RIP routes (routes for 

networks within the RIP routing domain) from “external” RIP routes, which may have been imported from 

an EGP or another IGP. 

4.4 Next Hop 

The immediate next hop IP address to which packets to the destination specified by this route entry should 

be forwarded. Specifying a value of 0.0.0.0 in this field indicates that routing should be via the originator 

of the RIP advertisement.

Lab Exercises 

Command Reference 

In the table that follows, record the command, including the correct router prompt, that fits the description. 

Command Description 

Router(conig)#ip classless Causes a classful routing protocol to evaluate all packets 

using the longest-match criterion. As a last resort, the 

router will use the default route rather than discard 

traffic bound for unknown subnets of a known classful 

network. 

Router(config)#ip subnet-zero Allows the use of the all-0 subnets; on by default in 

Cisco IOS Software Release 12.0 and later. 

Router(config)#router rip Turns off the RIP routing process. 

Router(config-router)#version 2 Turns on Version 2 of the routing process. 

Router(config-router)#network a.b.c.d Configures the network number of the directly connect 

ed classful network you want to advertise. 

Router(config-router)#no auto-summary RIPv2 summarizes networks at the classful boundary. 

This command turns off autosummarization. 

Router#debug ip rip Displays all RIP activity in real time. 

Router#show ip rip database Displays contents of the RIP database. 

Curriculum Lab 1-1: Calculating VLSM Subnets (1.1.4) 

Figure 1-25 Topology for Lab 1-1 

192.168.10.128/30 

Address Space 

192.168.10.0/24 

Perth 

KL 

Sydney 


28 Hosts 

192.168.10.64/27 

192.168.10.132/30 192.168.10.136/30 

Singapore 

60 Hosts 

12 Hosts 

12 Hosts 

192.168.10.0/26 192.168.10.96/28 192.168.10.112/28


Objective 

Use variable-length subnet masking (VLSM) to support more efficient use of the assigned IP address and 

to reduce the amount of routing information at the top level. 

The solution to this VLSM lab is provided in the steps themselves. Students should take the recommended 

subnetting in each step and build a diagram of the network, showing routers, LANs, and WAN links. Each 

LAN and WAN link should be labeled with the appropriate subnet address and slash number. A suggested 

diagram can be found at the end of this lab. 

Background/Preparation 

A Class C address of 192.168.10.0/24 has been allocated. 

Perth, Sydney, and Singapore have a WAN connection to Kuala Lumpur. The host requirements are 

as follows: 

■ Perth requires 60 hosts. 

■ Kuala Lumpur requires 28 hosts. 

■ Sydney and Singapore each require 12 hosts. 

To calculate VLSM subnets and the respective hosts, allocate the largest requirements first from the 

address range. Requirements levels should be listed from the largest to the smallest. 

In this example, Perth requires 60 hosts. Use 6 bits, because 2 6 – 2 = 62 usable host addresses. Thus, 

2 bits will be used from the fourth octet to represent the extended network prefix of /26, and the remaining 

6 bits will be used for host addresses. 

Task 1: Divide the Allocated Addresses into Four Equal-Sized 

Address Blocks 

Step 1. Divide the allocated address of 192.168.10.0/24 into four equal-sized address blocks. Because 

4 = 2 2 , 2 bits are required to identify each of the four subnets. 

Step 2. Take subnet 0 (192.168.10.0/26) and identify each of its hosts. Table 1-1 documents the allocated 

addresses, subnetworks, and usable hosts. 

Table 1-1 Usable Hosts for 192.168.10.0/24 

Allocated Address Subnetworks 62 Usable Hosts/Subnetworks (Subnet 0) 

192.168.10.0/24 192.168.10.0/26 192.168.10.0/26 (network address) 

Table 1-2 lists the range for the /26 mask. 

192.168.10.64/26 192.168.10.1/26 

192.168.10.128/26 192.168.10.2/26 

192.168.10.192/26 192.168.10.3/26 

through 

192.168.10.61/26 

192.168.10.62/26 

192.168.10.63/26 (broadcast address)

Table 1-2 IP Address Range for 192.168.10.0/26 

Perth Range of Addresses in the Last Octet 

192.168.10.0/26 From 0 to 63. Sixty hosts required. 

Hosts 0 and 63 cannot be used because they are the network and broadcast 

addresses for their subnet. 

Task 2: Allocate the Next Level After All the Requirements Are 

Met for the Higher Level(s) 

Kuala Lumpur requires 28 hosts. The next available address after 192.168.10.63/26 is 192.168.10.64/26. 

Note from Table 1-2 that this is subnet 1. Because 28 hosts are required, 2 5 – 2 = 30 usable network 

addresses. Thus, 5 bits will be required to represent the hosts, and 3 bits will be used to represent the 

extended network prefix of /27. Applying VLSM on address 192.168.10.64/27 gives the results in Table 1-3. 


Subnetwork 1 Sub-Subnetworks 30 Usable Hosts 

192.168.10.64/26 192.168.10.64/27 192.168.10.65/27 


192.168.10.96/27 192.168.10.66/27 

192.168.10.128/27 192.168.10.67/26 

192.168.10.192/27 through 


Kuala Lumpur Range of Addresses in the Last Octet 

192.168.10.64/27 (network address) 

192.168.10.93/27 

192.168.10.94/27 

192.168.10.95/27 (broadcast address) 

192.168.10.64/27 From 64 to 95. 28 hosts required. 

Hosts 64 and 95 cannot be used because they are the network and broadcast 

addresses for their subnet. Thirty usable addresses are available in this range for 

the hosts. 

Task 3: Allocate Address Space for Sydney 


Sydney and Singapore require 12 hosts each. The next available address starts from 192.168.10.96/27. 

Note from Table 1-2 that this is the next subnet available. Because 12 hosts are required, 2 4 – 2 = 14 

usable addresses. Thus, 4 bits are required to represent the hosts, and 4 bits are required for the extended 

network prefix of /28. Applying VLSM on address 192.168.10.96/27 gives the results in Table 1-5.



Subnetwork 2 Sub-Subnetworks 14 Usable Hosts 

192.168.10.96/27 192.168.10.96/28 192.168.10.96/28 (network address) 


192.168.10.112/28 192.168.10.97/28 

192.168.10.128/28 192.168.10.98/28 

192.168.10.224/28 192.168.10.99/28 

192.168.10.240/28 through 


Sydney Range of Addresses in the Last Octet 

192.168.10.109/28 

192.168.10.110/28 


192.168.10.96/28 From 96 to 111. Twelve hosts required. 

Hosts 96 and 111 cannot be used because they are network and broadcast 

addresses for their subnet. Fourteen usable addresses are available in this range 

for the hosts. 

Task 4: Allocate Address Space for Singapore 

Because Singapore also requires 12 hosts, the next set of host addresses in Table 1-7 can be derived from 

the next available subnet (192.168.10.112/28). 

Table 1-7 Singapore Host Addresses 

Sub-Subnetworks 14 Usable Hosts 

192.168.10.96/28 192.168.10.112/28 (network address) 

192.168.10.112/28 192.168.10.113/28 

192.168.10.128/28 192.168.10.114/28 

192.168.10.224/28 192.168.10.115/28 

through 

192.168.10.240/28 192.168.10.125/28 


192.168.10.126/28 

192.168.10.127/28 (broadcast address)


Singapore Range of Addresses in the Last Octet 

192.168.10.112/28 From 112 to 127. Twelve hosts required. 

Hosts 112 and 127 cannot be used because they are network and broadcast 

addresses for their subnet. Fourteen usable addresses are available in this 

range for the hosts. 

Task 5: Allocate Address Space for WAN Links 

Now allocate addresses for the WAN links. Remember that each WAN link requires two IP addresses. The 

next available subnet is 192.168.10.128/28. Because two network addresses are required for each WAN 

link, 2 2 – 2 = 2 usable addresses. Thus, 2 bits are required to represent the links, and 6 bits are required 

for the extended network prefix of /30. Applying VLSM on 192.168.10.128/28 gives the results in Table 1-9. 

Table 1-9 Usable Hosts After Applying VLSM on 192.168.10.112/28 

Sub-Subnetworks 14 Usable Hosts 


192.168.10.129/30 

192.168.10.130/30 



192.168.10.133/30 

192.168.10.134/30 



192.168.10.137/30 

192.168.10.138/30 



The available addresses for the WAN links can be taken from the available addresses in each of the /30 

subnets. 

Sometimes, a visual will help your students see how an address space can be used with VLSM. One visual 

I like to use is to represent the address space in a big, square box, as shown in Figure 1-25B.


Figure 1-25B VLSM Design Using a Visual 

This diagram illustrates how the 

Class C address was subnetted 

using VLSM. The network address 

and broadcast address for 

each subnet are shown in the 

corners of each box. 

0 

64 

/27 

95 

/26 

96 

112 

128 

/30 

131 

132 

/30 

135 

144 

First, draw a large box on the board. Label the top-left corner with the subnet address and the bottom-right 

corner with the broadcast address. For our beginning address space in this lab, the corners are .0 and .255, 

respectively. 

For the first VLSM step, we borrowed 2 bits. This can be represented visually by bisecting the box in half 

two times (for 2 bits). First, draw a horizontal line cutting the box in half. Then, draw a vertical line cutting 

the box into fourths. This visually represents to your students that we created four subnets. Now label 

each box’s top-left and bottom-right corners with the beginning and ending address in each of the subnets. 

So, the top-left box already has .0 but needs an address for the bottom left, which is the broadcast address 

for that subnet or .63. You can see from Figure 1-25B how the other four boxes are labeled. 

In the lab, we assigned the first box to Perth because 192.168.10.0/26 is enough address space for 

60 hosts. In our figure, we can label the box with “Perth LAN /26” so that we know that block of 

addresses has been assigned. 

/28 

/28 

63 

192 

Next, we need address space for the 28 hosts attached to Kuala Lumpur. So, we subnet the .64/26 address 

space borrowing 1 bit. In our visual, we draw a vertical line bisecting this block of addresses and label our 

corners. Then, we assign 192.168.10.64/27 to Kuala Lumpur’s LAN. 

Sydney and Singapore both need address space to support 12 hosts. Continuing contiguously through our 

address space, we borrow 1 bit from the 192.168.10.96/27 address space to make two subnets: 

192.168.10.96/28 and 192.168.10.112/28. In our visual, we draw a horizontal line to represent the borrowing 

of 1 bit and label each box with the name of the LAN assigned to that block of addresses. 

Our last step is to assign WAN links. We have the entire second half of the address space available represented 

by 192.168.10.128/25. For WAN links, we need only two hosts. Therefore, we can borrow 5 more 

bits from 192.168.10.128/25. In our visual, we represent the 5 bits borrowed by first drawing a horizontal 

line to bisect the 192.168.10.128/25 address space. Then, we draw a vertical line in the upper box to bisect 

the 192.168.10.128/26 address space. Then, we draw a third line to bisect the 192.168.10.128/27 address 

space. Finally, we draw a vertical line and a horizontal line to bisect the 192.168.10.128/28 address space 

into four subnets perfect for WAN links. 

111 

127 

136 

/30 

139 

140 

/30 

143 

159 

160 

191 

255

To finish our visual, we label all the corners and designate what the prefix is for each address space. These 

are our leftover, unused subnets. 

Remember, not every student will care for the visual way of representing VLSM. Many prefer to simply 

do it by hand. In addition, this visual method can be difficult with larger address spaces. Imagine trying to 

do this same exercise with a 10.0.0.0/8 address space and eight levels of subnetting. It would not be 

impossible, but it also would not be very effective. However, I have found that, for some students, the 

“light comes on” when I use a visual representation for VLSM. 

Curriculum Lab 1-2: Review of Basic Router Configuration 

with RIP (1.2.3) 


Straight-Through Cable 

Table 1-10 Lab Equipment Configuration 

Router Router Name Fast Ethernet 0 Address Interface Type Serial 0 Address 

Designation 

Router 1 GAD 172.16.0.1 DCE 172.17.0.1 

Router 2 BHM 172.18.0.1 DTE 172.17.0.2 

The enable secret password for both routers is class. 

The enable, VTY, and console password for both routers is cisco. 

The subnet mask for both interfaces on both routers is 255.255.0.0. 


Router 1 Router 2 

Rollover (Console) Cable 

Crossover Cable 

Serial Cable


Objectives 

■ Cable and configure workstations and routers. 

■ Set up an IP addressing scheme by using Class B networks. 

■ Configure RIP on routers. 


Cable a network that is similar to the one in Figure 1-26. You can use any router that meets the interface 

requirements in Figure 1-26 (that is, 800, 1600, 1700, 2500, and 2600 routers or a combination). Refer to 

the information in Appendix A, “Router Interface Summary Chart,” to correctly specify the interface identifiers 

based on the equipment in your lab. The 1721 series routers produced the configuration output in 

this lab. Another router might produce slightly different output. You should execute the following steps on 

each router unless you are specifically instructed otherwise. 

Implement the procedure documented in Appendix C, “Erasing and Reloading the Router,” before you 

continue with this lab. 

General Configuration Tips 

■ Use the question mark (?) and arrow keys to help to enter commands. 

■ Each command mode restricts the set of available commands. If you have difficulty entering a command, 

check the prompt and then enter ? for a list of available commands. The problem might be a 

wrong command mode or wrong syntax. 

■ To disable a feature, enter the keyword no before the command; for example, no ip routing. 

■ Save the configuration changes to nonvolatile RAM (NVRAM) so that the changes are not lost if there 

is a system reload or power outage. 

Table 1-11 lists the router command modes for this and other labs in the chapter. 

Table 1-11 Router Command Modes 

Command Mode Access Method Router Prompt Exit Method 

Displayed 

User EXEC Log in. Router> Use the logout command. 

Privileged EXEC From user EXEC Router# To exit to user EXEC mode, 

mode, enter the use the disable, exit, or 

enable command. logout command. 

Global From privileged EXEC Router(config)# To exit to privileged EXEC 

configuration mode, enter the mode, use the exit or end 

configure terminal command, or press Ctrl-Z. 

command. 

Interface From global Router(config-if)# To exit to global configuraconfiguration 

configuration mode, tion mode, use the exit 

enter the interface command. 

type number command, 

such as interface serial 0.

Task 1: Basic Router Configuration 

Connect one end of a rollover cable to the console port on the router and connect the other end to the PC 

with a DB-9 or DB-25 adapter to a COM port. You should do this prior to powering on any devices. 

Task 2: Start the HyperTerminal Program 

Step 1. Turn on the computer and router. 

Step 2. From the Windows taskbar, locate the HyperTerminal program by choosing Start > Programs 

> Accessories > Communications > HyperTerminal. 

Task 3: Name the HyperTerminal Session 

In the Connection Description dialog box, enter a name in the Name field and click OK (see Figure 1-27). 

Figure 1-27 HyperTerminal Connection Description Dialog Box 


Task 4: Specify the Computer’s Connecting Interface 

In the Connect To dialog box, select COM1 from the Connect Using drop-down list and click OK (see 

Figure 1-28).


Figure 1-28 HyperTerminal Connect To Dialog Box 

Task 5: Specify the Interface Connection Properties 

Step 1. In the COM1 Properties dialog box, use the drop-down arrows to select the following (see 

Figure 1-29): 

Bits per second = 9600 

Data bits = 8 

Parity = None 

Stop bits = 1 

Flow control = None 

Step 2. Click OK.

Figure 1-29 HyperTerminal Interface Connection Property Settings 

Step 3. When the HyperTerminal session window opens (see Figure 1-30), turn on the router. If the 

router is already on, press the Enter key. The router should respond. 

Figure 1-30 HyperTerminal Session Window 

If the router responds, the connection has been successfully completed. 



Task 6: Close the Session 

Step 1. To end the console session from a HyperTerminal session, choose File > Exit. 

Step 2. When the HyperTerminal disconnect warning dialog box appears, click Yes (see Figure 1-31). 

Figure 1-31 Closing a HyperTerminal Session 

Step 3. The computer asks if you want to save the session (see Figure 1-32). Click Yes. 

Figure 1-32 Saving a HyperTerminal Session 

Task 7: Reopen the HyperTerminal Connection 

Step 1. In the Connection Description dialog box (refer to Figure 1-27), click Cancel. 

Step 2. To open the saved console session from HyperTerminal, choose File > Open. The saved session 

will appear. By double-clicking on the name, the connection opens without reconfiguring 

it each time.

Task 8: Configure Hostname and Passwords on Router GAD 

Enter enable at the user mode prompt and enter the rest of the commands in the following code. 

Router>enable 

Router#configure terminal 

Router(config)#hostname GAD 

GAD(config)#enable password cisco 

GAD(config)#enable secret class 

GAD(config)#line console 0 

GAD(config-line)#password cisco 

GAD(config-line)#login 

GAD(config-line)#line vty 0 4 



GAD(config-line)#exit 

GAD(config)# 

Task 9: Configure Interface Serial 0 on Router GAD 

From global configuration mode, configure interface serial 0 (refer to Appendix A) on router GAD. 

GAD(config)#interface serial 0 

GAD(config-if)#ip address 172.17.0.1 255.255.0.0 

GAD(config-if)#clock rate 64000 

GAD(config-if)#no shutdown 

GAD(config-if)#exit 

Task 10: Configure the Fast Ethernet 0 Interface on Router GAD 

GAD(config)#interface fastethernet 0 




Task 11: Configure the IP Host Statements on Router GAD 

GAD(config)#ip host BMH 172.18.0.1 172.17.0.1 



Task 12: Configure RIP Routing on Router GAD 

GAD(config)#router rip 

GAD(config-router)#network 172.16.0.0 


GAD(config-router)#exit 

GAD(config)#exit 

Task 13: Save the GAD Router Configuration 

GAD#copy running-config startup-config 

Destination filename [startup-config]?[Enter] 

Task 14: Configure Hostname and Passwords on Router BHM 

Enter enable at the user mode prompt and enter the rest of the commands in the following code. 

Router>enable 


Router(config)#hostname BHM 

BHM(config)#enable password cisco 

BHM(config)#enable secret class 

BHM(config)#line console 0 

BHM(config-line)#password cisco 

BHM(config-line)#login 

BHM(config-line)#line vty 0 4 



BHM(config-line)#exit 

BHM(config)# 

Task 15: Configure Interface Serial 0 on Router BHM 

From global configuration mode, configure interface serial 0 (refer to Appendix A) on router BHM. 

BHM(config)#interface serial 0 

BHM(config-if)#ip address 172.17.0.2 255.255.0.0 

BHM(config-if)#no shutdown 

BHM(config-if)#exit 

Task 16: Configure the Fast Ethernet 0 Interface on Router BHM 

BHM(config)#interface fastethernet 0 



BHM(config-if)#exit

Task 17: Configure the IP Host Statements on Router BHM 

BHM(config)#ip host GAD 172.16.0.1 172.17.0.1 

Task 18: Configure RIP Routing on Router BHM 

BHM(config)#router rip 

BHM(config-router)#network 172.18.0.0 


BHM(config-router)#exit 

BHM(config)#exit 

Task 19: Save the BHM Router Configuration 

BHM# copy running-config startup-config 


Task 20: Configure the Hosts 

Using the following information, configure the hosts with the proper IP address, subnet mask, and default 

gateway: 

Host connected to router GAD 

IP address: 172.16.0.2 

Subnet mask: 255.255.0.0 

Default gateway: 172.16.0.1 

Host connected to router BHM 

IP address: 172.18.0.2 




Task 21: Verify the Internetwork Is Functioning by Pinging the 

Fast Ethernet Interface of the Other Router 

Step 1. From the host that is attached to GAD, ping the BHM router Fast Ethernet interface. Was the 

ping successful? Yes 

Step 2. From the host that is attached to BHM, ping the GAD router Fast Ethernet interface. Was the 

ping successful? Yes 

Step 3. If the answer is no for either question, troubleshoot the router configurations to find the error. 

Then, do the pings again until the answer to both questions is yes. Finally, ping all interfaces in 

the network.


Task 22: Show the Routing Tables for Each Router 

Step 1. From enable (privileged EXEC) mode, examine the routing table entries by using the show ip 

route command on each router. 

GAD#show ip route 

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B – BGP 

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP 

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate 

default 

route 

U - per-user static route, o - ODR, P - periodic downloaded static 

T - traffic engineered route 

Gateway of last resort is not set 

C 172.17.0.0/16 is directly connected, Serial0 

C 172.16.0.0/16 is directly connected, FastEthernet0 

R 172.18.0.0/16 [120/1] via 172.17.0.2, Serial0 

BHM#show ip route 





i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter 

area * - candidate default, U - per-user static route, o - ODR 

P - periodic downloaded static route 



R 172.16.0.0/16 [120/1] via 172.17.0.1, 00:00:27, Serial0 


What are the entries in the GAD routing table? 

Networks 172.17.0.0/16 and 172.16.0.0/16 are directly connected and network 172.18.0.0/16 

was learned through RIP from next hop 172.17.0.2 through local interface serial 0. 

What are the entries in the BHM routing table? 

Networks 172.17.0.0/16 and 172.18.0.0/16 are directly connected and network 172.16.0.0/16 

was learned through RIP from next hop 172.17.0.1 through local interface serial 0. 

Step 2. Upon completion of the previous step, log off (by typing exit) and turn the router off. Then, 

remove and store the cables and adapter.

Curriculum Lab 1-3: Converting RIPv1 to RIPv2 (1.2.4) 




Designation 

Router 1 GAD 172.16.0.1 DCE 172.17.0.1 

Router 2 BHM 172.18.0.1 DTE 172.17.0.2 




Objectives 

■ Configure RIP Version 1 on routers. 

■ Convert to RIP Version 2 on routers. 







Serial Cable 

Cable a network similar to the one in Figure 1-33. You can use any router that meets the interface requirements 

in Figure 1-33 (that is, 800, 1600, 1700, 2500, and 2600 routers or a combination). Refer to the 

information in Appendix A to correctly specify the interface identifiers based on the equipment in your lab. 

The 1721 series routers produced the configuration output in this lab. Another router might produce slightly 

different output. You should execute the following steps on each router unless you are specifically 

instructed otherwise.


Start a HyperTerminal session. 

Implement the procedure documented in Appendix C on all routers before you continue with this lab. 

Task 1: Configure the Routers 

On the routers, configure the hostnames, console, virtual terminal, and enable passwords. Next, configure 

the serial (IP address and clock rate) and Fast Ethernet (IP address) interfaces. Finally, configure IP hostnames. 

If you have problems performing the basic configuration, refer to Lab 1-2, “Review of Basic 

Router Configuration with RIP.” You can also configure optional interface descriptions and message of the 

day banners. Be sure to save the configurations you just created. 

Router 1 

Router>enable 


Router(config)#hostname GAD 

GAD(config)#enable secret class 

GAD(config)#line console 0 



GAD(config-line)#line vty 0 4 



GAD(config-line)#exit 



GAD(config-if)#clock rate 64000 



GAD(config)#interface Fastethernet 0 




GAD(config)#ip host BMH 172.18.0.1 172.17.0.2 

Router 2 

Router>enable 


Router(config)#hostname BHM 

BHM(config)#enable secret class 

BHM(config)#line console 0 



BHM(config-line)#line vty 0 4 



BHM(config-line)#exit





BHM(config)#interface Fastethernet 0 




BHM(config)#ip host GAD 172.16.0.1 172.17.0.1 

Task 2: Configure the Routing Protocol on Router GAD 

Go to the proper command mode and configure RIP routing on the GAD router according to Table 1-12. 







Any time that changes are correctly made to the running configuration, you should save them to the startup 

configuration. Otherwise, if the router is reloaded or power cycled, the changes that are not in the startup 

configuration are lost. 

GAD#copy running-config startup-config 


Task 4: Configure the Routing Protocol on Router BHM 

Go to the proper command mode and configure RIP routing on the BHM router according to Table 1-12. 







BHM#copy running-config startup-config 





Configure the hosts with proper IP addresses, subnet masks, and default gateways. Document your choices 

here: 


IP address: 172.16.0.2 




IP address: 172.18.0.2 



Task 7: Verify that the Internetwork Is Functioning 

Step 1. From each router, ping the other router’s Fast Ethernet interface. 

Step 2. From the host that is attached to GAD, ping the other host that is attached to the BHM router. 

Was the ping successful? Yes 

Step 3. From the host that is attached to BHM, ping the other host that is attached to the GAD router. 



Then, do the pings again until the answer to both questions is yes. 

Task 8: Enable RIPv2 Routing 

Enable version 2 of the RIP routing protocol on both the GAD and BHM routers. 


GAD(config-router)#version 2 




BHM(config-router)#version 2 



Task 9: Ping All Interfaces on the Network from Each Host 

Step 1. Could you still ping all of the interfaces on the network from each host? Yes 

Step 2. If not, troubleshoot the network and ping again. 

Step 3. Upon completion of the previous steps, log off (by typing exit) and turn the router off. Then, 


Curriculum Lab 1-4: Verifying RIPv2 Configuration (1.2.5) 




Designation 

Router 1 GAD 172.16.0.1 DCE 172.17.1.1 

Router 2 BHM 172.18.0.1 DTE 172.17.1.2 




Objectives 


■ Configure RIPv1 and RIPv2 on routers. 

■ Use show commands to verify RIPv2 operation. 





Serial Cable 




the information in Appendix A to correctly specify the interface identifiers based on the equipment in your 

lab. The 1721 series routers produced the configuration output in this lab. Another router might produce 

slightly different output. You should execute the following steps on each router unless you are specifically 

instructed otherwise. 


Implement the procedure documented in Appendix C on all routers before continuing with this lab.








Task 2: Configure the Routing Protocol on Router Gadsden 

Go to the correct command mode and configure RIP routing on the GAD router according to Table 1-13. 






Task 3: Save the Gadsden Router Configuration 

Any time that changes are correctly made to the running configuration, you should save them to the startup 

configuration. Otherwise, if you reload or power cycle the router, you will lose the changes that are not in 

the startup configuration. 


Go to the correct command mode and configure RIP routing on the BHM router according to Table 1-13. 







Enter the command copy run start to save the current running configuration to NVRAM. 



here: 


IP address: 172.16.0.2 




IP address: 172.18.0.2 


Default gateway: 172.18.0.1

Task 7: Verify that the Internetwork Is Functioning 








Task 8: Show the Routing Tables for Each Router 

From enable (privileged EXEC) mode, examine the routing table entries by using the show ip route command 

on each router. 






i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default 

U - per-user static route, o - ODR, P - periodic downloaded static route 





R 172.18.0.0/16 [120/1] via 172.17.1.2, Serial0 






i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area 

* - candidate default, U - per-user static route, o - ODR 





R 172.16.0.0/16 [120/1] via 172.17.1.1, 00:00:27, Serial0 

What are the entries in the GAD routing table? 



R 172.18.0.0/16 [120/1] via 172.17.1.2, Serial0 



What are the entries in the BHM routing table? 



R 172.16.0.0/16 [120/1] via 172.17.1.1, 00:00:27, Serial0 

Task 9: Enable RIPv2 Routing 

Enable Version 2 of the RIP routing protocol on the GAD and BHM routers. 









Task 10: Show the Routing Tables 

Show the routing tables on both routers again. 












R 172.18.0.0/16 [120/1] via 172.17.1.2, Serial0 












R 172.16.0.0/16 [120/1] via 172.17.1.1, 00:00:45, Serial0

Have they changed now that RIPv2 is being used instead of RIPv1? No 

What is the difference between RIPv2 and RIPv1? 

RIPv2 supports VLSM and RIPv1 does not. 

What must you do to see a difference between RIPv2 and RIPv1? 

Change the subnet mask of the interfaces. 

Task 11: Change the Fast Ethernet IP Subnet Mask on Router GAD 

Change the subnet mask on router GAD from a Class B (255.255.0.0) to a Class C (255.255.255.0). Use 

the same IP address. 

GAD(config)#interface fastethernet 0 



How does this change affect the address for the Fast Ethernet interface? 

The IP address of the interface remains the same, but it belongs to a smaller subnet. 

Task 12: Show the GAD Routing Table 

Show the GAD routing table. 











172.16.0.0/24 is subnetted, 1 subnets 

C 172.16.0.0 is directly connected, FastEthernet0 

R 172.18.0.0/16 [120/1] via 172.17.1.2, Serial0 

Has the output changed now that you have added a subnetted IP address? Yes 

How has it changed? 

There is a new route to the subnet 172.16.0.0/24. 

Task 13: Show the BHM Routing Table 

Show the BHM routing table. 






E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP







R 172.16.0.0/16 [120/1] via 172.17.1.1, 00:00:24, Serial0 




Task 14: Change the Network Addressing Scheme 

Change the addressing scheme of the network to a single Class B network with a Class C subnet (8 bits of 

subnetting). 

On the BHM router: 




BHM(config)#interface fastethernet 0 





BHM(config-router)#no network 172.18.0.0 

BHM(config-router)#no network 172.17.0.0 




On the GAD router: 





GAD(config-router)#no network 172.17.0.0 



Task 15: Show the Routing Table for Router GAD 






E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP







C 172.16.1.0 is directly connected, Serial0 

R 172.16.3.0 [120/1] via 172.16.1.2, Serial0 


How has it changed? 

There are three subnets, two of which are directly connected, and the other subnet, 172.16.3.0, is learned 

through RIP via interface serial 0. 

Task 16: Show the Routing Table for Router BHM 

Show the BHM routing table. 











R 172.16.0.0 [120/1] via 172.16.1.1, 00:00:05, Serial0 




Task 17: Change the Host Configurations 

Change the host configuration to reflect the new IP addressing scheme of the network. 


IP address: 172.16.0.2 

Subnet mask: 255.255.255.0 



IP address: 172.16.3.2 

Subnet mask: 255.255.255.0 




Task 18: Ping All Interfaces on the Network from Each Host 

Step 1. Could you still ping all of the interfaces on the network from each host? Yes 

Step 2. If not, troubleshoot the network and ping again. 

Task 19: Use show ip route to See Different Routes by Type 

Step 1. Enter show ip route connected on the GAD router. 

What networks are displayed? 




What interface is directly connected? 

C 172.16.0.0 is directly connected, Ethernet0 


Step 2. Enter show ip route rip. 


R 172.16.3.0 [120/1] via 172.16.1.2, Serial0 

Step 3. List the routes in the routing table. 

R 172.16.3.0 [120/1] via 172.16.1.2, Serial0 

What is the administrative distance? 120 

Step 4. Enter show ip route connected on the BHM router. 

What networks are displayed? 




What interface is directly connected? 



Step 5. Enter show ip route rip. 

Step 6. List the routes in the routing table 


R 172.16.0.0 [120/1] via 172.16.1.1, 00:00:15, Serial0 

Task 20: Use the show ip protocol Command 

Enter the show ip protocol command on the GAD router. 

Routing Protocol is “rip” 

Sending updates every 30 seconds, next due in 1 seconds 

Invalid after 180 seconds, hold down 180, flushed after 240 

Outgoing update filter list for all interfaces is 

Incoming update filter list for all interfaces is

Redistributing: rip 

Default version control: send version 2, receive version 2 

Interface Send Recv Triggered RIP Key-chain 

FastEthernet0 2 2 

Serial0 2 2 

Routing for Networks: 

172.16.0.0 

Routing Information Sources: 

Gateway Distance Last Update 

172.17.1.2 120 00:13:21 

172.16.1.2 120 00:00:24 

172.17.0.2 120 00:35:08 

Distance: (default is 120) 

When will the routes be flushed? 240 seconds 

What is the default distance listed for RIP? 120 

Task 21: Remove the Version 2 Option for RIP 

Remove the version 2 option on the RIP configuration for both routers. 


GAD(config-router)#no version 2 



BHM(config-router)#no version 2 


Task 22: Show the Routing Table for Router GAD 














R 172.16.3.0 [120/1] via 172.16.1.2, Serial0 

Has the output changed now that RIPv2 has been removed? No 



Task 23: Show the Routing Table for Router BHM 

Step 1. Show the BHM routing table. 



area 









R 172.16.0.0 [120/1] via 172.16.1.1, 00:00:01, Serial0 



Has the output changed now that RIPv2 has been removed? No 

Step 2. Upon completion of the previous step, log off (by typing exit) and turn the router off. Then, 

remove and store the cables and adapter. 

Curriculum Lab 1-5: Troubleshooting RIPv2 Using debug 

(1.2.6) 




Router Designation Router Name Fast Ethernet 0 Address Interface Type 

Serial 0 Address 

Router 1 GAD 172.16.0.1 DCE 172.17.1.1 

Router 2 BHM 172.18.0.1 DTE 172.17.1.2 





Serial Cable



Objectives 

■ Configure RIP Version 2 on both routers. 

■ Use debug commands to verify proper RIP operation and analyze data that is transmitted between 

routers. 
















Task 2: Configure the Routing Protocol on Router GAD 

Go to the proper command mode and configure RIP routing on the GAD router according to Table 1-14. 



Anytime that changes are correctly made to the running configuration, you should save them to the startup 

configuration. Otherwise, if you reload or power cycle the router, you will lose the changes that are not in 

the startup configuration. 


Go to the proper command mode and configure RIP routing on the BHM router according to Table 1-14.



Enter the command copy run start to save the current running configuration to NVRAM. 



here: 


IP address: 172.16.0.2 




IP address: 172.18.0.2 



Task 7: Verify the Internetwork Is Functioning 








Task 8: Show the debug ip Command Options 

At the privileged EXEC mode prompt, type debug ip ?. 

cache IP cache operations 

dhcp Dynamic Host Configuration Protocol 

eigrp IP-EIGRP information 

error IP error debugging 

ftp FTP dialogue 

html HTML connections 

http HTTP connections 

icmp ICMP transactions 

igrp IGRP information 

interface IP interface configuration changes 

mpacket IP multicast packet debugging 

nat NAT events 

ospf OSPF information 

packet General IP debugging and IPSO security transactions 

peer IP peer address activity

policy Policy routing 

rip RIP protocol transactions 

routing Routing table events 

rtp RTP information 

security IP security options 

socket Socket event 

tcp TCP information 

tempacl IP temporary ACL 

udp UDP based transactions 

Which routing protocols have debug commands? 

EIGRP, IGRP, OSPF, and RIP have debug commands. 

Task 9: Show the debug ip rip Command Options 

At the privileged EXEC mode prompt, type debug ip rip ?. 

database RIP database events 

events RIP protocol events 

trigger RIP trigger extension 

How many options are available for debug ip rip ? 3 

Task 10: Show the RIP Routing Updates 

Step 1. From enable (privileged EXEC) mode, examine the routing table entries by using the debug ip 

rip command on each router. 

What three operations that take place are listed in the RIP debug statements? 

Receive routing update, Send an update, and Build update entries are listed. 

Step 2. Turn off debugging by typing either no debug ip rip or undebug all. 

Task 11: Enable RIPv2 Routing on Router GAD Only 

Enable version 2 of the RIP routing protocol on the GAD router only. 



Task 12: Restart the Debug Function on Router GAD 

Does a problem occur now that RIPv2 is configured on the GAD router? Yes 

If so, what is the problem? 

It does not accept updates from BHM because of the version difference. 

RIP: ignored v1 packet from 172.17.1.2 (illegal version) 



Task 13: Clear the Routing Table 

Step 1. Instead of waiting for the routes to time out, type clear ip route *. Then type show ip route. 

What has happened to the routing table? 

The route to 172.18.0.1 is no longer there. 


Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP 





area 





C 172.16.0.0/16 is directly connected, FastEthernet0/0 

Will the routing table be updated to include RIP routes if the debug output says the update is 

ignored? No 


Task 14: Start the Debug RIP Function 

Start the debug RIP function on the BHM router again by typing debug ip rip. 

Does a problem occur now that the GAD router is configured with RIPv2? No 

If so, what is the problem? 

There is no problem on BHM because RIPv1 is accepting the RIPv2 updates from GAD. 

RIP: received v2 update from 172.17.1.1 on Serial0 

172.16.0.0/16 via 0.0.0.0 in 1 hops 

Task 15: Clear the Routing Table 

Step 1. Instead of waiting for the routes to time out, type clear ip route *. Then type show ip route. 

What has happened to the routing table? 

Nothing, all routes are still there. 



area 









R 172.16.0.0/16 [120/1] via 172.17.1.1, 00:00:20, Serial0 

C 172.18.0.0/16 is directly connected, FastEthernet0/0

Will the routing table be updated to include RIP routes if the update is from RIPv2? Yes 


Task 16: Enable RIPv2 Routing on Router BHM 

Enable RIPv2 on the BHM router. 



Task 17: Use the Debug Function to See Packet Traffic on a 

Router 

Use the debug function to see packet traffic on the BHM router by typing debug ip packet at the privileged 

EXEC mode prompt. 

When a RIP update is sent, how many source addresses are used? 2 

Why are multiple source addresses used? 

One is used for each network the router will send and receive updates with. 

What is the source address that is used? 

172.16.0.1 and 172.17.1.1 

Why is this address used? 

It is the originating interface from which the packet is sent. 

Task 18: Start the debug ip rip database Function on Router BHM 

Step 1. Start the RIP database debugging by typing debug ip rip database. Then, clear the routing 

table by typing clear ip route *. 

Are the old routes in the table deleted? Yes 

Are new routes added back into the table? Yes 

What does the last entry in the debug output say? 

RIP-DB: adding 172.16.0.0/16 (metric 1) via 172.17.1.1 on Serial0 to RIP database. 


Task 19: Use the Debug Function to See Routing Updates 

Step 1. Use the debug function to see routing updates by typing debug ip rip events in privileged 

EXEC mode on the BHM router. 

What interfaces are the routing updates sent on? 

Fast Ethernet 0/0 and serial 0. 

How many routes are in the routing updates that are being sent? 2 


Step 2. Upon completion of the previous steps, log off (by typing exit) and turn the router off. Then, 



Comprehensive Lab 1-6: Default Routing and RIPv2 

Figure 1-36 Default Routing and RIPv2 Topology 

192.168.1.128/26 

Address Space 

192.168.1.0/24 

S0/0 

DCE 

Table 1-15 Addressing Scheme 

192.168.1.0/26 

S0/0 

Fa0/0 

RTA 

RIPv2 

Fa0/0 Fa0/0 

RTC 

S0/1 

192.168.1.248/30 S0/0 

DCE 

RTB 

Device Interface IP Address Subnet Mask 

S0/1 

DCE 

192.168.1.252/30 192.168.1.244/30 

ISP S0/0 209.165.201.1 255.255.255.252 

Lo0/0 209.165.202.129 255.255.255.252 

RTA Fa0/0 192.168.1.1 255.255.255.192 

S1/0 209.165.201.2 255.255.255.252 

S0/1 192.168.1.245 255.255.255.252 

S0/0 192.168.1.254 255.255.255.252 

RTB S0/1 192.168.1.246 255.255.255.192 

Fa0/0 192.168.1.65 255.255.255.192 

S0/0 192.168.1.249 255.255.255.252 

RTC S0/1 192.168.1.250 255.255.255.252 

S1/0 

209.165.201.2/30 

209.165.201.1/30 

S0/0 

DCE 

Fa0/0 192.168.1.129 255.255.255.192 

S0/0 192.168.1.253 255.255.255.252 

S0/1 

192.168.1.64/26 

ISP 

Public Web Server 

209.165.202.129/32

Objectives 

■ Review basic router configurations. 

■ Configure RIPv2. 

■ Configure static and default routing. 

■ Verify connectivity and troubleshoot problems. 

Equipment 

The topology shown in Figure 1-36 is using 2600 series routers. This lab can be done with any combination 

of 1700, 2500, and 2600 series routers. If a router with three serial interfaces is not available, you can 

use a router with two Ethernet interfaces and attach the ISP router through the Ethernet interfaces. If a 

router with four interfaces is not available, you can simulate the LAN off of RTA with a loopback instead 

of using the Ethernet interface. 

NetLab Compatibility Notes 

Most of this lab can be completed on a standard NetLab three router pod. To simulate the ISP connection, 

simply configure a loopback address. However, you will not be able to test connectivity to the Public Web 

Server. 

Task 1: Cable the Topology and Basic Configurations 

Step 1. Cable the topology as shown in Figure 1-36. If DCE/DTE connections and interfaces are different 

from those shown in Figure 1-36 and Table 1-15, relabel the figure to match your connections. 

Step 2. Configure the routers with basic router configurations, including: 

■ Hostnames and host tables 

■ Enable secret password and MOTD banner 

■ Line configurations 

■ IOS-specific commands (e.g. ip subnet-zero with IOS versions prior to 12) 

Router(config)#hostname RTA 

RTA(config)#ip subnet-zero 

RTA(config)#no ip domain-lookup 

RTA(config)#ip host WEB 209.165.202.129 

RTA(config)#ip host ISP 209.165.201.1 

RTA(config)#ip host RTC 192.168.1.253 192.168.1.254 

RTA(config)#ip host RTB 192.168.1.246 192.168.1.249 

RTA(config)#banner motd & 

*********************************** 

!!!AUTHORIZED ACCESS ONLY!!! 

*********************************** 

& 

RTA(config)#line con 0 

RTA(config-line)#exec-timeout 30 0 

RTA(config-line)#password cisco 

RTA(config-line)#logging synchronous 

RTA(config-line)#login 

RTA(config-line)#ine aux 0 







RTA(config-line)#line vty 0 4 





RTA(config-line)#end 

RTA#copy run start 

Task 2: Configure Interfaces and Enable RIPv2 

Step 1. Use Table 1-15 and the topology shown in Figure 1-37 to configure each router with the correct 

interface addresses. 

RTA(config)#interface FastEthernet0/0 

RTA(config-if)#description Link to RTA LAN 

RTA(config-if)#ip address 192.168.1.1 255.255.255.192 

RTA(config-if)#no shutdown 

RTA(config-if)#interface Serial0/0 

RTA(config-if)#description Link to RTC 




RTA(config-if)#description Link to RTB 


RTA(config-if)#clockrate 64000 


RTA(config)#interface Serial1/0 

RTA(config-if)#description Link to ISP 



Step 2. If you are not using a router with four interfaces for RTA, you need to simulate ISP. To simulate 

an ISP connection, use the following configuration on RTA: 

RTA(config)#interface Loopback0 

RTA(config-if)#description Simulated Link to ISP 


Step 3. Configuring RIPv2 requires adding the version 2 command after entering RIP routing configuration 

mode. With RIPv2, auto-summary is enabled by default, so you need to add the no 

auto-summary command. All connected networks participating in RIP are defined with the 

network command in the form of classful networks. In this case, you only need to add the 

192.168.1.0 network. Do not configure the ISP link as part of RIP. 

RTA(config)#router rip 

RTA(config-router)#version 2 

RTA(config-router)#network 192.168.1.0 

RTA(config-router)#no auto-summary

Task 3: Verify Connectivity 

Step 1. You should now have full connectivity between RTA, RTB, and RTC. Issue the show ip route 

command to verify full convergence. 

Routing table on RTA: 

RTA#show ip route 






area 





C 209.165.201.0 is directly connected, Serial1/0 

192.168.1.0/24 is variably subnetted, 6 subnets, 2 masks 

R 192.168.1.64/26 [120/1] via 192.168.1.246, 00:00:25, Serial0/1 


R 192.168.1.248/30 [120/1] via 192.168.1.246, 00:00:25, Serial0/1 

[120/1] via 192.168.1.253, 00:00:04, Serial0/0 

C 192.168.1.252/30 is directly connected, Serial0/0 


R 192.168.1.128/26 [120/1] via 192.168.1.253, 00:00:06, Serial0/0 

Step 2. Notice that RTA has four connected routes (including the connected route to ISP) and three 

RIP routes. RTB and RTC should both have three connected routes and three RIP routes. 

Step 3. Pings sourced from any router to a LAN interface on another router should succeed. Make sure 

each router can ping the LAN interfaces of the other two routers. RTA pings to RTB and RTC 

LAN interfaces are shown here: 

RTA#ping 192.168.1.65 


Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 192.168.1.65, timeout is 2 seconds: 

!!!!! 

Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms 

RTA#ping 192.168.1.129 



!!!!! 

Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms


Task 4: Add ISP Router 

Step 1. If you are not simulating the ISP router, configure ISP with the following script: 

Router(config)#hostname ISP 

ISP(config)#enable secret class 

ISP(config)#no ip domain-lookup 

ISP(config)#ip host RTA 209.165.201.1 

ISP(config)#interface Loopback0 

ISP(config-if)#description Public Web Server 

ISP(config-if)#ip address 209.165.202.129 255.255.255.255 

ISP(config-if)#interface Serial0 

ISP(config-if)#description Link to RTA 


ISP(config-if)#clockrate 64000 

ISP(config-if)#no shutdown 

ISP(config-if)#exit 

ISP(config)#banner motd & 

*********************************** 


*********************************** 

& 

ISP(config)#line con 0 

ISP(config-line)#exec-timeout 30 0 

ISP(config-line)#password cisco 

ISP(config-line)#logging synchronous 

ISP(config-line)#login 

ISP(config-line)#line aux 0 





ISP(config-line)#line vty 0 4 





ISP(config-line)#end 

ISP#copy run start 

Step 2. Verify that ISP can now ping the 209.165.201.2 interface on RTA. 

ISP#ping RTA 



!!!!! 


RTA will not be able to ping the Public Web Server and ISP will not be able to ping beyond the 

209.165.201.2 interface of RTA. Why? 

The routing table on ISP shows only two directly connected networks. ISP can ping RTA 

directly because ISP has a route to the 209.165.201.0/30 network in its routing table. RTA can 

reply for the same reason. But RTA does not have a route to host 209.165.202.129/32, nor does

RTA have a default route. ISP cannot ping any of the addresses inside the 192.168.1.0/24 

address space because it does not have a route. RTA needs a default route pointing to ISP, and 

ISP needs a static route pointing to the 192.168.1.0/24 address space. 

Task 5: Configure Static and Default Routing 

Step 1. For ISP to be able to send Echo replies back to hosts belonging to the 192.168.1.0/24 address 

space, it must have a route. Use the following command on ISP to configure a static route 

pointing to the 192.168.1.0/24 address space: 


Step 2. Now ISP can route back to any host belonging to 192.168.1.0/24. However, RTA, RTB, and 

RTC do not yet have a route for any address space other than 192.168.1.0/24. Because ISP represents 

the connection to the rest of the world, you need to configure default routing. A router 

without a more specific route in the routing table will send traffic to the default route. Use the 

following command on RTA to configure a default route: 


Step 3. If you are simulating ISP, use the following command to configure a default route: 

RTA(config)#ip route 0.0.0.0 0.0.0.0 Loopback0 

Step 4. Now RTA should be able to ping the Public Web Server. However, RTB and RTC still cannot 

ping outside the 192.168.1.0/24 address space. The reason is that RTA does not advertise the 

default route unless specifically configured to do so. Use the following command with RIP to 

propagate a default route to RTB and RTC in the RIP updates: 

RTA(config)#router rip 

RTA(config-router)#default-information originate 

Note: With RIP routing, depending on the platform and IOS version, you may need to reload the router that is propagating 

the default route before the default route will be sent in routing updates. 

Task 6: Verify Connectivity and Capture Scripts 


Step 1. Verify that all routers now have a default route and can ping the Public Web Server. 

Note: If you are simulating ISP, test by pinging the loopback interface, 209.165.201.2 on RTA. 

RTA>show ip route 






area 



Gateway of last resort is 209.165.201.1 to network 0.0.0.0 



192.168.1.0/24 is variably subnetted, 6 subnets, 2 masks


R 192.168.1.64/26 [120/1] via 192.168.1.246, 00:00:15, Serial0/1 


R 192.168.1.248/30 [120/1] via 192.168.1.253, 00:00:15, Serial0/0 

[120/1] via 192.168.1.246, 00:00:15, Serial0/1 



R 192.168.1.128/26 [120/1] via 192.168.1.253, 00:00:16, Serial0/0 

S* 0.0.0.0/0 [1/0] via 209.165.201.1 

RTA>ping WEB 



!!!!! 


RTB>show ip route 






area 






R 192.168.1.0/26 [120/1] via 192.168.1.245, 00:00:13, Serial0/1 


R 192.168.1.252/30 [120/1] via 192.168.1.250, 00:00:04, Serial0/0 

[120/1] via 192.168.1.245, 00:00:13, Serial0/1 


R 192.168.1.128/26 [120/1] via 192.168.1.250, 00:00:04, Serial0/0 

R* 0.0.0.0/0 [120/1] via 192.168.1.245, 00:00:13, Serial0/1 

RTB>ping WEB 



!!!!! 


RTC>show ip route 



N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

area 







R 192.168.1.64/26 [120/1] via 192.168.1.249, 00:00:24, Serial0/1 

R 192.168.1.0/26 [120/1] via 192.168.1.254, 00:00:04, Serial0/0 



R 192.168.1.244/30 [120/1] via 192.168.1.249, 00:00:24, Serial0/1 

[120/1] via 192.168.1.254, 00:00:04, Serial0/0 


R* 0.0.0.0/0 [120/1] via 192.168.1.254, 00:00:04, Serial0/0 

RTC>ping WEB 



!!!!! 


Step 2. Troubleshoot, if necessary, to obtain output similar to the preceding output. 

Step 3. When finished, capture your scripts for your records and erase/reload the routers. 

The following are the ending scripts for this lab tested on NetLab using the 2600 platform with IOS version 

12.1(22a): 

RTA with connection to ISP router: 

hostname RTA 

! 

enable secret class 

! 

ip subnet-zero 

no ip domain-lookup 

ip host RTB 192.168.1.246 192.168.1.249 

ip host RTC 192.168.1.253 192.168.1.254 

ip host ISP 209.165.201.1 

ip host WEB 209.165.202.129 

! 

interface FastEthernet0/0 

! 

description Link to RTA LAN 

ip address 192.168.1.1 255.255.255.192 

no shutdown 



interface Serial0/0 

! 

description Link to RTC 

ip address 192.168.1.254 255.255.255.252 

no shutdown 


! 

description Link to RTB 

ip address 192.168.1.245 255.255.255.252 

clockrate 64000 

no shutdown 


! 

description Link to ISP 

ip address 209.165.201.2 255.255.255.252 

no shutdown 

router rip 

! 

version 2 

network 192.168.1.0 

default-information originate 

no auto-summary 

ip classless 

ip route 0.0.0.0 0.0.0.0 209.165.201.1 

! 

banner motd & 

*********************************** 


*********************************** 

& 

! 

line con 0 

exec-timeout 30 0 

password cisco 

logging synchronous 

login 

line aux 0 




login 

line vty 0 4 


password cisco

! 


login 

end 

RTA with simulated ISP: 

hostname RTA 

! 


! 



ip host RTB 192.168.1.246 192.168.1.249 

ip host RTC 192.168.1.253 192.168.1.254 

ip host ISP 209.165.201.2 

! 

interface Loopback0 

! 

description Simulated Link to ISP 

ip address 209.165.201.2 255.255.255.252 


! 

description Link to RTA LAN 

ip address 192.168.1.1 255.255.255.192 

no shutdown 


! 


ip address 192.168.1.254 255.255.255.252 


no shutdown 


! 


ip address 192.168.1.245 255.255.255.252 


no shutdown 

router rip 

! 

version 2 

network 192.168.1.0 



ip classless 

ip route 0.0.0.0 0.0.0.0 Loopback0 

! 



banner motd & 

*********************************** 


*********************************** 

& 

! 

line con 0 




login 

line aux 0 




login 

line vty 0 4 

! 




login 

end 

RTB configuration: 

hostname RTB 

! 


! 



ip host RTA 192.168.1.245 192.168.1.254 

ip host RTC 192.168.1.250 192.168.1.253 

ip host ISP 209.165.201.1 

ip host WEB 209.165.202.129 

!—————————————————————— 

!If using a simulated ISP, use the following 

!instead of the above ‘ISP’ and ‘WEB’: 

!ip host ISP 209.165.201.2 

!—————————————————————— 

! 


description Link to RTB LAN 

ip address 192.168.1.65 255.255.255.192

! 

no shutdown 


! 


ip address 192.168.1.249 255.255.255.252 


no shutdown 


! 

description Link to RTA 

ip address 192.168.1.246 255.255.255.252 

no shutdown 

router rip 

! 

version 2 

network 192.168.1.0 


ip classless 

! 

banner motd & 

*********************************** 


*********************************** 

& 

! 

line con 0 




login 

line aux 0 




login 

line vty 0 4 

! 




login 

end 



RTC configuration: 

hostname RTC 

! 


! 



ip host RTA 192.168.1.254 192.168.1.245 

ip host RTB 192.168.1.249 192.168.1.246 

ip host ISP 209.165.201.1 

ip host WEB 209.165.202.129 

!—————————————————————— 

!If using a simulated ISP, use the following 

!instead of the above ‘ISP’ and ‘WEB’: 

!ip host ISP 209.165.201.2 

!—————————————————————— 

! 


! 

description Link to RTC LAN 

ip address 192.168.1.129 255.255.255.192 

no shutdown 


! 


ip address 192.168.1.253 255.255.255.252 

no shutdown 


! 


ip address 192.168.1.250 255.255.255.252 

no shutdown 

router rip 

! 

version 2 

network 192.168.1.0 


ip classless 

! 

banner motd & 

*********************************** 


*********************************** 

&

! 

line con 0 




login 

line aux 0 




login 

line vty 0 4 

! 




login 

end 

Challenge Lab 1-7: VLSM Design, RIPv2, and Default 

Routing 

Figure 1-37 VLSM Design, RIPv2, and Default Routing Topology 

10.1.8.0/25 

10.1.8.128/25 

10.1.9.0/25 

10.1.9.128/25 

Address Space 

10.1.0.0/20 

Lo1 

Lo2 

Lo3 

Lo4 

RTB 

S0/1 



209.165.202.129/30 

ISP 

S0/1 

DCE 

209.165.201.1/30 

209.165.201.2/30 

S0/1 

172.16.1.0/30 S0/0 

DCE 

RTA 

Lo1 

Lo2 

Lo3 

Lo4 

10.1.0.0/25 

10.1.0.128/25 

10.1.1.0/25 

10.1.1.128/25




ISP S0/0 209.165.201.1 255.255.255.252 

Lo0/0 209.165.202.129 255.255.255.252 

RTA S0/1 209.165.201.2 255.255.255.252 

S0/0 172.16.1.1 255.255.255.252 

Lo1 10.1.0.1 255.255.255.128 

Lo2 10.1.0.129 255.255.255.128 

Lo3 10.1.1.1 255.255.255.128 

Lo4 10.1.1.129 255.255.255.128 

RTB S0/1 172.16.1.2 255.255.255.252 

Objectives 

■ Design a scalable addressing scheme. 

Lo1 10.1.8.1 255.255.255.128 

Lo2 10.1.8.129 255.255.255.128 

Lo3 10.1.9.1 255.255.255.128 

Lo4 10.1.9.129 255.255.255.128 

■ Configure routers with basic configurations using your addressing scheme. 

■ Configure dynamic, static, and default routing. 


Equipment 

The topology shown in Figure 1-37 uses 2600 series routers. This lab can be done with any combination of 

1700, 2500, and 2600 series routers. 


This lab can be completed on a standard NetLab three router pod. 

Task 1: Design the Addressing Scheme 

You are given the address space, 10.1.0.0/20. The loopback interfaces on RTA and RTB are used to simulate 

different areas of the network. Although each loopback interface could be one LAN or a group of 

LANs summarized in one routing update, this discussion simply refers to each loopback interface as a simulated 

LAN. 

Design an addressing scheme by following these requirements: 

Step 1. RTA and RTB will share the 10.1.0.0/20 address space equally. Split the address space into two 

equal subnets. Record your subnets with prefix notation in the space provided. 

10.1.8.0/21 10.1.0.0/21 

Address space for RTB Address space for RTA

Step 2. Each simulated LAN requires a minimum of 100 host addresses. Subnet the address space for 

both RTA and RTB, maximizing the total number of subnets while still providing enough host 

addresses for each simulated LAN. You will use the first four subnets in each address space. 

Record your subnets with prefix notation in the space provided. 

Subnets for RTA LANs Subnets for RTB LANs 

Lo1 10.1.8.0/25 Lo1 10.1.0.0/25 

Lo2 10.1.8.128/25 Lo1 10.1.0.128/25 

Lo3 10.1.9.0/25 Lo1 10.1.1.0/25 

Lo4 10.1.9.128/25 Lo1 10.1.1.128/25 

Step 3. Now label the topology with your subnets and finish filling in the addressing table. Make sure 

you record the subnet masks in dotted-decimal format. 

Step 4. If required, obtain your instructor’s approval before proceeding. 

Instructor Initials _______________ 


Step 1. Cable the topology as shown in Figure 1-37. 

Step 2. Configure the routers with basic router configurations, including 




■ IOS-specific commands (that is, ip subnet-zero with IOS versions prior to 12) 

See the scripts at the end of this lab for recommended configurations. 

Task 3: Configure the Interfaces and Enable RIPv2 

Step 1. Configure all interfaces, including the loopbacks, according to your addressing scheme. 

Step 2. Configure RIPv2 on RTA and RTB. Make sure to add the 172.16.0.0 network to RIP configuration 

on both RTA and RTB. Do not configure RIP on ISP. Do not add the 209.165.201.0/30 

network to the RIP configuration on RTA. 

See the scripts at the end of the lab for recommended configurations. 

Task 4: Configure Static and Default Routing 

Step 1. ISP needs two static routes: one pointing to the 10.1.0.0/20 address space and one pointing to 

the 172.16.1.0/30 address space. Configure ISP with these static routes. 



Step 2. RTA needs a default route point to ISP. Configure RTA with a default route. 




Step 3. RTA needs to send RTB the default router. Configure RTA to originate default information 

within the RIP routing process. Refer to Lab 1-6, if you need help. 


Note: With RIP routing, you must reload the router that is propagating the default route before the default route will 

be sent in routing updates. 


Step 1. Verify that all routers now have a default route and can ping the Public Web Server. The routing 

tables should have all the routes shown in the following output: 

Routing Table for ISP: 



S 172.16.1.0 [1/0] via 209.165.201.2 




C 209.165.202.129 is directly connected, Loopback0 


S 10.1.0.0 [1/0] via 209.165.201.2 

Routing Table for RTA: 







R 10.1.9.0 [120/1] via 172.16.1.2, 00:00:26, Serial0/0 

R 10.1.8.0 [120/1] via 172.16.1.2, 00:00:26, Serial0/0 



R 10.1.9.128 [120/1] via 172.16.1.2, 00:00:27, Serial0/0 

R 10.1.8.128 [120/1] via 172.16.1.2, 00:00:27, Serial0/0 



S* 0.0.0.0/0 [1/0] via 209.165.201.1 

Routing Table for RTB: 







R 10.1.1.0 [120/1] via 172.16.1.1, 00:00:20, Serial0/1 

R 10.1.0.0 [120/1] via 172.16.1.1, 00:00:20, Serial0/1 

C 10.1.9.128 is directly connected, Loopback4


R 10.1.1.128 [120/1] via 172.16.1.1, 00:00:21, Serial0/1 

R 10.1.0.128 [120/1] via 172.16.1.1, 00:00:21, Serial0/1 

R* 0.0.0.0/0 [120/1] via 172.16.1.1, 00:00:21, Serial0/1 

Step 2. Troubleshoot, if necessary, to obtain output similar to the preceding output. 

Step 3. Once finished, capture your scripts for your records and erase/reload the routers. 

Task 6: Challenge 

Looking forward to your studies of EIGRP, you will learn that it is possible to reduce the size of the routing 

tables on RTA and RTB by configuring EIGRP to summarize the simulated LANs into one route. 

What summary route would you configure on RTB to send to RTA? Record the summary route with the 

correct prefix length here: 

10.1.8.0/21 

What summary route would you configure on RTA to send to RTB? Record the summary route with the 

correct prefix length here: 

10.1.0.0/21 

What interface would send the summary on RTB? 

Serial 0/1 

What interface would send the summary on RTA? 

Serial 0/0 

Now use the Cisco IOS help facility to discover a command you can use to configure a summary route. To 

get you started on RTA, enter interface configuration mode for the interface attached to RTB. Then enter 

ip ?. Can you find an ip command that looks like a summary route? Continue to use the help facility to 

discover all the parameters and configure your summary route. 

You may want to help the students through this process of discovering additional features of the IOS by 

using the help facility. The following output shows how this discovery process might occur: 

RTA(config)#interface s0/0 

RTA(config-if)#ip ? 

Interface IP configuration subcommands: 

access-group Specify access control for packets 

accounting Enable IP accounting on this interface 

address Set the IP address of an interface 

audit Apply IDS audit name 

auth-proxy Apply authenticaton proxy 

authentication authentication subcommands 

bandwidth-percent Set EIGRP bandwidth limit 

bgp BGP interface commands 

broadcast-address Set the broadcast address of an interface 

cef Cisco Express Fowarding interface commands 

cgmp Enable/disable CGMP 

directed-broadcast Enable forwarding of directed broadcasts 

dvmrp DVMRP interface commands 

hello-interval Configures IP-EIGRP hello interval 



helper-address Specify a destination address for UDP broadcasts 

hold-time Configures IP-EIGRP hold time 

igmp IGMP interface commands 

inspect Apply inspect name 

irdp ICMP Router Discovery Protocol 

load-sharing Style of load sharing 

mask-reply Enable sending ICMP Mask Reply messages 

mobile Mobile IP support 

mrm Configure IP Multicast Routing Monitor tester 

mroute-cache Enable switching cache for incoming multicast packets 

mtu Set IP Maximum Transmission Unit 

multicast IP multicast interface commands 

nat NAT interface commands 

nhrp NHRP interface subcommands 

ospf OSPF interface commands 

pgm PGM Reliable Transport Protocol 

pim PIM interface commands 

policy Enable policy routing 

probe Enable HP Probe support 

proxy-arp Enable proxy ARP 

rarp-server Enable RARP server for static arp entries 

redirects Enable sending ICMP Redirect messages 

rip Router Information Protocol 

route-cache Enable fast-switching cache for outgoing packets 

router IP router interface commands 

rsvp RSVP interface commands 

rtp RTP parameters 

sap Session Advertisement Protocol interface commands 

sdr Session Directory Protocol interface commands 

security DDN IP Security Option 

split-horizon Perform split horizon 

summary-address Perform address summarization 

tcp TCP header compression parameters 

unnumbered Enable IP processing without an explicit address 

unreachables Enable sending ICMP Unreachable messages 

verify Enable per packet validation 

vrf VPN Routing/Forwarding parameters on the interface 

wccp WCCP interface commands 

RTA(config-if)#ip summary-address ? 

eigrp Enhanced Interior Gateway Routing Protocol (EIGRP) 

rip Routing Information Protocol (RIP) 

RTA(config-if)#ip summary-address rip ? 

A.B.C.D IP address

RTA(config-if)#ip summary-address rip 10.1.0.0 ? 

A.B.C.D IP network mask 

RTA(config-if)#ip summary-address rip 10.1.0.0 255.255.248.0 ? 

 

RTA(config-if)#ip summary-address rip 10.1.0.0 255.255.248.0 

RTA(config-if)#end 

Notice the subnet mask matches the summary of all the simulated LANs for RTA. This summary should 

conform to the subnet the student determined in Task 1, Step 1 above. 

Next, encourage the students to use other commands besides show run and show ip route to see the effect 

of this configuration. A powerful command that displays routing configuration information is show ip protocols. 

Notice the highlighted portion of the output shows the summary route. 

RTA#show ip protocols 




Outgoing update filter list for all interfaces is not set 

Incoming update filter list for all interfaces is not set 




Serial0/0 2 2 

Loopback1 2 2 

Loopback2 2 2 

Loopback3 2 2 

Loopback4 2 2 

Automatic network summarization is not in effect 

Address Summarization: 

10.1.0.0/21 for Serial0/0 

Maximum path: 4 


10.0.0.0 

172.16.0.0 



172.16.1.2 120 00:00:10 



Now verify that RTB has received the new summary route as highlighted in the following output. All the 

routes may be listed, including the /25 routes, because RIP has not yet timed out these routes. You can 

either wait for the /25 routes to be flushed or simply refresh the routing table by using the clear ip route * 


RTB#show ip route 


D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area











C 10.1.9.0/25 is directly connected, Loopback3 


R 10.1.1.0/25 [120/1] via 172.16.1.1, 00:00:55, Serial0/1 

R 10.1.0.0/21 [120/1] via 172.16.1.1, 00:00:28, Serial0/1 

R 10.1.0.0/25 [120/1] via 172.16.1.1, 00:00:55, Serial0/1 



R 10.1.1.128/25 [120/1] via 172.16.1.1, 00:00:55, Serial0/1 

R 10.1.0.128/25 [120/1] via 172.16.1.1, 00:00:55, Serial0/1 

R* 0.0.0.0/0 [120/1] via 172.16.1.1, 00:00:28, Serial0/1 

RTB#clear ip route * 

RTB#show ip route 














R 10.1.0.0/21 [120/1] via 172.16.1.1, 00:00:03, Serial0/1 



R* 0.0.0.0/0 [120/1] via 172.16.1.1, 00:00:03, Serial0/1

Now configure RTB to summarize the simulated LANs in RIP routing updates sent to RTA. What is the 

command, including router prompt? 

RTB(config-if)#ip summary-address rip 10.1.8.0 255.255.248.0 

Clear the routing table on RTA and verify that RTA lists only the summary route for RTB. Test the route 

by pinging the loopback interfaces on RTB. 















R 10.1.8.0/21 [120/1] via 172.16.1.2, 00:00:05, Serial0/0 





S* 0.0.0.0/0 [1/0] via 209.165.201.1 

RTA#ping 10.1.8.1 




!!!!! 


RTA#ping 10.1.8.129 



!!!!! 


RTA#ping 10.1.9.129 



!!!!!



RTA#ping 10.1.9.1 



!!!!! 


The following are the ending scripts for this lab tested on NetLab using the 2600 platform with 

IOS version 12.1(22a). 

ISP configuration: 

hostname ISP 

! 


! 



ip host RTA 209.165.201.2 

! 


! 

description Public Web Server 

ip address 209.165.202.129 255.255.255.255 


! 


ip address 209.165.201.1 255.255.255.252 


no shutdown 

ip classless 

ip route 10.1.0.0 255.255.240.0 209.165.201.2 

ip route 172.16.1.0 255.255.255.252 209.165.201.2 

! 

banner motd & 

*********************************** 


*********************************** 

& 

! 

line con 0 




login 

line aux 0 

exec-timeout 30 0



login 

line vty 0 4 

! 




login 

end 

RTA configuration: 

hostname RTA 

! 


! 



ip host RTB 172.16.1.2 

ip host ISP 209.165.201.1 

ip host WEB 209.165.202.129 

! 


! 

description RTA Simulated LAN1 

ip address 10.1.0.1 255.255.255.128 


! 


ip address 10.1.0.129 255.255.255.128 


! 


ip address 10.1.1.1 255.255.255.128 


! 


ip address 10.1.1.129 255.255.255.128 


! 


ip address 172.16.1.1 255.255.255.252 

ip summary-address rip 10.1.0.0 255.255.248.0 


no shutdown 




! 


ip address 209.165.201.2 255.255.255.252 

no shutdown 

router rip 

! 

version 2 

network 10.0.0.0 

network 172.16.0.0 



ip classless 

ip route 0.0.0.0 0.0.0.0 209.165.201.1 

! 

banner motd & 

*********************************** 


*********************************** 

& 

! 

line con 0 




login 

line aux 0 




login 

line vty 0 4 

! 




login 

end 

RTB configuration: 

hostname RTB 

! 


! 



ip host WEB 209.165.202.129

ip host ISP 209.165.201.1 

ip host RTA 172.16.1.1 

! 


! 

description Simulated RTB LAN1 

ip address 10.1.8.1 255.255.255.128 


! 


ip address 10.1.8.129 255.255.255.128 


! 


ip address 10.1.9.1 255.255.255.128 


! 


ip address 10.1.9.129 255.255.255.128 


! 


ip address 172.16.1.2 255.255.255.252 

ip summary-address rip 10.8.0.0 255.255.248.0 

no shutdown 

router rip 

! 

version 2 


network 172.16.0.0 


ip classless 

! 

banner motd & 

*********************************** 


*********************************** 

& 

! 

line con 0 




login 

line aux 0 






login 

line vty 0 4 

! 




login 

end

CHAPTER 2 

Single-Area OSPF 

The Study Guide portion of this chapter uses a combination of matching, fill in the blank, open-ended 

questions, and unique custom exercises to test your knowledge on the theory of link-state routing protocols, 

single-area OSPF concepts, and single-area OSPF configuration. 

The Lab Exercises portion of this chapter includes all the online curriculum labs as well as a comprehensive 

lab and a challenge lab to ensure that you have mastered the practical, hands-on skills needed about 

single-area OSPF.



Link-State Routing Overview 

In this section of the Study Guide, you complete exercises that solidify your knowledge of the features, 

benefits, and limitations of link-state routing protocols. You also work on your OSPF vocabulary. The following 

exercises build on each other and are best done in sequence. 




Finally, some terms may not be used at all. 

Definition 

a. A collection of networks under a common 

administration that share a common routing 

strategy 

b. Link-state routing protocol 

c. Attaches to multiple areas, maintains separate 

link-state databases for each area it is connected 

to, and routes traffic destined for or 

arriving from other areas 

d. Describes the details of OSPF link-state concepts 

and operations 

e. A listing of links used by the SPF algorithm 

to calculate the best paths through the network 

and build the SPF tree 

f. A group of contiguous subnets that is a logical 

subdivision of an autonomous system 

g. Flooded throughout an area when a failure 

occurs in the network, such as when a neighbor 

becomes unreachable 

h. An open-standard, link-state routing protocol 

designed to address the limitations of RIP 

i. Calculates and maintains a complex database 

of topology information 

j. Within each autonomous system, a contiguous 

transition area through which all other 

areas communicate 

k. Connects to an external routing domain that 

uses a different routing policy 

l. The part of the network through which multiple 

OSPF areas connect 

m. When this is not equal, the router with the highest 

will be the DR regardless of router ID values 

n. The Router ID for an OSPF router if no loopbacks 

are configured 

Term 

e link-state database 

b Intermediate System-to-Intermediate 

System (IS-IS) 

f area 

g link-state advertisements 

n highest IP address 

b, h Open Shortest Path First (OSPF) 

m router priority 

l area 0 

d RFC 2328 

i Shortest Path First algorithm 

a autonomous system 

c Area Border Router (ABR) 

e topological database 

l, j the backbone 

k Autonomous System Boundary Router 

(ASBR) 

(not used) lowest IP address 

i Dijkstra



Open Shortest Path First (OSPF) and Intermediate System-to-Intermediate System (IS-IS) protocols are 

classified as link-state routing protocols. RFC 2328 describes OSPF link-state concepts and operations. 

Link-state routing protocols were designed to overcome the limitations of distance vector routing protocols. 

When a failure occurs in the network, such as when a neighbor becomes unreachable, link-state protocols 

flood LSAs (acronym) using a special multicast address throughout an area. A link is the same as an interface 

on a router. The state of the link is a description of an interface and the relationship to its neighboring 

routers. The collection of link states forms a link-state database, sometimes called a topological database. 

Link-state routers find the best paths to destinations by applying the Dijkstra or Shortest Path First algorithm 

against the link-state database to build the shortest-path first (SPF) tree, with the local router as the 

root. The best paths are then selected from the SPF tree and placed in the forwarding database. 

An autonomous system (AS) consists of a collection of networks under a common administration that 

share a common routing strategy. The backbone area is the transition point between areas in an AS because 

all other areas communicate through it. 

Compare and Contrast Exercise 

In the following table, list the benefits and limitations of link-state routing protocols. You should have at 

least four entries for each side of the table. 

Benefits Limitations 


Link-state protocols use cost metrics to choose Link-state protocols require a topology database, an 

paths through the network. The cost metric adjacency database, and a forwarding database. 

reflects the capacity of the links on those paths. Using all these databases can require a significant 

amount of memory in large or complex networks. 

Routing updates are more infrequent. 

Dijkstra’s algorithm requires CPU cycles to calculate 

The network can be segmented into area the best paths through the network. If the network is 

hierarchies, limiting the scope of route changes. large or complex, link-state protocols can use a 

significant amount of CPU time. 

Link-state protocols send only updates of a 

topology change. By using triggered, flooded In a multiarea design, an area router must always 

updates, link-state protocols can immediately have a path to the backbone or else the router will 

report changes in the network topology to all have no connectivity to the rest of the network. 

routers in the network. This immediate reporting Additionally, the backbone area must remain 

generally leads to fast convergence times. contiguous at all times to avoid some areas becoming 

isolated (partitioned). 

Because each router has a complete and 

synchronized picture of the network, it is very Configuring a link-state protocol in a large network 

difficult for routing loops to occur. can be challenging. 

Because LSAs are sequenced and aged, routers Interpreting the information that is stored in the 

always base their routing decisions on the most topology, neighbor databases, and routing table 

recent set of information. requires a good understanding of the concepts of 

link-state routing. 

With careful network design, the link-state 

database sizes can be minimized, leading to During the initial discovery process, link-state routing 

smaller Dijkstra calculations and faster protocols can flood the network with LSAs and thereconvergence. 

by significantly decrease the network’s capability to 

transport data. 

Link-state protocols usually scale to larger 

networks than distance vector protocols do, 

particularly the traditional distance vector 

protocols such as RIPv1 and IGRP.



What two names refer to the same algorithm used by all link-state routing protocols? 

Link-state routing protocols were made possible by the algorithm formulated by Edsger Wybe Dijkstra. 

Thus, it is called the Dijkstra algorithm. More generically, it is called the Shortest Path First algorithm. For 

more on Dijkstra, visit Wikipedia at http://en.wikipedia.org/wiki/Edsger Dijkstra. 

What is the difference between the way link-state routing protocols view the network and the way distance 

vector routing protocols view the network? 

Link-state routing protocols build a tree-like structure of the network, with the local router as the root of 

the tree. Each link-state router has knowledge of the entire network. Link-state routers do not depend on 

other routers to advertise the best route. Link-state routers calculate an algorithm to determine the best 

route to the destination. Distance vector routing has also been called “routing by rumor” and “gossip routing.” 

Distance vector routers depend upon directly connected neighbors to advertise the best route to the 

destination. 

Journal Entry 

Describe a network implementation where a distance vector routing protocol would be preferred over a 

link-state routing protocol. 

First, the current networking devices may not support link-state routing, and the budget for the implementation 

may not be sufficient to purchase additional equipment. 

Second, the network may be simple enough that the benefits of a link-state routing protocol is overkill. For 

example, a network with only a handful of subnets, a few routers and servers, and only one gateway would 

not normally need the features of a link-state routing protocol. In fact, you may not want to run a routing 

protocol at all. Instead, you may want to use static routes. 

Finally, the network administration of the network may not have the necessary training and skills to implement 

and monitor a link-state routing protocol, which can be more complex than distance vector routing or 

static routing. 

Single-Area OSPF Concepts 

One of the main limitations of OSPF is its sheer complexity. Although you are only responsible for understanding 

single-area OSPF concepts and configurations, it is still the most complex routing protocol you 

will use at the CCNA level. The exercises in the section focus on the conceptual framework of OSPF. It is 

important to have a good grasp of these concepts before proceeding into the configuration of OSPF. The 

following exercises build on each other and are best done in sequence. 



OSPF is a routing protocol developed for IP networks by the OSPF working group of the Internet 

Engineering Task Force (IETF). OSPF has two primary characteristics. The first is that the protocol is an 

open standard, which means that its specification is in the public domain, described in RFC 2328. The second 

principal characteristic is that OSPF is based on the Dijkstra or SPF algorithm. 

OSPF is a link-state routing protocol, whereas RIP and IGRP are distance vector routing protocols. 

Routers that are running distance vector algorithms send all or a portion of their routing tables in routingupdate 

messages to their neighbors.

The term link simply refers to the interface on a router and its relationship to its neighboring routers. The 

collection all of these states forms the link-state database, which is an overall picture of networks in relation 

to routers. 

The ability of OSPF to separate a large internetwork into multiple areas is also referred to as hierarchical 

routing. Routing still occurs between areas, but recalculating databases can be isolated to the area where 

the change occurred. 

The SPF algorithm is used to calculate the cost of links. The OSPF cost of an interface is inversely proportional 

to the bandwidth of that interface, so a higher bandwidth indicates a lower cost. The default formula 

used to calculate OSPF cost is 

cost = 100,000,000/bandwidth in bps 

The SPF algorithm calculates a loop-free topology using the node (or local router) as the starting point and 

examining, in turn, information it has about adjacent nodes. 

Build the SPF Loop-Free Topology 

A physical topology is shown in Figure 2-1. All seven routers are running OSPF in the same single area 

network. The OSPF cost value has been simplified for this exercise. Each link is labeled with its cost. Each 

router will use the SPF algorithm to construct a loop-free topology with the local router as the root. In the 

space provided or on a separate sheet of paper, draw the logical spanning-tree topology for each router. 

(Hint: Use a pencil. You will make mistakes.) 

Figure 2-1 Build the SPF Loop-Free Topology 

D 

A 

B DC 

3 

1 4 

1 

4 1 

2 1 

1 

F G 


Example: The following describes how you would draw the spanning-tree topology in Figure 2-1a showing 

Router A as the local or root router. Start by drawing router A at the top. Router A can send traffic to 

both router B and router C. You can see that router A will always send traffic destined for router B directly 

to router B, so draw router B and connect it to router A. Label the link with the cost, which is 1. But will 

router A send traffic destined for router C directly to router C? No. The cost of 4 is too high compared to 

the path through router B, which has a cumulative cost of only 2. So, attach router C to router B and label 

the link with its cost. Now, how would router A send traffic to router D? It would send it to router B, 

which would forward the traffic directly to router D because the cumulative cost of 4 is lower than the 

cumulative cost to forward the traffic to router C. So, attach router D to router B and label the link with its 

cost. Now router B has three routers attached to it. Continue adding routers. Router E would receive traffic 

from router A via router C. Both router F and router G would receive traffic from router A via router E. 

E 

2


Figure 2-1a Loop-free Topology for Router A 

Figure 2-1b Loop-free Topology for Router B 

Figure 2-1c Loop-free Topology for Router C 

A D 

2 

1 

1 

A 

B 

C D 

1 

E F 

1 

1 

1 

B 

3 

G 

A C 

D 

2 

E 

1 1 

F G 

C 

1 2 

B DE 

1 3 1 1 

3 

F G

Figure 2-1d Loop-free Topology for Router D 

A C 

Figure 2-1e Loop-free Topology for Router E 

Figure 2-1f Loop-free Topology for Router F 

D 

3 2 

B DF 

1 1 1 1 

2 

E 

B D 

E G 

C F GD 

A 

1 

1 2 

1 

2 

F 

D E GD 

C 

B 

1 

2 

1 

1 

A 

1 

1 

Chapter 2: Single-Area OSPF 105


Figure 2-1g Loop-free Topology for Router G 


What is the formula Cisco IOS uses to calculate the cost metric for OSPF? 

Cost = 10 8 /bandwidth in bps 

What is the OSPF cost of a T1 link? 

10 8 /1544000 bps = 64.7, which is rounded to a cost of 64 by the IOS 

What is the OSPF cost of a Fast Ethernet link? 

10 8 /100,000,000 bps = 1 

What is the OSPF cost of a 56-kps dialup link? 

10 8 /56000 = 1785.71, which is rounded to a cost of 1785 by the IOS 

The routers within an OSPF area have converged. What can you safely assume about the link-state databases 

of all the routers within the area? 

The link-state databases within an OSPF area are identical. That is, each router contains the same list of 

links. In fact, this condition must be met before the routers within the area can calculate the SPF algorithm. 

Name at least three advantages of OSPF that relate to its hierarchical routing characteristic. 

Because OSPF is built on a multiple-area concept within autonomous systems, it has the following benefits: 

■ Reduced frequency of SPF calculations 

■ Smaller routing tables 

■ Reduced link-state update overhead 

Single-Area OSPF Configuration 

C 

G 

1 1 

E DF 

B 

2 

1 

1 

A 

Now that you have a good understanding of how OSPF works, it is time to learn the configuration commands 

that you use in a single-area OSPF network. The first exercise in this section takes you step-by-step 

through an OSPF configuration. The second exercise focuses on a topic that often causes problems for students: 

the DR/BDR election. The final exercise is a journal entry. These exercises build on each other and 

are best done in sequence. 

D 

2

Learn the OSPF Commands Exercise 

1. Document the command syntax, including router prompt, to configure the OSPF routing process. 

Router(config)#router ospf process-id. 

2. The value for process-id can be any number between 1 and 65535. 

3. True or False: All routers in an area must have the same process-id. 

False. The process-id is only significant to the local router and has no meaning to other OSPF neighbors. 

OSPF neighbors are unaware of what process ID the local router is using. 

4. The command syntax, including router prompt, for adding network statements to the OSPF routing 

process is 

Router(config-router)#network address wildcard-mask area area-id. 

5. For single area OSPF configurations, the area-id should always be 0. 

6. The wildcard-mask argument works the same way as wildcard masks in access control list statements. 

List the corresponding wildcard mask for each of the following subnet masks: 

255.255.255.0 0.0.0.255 

255.255.255.128 0.0.0.127 

255.255.255.192 0.0.0.63 

255.255.255.240 0.0.0.15 

255.255.0.0 0.0.255.255 

255.255.252.0 0.0.3.255 

255.255.240.0 0.0.15.255 

255.0.0.0 0.255.255.255 

255.224.0.0 0.31.255.255 

255.248.0.0 0.7.255.255 

7. Refer to Figure 2-2. In the space provided, document the correct commands, including router prompt, 

to configure RTA to advertise all directly connected networks in OSPF. 

Figure 2-2 RTA OSPF Configuration 

192.168.1.0/26 

RTA 

192.168.1.252/30 192.168.1.244/30 



RTA(config)#router ospf 1 

RTA(config-router)#network 192.168.1.0 0.0.0.63 area 0 



8. OSPF routers that share a common link become neighbors on that link. In Figure 2-3, RTB and RTC 

are neighbors of RTA, but not of each other. These routers send each other OSPF Hello packets to 

establish adjacency. These packets also act as keepalives so that each router knows that adjacent 

routers are still functional. 

Figure 2-3 Establishing OSPF Adjacency 

192.168.1.128/26 

9. Using Figure 2-3, document the correct commands, including router prompt, to configure RTB and 

RTC to advertise all directly connected networks in OSPF. 

!OSPF Configuration for RTB. 

!Note that the process-id does NOT have to match with RTA 

RTB(config)#router ospf 2 

RTB(config-router)#network 192.168.1.64 0.0.0.63 area 0 

RTB(config-router)#network 192.168.1.244 0.0.0.3 area 0 

!OSPF Configuration for RTB. 

RTC(config)#router ospf 3 

192.168.1.0/26 

RTC RTB 

RTC(config-router)#network 192.168.1.128 0.0.0.63 area 0 

RTC(config-router)#network 192.168.1.252 0.0.0.3 area 0 

Note: Now is a good time to complete Curriculum Lab 2-1: Configuring the OSPF Routing Process (2.3.1). 

RTA 

192.168.1.252/30 192.168.1.244/30 

OSPF 

Area 0 

192.168.1.64/26 

10. On multiaccess networks (networks supporting more than two routers) such as Ethernet and Frame- 

Relay networks, the Hello protocol elects a designated router (DR) and a backup designated router 

(BDR). Among other things, the designated router is responsible for generating LSAs for the entire 

multiaccess network, which reduces both routing-update traffic and management of link-state synchronization.

11. The DR/BDR election is based on OSPF priority and OSPF Router ID. By default, all OSPF routers 

have a priority of 1. If all OSPF routers have the same priority, the highest Router ID determines the 

DR and BDR. 

12. Unless a loopback interface is configured, the highest IP address on an active interface at the moment 

of OSPF process startup is used as the router ID. 

13. In Figure 2-4, label each router with its router ID. Assume that all routers came up simultaneously and 

that all interfaces are active. 

Figure 2-4 Determine the Router ID 

14. In Figure 2-4, which router would be the DR? RTC BDR? RTB 

15. You can override the Router ID that OSPF chooses by configuring an IP address on a loopback interface. 

This will provide stability to your OSPF network, because loopback interfaces do not become 

inactive. 

16. The syntax for configuring a loopback interface with an IP address is 

Router(config)#interface loopback number 

Router(config-if)#ip address address subnet-mask 

17. Assume that network policy has determined that RTA is best suited to be the DR. In addition, the policy 

states that all OSPF routers will be configured with a loopback interface, as follows, to provide stability 

to OSPF: 

■ 10.0.0.3/32 for RTA 

■ 10.0.0.2/32 for RTB 

■ 10.0.0.1/32 for RTC 

Router ID: 192.168.1.65 

Fa0/1 192.168.1.65/26 

RTA 

Fa0/0 192.168.1.3/29 

OSPF 

Area 0 


Fa0/1 192.168.1.193/26 Fa0/1 192.168.1.129/26 

Fa0/0 192.168.1.1/29 Fa0/0 192.168.1.2/29 

RTC 

RTB 

Router ID: 192.168.1.193 Router ID: 192.168.1.129


18. Document the correct commands, including router prompt, to configure loopback interfaces on each 

router. 

RTA(config)#interface loopback 0 


RTB(config)#interface loopback 0 

RTB(config-if)#ip address 10.0.0.2 255.255.255.255 

RTC(config)#interface loopback 0 

RTC(config-if)#ip address 10.0.0.1 255.255.255.255 

19. With loopback interfaces now configured on each router, what must you do to change which router 

is DR? 

Does the first sentence mean, “Either the routers must be reloaded or the OSPF process must be 

removed with the no router ospf process-id command and then completely reconfigured before routers 

will use the loopback addresses as the router ID”? However, the first router reconfigured will become 

the DR regardless of the value of Router ID unless you reload the routers. So, the best way to ensure 

which router is DR is by configuring priority. 

Note: Now is a good time to complete Curriculum Lab 2-2: Configuring OSPF with Loopback Addresses (2.3.2). 

20. In addition to configuring loopbacks, it would be a good idea to configure RTA with an OSPF priority 

that ensures that it always wins the DR/BDR election. The syntax for configuring OSPF priority is 

Router(config-if)#ip ospf priority priority 

21. Document the commands you would configure on RTA to make sure its priority always wins the 

DR/BDR election. 

RTA(config)#interface Fa 0/0 

RTA(config-if)#ip ospf priority 2 

!Any priority higher than the default of 1 will work. 

22. In Figure 2-5, note the differences in bandwidth. If OSPF uses the default bandwidth on the serial 

interfaces to calculate the cost, RTB will send traffic destined for the LAN on RTC directly to RTC, 

and RTC will send traffic destined for the LAN on RTB directly to RTB. However, the path through 

RTA is faster. There are two ways to force RTB and RTC to send traffic to RTA. Explain the two different 

ways to configure the correct cost. In what situations would one be better than the other? 

Figure 2-5 Configure OSPF Cost Metric 

192.168.1.0/26 

Fa0/0 

RTA 

192.168.1.252/30 192.168.1.244/30 

T1 

S0/0 

OSPF 

Area 0 

S0/1 

DCE 

192.168.1.128/26 

S0/0 

DCE 

S0/1 192.168.1.64/26 

Fa0/0 

RTC 

S0/1 

192.168.1.248/30 

386 kps 

S0/0 

DCE 

RTB 

Fa0/0 

T1

The Cisco IOS uses the 10 8 /bps formula to assign a value for OSPF cost. However, this formula is 

arbitrary and is not universal. The OSPF standard does not specify how cost is to be calculated. In 

fact, it states, “This cost is configurable by the system administrator” (see RFC 2328, page 17). 

Therefore, if you are configuring OSPF in a multivendor environment, you need to configure the cost 

for the interface so that it matches the non-Cisco device. For that situation, it is best to use the ip ospf 

cost bps command. 

If, however, you are using all Cisco equipment, it is much more effective and simple to configure the 

interface with the actual bandwidth by using the bandwidth bps command. 

23. RTB and RTC are both Cisco 2600 series routers. The default bandwidth on serial interfaces for 2600 

routers is 1544 kbps (T1). What command would you enter to verify the default or configured bandwidth 

on an interface? show interface Referring to Figure 2-5, document the commands needed to 

configure the bandwidth correctly so that OSPF uses an accurate cost metric. 

RTB(config)#interface serial 0/0 

RTB(config-if)#bandwidth 386 

RTC(config)#interface serial 0/1 

RTC(config-if)#bandwidth 386 

Note: Now is a good time to complete Curriculum Lab 2-3: Modifying OSPF Cost Metric (2.3.3). 

24. By default, a router trusts that information arriving from another router is “believable.” However, to 

avoid malicious or inadvertent misinformation, you should configure authentication. The Cisco IOS 

has two methods for authenticating OSPF routing updates: simple authentication and encrypted 

authentication. With simple authentication, passwords are sent in clear text, affording no protection 

from sniffer programs. Document the command syntax, including router prompt, to configure simple 

authentication (two commands). 

!On the interface that will participate in authentication: 

Router(config-if)#ip ospf authentication-key password 

!Within the OSPF router process: 

Router(config-router)#area area-number authentication 

25. You should use encrypted authentication whenever possible. Document the command syntax, including 

router prompt, to configure encrypted authentication (two commands). 

!On the interface that will participate in encryption: 

Router(config-if)#ip ospf message-digest-key key-id encryption-type md5 key 

!Within the OSPF router process: 

Router(config-router)#area area-id authentication message-digest 

26. Document the commands necessary to configure encrypted authentication of OSPF routing updates 

for the routers in Figure 2-5. Because the commands are the same for all three routers, it is only necessary 

that you document the commands for RTA. Use “allrouters” as the key. 

RTA(config)#interface serial 0/0 

RTA(config-if)#ip ospf message-digest-key 1 md5 7 allrouters 



RTA(config-if)#router ospf 1 

RTA(config-router)#area 0 authentication message-digest 


Instructor Note: The preceding configuration also ensures that potentially malicious routing updates received on the 

Fast Ethernet interfaces will not be believed. Authentication has been enabled for the entire area.


Note: Now is a good time to complete Curriculum Lab 2-4: Configuring OSPF Authentication (2.3.4). 

27. The DR, BDR, and every other router in an OSPF network sends out Hellos using 224.0.0.5 as the 

destination address. If a DRother (a router that is not the DR) needs to send an LSA, it will send it 

using 224.0.0.6 as the destination address. The DR and the BDR will receive LSAs at this address. 

28. Complete the following table by listing the four types of OSPF networks and whether they have a 

DR/BDR election. 

Network Type Characteristics DR/BDR 

Election? 

Broadcast multiaccess Ethernet, Token Ring, or FDDI Yes 

Non-broadcast multiaccess Frame Relay, X.25, SMDS Yes 

Point-to-point PPP, HDLC No 

Point-to-multipoint Configured by an administrator No 

29. OSPF routers must use matching Hello intervals and Dead intervals on the same link. These are used 

to time the exchange of link-state information as well as to determine when a link is down. 

30. On broadcast OSPF networks, the default Hello interval is 10 seconds and the default Dead interval is 

40 seconds. On nonbroadcast networks, the default Hello interval is 30 seconds and the default Dead 

interval is 120 seconds. 

31. These default interval values result in efficient OSPF operation and seldom need to be modified. 

However, you can change them. Document the command syntax, including router prompt, to change 

these values. 

Router(config-if)#ip ospf hello-interval seconds 

Router(config-if)#ip ospf dead-interval seconds 

32. Again, refer to Figure 2-5. Assuming that the current intervals are 10 and 40, document the commands 

necessary to change these intervals on the link between RTB and RTC to a value four times greater 

than the current value. 


RTB(config-if)#ip ospf hello-interval 40 

RTB(config-if)#ip ospf dead-interval 160 


RTC(config-if)#ip ospf hello-interval 40 

RTC(config-if)#ip ospf dead-interval 160 

Instructor Note: It is not necessary to configure the Dead interval as long as the desired interval is four times the 

Hello interval. The IOS will automatically increase the Dead interval to four times the configured Hello interval. 

Note: Now is a good time to complete Curriculum Lab 2-5: Configuring OSPF Timers (2.3.5). 

33. Refer to Figure 2-6 for the remaining questions in this section. RTA is your gateway router because it 

provides access outside the area. In OSPF terminology, RTA is called the Autonomous System 

Boundary Router (ASBR) because it connects to an external routing domain that uses a different routing 

policy.

Figure 2-6 Propagating a Default Route 

192.168.1.128/26 

Address Space 

192.168.1.0/24 

Fa0/0 

RTA 

S0/1 

RTC 192.168.1.248/30 S0/0 RTB 

DCE 

34. Each routing protocol handles the propagation of default routing information a little differently. For 

OSPF, the gateway router must be configured with two commands. First, RTA needs a static default 

route (also known as the “quad-zero” route) pointing to ISP. Document the command syntax to configure 

a static default route on RTA. 

Router(config)#ip route 0.0.0.0 0.0.0.0 [interface | next-hop-address] 

Instructor Note: Students should also know the difference between using the interface argument and using the nexthop-address 

argument. When you configure the outbound interface, the router does not need to do the extra step of 

looking up the next hop’s address in the routing table. Therefore, the interface argument has an administrative distance 

of 0. This is also the preferred configuration if the next hop’s address changes often. If you configure the next-hopaddress 

argument, the administrative distance is 1 to account for the extra processing time. 

35. Using the interface argument, document the command necessary to configure RTA with a static 

default route pointing to ISP. 

RTA(config)#ip route 0.0.0.0 0.0.0.0 serial 1/0 

36. At this point, RTA can send pings to ISP, and ISP will respond as long as the pings are sourced from 

the serial 1/0 interface on RTA. However, any ping coming from the 192.168.1.0/24 address space will 

be discarded by ISP. Why? 

Because ISP does not yet have a route to the 192.168.1.0/24 address space. 

37. Document the command syntax used to configure a static route. 

Router(config)#ip route network_address subnet_mask [interface | next-hop-address] 

38. Using the next-hop-address argument, document the command necessary to configure ISP with a static 

route pointing to the 192.168.1.0/24 address space. 


39. At this point, any host on the LAN attached to RTA will be able to access ISP and ping the Public 

Web Server at 209.165.202.129. However, RTB and RTC still cannot ping outside the 192.168.1.0/24 

address space. Why? 

Because neither router has a default route. 

S1/0 

209.165.201.2/30 

192.168.1.252/30 

RTA 

Propagates 

Default Route to 

RTB and RTC 

192.168.1.244/30 

S0/0 

DCE 

S0/0 

192.168.1.0/26 

Fa0/0 

S0/1 

DCE 

Default Route 

209.165.201.1/30 

Static Route 

S0/1 

Fa0/0 


S0/0 

DCE 

ISP 

OSPF 

Area 0 192.168.1.64/26 


209.165.202.129/30


40. Document the command that needs to be configured on RTA to fix this problem. 


Note: Now is a good time to complete Curriculum Lab 2-6: Propagating Default Routes in an OSPF Domain (2.3.6). 

DR/BDR Election Exercise 

In the following exercises, assume that all routers are simultaneously booted. Determine the network type, 

if applicable, and label which router is elected as the DR and which router is elected as the BDR. 

Hint: Remember, if priority is equal, router ID determines DR and BDR. 

Refer to Figure 2-7 and answer the following questions: 

Figure 2-7 DR/BDR Election Exercise 1 Topology 

E0 = 172.16.1.1 

L0 = 192.168.1.4 

RTA 

What is the router ID for RTA? 192.168.1.4 

What is the router ID for RTB? 192.168.1.3 

What is the router ID for RTC? 192.168.1.2 

What is the router ID for RTD? 192.168.1.1 

Which router will be elected DR? RTA 

Which router will be elected BDR? RTB 

RTC 

E0 = 172.16.1.3 

S0 = 192.168.5.1 

L0 = 192.168.1.2 

Refer to Figure 2-8 and determine whether there will be a DR/BDR election. If applicable, designate 

which router is DR and which router is BDR. 


E0 = 172.16.1.2 

L0 = 192.168.1.3 

RTB 

The loopback address is the router ID in every case 

172.15.1.2/30 

S0 

Fa0 

172.16.1.2/24 

Router ID 

172.15.1.1/30 

S0 

Fa1 

172.16.1.1/24 

RTA 

Router ID 

172.18.1.2/30 

S1 

Fa0 

172.17.1.1/24 

Router ID 

RTD 

E0 = 172.16.1.4 

S0 = 192.168.5.2 

L0 = 192.168.1.1 

Router ID 

172.18.1.1/30 

S0 

RTD RTB 

RTC 

Fa0 

172.17.1.2/24

Network DR/BDR Election? Which Router Is the DR? Which Router Is the BDR? 

172.15.1.0/30 No — — 

172.16.1.0/24 Yes RTC RTD 

172.17.1.0/24 Yes RTB RTC 

172.18.1.0/30 No — — 

Refer to Figure 2-9 and answer the following questions: 


What is the router ID for RTA? 209.165.201.2 

What is the router ID for RTB? 192.168.1.2 

What is the router ID for RTC? 10.1.1.1 

Which router is DR for the 192.168.0.0/24 network? RTA 

Which router is BDR for the 192.168.0.0/24 network? RTB 

Assuming a priority of zero on RTA, which router is DR for the 192.168.1.0/24 network? RTB 

What will happen if another router, RTD, joins the 192.168.1.0/24 network with a router ID of 

209.165.201.9? 

Nothing. Both the DR and BDR have to go down before RTD can become the DR. 

Journal Entry 

RTC 

RTA 

E0 

E0 E0 

S0 

E0 = 192.168.0.3/24 

S0 = 192.168.1.3/30 

L0 = 10.1.1.1/32 

Router ID 

Router ID 

E0 = 192.168.0.1/24 

S0 = 209.165.201.2/30 

S0 

OSPF 

Area 0 


S0 = 209.165.201.1/30 

In a simple three-router topology, it may not be necessary to run OSPF as your routing protocol. Under 

what circumstances would you choose to use OSPF instead of RIPv2? 

Answers will vary. However, you are looking for an answer that takes into consideration the benefits and 

limitations of both routing protocols. For example, RIP cannot make a decision about routing based on a 

cost metric. RIP looks at hops and only hops to make its decision. In addition, some equipment may not 

support RIPv2 but support OSPF. 

S0 

ISP 

RTB 

E0 = 192.168.0.2/24 

S0 = 192.168.1.2/30 

Router ID


Lab Exercises 



Fill in any blanks with the appropriate missing information. 


Router(config)#router ospf 123 Turns on OSPF process number 123. The process ID is any 

value between 1 and 65535. The process ID does not equal 

the OSPF area. 

Router(config-router)#network OSPF advertises interfaces, not networks. Uses the 

172.16.10.0 0.0.0.255 area 0 wildcard mask to determine which interfaces to advertise. 

The command shown reads: any interface with an address 

of 172.16.10.x is to be put into area 0. 

Router(config)#interface lo0 Creates the virtual interface loopback 0. 

Router(config-if)#ip ospf priority 50 Changes the OSPF priority for an interface to 50. 

Router(config-if)#bandwidth 128 Changes the bandwidth of an interface to 128 kbps. 

Router(config-if)#ip ospf cost 1564 Changes the cost to a value of 1564. 

Router(config-router)#area 0 authentication Turns on simple authentication within the OSPF routing 

process. 

Router(config-if)#ip ospf Sets the simple authentication key (password) to fred on an 

authentication-key fred interface. 

Router(config-router)#area 0 authentication Turns on MD5 authentication within the OSPF routing 

message-digest process. 

Router(config-if)#ip ospf message- Sets 1 as the key-id and fred as the key on an interface. 

digest-key 1 md5 7 fred 

or 

Router(config-if)#ip ospf message-digest-key 

1 md5 fred 

Router(config-if)#ip ospf hello-interval 20 Changes the Hello Interval timer to 20 seconds. 

Router(config-if)#ip ospf dead-interval 80 Changes the Dead Interval timer to 80 seconds. 

Router(config)#ip route 0.0.0.0 0.0.0.0 s0/0 Creates a static default route pointing out the serial 0/0 

interface. This route will have an administrative distance 

of 0. 

Router(config)#ip route Creates a static default route pointing to the next-hop IP 

0.0.0.0 0.0.0.0 192.168.1.1 address of 192.168.1.1. This route will have an 

administrative distance of 1. 

Router(config-router)#default-information Sets the default route to be propagated to all OSPF routers. 

originate 

Router#show ip protocol Displays parameters for all routing protocols running on 

the router.


Router#show ip route Displays complete IP routing table. 

Router#show ip ospf Displays basic OSPF information for all OSPF processes 

running on the router. 

Router#show ip ospf interface Displays OSPF information as it relates to all interfaces. 

Router#show ip ospf neighbor List all the OSPF neighbors and their states. 

Router#show ip ospf neighbor detail Displays a detailed list of neighbors. 

Router#clear ip route * Clears entire routing table, forcing it to rebuild. 

Router#clear ip ospf counters Resets OSPF counters. 

Router#clear ip ospf process Resets entire OSPF process, forcing OSPF to re-create 

neighbors, the database, and the routing table. 

Router#debug ip ospf events Displays all OSPF events. 

Router#debug ip ospf adj Displays the various OSPF states as neighbors form 

adjacencies as well as the DR and BDR election between 

adjacent routers. 

Router#debug ip ospf packets Displays OSPF packets as they are sent and received. 

Curriculum Lab 2-1: Configuring the OSPF Routing 

Process (2.3.1) 



Area 0 




Serial Cable 




Router Designation Router Name Routing Protocol Network Statements 

Router 1 BERLIN OSPF 192.168.1.128 

192.168.15.0 

Router 2 ROME OSPF 192.168.15.0 



Table 2-2 Lab Equipment Interface/IP Address Configurations 

192.168.0.0 

Router IP Host Fast Ethernet 0 Interface Type Serial 0 Address/ 

Designation Table Entry Address/Subnet Mask Serial 0 Subnet Mask 

Router 1 ROME 192.168.1.129/26 DCE 192.168.15.1/30 

Router 2 BERLIN 192.168.0.1/24 DTE 192.168.15.2/30 

The interface type and address/subnet mask for the serial 1 interface on both routers is not applicable for 

this lab. 

The “IP Host Table Entry” column contents indicate the names of the other routers in the IP host table. 

Objectives 

■ Set up an IP addressing scheme for OSPF area 0. 

■ Configure and verify OSPF routing. 







each router unless you are specifically instructed otherwise. Start a HyperTerminal session. 

Implement the procedure documented in Appendix C, “Erasing and Reloading the Router,” before you 



On the routers, enter global configuration mode and configure the hostname as shown in Table 2-1. Then, 

configure the console, virtual terminal, and enable passwords. Next, configure the interfaces according to 

Table 2-2. Finally, configure the IP hostnames. Do not configure the routing protocol until you are specifically 

told to. If you have problems configuring the router basics, refer to Lab 1-2, “Review of Basic Router 

Configuring with RIP.” 

Note: You may need to add the command ip subnet-zero because of the use of the ZERO subnet with VLSM on the 

192.168.1.0/30 and 192.168.1.128/26 networks.

BERLIN 

Router>enable 


Router(config)#hostname BERLIN 

BERLIN(config)#enable secret class 

BERLIN(config)#line console 0 

BERLIN(config-line)#password cisco 

BERLIN(config-line)#login 

BERLIN(config-line)#line vty 0 4 

BERLIN(config-line)#password cisco 

BERLIN(config-line)#login 

BERLIN(config-line)#exit 

BERLIN(config)#interface serial 0 

BERLIN(config-if)#ip address 192.168.15.1 255.255.255.252 

BERLIN(config-if)#clock rate 64000 

BERLIN(config-if)#no shutdown 

BERLIN(config-if)#exit 

BERLIN(config)#interface FastEthernet 0 

BERLIN(config-if)#ip address 192.168.1.129 255.255.255.192 

BERLIN(config-if)#no shutdown 

BERLIN(config-if)#exit 

BERLIN(config)#ip host ROME 192.168.0.1 192.168.15.2 

ROME 

Router>enable 


Router(config)#hostname ROME 

ROME(config)#enable secret class 

ROME(config)#line console 0 

ROME(config-line)#password cisco 

ROME(config-line)#login 

ROME(config-line)#line vty 0 4 

ROME(config-line)#password cisco 

ROME(config-line)#login 

ROME(config-line)#exit 

ROME(config)#interface serial 0 

ROME(config-if)#ip address 192.168.15.2 255.255.255.252 

ROME(config-if)#no shutdown 

ROME(config-if)#exit 

ROME(config)#interface FastEthernet 0 

ROME(config-if)#ip address 192.168.0.1 255.255.255.0 

ROME(config-if)#no shutdown 

ROME(config-if)#exit 

ROME(config)#ip host BERLIN 192.168.1.129 192.168.15.1 



Task 2: Save the Configuration Information from Privileged EXEC 

Command Mode 

BERLIN#copy running-config startup-config 

Destination filename [startup-config]? [Enter] 

Why save the running configuration to the startup configuration? 

So that the router will keep the configuration when it is reset. 


Step 1. Configure the hosts with the proper IP address, subnet mask, and default gateway. 

Host connected to router Rome 

IP address: 192.168.0.2 

Subnet mask: 255.255.255.0 


Host connected to router Berlin 

IP address: 192.168.1.130 

Subnet mask: 255.255.255.128 


Step 2. Each workstation should be able to ping the attached router. Troubleshoot as necessary. Hint: 

Remember to assign a specific IP address and default gateway to the workstation. If you are 

running Windows 98, check using Start > Run > winipcfg. If you are running Windows 2000, 

check using ipconfig in a DOS window. 

Step 3. At this point, the workstations will not be able to communicate with each other. The following 

tasks will demonstrate the process that is required to get communication working while using 

OSPF as the routing protocol. 

Task 4: View the Router’s Configuration and Interface Information 

Step 1. At the privileged EXEC mode prompt, type the following: 

BERLIN#show running-config 

Step 2. Using the show ip interface brief command, check the status of each interface. 

What is the state of the interfaces on each router? 

BERLIN: 

Fast Ethernet 0: Up 

Serial 0: Up 

Serial 1: Down 

ROME: 

Fast Ethernet 0: Up 

Serial 0: Up 

Serial 1: Down

Step 3. Ping from one of the connected serial interfaces to the other. 


Step 4. If the ping was not successful, troubleshoot the router configuration until the ping is successful. 

Instructor Note: If the ping is not successful, the show ip interface brief command would have indicated where the 

problem was. The configured interfaces should be in the “up” and “up” state. 

Task 5: Configure OSPF Routing on Router BERLIN 

Step 1. Configure an OSPF routing process on router BERLIN. Use OSPF process number 1 and 

ensure that all networks are in area 0. 

BERLIN(config)#router ospf 1 

BERLIN(config-router)#network 192.168.1.128 0.0.0.63 area 0 

BERLIN(config-router)#network 192.168.15.0 0.0.0.3 area 0 

BERLIN(config-router)#end 

Step 2. Examine the routers that are running configuration files. 

Did the IOS version automatically add any lines under router OSPF 1? Yes 

If so, what did it add? log-adjacency-changes 

Step 3. If there were no changes to the running configuration, type the following commands: 

BERLIN(config)#router ospf 1 

BERLIN(config-router)#log-adjacency-changes 

BERLIN(config-router)#end 

Step 4. Show the routing table for the BERLIN router. 

BERLIN#show ip route 

Do entries exist in the routing table? No 

Why? 

OSPF is not configured on ROME yet. 

Task 6: Configure OSPF Routing on Router ROME 

Step 1. Configure an OSPF routing process on router ROME. Use OSPF process number 1 and ensure 

that all networks are in area 0. 

ROME(config)#router ospf 1 

ROME(config-router)#network 192.168.1.0 0.0.0.255 area 0 

ROME(config-router)#network 192.168.15.0 0.0.0.3 area 0 

ROME(config-router)#end 

Step 2. Examine the ROME router running configuration files. 

Did the IOS version automatically add lines under router OSPF 1? Yes 

If so, what did it add? log-adjacency-changes 


ROME(config)#router ospf 2 

ROME(config-router)#log-adjacency-changes 

ROME(config-router)#end 



Step 4. Show the routing table for the ROME router. 

ROME#show ip route 

Are there OSPF entries in the routing table now? Yes 

What is the metric value of the OSPF route? 

It varies; the default with bandwidth on serial set to 128 kbps gives a net cost of 782. 

What is the VIA address in the OSPF route? 192.168.15.1 

Are routes to all networks shown in the routing table? Yes 

What does the O mean in the first column of the routing table? 

The route was learned by OSPF. 

Task 7: Test Network Connectivity 

Ping the BERLIN host from the ROME host. Was it successful? Yes 

If not, troubleshoot as necessary. 

After you complete the previous steps, log off (by typing exit) and turn the router off. Then, remove and 

store the cables and adapter. 

Curriculum Lab 2-2: Configuring OSPF with Loopback 

Addresses (2.3.2) 


Router 1 

Router 2 

Router 3

Table 2-3 Lab Equipment Configuration: Part I 

Router Router Routing OSPF Network 

Designation Name Protocol Routing ID Statements 

Router 1 London OSPF 1 192.168.1.0 

Router 2 Ottawa OSPF 1 192.168.1.0 

Router 3 Brasilia OSPF 1 192.168.1.0 

The enable secret password for all routers is class. 

The enable, VTY, and console passwords for each router is cisco. 

Table 2-4 Lab Equipment Configuration: Part II 

Router IP Host Fast Ethernet 0 Loopback Interface/ 

Designation Table Entry Address/Subnet Mask Subnet Mask 

Router 1 Ottawa Brasilia 192.168.1.1/24 192.168.31.11/32 

Router 2 London Brasilia 192.168.1.2/24 192.168.31.22/32 

Router 3 London Ottawa 192.168.1.3/24 192.168.31.33/32 


Objectives 

■ Configure routers with a Class C IP addressing scheme. 

■ Observe the election process for designated routers (DR) and backup designated routers (BDR) on the 

multiaccess network. 

■ Configure loopback addresses for OSPF stability. 

■ Assign each OSPF interface a priority to force the election of a specific router as DR. 







instructed otherwise. Start a HyperTerminal session. 

Implement the procedure documented in Appendix C on all routers before continuing with this lab. 


On the routers, enter global configuration mode and configure the hostname as shown in Table 2-3. Then, 

configure the console, virtual terminal, and enable passwords. Next, configure the interfaces and the IP 

hostnames according to the Lab Equipment Configuration tables, Tables 2-3 and 2-4. If you have problems 

configuring the router basics, refer to Lab 1-2, “Review of Basic Router Configuring with RIP.” 

Note: Do not configure loopback interfaces and routing protocols yet. 



LONDON 

Router>enable 


Router(config)#hostname LONDON 

LONDON(config)#enable secret class 

LONDON(config)#line console 0 

LONDON(config-line)#password cisco 

LONDON(config-line)#login 

LONDON(config-line)#line vty 0 4 

LONDON(config-line)#password cisco 

LONDON(config-line)#login 

LONDON(config-line)#exit 

LONDON(config)#interface fastethernet 0/0 

LONDON(config-if)#ip address 192.168.1.1 255.255.255.0 

LONDON(config-if)#no shutdown 

LONDON(config-if)#exit 

LONDON(config)#ip host OTTAWA 192.168.1.2 

LONDON(config)#ip host BRASILIA 192.168.1.3 

OTTOWA 

Router>enable 


Router(config)#hostname OTTAWA 

OTTOWA(config)#enable secret class 

OTTOWA(config)#line console 0 

OTTOWA(config-line)#password cisco 

OTTOWA(config-line)#login 

OTTOWA(config-line)#line vty 0 4 

OTTOWA(config-line)#password cisco 

OTTOWA(config-line)#login 

OTTOWA(config-line)#exit 

OTTOWA(config)#interface fastethernet 0/0 

OTTOWA(config-if)#ip address 192.168.1.2 255.255.255.0 

OTTOWA(config-if)#no shutdown 

OTTOWA(config-if)#exit 

OTTOWA(config)#ip host LONDON 192.168.1.1 

OTTOWA(config)#ip host BRASILIA 192.168.1.3 

BRASILIA 

Router>enable 


Router(config)#hostname BRASILIA 

BRASILIA(config)#enable secret class 

BRASILIA(config)#line console 0 

BRASILIA(config-line)#password cisco

BRASILIA(config-line)#login 

BRASILIA(config-line)#line vty 0 4 

BRASILIA(config-line)#password cisco 

BRASILIA(config-line)#login 

BRASILIA(config-line)#exit 

BRASILIA(config)#interface fastethernet 0/0 

BRASILIA(config-if)#ip address 192.168.0.1 255.255.255.0 

BRASILIA(config-if)#no shutdown 

BRASILIA(config-if)#exit 

BRASILIA(config)#ip host LONDON 192.168.1.1 

BRASILIA(config)#ip host OTTAWA 192.168.1.2 

Task 2: Save the Configuration Information for All the Routers 

Why should you save the running configuration to the startup configuration? 

So that the router will keep the configuration when it is reset. 



Host with gateway London 

IP address: 192.168.1.4 

Subnet mask: 255.255.255.0 


Host with gateway Ottawa 

IP address: 192.168.1.5 

Subnet mask: 255.255.255.0 


Host with gateway Brasilia 

IP address: 192.168.1.6 

Subnet mask: 255.255.255.0 



Step 2. Each workstation should be able to ping all the attached routers, because they are all part of the 

same subnetwork. Troubleshoot as necessary. Hint: Remember to assign a specific IP address 

and default gateway to the workstation. If you are running Windows 98, check using Start > 

Run > winipcfg. If you are running Windows 2000, check using ipconfig in a DOS window. 


tasks demonstrate the process required to get communication working by using OSPF as the 

routing protocol.



Step 1. At the privileged EXEC mode prompt, type show running-config. 



London: 

■ Fast Ethernet 0: Up 

■ Serial 0: Down 


Ottawa: 




Brasilia: 




Task 5: Verify Connectivity of the Routers 

Ping all the connected Fast Ethernet interfaces from each other. 

Were the pings successful? Yes 

If the pings were not successful, troubleshoot the router configuration until the ping is successful. 

Task 6: Configure OSPF Routing on Router London 

Step 1. Configure an OSPF routing process on router London. Use OSPF process number 1 and ensure 


London(config)#router ospf 1 

London(config-router)#network 192.168.1.0 0.0.0.255 area 0 

London(config-router)#end 

Step 2. Examine the London router running the configuration file. 

Did the IOS version automatically add lines under router OSPF 1? Yes/No 

Instructor Note: The log-adjacency-changes command is added automatically with newer versions of the IOS. 


London(config)#router ospf 1 

London(config-router)#log-adjacency-changes 


Step 4. Show the routing table for the London router: 

London#show ip route

Are entries in the routing table? No 

Why? 

No other routers have been configured with OSPF. 

Task 7: Configure OSPF Routing on Router Ottawa 

Step 1. Configure an OSPF routing process on router Ottawa. Use OSPF process number 1 and ensure 


Ottawa(config)#router ospf 1 

Ottawa(config-router)#network 192.168.1.0 0.0.0.255 area 0 

Ottawa(config-router)#end 

Step 2. Examine the Ottawa router running configuration files. 

Did the IOS version automatically add lines under router OSPF 1? Yes/No 

Step 3. If no changes were made to the running configuration, type the following commands: 

Ottawa(config)#router ospf 1 

Ottawa(config-router)#log-adjacency-changes 


Task 8: Configure OSPF Routing on Router Brasilia 

Step 1. Configure an OSPF routing process on router Brasilia. Use OSPF process number 1 and ensure 


Brasilia(config)#router ospf 1 

Brasilia(config-router)#network 192.168.1.0 0.0.0.255 area 0 

Brasilia(config-router)#end 

Step 2. Examine the Brasilia router running configuration files. 


What did it add? log-adjacency-changes 


Brasilia(config)#router ospf 1 

Brasilia(config-router)#log-adjacency-changes 



Ping the Brasilia router from the London router. Was it successful? Yes 


Task 10: Show OSPF Adjacencies 

Type the command show ip ospf neighbor on all routers to verify that the OSPF routing has formed adjacencies. 

Is there a designated router identified? Yes 

Is there a backup designated router? Yes 



Type the command show ip ospf neighbor detail for more information. 

What is the neighbor priority of 192.168.1.1 from router Brasilia? 1 

What interface is identified as being part of area 0? FastEthernet 0/0 

Task 11: Configure the Loopback Interfaces 

Configure the loopback interface on each router to allow for an interface that will not go down due to network 

change or failure. You can accomplish this by typing interface loopback # at the global configuration 

mode prompt, where the # represents the number of the loopback interface from 0 to 2,147,483,647. 

London(config)#interface loopback 0 

London(config-if)#ip address 192.168.31.11 255.255.255.255 


Ottawa(config)#interface loopback 0 

Ottawa(config-if)#ip address 192.168.31.22 255.255.255.255 


Brasilia(config)#interface loopback 0 

Brasilia(config-if)#ip address 192.168.31.33 255.255.255.255 


Task 12: Save the Configuration Information for All the Routers 

After you save the configurations on all the routers, power them down and back up again. 


Step 1. Type the command show ip ospf neighbor on all routers to verify that the OSPF routing has 

formed adjacencies. 

Is a designated router identified? Yes 

What are the Router ID and link address of the DR? 


Is there a backup designated router? Yes 

What are the Router ID and link address of the BDR? 


What is the third router referred to as? DROTHER 

What is that router’s ID and link address? 


Step 2. Type the command show ip ospf neighbor detail for more information. 

What is the neighbor priority of 192.168.1.1 from router Brasilia? 1 

Which interface is identified as being part of area 0? FastEthernet0/0

Task 14: Verify OSPF Interface Configuration 

Type show ip ospf interface fastethernet 0 on the London router. 

What is the OSPF state of the interface? DROTHER 

What is the default priority of the interface? 1 

What is the network type of the interface? Broadcast 

Task 15: Configure London to Always Be the DR 

Step 1. To ensure that the London router always becomes the DR for this multiaccess segment, you 

must set the OSPF priority. London is the most powerful router in the network, so it is best 

suited to become the DR. Giving London’s loopback a higher IP address is not advised because 

the numbering system has advantages for troubleshooting. Also, London is not to act as the DR 

for all segments to which it might belong. 

Step 2. Set the priority of the interface to 50 on the London router only. 

London(config)#interface fastethernet 0/0 

London(config-if)#ip ospf priority 50 


Step 3. Display the priority for interface FastEthernet 0/0. 

London#show ip ospf interface fastethernet 0/0 

Task 16: Watch the Election Process 

To watch the OSPF election process, restart all the routers. As soon as the router prompt is available, type 

the following: 

Ottawa>enable 

Ottawa#debug ip ospf events 

Which router was elected DR? London 

Which router was elected BDR? Brasilia 

Why? 

It has the higher priority. 

To turn off all debugging, type undebug all. 


Type the command show ip ospf neighbor on the Ottawa router to verify that the OSPF routing has 

formed adjacencies. 

What is the priority of the DR? 50 



store the cables and adapter.


Curriculum Lab 2-3: Modifying OSPF Cost Metric (2.3.3) 





Router 1 Cairo OSPF 192.168.1.0 

Router 2 Moscow OSPF 192.168.1.0 

192.168.0.0 




Area 0 




Serial Cable 

Router IP Host Fast Ethernet 0 Interface Type Serial 0 Address/ 

Designation Table Entry Address/Subnet Mask Serial 0 Subnet Mask 

Router 1 Moscow 192.168.1.129/26 DCE 192.168.1.1/30 

Router 2 Cairo 192.168.0.1/24 DTE 192.168.1.2/30 

The interface type and address/subnet mask for the serial 1 interface on both routers are not applicable for 

this lab. 

The “IP Host Table Entry” column contents indicate the names of the other routers in the IP host table.

Objectives 

■ Set up an IP addressing scheme for the OSPF area. 


■ Modify the OSPF cost metric on an interface. 











On the routers, enter the global configuration mode and configure the hostname, console, virtual terminal, 

and enable passwords. Next, configure the interfaces and IP hostnames according to the Lab Equipment 

Configuration tables, Tables 2-5 and 2-6. If you have problems configuring the router basics, refer to Lab 

1-2, “Review of Basic Router Configuring with RIP.” 


192.168.1.0/30 and 192.168.1.128/26 networks. 

Note: Do not configure the routing protocol until you are specifically told to. 

Cairo 

Router>enable 


Router(config)#hostname Cairo 

Cairo(config)#enable secret class 

Cairo(config)#line console 0 

Cairo(config-line)#password cisco 

Cairo(config-line)#login 

Cairo(config-line)#line vty 0 4 

Cairo(config-line)#password cisco 

Cairo(config-line)#login 

Cairo(config-line)#exit 

Cairo(config)#interface serial 0/0 

Cairo(config-if)#ip address 192.168.1.1 255.255.255.252 

Cairo(config-if)#clockrate 64000 

Cairo(config-if)#no shutdown 

Cairo(config-if)#interface fastethernet 0/0 

Cairo(config-if)#ip address 192.168.1.129 255.255.255.128 

Cairo(config-if)#no shutdown 

Cairo(config-if)#exit 



Cairo(config)#ip host Moscow 192.168.0.1 192.168.1.2 

Cairo(config)#exit 

Moscow 

Router>enable 


Router(config)#hostname Moscow 

Moscow(config)#enable password cisco 

Moscow(config)#enable secret class 

Moscow(config)#line console 0 

Moscow(config-line)#password cisco 

Moscow(config-line)#login 

Moscow(config-line)#line vty 0 4 

Moscow(config-line)#password cisco 

Moscow(config-line)#login 

Moscow(config-line)#exit 

Moscow(config)#interface serial 0/0 

Moscow(config-if)#ip address 192.168.1.2 255.255.255.252 

Moscow(config-if)#no shutdown 

Moscow(config-if)#interface fastethernet 0/0 

Moscow(config-if)#ip address 192.168.0.1 255.255.255.0 

Moscow(config-if)#no shutdown 

Moscow(config-if)#exit 

Moscow(config)#ip host Cairo 192.168.1.129 192.168.1.1 

Moscow(config)#exit 



Cairo#copy running-config startup-config 


Moscow#copy running-config startup-config 



Saving the configuration will allow the router to keep the configuration after a reload or power down. 



Host connected to router Cairo 

IP address: 192.168.1.130 

Subnet mask: 255.255.255.192 


Host connected to router Moscow 

IP address: 192.168.0.2 

Subnet mask: 255.255.255.0 

Default gateway: 192.168.0.1






tasks demonstrate the process that is required to get communication working while using OSPF 

as the routing protocol. 



Cairo#show running-config 

[…] 

hostname Cairo 

! 

enable secret 5 $1$hGOQ$I7bGdq5INLFy2ZT4.5CdY/ 

enable password cisco 

! 


! 


ip address 192.168.1.129 255.255.255.192 

speed auto 

! 


ip address 192.168.1.1 255.255.255.252 


! 


no ip address 

shutdown 

! 

ip classless 

no ip http server 

! 

! 

line con 0 


login 

line aux 0 

line vty 0 4 


login 

! 

no scheduler allocate 

end 





Cairo: 


■ Serial 0: Up 

Moscow: 



Step 3. Ping from one of the connected router serial interfaces to the other. 


If the ping was not successful, troubleshoot the router configuration until the ping is successful. 

Task 5: Configure OSPF Routing on Router Cairo 

Step 1. Configure OSPF routing on each router. Use OSPF process number 1 and ensure that all networks 

are in area 0. 

Cairo(config)#router ospf 1 

Cairo(config-router)#network 192.168.1.128 0.0.0.63 area 0 

Cairo(config-router)#network 192.168.1.0 0.0.0.3 area 0 

Cairo(config-router)#end 

Step 2. Examine the running configuration file. 


What did it add? log-adjacency-changes 


Cairo(config)#router ospf 1 

Cairo(config-router)#log-adjacency-changes 

Cairo(config-router)#end 

Step 4. Show the routing table for the Cairo router. 

Cairo#show ip route 


Why? 

Other routers have not been configured to send out OSPF updates yet. 

Task 6: Configure OSPF Routing on the Moscow Router 


are in area 0. 

Moscow(config)#router ospf 1 

Moscow(config-router)#network 192.168.0 .0 0.0.0.255 area 0 

Moscow(config-router)#network 192.168.1.0 0.0.0.3 area 0 

Moscow(config-router)#end

Step 2. Examine the running configuration file. 



Moscow(config)#router ospf 1 

Moscow(config-router)#log-adjacency-changes 

Moscow(config-router)#end 

Task 7: Show the Routing Table Entries 

Show the routing table entries for the Cairo router. 

Cairo#show ip route 

Does the routing table have OSPF entries now? Yes 

What is the metric value of the OSPF route? 110 

What is the VIA address in the OSPF route? 192.168.1.2 

Are routes to all networks shown in the routing table? Yes 

What does the O mean in the first column of the routing table? 

The route was learned by OSPF. 


Ping the Cairo host from the Moscow host. Was it successful? Yes 


Task 9: Look at the OSPF Cost on the Cairo Router Interfaces 

Show the properties of the Cairo router serial and Fast Ethernet interfaces by using the show interfaces 


What is the default bandwidth of the interfaces? 

■ Serial interface: BW 1544 kbps 

■ Fast Ethernet interface: BW 100000 kbps 

Calculate the OSPF cost. 

■ Serial interface: 64 

■ Fast Ethernet interface: 1 

Table 2-7 OSPF Cost Calculations for Common Link Types 

Link Bandwidth Default OSPF Cost 

56 kbps 1785 

T1 64 

10-Mbps Ethernet 10 

16-Mbps Token Ring 6 

FDDI/Fast Ethernet 1 



Task 10: Record the OSPF Cost of the Serial and Fast Ethernet 

Interfaces 

Using the show ip ospf interface command, record the OSPF cost of the serial and Fast Ethernet interfaces: 

■ OSPF cost of serial interface: 64 

■ OSPF cost of Ethernet interface: 1 

Do these agree with the calculations? Yes 

The clock rate set for the interface should have been 64,000. This is what has been used as a default to this 

point and specified in Lab 1-2, “Review of Basic Router Configuring with RIP.” Therefore, to calculate the 

cost of this bandwidth, you need to divide 10 8 by 64,000. 

Task 11: Manually Set the Cost on the Serial Interface 

On the serial interface of the Cairo router, set the OSPF cost to 1562 by typing ip ospf cost 1562 at the 

serial interface configuration mode prompt. 

Cairo(config)#interface serial 0/0 

Cairo(config-if)#ip ospf cost 1562 

Cairo(config-if)#end 

Task 12: Verify Cost 

Note that it is essential that all connected links agree about the cost for consistent calculation of the SPF in 

an area. 

Step 1. Verify that the interface OSPF cost was successfully modified. 

Cairo#show ip ospf interface 

Serial0/0 is up, line protocol is up 

Internet Address 192.168.1.1/30, Area 0 

Process ID 1, Router ID 192.168.1.129, Network Type POINT_TO_POINT 

Cost: 1562 

Transmit Delay is 1 sec, State POINT_TO_POINT, 

Step 2. Reverse the effect of this command by entering the command no ip ospf cost in interface configuration 

mode. 

Step 3. Verify that the default cost for the interface has returned. 



Process ID 1, Router ID 192.168.1.129, Network Type POINT_TO_POINT, 

Cost: 64 


Step 4. Enter the command bandwidth 2000 at the serial 0 interface configuration mode prompt. 

Record the new OSPF cost of the serial interface. 50 

Can the OSPF cost of an Ethernet interface be modified in this way? Yes 

You can set the speed on an Ethernet interface. Will this affect the OSPF cost of that interface? 

Yes

Step 5. Verify or explain the previous answer. 

You cannot change the speed on the Ethernet interfaces of 2500 series routers. You can change 

the bandwidth used in calculations with the bandwidth command. On routers with Fast 

Ethernet, you can change the speed on a Fast Ethernet interface with the speed command. 

Once changed, OSPF will use the new speed as the bandwidth variable for the cost calculation. 

FastEthernet0/0 is up, line protocol is up 


Process ID 1, Router ID 192.168.1.129, Network Type BROADCAST, Cost: 

50 

Transmit Delay is 1 sec, State DR, Priority 1 

Step 6. Reset the bandwidth on the serial interface by using no bandwidth 2000 at the serial 0 interface 

configuration mode prompt. 



Curriculum Lab 2-4: Configuring OSPF Authentication 

(2.3.4) 




Area 0 




Serial Cable 



Router 1 Dublin OSPF 192.168.1.0 

Router 2 Washington OSPF 192.168.1.0 

192.168.0.0





Router IP Host Fast Ethernet 0 Inter-face Serial 0 Address/ Loopback 0 

Designation Table Entry Address/Subnet Type Serial 0 Subnet Mask Address/ 

Mask Subnet Mask 

Router 1 Washington 192.168.1.129/26 DCE 192.168.1.1/30 192.168.31.11/32 

Router 2 Dublin 192.168.0.1/24 DTE 192.168.1.2/30 192.168.31.22/32 


this lab. 


Objectives 



■ Introduce OSPF authentication into the area. 











On the routers, enter global configuration mode and configure the hostname, console, virtual terminal, and 

enable passwords. Next, configure the interfaces and IP hostnames according to the Lab Equipment 

Configuration tables, Tables 2-8 and 2-9. If you have problems configuring the router basics, refer to Lab 

1-2, “Review of Basic Router Configuring with RIP.” 




Dublin 

Router>enable 


Router(config)#hostname Dublin 

Dublin(config)#enable secret class 

Dublin(config)#line console 0

Dublin(config-line)#password cisco 

Dublin(config-line)#login 

Dublin(config-line)#line vty 0 4 

Dublin(config-line)#password cisco 

Dublin(config-line)#login 

Dublin(config-line)#exit 

Dublin(config)#interface loopback 0 

Dublin(config-if)#ip address 192.168.31.11 255.255.255.255 

Dublin(config-if)#interface serial 0 


Dublin(config-if)#clockrate 64000 

Dublin(config-if)#no shutdown 

Dublin(config-if)#interface fastethernet 0/0 


Dublin(config-if)#no shutdown 

Dublin(config-if)#exit 

Dublin(config)#ip host Washington 192.168.0.1 192.168.1.2 

Dublin(config)#exit 

Washington 

Router>enable 


Router(config)#hostname Washington 

Washington(config)#enable secret class 

Washington(config)#line console 0 

Washington(config-line)#password cisco 

Washington(config-line)#login 

Washington(config-line)#line vty 0 4 

Washington(config-line)#password cisco 

Washington(config-line)#login 

Washington(config-line)#exit 

Washington(config)#interface loopback 0 

Washington(config-if)#ip address 192.168.31.22 255.255.255.255 

Washington(config-if)#interface serial 0 


Washington(config-if)#no shutdown 

Washington(config-if)#interface fastethernet 0/0 


Washington(config-if)#no shutdown 

Washington(config-if)#exit 

Washington(config)#ip host Dublin 192.168.1.129 192.168.1.1 

Washington(config)#exit 





Dublin#copy running-config startup-config 


Washington#copy running-config startup-config 






Host connected to router Dublin 

IP address: 192.168.1.130 

Subnet mask: 255.255.255.192 


Host connected to router Washington 

IP address: 192.168.0.2 

Subnet mask: 255.255.255.0 







tasks demonstrate the process required to get communication working by using OSPF as the 

routing protocol. 


Ping from one of the connected router serial interfaces to the other. 


If the ping was not successful, troubleshoot the router’s configurations until the ping is successful. 

Task 5: Configure OSPF Routing on Both Routers 


are in area 0. Refer to Lab 2-2, “Configuring OSPF with Loopback Addresses,” for a 

review on configuring OSPF routing. 

Dublin(config)#router ospf 1 

Dublin(config-router)#network 192.168.1.128 0.0.0.127 area 0 

Dublin(config-router)#network 192.168.1.0 0.0.0.3 area 0 

Dublin(config-router)#end

Washington(config)#router ospf 1 

Washington(config-router)#network 192.168.0.0 0.0.0.255 area 0 

Washington(config-router)#network 192.168.1.0 0.0.0.3 area 0 

Washington(config-router)#end 

Step 2. Examine the Dublin router running the configuration file. Did the IOS version automatically 

add lines under router OSPF 1? Yes 

Step 3. Show the routing table for the Dublin router. 

Dublin#show ip route 

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - 

BGP 




i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS 

inter area 





O 192.168.0.0/24 [110/51] via 192.168.1.2, 00:14:23, Serial0/0 




Do entries exist in the routing table? Yes 

Why? 

Because a routing protocol has been configured and routing updates are being made. 


Ping the Dublin host from the Washington host. Was it successful? Yes 


Task 7: Set Up OSPF Authentication 

OSPF authentication is being established on the routers in the network. First, introduce authentication only 

on the Dublin router. 

In interface configuration mode on serial 0, enter the command ip ospf message-digest-key 1 md5 7 

asecret. 

Dublin(config)#interface Serial 0 

Dublin(config-if)#ip ospf message-digest-key 1 md5 ? 

Encryption type (0 for not yet encrypted, 7 for proprietary) 

Dublin(config-if)#ip ospf message-digest-key 1 md5 7 ? 

LINE The OSPF password (key) 

Dublin(config-if)#ip ospf message-digest-key 1 md5 7 asecret 

What is the OSPF password that is being used for MD5 authentication? asecret 

What encryption type is being used? Type 7 



Task 8: Enable OSPF Authentication in this Area, Area 0 

Dublin(config-if)#router ospf 1 

Dublin(config-router)#area 0 authentication 

Step 1. Wait for a few seconds. Does the router generate output? Yes 

Step 2. Enter the command show ip ospf neighbor. 

Are there OSPF neighbors? No 

Step 3. Examine the routing table by entering show ip route. 

Are there OSPF routes in the Dublin router routing table? No 

Can the Dublin host ping the Washington host? No 

Step 4. Enter configuration commands, one per line. End with Ctrl-Z. 

Washington#configure terminal 

Washington(config)#interface serial 0 

Washington(config-if)#ip ospf message-digest-key 1 md5 7 asecret 

Washington(config-if)#router ospf 1 

Washington(config-router)#area 0 authentication 

Step 5. Verify that there is an OSPF neighbor by entering the show ip ospf neighbor command. 

Neighbor ID Pri State Dead Time Address Interface 

192.168.1.129 1 FULL/ - 00:00:38 192.168.1.1 Serial0 

Step 6. Show the routing table by typing show ip route. 

Washington#show ip route 


BGP 





inter area 








O 192.168.1.128/26 [110/791] via 192.168.1.1, 00:18:41, Serial0/0 

Step 7. Ping the Washington host from Dublin. If it is not successful, troubleshoot as necessary. 



Curriculum Lab 2-5: Configuring OSPF Timers (2.3.5) 





Router 1 Sydney OSPF 192.168.1.0 

Router 2 Rome OSPF 192.168.1.0 

192.168.0.0 




Area 0 




Serial Cable 


Router IP Host Fast Ethernet 0 Inter-face Serial 0 Address/ Loopback 0 

Designation Table Entry Address/Subnet Type Serial 0 Subnet Mask Address/ 

Mask Subnet Mask 

Router 1 Rome 192.168.1.129/26 DCE 192.168.1.1/30 192.168.31.11/32 

Router 2 Sydney 192.168.0.1/24 DTE 192.168.1.2/30 192.168.31.22/32 


this lab. 

The “IP Host Table Entry” column contents indicate the names of the other routers in the IP host table.


Objectives 



■ Modify OSPF interface timers to adjust efficiency of the network. 












Configuration tables, Tables 2-10 and 2-11. If you have problems configuring the router basics, refer to 

Lab 1-2, “Review of Basic Router Configuring with RIP.” 




Sydney 

Router>enable 


Router(config)#hostname Sydney 

Sydney(config)#enable secret class 

Sydney(config)#line console 0 

Sydney(config-line)#password cisco 

Sydney(config-line)#login 

Sydney(config-line)#line vty 0 4 

Sydney(config-line)#password cisco 

Sydney(config-line)#login 

Sydney(config-line)#exit 

Sydney(config)#interface loopback 0 

Sydney(config-if)#ip address 192.168.31.11 255.255.255.255 

Sydney(config-if)#interface serial 0 


Sydney(config-if)#clockrate 64000 

Sydney(config-if)#no shutdown 

Sydney(config-if)#interface FastEthernet 0 


Sydney(config-if)#no shutdown 

Sydney(config-if)#exit

Sydney(config)#ip host Rome 192.168.0.1 192.168.1.2 

Sydney(config)#exit 

Rome Router>enable 


Router(config)#hostname Rome 

Rome(config)#enable secret class 

Rome(config)#line console 0 

Rome(config-line)#password cisco 

Rome(config-line)#login 

Rome(config-line)#line vty 0 4 

Rome(config-line)#password cisco 

Rome(config-line)#login 

Rome(config-line)#exit 

Rome(config)#interface loopback 0 

Rome(config-if)#ip address 192.168.31.22 255.255.255.255 

Rome(config-if)#interface serial 0 


Rome(config-if)#no shutdown 

Rome(config-if)#interface FastEthernet 0 


Rome(config-if)#no shutdown 

Rome(config-if)#exit 

Rome(config)#ip host Sydney 192.168.1.129 192.168.1.1 

Rome(config)#exit 



Sydney#copy running-config startup-config 


Rome#copy running-config startup-config 






Host connected to router Sydney 

IP address: 192.168.1.130 

Subnet mask: 255.255.255.192 





IP address: 192.168.0.2 

Subnet mask: 255.255.255.0 







tasks demonstrate the process that is required to get communication working by using OSPF as 

the routing protocol. 


Ping from one of the connected serial interfaces to the other. 


If the ping was not successful, troubleshoot the router configurations until the ping is successful. 

Task 5: Configure OSPF Routing on both Routers 


are in area 0. Refer to Lab 2-2, “Configuring OSPF with Loopback Interfaces,” for a 


Sydney(config)#router ospf 1 

Sydney(config-router)#network 192.168.1.128 0.0.0.127 area 0 

Sydney(config-router)#network 192.168.1.0 0.0.0.3 area 0 

Sydney(config-router)#end 

Rome(config)#router ospf 1 

Rome(config-router)#network 192.168.0.0 0.0.0.255 area 0 

Rome(config-router)#network 192.168.1.0 0.0.0.3 area 0 

Rome(config-router)#end 


Step 2. Show the routing table for the Sydney router. 

Sydney#show ip route 



Ping the Sydney host from the Rome host. Was it successful? Yes 

If not, troubleshoot as necessary.

Task 7: Observe OSPF Traffic 

Step 1. At privileged EXEC mode, type the command debug ip ospf events and observe the output. 

How frequently are Hello messages sent? Every 10 seconds 

Where are Hello messages coming from? 

Hello messages are coming from 192.168.31.22 area 0 on the local Serial0 interface with the 

address 192.168.1.2 

Step 2. Turn off debugging by typing no debug ip ospf events or undebug all. 

Task 8: Show Interface Timer Information 

Show the hello and dead interval timers on the Sydney router Ethernet and serial interfaces by entering the 

command show ip ospf interface in privileged EXEC mode. 

Record the Hello and Dead interval timers for these interfaces: 

■ Hello interval: 10 

■ Dead interval: 40 

What is the purpose of the dead interval? 

It specifies the amount of time wait while Hellos are not being received before flagging the router as being 

down. 

Task 9: Modify the OSPF Timers 

Step 1. Modify the Hello and Dead interval timers to smaller values to try to improve performance. On 

the Sydney router only, enter the commands ip ospf hello-interval 5 and ip ospf dead-interval 

20 for interface serial 0. 

Sydney(config)#interface Serial 0 

Sydney(config-if)#ip ospf hello-interval 5 

Sydney(config-if)#ip ospf dead-interval 20 

Step 2. Wait for a minute and then enter the command show ip ospf neighbor. 

Do OSPF neighbors exist? No 

Task 10: Examine the Routing Table 

Examine the Sydney router routing table by entering show ip route. 

Do OSPF routes exist in the table? No 

Can the Sydney host ping the Rome host? No 

Task 11: Look at the OSPF Data Transmissions 

Enter the command debug ip ospf events in privileged EXEC mode. 

Is there an issue that is identified? Yes 

If there is, what is the issue? 

Hello and Dead intervals are mismatched. 



Task 12: Check the Rome Router Routing Table Status 

On the Rome router, check the routing table by typing show ip route. 

Do OSPF routes exist in the table? No 

Task 13: Set the Rome Router Interval Timers 

Step 1. Match the timer values on the Rome serial link with the Sydney router. 

Rome(config)#interface serial 0 

Rome(config-if)#ip ospf hello-interval 5 

Rome(config-if)#ip ospf dead-interval 20 

Step 2. Verify the OSPF neighbor by entering the show ip ospf neighbor command. 


192.168.31.11 1 FULL/ - 00:00:17 192.168.1.1 Serial0 

Step 3. Show the routing table by typing show ip route. 

Rome#show ip route 


BGP 





inter area 






C 192.168.0.0/24 is directly connected, Ethernet0 



O 192.168.1.128/25 [110/782] via 192.168.1.1, 00:00:12, Serial0 

Do OSPF routes exist in the table? Yes 

Step 4. Ping the Rome host from Sydney. If this is not successful, troubleshoot the configurations. 

Task 14: Reset the Router’s Interval Timers to the Default Values 

Use the no form of the ip ospf hello-interval and the ip ospf dead-interval to reset the OSPF timers back 

to their default values. 

Task 15: Verify that the Interval Timers Are Returned to the 

Default Values 

Use the show ip ospf interface command to verify that the timers are reset to their default values. 

Are the values back to the default? Yes 

If not, repeat Task 14 and verify again.



Curriculum Lab 2-6: Propagating Default Routes in an 

OSPF Domain (2.3.6) 


Router 2 




Router Router Routing Network Statements Loopback 0 Address/ 

Designation Name Protocol Subnet Mask 

Router 1 Tokyo OSPF 192.168.1.0 192.168.31.11/32 

Router 2 Madrid OSPF 192.168.1.0 192.168.0.0 192.168.31.22/32 

The enable secret password for all routers is class. 

The enable, VTY, and console passwords for each router is cisco. 

DTE 

DTE 

DCE DCE 


Area 0 


Serial Cable 




Router IP Host Fast Ethernet 0 Interface Serial 0 Address/ Inter-face Serial 1 

Designation Table Entry Address/Subnet Type Subnet Mask Type Serial 1 Address/ 

Mask Serial 0 Subnet Mask 

Router 1 Madrid 192.168.1.129/26 DCE 192.168.1.1/30 N/A N/A 

Router 2 Tokyo 192.168.0.1/24 DTE 192.168.1.2/30 DTE 200.20.20.2/30 


Objectives 



■ Configure the OSPF network so that all hosts in an OSPF area can connect to outside networks. 









Task 1: Configure the ISP Router 

Normally, the ISP would configure the ISP router (Router 3). For the purpose of this lab, after you erase 

the old configuration, configure the ISP router (Router 3) by typing the following: 

Router>enable 


Router(config)#hostname ISP 

ISP(config)#line vty 0 4 



ISP(config-line)#interface serial 1 


ISP(config-if)#clock rate 64000 

ISP(config-if)#no shutdown 

ISP(config-if)#interface loopback 0 


ISP(config-if)#exit 



ISP(config)#end 

ISP#copy running-config startup-config 


Building configuration... 

[OK] 

ISP#

Task 2: Configure the Area 0 OSPF Routers 



Configuration tables, Tables 2-12 and 2-13. If you have problems configuring the router basics, refer to 

Lab 1-2, “Review of Basic Router Configuring with RIP.” 


Tokyo 

Router>enable 


Router(config)#hostname Tokyo 

Tokyo(config)#enable secret class 

Tokyo(config)#line console 0 

Tokyo(config-line)#password cisco 

Tokyo(config-line)#login 

Tokyo(config-line)#line vty 0 4 

Tokyo(config-line)#password cisco 

Tokyo(config-line)#login 

Tokyo(config-line)#exit 

Tokyo(config)#interface loopback 0 

Tokyo(config-if)#ip address 192.168.31.11 255.255.255.255 

Tokyo(config-if)#interface serial 0 


Tokyo(config-if)#clockrate 64000 

Tokyo(config-if)#no shutdown 

Tokyo(config-if)#interface fastethernet 0 


Tokyo(config-if)#no shutdown 

Tokyo(config-if)#exit 

Tokyo(config)#ip host Madrid 192.168.0.1 192.168.1.2 

Tokyo(config)#exit 

Madrid 

Router>enable 


Router(config)#hostname Madrid 

Madrid(config)#enable secret class 

Madrid(config)#line console 0 

Madrid(config-line)#password cisco 

Madrid(config-line)#login 

Madrid(config-line)#line vty 0 4 

Madrid(config-line)#password cisco 

Madrid(config-line)#login 

Madrid(config-line)#exit 

Madrid(config)#interface loopback 0 

Madrid(config-if)#ip address 192.168.31.22 255.255.255.255 



Madrid(config-if)#interface serial 0 


Madrid(config-if)#no shutdown 

Madrid(config-if)#interface serial 1 



Madrid(config-if)#interface fastethernet 0 



Madrid(config-if)#exit 

Madrid(config)#ip host Tokyo 192.168.1.129 192.168.1.1 

Madrid(config)#exit 



Tokyo#copy running-config startup-config 


Madrid#copy running-config startup-config 






Host connected to router Sydney 

IP address: 192.168.1.130 

Subnet mask: 255.255.255.192 



IP address: 192.168.0.2 

Subnet mask: 255.255.255.0 







tasks demonstrate the process that is required to get communication working by using OSPF as 

the routing protocol.


Ping from the Madrid router to both the Tokyo and ISP routers. 

Madrid#ping 192.168.1.1 



!!!!! 


Madrid#ping 200.20.20.1 



!!!!! 



If the ping was not successful, troubleshoot the router configurations until the ping is successful. 

Task 6: Configure OSPF Routing on Both Area 0 Routers 


are in area 0. Refer to Lab 2-2, “Configuring OSPF with Loopback Addresses,” for a 


Tokyo(config)#router ospf 1 

Tokyo(config-router)#network 192.168.1.128 0.0.0.127 area 0 

Tokyo(config-router)#network 192.168.1.0 0.0.0.3 area 0 

Tokyo(config-router)#end 

Madrid(config)#router ospf 1 

Madrid(config-router)#network 192.168.0.0 0.0.0.255 area 0 

Madrid(config-router)#network 192.168.1.0 0.0.0.3 area 0 

Madrid(config-router)#end 


Step 2. Show the routing table for the Tokyo router. 

Tokyo#show ip route 


BGP 





inter area 






O 192.168.0.0/24 [110/65] via 192.168.1.2, 00:00:14, Serial0 








Ping the Tokyo host from the Madrid host. Was it successful? Yes 


Task 8: Observe OSPF Traffic 

Step 1. At privileged EXEC mode, type the command debug ip ospf events and observe the output. 

Is there OSPF traffic? Yes 

Step 2. Turn off debugging by typing no debug ip ospf events or undebug all. 

Task 9: Create a Default Route to the ISP 

On the Madrid router only, type a static default route via the serial 1 interface. 

Madrid(config)#ip route 0.0.0.0 0.0.0.0 200.200.200.1 

Task 10: Verify the Default Static Route 

Verify the default static route by looking at the Madrid routing table. 

Madrid#show ip route 

01:12:26: %SYS-5-CONFIG_I: Configured from console by consolehow ip 

route 


BGP 





inter area 











O 192.168.1.128/24 [110/782] via 192.168.1.1, 00:01:44, Serial0 

S* 0.0.0.0/0 [1/0] via 200.20.20.1 

Is the default route in the routing table? Yes

Task 11: Verify Connectivity from the Madrid Router 

Step 1. Verify connectivity from the Madrid router by pinging the ISP serial 1 interface from the 

Madrid router. 

Can the interface be pinged? Yes 

Step 2. Ping from a DOS window on the host that is attached to the Madrid router Fast Ethernet interface 

to the ISP router serial 1 interface. 

Can the interface be pinged? Yes 

Step 3. Ping again from the host to the loopback address on the ISP router, which represents the ISP 

connection to the Internet. 

Can the loopback interface be pinged? Yes 

Step 4. All these pings should be successful. If they are not, troubleshoot the configurations on the host 

and the Madrid and ISP routers. 

Task 12: Verify Connectivity from the Tokyo Router 

Verify connectivity from the Tokyo router by pinging the ISP router serial 1 interface from the Tokyo 

router. 

Can the interface be pinged? No 

If yes, why? If not, why not? 

There is no route to the ISP router. 

Task 13: Redistribute the Static Default Route 

Propagate the gateway of last resort to the other routers in the OSPF domain. At the configure router 

prompt on the Madrid router, type default-information originate. 

Madrid(config-router)#default-information originate 

Does a default route now exist on the Tokyo router? Yes 

What is the address of the gateway of last resort? 192.168.1.2 

There is an O*E2 entry in the routing table. What type of route is it? 

OSPF external route type 2 

Can the ISP server address at 138.25.16.33 be pinged from both workstations? Yes 

If not, troubleshoot both hosts and all three routers. 





Comprehensive Lab 2-7: OSPF Configuration 

Figure 2-16 OSPF Configuration 

Table 2-14 Lab 2-7 Addressing Scheme 


RTA Fa0/0 192.168.1.1 255.255.255.192 

S0/1 192.168.1.245 255.255.255.252 

S0/0 192.168.1.254 255.255.255.252 

Lo0 209.165.202.129 255.255.255.255 

RTB S0/1 192.168.1.246 255.255.255.192 

Fa0/0 192.168.1.65 255.255.255.192 

S0/0 192.168.1.249 255.255.255.252 

RTC S0/1 192.168.1.250 255.255.255.252 

Objectives 

192.168.1.128/26 

■ Configure OSPF routing 

■ Modify OSPF cost 

Fa0/0 192.168.1.129 255.255.255.192 

S0/0 192.168.1.253 255.255.255.252 

■ Configure MD5 authentication 

■ Adjust OSPF timers 

Address Space 

192.168.1.0/24 

Fa0/0 

■ Configure and propagate a default route 

S0/0 

192.168.1.0/26 

Fa0/0 

RTA 

S0/1 

DCE 

192.168.1.252/30 192.168.1.244/30 

OSPF 

Area 0 

T1 T1 

S0/0 

DCE 

S0/1 

RTC 

S0/1 

386 kps 

192.168.1.248/30 S0/0 

DCE 

RTB 

Simulated ISP Link 

Lo0 209.165.202.129/32 

192.168.1.64/26 

Fa0/0

Equipment 


of 1700, 2500, and 2600 series routers. Connectivity to an ISP is simulated with a loopback interface 

on RTA. 


This lab is fully compatible with a standard NetLab three router pod. 


Step 1. Cable the topology as shown. If DCE/DTE connections and interfaces are different from those 

shown in Figure 2-16 and the table, relabel the figure to match your connections. 

Step 2. Configure the routers with basic router configurations, including 




■ IOS-specific commands (e.g. ip subnet-zero with IOS versions prior to 12) 

Step 3. The following is a basic configuration for RTA: 







*********************************** 


*********************************** 

& 






RTA(config-line)#line aux 0 














Task 2: Configure Interfaces and OSPF Routing 


interface addresses. To simulate an ISP connection, use the following configuration on RTA: 

RTA(config)#interface Loopback0 

RTA(config-if)#description Simulated Link to ISP 


Step 2. Configure OSPF routing on RTA, RTB, and RTC. Do not configure the simulated ISP loopback 

interface as part of OSPF. The configuration for RTA is as follows: 






Step 1. You should now have full connectivity between RTA, RTB, and RTC. Issue the show ip route 

command to verify full convergence. 

Routing table on RTA: 







area 







O 192.168.1.64/26 [110/65] via 192.168.1.246, 00:00:48, Serial0/1 


O 192.168.1.248/30 [110/128] via 192.168.1.246, 00:00:48, Serial0/1 

[110/128] via 192.168.1.253, 00:00:48, Serial0/0 



O 192.168.1.128/26 [110/65] via 192.168.1.253, 00:00:49, Serial0/0 

Step 2. Notice that RTA has four connected routes (including the simulated ISP link) and three OSPF 

routes. RTB and RTC should both have three connected routes and three OSPF routes. 

Step 3. Pings sourced from any router to a LAN interface on another router should succeed. 

RTA#ping 192.168.1.65 



!!!!!


RTA#ping 192.168.1.129 



!!!!! 


Task 4: Modify OSPF Cost 

Step 1. At this point, all routers are using the default bandwidth for serial interfaces: for 2500s and 

2600s, 1544 kbps; for 1700s, 128 kbps. Use the show interface serial command to view the 

bandwidth used to calculate cost. 

RTB#show interface s0/0 


Hardware is PowerQUICC Serial 

Description: Link to RTC 

Internet address is 192.168.1.249/30 

MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, 

reliability 255/255, txload 1/255, rxload 1/255 

(output omitted) 

Step 2. When RTB pings the LAN interface on RTC, it sends it directly to RTC even though the path 

through RTA is faster. 

RTB#traceroute 192.168.1.129 


Tracing the route to 192.168.1.129 

1 RTC (192.168.1.250) 16 msec * 12 msec 

RTB# 

Step 3. Configure both RTB and RTC with the correct bandwidth. 

RTB(config)#interface s0/0 


! 

RTC(config)#interface s0/1 


Step 4. Verify that RTB sends pings destined for the LAN on RTC to RTA, which then routes the ping 

to RTC. 

RTB#traceroute 192.168.1.129 


Tracing the route to 192.168.1.129 

1 RTA (192.168.1.245) 16 msec 12 msec 16 msec 

2 RTC (192.168.1.253) 28 msec * 16 msec 

RTB# 



Task 5: Configure MD5 Authentication 

Step 1. To make sure routing updates come from trusted sources, configure each router to use MD5 

authentication. The configuration for RTA follows: 





RTA(config-if)#router ospf 1 

RTA(config-router)#area 0 authentication message-digest 

Step 2. After configuring authentication on each router, neighbor adjacency will go to the DOWN state 

and then reinitialize. Make sure that all routing tables have reconverged by issuing the show ip 

route command. The table for RTA follows: 







area 







O 192.168.1.64/26 [110/65] via 192.168.1.246, 00:06:25, Serial0/1 


O 192.168.1.248/30 [110/323] via 192.168.1.246, 00:06:25, Serial0/1 

[110/323] via 192.168.1.253, 00:06:25, Serial0/0 



O 192.168.1.128/26 [110/65] via 192.168.1.253, 00:06:26, Serial0/0 

Step 3. You can verify authentication by using the show ip ospf command or the show ip ospf interface 


RTA#show ip ospf 

Routing Process “ospf 1” with ID 209.165.202.129 

Supports only single TOS(TOS0) routes 

Supports opaque LSA 

SPF schedule delay 5 secs, Hold time between two SPFs 10 secs 

Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs 

Number of external LSA 0. Checksum Sum 0x0 

Number of opaque AS LSA 0. Checksum Sum 0x0 

Number of DCbitless external and opaque AS LSA 0 

Number of DoNotAge external and opaque AS LSA 0 

Number of areas in this router is 1. 1 normal 0 stub 0 nssa 

External flood list length 0 

Area BACKBONE(0)

Number of interfaces in this area is 3 

Area has message digest authentication 

SPF algorithm executed 2 times 

Area ranges are 

Number of LSA 3. Checksum Sum 0x1F45E 

Number of opaque link LSA 0. Checksum Sum 0x0 

Number of DCbitless LSA 0 

Number of indication LSA 0 

Number of DoNotAge LSA 0 

Flood list length 0 

RTA#show ip ospf interface s0/0 



Process ID 1, Router ID 209.165.202.129, Network Type POINT_TO_POINT, Cost: 

64 


Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 

Hello due in 00:00:01 

Index 3/3, flood queue length 0 

Next 0x0(0)/0x0(0) 

Last flood scan length is 1, maximum is 1 

Last flood scan time is 0 msec, maximum is 0 msec 

Neighbor Count is 1, Adjacent neighbor count is 1 

Adjacent with neighbor 10.0.0.1 

Suppress hello for 0 neighbor(s) 

Message digest authentication enabled 

Youngest key id is 1 

Task 6: Adjust OSPF Timers 

Step 1. Notice in the previous output for show ip ospf interface that the Hello and dead interval timers 

are shown as 10 and 40, respectively. Configure these intervals to be 40 and 160 on all three 

routers. 


RTA(config-if)#ip ospf hello-interval 40 

RTA(config-if)#ip ospf dead-interval 160 


RTA(config-if)#ip ospf hello-interval 40 

RTA(config-if)#ip ospf dead-interval 160 


Step 2. Verify that all routers have full routing tables and have re-established neighbor adjacencies. If 

adjacency has not been re-established, you can use the debug ip ospf events command to find 

where there might be a timing mismatch. 







area 

* - candidate default, U - per-user static route, o - ODR







O 192.168.1.64/26 [110/65] via 192.168.1.246, 00:00:04, Serial0/1 


O 192.168.1.248/30 [110/323] via 192.168.1.246, 00:00:04, Serial0/1 

[110/323] via 192.168.1.253, 00:00:04, Serial0/0 



O 192.168.1.128/26 [110/65] via 192.168.1.253, 00:00:05, Serial0/0 

RTA#show ip ospf neighbor 


192.168.1.253 1 FULL/ - 00:02:19 192.168.1.253 Serial0/0 

192.168.1.249 1 FULL/ - 00:02:16 192.168.1.246 Serial0/1 

Task 7: Configure and Propagate a Default Route 

Step 1. Because the ISP is only simulated, RTA does not have a real default route. However, you can 

simulate a default route by configuring it to forward to a null interface. 

RTA(config)#ip route 0.0.0.0 0.0.0.0 null 0 

Step 2. Now, you can configure RTA to propagate the default route to RTB and RTC. 



Step 3. RTB and RTC should now be able to successfully ping the 209.165.202.129 interface, which 

verifies that both routers have a working default route. 

RTA hostname RTA 

! 

RTB#ping 209.165.202.129 



!!!!! 


RTC#ping 209.165.202.129 



!!!!! 



! 

ip subnet-zero


ip host RTB 192.168.1.246 192.168.1.249 

ip host RTC 192.168.1.253 192.168.1.250 

! 

! 


! 

description Simulated Link to ISP 

ip address 209.165.202.129 255.255.255.255 


! 

description RTA LAN 

ip address 192.168.1.1 255.255.255.192 


! 


ip address 192.168.1.254 255.255.255.252 

ip ospf message-digest-key 1 md5 7 allrouters 

ip ospf hello-interval 40 


no shutdown 


! 


ip address 192.168.1.245 255.255.255.252 




no shutdown 

router ospf 1 

! 

log-adjacency-changes 

area 0 authentication message-digest 

network 192.168.1.0 0.0.0.63 area 0 

network 192.168.1.244 0.0.0.3 area 0 

network 192.168.1.252 0.0.0.3 area 0 


ip classless 

ip route 0.0.0.0 0.0.0.0 Null0 


! 

! 

! 

banner motd & 

*********************************** 




*********************************** 

& 

! 

line con 0 




login 

line aux 0 




login 

line vty 0 4 

! 




login 

end 

RTB hostname RTB 

! 


! 



ip host RTC 192.168.1.250 192.168.1.253 

ip host RTA 192.168.1.245 192.168.1.254 

! 


! 

description RTB LAN 

ip address 192.168.1.65 255.255.255.192 

no shutdown 


! 


bandwidth 386 

ip address 192.168.1.249 255.255.255.252 




no shutdown 

!Adjust clock rate for the correct interface, if needed

! 


! 


ip address 192.168.1.246 255.255.255.252 



no shutdown 

router ospf 2 

! 



network 192.168.1.64 0.0.0.63 area 0 

network 192.168.1.244 0.0.0.3 area 0 

network 192.168.1.248 0.0.0.3 area 0 

ip classless 


! 

! 

snmp-server manager 

! 

banner motd & 

*********************************** 


*********************************** 

& 

! 

line con 0 




login 

line aux 0 




login 

line vty 0 4 

! 




login 

end 



RTC 

hostname RTC 

! 


! 



! 

! 


! 

description RTC LAN 

ip address 192.168.1.129 255.255.255.192 

no shutdown 


! 


ip address 192.168.1.253 255.255.255.252 



no shutdown 


! 



ip address 192.168.1.250 255.255.255.252 



no shutdown 

router ospf 3 

! 



network 192.168.1.128 0.0.0.63 area 0 

network 192.168.1.248 0.0.0.3 area 0 

network 192.168.1.252 0.0.0.3 area 0 

banner motd & 

*********************************** 


*********************************** 

& 

! 

line con 0




login 

line aux 0 




login 

line vty 0 4 

! 




login 

end 

Challenge Lab 2-8: OSPF Design and Configuration 

Figure 2-17 OSPF Design and Configuration 


209.165.202.129/32 

Address Space 

172.16.0.0/16 

Lo0 

209.165.201.0/30 

ISP 

S0/0 

DCE 

S0/0 

Production LAN Lo0 

Warehouse LAN Lo1 

Marketing LAN Lo2 

Management LAN Lo3 

Purchasing LAN Lo4 

HQ 

S0/1 

DCE 

1 

4 

T1 

East Region Lo0 

North Region Lo1 

South Region Lo2 

West Region Lo3 

International Lo4 

WAN 

S0/1 


172.16.0.0 / 18 

172.16.64.0 / 19 

172.16.96.0 / 20 

172.16.112.0 / 21 

172.16.120.0 / 22 

172.16.255.252 / 30 

Remote 

172.16.128.0 / 20 

172.16.144.0 / 20 

172.16.160.0 / 20 

172.16.176.0 / 20 

172.16.192.0 / 20


Table 2-15 Lab 2-8 Addressing Scheme 


ISP Lo0 209.165.202.129 255.255.255.255 

S0/0 209.165.201.1 255.255.255.252 

HQ S0/0 209.165.201.2 255.255.255.252 

S0/1 172.16.255.253 255.255.255.252 

Lo0 172.16.0.1 255.255.192.0 

Lo1 172.16.64.1 255.255.224.0 

Lo2 172.16.96.1 255.255.240.0 

Lo3 172.16.112.1 255.255.248.0 

Lo4 172.16.120.1 255.255.252.0 

REMOTE S0/1 172.16.255.254 255.255.255.252 

Objectives 

■ Design a VLSM addressing scheme. 

Lo0 172.16.128.1 255.255.240.0 

Lo1 172.16.144.1 255.255.240.0 

Lo2 172.16.160.1 255.255.240.0 

Lo3 172.16.176.1 255.255.240.0 

Lo4 172.16.192.1 255.255.240.0 




Equipment 






You are given the address space, 172.16.0.0/16. The five loopback interfaces on HQ and five loopback 

interfaces on REMOTE are used to simulate different parts of a global network. Use the following specifications 

to design your addressing scheme.

Table 2-16 LAN Addressing Specifications 

HQ Hosts Needed 

Production LAN 16,000 

Warehousing LAN 8000 

Marketing LAN 4000 

Management LAN 2000 

Purchasing LAN 1000 

REMOTE Hosts Needed 

Eastern Region 4000 

Northern Region 4000 

Western Region 4000 

Southern Region 4000 

International 4000 

Label the topology in Figure 2-17 with the networks and finish filling in the IP addresses in Table 2-16 

with your chosen addressing scheme. Use the first IP address in each subnet for the interface address. For 

the WAN link between HQ and REMOTE, assign HQ the first address. 

Task 2: Cable the Topology and Basic Configuration 

Step 1. Choose three routers and cable them according to the topology. You will not need any LAN 

interfaces or switches for this lab. (If using NetLab, choose a three router pod). 

Step 2. Configure the routers with basic configurations including interface addresses. 

Task 3: Configure OSPF Routing and Default Routing 

Step 1. Configure both HQ and REMOTE to use OSPF as the routing protocol. Enter the simulated 

LAN subnets and the WAN link between HQ and REMOTE. Do not advertise the 

209.165.201.0/30 network. 

Step 2. Configure ISP with a static route pointing the 172.16.0.0/16 Address Space. Configure HQ 

with a default route pointing to ISP. Configure HQ to advertise the default route to REMOTE. 

Step 3. Verify HQ and REMOTE routing tables. 

■ HQ should have seven directly connected routes, five OSPF routes, and one static route. 

■ REMOTE should have six directly connected routes, five OSPF routes, and one OSPF E2 route. 

■ Verify that REMOTE can ping the Simulated Web Server at 209.165.202.129. 

Task 4: Other OSPF Configurations 

Step 1. Change the OSPF hello interval to 20 seconds. 


Step 2. The link between HQ and REMOTE is a 1/4 T1. Change the bandwidth on both HQ and 

REMOTE to match the actual link speed. 

Step 3. Configure OSPF authentication with MD5 between HQ and REMOTE. Use “allrouters” as the key.


Task 5: Verification and Documentation 

Step 1. Capture the following verifications to a text file called verify.txt: 

■ Ping output from REMOTE pinging the Simulated Web Server. 

■ Capture show ip route on all three routers: ISP, HQ, and REMOTE. 

■ Capture show ip ospf, show ip ospf neighbor, and show ip ospf interface on HQ and REMOTE. 

Step 2. Capture the running configurations on all three routers to separate text files. Use the hostname 

of the router to name each text file. 

Step 3. Clean up the verify.txt, HQ.txt, REMOTE.txt, and ISP.txt files. Add appropriate notes to assist 

in your studies. 

ISP hostname ISP 

! 


! 

! 



! 


! 

description Simulated Public Web Server 

ip address 209.165.202.129 255.255.255.255 


! 

description Link to Customer 

ip address 209.165.201.1 255.255.255.252 

no shutdown 

ip route 172.16.0.0 255.255.0.0 Serial0/0 

! 

banner motd & 

*********************************** 


*********************************** 

& 

! 

line con 0 




login 

line aux 0 



logging synchronous

login 

line vty 0 4 

! 




login 

end 

HQ hostname HQ 

! 


! 



ip host ISP 209.165.201.1 

ip host REMOTE 172.16.255.254 

ip host WEB 209.165.202.129 

! 


! 

description Production LAN 

ip address 172.16.0.1 255.255.192.0 


! 

description Warehouse LAN 

ip address 172.16.64.1 255.255.224.0 


! 

description Marketing LAN 

ip address 172.16.96.1 255.255.240.0 


! 

description Management LAN 

ip address 172.16.112.1 255.255.248.0 


! 

description Purchasing LAN 

ip address 172.16.120.1 255.255.252.0 


! 


ip address 209.165.201.2 255.255.255.252 


no shutdown 




! 

description Link to REMOTE 


ip address 172.16.255.253 255.255.255.252 




no shutdown 

router ospf 1 

! 


network 172.16.0.0 0.0.63.255 area 0 

network 172.16.64.0 0.0.31.255 area 0 

network 172.16.96.0 0.0.15.255 area 0 

network 172.16.112.0 0.0.7.255 area 0 

network 172.16.120.0 0.0.3.255 area 0 

network 172.16.255.252 0.0.0.3 area 0 



! 

banner motd & 

*********************************** 


*********************************** 

& 

! 

line con 0 




login 

line aux 0 




login 

line vty 0 4 

! 




login 

end 

REMOTE

hostname REMOTE 

! 


! 



ip host ISP 209.165.201.1 

ip host WEB 209.165.202.129 

ip host HQ 172.16.255.253 

! 


! 

description East Region 

ip address 172.16.128.1 255.255.240.0 


! 

description North Region 

ip address 172.16.144.1 255.255.240.0 


! 

description South Region 

ip address 172.16.160.1 255.255.240.0 


! 

description West Region 

ip address 172.16.176.1 255.255.240.0 


! 

description International 

ip address 172.16.192.1 255.255.240.0 


! 

description Link to HQ 


ip address 172.16.255.254 255.255.255.252 



no shutdown 

router ospf 1 


network 172.16.128.0 0.0.15.255 area 0 

network 172.16.144.0 0.0.15.255 area 0 

network 172.16.160.0 0.0.15.255 area 0 

network 172.16.176.0 0.0.15.255 area 0 

network 172.16.192.0 0.0.15.255 area 0 

network 172.16.255.252 0.0.0.3 area 0 



! 

banner motd & 

*********************************** 


*********************************** 

& 

! 

line con 0 




login 

line aux 0 




login 

line vty 0 4 

! 




login 

end

CHAPTER 3 

EIGRP and Troubleshooting Routing Protocols 

The Study Guide portion of this chapter uses a combination of matching, fill in the blank, multiple choice, 

open-ended question, and unique custom exercises to test your knowledge on the theory of EIGRP concepts, 

EIGRP configuration, and basic routing protocol troubleshooting. 

The Lab Exercises portion of this chapter includes all of the online curriculum labs as well as a comprehensive 

lab and a challenge lab to ensure that you have mastered the practical, hands-on skills needed 

about EIGRP and routing troubleshooting.



EIGRP Concepts 

EIGRP is the enhanced version of the Cisco-proprietary Interior Gateway Routing Protocol (IGRP). The 

speed of convergence, ease of configuration, and blending of the best of both distance vector and link-state 

routing protocols make EIGRP the most powerful of IGPs. To get the absolute best of both worlds, use 

EIGRP if all of your equipment is from Cisco. 

The exercises in this section walk you through the terminology and concepts of EIGRP. Pay particular 

attention to the similarities and differences between EIGRP and other routing protocols. 


Directions: Match the definition on the left with a term on the right. This exercise is not necessarily a oneto-one 


However, all terms and definitions are used. 

Definition 

a. table that includes route entries for all destinations 

that the router has learned 

b. a route selected as the primary route to reach 

a destination 

c. table that ensures bidirectional communication 

between each of the directly connected 

neighbors 

d. a backup route kept in the topology table in 

case the primary route goes down 

e. used by EIGRP to discover, verify, and rediscover 

neighbor routers 

f. a route that is in a reachable and operational 

status 

g. guarantees loop-free operation at every 

instant throughout a route computation and 

allows all devices involved in a topology 

change to synchronize at the same time 

h. table in which EIGRP places the routes it 

chooses from the topology table as the best 

(successor) routes to a destination 

i. status of a route that has no feasible successors 

yet; router is waiting on replies from 

EIGRP routers 

j. used by EIGRP to guarantee ordered delivery 

of EIGRP packets to all neighbors 

k. used when a router discovers a new neighbor 

l. used when a router needs specific information 

from one or all of its neighbors 

Term 

d feasible successor 

e hello packets 

g Diffusing Update Algorithm 

j Reliable Transport Protocol 

c neighbor table 

k update packet 

a topology table 

l query packet 

b successor 

h routing table 

i active state 

f passive state


Directions: Complete the paragraphs that follow by filling in appropriate words and phrases. 

IGRP and EIGRP are compatible with each other, which provides seamless interoperability between the 

two processes. EIGRP uses metric calculations similar to those used by IGRP, and EIGRP supports the 

same unequal-cost path load balancing as IGRP does. 

Although the metric (bandwidth and delay by default) is the same for both IGRP and EIGRP, the weight 

assigned to the metric is 256 times greater for EIGRP. That is because EIGRP uses a metric that is 32 bits 

long, and IGRP uses a 24-bit metric. By multiplying or dividing by 256, EIGRP can easily exchange information 

with IGRP. 

IGRP has a maximum hop count of 255. EIGRP has a maximum hop count of 224. By default, the Cisco 

IOS limits the hop count for EIGRP limited to 100 as displayed by the show ip protocols command. This 

is more than adequate to support the largest, properly designed internetworks. 

EIGRP’s convergence technology employs the Diffusing Update Algorithm (DUAL), which guarantees 

loop-free operation at every instant throughout a route. Routers that are not affected by topology changes 

are not involved in recomputations. 

Redistribution, the sharing of routes, is automatic between IGRP and EIGRP as long as both processes use 

the same autonomous system number. 

Like OSPF, EIGRP maintains three tables for use with its computations. These tables include the neighbor 

table (called the adjacency database in OSPF), the topology table (called the link-state database in OSPF), 

and the routing table (called the forwarding database in OSPF). 

The following are some additional features of EIGRP: 

■ EIGRP converges rapidly on network topology changes. In some situations, convergence can be 

almost instantaneous. EIGRP stores backup routes, called feasible successors, so that it can quickly 

adapt to these alternate routes if the primary route, called the successor, becomes unavailable. If no 

backup route exists, then EIGRP sends a query packet to its neighbors to discover an alternate route. 

■ During normal operations when the network topology is fully converged, only hello packets are sent 

to neighbors. These packets are also used to establish neighbor adjacencies. 

■ EIGRP supports automatic route summarization at classful network boundaries. But it can be manually 

configured to advertise on arbitrary network boundaries to reduce the size of routing tables. 

■ EIGRP uses its own Layer 4 protocol called the Reliable Transport Protocol. Because EIGRP provides 

support for multiple routed protocols, including AppleTalk (AT) and Internetwork Packet Exchange 

(IPX), it must be protocol independent. That means it cannot depend on TCP for reliability services. 

EIGRP Packet Type Exercise 

Like OSPF, EIGRP relies on different types of packets to maintain its tables and establish relationships 

with neighbor routers. Complete the missing elements that follow by filling in appropriate words or phrases. 

When given the choice, circle whether the packet is reliable or unreliable and whether it is unicast or 

multicast. 

Hello packets: 

■ (Reliable/Unreliable) (unicast/multicast) sent to the address 224.0.0.10 to discover and maintain 

neighbors; contains the router’s neighbor table 

■ Default hello interval depends on the bandwidth: 

— ≤ 1.544 Mbps = 60 sec. hello interval (180 sec. holdtime) 

— > 1.544 Mbps = 5 sec. hello interval (15 sec. holdtime) 

Chapter 3: EIGRP and Troubleshooting Routing Protocols 177


Update packets. Sent (reliably/unreliably), there are two types: 

■ (Unicast/Multicast) to new neighbor discovered; contains routing table 

■ (Unicast/Multicast) to all neighbors when topology changes 

Query packets. Queries are (unicast/multicast) (reliably/unreliably) during route recomputation, asking 

neighbors for a new successor to a lost route. 

Reply packets. Neighbors (unicast/multicast) a reply to a query of whether or not they have a route. 

Acknowledgement packets. “Dataless” (unicast/multicast) packet that acknowledges the receipt of a packet 

that was sent reliably. 

EIGRP Configuration 

Now that you have a firm grasp of EIGRP concepts, it is time to learn how to configure EIGRP. The exercise 

in this section takes you step-by-step through an EIGRP configuration. 

Learn the EIGRP Commands Exercise 

Document the command syntax, including router prompt, to configure the EIGRP routing process. 

Router(config)#router eigrp autonomous-system-number 

True or False: All routers in an area must have the same autonomous-system-number. 

True. The autonomous system number is used to identify all routers that will be participating in this 

EIGRP routing process. It must match for all routers in the system. 

Like the process-id in OSPF, the value for autonomous-system-number can be any number between 1 and 

65535 as long as it does not have to be registered with IANA. 

Refer to Figure 3-1. In the space provided, document the correct commands, including router prompt, to 

configure RTA to advertise all directly connected networks in EIGRP. 

Figure 3-1 RTA EIGRP Configuration 

172.16.64.0/20 

172.16.80.0/20 

172.16.96.0/20 

172.16.112.0/20 

10.0.0.8/30 

RTC 

T1 

S0/0 

DCE 

172.16.0.0/18 

RTA 

EIGRP 

100 

128kbps 

T1 

10.0.0.0/30 

S0/1 

10.0.0.4/30 S0/0 

DCE 

RTB 

172.16.128.0/19 

172.16.160.0/19 

172.16.192.0/19 

172.16.224.0/19

RTA(config)#router eigrp 100 



In Figure 3-1, RTB and RTC are distribution routers for several networks. Each router has six networks 

attached: two WANs and four simulated LANs. If configuring OSPF, you would have to enter each network 

in the routing process. But for EIGRP, the configuration is greatly simplified. You need to enter only 

the classful networks. Therefore, the EIGRP configuration for RTB and RTC is identical to that of RTA. In 

the space provided, document the correct commands, including router prompt, to configure RTB and RTC 

to advertise all directly connected networks in EIGRP. 

RTB(config)#router eigrp 100 

RTB(config-router)#network 10.0.0.0 

RTB(config-router)#network 172.16.0.0 

! 

RTC(config)#router eigrp 100 

RTC(config-router)#network 10.0.0.0 

RTC(config-router)#network 172.16.0.0 

In Figure 3-1, notice that the WAN links are labeled with the contracted bandwidth. Because EIGRP calculates 

the metric using bandwidth and delay, you need to configure the links for the correct bandwidth. 

Assume that the default bandwidth for the three routers is 1544 kbps. Document the commands, including 

router prompt, to configure RTB and RTC with the correct bandwidth. 



! 




The following output was sent to the console by the IOS when RTA and RTB established a new adjacency. 

Document the command, including router prompt, that you need to configure to have this message sent to 

the console on RTA. 

RTA# 

00:24:44: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 10.0.0.2 (Serial0/1) is up: 

new adjacency 

RTA(config-router)#eigrp log-neighbor-changes 

Figure 3-1 has discontiguous subnets. Subnets of the 10.0.0.0 classful network separate subnets of the 

172.16.0.0 classful network. As the configuration stands now, no router can send traffic to any of the 

LANs connected to another router. The routing table for RTA follows. Document the command, including 

router prompt, that must be configured on all three routers before all subnets will be reachable from anywhere 

in the network. 








P - periodic downloaded static route




D 172.16.0.0/16 is a summary, 00:23:16, Null0 





RTA(config-router)#no auto-summary 

Note: Now is a good time to complete Curriculum Lab 3-1: Configuring EIGRP Routing (3.2.1). 

The output that follows shows the current routing table for RTA with automatic summarization disabled, 

and then shows the same routing table after manual summarization. Even in this simulated network, the 

table is rather large. In production networks, this table could be huge. Unlike single-area OSPF configurations, 

EIGRP provides a method to manually summarize subnets within the same address space into one 

route table entry. Document the commands necessary to configure RTB and RTC to manually summarize 

the simulated LANs into one advertisement. 

RTA routing table before manual summarization: 





D 172.16.160.0/19 [90/2297856] via 10.0.0.2, 00:00:16, Serial0/1 

D 172.16.128.0/19 [90/2297856] via 10.0.0.2, 00:00:16, Serial0/1 

D 172.16.224.0/19 [90/2297856] via 10.0.0.2, 00:00:16, Serial0/1 

D 172.16.192.0/19 [90/2297856] via 10.0.0.2, 00:00:16, Serial0/1 


D 172.16.112.0/20 [90/2297856] via 10.0.0.9, 00:00:29, Serial0/0 

D 172.16.96.0/20 [90/2297856] via 10.0.0.9, 00:00:30, Serial0/0 

D 172.16.80.0/20 [90/2297856] via 10.0.0.9, 00:00:30, Serial0/0 

D 172.16.64.0/20 [90/2297856] via 10.0.0.9, 00:00:30, Serial0/0 




D 10.0.0.4 [90/21024000] via 10.0.0.9, 00:00:30, Serial0/0 

[90/21024000] via 10.0.0.2, 00:00:30, Serial0/1 

RTA routing table after manual summarization: 





D 172.16.128.0/17 [90/2297856] via 10.0.0.2, 00:00:36, Serial0/1


D 172.16.64.0/18 [90/2297856] via 10.0.0.9, 00:02:43, Serial0/0 




D 10.0.0.4 [90/21024000] via 10.0.0.9, 00:00:36, Serial0/0 

[90/21024000] via 10.0.0.2, 00:00:36, Serial0/1 

RTB(config)#interface s0/0 

RTB(config-if)#ip summary-address eigrp 100 172.16.128.0 255.255.128.0 

RTB(config-if)#interface s0/1 

RTB(config-if)#ip summary-address eigrp 100 172.16.128.0 255.255.128.0 

! 

RTC(config-if)#interface s0/0 

RTC(config-if)#ip summary-address eigrp 100 172.16.64.0 255.255.192.0 

RTC(config-if)#interface s0/1 


Instructor Note: Configuring manual summarization for EIGRP is an opportunity to reinforce the route summarization 

skills taught in Chapter 1, “Introduction to Classless Routing.” 

Troubleshooting Routing Protocols 

Learning how to troubleshoot network problems and misconfigurations is paramount to your CCNA skill 

set. Not only will this skill save you countless hours on the job, your ability to problem solve will be thoroughly 

tested on the CCNA exam. The only way to develop troubleshooting or problem-solving skills is 

by practicing. The more “hands on” experience you gain from cabling and configuring networks, the more 

problems you will run across and solve. 

By far, the most common errors occur at Layer 1. Always check your physical layer first when a problem 

occurs. Then, work your way up the layers. Too often, students issue the command show run to find a 

problem. Rarely is this the best or most efficient method of troubleshooting your network. In addition, on 

production networks the running configuration can span many pages. Learn the show and debug commands. 

Develop an understanding of what the output from these commands means. Not only will this skill 

better assist you in troubleshooting your network configurations, you will be better prepared for the troubleshooting 

scenarios you encounter on the CCNA exam. 

In the following exercises, you will document a problem-solving flow chart and then work through show 

and debug commands for RIP, EIGRP, and OSPF. The Internet Research Exercise asks you to research the 

fields of an IP packet header. 

Problem-Solving Cycle 


In the space provided, draw a flow chart showing a generic problem-solving cycle that starts with “identify 

problem” and ends with “document problem and solution.” Your flow chart should have no less than six 

steps, but it can have more.


Figure 3-2 Problem-Solving Cycle 

Identify 

Problem 

Troubleshooting RIP 

The most common problem found in RIP that prevents RIP routes from being advertised is discontiguous 

subnets because RIP Version 1 does not support VLSM. First, make sure both Layer 1 and Layer 2 are 

functioning. Then, use the commands reviewed in this exercise to verify and troubleshoot the network. 

What command generates the following output? 

Router#show ip route 

Gather/ 

Analyze 

Data 

Solution 

Resolve 

Problem? 










R 192.168.1.64/26 [120/1] via 192.168.1.246, 00:00:03, Serial0/1 


R 192.168.1.248/30 [120/1] via 192.168.1.246, 00:00:03, Serial0/1 

[120/1] via 192.168.1.253, 00:00:07, Serial0/0 



R 192.168.1.128/26 [120/1] via 192.168.1.253, 00:00:08, Serial0/0 

R* 0.0.0.0/0 [120/9] via 192.168.1.253, 00:00:02, Serial0/0 

Using the preceding output, answer the following questions. 

No 

Yes 

Document 

Problem and 

Solution 

List Possible 

Solutions 

Test Most 

Likely 

Solution

In the shaded entry for 192.168.1.128/26, what does the 120 mean in the [120/1] portion of the entry? 

Administrative distance 

What does the 1 mean? 

The metric; number of hops to the destination 

Why are there two entries to the 192.168.1.248/30 network? 

RIP will install up to four equal-cost routes to the destination. 

How many subnets and masks are used in the 192.168.1.0/24 address space? 

Six subnets and two masks 


Router#show ip protocols 









FastEthernet0/0 2 2 

Serial0/0 2 2 

Serial0/1 2 2 




192.168.1.0 



192.168.1.253 120 00:00:17 

192.168.1.246 120 00:00:12 



How many routers are advertising RIP routes to this router? 

Two; listed under “Routing Information Sources” 

How many equal-cost routes to the same destination can this router use (not the default)? 

Six; shown as “Maximum path” 

What are the timers for RIP: 

■ Update: 30 seconds 

■ Holddown: 180 seconds 

■ Invalid: 180 seconds 

■ Flushed: 240 seconds 




Router#debug ip rip 

00:29:04: RIP: received v2 update from 192.168.1.253 on Serial0/0 

00:29:04: 192.168.1.64/26 via 0.0.0.0 in 2 hops 

00:29:04: 192.168.1.128/26 via 0.0.0.0 in 1 hops 

00:29:04: 192.168.1.248/30 via 0.0.0.0 in 1 hops 

00:29:05: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/0 (192.168.1.1) 

00:29:05: RIP: build update entries 

00:29:05: 192.168.1.64/26 via 0.0.0.0, metric 2, tag 0 

00:29:05: 192.168.1.128/26 via 0.0.0.0, metric 2, tag 0 

00:29:05: 192.168.1.244/30 via 0.0.0.0, metric 1, tag 0 

00:29:05: 192.168.1.248/30 via 0.0.0.0, metric 2, tag 0 

00:29:05: 192.168.1.252/30 via 0.0.0.0, metric 1, tag 0 

00:29:05: RIP: sending v2 update to 224.0.0.9 via Serial0/0 (192.168.1.254) 

00:29:05: RIP: build update entries 

00:29:05: 192.168.1.0/26 via 0.0.0.0, metric 1, tag 0 

00:29:05: 192.168.1.64/26 via 0.0.0.0, metric 2, tag 0 

00:29:05: 192.168.1.244/30 via 0.0.0.0, metric 1, tag 0 


How many RIP neighbors does this router have? 

From the output, only one, at 192.168.1.253 

Notice that this router sent two updates. How many routes did RIP advertise out FastEthernet0/0? 

Five 

How many routes did RIP advertise out Serial0/0? 

Three 

What routes that were advertised out Fa0/0 were not advertised out S0/0? 

192.168.1.252/30 and 192.168.1.128/26 

Why do you think these routes were not advertised out the S0/0 interface? 

Because split-horizon prevents a router from sending out updates about networks to another router if the 

router receiving the update is the one that originally advertised the route. In this case, the route heard 

about the 192.168.1.128/26 network from the router it is sending the update to. In addition, if two routers 

share a network, then neither router needs to advertise the route to the other router. That is the case with 

the 192.168.1.252/30 network. 

Is it necessary to advertise out the Fast Ethernet interface? If not, what can you do to stop advertisements? 

If so, why? 

The only reason to advertise out the Fast Ethernet interface is if there is another RIP router that needs 

updates out that interface. Otherwise, it is best to turn off updates on Fast Ethernet interfaces by using the 

passive-interface command.

Troubleshooting EIGRP 

Normal EIGRP operation is stable, efficient in bandwidth utilization, and relatively simple to monitor and 

troubleshoot. Make sure your Layer 1 and Layer 2 are functioning. Then use the following commands to 

verify and troubleshoot the network. 












D 172.16.128.0/17 [90/2297856] via 10.0.0.2, 00:00:19, Serial0/1 


D 172.16.64.0/18 [90/2297856] via 10.0.0.9, 00:00:19, Serial0/0 




D 10.0.0.4 [90/21024000] via 10.0.0.2, 00:00:19, Serial0/1 

[90/21024000] via 10.0.0.9, 00:00:19, Serial0/0 


In the shaded entry for 172.16.128.0/17, what does the 90 mean in the [90/2297856] portion of the entry? 



The metric; it is a value calculated by DUAL that takes into consideration bandwidth and delay. 

Why are there two entries to the 10.0.0.4/30 network? 

By default, EIGRP installs up to four equal-cost routes to the destination. 





Routing Protocol is “eigrp 100” 



Default networks flagged in outgoing updates 

Default networks accepted from incoming updates 

EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 

EIGRP maximum hopcount 100 



EIGRP maximum metric variance 1 

Redistributing: eigrp 100 




10.0.0.0 

172.16.0.0 



10.0.0.9 90 00:00:53 

10.0.0.2 90 00:00:53 

Distance: internal 90 external 170 


How many routers are advertising EIGRP routes to this router? 

Two; listed under “Routing Information Sources” 

How many equal-cost routes to the same destination can this router use (not the default)? 

Five; shown as “Maximum path” 

The K1 and K3 values in the metric weight have a value of 1 each. What are these values for? 

In the EIGRP metric formula used by DUAL, the value for bandwidth (K1) and the value for delay (K3) 

are given the same proportional weight. 

The K2, K4, and K5 values are all 0. What do these values represent and why are they 0? 

They represent reliability, load, and MTU, which can also be configured as part of the EIGRP metric. By 

default, these values are set to 0 and only bandwidth and delay are evaluated. 


Router#show ip eigrp neighbors 

H Address Interface Hold Uptime SRTT RTO Q Seq Type 

(sec) (ms) Cnt Num 

1 10.0.0.9 Se0/0 11 00:23:21 24 200 0 4 

0 10.0.0.2 Se0/1 10 00:23:35 32 200 0 8 


Router#show ip eigrp topology 

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, 

r - reply Status, s - sia Status 

P 10.0.0.8/30, 1 successors, FD is 2169856 

via Connected, Serial0/0 




via 10.0.0.2 (21024000/20512000), Serial0/1 

via 10.0.0.9 (21024000/20512000), Serial0/0 


via 10.0.0.2 (2297856/128256), Serial0/1


via Connected, FastEthernet0/0 


via 10.0.0.9 (2297856/128256), Serial0/0 


Router#show ip eigrp traffic 

Hellos sent/received: 1044/696 

Updates sent/received: 9/9 

Queries sent/received: 0/0 

Replies sent/received: 0/0 

Acks sent/received: 7/7 

Input queue high water mark 1, 0 drops 

SIA-Queries sent/received: 0/0 

SIA-Replies sent/received: 0/0 


Router#debug ip eigrp 

IP-EIGRP: Processing incoming UPDATE packet 

IP-EIGRP: Ext 192.168.3.0 255.255.255.0 M 386560 – 256000 130560 SM 360960 – 256000 

104960 


104960 


104960 

IP-EIGRP: 172.69.43.0 255.255.255.0, - do advertise out Ethernet0/1 

IP-EIGRP: Ext 172.68.43.0 255.255.255.0 metric 371200 – 25600 115200 








Troubleshooting OSPF 

The majority of problems encountered with OSPF relate to the formation of adjacencies and the synchronization 

of the link-state databases. 

Make sure your Layer 1 and Layer 2 are functioning. Then use the following commands to verify and 

troubleshoot the network. 










P - periodic downloaded static route





O 192.168.1.0/26 [110/65] via 192.168.1.245, 00:00:06, Serial0/1 


O 192.168.1.252/30 [110/128] via 192.168.1.245, 00:00:06, Serial0/1 


O 192.168.1.128/26 [110/129] via 192.168.1.245, 00:00:06, Serial0/1 

O*E2 0.0.0.0/0 [110/1] via 192.168.1.245, 00:00:07, Serial0/1 


In the entry for 192.168.1.0/26, what does the 110 mean in the [110/65] portion of the entry? 



The metric; it is the accumulated cost of the route based on the 108/bps formula. 



What does O*E2 stand for and what does it mean? 

This is an external type 2 OSPF route. The * means that it is a candidate for default routing. The O and E2 

identify this as an external type 2 OSPF route, which means that the cost is not accumulated as the route is 

propagated throughout the OSPF area. 



Routing Protocol is “ospf 1” 



Router ID 209.165.202.129 

It is an autonomous system boundary router 

Redistributing External Routes from, 




192.168.1.0 0.0.0.63 area 0 

192.168.1.244 0.0.0.3 area 0 

192.168.1.252 0.0.0.3 area 0 



209.165.202.129 110 00:08:10 

192.168.1.249 110 00:08:10 

192.168.1.253 110 00:08:10 


Notice in the preceding output the line that states, “It is an autonomous system boundary router.” What 

does this mean?

It means that this router is running at least two different routing processes. One of them is OSPF. In this 

case, the other is a static default route. This can be deduced from the “Routing Information Sources” portion 

of the output. Notice that the gateway 209.165.202.129 is not listed in the “Routing for Networks” 

portion of the output. This means that 209.165.202.129 is not part of OSPF but is being routed inside 

OSPF from another source. In this case, the default-information originate command along with the ip 

route command has made this router an ASBR (autonomous system boundary router). 


Router#debug ip ospf events 

00:09:46: OSPF: Rcv hello from 192.168.1.249 area 0 from Serial0/1 192.168.1.246 

00:09:46: OSPF: Mismatched hello parameters from 192.168.1.246 

00:09:46: OSPF: Dead R 160 C 120, Hello R 40 C 40 


00:10:26: OSPF: End of hello processing 














00:11:46: OSPF: 192.168.1.249 address 192.168.1.246 on Serial0/1 is dead 

00:11:46: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.249 on Serial0/1 from FULL to 

DOWN, Neighbor Down: Dead timer expired 

From the preceding command output, what is the problem? 

In OSPF configurations, hello and dead intervals must be the same for all OSPF neighbors. In the output 

shown, you interpret the line Dead R 160 C 120, Hello R 40 C 40 as follows: dead received, 160 seconds; 

dead configured 120 seconds; hello received, 40 seconds; hello configured, 40 seconds. 

In this case, the dead interval has been changed from 160, which was four times the hello, to 120. The reason 

why you know that it has just been changed is that the local router had established adjacency with 

192.168.1.249. It took the configured 120-second dead interval before the adjacency state with the neighbor 

to go from FULL to DOWN. 

What command would fix the “mismatch of hello parameters”? 

Router(config-if)#ip ospf dead-interval 160 

or 

Router(config-if)#no ip ospf dead-interval 120 



Suppose that after you fixed the mismatch problem, you wanted to watch the processing of packets as the 

two neighbors re-establish adjacency. What command generated the following output? 

Router#debug ip ospf packets 

00:24:26: OSPF: rcv. v:2 t:1 l:44 rid:192.168.1.249 

aid:0.0.0.0 chk:0 aut:2 keyid:1 seq:0x2B91532F from Serial0/1 


aid:0.0.0.0 chk:0 aut:2 keyid:1 seq:0x2B915330 from Serial0/1 











In the following table, fill in the description for each field shown in the preceding output. 

Note: You may have to search Cisco.com to find the answers. 

Field Description 

v: OSPF version 

t: OSPF packet type; possible packet types are as follows: 

1: Hello 

2: Data description 

3: Link-state request 

4: Link-state update 

5: Link-state acknowledgment 

l: OSPF packet length in bytes 

rid: OSPF router ID 

aid: OSPF area ID 

chk: OSPF checksum 

aut: OSPF authentication type; possible authentication types are as follows: 

0: No authentication 

1: Simple password 

2: MD5 

auk: OSPF authentication key 

keyid: MD5 key ID 

seq: Sequence number

Internet Research Exercise 

The CCNA objectives cover all of the layers of the OSI model to some extent. Some layers are less important 

than others to your studies. For example, the presentation and session layers can be thought of as 

belonging to the application layer, as shown when comparing the TCP/IP model and the OSI model side 

by side. The most important layer of the OSI model for CCNA candidates is the network layer. And the 

most important protocol of the network layer is the Internet Protocol (IP). 

Your assignment is to research IP to discover detailed information about the structure of its packet header. 

You can use any trusted Internet resource, but the original source is the RFC. Make sure you list your 

sources in the place provided at the end of this exercise. 

The IP Packet Header 

In Figure 3-3, label all the fields of the IP packet header. 

Figure 3-3 IP Packet Header 

A B C D 

E F G 

H I J 

K 

L 

Version 

Field Descriptions 

Describe in as much detail as possible the purpose of each field in the IP packet header. 

Field A Version 

Time to Live 

Header 

Length 

This field identifies the IP version, which is currently version 4. So, the bit value is 0100 in this field. The 

next version is version 6. There are no other versions. 

Field B Header Length 

Type of Service or 

Differentiated 

Service 


Total Length 

Identifier Flags 

Fragment Offset 

Protocols 

M N 

Options 

32 Bits 

8 8 8 8 

Source Address 

Destination Address 

Header Checksum 

Padding 

This field specifies in 32-bit words the length of this header, which is five or 0101 when no options are 

specified. This field’s value can be as large as 1111 or 15, meaning the header can be a maximum of 15 

32-bit words or 60 octets.


Field C Type of Service (TOS) or Differentiated Service 

This 8-bit field can be broken down into two parts: Precedence and TOS. The first 3 bits specify the 

Precedence value (e.g. routine-0, priority-1, immediate-2, etc.); 4th bit specifies minimal delay; 5th bit 

specifies maximize throughput; 6th bit specifies maximize reliability; 7th bit specifies minimize monetary 

costs; 8th bit is currently unused. Although this field is not commonly used and is usually set to all zeros, 

the Precedence bits are occasionally used for QoS applications. 

Field D Total Length 

This field is a 16-bit number specifying the total length of the packet (header + data) in bytes; can be up to 

65,535 bytes. By subtracting the header length for this value, you can determine the size of the payload. 

Field E Identifier 

This field is used to identify the fragments of one datagram from those of another. The originating protocol 

module of an Internet datagram sets the Identifier field to a value that must be unique for that sourcedestination 

pair and protocol for the time the datagram will be active in the Internet system. The originating 

protocol module of a complete datagram sets the MF bit to 0 and the Fragment Offset field to 0. 

Field F Flags 

These 3 bits indicate whether the packet can be fragmented and whether it has more fragments coming. 

The 3 bits are as follows: 

■ 1st bit: Reserved (unused) 

■ 2nd bit: Fragment? 1=no, 0=yes 

■ 3rd bit: More Fragments Coming? 0=no, 1=yes 

Field G Fragment Offset 

This is a byte count from the beginning of the original packet so that the destination knows where to place 

this particular fragment when reconstructing the packet. If a router’s interface is set to a maximum transmission 

unit that is smaller than the sent packet, then it will be fragmented by the router. However, if the 

Do Not Fragment bit is set in the Flag field, then the packet will be dropped and an ICMP message will be 

sent to the source. 

Field H Time to Live 

This 8-bit field helps prevent routing loops. This field is set with a certain number when the packet is first 

encapsulated at the source. Each router along the path from the source to the destination decrements this 

field. If this field reaches 0 before the packet reaches the destination, then the packet is dropped and an 

ICMP messages is sent to the source. The trace utility uses this field to trace a route to a specified destination. 

Field I Protocols 

Also called Service Access Point (SAP), the Protocol field identifies the upper-layer protocol that the data 

packet is destined for. A few of the values of this field are shown in the following table:

Protocol Value Network Layer Protocol 

1 ICMP 

6 TCP 

17 UDP 

88 IGRP 

89 OSPF 

Instructor Note: Although ICMP is identified by the number 1, it is not an upper-layer protocol, but operates in the 

network layer. An ICMP packet is encapsulated with an IP header. 

Field J Header Checksum 

This field is used to check the integrity of the bits in the header. Because each router decrements the TTL 

field, this checksum must be recalculated at each hop on the way to the destination. 

Field K Source Address 

This field is the 32-bit IP address for the source of the packet. 

Field L Destination Address 

This field is the 32-bit IP address for the destination of the packet. 

Field M Options 

IP options can be a number of things. If the options in this field do not extend the full 32 bits of this sixth 

32-bit word, then padding is added. The data must begin on a new 32-bit word boundary. 

Field N Padding 

If necessary, the source will add zeros to the end of the last 32-bit word in the packet header to ensure that 

the header always ends on a 32-bit word. 

Sources 


Check student sources to see if they are legitimate. “RFC 791 Internet Protocol” should be listed. For the 

sample answers here, the RFC was used as well as the Cisco Press title Routing TCP/IP, Volume 1, Second 

Edition, pp. 7-16. The website http://www.networksorcery.com was also consulted.


Lab Exercises 



Fill in any blanks with the appropriate missing information. 


Router(config)#router eigrp 100 Turns on the EIGRP process. 

100 is the autonomous system (AS) number, 

which can be a number between 1 and 65535. 

All routers in the same AS must use the same 

AS number. 

Router(config-router)#eigrp log-neighbor-changes Logs any changes to an EIGRP neighbor 

adjacency. 

Router(config-router)#no auto-summary Turns off the automatic summarization of 

networks at classful boundaries. 

Router(config-if)#bandwidth 128 Changes the bandwidth of an interface to 

128 kbps. 

Router(config-if)#ip summary-address Enables manual summarization on this specific 

eigrp 100 10.10.0.0 255.255.0.0 interface for the 10.10.0.0/16 address space. 

Router#show ip eigrp neighbors Displays a neighbor table. 

Router#show ip eigrp neighbors detail Displays a detailed neighbor table. 

Router#show ip eigrp interface Displays EIGRP information for each interface. 

Router#show ip eigrp topology Displays the topology table. This command 

shows you where your feasible successors are. 

Router#show ip eigrp traffic Displays the number and type of packets sent 

and received. 

Router#debug eigrp fsm Displays events/actions related to the DUAL 

FSM. 

Router#debug eigrp packet Displays events/actions related to EIGRP packets. 

Router#debug eigrp neighbor Displays events/actions related to EIGRP neighbors.

Curriculum Lab 3-1: Configuring EIGRP Routing (3.2.1) 




Router 1 Paris EIGRP 192.168.3.0 

192.168.2.0 

Router 2 Warsaw EIGRP 192.168.1.0 









Serial Cable 

192.168.2.0 

Router IP Host Fast Ethernet 0 Interface Serial 0 Address/ Loopback 0 

Designation Table Entry Address/ Type Subnet Mask Subnet Mask 

Subnet Mask Serial 0 Address/ 

Router 1 Warsaw 192.168.3.1/24 DCE 192.168.2.1/30 192.168.0.2/24 

Router 2 Paris 192.168.1.1/24 DTE 192.168.2.2/30 No address 


this lab.



Objectives 

■ Set up an IP addressing scheme for the network. 

■ Configure and verify EIGRP routing. 







each router unless you are specifically instructed otherwise. Start a HyperTerminal session. 

Implement the procedure that is documented in Appendix C, “Erasing and Reloading the Router,” on all 

routers before you continue with this lab. 


On the routers, enter global configuration mode and configure the hostname as shown in the chart. Then, 

configure the console, virtual terminal, and enable passwords. Next, configure the interfaces according to 

Table 3-2. Finally, configure the IP hostnames. If you have problems configuring the router basics, refer to 

Lab 1-2, “Review of Basic Router Configuration with RIP.” 


PARIS 

Router>enable 


Router(config)#hostname PARIS 

PARIS(config)#enable secret class 

PARIS(config)#line console 0 

PARIS(config-line)#password cisco 

PARIS(config-line)#login 

PARIS(config-line)#line vty 0 4 



PARIS(config-line)#exit 

PARIS(config)#interface serial 0 

PARIS(config-if)#ip address 192.168.2.1 255.255.255.252 

PARIS(config-if)#clock rate 64000 

PARIS(config-if)#no shutdown 

PARIS(config-if)#exit 

PARIS(config-if)#interface loopback 0 



PARIS(config)#interface fastethernet 0 


PARIS(config-if)#no shutdown


PARIS(config)#ip host WARSAW 192.168.2.2 192.168.1.1 

WARSAW 

Router>enable 


Router(config)#hostname WARSAW 

WARSAW(config)#enable secret class 

WARSAW(config)#line console 0 

WARSAW(config-line)#password cisco 

WARSAW(config-line)#login 

WARSAW(config-line)#line vty 0 4 



WARSAW(config-line)#exit 

WARSAW(config)#interface serial 0 

WARSAW(config-if)#ip address 192.168.2.2 255.255.255.252 

WARSAW(config-if)#no shutdown 

WARSAW(config-if)#exit 

WARSAW(config)#interface fastethernet 0 




WARSAW(config)#ip host WARSAW 192.168.2.1 192.168.3.1 



Paris#copy running-config startup-config 




Host connected to router Paris 

IP address: 192.168.3.2 

Subnet mask: 255.255.255.0 


Host connected to router Warsaw 

IP address: 192.168.1.2 

Subnet mask: 255.255.255.0 






running Windows 98, check using Start > Run > winipcfg. If you are running Windows 2000 

or later, check using ipconfig in a DOS window. 


tasks demonstrate the process that is required to get communication working while using 

EIGRP as the routing protocol. 



Paris#show running-config 



Paris: 

Warsaw: 







Step 4. If the ping was not successful, troubleshoot the router’s configuration until the ping is successful. 

Task 5: Configure EIGRP Routing on Router Paris 

Step 1. Enable the EIGRP routing process on router Paris and configure the networks it will advertise. 

Use EIGRP autonomous system number 101. 

Paris(config)#router eigrp 101 

Paris(config-router)#network 192.168.3.0 



Paris(config-router)#end 

Step 2. Show the routing table for the Paris router. 

Paris#show ip route 


Why? 

EIGRP is not configured on router Warsaw yet.

Task 6: Configure EIGRP Routing on Router Warsaw 

Step 1. Enable the EIGRP routing process on router Warsaw and configure the networks it will advertise. 


Warsaw(config)#router eigrp 101 

Warsaw(config-router)#network 192.168.2.0 


Warsaw(config-router)#end 

Step 2. Show the routing table for the Warsaw router. 

Warsaw#show ip route 


Ping the Paris host from the Warsaw host. Was it successful? Yes 




Curriculum Lab 3-2: Verifying Basic EIGRP Configuration 

(3.2.3) 







Serial Cable




Router 1 Paris EIGRP 192.168.3.0 

192.168.2.0 

Router 2 Warsaw EIGRP 192.168.1.0 




192.168.2.0 

Router IP Host Fast Ethernet 0 Interface Serial 0 Address/ Loopback 0 

Designation Table Entry Address/ Type Subnet Mask Address/ 

Subnet Mask Serial 0 Subnet Mask 

Router 1 Warsaw 192.168.3.1/24 DCE 192.168.2.1/30 192.168.0.2/24 

Router 2 Paris 192.168.1.1/24 DTE 192.168.2.2/30 No address 


Objectives 

■ Set up an IP addressing scheme for the network. 

■ Configure and verify EIGRP routing. 










On the routers, enter global configuration mode and configure the hostname as shown in Tables 3-3 and 3-4. 

Then, configure the console, virtual terminal, and enable passwords. Next, configure the interfaces according 

to Tables 3-3 and 3-4. Finally, configure the IP hostnames. If you have problems configuring the router 

basics, refer to Lab 1-2, “Review of Basic Router Configuration with RIP.” 


PARIS 

Router>enable 


Router(config)#hostname PARIS 

PARIS(config)#enable secret class

PARIS(config)#line console 0 



PARIS(config-line)#line vty 0 4 



PARIS(config-line)#exit 

PARIS(config)#interface serial 0 


PARIS(config-if)#clock rate 64000 



PARIS(config-if)#interface loopback 0 



PARIS(config)#interface fastethernet 0 




PARIS(config)#ip host WARSAW 192.168.2.2 192.168.1.1 

WARSAW 

Router>enable 


Router(config)#hostname WARSAW 

WARSAW(config)#enable secret class 

WARSAW(config)#line console 0 



WARSAW(config-line)#line vty 0 4 



WARSAW(config-line)#exit 

WARSAW(config)#interface serial 0 




WARSAW(config)#interface fastethernet 0 




WARSAW(config)#ip host PARIS 192.168.2.1 192.168.3.1 





PARIS#copy running-config startup-config 




Host connected to router Paris 

IP address: 192.168.3.2 

Subnet mask: 255.255.255.0 


Host connected to router Warsaw 

IP address: 192.168.1.2 

Subnet mask: 255.255.255.0 




running Windows 98, check using Start > Run > winipcfg. If you are running Windows 2000 

or later, check using ipconfig in a DOS window. 


tasks demonstrate the process that is required to get communication working while using 

EIGRP as the routing protocol. 


Step 1. At the privileged EXEC mode prompt, type show running-config. 


Step 3. What is the state of the interfaces on each router? 

Paris: 



Warsaw: 




Step 5. Was the ping successful? Yes 

Step 6. If the ping was not successful, troubleshoot the router’s configuration until the ping is successful.

Task 5: Configure EIGRP Routing on Router Paris 

Step 1. Enable the EIGRP routing process on router Paris and configure the networks it will advertise. 


Paris(config)#router eigrp 101 




Paris(config-router)#end 

Step 2. Show the routing table for the Paris router. 

Paris#show ip route 


Why? 

EIGRP is not configured on Warsaw. 

Task 6: Configure EIGRP Routing on Router Warsaw 

Step 1. Enable the EIGRP routing process on router Warsaw and configure the networks it will advertise. 


Warsaw(config)#router eigrp 101 



Warsaw(config-router)#end 

Step 2. Show the routing table for the Warsaw router. 

Warsaw#show ip route 

Do EIGRP entries exist in the routing table now? Yes 

What is the address type in the EIGRP 192.168.2.0 route? C – Directly Connected 

What does the D mean in the first column of the routing table? The route was learned via 

EIGRP. 

Task 7: Show EIGRP Neighbors 

From the Paris router, show any neighbors that are connected by using the show ip eigrp neighbors command 

at the privileged EXEC mode prompt. 

Are neighbors shown? Yes 


Ping the Paris host from the Warsaw host. Was it successful? Yes 




Task 9: View the Topology Table 

Step 1. To view the topology table, issue the show ip eigrp topology all-links command. 

How many routes are in passive mode? 3 

Step 2. To view more specific information about a topology table entry, use an IP address with this 

command: 

Paris#show ip eigrp topology 192.168.1.0 

Based on the output of this command, does it tell what external protocol originated this route to 

192.168.2.0? Yes 

Does it tell which router originated the route? Yes 

Step 3. Use show commands to view key EIGRP statistics. On the Paris router, issue the show ip eigrp 

traffic command. 

How many hello packets has the Paris router received? Answers will vary. 

How many has it sent? Answers will vary. 



Comprehensive Lab 3-3: Comprehensive EIGRP 

Configuration 

Figure 3-6 EIGRP Configuration 

172.16.64.0/20 

172.16.80.0/20 

172.16.96.0/20 

172.16.112.0/20 

Lo1 

Lo2 

Lo3 

Lo4 

10.0.0.8/30 

RTC 

T1 

S0/0 

172.16.0.0/18 

Fa0/0 

RTA 

EIGRP 

100 

S0/1 

DCE 

T1 

10.0.0.0/30 

S0/0 

DCE S0/1 

S0/1 

128kbps 

10.0.0.4/30 S0/0 

DCE 

RTB 

Lo1 

Lo2 

Lo3 

Lo4 

172.16.128.0/19 

172.16.160.0/19 

172.16.192.0/19 

172.16.224.0/19

Table 3-5 Addressing Table for Lab 3-3 


RTA S0/1 10.0.0.1 255.255.255.252 

S0/0 10.0.0.10 255.255.255.252 

Fa0/0 172.16.0.1 255.255.192.0 

RTB S0/1 10.0.0.2 255.255.255.252 

S0/0 10.0.0.5 255.255.255.252 

Lo1 172.16.128.1 255.255.255.224 

Lo2 172.16.160.1 255.255.255.224 

Lo3 172.16.192.1 255.255.255.224 

Lo4 172.16.224.1 255.255.255.224 

RTC S0/1 10.0.0.6 255.255.255.252 

Objectives 

S0/0 10.0.0.9 255.255.255.252 

Lo1 172.16.64.1 255.255.255.240 

Lo2 172.16.80.1 255.255.255.240 

Lo3 172.16.96.1 255.255.255.240 

Lo4 172.16.112.1 255.255.255.240 

■ Configure EIGRP routing. 

■ Configure bandwidth and turn off automatic summarization. 

■ Configure manual summarization. 

Equipment 


of 1700, 2500, and 2600 series routers. Connectivity to an ISP is simulated with a Loopback interface on 

RTA. 


This lab is fully compatible with a standard NetLab three router pod. 


Step 1. Cable the topology as shown. If DCE/DTE connections and interfaces are different from those 

shown in Figure 3-6 and the table, then relabel the figure to match your connections. 

Step 2. Configure the routers with basic router configurations, including: 





■ IOS-specific commands (e.g. ip subnet-zero with IOS versions prior to 12)


Step 3. The following is a basic configuration for RTA: 







*********************************** 


*********************************** 

& 






RTA(config-line)#ine aux 0 












Instructor Note: This basic configuration can be used on all three routers with changes to the hostname and the host 

table. At this level in their studies, your students should be able to do this with little or no help from you. 

Task 2: Configure Interfaces and EIGRP Routing 


interface addresses. The interface configuration for RTA is as follows: 


RTA(config-if)#description Link to RTA LAN 




RTA(config-if)#description Link to RTC 





RTA(config-if)#description Link to RTB 



RTA(config-if)#no shutdown

RTB 

RTC 

RTB(config)#interface Loopback1 


RTB(config-if)#interface Loopback2 






RTB(config-if)#interface Serial0/0 

RTB(config-if)#description Link to RTC 


RTB(config-if)#clockrate 64000 

RTB(config-if)#no shutdown 

RTB(config-if)#interface Serial0/1 

RTB(config-if)#description Link to RTA 


RTB(config-if)#no shutdown 

RTC(config)#interface Loopback1 


RTC(config-if)#interface Loopback2 






RTC(config-if)#interface Serial0/0 

RTC(config-if)#description Link to RTA 


RTC(config-if)#no shutdown 

RTC(config-if)#interface Serial0/1 

RTC(config-if)#description Link to RTB 


RTC(config-if)#no shutdown 

Step 2. Configure each router with EIGRP routing. The configuration for RTA follows. All routers 

have the same basic EIGRP configuration. 

RTA(config)#router eigrp 100 



Task 3: Configure Bandwidth and Automatic Summarization 

Step 1. According to the topology shown in Figure 3-6, RTB and RTC are connected with a 128-kbps 

link. Enter the commands on both routers necessary to adjust the default bandwidth to match 

the actual speed. 

RTB(config)#interface Serial0/0 


RTC(config)#interface Serial0/1 




Step 2. Display the routing table on RTA. 










Step 3. Notice that RTA does not have routes to the simulated LANs on RTB and RTC. Enter the command 

to disable automatic summarization on all three routers. 

Each router should have the no auto-summary command configured within the 

EIGRP routing process. 

Task 4: Configure Manual Summarization 

Step 1. Display the routing table on RTA. 





D 172.16.160.0/19 [90/2297856] via 10.0.0.2, 00:00:16, Serial0/1 

D 172.16.128.0/19 [90/2297856] via 10.0.0.2, 00:00:16, Serial0/1 

D 172.16.224.0/19 [90/2297856] via 10.0.0.2, 00:00:16, Serial0/1 

D 172.16.192.0/19 [90/2297856] via 10.0.0.2, 00:00:16, Serial0/1 


D 172.16.112.0/20 [90/2297856] via 10.0.0.9, 00:00:29, Serial0/0 

D 172.16.96.0/20 [90/2297856] via 10.0.0.9, 00:00:30, Serial0/0 

D 172.16.80.0/20 [90/2297856] via 10.0.0.9, 00:00:30, Serial0/0 

D 172.16.64.0/20 [90/2297856] via 10.0.0.9, 00:00:30, Serial0/0 




D 10.0.0.4 [90/21024000] via 10.0.0.9, 00:00:30, Serial0/0 

[90/21024000] via 10.0.0.2, 00:00:30, Serial0/1 

Step 2. Notice that RTA has 12 routes. Some of these routes can be summarized to reduce the size of 

the routing table. 

The simulated LANs on RTB share the same bit pattern for the first 21 bits of the network prefix 

172.16.128.0. 

The simulated LANS on RTC share the same bit pattern for the first 18 bits of the network prefix 

172.16.64.0. 

What command would you configure on both serial interfaces for RTB? 

RTB(config-if)#ip summary-address eigrp 100 172.16.128.0 255.255.128.0

What command would you configure on both serial interfaces for RTC? 


Step 3. Display the routing table for RTA. You should have only six routes. 





D 172.16.128.0/17 [90/2297856] via 10.0.0.2, 01:36:05, Serial0/1 


D 172.16.64.0/18 [90/2297856] via 10.0.0.9, 01:38:11, Serial0/0 




D 10.0.0.4 [90/21024000] via 10.0.0.9, 01:36:05, Serial0/0 

[90/21024000] via 10.0.0.2, 01:36:05, Serial0/1 

Challenge Lab 3-4: EIGRP Design and Configuration 

Figure 3-7 EIGRP Design and Configuration 


209.165.202.129/32 

Address Space 

10.0.0.0/17 

Lo0 

209.165.201.0/30 

ISP 

S0/0 

DCE 


S0/0 

Lo0 

Lo1 

Lo2 

Lo3 

HQ 

S0/1 

DCE 

10.0.64.0 / 20 

10.0.80.0 / 20 

10.0.96.0 / 20 

10.0.112.0 / 20 

Lo0 

Lo1 

Lo2 

Lo3 

WAN 

S0/1 

Remote 

10.0.0.4 / 30 

10.0.32.0 / 21 

10.0.40.0 / 21 

10.0.48.0 / 21 

10.0.56.0 / 21


Table 3-6 Addressing Table for Lab 3-4 


ISP Lo0 209.165.202.129 255.255.255.255 

S0/0 209.165.201.1 255.255.255.252 

HQ S0/0 209.165.201.2 255.255.255.252 

S0/1 10.0.0.5 255.255.255.252 

Lo0 10.0.64.1 255.255.240.0 

Lo1 10.0.80.1 255.255.240.0 

Lo2 10.0.96.1 255.255.240.0 

Lo3 10.0.112.1 255.255.240.0 

REMOTE S0/1 10.0.0.6 255.255.255.252 

Objectives 

Lo0 10.0.32.1 255.255.248.0 

Lo1 10.0.40.1 255.255.248.0 

Lo2 10.0.48.1 255.255.248.0 

Lo3 10.0.56.1 255.255.248.0 

■ Design a VLSM addressing scheme. 



■ Configure manual summarization. 


Equipment 






You are given the address space, 10.0.0.0/17. The four loopback interfaces on HQ and four loopback interfaces 

on REMOTE are used to simulate different parts of a global network. Complete the following steps 

to design your addressing scheme. 

Step 1. For HQ, begin with the 10.0.64.0 address as the subnet for loopback 0. What subnet mask 

would you use to provide enough space for 4000 users while maximizing the number of subnets? 

255.255.240.0 or /20

Step 2. Starting with 10.0.64.0, contiguously assign the next three subnets, all supporting 4000 hosts. 

List all four subnets here: 

10.0.64.0/20 

10.0.80.0/20 

10.0.96.0/20 

10.0.112.0/20 

Step 3. For REMOTE, begin with the 10.0.32.0 address as the subnet for loopback 0. What subnet 

mask would you use to provide enough space for 2000 users while maximizing the number of 

subnets? 

255.255.248.0 or /21 

Step 4. Starting with 10.0.32.0, contiguously assign the next three subnets, all supporting 2000 hosts. 

List all four subnets here: 

10.0.32.0/21 

10.0.40.0/21 

10.0.48.0/21 

10.0.56.0/21 

Step 5. Now pick a WAN subnet for the link shared by HQ and REMOTE. List the subnet you 

assigned here: 

The answer can be any subnet /30 from the 10.0.0.0/21 address space. 

Step 6. Label the topology in Figure 3-7 with the networks and finish filling in the IP address table 

with your chosen addressing scheme. Use the first available IP address in each subnet as the 

interface address. For the WAN subnet, assign HQ the first address. 


Step 1. Choose three routers and cable them according to the topology. You do not need any LAN 

interfaces or switches for this lab. (If using NetLab, choose a three router pod.) 

Step 2. Configure the routers with basic configurations including interface addresses. 

Task 3: Configure EIGRP Routing and Default Routing 

Step 1. Configure both HQ and REMOTE to use EIGRP as the routing protocol. Enter the simulated 

LAN subnets and the WAN link between HQ and REMOTE. Do not advertise the 

209.165.201.0/30 network. Make sure you disable automatic summarization. 

Step 2. Configure ISP with a static route pointing to the 10.0.0.0/17 Address Space. 

Step 3. Configure HQ with a default route pointing to ISP. 

Step 4. Configure HQ to advertise the default route to REMOTE with the redistribute static command 

within the EIGRP routing process. 

HQ(config-router)#redistribute static 

Step 5. Verify HQ and REMOTE routing tables: 


■ HQ should have six directly connected routes, four EIGRP routes, and one static route. 

■ REMOTE should have five directly connected routes, four EIGRP routes, and one EIGRP 

external route.


■ Verify that REMOTE can ping the Simulated Web Server at 209.165.202.129. 

REMOTE#ping web 



!!!!! 


Task 4: Manual Summarization 

Because the simulated LANs on both HQ and REMOTE were assigned contiguously, you can summarize 

the routing updates to reduce the size of the routing tables. What command will summarize the simulated 

LANs on HQ? 

HQ(config)#interface serial 0/1 

HQ(config-if)#ip summary-address eigrp 100 10.0.64.0 255.255.192.0 

What command will summarize the simulated LANs on REMOTE? 

REMOTE(config)#interface serial 0/1 

REMOTE(config-if)#ip summary-address eigrp 100 10.0.32.0 255.255.224.0 

Task 5: Verification and Documentation 

Step 1. Capture the following verifications to a text file called verify.txt: 

■ Ping output from REMOTE pinging the Simulated Web Server. 

■ Capture show ip route on all three routers: ISP, HQ, and REMOTE. 

■ Capture show ip eigrp neighbor and show ip eigrp topology on HQ and REMOTE. 

Step 2. Capture the running configurations on all three routers to separate text files. Use the hostname 

of the router to name each text file. 

Step 3. Clean up the verify.txt, HQ.txt, REMOTE.txt, and ISP.txt files. Add appropriate notes to assist 

in your studies. 

Final configurations and show command output: 

HQ hostname HQ 

! 


! 



ip host REMOTE 10.0.0.6 

ip host WEB 209.165.202.129 

ip host ISP 209.165.201.1 

! 


! 

ip address 10.0.64.1 255.255.240.0 

interface Loopback1

! 

ip address 10.0.80.1 255.255.240.0 


! 

ip address 10.0.96.1 255.255.240.0 


! 

ip address 10.0.112.1 255.255.240.0 


! 


ip address 209.165.201.2 255.255.255.252 


no shutdown 


! 

description Link to REMOTE 

ip address 10.0.0.5 255.255.255.252 

ip summary-address eigrp 100 10.0.64.0 255.255.192.0 


no shutdown 

router eigrp 100 

! 

redistribute static 



eigrp log-neighbor-changes 

ip classless 


! 

banner motd & 

*********************************** 

!!!AUTHORIZE ACCESS ONLY!!! 

*********************************** 

& 

! 

line con 0 




login 

line aux 0 




login 

line vty 0 4 



! 




login 

end 

HQ#show ip route 













D 10.0.32.0/19 [90/2297856] via 10.0.0.6, 00:04:47, Serial0/1 






S* 0.0.0.0/0 is directly connected, Serial0/0 

HQ#show ip eigrp neighbors 

IP-EIGRP neighbors for process 100 



0 10.0.0.6 Se0/1 12 00:05:42 384 2304 0 9 

HQ#show ip eigrp topology 

IP-EIGRP Topology Table for AS(100)/ID(10.0.112.1) 




via Rstatic (2169856/0) 



P 10.0.32.0/19, 1 successors, FD is 2297856

via 10.0.0.6 (2297856/128256), Serial0/1 


via Summary (128256/0), Null0 


via Connected, Loopback0 






REMOTE 

hostname REMOTE 

! 


! 




ip host WEB 209.165.202.129 

ip host ISP 209.165.201.1 

ip host HQ 10.0.0.5 

! 


! 

ip address 10.0.32.1 255.255.248.0 


! 

ip address 10.0.40.1 255.255.248.0 


! 

ip address 10.0.48.1 255.255.248.0 


! 

ip address 10.0.56.1 255.255.248.0 


! 


ip address 10.0.0.6 255.255.255.252 

ip summary-address eigrp 100 10.0.32.0 255.255.224.0 

no shutdown 


! 



eigrp log-neighbor-changes 

ip classless 

! 



banner motd & 

*********************************** 

!!!AUTHORIZES ACCESS ONLY!!! 

*********************************** 

& 

! 

line con 0 




login 

line aux 0 




login 

line vty 0 4 

! 




login 

end 

REMOTE#show ip route 
















D 10.0.64.0/18 [90/2297856] via 10.0.0.5, 00:04:58, Serial0/1 

D*EX 0.0.0.0/0 [170/2681856] via 10.0.0.5, 00:04:58, Serial0/1 

REMOTE#show ip eigrp neighbors 

IP-EIGRP neighbors for process 100



0 10.0.0.5 Se0/1 14 00:05:19 24 200 0 11 

REMOTE#show ip eigrp topology 

IP-EIGRP Topology Table for AS(100)/ID(10.0.56.1) 




via 10.0.0.5 (2681856/2169856), Serial0/1 






via Summary (128256/0), Null0 








ISP hostname ISP 

! 


! 



via 10.0.0.5 (2297856/128256), Serial0/1 

ip host HQ 209.165.201.2 

! 


! 

description Simulated Public Web Server 

ip address 209.165.202.129 255.255.255.255 


! 


ip address 209.165.201.1 255.255.255.252 

no shutdown 

ip classless 


! 



banner motd & 

*********************************** 


*********************************** 

& 

! 

line con 0 




login 

line aux 0 




login 

line vty 0 4 

! 




login 

end 

ISP#show ip route 














S 10.0.0.0 is directly connected, Serial0/0

CHAPTER 4 

Switching Concepts 


question, journal entry, and unique custom exercises to test your knowledge on the theory of switching 

and switch operation. 

There are no Lab Exercises for this chapter.



Introduction to Ethernet/802.3 LANs 

LAN design continues to evolve. Network designers until very recently used hubs and bridges to build networks. 

Now switches and routers are the key components in LAN design, and the capabilities and performance 

of these devices continue to improve. 

As a CCNA candidate, you should have a firm grasp of the concepts involved in the evolution of 

Ethernet/802.3, the most commonly deployed LAN architecture. This section offers some exercises to help 

you master these concepts.


Definition 

a. Ethernet’s collision resolution methodology 

b. the fading of a data signal as it travels 

through the media 

c. reading the entire frame to check for errors 

before sending on to the destination 

d. filters traffic at Layer 3; segments broadcast 

domains 

e. Layer 2 device that provides network access 

to hosts 

f. Layer 2 error-checking mechanism 

g. capable of simultaneous transmission and 

reception 

h. basic unit of time in which one bit can be 

sent 

i. multiport repeater or LAN concentrator 

j. sending a frame out all ports except for the 

port it was received on 

k. frames are stored in queues that are linked to 

specific incoming ports` 

l. temporary, dedicated path between two hosts 

created by the switch 

m. sending out frames as soon as the destination 

MAC address is read 

n. deposits all frames into a common memory 

buffer 

o. address contained within the frame header 

for Ethernet encapsulations 

p. sending a frame out a port based on the unicast 

MAC address 

q. filters traffic based on Layer 2 addressing; no 

longer used in today’s networks 

r. forwarding frames after the first 64 bytes are 

read 

s. delay inherent in sending data from the 

source to the destination 

t. area of a LAN where frames from two different 

sources can run into each other 

u. can either send or receive, but not both at the 

same time 

v. filters traffic at Layer 2; capable of microsegmentation 




Term 

t collision domains 

i hub 

o MAC 

q bridge 

v switch 

l virtual circuit 

d router 

a carrier sense multiple access collision detect 

(CSMA/CD) 

u half duplex 

g full duplex 

e network interface card (NIC) 

s latency 

h bit time (slot time) 

b attenuation 

f cyclic redundancy check (CRC) 

c store and forward 

j flooding 

p filtering 

k port-based memory buffering 

n shared memory buffering 

f frame check sequence (FCS) 

m cut-through 

r fragment-free




A hub is a Layer 1 device and is sometimes referred to as a LAN or Ethernet concentrator or a multiport 

repeater. 

Ethernet is fundamentally a shared or broadcast technology through which all users on a given LAN segment 

compete for the same available bandwidth. If two or more devices try to transmit at the same time, a 

collision occurs. 

Bridges and switches operate at the data link layer of the Open System Interconnection (OSI) model. 

These Layer 2 devices make forwarding decisions based on MAC addresses contained within the headers 

of transmitted data frames. 

Switches create a virtual circuit between two connected devices that want to communicate, which is a dedicated 

communication path established between the two devices. 

The implementation of a switch on the network is called microsegmentation, which creates a collision-free 

environment for each device connected to the switch. 

The disadvantage of Layer 2 devices is that they forward broadcast frames to all connected devices on the 

network. 

Routers operate at the network layer of the OSI model and will not forward broadcast frames unless 

specifically programmed to do so. Therefore, routers reduce the size of both the collision domains and the 

broadcast domains in a network. 

CSMA/CD is Ethernet’s access control method. Originally Ethernet was a half-duplex technology, which 

allows hosts to either transmit or receive at one time, but not both. 

Full-duplex Ethernet significantly improves network performance without the expense of installing new 

media and offers 100 percent of the bandwidth in both directions because it is a collision-free environment. 

Frames sent by the two connected end nodes cannot collide, because the end nodes use two separate 

circuits in the Category 3, 5, 5e, or 6 cable. 

Nodes that are attached to hubs that share their connection to a switch port must operate in half-duplex 

mode, because the end stations must be able to detect collisions. 

Latency, or delay, is the time a frame or a packet takes to travel from the source station to the final destination. 

The networking device that adds the most latency is a router. 

A 64-byte frame is the smallest frame that allows CSMA/CD to operate properly, and a 1518-byte frame is 

the largest. 

The distance that a LAN can cover is limited due to attenuation, which means that the signal weakens as it 

travels through the network.

CSMA/CD Process Flow Chart Exercise 

Draw a flow chart of the CSMA/CD process. Your flow chart should have a minimum of six steps, but can 

have more. 

Figure 4-1 CSMA/CD Process Flow Chart 

Calculate 

Back-Off Algorithm 

Send Out 

Jam Signal 

Simple Solution 

1. Host wants to transmit 

2. Is carrier sensed? 

3. Assemble frame 

4. Start transmitting 

5. Is a collision detected? 

6. Keep transmitting 

7. Is the transmission done? 

8. Transmission completed 

9. Broadcast jam signal 

10. Attempts = Attempts + 1 

11. Attempts > Too many? 

12. Too many collisions; abort 

transmission 

13. Algorithm calculates backoff 

14. Wait for t microseconds 

Listen to Wire 

(Carrier Sense) 

Transmit if Free and 

Continue to Listen 

Collision 

Detected? 

Finish 

Transmission 

Complex Solution 

1 

2 

3 

4 

5 

6 

7 

8 

No 

No 

Yes 

Yes 

Yes 

No 


9 

10 

11 

12 

Yes 

No 

13 

14



In your own words, describe the function of a router. 

Routers examine inbound packets for Layer 3 data, choose the best path to the destination network, and 

send the packet out the correct outbound port. 

In your own words, explain how CSMA/CD works in half-duplex Ethernet LANs. 

Each host checks the network to see whether data is being transmitted before it transmits additional data 

(carrier sense). If the network is already in use, the transmission is delayed. Despite transmission deferral, 

two or more hosts could transmit at the same time (multiple access). This results in a collision. When a 

collision occurs, the host that detects the collision first sends out a jam signal to the other hosts (collision 

detection). When a jam signal is received, each host stops data transmission, and then waits for a random 

period of time to retransmit the data. The back-off algorithm generates this random delay. The first host 

whose time expires can restart the process to transmit data. 

Journal Entry 

In your own words, describe the various forms of latency. Draw a topology with several networking 

devices between two communicating computers as part of your explanation. 

Figure 4-2 Your Topology Illustrating Latency 

Switches add 

some latency 

The forms of latency are as follows: 

Latency placing the 

frame on the wire 

Intermediate device latency with 

routers adding the most delay 

The cloud will 

also add latency 

Propagation delay as the 

frame travels down the wire 

Hubs add very 

little latency 

■ First, there is the time it takes the source NIC to place voltage pulses on the wire and the time it takes 

the destination NIC to interpret those pulses. This is sometimes called NIC delay, typically around 1 

microsecond for a 10BASE-T NIC. 

■ Second, there is the actual propagation delay as the signal takes time to travel through the cable. 

Typically, this is about 0.556 microseconds per 100 m for Cat 5 UTP. Longer cable and slower nominal 

velocity of propagation (NVP) result in more propagation delay. 

■ Third, latency is added based on network devices that are in the path between two computers. These 

are either Layer 1, Layer 2, or Layer 3 devices. The more layers a device processes, the more latency 

it adds.

Introduction to LAN Switching 

In the past, repeaters were used in most Ethernet networks. Because Ethernet is a broadcast topology, 

adding repeaters enlarged the domain in which collisions can occur causing a reduction in the bandwidth 

available for data transfer. Bridges were soon introduced to create multiple collision domains. Bridges 

evolved into switches capable of microsegmenting a LAN, effectively creating a collision-free environment. 

Many modern switches are capable of performing varied and complex tasks in the network. For example, 

some switches are capable of performing both Layer 2 and Layer 3 functions. The exercises in this section 

focus on how a switch or router makes a decision to forward data on its way to the intended destination. 

This section provides an introduction to network segmentation and describes the basics of switch operation. 



Networks can be divided into smaller units by a bridge or a switch. These smaller units are called segments. 

Each unit is its own collision domain. 

Bridges and switches are Layer 2 devices that forward data frames based on the MAC address. Bridges 

read the source MAC address of the data packets to discover the devices that are on each segment. The 

source MAC address is used to populate the MAC address table. 

Bridges and switches provide segmentation within a single network or subnetwork. Routers provide connectivity 

between networks and subnetworks. Routers do not forward broadcasts, whereas switches and 

bridges do forward broadcast frames. 

When a switch or bridge is first initialized, the MAC address table is empty. With an empty MAC address 

table, the switch or bridge must forward each frame to all connected ports other than the one on which the 

frame arrived. Sending a frame out all connected ports except the incoming port is called flooding the 

frame. Once a switch or a bridge has learned the topology, it can stop frames from propagating onto segments 

where the destination does not exist. This process is called filtering. 

Building the MAC Address Table Exercise 

Assume that the bridge in Figure 4-3 was just installed and powered on. The MAC address table is empty. 

Answer the following questions and complete the table as the bridge would build it. 

Figure 4-3 Building the MAC Address Table 

A 

0260.8c01.1111 

0260.8c01.2222 

E0 

E1 


C 

0260.8c01.3333 

B D 

0260.8c01.4444


Port MAC Address 

E0 0260.8c01.1111 

E0 0260.8c01.2222 

E1 0260.8c01.4444 

E1 0260.8c01.3333 

1. Host A sends a unicast frame to Host B. What entry, if any, will the bridge enter in its MAC address 

table? 

The bridge will enter the source MAC address for Host A and the interface that Host A is attached to. 

What will the bridge do with the frame? 

Because the bridge does not know where Host B is, the bridge will forward the frame to the segment 

out E1. 

2. Host B responds to Host A with a unicast frame. What entry, if any, will the bridge enter in its MAC 

address table? 

The bridge will enter the source MAC address for Host B and the interface that Host B is attached to. 


The bridge will drop the frame because the destination host, Host A, is on the same segment as Host 

B. Host A has already received the frame. 

3. Host D attempts to log in to Server C. What entry, if any, will the bridge enter in its MAC address 

table? 

The bridge will enter the source MAC address for Host D and the interface that Host D is attached to. 


Because the bridge does not know where Server C is, the bridge will forward the frame to the segment 

out E0. 

4. Server C responds to the login attempt by Host D. What entry, if any, will the bridge enter in its MAC 

address table? 

The bridge will enter the source MAC address for Server C and the interface that Server C is attached 

to. 


The bridge will drop the frame because the destination host, Host D, is on the same segment as Server 

C. Server C has already received the frame. 

5. Server C sends out a broadcast frame announcing its services to all potential clients. What entry, if 

any, will the bridge enter in its MAC address table? 

The bridge will refresh the timestamp on the entry for Server C. 


The bridge will forward the frame out E0 because the destination is a broadcast. Bridges must forward 

broadcasts.


Explain the difference between bridges and switches. 

Bridges are store and forward devices and make the switching decision in software. Switches can process 

frames faster by using some form of cut-through switching and make the switching decision in hardware. 

Switches have less latency than bridges. 

Explain why routers cause more latency than do switches, bridges, or hubs. 

Routers are Layer 3 devices. Therefore, routers must process data at Layer 3. First, the router deencapsulates 

the frame and reads the MAC address. If the MAC address is the router’s MAC or a broadcast, the 

router then calculates the CRC to determine if the frame is corrupted. If the frame is not addressed to the 

router, is not broadcast, or has errors, it is dropped. Otherwise, the router opens the packet header to examine 

the destination IP address, makes a routing decision, and forwards the packet to the outbound interface. 

This extra layer of processing causes more latency than a switch causes. 

Explain the difference between Layer 2 and Layer 3 switching. 

The difference between Layer 2 and Layer 3 switching is the type of information inside the frame that is 

used to determine the correct output interface. Layer 2 switching is based on MAC address information. 

Layer 3 switching is based on network layer addresses, or IP addresses. The features and functionality of 

Layer 3 switches and routers have numerous similarities. The only major difference between the packet 

switching operation of a router and a Layer 3 switch is the physical implementation. In general-purpose 

routers, packet switching takes place in software, using microprocessor-based engines, whereas a Layer 3 

switch performs packet forwarding using application specific integrated circuit (ASIC) hardware. 

Journal Entry 

Explain how a Layer 2 switch can operate in three different switching modes. Include in your explanation 

how much of the frame each method reads, what kind of error checking is performed by the method, and 

what the method’s latency is. Include a diagram of a frame illustrating each method. 

Fast forward has the lowest latency with no error checking. It reads the destination MAC address and 

begins forwarding the frame before the entire frame has been received. Fragment-free switching catches 

most errors because it checks up to the first 64 bytes in the Data field. Most errors are the result of collisions 

and have sizes less than the 64 byte minimum. Latency is fixed, but slightly higher than fast forward. 

However, the improved error detection is usually worth the minor increase in latency. Store and forward 

has the highest latency because it stores the entire frame and checks its CRC to determine if there is an 

error. Latency is also variable on a frame-by-frame basis because frame size varies. 

Note: Students may also mention adaptive cut-through, which is a combination of both fast forward and store and forward. 

Initially, the switch operates in fast forward mode. If too many errors are detected beyond a configurable threshold, 

then the switch automatically moves to store and forward. 

Figure 4-4 Solution Diagram 


7 Bytes 1 Byte 6 Bytes 6 Bytes 2 Bytes Max 1500 Bytes 4 Bytes 

Preamble SFD 

Dest. 

Address 

Source 

Address 

Length Data FCS 

Fast Forward 

Fragment-Free 

Store-and-Forward


Switch Operation 

The exercises in this section reinforce your knowledge of collision and broadcast domains. In addition, 

you revisit the concept of picking the correct cable when connecting devices. 



Even though the LAN switch reduces the size of collision domains, all hosts connected to the switch are 

still in the same broadcast domain. 

Communication in a network occurs in three ways. The most common way of communication is by 

unicast transmissions, in which one transmitter tries to reach one receiver. 

Another way to communicate is known as a multicast transmission, in which one transmitter tries to reach 

only a subset, or a group, of the entire segment. 

The final way to communicate is as a broadcast, in which one transmitter tries to reach all the receivers in 

the network. 

When a device wants to send out a Layer 2 broadcast, the destination MAC address in the frame is set to 

all 1s. A broadcast MAC address is FF:FF:FF:FF:FF:FF in hexadecimal. By setting the destination to this 

value, all the devices will accept and process the broadcasted frame. 

Routers are used to segment both collision and broadcast domains. 

Collision and Broadcast Domains Exercises 

Using Figure 4-5, circle all the collision domains with a solid line and all the broadcast domains with a 

dashed line. 

Figure 4-5 Collision and Broadcast Domains: Topology 1 

Broadcast Domain 

Collision Domain 


dashed line.



dashed line. 




Collision Domain 


Collision Domain


Choose the Correct Cable Exercise 

In the blank provided, indicate with an S for straight-through and C for cross which type of cable would 

be used to connect the two devices. 

S Hub to workstation or server 

C Switch to switch 

C Hub to hub 

C Router to PC 

S Switch to router 

C Workstation to workstation 

S Switch to workstation or server 

C Switch to hub 

C Router to router

Lab Exercises 

There are no Lab Exercises for this chapter. 

Chapter 4: Switching Concepts 231

This page intentionally left blank

CHAPTER 5 

LAN Design and Switches 


question, and identification exercises to test your knowledge on the theory of LAN design and the threelayer 

hierarchical model. 

There are no Lab Exercises for this chapter.



LAN Design 

A network design needs to be functional, scalable, adaptable, and manageable. Designing a network can be 

a challenge because it involves much more than just connecting users. A network requires many features in 

order to be reliable and available based on the needs of the organization. Understanding the basic design 

process and structure of networks will help you to ensure that you are meeting the needs of the network 

users. 




Definition 

a. area of a LAN where frames from two different 

sources can run into each other 

b. switching between ports of different bandwidth 

c. local and remote user access 

d. cabling that runs between wiring closets 

e. responsible for fast switching, redundancy, 

and remote access 

f. cabling that runs from workstations to the 

wiring closet 

g. primary wiring closet where POP is located 

h. all ports on the switch have the same bandwidth 

i. responsible for policy-based connectivity 

j. secondary wiring closet 

k. used to connect cable runs from user to the 

Layer 2 LAN switch ports 

l. used to interconnect the various IDFs to the 

central MDF 

Term 

c access layer 

i distribution layer 

e core layer 

g main distribution facility (MDF) 

j intermediate distribution facility (IDF) 

a collision domain 

k horizontal cross-connect (HCC) 

l vertical cross-connect (VCC) 

b asymmetric switching 

h symmetric switching 

d backbone or vertical cabling




The first step in designing a LAN is to establish and document the goals of the design. 

Most LANs are designed to meet four major requirements: 

■ Functionality, which enables users to meet their job requirements with speed and reliability 

■ Scalability, which means that the network should be designed with future growth in mind 

■ Adaptability, which means that the network design will easily incorporate new technologies 

■ Manageability, which facilitates network monitoring 

Servers can be categorized into two distinct classes: 

■ Enterprise servers support all the users on the network by offering services such as e-mail, DNS, and 

corporate intranet access. 

■ Workgroup servers support a specific set of users, offering services such as word processing and file 

sharing specific to that group’s needs. 

Enterprise servers should be placed in the MDF, and workgroup servers should be placed in the IDF closest 

to the users who need it. 

One of the most important components to consider when designing a network is the cables/cabling/cable 

plant because the physical layer is the cause of most network problems. 

Fiber-optic cable should be used in the backbone and risers in all cable designs. Category 5e or Category 6 

UTP cable should be used in the horizontal runs. The cable upgrade should take priority over any other 

necessary changes. 

The TIA/EIA-568-A standard specifies that every device connected to the network should be linked to a 

central location with horizontal cabling. In a simple star topology, this central location is the MDF (acronym) 

and includes one or more HCCs used to connect the Layer 1 horizontal cabling coming into the wiring 

closet from work areas to the Layer 2 LAN switch inside the wiring closet. 

In larger network environments, multiple wiring closets are often needed. These extra or secondary wiring 

closets are referred to as IDFs. 

A VCC in each wiring closet is used to interconnect the various IDFs to the central MDF. The type of 

backbone or vertical cabling used is usually fiber-optic because the cable lengths are typically longer than 

the 100-meter limit for Category 5e UTP cable. 

Complete Figure 5-1 by filling in all the missing text labeling the components of this multibuilding 

campus LAN.


Figure 5-1 Extended Star Topology in a Multibuilding Campus 

Devices at Layer 2 determine the size of the collision domains, which can negatively affect the performance 

of a network. Switches are capable of microsegmentation, which effectively eliminates collisions 

because only one host is attached to a switch port. 

A router is a Layer 3 device and is one of the most intelligent devices in the network topology. Layer 3 

devices allow communication between segments based on Layer 3 addresses. 

A router does not forward broadcasts, such as Address Resolution Protocol (ARP) requests. Therefore, 

routers segment broadcast domains. 

VLAN implementation combines Layer 2 switching and Layer 3 routing technologies to limit both collision 

domains and broadcast domains. To communicate between two VLANs, you must use a router. 


List at least four issues that should be addressed in LAN design if you are going to maximize bandwidth 

and performance. 

■ The function and placement of servers 

■ Collision domain issues 

■ Segmentation issues 

Telecommunications 

Outlet/Wall Plate 

5 m 

Work Area 

Station Cable 

■ Broadcast domain issues 

90 m 

Horizontal 

Cable Category 

5e UTP 

■ Port speed on switches and NICs 

MDF 

■ CPU processors on workstations and servers 

HCC 

HCC 

IDF 

HCC 

Instructor Note: Your students may list some additional issues that may affect bandwidth. Evaluate each on its 

merit. Does it need to be addressed when designing the LAN? If so, give the student credit. Make sure the students are 

focusing on LAN issues. Some issues they list may actually be related to the WAN side. For example, “increasing the 

bandwidth with the service provider” would not maximize LAN bandwidth and performance. 

Uplink 

Downlink 100 m 

Uplink Port 

VCC 

Vertical Cable 

Multiple Fiber-Optic 

Runs for Expansion 

VCC 

WAN

List and briefly explain the four steps of an effective LAN design methodology. 

Step 1. Gather requirements and expectations. This step involves a process of asking questions of key 

people and the users within the organization. The goal of this step is to determine what availability 

is required. 

Step 2. Analyze requirements and data. This is the process of determining what is required to satisfy 

the needs of the users and also keeping an eye toward future needs. 

Step 3. Design the Layer 1, 2, and 3 LAN structure, or topology. Based on the needs analysis done in 

Steps 1 and 2, determine how the cable plant needs to change and choose or upgrade existing 

equipment. 

Step 4. Document the logical and physical network implementation. This is the most important step. 

For troubleshooting purposes as well as future expansion considerations, the importance of 

documentation cannot be overstated. 

List three purposes of Layer 2 devices. 

■ Switch frames based on destination MAC addresses 

■ Error detection 

■ Reduce congestion 

Why do you want vertical cabling to have a greater data capacity than horizontal cabling? 

Vertical cabling, or backbone cabling, carries aggregated traffic from multiple users. Therefore, it needs to 

be a larger “pipe.” Otherwise, it will be a bottleneck, slowing down data traveling between IDFs. 

What factors need to be considered when choosing whether to use a router or switch at a particular point 

in the network? 

Determine the problem that needs to be solved. If the problem is related to protocol rather than issues of 

contention, then routers are the appropriate solution. Routers solve problems with excessive broadcasts, 

protocols that do not scale well, security issues, and network layer addresses. 

LAN Switches 

Cisco recommends designing your networks based on the three-layer hierarchical model. Each of the LAN 

design layers discussed in this chapter requires switches and routers that are best suited for the task at 

hand. The features, functions, and technical specifications for each switch or router vary based on the LAN 

design layer for which the device is intended. For the best network performance, it is important to understand 

the role of each layer and then choose the device that best suits the layer requirements. 



The hierarchical design model includes the following three layers: 

■ The access layer provides users in workgroups access to the network. 

■ The distribution layer provides policy-based connectivity. 

■ The core layer provides optimal transport between sites. 


The access layer is the entry point for user workstations and servers to the network. In a campus LAN, the 

device used at this layer is typically a switch.


This layer’s functions also include MAC layer filtering, which allows switches to direct frames to only the 

port the destination is attached to, and microsegmentation, which creates collision-free connections. 

The purpose of the distribution layer is to provide a boundary definition in which packet manipulation can 

take place. Networks are segmented into broadcast domains by this layer. Policies can be applied and 

access control lists can filter packets. This layer isolates network problems to the workgroups in which 

they occur and prevents these problems from affecting the core layer. Switches in this layer operate at 

Layer 2 and Layer 3. 

The core layer is responsible for fast packet switching across the backbone, whether WANs or LANs, and 

providing redundant paths. 

Three-Layer Hierarchical Model Exercise 

For each of the following figures, indicate whether the scenario is an access layer function, distribution 

layer function, or core layer function. 

Figure 5-2 Scenario 1 

In Figure 5-2, an access control list (denoted by the firewall) is implemented to prevent unnecessary network 

traffic on the backbone network. The distribution layer is responsible for the implementation of 

access control lists. 


In Figure 5-3, a telecommuter is shown connecting to headquarters through a modem connection. The 

access layer is responsible for allowing telecommuters to connect to the network. 


Headquarters 

Backbone Network 

New York San Jose 

T1 

In Figure 5-4, the core layer is responsible for connecting New York and San Jose across a T1 link.


In Figure 5-5, the access layer is using 2900 series switches to connect end users to the network. 


In Figure 5-6, the distribution layer is using 6000 series switches for inter-VLAN routing. 


In Figure 5-7, the core layer is using multilayer switches for fast switching and no packet manipulation. 


2900 Switches 

6000 Switches 

Multilayer Switches 

6000 Switches 

Chapter 5: LAN Design and Switches 239


In Figure 5-8, the distribution layer is using multilayer switches to summarize OSPF routes. 


List three functions of the access layer. 

■ Local and remote user access 

■ MAC layer filtering 

■ Microsegmentation 

List five functions of the distribution layer 

■ Aggregation of the wiring closet connections 

■ Broadcast/multicast domain definition 

■ VLAN routing 

■ Any media transitions that need to occur 

■ Security 

List three functions of the core layer 

■ Fast switching of packets 

■ Redundancy 

■ Access to remote sites

Lab Exercises 

There are no Lab Exercises for this chapter. 

Chapter 5: LAN Design and Switches 241


CHAPTER 6 

Catalyst Switch Configuration 

The Study Guide portion of this chapter uses a combination of fill in the blank and unique custom exercises 

to test your knowledge of switch configuration. 

The Lab Exercises portion of this chapter includes all of the online curriculum labs as well as a challenge 

lab to ensure that you have mastered the practical, hands-on skills needed about switch configuration.



Starting the Switch 

The exercises in this section focus on knowledge and skills you need before you begin to configure switches. 

You should know how to connect to a switch to configure it. You should also be able to interpret the LEDs. 



Before configuring a switch, make sure it is plugged in and that the system LED is green. If the system 

LED is amber, the switch failed POST and is not operational. To configure a switch, use a rollover cable to 

connect the console port on the back of the switch to a COM port on the back of the computer. If using 

HyperTerminal as your terminal emulator, you need to configure the port settings in the Properties dialog 

box as follows: 

Bit per second: 9600 

Data bits: 8 

Parity: None 

Stop bits: 1 

Flow control: None 

However, simply clicking the Restore Defaults button enters these settings automatically. 

After the switch boots, you are asked the following question: 

Would you like to enter the initial configuration dialog? [yes/no]: 

Just as with a router, answering yes begins Setup mode, in which you are asked a series of basic configuration 

questions. If you accidentally answer yes or want to abort Setup mode, use the key combination 

Ctrl-C. You can also enter setup mode from the privileged user prompt by entering the command setup. 

Answering no gives you the Switch> prompt, from which you can use the command-line interface (CLI) 

to configure the switch. 

You will find that many of the basic configurations of a switch are identical to what you have already 

learned for a router. This is because both devices use the Cisco Internetwork Operating System (IOS). For 

example, to enter privileged mode, type the enable command. The prompt changes to Switch#. To enter 

global configuration mode, enter configure terminal. The prompt changes to Switch(config)#. At any point 

in your configuration, you can enter the ? key to get help.

Switch LED Interpretation Exercise 

The LEDs on a switch provide a wealth of information about the switch. Being able to interpret the meanings 

of different LED colors and statuses is important for troubleshooting problems and gives the network 

engineer a snapshot of current network performance. Refer to Figure 6-1 and answer the following questions 

about a switch’s LED. 

Figure 6-1 Four Main LEDs on the Catalyst 2950 Switch 

System LED 

The system LED is off. What does this indicate? 

No power to the switch. 

What does an amber system LED indicate? 

The system failed POST and is not operational. 

RPS LED 

What does the acronym RPS stand for? 

Redundant power supply. 

The RPS LED is off. What does this indicate? 

No RPS is attached. 

System 

LED 

Port Mode 

LEDs 

What does a green RPS LED indicate? 

A redundant power supply is attached and operational. 

What does a flashing green RPS LED indicate? 

An RPS is attached but unavailable. 

Redundant Power 

Supply LED 

Mode Button 


Port Status 

LEDs 

1x 2x 3x 4x 5x


What does an amber RPS LED indicate? 

An RPS is installed but not operational. 

What does a flashing amber RPS LED indicate? 

The internal power supply failed and the RPS is providing power. 

Port Mode LEDs 

The STAT mode is currently selected. What does each of the following indicate? 

The port LED is off. 

No device is attached. 

The port LED is flashing green. 

The port is sending/receiving traffic on an active link. 

The port LED is amber (three reasons). 

The port has just detected a link and is currently running STP, in which case the LED will be amber for 

30 seconds, the port has been administratively suspended because of an address violation, or the port has 

been suspended by STP because of a loop. 

The UTIL mode is currently selected. Briefly explain this mode’s purpose assuming the switch is a 2950-24. 

If all the port LEDs are green, the switch is using more than 50 percent of total bandwidth. If the far-right 

LED is off, the switch is using more than 25 percent but less than 50 percent of the total bandwidth, and 

so on. If only the far-left LED is green, the switch is using less than 0.0488 percent of the total bandwidth. 

For the DUPLEX and SPEED modes, what does a green LED indicate? 

The port is operating in full duplex and at 100 Mbps, respectively. 

For the SPEED mode, what does a flashing green LED indicate? 

The port is operating at 1000 Mbps. 

Configuring the Switch 

The exercises in this section focus on switch configuration. 

Learn Basic Switch Commands Exercise 

For this exercise, refer to Figure 6-2 to answer the following configuration questions. The router is named 

DIST because it is a distribution layer router and the switch is named ALSW because it is an access layer 

switch.

Figure 6-2 Basic Switch Configuration Exercise 

For a Catalyst 2950 switch, the following default configurations are in place: 

IP address: 0.0.0.0 

CDP: enabled 

100BASE-T port: autonegotiate duplex mode 

Spanning tree: enabled 

Console password: none 

The default hostname is Switch. Record the switch prompt and command to change the hostname to 

ALSW. 

Switch(config)#hostname ALSW 

Record the switch prompt and command to configure class as the encrypted enable password. 

ALSW(config)#enable secret class 

Record the switch prompt and command to enter console line configuration mode. 

ALSW(config)#line console 0 

Record the switch prompt and command to configure the password cisco on the console line. 

ALSW(config-line)#password cisco 

Record the switch prompt and command to require users to log in. 

ALSW(config-line)#login 

DIST 

ALSW 

VLAN1 192.168.1.2/24 

Fa0 192.168.1.1/24 

Chapter 6: Catalyst Switch Configuration 247


The preceding commands should also be entered on the Telnet lines. A switch has 16 Telnet lines numbered 

0 to 15. The command to enter Telnet line configuration mode is line vty 0 15. 

A switch should be assigned an IP address so that it can be accessed remotely using Telnet or other 

TCP/IP applications. Referring to Figure 6-2, record the switch prompt and commands to enter interface 

configuration mode and then to configure ALSW with an IP address. Then record the command to activate 

the interface. 

ALSW(config)#interface vlan1 

ALSW(config-if)#ip address 192.168.1.2 255.255.255.0 

ALSW(config-if)#no shutdown 

To receive and send IP packets, the management interface needs a default gateway. Record the switch 

prompt and command to configure ALSW with a default gateway. 

ALSW(config)#ip default-gateway 192.168.1.1 

The ports on a switch are defaulted to autonegotiate the speed and duplex. However, it is a good idea to set 

these to the correct setting for the attached host, because autonegotiation can produce unpredictable results. 

Record the switch prompt and commands to configure a port’s interface to 100 Mbps and full duplex. 

Note: The commands must be entered in this order. If you try to enter the duplex command first, you will get the 

message: “Duplex can not be set until speed is set to non-auto value.” 

ALSW(config-if)#speed 100 

ALSW(config-if)#duplex full 

To enhance security, you can statically configure a port with the MAC address of the host or hosts attached 

to that port. Record the switch prompt and command to statically configure the MAC address 

0005.9a3c.7800 on port 6. 

ALSW(config)#mac-address-table static 0005.9a3c.7800 vlan 1 interface FastEthernet0/6 

Instead of explicitly configuring the MAC address, you can configure a port to dynamically learn MAC 

addresses and have them “stick” to the current configuration. When in interface configuration mode for 

port 5, you need several commands to enable the following security requirements. Be sure the port is in 

access mode and do not forget to enable port security. Set the maximum addresses that the port can learn 

to 1 and set the port to shut down if another MAC address is detected. 

ALSW(config)#interface fastEthernet 0/5 

ALSW(config-if)#switchport mode access 

ALSW(config-if)#switchport port-security 

ALSW(config-if)#switchport port-security maximum 1 

ALSW(config-if)#switchport port-security mac-address sticky 

ALSW(config-if)#switchport port-security violation shutdown 

Briefly explain what each of the following port security violation keywords enables on the interface: 

■ protect—When the port reaches the maximum number of MAC addresses, frames with unknown 

source addresses are dropped until you remove at least one secure MAC address. 

■ restrict—The port will still forward traffic from unknown sources above the maximum number, but 

the switch will send an SNMP trap notification to the network management workstation. 

■ shutdown—The port is shut down in a err-disabled state for all traffic, and an SNMP trap notification 

is sent to the network management station. You can bring it out of this state by entering the errdisable 

recovery cause psecure-violation global configuration command, or you can manually re-enable it by 

entering the shutdown and no shutdown interface configuration commands.

Lab Exercises 


In the following table, record the command, including the correct switch prompt, that fits the description 

for a 2950 Catalyst switch. Fill in any blanks with the appropriate missing information. 



Switch#show vlan Displays the current VLAN configuration 

Switch#delete flash:vlan.dat Removes the VLAN database from Flash memory 

Switch(config)#interface vlan1 Enables the virtual interface for VLAN1, the default 

VLAN on the switch 

Switch(config)#ip default-gateway 192.168.1.1 Configures a gateway to allow IP packets an exit 

Switch(config-if)#duplex full Forces full-duplex operation on an interface 

Switch(config-if)#duplex auto Enables auto-duplex configuration 

Switch(config-if)#duplex half Forces half-duplex operation on an interface 

Switch(config-if)#speed 10 Forces 10-Mbps operation on an interface 

Switch(config-if)#speed 100 Forces 100-Mbps operation on an interface 

Switch(config-if)#speed auto Enables autospeed configuration 

Switch#show mac-address-table Displays the current MAC address forwarding table 

Switch#clear mac-address-table dynamic Deletes all learned entries from the current MAC address 

forwarding table 

Switch(config)#mac-address-table static Sets a static address of aaaa.aaaa.aaaa in the MAC 

aaaa.aaaa.aaaa vlan 1 interface fa0/1 address table for Fa0/1 

Switch(config-if)#switchport port-security Enables port security on the interface 

Switch(config-if)#switchport port-security Sets the maximum number of MAC addresses 

maximum 1 that a port can learn to 1 

Switch(config-if)#switchport port-security Configures the port to dynamically learn MAC addresses 

mac-address sticky and “stick” them to the configuration 

Switch(config-if)#switchport port-security Configures the port to be disabled if there is a security 

violation shutdown violation 

Switch(config-if)#switchport port-security Configures the port to send a SNMP trap if a security 

violation restrict violation is detected but does not shut down the port 

Switch(config-if)#switchport port-security Configures the port to drop all frames from unknown 

violation protect source MAC addresses after the maximum configured 

MAC addresses have been learned


Curriculum Lab 6-1: Verifying Default Switch 

Configuration (6.2.1) 


Objective 

Investigate the default configuration of a 2900 series switch. 


Cable a network that is similar to the one in Figure 6-3. The 2950 series switch produced the configuration 

output in this lab. Another switch might produce different output. You should execute the following steps 

on each switch unless you are specifically instructed otherwise. Instructions are also provide for the 1900 

series switch, which initially displays a User Interface Menu. Select the Command Line option from the 

menu to perform the steps for this lab. 


Implement the procedure documented in Appendix B, “Erasing and Reloading the Switch,” on all switches 

before you continue with this lab. 

General Configuration Tips 

FA0/1 FA0/4 

Switch 1 




Serial Cable 

■ Use the question mark (?) and arrow keys to help to enter commands. 

■ Each command mode restricts the set of available commands. If you have difficulty entering a command, 

check the prompt and then enter ? for a list of available commands. You might be using the 

wrong command mode or the wrong syntax. 

■ To disable a feature, enter the keyword no before the command, such as no ip address. 

■ Save the configuration changes to NVRAM so that you do not lose the changes if there is a system 

reload or power outage.

Table 6-1 shows the switch command modes that you should be familiar with for all labs in this chapter. 

Table 6-1 Switch Command Modes 

Command Access Switch Prompt Exit 

Mode Method Displayed Method 

User EXEC Log in. Switch> Use the logout command. 

Privileged From user EXEC mode, Switch# To exit to user EXEC mode, use the 

EXEC enter the enable command. disable, exit, or logout command. 

Global From privileged EXEC Switch (config)# To exit to privileged EXEC mode, 

configuration mode, enter the configure use the exit or end command, or 

terminal command. press Ctrl-Z. 

Interface From global configuration Switch (config-if)# To exit to global configuration 

configuration mode, enter the interface mode, use the exit command. 

type number command, such 

as interface serial 0. 

Task 1: Enter Privileged Mode 

Step 1. Privileged mode gives access to all the switch commands. Because many of the privileged 

mode commands configure operating parameters, privileged mode access should be passwordprotected 

to prevent unauthorized use. The privileged mode command set includes those commands 

that are contained in user EXEC mode, as well as the configure command through 

which access to the remaining command modes is gained. 

Switch>enable 

Switch# 

Step 2. Notice that the prompt changed to reflect privileged EXEC mode. 

Task 2: Examine the Current Switch Configuration 

Step 1. Examine the current running configuration file: 

Switch#show running-config 

How many Ethernet and Fast Ethernet interfaces does the switch have? 

24 Fast Ethernet ports 

What is the range of values shown for the VTY lines? 5 to 15 

Step 2. Examine the current contents of NVRAM. 

Switch#show startup-config 

%% Non-volatile configuration memory is not present 

Why does the switch give this response? 

Nothing is currently stored in NVRAM due to the erase startup. 



Step 3. Show the current IP address of the switch. 

Switch#show interface VLAN 1 

Is an IP address set on the switch? No 

What is the MAC address of this virtual switch interface? 

0004.c075.1500 (answers will vary) 

Is this interface up? No 

Step 4. You can show the IP properties of the interface by entering the following command: 

Switch#show ip interface VLAN 1 

Step 5. The following command provides the switch IP address information for the 1900: 

#show ip 

Task 3: Get Cisco IOS Software Information 

Examine the version information that the switch reports. 

Switch#show version 

What is the IOS version that the switch is running? 

12.1(9)EA1 

What is the system image filename? 

c2950-i6q4l2-mz.121-9.EA1.bin 

What is the base MAC address of this switch? 

00:04:C0:75:15:00 (answers will vary) 

Is the switch running Enterprise Edition software? 

No, it is running the standard image. 

Is the switch running Enhanced Image software, indicated by the letters EA in the IOS filename (2950 

series)? Yes 

Task 4: Examine the Fast Ethernet Interfaces 

Examine the default properties of the Fast Ethernet interfaces. As an example, examine the properties of 

the fourth interface: 

Switch#show interface fastethernet 0/4 

1900: 

#show interface fastethernet 0/26 

Note: This is a trunk port.

or 

#show interface ethernet 0/4 

Note: This is an access port. 

2950: 

#show interface fastethernet 0/4 

Note: This can be a trunk or access port. 

or 

#show interface gigabitethernet 0/1 

Note: This can be a trunk or access port. 

Is the interface up or down? Up 

What event would make an interface go up? 

Attaching a host to the port would make an interface go up. 

What is the MAC address of the interface? 

0004.c075.1504 (answers will vary) 

What is the speed and duplex setting of the interface? 

Auto-duplex, Auto-speed 

Task 5: Examine VLAN Information 

Examine the default VLAN settings of the switch. 

Switch#show vlan 

What is the name of VLAN 1? Default 

Which ports are in this VLAN? All, 1[nd]24 

Is VLAN 1 active? Yes 

What type of VLAN is the default VLAN? Ethernet 

Task 6: Examine Flash Memory (1900: Skip to Step 8) 

Examine the contents of the Flash directory. 

Switch#dir flash: 

or 

Switch#show flash 



Name the files and directories found. 

2 -rwx 2490607 Mar 01 1993 00:02:56 c2950-i6q4l2-mz.121-9.EA1.bin 

3 -rwx 269 Jan 01 1970 00:01:43 env_vars 

6 -rwx 108 Mar 01 1993 00:01:37 info 

7 drwx 640 Mar 01 1993 00:03:46 html 

18 -rwx 108 Mar 01 1993 00:03:46 info.ver 

Task 7: Examine the Startup Configuration File 

Step 1. To see the contents of the startup configuration file, enter the show running-config command 

in privileged EXEC mode. 


Step 2. The switch responds with the following: 

Non-volatile configuration memory is not present 

Why does this message appear? 

No startup configuration file is present. 

Step 3. Copy the current configuration to NVRAM. This step ensures that any changes made will be 

available to the switch if there is a reload or if the power goes off. 

Switch#copy running-config startup-config 

Destination filename [startup-config]? 


[OK] 

Switch# 

Step 4. Show the contents of NVRAM. 


What is displayed now? 

A copy of the running configuration is now saved in NVRAM and will be used the next time 

the router is rebooted. 

Task 8: Exit the Switch 

Step 1. Exit to the switch welcome screen. 

Switch#exit 

Step 2. Remove and store the cables and adapter.

Curriculum Lab 6-2: Basic Switch Configuration (6.2.2) 



Switch Designation Switch Name Enable Secret Password Enable/VTY/Console Password 

Switch 1 ALSwitch class cisco 

Objectives 

■ Configure a switch with a name and an IP address. 

■ Configure passwords to ensure that access to the CLI is secured. 

■ Configure switch port speed and duplex properties for an interface. 

■ Save the active configuration. 

■ View the switch browser interface. 


FA0/1 FA0/4 

Switch 1 





Serial Cable 


output used in this lab. Another switch might produce different output. You should execute the following 

steps on each switch unless you are specifically instructed otherwise. Instructions are also provided for the 

1900 series switch, which initially displays a User Interface Menu. Select the Command Line option from 

the menu to perform the steps for this lab.



Implement the procedure documented in Appendix B before you continue with this lab. 

Task 1: Enter Privileged Mode 

Step 1. Privileged mode gives access to all the switch commands. Because many of the privileged 

mode commands configure operating parameters, privileged mode access should be passwordprotected 

to prevent unauthorized use. The privileged mode command set includes those commands 

that are contained in user EXEC mode, as well as the configure command through 

which access to the remaining command modes is gained. 

Switch>enable 

Switch# 

1900: 

>enable 

# 

Step 2. Notice that the prompt changed to reflect privileged EXEC mode. 

Task 2: Examine the Current Switch Configuration 

Step 1. Examine the current running configuration file. 


How many Ethernet or Fast Ethernet interfaces does the switch have? 24 

What is the range of values shown for the VTY lines? 5–15 



Current configuration : 1427 bytes 

! 

version 12.1 

no service pad 

service timestamps debug uptime 

service timestamps log uptime 

no service password-encryption 

! 

hostname Switch 

! 

! 


! 

spanning-tree mode pvst 

no spanning-tree optimize bpdu transmission 

spanning-tree extend system-id 

! 

! 


no ip address 

!


no ip address 

! 


no ip address 

! 


no ip address 

! 


no ip address 

! 


no ip address 

! 


no ip address 

! 


no ip address 

! 


no ip address 

! 


no ip address 

! 


no ip address 

! 


no ip address 

! 


no ip address 

! 


no ip address 

! 


no ip address 

! 


no ip address 

! 


no ip address 

! 


no ip address 

! 




no ip address 

! 


no ip address 

! 


no ip address 

! 


no ip address 

! 


no ip address 

! 


no ip address 

! 

interface Vlan1 

no ip address 

no ip route-cache 

shutdown 

! 

ip http server 

! 

! 

line con 0 

line vty 5 15 

! 

end 

Switch# 

Step 2. Examine the current contents of NVRAM. 


startup-config is not present 

Why does the switch give this response? 

Nothing is saved into NVRAM. 

Task 3: Assign a Name to the Switch 

Step 1. Enter enable and then configuration mode. Configuration mode allows the management of the 

switch. Enter the name by which this switch will be referred, ALSwitch. 

Switch#configure terminal 

Enter configuration commands, one per line. End with Ctrl+Z. 

Switch(config)#hostname ALSwitch 

ALSwitch(config)#exit 

Step 2. Notice that the prompt changed to reflect its new name. Type exit or press Ctrl-Z to go back 

into privileged mode.

Task 4: Examine the Current Running Configuration 

Examine the current configuration to verify that there is no configuration except for the hostname. 

ALSwitch#show running-config 

Are passwords set on lines? No 

What does the configuration show as the hostname of this switch? ALSwitch 

ALSwitch#show running-config 



! 

version 12.1 





! 

hostname ALSwitch 

! 

! 


! 




! 

! 


! 


! 


! 


! 


! 


! 


! 


! 


! 





! 


! 


! 


! 


! 


! 


! 


! 


! 


! 


! 


! 


! 


! 



shutdown 

! 


! 

! 

line con 0 

line vty 5 15 

! 

end 

ALSwitch#

Task 5: Set the Access Passwords (1900: Skip to Task 6) 

Enter config-line mode for the console. Set the password on this line to cisco for login. Configure the VTY 

lines 5 to 15 with the password cisco. 

ALSwitch#configure terminal 

Enter configuration commands, one per line. End with Ctrl-Z. 

ALSwitch(config)#line con 0 

ALSwitch(config-line)#password cisco 

ALSwitch(config-line)#login 

ALSwitch(config-line)#line vty 0 15 


ALSwitch(config-line)#login 

ALSwitch(config-line)#exit 

Task 6: Set the Command Mode Passwords 

Set the enable password to cisco and the enable secret password to class. 

ALSwitch(config)#enable password cisco 

ALSwitch(config)#enable secret class 

1900: 

ALSwitch(config)#enable password level 15 cisco 

ALSwitch(config)#enable secret class 

Which password takes precedence: the enable password or the enable secret password? secret 

Task 7: Configure Layer 3 Access to the Switch 

Step 1. Set the IP address of the switch to 192.168.1.2 with a subnet mask of 255.255.255.0. Note that 

this is done on the internal virtual interface VLAN 1. 

ALSwitch(config)#interface VLAN 1 

ALSwitch(config-if)#ip address 192.168.1.2 255.255.255.0 

ALSwitch(config-if)#exit 

1900: 

ALSwitch(config)#ip address 192.168.1.2 255.255.255.0 


Step 2. Set the default gateway for the switch and the default management VLAN as 192.168.1.1. 

ALSwitch(config)#ip default-gateway 192.168.1.1 


1900: 

ALSwitch(config)#ip default-gateway 192.168.1.1 




Task 8: Verify the Management LAN Settings (1900: Skip to Step 9) 

Step 1. Verify the interface settings on VLAN 1. 

ALSwitch#show interface VLAN 1 

What is the bandwidth on this interface? 

1000000 Kbit 

What are the VLAN states? VLAN1 is down, and line protocol is down. 

Step 2. Enable the virtual interface using the no shutdown command. 

ALSwitch(config)#interface VLAN 1 

ALSwitch(config-if)#no shutdown 

ALSwitch(config-if)#exit 

What is the queuing strategy? FIFO 

ALSwitch#show interface vlan 1 

Vlan1 is administratively down, line protocol is down 

Hardware is CPU Interface, address is 0009.b7f6.61c0 (bia 0009.b7f6.61c0) 




Encapsulation ARPA, loopback not set 

ARP type: ARPA, ARP Timeout 04:00:00 

Last input 00:06:12, output never, output hang never 

Last clearing of “show interface” counters never 

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 

Queueing strategy: fifo 

Output queue :0/40 (size/max) 

5 minute input rate 0 bits/sec, 0 packets/sec 

5 minute output rate 5000 bits/sec, 1 packets/sec 

47 packets input, 6606 bytes, 0 no buffer 

Received 47 broadcasts, 0 runts, 0 giants, 0 throttles 

0 input errors, 0 CRC, 0 frame, 0 overrun, 33 ignored 

664 packets output, 372036 bytes, 0 underruns 

0 output errors, 3 interface resets 

0 output buffer failures, 0 output buffers swapped out 

ALSwitch# 

Task 9: Configure Port Speed and Duplex Properties for a Fast 

Ethernet Interface 

Note: 1900 switch access ports can operate only at 10 Mbps, but duplex can be set to full. If the switch has 

10/100-Mbps trunk ports, the speed and duplex can be set for these. 

Step 1. Prepare to configure the fastethernet 0/4 interface. 


Step 2. Enter configuration commands, one per line. End with Ctrl-Z. 

ALSwitch(config)#interface fastethernet 0/4

Step 3. Set the port speed of interface fastethernet 0/4 to 100 Mbps and to operate in full-duplex mode. 

ALSwitch(config-if)#speed 100 

ALSwitch(config-if)#duplex full 

Step 4. If you know that the devices that are connected to a port must operate at a certain speed and in 

duplex mode, you should set the interface to that speed and mode. 

Task 10: Verify the Settings on a Fast Ethernet Interface 

ALSwitch#show interface fastethernet 0/4 

ALSwitch#show interfaces fastEthernet 0/4 

FastEthernet0/4 is down, line protocol is down (notconnect) 

Hardware is Fast Ethernet, address is 000b.be7f.ed44 (bia 000b.be7f.ed44) 




Keepalive set (10 sec) 

Full-duplex, 100Mb/s 

input flow-control is unsupported output flow-control is unsupported 


Last input never, output 00:05:53, output hang never 




Output queue: 0/40 (size/max) 




Received 0 broadcasts (0 multicast) 

0 runts, 0 giants, 0 throttles 


0 watchdog, 0 multicast, 0 pause input 

0 input packets with dribble condition detected 


0 output errors, 0 collisions, 2 interface resets 

0 babbles, 0 late collision, 0 deferred 

0 lost carrier, 0 no carrier, 0 PAUSE output 


ALSwitch# 

Task 11: Save the Configuration 

Step 1. The basic configuration of the switch has just been completed. Back up the running configuration 

file to NVRAM. This ensures that the changes made will not be lost if the system is 

rebooted or loses power. 

ALSwitch#copy running-config startup-config 





[OK] 

ALSwitch# 

Step 2. The configuration is automatically saved to NVRAM within approximately 1 minute of entering 

a command. To save the configuration to a TFTP server, enter the following: 

ALSwitch#copy nvram tftp://tftp server ip address/destination_filename 

Task 12: Examine the Startup Configuration File (1900: Skip to 

Task 13) 

To see the configuration that is stored in NVRAM, enter show startup-config from privileged EXEC 

(enable) mode. 

ALSwitch#show startup-config 

What is displayed? 

Copy of the running-configuration 

Are all the changes that were entered recorded in the file? Yes 


Using 1302 out of 32768 bytes 

! 

version 12.1 





! 


! 

enable secret 5 $1$dw/7$XS/PsFsTanHdxanztCdBO0 


! 


! 

! 




! 

! 


! 


!


! 


! 

speed 100 

duplex full 


! 


! 


! 


! 


! 


! 


! 


! 


! 


! 


! 


! 


! 


! 


! 


! 


! 


! 


! 




! 


! 

ip address 192.168.1.2 255.255.255.0 


shutdown 

ip default-gateway 192.168.1.1 


! 

line con 0 


login 

line vty 0 4 


login 

line vty 5 15 

! 

! 


login 

end 

Task 13: Remove the Enable and Enable Secret Passwords 


Enter configuration commands, one per line. End with Ctrl+Z. 

ALSwitch(config)#no enable password 

ALSwitch(config)#no enable secret 

1900: 

ALSwitch(config)#no enable password level 15 


Task 14: Access the Switch Web Interface 

Step 1. Access to the web interface of the switch may be on by default. If it is not on, issue the following 

command: 

ALSwitch(config)#ip http server 

Step 2. Start your web browser.

Step 3. Type the switch IP address into the Location field (Netscape) or Address field (Internet 

Explorer) and press Enter. 

Step 4. Because you have not secured access to the switch web interface, you will get a web page from 

the switch. You will not be asked to supply a username or password. 



Switch#exit 

Step 2. Remove and store the cables and adapter. 

Curriculum Lab 6-3: Managing the MAC Address Table 

(6.2.3) 



Switch Switch Name VLAN 1 IP Default Gateway Subnet Mask 

Designation Address IP Address 

Switch 1 ALSwitch 192.168.1.2 192.168.1.1 255.255.255.0 

The enable secret password is class. 

The enable, VTY, and console password is cisco. 

Objective 

FA0/1 FA0/4 

Switch 1 



Create a basic switch configuration and manage the switch MAC table. 



Serial Cable



Cable a network that is similar to the one in Figure 6-5. The 2950 switch produced the configuration output 

in this lab. Another switch might produce different output. Instructions are also provided for the 1900 




Implement the procedure documented in Appendix B on all switches before you continue with this lab. 

Task 1: Configure the Switch 

Configure the hostname and passwords, as well as the management VLAN 1 settings for the switch, as 

indicated in Table 6-3. If you have problems while performing this configuration, refer to Curriculum 

Lab 6-2, “Basic Switch Configuration (6.2.2).” 

Task 2: Configure the Hosts that Are Attached to the Switch 

Configure the hosts to use the same IP subnet for addresses, masks, and the default gateway as the switch. 


To verify that the hosts and switch are correctly configured, ping the switch IP address from the hosts. 


If the answer is no, troubleshoot the hosts and switch configurations. 

Task 4: Record the Host MAC Addresses 

Determine and record the Layer 2 addresses of the PC network interface cards. 

If you are running Windows 98, check using Start > Run > winipcfg. Click More info. 

If you are running Windows 2000 or higher, check using Start > Run > cmd > ipconfig /all. 

PC1: 00-01-02-76-8E-EC 

PC4: 00-01-02-76-90-DD 

Task 5: Determine the MAC Addresses that the Switch Has 

Learned 

Determine the MAC addresses that the switch has learned by using the show mac-address-table command 


ALSwitch#show mac-address-table 

How many dynamic addresses exist? 2 

How many MAC addresses exist? 6 

How many addresses have been user defined? None 

Do the MAC addresses match the host MAC addresses? Yes

Task 6: Determine the show mac-address-table Options 

Step 1. Determine the options that the show mac-address-table command has by using the ? option. 

ALSwitch#show mac-address-table ? 

How many options are available for the show mac-address-table command? 11 

ALSwitch#show mac-address-table ? 

address address keyword 

aging-time aging-time keyword 

count count keyword 

dynamic dynamic entry type 

interface interface keyword 

multicast multicast info for selected wildcard 

notification MAC notification parameters and history table 

static static entry type 

vlan VLAN keyword 

| Output modifiers 

 

Step 2. Show the MAC address table for the switch. 

How many total MAC addresses exist? 6 


Mac Address Table 

—————————————————————- 

Vlan Mac Address Type Ports 

—— —————- ———— ——- 

All 0009.b7f6.61c0 STATIC CPU 

All 0100.0ccc.cccc STATIC CPU 

All 0100.0ccc.cccd STATIC CPU 

All 0100.0cdd.dddd STATIC CPU 

1 0001.0276.8eec DYNAMIC Fa0/1 

1 0001.0276.90dd DYNAMIC Fa0/4 

Total Mac Addresses for this criterion: 6 

Step 3. Show only the MAC address table addresses that were learned dynamically. 

How many exist? 2 



—————————————————————- 


—— —————- ———— ——- 

1 0001.0276.8eec DYNAMIC Fa0/1 

1 0001.0276.90dd DYNAMIC Fa0/4 


Task 7: Clear the MAC Address Table 

Remove the existing MAC addresses by using the clear mac-address-table command from the privileged 


ALSwitch#clear mac-address-table dynamic 



Task 8: Verify the Results 

Verify that the mac-address-table was cleared. 


How many MAC addresses exist now? 4 




—————————————————————- 


—— —————- ———— ——- 






Task 9: Determine the clear mac-address-table Options 

Determine the options that are available with the command clear mac-address-table ? at the privileged 


ALSwitch#clear mac-address-table ? 

How many options exist? 2 

ALSwitch#clear mac-address-table ? 

dynamic dynamic entry type 

notification Clear MAC notification Global Counters 

In what circumstances would these options be used? 

They would be used to remove dynamic MAC address entries or clear MAC notification counters. 

Task 10: Examine the MAC Table Again 

Step 1. Look at the MAC address table again by using the show mac-address-table command at the 

privileged EXEC mode prompt. 


How many dynamic addresses exist? 2

Why did this change from the last display? 

More than likely, the switch has received some broadcasts since the last time you clear the 

table. 



—————————————————————- 


—— —————- ———— ——- 





1 0001.0276.8eec DYNAMIC Fa0/1 

1 0001.0276.90dd DYNAMIC Fa0/4 


Step 2. If the table has not changed yet, ping the switch IP address from the hosts two times each and 

repeat step 10. 



Switch#exit 


Curriculum Lab 6-4: Configuring Static MAC Addresses 

(6.2.4) 


FA0/1 FA0/4 

Switch 1 





Serial Cable



Switch Switch Name VLAN 1 IP Default Gateway Subnet Mask 

Designation Address IP Address 




Objectives 

■ Create a static address entry in the switch MAC table. 

■ Remove the created static MAC address entry. 












Task 2: Configure the Hosts Attached to the Switch 

Configure the hosts to use the same IP subnet for addresses, masks, and the default gateway as the switch. 





Task 4: Record the Host MAC Addresses 



If you are running Windows 2000, check using Start > Run > cmd > ipconfig /all. 

PC1: 08-00-46-06-FB-B6 (example; answers will vary) 

PC4: 00-08-74-4D-8E-E2 (example; answers will vary)


Learned 






Do the MAC addresses match the host MAC addresses? They should. 



—————————————————————- 


—— —————- ———— ——- 





1 0008.744d.8ee2 DYNAMIC Fa0/4 

1 0800.4606.fbb6 DYNAMIC Fa0/1 


Task 6: Determine the mac-address-table Options 

Determine the options that the mac-address-table command has by using the ? option. 

ALSwitch(config)#mac-address-table ? 

How many options are available for the mac-address-table command? 3 


aging-time Set MAC address table entry maximum age 

notification Enable/Disable MAC Notification on the switch 

static static keyword 

There is an option to set a static MAC address in the table. Under what circumstances would you use this 

option? To add security to your switch. 

Task 7: Set Up a Static MAC Address 

Set up a static MAC address on Fast Ethernet interface 0/4. Use the address that was recorded for PC4 in 

Task 4. The MAC address 00e0.2917.1884 is used in the example statement only. 

ALSwitch(config)#mac-address-table static 00e0.2917.1884 interface fastethernet 0/4 vlan 1 

1900: 


ALSwitch(config)#mac-address-table permanent 00e0.2917.1884 ethernet 0/4



Verify the MAC address table entries. 


How many MAC addresses exist now? 5 

How many static addresses exist? 5 



—————————————————————- 


—— —————- ———— ——- 





1 0008.744d.8ee2 STATIC Fa0/4 


Under what circumstances can other static or dynamic learning of addresses occur on switch port 4? 

Connecting a hub to that port will enable that to occur. 

Task 9: Remove the Static MAC Entry 

You might need to reverse the static mac-address-table entry. To do this, enter configuration mode and 

reverse the command by putting no in front of the entire old command string. The MAC address 

00e0.2917.1884 is used in the example statement only. Use the MAC address that was recorded for the 

host on port 0/4. 

ALSwitch(config)#no mac-address-table static 00e0.2917.1884 interface 

fastethernet 0/4 vlan 1 

1900: 

ALSwitch(config)#no mac-address-table permanent 00e0.2917.1884 

ethernet 0/4


Verify that the static MAC address was cleared. 

ALSwitch#show mac-address-table static 

ALSwitch#show mac-address-table static 


—————————————————————- 


—— —————- ———— ——- 





1 0008.744d.8ee2 DYNAMIC Fa0/4 

1 0800.4606.fbb6 DYNAMIC Fa0/1 


How many static MAC addresses exist now? 4 



Switch#exit 


Curriculum Lab 6-5: Configuring Port Security (6.2.5) 


FA0/1 FA0/4 

Switch 1 





Serial Cable



Switch Switch Name VLAN 1 Default Gateway Subnet Mask 

Designation IP Address IP Address 




Objectives 

■ Create and verify a basic switch configuration. 

■ Configure port security on individual Fast Ethernet ports. 













Step 1. Configure the hosts to use the same IP subnet for addresses, masks, and the default gateway as 

the switch. 

Step 2. You need a third host for this lab. You must configure this host with the address 192.168.1.7. 

The subnet mask is 255.255.255.0 and the default gateway is 192.168.1.1. Do not connect this 

PC to the switch yet. 


To verify that the hosts and switch are configured correctly, ping the switch IP address from the hosts. 



Task 4: Record the Hosts’ MAC Addresses 


If you are running Windows 98, check using Start > Run > winipcfg. Click More info.



PC4: 00-08-74-4D-8E-E2 (example; answers will vary) 


Learned 









—————————————————————- 


—— —————- ———— ——- 





1 0008.744d.8ee2 DYNAMIC Fa0/4 

1 0800.4606.fbb6 DYNAMIC Fa0/1 











Task 4. The MAC address 00e0.2917.1884 is used in the example statement only. 

ALSwitch(config)#mac-address-table static 00e0.2917.1884 interface 


1900: 

ALSwitch(config)#mac-address-table permanent 00e0.2917.1884 ethernet 

0/4 









—————————————————————- 


—— —————- ———— ——- 





1 0008.744d.8ee2 STATIC Fa0/4 

1 0800.4606.fbb6 DYNAMIC Fa0/1 


Task 9: List Port Security Options 

Step 1. Determine options for setting port security on interface Fast Ethernet 0/4. Enter switchport 

port security ? from the interface configuration prompt for Fast Ethernet port 0/4. 

ALSwitch(config)#interface fastethernet 0/4 

ALSwitch(config-if)#switchport port-security ? 

aging Port-security aging commands 

mac-address Secure mac address 

maximum Max secure addresses 

violation Security violation mode 

 

1900: 

ALSwitch(config)#interface ethernet 0/4 

ALSwitch(config-if)#port secure ? 

max-mac-count Maximum number of addresses allowed on the port 

 

Step 2. Allow the switch port fastethernet 0/4 to accept only one device by using the following commands: 

ALSwitch(config-if)#switchport mode access 

ALSwitch(config-if)#switchport port-security 

ALSwitch(config-if)#switchport port-security mac-address sticky 

1900: 

ALSwitch(config-if)#port secure


Step 1. Verify the MAC address table entries. 


How are the address types listed for the two MAC addresses? 

The entry for Fa0/1 is DYNAMIC but the entry for Fa0/4 is STATIC. 



—————————————————————- 


—— —————- ———— ——- 





1 0008.744d.8ee2 STATIC Fa0/4 

1 0800.4606.fbb6 DYNAMIC Fa0/1 


Step 2. Show port security settings. 

ALSwitch#show port-security 

ALSwitch#show port-security 

Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action 

(Count) (Count) (Count) 

—————————————————————————————————————- 

Fa0/4 1 0 0 

Shutdown 

—————————————————————————————————————- 

Total Addresses in System (excluding one mac per port) : 0 

Max Addresses limit in System (excluding one mac per port) : 1024 

1900: 

ALSwitch#show mac-address-table security 

Task 11: Show the Running Configuration File 

Do some statements directly reflect the security implementation in the listing of the running configuration? 

Yes 

What do those statements mean? 

Port security is enabled. 


switchport mode access 

switchport port-security 

switchport port-security mac-address sticky 



Task 12: Limit the Number of Hosts Per Port 

Step 1. On interface fastethernet 0/4, set the port security maximum MAC count to 1. 


ALSwitch(config-if)#switchport port-security maximum 1 

1900: 

ALSwitch(config)#interface Ethernet 0/4 

ALSwitch(config-if)#port secure max-mac-count 1 

Step 2. Disconnect the PC that is attached to fastethernet 0/4 and connect to that port the PC that has 

been given the IP address 192.168.1.7. This PC has not been attached to the switch. To generate 

some traffic, you might need to ping the switch address 192.168.1.2. 

Record your observations. 

Task 13: Configure the Port to Shut Down if a Security Violation 

Occurs 

Step 1. If a security violation occurs, you should shut down the interface. Make the port security action 

shutdown. 

2950 

ALSwitch(config-if)#switchport port-security violation shutdown 

1900: 

ALSwitch(config-if)#port security action shutdown 

In addition to shutdown, what other violation options are available with port security? 

protect, restrict 

Step 2. If necessary, ping the switch address 192.168.1.2 from the PC 192.168.1.7 that is now connected 

to interface fastethernet 0/4. This ensures that there is traffic from the PC to the switch. 

Record your observations. 

The ping was successful. 

Task 14: Show Port 0/4 Configuration Information 

To see the configuration information for Fast Ethernet port 0/4, enter show interface fastethernet 0/4 at 

the privileged EXEC mode prompt. 


1900: 

ALSwitch#show interface ethernet 0/4 

What is the state of this interface? 

Fast Ethernet 0/4 is UP, and line protocol is UP. 


FastEthernet0/4 is up, line protocol is up (connected) 

Hardware is Fast Ethernet, address is 000a.b772.2b44 (bia

000a.b772.2b44) 




Keepalive set (10 sec) 

Full-duplex, 100Mb/s 

input flow-control is off, output flow-control is off 


Last input 00:00:00, output 00:00:01, output hang never 






5 minute ouxtput rate 0 bits/sec, 0 packets/sec 




0 watchdog, 5 multicast, 0 pause input 

0 input packets with dribble condition detected 


0 output errors, 0 collisions, 2 interface resets 

0 babbles, 0 late collision, 0 deferred 

0 lost carrier, 0 no carrier, 0 PAUSE output 


Task 15: Reactivate the Port 

Step 1. If a security violation occurs and the port is shut down, use the no shutdown command to 

reactivate it. 

Step 2. Try this a few times, switching between the original port 0/4 host and the new one. Plug in the 

original host, enter the no shutdown command on the interface, and ping by using the DOS 

window. You have to repeat the ping multiple times or use the ping 192.168.1.2 -n 200 command. 

This sets the number of ping packets to 200 instead of 4. Then, switch hosts and try 

again. 



Switch#exit 




Curriculum Lab 6-6: Add, Move, and Change MAC 

Addresses (6.2.6) 



Switch Switch Name VLAN 1 Default Gateway Subnet Mask 

Designation IP Address IP Address 




Objectives 


■ Move a PC from one switch port to another and add a new PC to the switch. 







FA0/1 FA0/4 

Switch 1 




Serial Cable 

Implement the procedure documented in Appendix B before you continue with this lab.






Step 1. Configure the hosts to use the same IP subnet for addresses, masks, and the default gateway as 

the switch. 

Step 2. You need a third host for this lab. You must configure it with the address 192.168.1.7. The subnet 

mask is 255.255.255.0 and the default gateway is 192.168.1.1. Do not connect this PC to 

the switch yet. 





Task 4: Record the Hosts’ MAC Addresses 





PC4: 00-08-74-4D-8E-E2 (example; answers will vary) 


Learned 











—————————————————————- 


—— —————- ———— ——- 





1 0008.744d.8ee2 DYNAMIC Fa0/4 

1 0800.4606.fbb6 DYNAMIC Fa0/1 











Step 4. The MAC address 00e0.2917.1884 is used in the example statement only. 

ALSwitch(config)#mac-address-table static 00e0.2917.1884 interface 


1900: 

ALSwitch(config)#mac-address-table permanent 00e0.2917.1884 ethernet 

0/4 







—————————————————————- 


—— —————- ———— ——- 



All 0100.0ccc.cccd STATIC CPU


1 0008.744d.8ee2 STATIC Fa0/4 

1 0800.4606.fbb6 DYNAMIC Fa0/1 


Task 9: List Port Security Options 

Step 1. Determine options for setting port security on interface Fast Ethernet 0/4. Enter switchport 

port security ? from the interface configuration prompt for Fast Ethernet port 0/4. 


ALSwitch(config-if)#port security ? 

aging Port-security aging commands 

mac-address Secure mac address 

maximum Max secure addrs 

violation Security Violation Mode 

 

1900: 


ALSwitch(config-if)#port secure ? 

max-mac-count Maximum number of addresses allowed on the port 

 

Step 2. Allow the switch port Fast Ethernet 0/4 to accept only one device by using the following commands: 




1900: 

ALSwitch(config-if)#port secure 




How are the address types listed for the two MAC addresses? 

1 static and 1 dynamic 



—————————————————————- 


—— —————- ———— ——- 







1 0008.744d.8ee2 STATIC Fa0/4 

1 0800.4606.fbb6 DYNAMIC Fa0/1 


Task 11: Show the Running Configuration File 

In the listing of the running configuration, do some statements directly reflect the security implementation? 

Yes 

What do those statements mean? 

Port security is enabled. 





Task 12: Limit the Number of Hosts Per Port 

Step 1. On interface Fast Ethernet 0/4, set the port security maximum MAC count to 1. 



1900: 



Step 2. Disconnect the PC that is attached to Fast Ethernet 0/4 and connect to that port the PC that has 

been given the IP address 192.168.1.7. This PC has not been attached to the switch. To generate 

some traffic, ping the switch address 192.168.1.2 with the -n 50 option. For example, use 

ping 192.168.1.2 -n 50, where 50 is the number of pings sent. 

Task 13: Move Host 

Step 1. Reconnect the PC that had previously been connected to Fast Ethernet 0/4 to Fast Ethernet 0/8. 

The PC has been moved to a new location. This could be to another VLAN, but in this 

instance, all switch ports are in VLAN 1 and network 192.168.1.0. 

Step 2. From this PC on Fast Ethernet 0/8, ping 192.168.1.2 -n 50. 

Was this successful? Yes 

Why or why not? 

No port security is enabled. 

Step 3. Show the MAC address table. 

ALSwitch#show mac-address-table

Step 4. Record the VLAN 1 MAC addresses that are displayed. 



—————————————————————- 


—— —————- ———— ——- 





1 0008.744d.8ee2 STATIC Fa0/4 

1 0800.4606.fbb6 DYNAMIC Fa0/1 


Task 14: Clear the MAC Address Table 

Step 1. Clear the MAC address table. Doing so unlocks the MAC addresses from security and allows a 

new address to be registered. 


Step 2. From the PC on the Fast Ethernet 0/8, ping 192.168.1.2 -n 50. 

Was this successful? Yes 

Step 3. If not, troubleshoot as necessary. 

Task 15: Change the Security Settings 

Step 1. Show the MAC address table. 


Step 2. Observe that Fast Ethernet 0/4 is secure but that the security should be applied to the machine 

on port 0/8 because that is the machine that was moved form port 0/4. Remove port security 

from interface Fast Ethernet 0/4. 


ALSwitch(config-if)#no switchport port-security 

ALSwitch(config-if)#no switchport port-security mac-address sticky 

ALSwitch(config-if)#no switchport port-security mac-address sticky 

0008.744d.8ee2 

ALSwitch(config-if)#shutdown 

ALSwitch(config-if)#no shutdown 

1900: 


ALSwitch(config-if)#no port secure 



Step 3. Apply port security with a max-mac-count of 1 to interface Fast Ethernet 0/8. 






1900: 



Step 4. Clear the MAC address table. 

Note: You also could have cleared individual entries. 



Verify that the MAC address table has been cleared. 


Can all PCs still successfully ping each other? Yes 

If not, troubleshoot the switch and PCs. 



—————————————————————- 


—— —————- ———— ——- 





1 0008.744d.8ee2 STATIC Fa0/8 

1 00b0.d026.6ab5 DYNAMIC Fa0/4 

1 0800.4606.fbb6 DYNAMIC Fa0/1 

Total Mac Addresses for this criterion: 6



Switch#exit 


Curriculum Lab 6-7: Managing Switch Operating System 

Files (6.2.7a) 



Switch Designation Switch Name VLAN 1 IP Address Default Gateway IP Address 

Switch 1 ALSwitch 192.168.1.2 192.168.1.1 



The subnet mask is 255.255.255.0. 

Objectives 


■ Back up the switch IOS to a TFTP server and then restore it. 











FA0/1 


Serial Cable






Task 2: Configure the Host that Is Attached to the Switch 

Configure the host to use the same subnet for addresses, masks, and the default gateway as the switch. 

This host will act as the TFTP server in this lab. Be sure to take note of the IP address that is assigned. 


To verify that the host and switch are configured correctly, ping the switch IP address from the host. 


If the answer is no, troubleshoot the host and switch configurations. 

Task 4: Start and Configure the Cisco TFTP Server 

Step 1. The TFTP server that is indicated in Figure 6-10 might not be the same one that is used in this 

classroom. Please check with the instructor for the operating instructions for the TFTP server 

that is used in place of the Cisco TFTP server. 

Figure 6-10 TFTP Server Startup

Step 2. After the TFTP server is running and shows the proper address configured on the workstation, 

proceed to the actual copying of the Cisco IOS Software image file to the switch. 

Task 5: Copy the IOS Image to the TFTP Server (1900: Skip to 

Step 9) 

Step 1. Before you try to copy the files, verify that the TFTP server is running. 

What is the IP address of the TFTP server? 192.168.1.10 

Step 2. From the console session, enter show flash. 

What is the name and length of the IOS image that is stored in Flash memory? 

c2950-i6q4l2-mz.121-9.EA1.bin, 2,490,607 bytes (answers will vary) 

What attributes can you identify from codes in the IOS filename? 

Version 12.1(9)EA1 (answers will vary) 

ALSwitch#show flash 

Directory of flash:/ 

2 -rwx 2490607 Mar 1 1993 02:23:28 +00:00 c2950-i6q4l2-mz.121- 

9.EA1 

a.bin 

3 -rwx 269 Jan 1 1970 00:01:45 +00:00 env_vars 

4 -rwx 1278 Mar 1 1993 00:10:01 +00:00 config.text 

5 -rwx 5 Mar 1 1993 00:10:01 +00:00 private-config.text 

6 -rwx 17 Mar 1 1993 02:00:21 +00:00 testfile.txt 

7 drwx 2688 Mar 1 1993 02:25:45 +00:00 html 

19 -rwx 110 Mar 1 1993 02:21:13 +00:00 info 

20 -rwx 110 Mar 1 1993 02:25:48 +00:00 info.ver 

2494816 bytes total (580096 bytes free) 

Step 3. From the console session in privileged EXEC mode, enter the copy flash tftp command. At the 

prompt, enter the IP address of the TFTP server. 

ALSwitch#copy flash tftp 

Source filename []?c2950-i6q4l2-mz.121-9.EA1.bin 

Address or name of remote host []? 192.168.1.10 

Destination filename [c2950-i6q4l2-mz.121-9.EA1.bin]? 

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 

2490607 bytes copied in 19.378 secs (94924 bytes/sec) 

ALSwitch# 

Task 6: Verify the Transfer to the TFTP Server 


Step 1. Verify the transfer by choosing View > Log File to check the TFTP server log file. The output 

should look something like the following: 

Mon Sep 19 14:10:08 2005: Receiving ‘c2950-i6q4l2-mz.121-9.EA1.bin’ in binary 

mode 

Mon Sep 19 14:11:14 2005: Successful.


Step 2. Verify the Flash image size in the TFTP server directory. To locate it, choose View > Options. 

This shows the TFTP server root directory. It should be similar to the following, unless the 

default directories were changed: 

C:\Program Files\Cisco Systems\Cisco TFTP Server 

Step 3. Locate this directory by using File Manager and look at the detail listing of the file. The file 

length in the show flash command should be the same file size as the file stored on the TFTP 

server. If the file sizes are not identical, check with your instructor. 

Task 7: Copy the IOS Image from the TFTP Server 

Step 1. Now that the IOS image is backed up, the image must be tested and the IOS image must be 

restored to the switch. Verify again that the TFTP server is running, is sharing a network with 

the switch, and can be reached by pinging the TFTP server IP address. 

Record the IP address of the TFTP server. 192.168.1.10 

Step 2. Start the actual copying, from the privileged EXEC prompt. Do not interrupt the process! 

ALSwitch#copy tftp flash 


Source filename []? c2950-i6q4I2-mz.121-9.EA1.bin 

Destination filename [c2950-i6q4I2-mz.121-9.EA1.bin]?[Enter] 

%Warning:There is a file already existing with this name 

Do you want to over write? [confirm][Enter] 

Accessing tftp://192.168.1.10/c2950-i6q4I2-mz.121-9.EA1.bin... 

Loading c2950-i6q4I2-mz.121-9.EA1.bin from 192.168.1.10 (via VLAN1): 

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 

[OK - 2490607 bytes] 


ALSwitch# 

The switch might prompt you to overwrite Flash. Will the image fit in available Flash? Yes 

What is the size of the file that is being loaded? 2490607 

What happened on the switch console screen as the file was being downloaded? 

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 

Was the verification successful? Yes 

Was the whole operation successful? Yes 

Task 8: Test the Restored IOS Image 

Step 1. To verify that the switch IOS image is correct, cycle the switch power and observe the startup 

process to confirm that there were no Flash errors. If there were no errors, then the switch’s 

IOS image should have started correctly. Also, to further verify the IOS image in Flash, issue 

the show version command, which shows output similar to the following: 

System image file is “flash:/c2950-i6q4I2-mz.121-9.EA1.bin” 

ALSwitch#show version 

Cisco Internetwork Operating System Software 

IOS (tm) C2950 Software (C2950-I6Q4I2), Version 12.1(9)EA1, RELEASE SOFTWARE

(fc1) 

Copyright 1986-2004 by cisco Systems, Inc. 

Compiled Mon 19-Apr-04 20:58 by yenanh 

Image text-base: 0x80010000, data-base: 0x805A8000 

ROM: Bootstrap program is C2950 boot loader 

ALSwitch uptime is 1 hour, 19 minutes 

System returned to ROM by power-on 

System image file is “flash:/c2950-i6q4l2.121-9.EA1.bin” 

cisco WS-C2950-24 (RC32300) processor (revision G0) with 20713K bytes of memory. 

Processor board ID FHK0651Y0KA 

Last reset from system-reset 

Running Standard Image 

24 FastEthernet/IEEE 802.3 interface(s) 

32K bytes of flash-simulated non-volatile configuration memory. 

Base ethernet MAC Address: 00:0B:BE:7F:ED:40 

Motherboard assembly number: 73-5781-11 

Power supply part number: 34-0965-01 

Motherboard serial number: FOC06500SRB 

Power supply serial number: DAB06498VHC 

Model revision number: G0 

Motherboard revision number: A0 

Model number: WS-C2950-24 

System serial number: FHK0651Y0KA 

Configuration register is 0xF 


Switch#exit 


Task 9: Procedure for 1900 Switch Firmware Upgrade Using TFTP 

Step 1. Select option F to go to the Firmware Configuration menu from the Main Menu. An example 

of the Firmware Configuration menu follows: 

Catalyst 1900 - Firmware Configuration 


——————————- System Information ————————————— 

FLASH: 1024K bytes 

V8.01.00 : Enterprise Edition 

Upgrade status: 

No upgrade currently in progress. 

——————————- Settings —————————————————— 

[S] TFTP Server name or IP address 192.168.1.3 

[F] Filename for firmware upgrades cat1900.bin 

[A] Accept upgrade transfer from other hosts Enabled


——————————- Actions ——————————————————- 

[U] System XMODEM upgrade [D] Download test subsystem 

(XMODEM) 

[T] System TFTP upgrade [X] Exit to Main Menu 

Step 2. Ensure that the switch firmware upgrade file is available on the TFTP server in the default 

directory. The file can be copied from another networking device or computer or it can be 

downloaded to the server from an appropriate website. 

Step 3. Select option S from the Firmware Configuration menu and enter the IP address of the server 

where the switch upgrade file is located. 

Step 4. Select option F from the Firmware Configuration menu and enter the name of the firmwareupgrade 

file. 

Step 5. Select T from the Firmware Configuration menu to initiate the upgrade. 

Step 6. Verify that the upgrade is in progress by checking the Upgrade Status field of the Firmware 

Configuration menu. If the upgrade is in progress, the field reads “in-progress.” 

Step 7. When the transfer is complete, the switch resets automatically and executes the newly downloaded 

firmware. 

Caution: During the transfer of the upgrade file, the switch might not respond to commands for as long as 1 minute. 

This is normal and correct. If you interrupt the transfer by turning the switch off and on, the firmware could be corrupted. 

Curriculum Lab 6-8: Managing Switch Startup 

Configuration Files (6.2.7b) 




FA0/1 


Serial Cable


Switch Designation Switch Name VLAN 1 IP Address Default Gateway 

IP Address 





Objectives 


■ Back up the switch startup configuration file to a TFTP server and then restore it. 














This host will act as the TFTP server in this lab. Be sure to take note of the IP address that is assigned. 


To verify that the host and switch are correctly configured, ping the switch IP address from the host. 



Task 4: Start and Configure the Cisco TFTP Server 


Step 1. The TFTP server that is indicated in Figure 6-12 might not be the same one that is used in this 

classroom. Please check with the instructor for the operating instructions for the TFTP server 

that is used in place of the Cisco TFTP server.


Figure 6-12 TFTP Server Startup 

Step 2. After the TFTP server is running and shows the proper address configured on the workstation, 

proceed to the copying of the configuration file to the switch. 

Task 5: Copy the Startup Configuration File to the TFTP Server 

Step 1. Before you try to copy the files, verify that the TFTP server is running. 

What is the IP address of the TFTP server? 192.168.1.10 

Step 2. From the console session, enter show flash. 

For a 2900 switch, use the command dir flash:. 

Note: This function is not supported on the 1900 switch. 

What is the name and length of the startup configuration image that is stored in Flash? 

config.text, 1278 bytes 

ALSwitch#show flash 


2 -rwx 2490607 Mar 1 1993 02:23:28 +00:00 c2950-i6q4l2-mz.121- 

9.EA1 

a.bin 

3 -rwx 269 Jan 1 1970 00:01:45 +00:00 env_vars 

4 -rwx 1278 Mar 1 1993 00:10:01 +00:00 config.text 

5 -rwx 5 Mar 1 1993 00:10:01 +00:00 private-config.text 

6 -rwx 17 Mar 1 1993 02:00:21 +00:00 testfile.txt 

7 drwx 2688 Mar 1 1993 02:25:45 +00:00 html 

19 -rwx 110 Mar 1 1993 02:21:13 +00:00 info 

20 -rwx 110 Mar 1 1993 02:25:48 +00:00 info.ver 

2494816 bytes total (580096 bytes free)

Step 3. From the console session in privileged EXEC mode, enter copy running-config startup-config 

to make sure that the running configuration file is saved to the startup configuration file. 

Then, enter the copy startup-config tftp command. At the prompt, enter the IP address of the 

TFTP server. 




[OK] 

ALSwitch#copy startup-config tftp 


Destination filename [alswitch-confg]?[Enter] 

!! 


ALSwitch# 

Step 4. For the 1900 switch, use the following to copy the switch configuration file to a TFTP server: 

ALSwitch#copy nvram tftp://192.168.1.3/alswitch-config 

Configuration upload is successfully completed 

Task 6: Verify the Transfer to the TFTP Server 

Step 1. Verify the transfer by choosing View > Log File to check the TFTP server log file. The output 

should look something like the following: 

Mon Sep 19 14:10:08 2005: Receiving ‘alswitch.confg’ file from 192.168.1.2 in 

binary mode 

Mon Sep 19 14:11:14 2005: Successful. 

Step 2. Verify the Flash image size in the TFTP server directory. To locate it, choose View > Options. 

This shows the TFTP server root directory. It should be similar to the following, unless the 

default directories were changed: 

C:\Program Files\Cisco Systems\Cisco TFTP Server 

Step 3. Locate this directory by using File Manager and look at the detail listing of the file. The file 

length in the show flash command should be the same file size as the file that is stored on the 

TFTP server. If the file sizes are not identical, check with your instructor. 

Task 7: Restore the Startup Configuration File from the TFTP 

Server 

Step 1. Erase the switch startup configuration file. 

Step 2. Reconfigure the file with just the VLAN 1 IP address of 192.168.1.2 255.255.255.0. 

Step 3. Enter the command copy tftp startup-config at the privileged EXEC mode prompt. Do not 

interrupt the process! 

Switch#copy tftp startup-config 


Source filename []? alswitch-confg 

Destination filename [startup-config]? 

Accessing tftp://192.168.1.10/alswitch-confg... 

Loading alswitch-confg from 192.168.1.10 (via VLAN1): ! 



[OK - 744 bytes] 

[OK] 

1278 bytes copied in 0.100 secs 

Switch# 

Was the operation successful? Yes 

Step 4. For the 1900 switch, use the following to copy the switch configuration file to a TFTP server: 

ALSwitch#copy tftp://192.168.1.10/alswitch-config nvram 

TFTP successfully downloaded configuration file 

Task 8: Test the Restored Startup Configuration Image (Not 

Supported on the 1900) 

Step 1. To verify that the switch image is correct, cycle the switch power and observe the switch prompt. 

If it has returned to the name that was assigned to it in the original configuration, the restoration 

is complete. Enter the command show startup-config to see the restored configuration. 


Using 1278 out of 32768 bytes 

! 

version 12.1 





! 


! 

enable secret 5 $1$Oi07$I3c8fVXNd3wvifcRVulG2. 


! 


! 

! 




! 

! 

! 

! 


! 


! 


! 


! 


! 

interface FastEthernet0/6

! 


! 


! 


! 


! 


! 


! 


! 


! 


! 


! 


! 


! 


! 


! 


! 


! 


! 


! 


! 

ip address 192.168.1.2 255.255.255.0 


shutdown 



! 

line con 0 


login 

line vty 0 4 


login 

line vty 5 15 




! 

! 

login 

end 


Switch#exit 


Curriculum Lab 6-9: Password Recovery Procedure on a 

Catalyst 2900 Series Switch (6.2.8) 








Objectives 



■ Create a basic switch configuration and verify it. 

■ Change passwords so that the password recovery procedure must be performed. 

FA0/1 


Serial Cable


















Task 4: Reset the Console Password 

Step 1. Have a classmate change the console and VTY passwords on the switch, save the changes to 

the startup-config file, and reload the switch. 

Step 2. Without knowing the passwords, try to gain access to the switch. 

Task 5: Recover Access to the Switch 

Step 1. Make sure that a PC is connected to the console port and that a HyperTerminal window is 

open. 

Step 2. Power off the switch and turn it back on by holding down the Mode button on the front of the 

switch at the same time that the switch is powered on. Release the Mode button a few seconds 

after the STAT LED is no longer lit. 

Step 3. The following should be displayed: 


C2950 Boot Loader (C2950-HBOOT-M) Version 12.1(11r)EA1, RELEASE SOFTWARE (fc1) 

Compiled Mon 22-Jul-02 18:57 by antonino 

WS-C2950-24 starting... 

Base ethernet MAC Address: 00:0a:b7:72:2b:40 

Xmodem file system is available.


The system has been interrupted prior to initializing the Flash file system. The following commands 

initialize the Flash file system and finish loading the operating system software: 

flash_init 

load_helper 

boot 

Step 4. To initialize the file system and finish loading the operating system: 

Type flash_init. 

Type load_helper. 

Type dir flash: (do not forget to type the : (colon) after the word flash). 

Step 5. Type rename flash:config.text flash:config.old to rename the configuration file. 

This file contains the password definition. 

Task 6: Restart the System 

Step 1. Type boot to boot the system. 

Step 2. Enter N at the prompt to start the Setup program. 

Continue with the configuration dialog? [yes/no] : N 

Step 3. Type rename flash:config.old flash:config.text to rename the configuration file with its original 

name at the privileged EXEC mode prompt. 

Step 4. Copy the configuration file into memory. 

Switch#copy flash:config.text system:running-config 

Source filename [config.text]?[Enter] 

Destination filename [running-config][Enter] 

Step 5. The configuration file is now reloaded, so change the old unknown passwords and save the new 

configuration. 



ALSwitch(config)#enable password Cisco 

ALSwitch(config)#line console 0 



ALSwitch(config)#line vty 0 15 







[OK] 

ALSwitch# 

Step 6. Power cycle the switch and verify that the passwords are now functional. 

If they are not, repeat the procedure. 

After you complete the previous steps, log off (by typing exit) and turn all the devices off. Then, remove 

and store the cables and adapter.

Task 7: Procedure for the 1900 and 2800 Switches 

Check the boot firmware version number from the Systems Engineering menu. To access the Systems 

Engineering menu, follow this procedure: 

Step 1. Disconnect the power cord from the rear panel. 

Step 2. Press and hold the Mode button on the front panel. 

Step 3. Power-cycle the switch. 

Step 4. Release the Mode button one or two seconds after the LED above port 1x goes off or when the 

diagnostic console is displayed. 

Cisco Systems Diagnostic Console 

Copyright Cisco Systems, Inc. 1999 

All rights reserved. 

Ethernet Address: 00-E0-1E-7E-B4-40 

————————————————————————- 

Press Enter to continue. 

Step 5. Press Enter to display the Diagnostic Console [nd] Systems Engineering menu: 

Diagnostic Console - Systems Engineering 

Operation firmware version: 8.00.00 Status: valid 

Boot firmware version: 3.02 

[C] Continue with standard system start up 

[U] Upgrade operation firmware (XMODEM) 

[S] System Debug Interface 

Enter Selection: 

The bold letters show the Boot firmware version. 

Clearing the Password (Firmware Version 1.10 and Later) 

Step 1. Power-cycle the switch. 

After POST completes, the following prompt displays: 

Do you wish to clear the passwords? [Y]es or [N]o: 

Note: You have 10 seconds to respond. If you do not respond within that time, the Management Console Logon screen 

appears. You cannot change this waiting period. 

Step 2. Enter Y to delete the existing password from NVRAM. 

Note: If you type N, the existing password remains valid. 


Step 3. Assign a password from the switch management interfaces (management console or CLI).


Viewing the Password (Firmware Versions Between 1.10 and 3.02) 

For firmware versions between 1.10 and 3.02, you can view the password you are trying to recover 

(instead of clearing it as described in the previous section). 

Step 1. Access the diagnostic console: 

Press and hold the Mode button. 

Power-cycle the switch. 

Release the Mode button one or two seconds after the LED above port 1x goes off or the diagnostics 

console appears. 

You will see the following logon screen: 

————————————————————————- 

Cisco Systems Diagnostic Console 

Copyright Cisco Systems, Inc. 1999 

All rights reserved. 

Ethernet Address: 00-E0-1E-7E-B4-40 

————————————————————————- 

Press Enter to continue. 

Step 2. Press Enter and select the [S] option on the Diagnostic Console – Systems Engineering menu, 

and then select the [V] option on the Diagnostic Console – System Debug Interface menu to 

display the management console password. 

Step 3. If you want to change the password, select the [M] option on the Console Settings menu. 

Password Recovery for Firmware Version 1.09 and Earlier 

Note: If the shipping date is before June 1997, gather the information listed in this section and contact the Cisco 

Technical Assistance Center (TAC) for password recovery. 

Note: This section is also applicable for those Catalyst 2800 switches that do not have the Mode button in their front 

panel. 

To recover your password, follow these steps: 

Step 1. Contact the Cisco TAC for the factory-installed password. 

Step 2. Provide the serial number or MAC address of the switch. 

The serial number is usually located on the back of the unit. To obtain the MAC address, 

remove the cover and read the Ethernet address of the PROM.

Curriculum Lab 6-10: Firmware Upgrade of a Catalyst 

2950 Series Switch (6.2.9) 








Objectives 


■ Upgrade the IOS and HTML files from a file that the instructor supplies. 



in this lab. Another switch might produce different output. 






FA0/1 


Serial Cable


Important Note: This lab requires that a combined IOS image and HTML file c2950-c3h2s-mz.120-5.3.WC.1.tar be 

in the default file directory of the TFTP server. The instructor should download this file from the Cisco Connection 

online software center. This file is the latest update for the Catalyst 2950. It has the same filename stem as the current 

image, but for the purpose of the lab, assume that this is an update. The IOS update release contains new HTML files 

to support changes to the web interface. 

This lab requires that there be a saved copy of the current configuration file as backup. 





Task 2: Configure the Host Attached to the Switch 

Configure the host to use the same IP subnet for addresses, masks, and the default gateway as the switch. 





Task 4: Display the Name of the Running Image File 

Step 1. Display the name of the running image file by using the show boot command from the privileged 


ALSwitch#show boot 

BOOT path-list: 

Config file: flash:config.text 

Enable Break: no 

Manual Boot: no 

HELPER path-list: 

NVRAM/Config file 

buffer size: 32768 

ALSwitch# 

Step 2. If, as shown in the previous step, no software image is defined in the boot path, enter dir flash: 

or show flash to display the contents. 

ALSwitch#dir flash: 


2 -rwx 1674921 Mar 01 1993 01:28:10 c2950-c3h2s-mz.120-5.3.WC.1.bin 


4 drwx 10240 Mar 01 1993 00:21:13 html 

165-rwx 965 Mar 01 1993 00:22:23 config.text 

7741440 bytes total (4778496 bytes free)

Task 5: Prepare for the New Image 

Step 1. If the switch has enough free memory, as shown in the previous step, rename the existing IOS 

image file to the same name with the .old extension. If there is not enough memory, make sure 

that a copy of the IOS image exists on the TFTP server. 

ALSwitch#rename flash: c2950-c3h2s-mz.120-5.3.WC.1.bin flash: 

c2950-c3h2s-mz.120-5.3.WC.1.old 

Step 2. Verify that the renaming was successful. 

ALSwitch#dir flash: 


2 -rwx 1674921 Mar 01 1993 01:28:10 c2950-c3h2s-mz.120-5.3.WC.1.old 


4 drwx 10240 Mar 01 1993 00:21:13 html 

167 -rwx 965 Mar 01 1993 00:22:23 config.text 

7741440 bytes total (4778496 bytes free) 

ALSwitch# 

Step 3. As a precaution, disable access to the switch HTML pages. 

ALSwitch(config)#no ip http server 

Task 6: Extract the New IOS Image and HTML Files into Flash 

Memory 

Step 1. Use the tar command as shown: 

ALSwitch#tar /x tftp://192.168.1.3//c2950-c3h2s-mz.120- 

5.4.WC.1.tar flash: 

Note: Depending on the TFTP server that is being used, you might need only one slash (/) after the IP address of the 

server. 

Step 2. Re-enable access to the switch HTML pages. 

ALSwitch(config)#ip http server 

Step 3. Remove existing HTML files. 

ALSwitch#delete flash:html/* 

Task 7: Associate the New Boot File 

Enter the boot command with the name of the new image filename at the configuration mode prompt. 

ALSwitch(config)#boot system flash:c2950-c3h2s-mz.120-5.4.WC.1.bin 



Task 8: Restart the Switch 

Step 1. Restart the switch by using the reload command to see if the new IOS loaded. Use the show 

version command to see the IOS filename. 

What is the name of the IOS file that the switch booted from? 

flash:c2950-i6q4l2-mz.121-13.EA1.bin 

Is this the proper filename? Yes 

Step 2. If the IOS filename is now correct remove the backup file from flash memory using the command 

delete flash: c2950-c3h2s-mz.120-5.3.WC.1.old from the Privileged EXEC mode 

prompt to remove the backup file. 


Switch#exit 


Challenge Lab 6-11: Basic Switch Configuration with Port 

Security 

Figure 6-15 Basic Switch Configuration with Port Security 

Objectives 

■ Prepare the switch for a new configuration. 

■ Apply basic configurations. 

■ Enable and test port security. 

Fa0/4 A 

ALSW 

VLAN1 192.168.1.2/24 

B 

192.168.1.3/24 

192.168.1.4/24

Equipment 

The topology shown in Figure 6-15 is using a 2950 Catalyst series switch. You also need two different PCs 

to test the port security. 

Note: Command output for this lab is based on a 2950 series switch running Cisco IOS version 12.1(13)EA1. The 

commands you need to use and the output may differ. If necessary, consult with your instructor for the correct commands. 

Alternatively, you can research the commands for your particular switch platform and IOS at Cisco.com. This 

would be an excellent way to enhance your Cisco device configuration skills and to simulate a “real-world” situation, 

namely, researching the command set for a particular device that is a part of your production network. 


Much of this lab can be completed on a NetLab basic switch pod. However, to test port security, your 

NetLab setup must support PCs. 

Task 1: Cable the Topology and Clear the Configuration 

Step 1. Choose a 2950 switch and attach a workstation to FastEthernet 0/4. 

Step 2. Make sure the switch has an empty startup configuration and that the VLAN database has been 

deleted. Then, reload the switch. What commands must be used to carry out this instruction? 

How do you verify that the VLAN database has been deleted? 

Switch#erase startup-config 

Switch#delete flash:vlan.dat 

Switch#reload 

Use the command show flash to verify that the vlan.dat file has been deleted. 


Step 1. Configure the switch with the following basic requirements: 

■ Hostname 

■ Enable password 

■ Banner MOTD 


■ Other instructor-required global configurations 

Step 2. Check your configurations. What command did you use? 

show running-config 

Step 3. Although there is not a router shown in Figure 6-15, one would eventually be attached. 

Configure the management interface, activate it, and configure 192.168.1.1 as the default gateway. 

What commands did you use? 

ALSW(config)#interface vlan1 

ALSW(config-if)#ip address 192.168.1.2 255.255.255.0 


ALSW(config)#ip default-gateway 192.168.1.1 



Step 4. Configure the two hosts. What configurations did you use? 

Host A: 

■ IP address: 192.168.1.3 

■ Subnet Mask: 255.255.255.0 

■ Default Gateway: 192.168.1.1 

Host B: 

■ IP address: 192.168.1.4 

■ Subnet Mask: 255.255.255.0 

■ Default Gateway: 192.168.1.1 

Step 5. Verify that host A can ping ALSW. If it cannot, troubleshoot. 

Task 3: Configure and Test Port Security 

Step 1. For FastEthernet 0/4, implement the following port security requirements: 

■ Use port security to dynamically learn only one MAC address. 

■ Set the port to be disabled if there is a violation. 

What commands did you use? 

ALSW(config)#interface fastEthernet 0/4 

ALSW(config-if)#switchport mode access 

ALSW(config-if)#switchport port-security 

ALSW(config-if)#switchport port-security maximum 1 

ALSW(config-if)#switchport port-security mac-address sticky 

ALSW(config-if)#switchport port-security violation shutdown 

Step 2. Verify that the MAC address for host A is now part of the configuration for ALSW. What command 

did you use? 

show run or show run interface fa0/4 

ALSW#show run 



! 





switchport port-security mac-address sticky 00b0.d092.8057 

! 


ALSW#show run interface fa0/4 

! 





switchport port-security mac-address sticky 00b0.d092.8057 

Is the MAC address for host A “stuck” to the configuration for ALSW? If not, troubleshoot.

Step 3. What commands can you use to verify port security? 

show port-security 

show port-security address 

show port-security interface fa0/4 

ALSW#show port-security 



—————————————————————————————————————- 

Fa0/4 1 1 0 

Shutdown 

—————————————————————————————————————- 



ALSW#show port-security address 

Secure Mac Address Table 

—————————————————————————————————- 

Vlan Mac Address Type Ports Remaining Age 

(mins) 

—— —————- —— ——- ——————- 

1 00b0.d092.8057 SecureSticky Fa0/4 - 

—————————————————————————————————- 



ALSW#show port-security interface fa0/4 

Port Security : Enabled 

Port Status : Secure-up 

Violation Mode : Shutdown 

Aging Time : 0 mins 

Aging Type : Absolute 

SecureStatic Address Aging : Disabled 

Maximum MAC Addresses : 1 

Total MAC Addresses : 1 

Configured MAC Addresses : 0 

Sticky MAC Addresses : 1 

Last Source Address : 00b0.d092.8057 

Security Violation Count : 0 


Step 4. Test port security by removing host A and attaching host B to the FastEthernet 0/4 port. The 

port LED should turn from green to OFF. If it does not, send a frame to ALSW by pinging its 

VLAN interface from host B. Watch for console messages from the switch. You should see the 

following: 

00:06:03: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/4, putting 

Fa0/4 in err-disable state 

00:06:03: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, 

caused by MAC address 00b0.d092.80c3 on port FastEthernet0/4. 

00:06:04: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, 

changed state to down 

00:06:05: %LINK-3-UPDOWN: Interface FastEthernet0/4, changed state to down


Step 5. Assume that host B is the new workstation for FastEthernet 0/4. How would you clear the disabled 

status of the port so that the MAC address for host B will be accepted? 

ALSW#clear port-security sticky 

ALSW(config)#int fa0/4 

ALSW(config-if)#shutdown 

00:13:14: %LINK-5-CHANGED: Interface FastEthernet0/4, changed state to administratively 

down 


00:13:20: %LINK-3-UPDOWN: Interface FastEthernet0/4, changed state to up 

00:13:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, 

changed state to up 

Step 6. Verify that the MAC address for host B is now part of the configuration for ALSW. What command 

did you use? 

show run or show run interface fa0/4 

ALSW#show run int fa0/4 



! 





switchport port-security mac-address sticky 00b0.d092.80c3 

spanning-tree portfast

CHAPTER 7 

Spanning Tree Protocol 


question, journal entry, and unique custom exercises to test your knowledge on the theory of redundant 

topologies and Spanning Tree Protocol (STP). 

The Lab Exercises portion of this chapter includes all of the online curriculum labs to ensure that you have 

mastered the practical, hands-on skills needed about redundant topologies and STP.



Redundant Topologies 

Redundancy in a network is required to protect against loss of connectivity due to the failure of an individual 

component. However, this provision can result in physical topologies with loops. Physical layer loops 

can cause serious problems in switched networks. This section includes exercises to reinforce your understanding 

of redundant networks and the unique problem of broadcast storms. 



Redundancy allows networks to be fault tolerant, which protects against network downtime. Focusing 

specifically on networking, list a few things that can cause network downtime: 

Failure of a link 

Failure of a port or NIC 

Failure of a networking device 

Network engineers are often required to balance the cost of redundancy with the need for network availability. 

Networks that demand close to 100 percent uptime often strive for “five nines” uptime, a network 

that is available 99.999 percent of the time. A goal of redundant topologies is to eliminate network outages 

caused by a single point of failure. 

However, redundancy in switched topologies introduces a new problem called broadcast storms, which is 

when frames loop endlessly through the network, eventually consuming all the available bandwidth. 


List and describe three of the problems that can occur with redundant links and devices in switched or 

bridged networks. 

■ Broadcast storms—Endless flooding of frames when no loop-avoidance technique is employed. 

■ Multiple frame transmission—Multiple copies of unicast frames may cause unrecoverable errors. 

■ MAC database instability—Results from copies of the same frame being received on different ports of 

the switch. 

What mechanism does the IP have to stop packets from endlessly looping throughout an internetwork? 

IP uses an 8-bit field called the Time to Live (TTL) that is decremented by each router as the packet travels 

from the source to the destination. If this field’s value reaches zero, the packet is dropped. Layer 2 has 

no such mechanism.

Journal Entry 


Draw and label a topology with two switches. In your own words, explain how a broadcast storm would 

occur in this redundantly switched network without some sort of mechanism to stop loops. 

Any redundant switched topology is sufficient to illustrate loops. For example, Figure 7-1 is a basic redundant 

topology. What you are looking for is a full understanding of what happens in a redundant switched 

topology when no loop-avoidance mechanism is used—not just a reiteration of the steps listed in the 

Companion Guide or the online curriculum. Have students orally explain how the loops occur. 

Figure 7-1 Redundant Topology 

Broadcast 

Server/Host X 

Switch A 

Spanning Tree Protocol 

Broadcast 

Router Y 

Segment 1 

Switch B 

Segment 2 

STP is used in redundantly switched networks to create a loop-free logical topology from a physical topology 

that has loops. The STP is a powerful tool that gives network administrators the security of a redundant 

topology without the risk of problems caused by switching loops. In this section, you work through 

exercises that will strengthen your understanding of what STP is and how it operates.





Definition 

a. calculated based on the speed of the link 

b. port is only receiving BPDUs 

c. status messages sent between switches every 

2 seconds 

d. 20 seconds or a cycle of 10 BPDUs 

e. the time it takes for a port to transition from 

the listening state to the learning state or from 

the learning state to the forwarding state 

f. actively building a MAC address table but not 

forwarding user traffic 

g. used in redundantly switched networks to 

create a loop-free logical topology 

h. can send and receive traffic 

i. port is sending and receiving BPDUs, but not 

user traffic 

j. without loop avoidance, frames are flooded 

endlessly 

k. includes the priority and MAC address of the 

bridge 

l. lowest-cost path from the non-root bridge to 

the root bridge 

m. an improved version of IEEE 802.1d 

n. reduces the time of reconvergence when a 

topology change occurs in a redundantly 

switched network 

o. called “blocking” in IEEE 802.1d 

p. ports connected to a single end station 

q. only one in a given network; all ports are 

designated ports 

r. operating in full-duplex mode 

s. a port that is currently in the discarding state, 

but will transition to forwarding if the designated 

root port on that segment fails 

t. automatically transitions from the blocking 

state to the forwarding state 

Term 

j broadcast storms 

g Spanning Tree Protocol (STP) 

k bridge ID (BID) 

a path cost 

q root bridge 

h designated ports 

l root port 

c bridge protocol data unit (BPDU) 

g IEEE 802.1d 

b blocking 

i listening 

f learning 

e forward delay 

d max-age 

n, t PortFast 

g, m, n Rapid Spanning Tree Protocol (RSTP) 

s alternate port 

o discarding state 

g, m, n IEEE 802.1w 

p edge ports 

r point-to-point links



The Spanning Tree Protocol, originally developed by Digital Equipment Corporation, is used to maintain a 

loop-free topology. STP is also known as IEEE 802.1d. STP builds a loop-free topology using two key 

concepts: the bridge ID (BID) and path cost, which is based on the speed of the link. STP accumulates 

cost based on the bandwidth of all the links in the path. 

Originally, the cost of a link was calculated on a linear scale based on a maximum bandwidth of 1000 

Mbps. Because LANs now incorporate 10GigE links, the costs have been revised. Complete the following 

table showing the difference in IEEE costs for STP links. 

Link Speed Cost (Revised IEEE Spec) Cost (Previous IEEE Spec) 

10 Gbps 2 1 

1 Gbps 4 1 

100 Mbps 19 10 

10 Mbps 100 100 

Root ports and designated ports are used for forwarding data traffic. Nondesignated ports discard data traffic. 

These ports are called blocking or discarding ports. When using STP, the root bridge is the bridge with 

the lowest bridge ID (BID). 

The BID is made up of two parts: the Priority field, which is 2 bytes, and MAC Address field, which is 6 

bytes. The BID is included in messages that are sent every 2 seconds. These messages are called bridge 

protocol data units (BPDUs). 

Record the command, including the switch prompt, to change a switch’s priority from the default, which is 

32768, to 4096. Assume that you are using IOS version 12.1 or later. 

Switch(config)#spanning-tree vlan 1 priority 4096 

If you do not configure priority, which switch in a given topology will be elected the root bridge? 

The switch with the lowest MAC address will be elected the root bridge. 

With STP, ports transition through four states: blocking, listening, learning, and forwarding. A fifth state, 

disabled, is configured when the administrator manually shuts down the port. A port in the blocking state 

listens only to BPDUs. If the port does not receive BPDUs for 20 seconds, which is the max-age timer, 

then it transitions to the listening state. During the listening state, the port is sending and receiving BPDUs 

to determine the active topology. After 15 seconds, which is called the forward delay, the port transitions 

to the learning state. During the learning state, the port is actively building a MAC address table in preparation 

for the forwarding state. After another forward delay of 20 seconds, the port transitions to the forwarding 

state, in which it is either a root port or a designated port and is sending and receiving user traffic. 

The total convergence time to move from a blocking state to a forwarding state is 50 seconds. 

If a switch port is connected only to end-user stations, with no chance of ever connecting to another 

switch, then it can be configured with the PortFast feature by using the spanning-tree portfast interface 


The Rapid Spanning Tree Protocol (RSTP), or IEEE 802.1w, was developed to reduce the time it takes to 

reconverge the active topology when a change occurs. RSTP uses three port states: discarding, learning, 

and forwarding. In addition, ports can have five different roles. 

Note: Port roles are not the same as port states. 

Chapter 7: Spanning Tree Protocol 317


Complete the following table. 

RSTP Role Definition 

Root port A single port on each switch in which the switch hears the best BPDU out of all the 

received BPDUs 

Designated port Of all switch ports on all switches attached to the same segment/collision domain, the 

port that advertises the “best” root BPDU 

Alternate port A port on a switch that receives a suboptimal root BPDU 

Backup port A nondesignated port on a switch that is attached to the same segment/collision 

domain as another port on the same switch 

Disabled A port that is administratively disabled 

RSTP calls Ethernet connections between switches links and calls Ethernet connections to end-user 

devices edges. If the link is full duplex, RSTP designates it as a point-to-point link. If the link is half 

duplex, RSTP designates it as a shared link. An example of a shared link is a port attached to a hub. 

Determine the Root Bridge and Port Roles Exercise 

Instructor Note: This exercise will prove challenging for many students. However, you can enhance their understanding 

of STP concepts and operation by reviewing the online curriculum for CCNP 3, Module 3: Objective 3.1, 

“Defining the Spanning Tree Protocol—STP.” 

The root bridge is chosen based on the lowest BID. After the root bridge is selected, a non-root bridge 

looks at the following components in sequence to determine which ports will process user data and which 

ports will discard user data: 

1. On each non-root bridge, the port with the lowest path cost to root is the root port. 

2. If two or more bridges are members of the same segment and have the same cost to reach the root 

bridge, the bridge with the lowest BID is the designated port for that segment. 

3. If a bridge has two or more equal cost paths to root, the port with the lowest ID is designated port. 

The other port(s) is blocking. 

In the topologies shown in Figures 7-2, 7-3, and 7-4, circle the root bridge. On non-root bridges, label root 

ports with an R, designated ports with a D, and ports that are in the blocking state with a B. Use the 

revised IEEE costs to make your determinations. In the space provided after each topology, draw the logical 

loop-free spanning-tree topology with the root bridge at the top.

Figure 7-2 Determine the Root Bridge and Port Roles: Topology 1 

I have the best BPDU. 

I am root. 

Both Gi0/1 and Gi0/2 

have the same cost to 

root, therefore Gi0/1 

has the lower port ID 

and is my root port. 

Priority: Default 

000d.ecdb.4be4 

SWA 

Gi0/1 

D 

Fa0/1 

D 

Gi0/2 

D 

100 Mbps 

000e.385d.e380 


Root Bridge and Port Roles 

1000 Mbps 

R 

Gi0/1 

Gi0/2 

1000 Mbps 1000 Mbps 



000e.8362.e383 

SWB 

D Fa0/1 

B 

100 Mbps 

B 

Fa0/1 

Gi0/2 

B 

R 1000 Mbps 

Gi0/2 

D 

R 

D 

Fa0/1 

SWC Gi0/1 

Gi0/1 SWD 

My path cost to root is lower 

than SWC, therefore my 

Gi0/1 is the designated port. 

000d.edd3.37a3 


Logical, Loop-Free Spanning-Tree Topology 

SWA 

SWB SWD 

SWC 

My link cost to root is lower 

than SWC, therefore my Gi0/2 

is the designated port. 

Although we have the same 

cost to root, I have a lower 

BID than SWB, therefore my 

Fa0/1 is the designated port.





BID than SWC, therefore my 

Fa0/1 is the designated port. 


than SWD, therefore my Gi0/2 




R 

Gi0/1 

SWA 

D 

Fa0/1 Gi0/2 

D 

100 Mbps 

000e.385d.e380 

Priority: 36,864 


1000 Mbps 

Gi0/1 

D 

Gi0/2 


Priority: 4096 

000e.8362.e383 

SWB 

D Fa0/1 

D 

100 Mbps 

B 

Fa0/1 

R 

Gi0/2 

D 1000 Mbps 

Gi0/2 

R 

B 

B 

Fa0/1 

SWC Gi0/1 

Gi0/1 SWD 


than SWD, therefore my 


000d.edd3.37a3 



SWB 

SWA SWC 

SWD 


I am root. 





and is my root port.



My path cost to root is lower 000d.ecdb.4be4 

than SWB, therefore my Gi0/1 

D 


Gi0/1 

SWA 

R 

Fa0/1 Gi0/2 

B 



BID than SWA, therefore my 

Fa0/1 is the designated port. 

100 Mbps 

000e.385d.e380 



1000 Mbps 



R 

Gi0/1 

Gi0/2 


000e.8362.e383 

SWB 

B Fa0/1 

B 

100 Mbps 

D 

Fa0/1 

D 

Gi0/2 

R 1000 Mbps 

Gi0/2 

D 

D 

Fa0/1 

SWC Gi0/1 

Gi0/1 

D 

SWD 


than SWB, therefore my 



SWD 

SWC SWA 

1-58713-171-4 

sl260704aa.eps 

05/29/06 

ICC 

000d.edd3.37a3 


SWB 





and is my root port. 


I am root.


Spanning-Tree Recalculation Exercise 

Figure 7-5 is the same as Figure 7-3 in the preceding section. However, now the Gigabit Ethernet link 

between SWC and SWB has gone down. as indicated by the X. As you did before, circle the root bridge. 

On non-root bridges, label root ports with an R, designated ports with a D, and ports that are in the blocking 

state with a B. Use the revised IEEE costs to make your determinations. In the space provided after the 

topology, draw the logical loop-free spanning-tree topology with the root bridge at the top. 

Figure 7-5 Spanning-Tree Recalculation Exercise 

None of my costs changed. 

I am unaffected. 

I lost my best path to 

root. My next best path 

is through SWD. 



R 

Gi0/1 

SWA 

D 

Fa0/1 Gi0/2 

D 

100 Mbps 

B 

Fa0/1 

Gi0/2 

R 1000 Mbps 

Gi0/2 

D 

R 

B 

Fa0/1 

SWC Gi0/1 

Gi0/1 SWD 

000e.385d.e380 


1000 Mbps 

1000 Mbps 

My path cost to root is now 

lower than SWC, therefore my 


1-58713-171-4 

SWD 

sl260705aa.eps 

05/29/06 

ICC 

SWC 


000e.8362.e383 

Gi0/1 


D SWB 

I am root. 

Gi0/2 

D Fa0/1 

D 

1000 Mbps 

New Loop-Free Spanning-Tree 

Topology After Recalculation 

SWB 

SWA 

100 Mbps 

000d.edd3.37a3 


My Gi0/2 has the 

lowest cost to root, 

therefore it is now 

the root port.


What are the basic steps STP performs to converge a loop-free network? 

1. The switches select the root bridge. 

2. Configurations are made by the other switches and bridges, using the root bridge as a reference point. 

3. Each bridge or switch determines which of its own ports offers the best path to the root bridge. 

4. The logical loop is removed by one of the switches or bridges by blocking the port that creates the 

logical loop. Blocking is done by calculating costs for each port in relation to the root bridge. Then 

the port with the highest cost is disabled. 

Note: Students may list more or fewer steps than shown here. Just make sure that the concepts are delineated. 

How is the root bridge selected? 

STP devices settle on the root bridge by using an administratively set priority number. The root bridge is 

the one with the lowest priority number. The network administrator should always configure priority on 

the desired root bridge. 

What happens if two devices have the same priority number? 

If this happens, the STP devices pick the one with the lowest MAC address. 

What are BPDUs? 

BPDUs are messages sent between the root bridge and the best ports on the other devices, which are called 

root ports. The BPDUs transfer status messages about the network. 

What happens if BPDUs are not received for a set amount of time? 


The non-root bridge devices will assume that the root bridge has failed, and a new root bridge will be 

selected.


Lab Exercises 


In the table that follows, record the command, including the correct switch prompt, that fits the description 

for a 2950 Catalyst switch. Fill in any blanks with the appropriate missing information. 


Switch#show spanning-tree brief Cisco IOS Software Release 12.0 

Displays the spanning-tree table of the switch. 

Switch#show spanning-tree Cisco IOS Software Release 12.1 

Displays the spanning-tree table of the switch. 

Switch(config)#spanning-tree priority 1 Cisco IOS Software Release 12.0 

Sets the priority for root bridge elections. 

Number can be from 1 to 65535. The default is 

32768. 

Switch(config)#spanning-tree vlan 1 priority 4096 Cisco IOS Software Release 12.1 

Sets the priority for root bridge elections. 

Number can be from 0 to 65535 and must be 

configured in increments of 4096. The default 

is 32768. 

Switch(config-if)#spanning-tree portfast Sets an access port that will never be attached to 

another switch to move immediately into the 

forwarding state. 

Curriculum Lab 7-1: Selecting the Root Bridge (7.2.4) 



FA0/1 

FA0/1 

FA0/7 

FA0/4 

FA0/4 

FA0/8 

Switch 1 

Switch 2 



Switch Designation Switch Name VLAN 1 IP Address Default Gateway IP 

Address 

Switch 1 Switch_A 192.168.1.2 192.168.1.1 

Switch 2 Switch_B 192.168.1.3 192.168.1.1 

The enable secret password for both switches is class. 


Serial Cable

The enable, VTY, and console password for both switches is cisco. 

The subnet mask for both switches is 255.255.255.0. 

Objectives 


■ Determine which switch is selected as a root switch with factory default settings. 

■ Force the other switch to be selected as a root switch. 




on each switch unless you are specifically instructed otherwise: 

■ Start a HyperTerminal session. 

■ Implement the procedure that is documented in Appendix B, “Erasing and Reloading the Switch,” on 

all switches before you continue with this lab. 

Task 1: Configure the Switches 

Configure the hostnames and passwords, as well as the management VLAN 1 settings for each switch, as 

indicated in Table 7-1. If you have problems while performing this configuration, refer to Lab 6-2, “Basic 

Switch Configuration.” 

Task 2: Configure the Hosts that Are Attached to the Switches 

Configure the hosts as part of the same subnet as the switches. The hosts also share the same subnet mask 

and the same default gateway. 


Step 1. To verify that the hosts and switches are correctly configured, ping the switches from the hosts. 

C:\>ping 192.168.1.2 

Pinging 192.168.1.2 with 32 bytes of data: 

Reply from 192.168.1.2: bytes=32 time=1ms TTL=255 




Ping statistics for 192.168.1.2: 

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), 

Approximate round trip times in milli-seconds: 

Minimum = 1ms, Maximum = 1ms, Average = 1ms 

C:\>ping 192.168.1.3 








Ping statistics for 192.168.1.3: 

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), 

Approximate round trip times in milli-seconds: 

C:\> 

Minimum = 1ms, Maximum = 3ms, Average = 1ms 

Step 2. Were the pings successful? 

Step 3. If the answer is no, troubleshoot the host and switch configurations. 

Note: If your pings were not successful, remember the troubleshooting methodology you learned in your CCNA 2 

studies. Start with the physical layer first. Are all the link lights lit that need to be lit? What other Layer 1 issues might 

be the problem? If Layer 1 is not the problem, proceed to Layer 2. What Layer 2 issues are likely to be causing a 

problem? Layer 3? For a review of the method of testing by the layers, refer to the online curriculum CCNA 2 Routers 

and Routing Basics: Module 9, Objective 9.2, “Network Testing.” 

Task 4: Look at the show interface vlan Options 

Step 1. Type show interface vlan1 ?. 

Switch_A#show interface vlan1 ? 

accounting Show interface accounting 

capabilities Show interface capabilities information 

counters Show interface counters 

crb Show interface routing/bridging info 

description Show interface description 

etherchannel Show interface etherchannel information 

fair-queue Show interface Weighted Fair Queueing (WFQ) info 

flowcontrol Show interface flowcontrol information 

irb Show interface routing/bridging info 

mac-accounting Show interface MAC accounting info 

precedence Show interface precedence accounting info 

private-vlan Show interface private vlan information 

pruning Show interface trunk VTP pruning information 

random-detect Show interface Weighted Random Early Detection (WRED) info 

rate-limit Show interface rate-limit info 

shape Show interface Traffic Shape info 

stats Show interface packets & octets, in & out, by switching 

path 

status Show interface line status 

switchport Show interface switchport information 

trunk Show interface trunk information 

| Output modifiers 

 

Step 2. List some of the options that are available. 

counters, status, trunk

Task 5: Look at the VLAN Interface Information 

Step 1. On Switch_A, type the command show interface vlan 1 at the privileged EXEC mode prompt. 

Switch_A#show interface vlan 1 

Vlan1 is up, line protocol is up 

Hardware is CPU Interface, address is 0009.b7f5.6d80 (bia 0009.b7f5.6d80) 



















Step 2. What is the MAC address of the switch? 

0009.b7f5.5a41 

Step 3. On Switch_B, type the command show interface vlan 1 at the privileged EXEC mode prompt. 

Step 4. What is the MAC address of the switch? 

0009.b7f5.6d81 

Step 5. Which switch should be the root of the spanning tree for VLAN 1? 

Switch_A 

Step 6. What would you do if you wanted to change which switch is root for VLAN 1? 

Change the priority 

True or False: After changing which switch is root, you must reload the switches for the change 

to take effect. 

False 

Task 6: Look at the Switches’ Spanning-Tree Tables 

Step 1. On Switch_A, type show spanning-tree brief at the privileged EXEC mode prompt if you are 

running Cisco IOS Software Release 12.0. If you are running Cisco IOS Software Release 

12.1, type show spanning-tree. 

Switch_A#show spanning-tree brief 

VLAN1 

Spanning tree enabled protocol ieee 

Root ID Priority 32768 

Address 0009.b7f5.5a41 



Cost 19 

Port 1 (FastEthernet0/1) 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Bridge ID Priority 32768 

Address 0009.b7f5.6d81 


Aging Time 300 

Interface Designated 

Name Port ID Prio Cost Sts Cost Bridge ID Port 

ID 

—————————— ———- —— —— —- ——- —————————— ———- 

FastEthernet0/1 128.1 128 19 FWD 0 32768 0009.b7f5.5a41 128.1 

FastEthernet0/4 128.4 128 19 BLK 0 32768 0009.b7f5.5a41 128.4 

FastEthernet0/7 128.7 128 19 FWD 19 32768 0009.b7f5.6d81 128.7 

Step 2. On Switch_B, type show spanning-tree brief at the privileged EXEC mode prompt. 

Switch_B#show spanning-tree brief 

VLAN1 




This bridge is the root 


Bridge ID Priority 32768 




Interface Designated 

Name Port ID Prio Cost Sts Cost Bridge ID Port 

ID 

—————————— ———- —— ——- —- ——- —————————— ——— 




Step 3. Examine your output and answer the following questions. 

Which switch is the root switch? 

Switch_A 

What is the priority of the root switch? 

32768 

What is the bridge ID of the root switch? 

0009.b7f5.5a41 

Which ports are forwarding on the root switch? 

FastEthernet 0/1, 0/4, 0/7 

Which ports are blocking on the root switch? 

None

What is the priority of the non-root switch? 

32768 

What is the bridge ID of the non-root switch? 

0009.b7f5.6d81 

Which ports are forwarding on the non-root switch? 

FastEthernet 0/1 and 0/8 

Which ports are blocking on the non-root switch? 

FastEthernet 0/4 

What is the status of the link light on the blocking port? 

Amber 

Task 7: Reassign the Root Bridge 

Step 1. The switch that has been selected as the root bridge, by using default values, is not the best 

choice. You must force the other switch to become the root switch. 

For the purposes of this step, assume that the root switch by default is Switch_A. Also assume 

that Switch_B is preferred as the root switch. If your implementation has Switch_B as the 

default root, then you will want to configure Switch_A to be the root. Go to the console and 

enter configuration mode for the switch you want to change to root. 

Step 2. Determine the parameters that you can configure for the STP. 

Switch_A(config)#spanning-tree ? 

backbonefast Enable BackboneFast Feature 

etherchannel Spanning tree etherchannel specific configuration 

extend Spanning Tree 802.1t extensions 

loopguard Spanning tree loopguard options 

mode Spanning tree operating mode 

mst Multiple spanning tree configuration 

pathcost Spanning tree pathcost options 

portfast Spanning tree portfast options 

uplinkfast Enable UplinkFast Feature 

vlan VLAN Switch Spanning Tree 

Step 3. List the options. 

backbonefast, portfast, uplinkfast, vlan 

Step 4. Set the priority of the switch that is not root to 4096. 

If you are using Cisco IOS Software Release 12.0: 

Switch_B(config)#spanning-tree priority 1 

Switch_B(config)#exit 

If you are using Cisco IOS Software Release 12.1: 

Switch_B(config)#spanning-tree vlan 1 priority 4096 

Switch_B(config)#exit 



Task 8: Look at the Switch Spanning-Tree Table 

Step 1. On Switch_A, type show spanning-tree brief at the privileged EXEC mode prompt if you are 

running Cisco IOS Software Release 12.0. If you are running Cisco IOS Software Release 

12.1, type show spanning-tree. 

Switch_A#show spanning-tree 

VLAN1 is executing the ieee compatible Spanning Tree protocol 

Bridge Identifier has priority 4096, address 0009.b7f5.6d81 

Configured hello time 2, max age 20, forward delay 15 

We are the root of the spanning tree 

Topology change flag not set, detected flag not set 

Number of topology changes 4 last change occurred 00:01:34 ago 

Times: hold 1, topology change 35, notification 2 

hello 2, max age 20, forward delay 15 

Timers: hello 1, topology change 0, notification 0, aging 300 

Port 1 (FastEthernet0/1) of VLAN1 is forwarding 

Port path cost 19, Port priority 128, Port Identifier 128.1. 

Designated root has priority 4096, address 0009.b7f5.6d81 

Designated bridge has priority 4096, address 0009.b7f5.6d81 

Designated port id is 128.1, designated path cost 0 

Timers: message age 0, forward delay 0, hold 0 

Number of transitions to forwarding state: 1 

BPDU: sent 101, received 1436 

















Step 3. Examine your output and answer the following questions. 


Switch_B 

What is the priority of the root switch? 

4096

Which ports are forwarding on the root switch? 

FastEthernet 0/1, 0/4, and 0/8 

Which ports are blocking on the root switch? 

None 

What is the priority of the non-root switch? 

32768 

Which ports are forwarding on the non-root switch? 

FastEthernet 0/1 and 0/7 

Which ports are blocking on the non-root switch? 

FastEthernet 0/4 

What is the status of the link light on the blocking port? 

Amber 

Task 9: Verify the Running Configuration File on the Root Switch 

Step 1. On the switch that was changed to be the root bridge, type show running-config at the 

privileged EXEC mode prompt. 

Switch_A#show running-config 



! 

version 12.1 





! 

hostname Switch_A 

! 

enable secret 5 $1$K0Nw$Vfv.yuMmf20yNpzBO3uOh0 

! 


no ip finger 

! 

spanning-tree vlan 1 priority 4096 

! 


! 

 

! 


! 


ip address 192.168.1.2 255.255.255.0 


! 





! 

line con 0 


login 

transport input none 

line vty 0 4 


login 

line vty 5 15 

! 

end 


login 

Step 2. Does an entry exist in the running configuration file that specifies the spanning-tree priority for 

this switch? 

Yes 

Step 3. What does that entry say? 


Note: The output is different depending on whether the Cisco IOS software is Release 12.0 or Release 12.1. 

After you complete the previous steps, log off (by typing exit) and turn all the devices off. Then remove 

and store the cables and adapter. 

Curriculum Lab 7-2: Spanning-Tree Recalculation (7.2.6) 



FA0/1 

FA0/7 FA0/4 

FA0/4 

FA0/8 

Switch 1 

Switch 2 




Switch 1 Switch_A 192.168.1.2 192.168.1.1 

Switch 2 Switch_B 192.168.1.3 192.168.1.1 

The enable secret password for both switches is class. 

The enable, VTY, and console password for both switches is cisco. 

The subnet mask for both switches is 255.255.255.0. 

FA0/1 


Serial Cable

Objectives 


■ Observe the behavior of the spanning-tree algorithm in the presence of switched network topology 

changes. 




on each switch unless you are specifically instructed otherwise: 

■ Start a HyperTerminal session. 

■ Implement the procedure documented in Appendix B on all switches before you continue with this lab. 


Configure the hostnames and passwords, as well as the management VLAN 1 settings for each switch, as 



Task 2: Configure the Hosts that Are Attached to the Switches 

Configure the hosts as part of the same subnet as the switches. The hosts also share the same subnet mask 

and the same default gateway. 


Step 1. To verify that the hosts and switches are configured correctly, ping the switches from the hosts. 

Step 2. Were the pings successful? 

Step 3. If the answer is no, troubleshoot the host and switch configurations. 

Task 4: Look at the VLAN Interface Information 

Step 1. On both switches, type the command show interface vlan 1 at the privileged EXEC prompt. 

Switch_A#show interface vlan 1 


Hardware is CPU Interface, address is 0009.b7f5.6d80 (bia 0009.b7f5.6d80) 





















Switch_B#show interface vlan 1 


Hardware is CPU Interface, address is 0009.b7f5.5a40 (bia 0009.b7f5.5a40) 



















Step 2. What is the MAC address of Switch_A? 

0009.b7f5.6d80 

Step 3. What is the MAC address of Switch_B? 

0009.b7f5.5a40 

Step 4. Which switch should be the root of the spanning tree for VLAN 1? 

Switch_B 

Task 5: Look at the Switches’ Spanning-Tree Tables 

Step 1. On Switch_A, type show spanning-tree brief at the privileged EXEC mode prompt if you 

are running Cisco IOS Software Release 12.0. If you are running Cisco IOS Software Release 

12.1, type show spanning-tree. Different releases of IOS have different options for this 




Bridge Identifier has priority 32768, address 0009.b7f5.6d81 


Current root has priority 32768, address 0009.b7f5.5a41 

Root port is 1 (FastEthernet0/1), cost of root path is 19 



from FastEthernet0/1 

Times: hold 1, topology change 35, notification 2





Designated root has priority 32768, address 0009.b7f5.5a41 

Designated bridge has priority 32768, address 0009.b7f5.5a41 





Port 4 (FastEthernet0/4) of VLAN1 is blocking 

















Switch_B#show spanning-tree 


Bridge Identifier has priority 32768, address 0009.b7f5.5a41 


We are the root of the spanning tree 



from FastEthernet0/1 

Times: hold 1, topology change 35, notification 2 





























Step 3. Examine the command output and answer the following questions. 


Switch_B 

Record the states of the first 12 interfaces and ports of each switch in the following table. 

Switch_A Port No. Switch_B 

FWD 1 FWD 

Down 2 Down 

Down 3 Down 

BLK 4 FWD 

Down 5 Down 

Down 6 Down 

FWD 7 Down 

Down 8 FWD 

Down 9 Down 

Down 10 Down 

Down 11 Down 

Down 12 Down 

Task 6: Remove a Cable on the Switch 

Step 1. Remove the cable from the forwarding port on the non-root switch. If Switch_A is your root 

switch, then remove the cable from the forwarding port on Switch_B. If Switch_B is your root 

switch, then remove the cable from the forwarding port on Switch_A. 

Step 2. Wait for at least 2 minutes. 

Step 3. What has happened to the switch port LEDs? 

The port LEDs on both switches for FastEthernet 0/1 turned off.

Task 7: Look at the Spanning-Tree Table for the Switches 






VLAN0001 




Cost 19 



Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) 




Interface Port ID Designated Port 

ID 

Name Prio.Nbr Cost Sts Cost Bridge ID 

Prio.Nbr 

———————— ———— ————- —- ————- —————————— ———— 

Fa0/4 128.4 19 FWD 0 32769 0009.b7f5.5a40 128.4 

Fa0/7 128.7 19 FWD 0 32769 0009.b7f5.5a40 128.7 



VLAN0001 











ID 


Prio.Nbr 

———————— ———— ————- —- ————- —————————— ———— 

Fa0/4 128.4 19 FWD 0 32769 0009.b7f5.5a40 128.4 

Fa0/8 128.8 19 FWD 0 32769 0009.b7f5.5a40 128.8 

Step 3. What changes have taken place in the command output? 

On Switch_A? 

Information and statistics for FastEthernet 0/1 are not displayed and FastEthernet 0/4 went 

from BLK mode into FWD mode. 

On Switch_B? 

Information and statistics for FastEthernet 0/1 are not displayed. 



Task 8: Replace the Cable in the Switch 

Step 1. Replace the cable in the port that it was removed from. For the previous example, this is interface 

FastEthernet 0/1 on Switch_A. 

Step 2. Wait for at least 2 minutes. 

Step 3. What has happened to the switch port LEDs? 

Both light up green. 

Task 9: Redisplay the Spanning-Tree Table for the Switches 






VLAN0001 




Cost 19 








ID 


Prio.Nbr 

———————— ———— ————- —- ————- —————————— ———— 

Fa0/1 128.1 19 FWD 0 32769 0009.b7f5.5a40 128.1 

Fa0/4 128.4 19 BLK 0 32769 0009.b7f5.5a40 128.4 

Fa0/7 128.7 19 FWD 0 32769 0009.b7f5.5a40 128.7 



VLAN0001 











ID 


Prio.Nbr

———————— ———— ————- —- ————- —————————— ———— 

Fa0/1 128.1 19 FWD 0 32769 0009.b7f5.5a40 128.1 

Fa0/4 128.4 19 FWD 0 32769 0009.b7f5.5a40 128.4 

Fa0/8 128.8 19 FWD 0 32769 0009.b7f5.5a40 128.8 

Step 3. What changes have taken place in the command output? 

On Switch_A? 

FastEthernet 0/1 goes back into FWD mode and FastEthernet 0/4 went back to BLK mode. 

On Switch_B? 

FastEthernet 0/1 goes back into FWD mode. 


After you complete the previous steps, log off (by typing exit) and turn all the devices off. Then remove 



CHAPTER 8 

Virtual LANs 

The Study Guide portion of this chapter uses a combination of fill in the blank and unique custom exercises 

to test your knowledge on the theory of VLANs, VLAN configuration, and VLAN troubleshooting. 

The Lab Exercises portion of this chapter includes all of the online curriculum labs as well as a challenge 

lab to ensure that you have mastered the practical, hands-on skills needed about VLANs.



VLAN Concepts 

As a network engineer, it is important that you understand the logical function of a VLAN and how 

VLANs can improve network performance. The completion exercise in this brief section provides a quick 

review of VLAN concepts. 



Up to this point in your studies, you have learned that a LAN includes all devices in the same broadcast 

domain and that a switch is used to microsegment the collision domain. In this chapter, you learned that 

switches can be configured with virtual LANs, or VLANs, to segment the broadcast domain at Layer 2. 

Without VLANs, a switch treats all interfaces on the switch as being in the same broadcast domain. 

A VLAN is a broadcast domain created by one or more switches. Configuration is as simple as putting 

some interfaces in one VLAN and other interfaces in another VLAN. 

List a few reasons or benefits for using VLANs: 

■ Limit the size of broadcast domains 

■ Group users by function, department, or some other logic instead of by physical location 

■ Increase security by separating logically devices on the same LAN 

■ Separate specialized traffic from user traffic (e.g. IP phones) 

Layer 2 switches cannot forward traffic between VLANs. In fact, the switch maintains a separate MAC 

address table for each VLAN so that broadcasts are contained within each VLAN. To communicate 

between users on different VLANs, the traffic must pass through a router or Layer 3 switch. This can be 

done by using a different Ethernet interface for each VLAN. Note that each VLAN would be on a different 

subnet. It is more common to use one Fast Ethernet interface to trunk multiple VLANs and configure logical 

subinterfaces. 

Two basic VLAN configuration methods are available to the network engineer: static configuration, which 

is port based, and dynamic configuration, which uses a VLAN Management Policy Server (VMPS). Static 

VLAN configuration is by far the most widely implemented of these two methods. Dynamic VLAN configuration 

is not currently a CCNA objective. 

VLAN Configuration 

Currently, the Cisco IOS is in a transition phase from configuring VLANs in VLAN database configuration 

mode to configuring VLANs in global configuration mode. Because both ways are currently supported, 

you need to be familiar with each. The configuration exercise in this section will walk you through 

both methods for creating, modifying, applying, and deleting VLANs. 

Learn VLAN Configuration Commands Exercise 

True or False: You can assign a VLAN to an interface without creating the VLAN first. If true, what confirmation 

message does the switch display? If false, what error message does the switch display?

True 

SWA(config)#interface fa0/4 

SWA(config-if)#switchport access vlan 40 

% Access VLAN does not exist. Creating vlan 40 


VLANs can be created using VLAN database mode or global configuration mode. VLAN global configuration 

mode is preferred because the user interface is familiar. In addition, you must use the exit command 

in VLAN database mode to have changes applied to the VLAN database. Finally, VLAN database configuration 

mode has been deprecated and will be removed in some future releases. 

For the following exercise, refer to Figure 8-1. 

Figure 8-1 VLAN Configuration Commands 

Record the commands, including the switch prompt, to configure SWA with the VLANs, shown in Figure 

8-1. The commands would be the same on SWB. 

VLAN database configuration mode 

SWA#vlan database 

SWA(vlan)#vlan 10 name Accounting 

VLAN 10 added: 

Name: Accounting 

SWA(vlan)#vlan 20 name Marketing 


Name: Marketing 

SWA(vlan)#vlan 30 name Purchasing 


Name: Purchasing 

SWA(vlan)#exit 

APPLY completed. 

Exiting.... 

SWA# 

VLAN 1 10.1.0.0/16 

VLAN 10 10.10.0.0/16 

VLAN 20 10.20.0.0/16 

VLAN 30 10.30.0.0/16 

VLAN 10 

fa0/4–8 

VLAN global configuration mode 

SWA(config)#vlan 10 

SWA(config-vlan)#name Accounting 

SWA(config-vlan)#vlan 20 

SWA(config-vlan)#name Marketing 

SWA(config-vlan)#vlan 30 

VLAN 1: 10.1.0.2 

DefGate: 10.1.0.1 

SWA 

VLAN 20 


fa0/2 

fa0/3 

VLAN 30 


VLAN 10 


VLAN 1: 10.1.0.3 

DefGate: 10.1.0.1 

fa0/2 

SWB 

fa0/3 

VLAN 20 


VLAN 30 

fa0/17–24


SWA(config-vlan)#name Purchasing 

SWA(config-vlan)#end 

SWA# 

From global configuration mode if you type interface ? and see range as one of the options, you are in 

luck. Your Cisco IOS Software Release supports the range parameter. This argument to the interface command 

allows you to configure multiple ports at one time. For example: 

Switch(config)#interface range fa0/1 – 8 

Switch(config-if-range)# 

Interestingly, the hyphen is considered a parameter. You must enter a space before and after the hyphen. 

Note that the range argument can be used to configure any combination of ports. For example, the following 

would be a legitimate command: 

Switch(config)#interface range fa 0/4 - 5, fa 0/3 , fa 0/10 - 12 , gi 0/1 

Switch(config-if-range)# 

Record the commands, including the switch prompt, to assign interfaces with the VLANs shown in Figure 

8-1. You only need to show the commands for SWA. The commands are the same for SWB. 

SWA(config)#interface range fa 0/4 – 8 

SWA(config-if-range)#switchport mode access 

SWA(config-if-range)#switchport access vlan 10 

SWA(config-if-range)#interface range fa 0/9 – 16 



SWA(config-if-range)#interface range fa 0/17 - 24 



SWA(config-if-range)#end 

SWA# 

You need to move ports Fa0/17 through Fa0/20 to the Marketing VLAN. Record the command or commands, 

including switch prompt, to make the move. 



!You do not need to first remove the ports from the other VLAN 

The Purchasing department has been eliminated. All Purchasing department functions are now handled by 

Accounting. You no longer need the Purchasing VLAN. Record the command or commands, including 

switch prompt, to delete the Purchasing VLAN. 

VLAN database configuration mode 

Switch#vlan database 

Switch(vlan)#no vlan 10 

Deleting VLAN 10... 

Switch(vlan)#exit 

APPLY completed. 

Exiting.... 

Switch#

VLAN global configuration mode 

Switch(config)#no vlan 10 

Switch(config)#exit 

Switch# 

What happens to the ports that were members of a deleted VLAN? 

The ports belong to no VLAN and will have only limited access. 

What must be done to fix this problem? 

Either assign the ports to a new VLAN or use the no form of the switchport access vlan command to reassign 

the ports to VLAN 1. 

Record the commands, including switch prompt, to reassign ports Fa0/21 through Fa0/24 to VLAN 1. 


SWA(config-if-range)#no switchport mode access vlan 

!or 

SWA(config-if-range)#switchport mode access vlan 1 

Troubleshooting VLANs 

Now that you are comfortable configuring VLANS, it is time to review the commands that will help you to 

verify and troubleshoot your VLAN implementation. This section covers the show commands most commonly 

used with VLANs. 

Identify the Troubleshooting Command Exercise 

In this exercise, you are asked to identify what command was used to display the output. You may need to 

use a switch to help research your answers. The following output is from a Cisco 2950 running Cisco IOS 

Software Version 12.1(13)EA1. 

Switch#show spanning-tree vlan 1 

VLAN0001 



Address 000e.385d.e380 




Address 000e.385d.e380 




Interface Role Sts Cost Prio.Nbr Type 

———————— —— —- ————- ———— ———————————————— 

Fa0/1 Desg FWD 19 128.1 P2p 

Fa0/2 Desg FWD 19 128.2 P2p


Fa0/3 Desg FWD 19 128.3 P2p 

Switch#show vlan name Accounting !or show vlan id 10 

VLAN Name Status Ports 

—— ———————————————— ————- ———————————————- 

10 Accounting active Fa0/1, Fa0/2, Fa0/3, Fa0/4 

Fa0/5, Fa0/6, Fa0/7, Fa0/8 

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 

—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

10 enet 100010 1500 - - - - - 0 0 

Remote SPAN VLAN 

———————— 

Disabled 

Primary Secondary Type Ports 

———- ————- ————————- ————————————————————— 

Switch#show interface fa0/2 switchport 

Name: Fa0/2 

Switchport: Enabled 

Administrative Mode: trunk 

Operational Mode: trunk 

Administrative Trunking Encapsulation: dot1q 

Operational Trunking Encapsulation: dot1q 

Negotiation of Trunking: On 

Access Mode VLAN: 1 (default) 

Trunking Native Mode VLAN: 1 (default) 

Voice VLAN: none 

Administrative private-vlan host-association: none 

Administrative private-vlan mapping: none 

Operational private-vlan: none 

Trunking VLANs Enabled: ALL 

Pruning VLANs Enabled: 2-1001 

Capture Mode Disabled 

Capture VLANs Allowed: ALL 

Protected: false 

Voice VLAN: none (Inactive) 

Appliance trust: none

Switch#show vlan brief 


—— ———————————————— ————- ———————————————- 

1 default active Gi0/1, Gi0/2 


Fa0/8 

20 Marketing active Fa0/9, Fa0/10, Fa0/11, Fa0/12 

Fa0/13, Fa0/14, Fa0/15, Fa0/16 

30 Purchasing active Fa0/17, Fa0/18, Fa0/19, Fa0/20 

Fa0/21, Fa0/22, Fa0/23, Fa0/24 

1002 fddi-default active 

1003 token-ring-default active 

1004 fddinet-default active 

1005 trnet-default active 

Switch#show interface trunk 

Port Mode Encapsulation Status Native vlan 

Fa0/1 on 802.1q trunking 1 



Port Vlans allowed on trunk 

Fa0/1 1-4094 

Fa0/2 1-4094 

Fa0/3 1-4094 

Port Vlans allowed and active in management domain 

Fa0/1 1,10,20,30 

Fa0/2 1,10,20,30 

Fa0/3 1,10,20,30 

Port Vlans in spanning tree forwarding state and not pruned 

Fa0/1 1,10,20,30 

Fa0/2 1,10,20,30 

Fa0/3 1,10,30 

Chapter 8: Virtual LANs 347


Lab Exercises 



for a 2950 Catalyst switch. 


Switch#vlan database Enters VLAN database configuration mode 

Switch(vlan)#vlan 2 name Engineering Creates VLAN 2 and names it Engineering 

Switch(vlan)#vlan 3 name Marketing Creates VLAN 2 and names it Marketing 

Switch(vlan)#exit Applies changes and exits VLAN database mode 

Switch(config)#vlan 10 Creates VLAN 10 using global configuration mode 

Switch(config-vlan)#name Accounting Assigns the name Accounting to VLAN 10 

Switch(config)#interface range fa0/2 – 8 Enters interface configuration mode for interfaces Fa0/2 

through Fa0/8 

Switch(config)#switchport mode access Sets these ports to access mode 

Switch(config-if)#switchport access vlan 2 Assigns these ports to VLAN 2 

Switch(vlan)#no vlan 3 Deletes VLAN 3 in VLAN database configuration mode 

Switch(config)#no vlan 3 Deletes VLAN 3 in global configuration mode 

Switch(config-if)#no switchport access vlan 10 Removes an interface from VLAN 10 

Switch#delete flash:vlan.dat Removes the entire VLAN database from Flash memory 

Switch#show vlan Displays the complete VLAN database 

Switch#show vlan brief Displays a summary of the VLAN database 

Curriculum Lab 8-1: Configuring Static VLANs (8.2.3) 



FA0/1 FA0/4 

Switch 1 




Serial Cable 

Switch Switch Name VLAN 1 IP Address Default Gateway Subnet Mask 

Designation IP Address 

Switch 1 Switch_A 192.168.1.2 192.168.1.1 255.255.255.0



Objectives 


■ Determine the switch firmware version. 

■ Create two VLANs, name them, and assign member ports to them. 


When you are managing a switch, the management domain is always VLAN 1. The network administrator’s 

workstation must have access to a port in the VLAN 1 management domain. All ports are assigned to 

VLAN 1 by default. This lab will help demonstrate how you can use VLANs to separate traffic and reduce 

broadcast domains. 



on each switch unless you are specifically instructed otherwise. Instructions are also provided for the 1900 




Implement the procedure documented in Appendix B, “Erasing and Reloading the Switch,” on all switches 

before you continue with this lab. 


Configure the hostnames and passwords, as well as the management VLAN 1 settings for the switch, as 






To verify that the hosts and switch are correctly configured, ping the switch from the hosts. 



Task 4: Show the Cisco IOS Version 

It is important that you know the version of the operating system. Differences between versions might 

change how you enter commands. Enter the show version command at the user EXEC or privileged 


Switch_A#show version 

What version of the switch IOS is displayed? 12.1(13)EA1 

Does this switch have Standard Edition or Enterprise Edition software? Standard 

Switch_A#show version 




IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(13)EA1, RELEASE 

SOFTWARE (fc1) 

Copyright 1986-2003 by cisco Systems, Inc. 

Compiled Tue 04-Mar-03 02:14 by yenanh 


ROM: Bootstrap program is CALHOUN boot loader 

Switch_A uptime is 7 minutes 


System image file is “flash:c2950-i6q4l2-mz.121-13.EA1.bin” 

cisco WS-C2950-24 (RC32300) processor (revision E0) with 20839K bytes of 

memory. 

Processor board ID FHK0634Z08M 





Base ethernet MAC Address: 00:0A:B7:72:2B:40 



Motherboard serial number: FOC06330DJG 

Power supply serial number: PHI06290B8Q 

Model revision number: E0 

Motherboard revision number: B0 


System serial number: FHK0634Z08M 


Task 5: Display the VLAN Interface Information 

On Switch_A, enter the command show vlan at the privileged EXEC mode prompt. 

Switch_A#show vlan 

Which ports belong to the default VLAN? All 

How many VLANs are set up by default on the switch? 5 

What does the VLAN 1003 represent? 

It represents the default Token Ring VLAN. 

How many ports are in the 1003 VLAN? 0 



—— ———————————————— ————- ———————————————- 

1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 

Fa0/5, Fa0/6, Fa0/7, Fa0/8 

Fa0/5, Fa0/6, Fa0/7, Fa0/8 

Fa0/13, Fa0/14, Fa0/15, Fa0/16

1002 fddi-default act/unsup 

1003 token-ring-default act/unsup 

1004 fddinet-default act/unsup 

1005 trnet-default act/unsup 

Fa0/17, Fa0/18, Fa0/19, Fa0/20 

Fa0/21, Fa0/22, Fa0/23, Fa0/24 


—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1 enet 100001 1500 - - - - - 0 0 

1002 fddi 101002 1500 - - - - - 0 0 

1003 tr 101003 1500 - - - - - 0 0 

1004 fdnet 101004 1500 - - - ieee - 0 0 

1005 trnet 101005 1500 - - - ibm - 0 0 

Remote SPAN VLANs 

——————————————————————————————————————— 


———- ————- ————————- ————————————————————— 

Task 6: Create and Name Two VLANs 

Enter the following commands to create two named VLANs: 

Switch_A#vlan database 

Switch_A(vlan)#vlan 2 name VLAN2 


Switch_A(config)#exit 

1900: 

Switch_A#config t 

Switch_A(config)#vlan 2 name VLAN2 





Are new VLANs in the listing? If so, which ones? Yes, 2 and 3 

Do these VLANs have ports assigned to them yet? No 




—— ———————————————— ————- ———————————————- 

1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4


2 VLAN2 active 






Fa0/5, Fa0/6, Fa0/7, Fa0/8 

Fa0/9, Fa0/10, Fa0/11, Fa0/12 

Fa0/13, Fa0/14, Fa0/15, Fa0/16 

Fa0/17, Fa0/18, Fa0/19, Fa0/20 

Fa0/21, Fa0/22, Fa0/23, Fa0/24 


—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1 enet 100001 1500 - - - - - 0 0 

2 enet 100002 1500 - - - - - 0 0 

3 enet 100003 1500 - - - - - 0 0 

1002 fddi 101002 1500 - - - - - 0 0 

1003 tr 101003 1500 - - - - - 0 0 


—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1004 fdnet 101004 1500 - - - ieee - 0 0 

1005 trnet 101005 1500 - - - ibm - 0 0 


——————————————————————————————————————— 


———- ————- ————————- ————————————————————— 

Task 8: Assign a Port to VLAN 2 

You must assign ports to VLANs from the interface mode. Enter the following commands to add port 2 to 

VLAN 2: 

Switch_A#configure terminal 

Switch_A(config)#interface fastethernet 0/2 

Switch_A(config-if)#switchport mode access 

Switch_A(config-if)#switchport access vlan 2 

Switch_A(config-if)#end 

1900: 


Switch_A(config)#interface Ethernet 0/2 

Switch_A(config-if)#vlan static 2 

Switch_A(config)#end




Is port 2 assigned to VLAN 2? Yes 

Is the port still listed in the default VLAN? No 



—— ———————————————— ————- ———————————————- 


2 VLAN2 active Fa0/2 






Fa0/6, Fa0/7, Fa0/8, Fa0/9 

Fa0/10, Fa0/11, Fa0/12, Fa0/13 

Fa0/14, Fa0/15, Fa0/16, Fa0/17 

Fa0/18, Fa0/19, Fa0/20, Fa0/21 

Fa0/22, Fa0/23, Fa0/24 


—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1 enet 100001 1500 - - - - - 0 0 

2 enet 100002 1500 - - - - - 0 0 

3 enet 100003 1500 - - - - - 0 0 

1002 fddi 101002 1500 - - - - - 0 0 

1003 tr 101003 1500 - - - - - 0 0 


—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1004 fdnet 101004 1500 - - - ieee - 0 0 

1005 trnet 101005 1500 - - - ibm - 0 0 


——————————————————————————————————————— 



———- ————- ————————- —————————————————————


Task 10: Assign a Port to VLAN 3 

You must assign ports to VLANs from the interface mode. Enter the following commands to add port 3 to 

VLAN 3: 






1900: 



Switch_A(config)#vlan static 3 

Switch_A(config)#end 




Is port 3 assigned to VLAN 3? Yes 

Is the port still listed in the default VLAN? No 



—— ———————————————— ————- ———————————————- 








Fa0/7, Fa0/8, Fa0/9, Fa0/10 

Fa0/11, Fa0/12, Fa0/13, Fa0/14 

Fa0/15, Fa0/16, Fa0/17, Fa0/18 

Fa0/19, Fa0/20, Fa0/21, Fa0/22 

Fa0/23, Fa0/24 


—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1 enet 100001 1500 - - - - - 0 0 

2 enet 100002 1500 - - - - - 0 0 

3 enet 100003 1500 - - - - - 0 0 

1002 fddi 101002 1500 - - - - - 0 0 

1003 tr 101003 1500 - - - - - 0 0


—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1004 fdnet 101004 1500 - - - ieee - 0 0 

1005 trnet 101005 1500 - - - ibm - 0 0 


——————————————————————————————————————— 


———- ————- ————————- ————————————————————— 

Task 12: Look Only at VLAN 2 Information 

Instead of displaying all the VLANs, enter the show vlan id 2 command at the privileged EXEC mode 

prompt. 

Switch_A#show vlan id 2 

1900: 

Switch_A#show vlan 2 

Does this command supply more information than the show vlan command? Yes 

Switch_A#show vlan id 2 


—— ———————————————— ————- ———————————————- 



—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

2 enet 100002 1500 - - - - - 0 0 


———————— 

Disabled 


———- ————- ————————- ————————————————————— 

Task 13: Look Only at VLAN 2 Information with a Different 

Command (1900: Skip this Task) 

Instead of displaying all the VLANs, enter the show vlan name VLAN2 command at the privileged 


Switch_A#show vlan name VLAN2 



Does this command supply more information than the other show commands? No 

ALSwitch#show vlan name VLAN2 


—— ———————————————— ————- ———————————————- 



—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

2 enet 100002 1500 - - - - - 0 0 


———————— 

Disabled 


———- ————- ————————- ————————————————————— 

After you complete the previous step, log off (by typing exit) and turn all the devices off. Then, remove 


Curriculum Lab 8-2: Verifying VLAN Configurations 

(8.2.4) 





Switch 1 Switch_A 192.168.1.2 192.168.1.2 255.255.255.0 



Objectives 


■ Create two VLANs. 

FA0/1 FA0/4 

Switch 1 




Serial Cable

■ Name the VLANs and assign multiple member ports to them. 

■ Test functionality by moving a workstation from one VLAN to another. 




VLAN 1 by default. This lab will also help demonstrate how VLANs can be used to separate traffic and 

reduce broadcast domains. 



on each switch unless you are specifically instructed otherwise. Instructions are also provided for the 1900 





















—— ———————————————— ————- ———————————————- 




Fa0/5, Fa0/6, Fa0/7, Fa0/8 

Fa0/5, Fa0/6, Fa0/7, Fa0/8 

Fa0/13, Fa0/14, Fa0/15, Fa0/16 

Fa0/17, Fa0/18, Fa0/19, Fa0/20 

Fa0/21, Fa0/22, Fa0/23, Fa0/24






—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1 enet 100001 1500 - - - - - 0 0 

1002 fddi 101002 1500 - - - - - 0 0 

1003 tr 101003 1500 - - - - - 0 0 

1004 fdnet 101004 1500 - - - ieee - 0 0 

1005 trnet 101005 1500 - - - ibm - 0 0 


——————————————————————————————————————— 


———- ————- ————————- ————————————————————— 







1900: 





Task 6: Assign Ports to VLAN 2 

You must assign ports to VLANs from the interface mode. Enter the following commands to add ports 4, 

5, and 6 to VLAN 2: 








Switch_A(config)#interface fastethernet 0/6




1900: 


Switch_A(config)#interface ethernet 0/4 


Switch_A(config-if)#interface ethernet 0/5 








Are ports 4 through 6 assigned to VLAN 2? Yes 



—— ———————————————— ————- ———————————————- 


Fa0/8, Fa0/9, Fa0/10, Fa0/11 

Fa0/12, Fa0/13, Fa0/14, Fa0/15 

Fa0/16, Fa0/17, Fa0/18, Fa0/19 

Fa0/20, Fa0/21, Fa0/22, Fa0/23 

Fa0/24 

2 VLAN2 active Fa0/4, Fa0/5, Fa0/6 








—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1 enet 100001 1500 - - - - - 0 0 

2 enet 100002 1500 - - - - - 0 0 

3 enet 100003 1500 - - - - - 0 0 

1002 fddi 101002 1500 - - - - - 0 0 

1003 tr 101003 1500 - - - - - 0 0 


—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———


1004 fdnet 101004 1500 - - - ieee - 0 0 

1005 trnet 101005 1500 - - - ibm - 0 0 


——————————————————————————————————————— 


———- ————- ————————- ————————————————————- 


Enter the following commands to assign ports 7, 8, and 9 to VLAN 3: 


















—— ———————————————— ————- ———————————————- 


Fa0/11, Fa0/12, Fa0/13, Fa0/14 

Fa0/15, Fa0/16, Fa0/17, Fa0/18 

Fa0/19, Fa0/20, Fa0/21, Fa0/22 

Fa0/23, Fa0/24 






1005 trnet-default act/unsup


—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1 enet 100001 1500 - - - - - 0 0 

2 enet 100002 1500 - - - - - 0 0 

3 enet 100003 1500 - - - - - 0 0 

1002 fddi 101002 1500 - - - - - 0 0 

1003 tr 101003 1500 - - - - - 0 0 

1004 fdnet 101004 1500 - - - ieee - 0 0 


—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1005 trnet 101005 1500 - - - ibm - 0 0 


——————————————————————————————————————— 


———- ————- ————————- ————————————————————— 

Task 10: Test the VLANs 

Step 1. Ping from the host in port 0/4 to the host in port 0/1. 

Was the ping successful? No 

Why? 

They have different VLAN membership. 



Why? 


Step 3. Ping from the host in port 0/4 to the switch IP 192.168.1.2. 


Why? 




Why? 

They have the same VLAN membership. 



Task 11: Move a Host 

Move the host in port 0/4 to port 0/3, wait until the port LED turns green, and then go to the next task. 




Why? 






Task 13: Move Hosts 

Move the host in port 0/3 to port 0/4 and the host in port 0/1 to port 0/5, wait until the port LED turns 

green, and then go to the next task. 




Why? 








Why? 


Task 15: Move the Hosts 

Move the host in port 0/4 to port 0/8, wait until the port LED turns green, and then go to the next task. 



Was the ping successful? No

Why? 










Curriculum Lab 8-3: Deleting VLAN Configurations (8.2.6) 





Switch 1 Switch_A 192.168.1.2 192.168.1.1 255.255.255.0 



Objectives 


■ Create two VLANs. 

■ Name the VLANs and assign multiple member ports to them. 

■ Delete VLANs. 

■ Understand why it is not possible to delete VLAN 1. 


FA0/1 FA0/4 

Switch 1 




Serial Cable 








on each switch unless you are specifically instructed otherwise.


Instructions are also provided for the 1900 series switch, which initially displays a User Interface Menu. 

Select the Command Line option from the menu to perform the steps for this lab. 



















—— ———————————————— ————- ———————————————- 






Fa0/5, Fa0/6, Fa0/7, Fa0/8 

Fa0/5, Fa0/6, Fa0/7, Fa0/8 

Fa0/13, Fa0/14, Fa0/15, Fa0/16 

Fa0/17, Fa0/18, Fa0/19, Fa0/20 

Fa0/21, Fa0/22, Fa0/23, Fa0/24 


—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1 enet 100001 1500 - - - - - 0 0 

1002 fddi 101002 1500 - - - - - 0 0 

1003 tr 101003 1500 - - - - - 0 0 

1004 fdnet 101004 1500 - - - ieee - 0 0

1005 trnet 101005 1500 - - - ibm - 0 0 


——————————————————————————————————————— 


———- ————- ————————- ————————————————————— 







1900: 





Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add 

ports 4, 5, and 6 to VLAN 2: 












1900: 




Switch_A(config-if)#interface Ethernet 0/5 


Switch_A(config-if)#interface Ethernet 0/6 











—— ———————————————— ————- ———————————————- 


Fa0/8, Fa0/9, Fa0/10, Fa0/11 

Fa0/12, Fa0/13, Fa0/14, Fa0/15 

Fa0/16, Fa0/17, Fa0/18, Fa0/19 

Fa0/20, Fa0/21, Fa0/22, Fa0/23 

Fa0/24 








—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1 enet 100001 1500 - - - - - 0 0 

2 enet 100002 1500 - - - - - 0 0 

3 enet 100003 1500 - - - - - 0 0 

1002 fddi 101002 1500 - - - - - 0 0 

1003 tr 101003 1500 - - - - - 0 0 


—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1004 fdnet 101004 1500 - - - ieee - 0 0 

1005 trnet 101005 1500 - - - ibm - 0 0 


——————————————————————————————————————— 


———- ————- ————————- ————————————————————- 


Enter the following commands to assign ports to VLAN 3: 



Switch_A(config-if)#switchport mode access















—— ———————————————— ————- ———————————————- 


Fa0/11, Fa0/12, Fa0/13, Fa0/14 

Fa0/15, Fa0/16, Fa0/17, Fa0/18 

Fa0/19, Fa0/20, Fa0/21, Fa0/22 

Fa0/23, Fa0/24 








—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1 enet 100001 1500 - - - - - 0 0 

2 enet 100002 1500 - - - - - 0 0 

3 enet 100003 1500 - - - - - 0 0 

1002 fddi 101002 1500 - - - - - 0 0 

1003 tr 101003 1500 - - - - - 0 0 

1004 fdnet 101004 1500 - - - ieee - 0 0 


—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1005 trnet 101005 1500 - - - ibm - 0 0 



———————————————————————————————————————



———- ————- ————————- ————————————————————— 




Why? 

The ports have different VLAN membership. 



Why? 




Why? 




Why? 

The ports are on the same VLAN. 

Task 11: Delete a Host from a VLAN 

To remove a host from a VLAN, use the no form of the switchport commands in port interface configuration 

mode. 



Switch_A(config-if)#no switchport mode access 

Switch_A(config-if)#no switchport access vlan 2 

1900: 



Switch_A(config-if)#no vlan static 2 





Is port 0/4 removed from VLAN 2? Yes



—— ———————————————— ————- ———————————————- 


Fa0/11, Fa0/12, Fa0/13, Fa0/14 

Fa0/15, Fa0/16, Fa0/17, Fa0/18 

Fa0/19, Fa0/20, Fa0/21, Fa0/22 

Fa0/23, Fa0/24 

2 VLAN2 active Fa0/5, Fa0/6 







—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1 enet 100001 1500 - - - - - 0 0 

2 enet 100002 1500 - - - - - 0 0 

3 enet 100003 1500 - - - - - 0 0 

1002 fddi 101002 1500 - - - - - 0 0 

1003 tr 101003 1500 - - - - - 0 0 

1004 fdnet 101004 1500 - - - ieee - 0 0 


—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1005 trnet 101005 1500 - - - ibm - 0 0 


——————————————————————————————————————— 


———- ————- ————————- ————————————————————— 

Task 13: Delete a VLAN 

To remove an entire VLAN, enter the VLAN database mode and use the negative form of the command. 


Switch_A(vlan)#no vlan 3 

Deleting VLAN 3... 

Switch_A(vlan)#exit 

1900: 


Switch_A(config)#no vlan 3 







Is VLAN 3 removed? Yes 



—— ———————————————— ————- ———————————————- 


Fa0/11, Fa0/12, Fa0/13, Fa0/14 

Fa0/15, Fa0/16, Fa0/17, Fa0/18 

Fa0/19, Fa0/20, Fa0/21, Fa0/22 

Fa0/23, Fa0/24 

2 VLAN2 active Fa0/5, Fa0/6 






—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1 enet 100001 1500 - - - - - 0 0 

2 enet 100002 1500 - - - - - 0 0 

3 enet 100003 1500 - - - - - 0 0 

1002 fddi 101002 1500 - - - - - 0 0 

1003 tr 101003 1500 - - - - - 0 0 

1004 fdnet 101004 1500 - - - ieee - 0 0 


—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1005 trnet 101005 1500 - - - ibm - 0 0 


——————————————————————————————————————— 


———- ————- ————————- ————————————————————— 

What happened to the ports that were released from the VLANs? 

They are not assigned to a VLAN. 

Task 15: Delete VLAN 1 

Try to delete VLAN 1, which is the default VLAN, the same way that you deleted VLAN 3. 


Switch_A(vlan)#no vlan 1

A default VLAN may not be deleted. 


1900: 




^ 

% Invalid input detected at ‘^’ marker. 


Can the default VLAN be deleted? No 



Challenge Lab 8-4: Static VLANs, STP, and Port Security 

Figure 8-5 Static VLANs, STP, and Port Security 

Objectives 

■ Create and assign VLANs. 

■ Configure root bridges for STP. 

■ Configure port security. 

Equipment 

VLAN 1 10.1.0.0/16 

VLAN 10 10.10.0.0/16 

VLAN 20 10.20.0.0/16 

VLAN 30 10.30.0.0/16 

VLAN 10 


The topology shown in Figure 8-5 is using 2950 switches. 


VLAN 1: 10.1.0.2 

DefGate: 10.1.0.1 

SWA 

VLAN 20 


This lab is fully compatible with a standard NetLab Basic Switch Pod although you will not be able to 

fully test your VLANs or port security. 


fa0/2 

fa0/3 

VLAN 30 


VLAN 10 



VLAN 1: 10.1.0.3 

DefGate: 10.1.0.1 

fa0/2 

SWB 

fa0/3 

VLAN 20 


VLAN 30 


Step 1. Choose two 2950 switches and cable them according to the topology. (If using NetLab, choose 

a Basic Switch Pod. Portions of this lab will not be verifiable.)


Step 2. Configure the switches according to your instructor’s required basic configurations, including 

hostnames, passwords, host tables, banner, and lines. Configure each of the switches with the 

correct VLAN 1 IP addresses and the correct default gateway. 

Step 3. Verify connectivity between SWA and SWB. Pings should be successful. If not, troubleshoot. 

Note: Switches should not be able to ping the router yet. 

Task 2: Configure VLANs 

Step 1. Configure the following VLANs on both SWA and SWB: 

■ VLAN 10 is the Accounting VLAN 

■ VLAN 20 is the Marketing VLAN 

■ VLAN 30 is the Purchasing VLAN 

Step 2. Configure the appropriate ports on SWA and SWB for trunking with the switchport mode 

trunk command. Verify trunking is properly configured with the show interface trunk command 

on both SWA and SWB. 

SWA#show interface trunk 





Fa0/2 1-4094 

Fa0/3 1-4094 


Fa0/2 1,10,20,30 

Fa0/3 1,10,20,30 


Fa0/2 1,10,20,30 

Fa0/3 1,10,20,30 

Step 3. The Fa0/1 port is unused on both SWA and SWB. For enhanced security, administratively shut 

down this port. Otherwise, the port will activate whenever it detects a device on the other end. 

Step 4. Configure access mode on the rest of the ports using the switchport mode access command. 

Assign the access ports to their correct VLAN as specified in the topology. 

Step 5. Verify the VLAN configuration on both switches with the show vlan brief command. Your output 

should look similar to the following output: 

SWA#show vlan brief 


—— ———————————————— ————- ———————————————- 

1 default active Fa0/1 


Fa0/8 

20 Marketing active Fa0/9, Fa0/10, Fa0/11, 

Fa0/12 

Fa0/13, Fa0/14, Fa0/15, 

Fa0/16

30 Purchasing active Fa0/17, Fa0/18, Fa0/19, 

Fa0/20 

Fa0/21, Fa0/22, Fa0/23, 

Fa0/24 





Task 3: Configure the Root Bridge for STP 

Step 1. For VLANs 1, 10, and 30, SWA should always be the root bridge. Configure SWA with a spanning-tree 

priority of 4096 for these three VLANs. 

For VLAN 20, SWA is to never be the root bridge. Configure SWA with a spanning-tree priority 

of 61,440. 

What is the default priority? 

32768 

Why would you want to configure some VLANs with a different STP root bridge? 

By using different spanning-tree instances for different VLANs, redundant trunk ports can be 

used for forwarding traffic for some VLANs while blocking for others. 

Step 2. Verify SWA is the root with the show spanning-tree summary command. SWA should be listed 

as the root bridge, as shown in the following output below: 

SWA#show spanning-tree summary 

Switch is in pvst mode 

Root bridge for: VLAN0001, VLAN0010, VLAN0030 

EtherChannel misconfiguration guard is enabled 

Extended system ID is enabled 

Portfast is disabled by default 

PortFast BPDU Guard is disabled by default 

Portfast BPDU Filter is disabled by default 

Loopguard is disabled by default 

UplinkFast is disabled 

BackboneFast is disabled 

Pathcost method used is short 


Name Blocking Listening Learning Forwarding STP Active 

——————————— ———— ————- ———— ————— ————— 

VLAN0001 0 0 0 3 3 

VLAN0010 0 0 0 3 3 

VLAN0020 1 0 0 2 3 

VLAN0030 0 0 0 3 3 

——————————— ———— ————- ———— ————— ————— 

4 vlans 1 0 0 11 12 

SWB#show spanning-tree summary 


Root bridge for: VLAN0020 



Portfast is disabled by default









——————————— ———— ————- ———— ————— ————— 

VLAN0001 1 0 0 1 2 

VLAN0010 1 0 0 1 2 

VLAN0020 0 0 1 1 2 

VLAN0030 1 0 0 1 2 

——————————— ———— ————- ———— ————— ————— 

4 vlans 3 0 1 4 8 

Task 4: Configure Port Security 

Step 1. Configure the access ports (Fa0/4 through 24) for access mode and turn on port security. 

Step 2. Enter the command to make the first MAC address learned “stick” to the port. No other MAC 

addresses should be allowed (maximum of one MAC per port). 

Step 3. Enter the command that will automatically shut down the port if a security violation occurs. 

Step 4. Verify port security with the show port-security command. Your output should look similar to 

the following output: 

SWA#show port-security 

Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security 

Action 


———————————————————————————————————————- 

Fa0/4 1 0 0 Shutdown 





















———————————————————————————————————————-

Total Addresses in System : 0 

Max Addresses limit in System : 1024 

Task 5: Verify VLANs and Port Security 

Step 1. Test the VLAN configuration by verifying that a host attached to VLAN 10 cannot ping the 

hosts of VLAN 20 or VLAN 30. 

Step 2. Test the port security configuration by disconnecting a host from a port and connecting a different 

host to the same port. The port should automatically shut down. How do you, as the 

administrator, re-enable the port? 

First, reset port security with the clear port-security sticky command. Second, administratively 

disable the port with the shutdown command. Third, reactivate the port with the no shutdown 

command. The new MAC address will now stick to the configuration. 

SWA !————————————————— 

!VLAN configurations do not show 

!————————————————— 

vlan 10 

name Accounting 

vlan 20 

name Marketing 

vlan 30 

name Purchasing 

!————————————————— 

! 

hostname SWA 

! 


! 


ip host SWB 10.1.0.3 

! 


! 

shutdown 


! 

switchport mode trunk 


! 


interface range FastEthernet0/4 - 8 

switchport access vlan 10 






!The ‘maximum’ command does not show in configuration 

! 

switchport port-security maximum 1 







! 








! 



! 

ip address 10.1.0.2 255.255.0.0 

no shutdown 


! 

banner motd $ 

*********************************** 


*********************************** 

$ 

! 

line con 0 




login 

line vty 0 4 




login 

line vty 5 15 




login

! 

end 

SWB !————————————————— 

!VLAN configurations do not show 

!————————————————— 

vlan 10 


vlan 20 


vlan 30 


!————————————————— 

! 

hostname SWB 

! 


! 


ip host SWA 10.1.0.2 

! 


! 

shutdown 


! 



! 








! 











! 







! 



! 

ip address 10.1.0.3 255.255.0.0 

no shutdown 


! 

banner motd $ 

*********************************** 


*********************************** 

$ 

! 

line con 0 




login 

line vty 0 4 




login 

line vty 5 15 

! 




login 

end

CHAPTER 9 

VLAN Trunking Protocol 

The Study Guide portion of this chapter uses a combination of fill in the blank, open-ended question, and 

unique custom exercises to test your knowledge on the theory of VLAN Trunking Protocol. 

The Lab Exercises portion of this chapter includes all of the online curriculum labs as well as a comprehensive 

lab and a challenge lab to ensure that you have mastered the practical, hands-on skills needed 

about VTP.



Trunking 

For the purposes of this chapter, a trunk is a physical and logical connection between two switches across 

which network traffic travels. In a switched network, a trunk is a point-to-point link that supports several 

VLANs. The purpose of a trunk is to conserve ports when a link between two devices that implement 

VLANs is created. 

In this section, you work through exercises that review trunking, the concept of frame tagging, and basic 

trunk configuration. 



Two switches directly connected can send and receive traffic for multiple VLANs across a trunk link. The 

term trunk originated in the telephone industry to describe a link used to carry multiple conversations. In 

switching technologies, you need to identify which VLAN a frame belongs to. To make this identification 

possible, switches can use one of two major methods of frame tagging: Inter-Switch Link (ISL), a Cisco 

proprietary protocol that used to be the most common, and IEEE 802.1q, which is now the standard for 

frame tagging. Newer Cisco IOS Software Releases do not even support ISL anymore. It is important to 

understand that a trunk link does not belong to a specific VLAN. A trunk link is a conduit for VLANs 

between switches and routers. 

With ISL, an Ethernet frame is encapsulated with an additional header that contains a VLAN ID. With 

IEEE 802.1q, a tag containing the VLAN ID is embedded into the Ethernet frame. 

A port can be configured as a trunk port, an access port, or a dynamic port. Trunk links should be manually 

configured, although the Cisco IOS will, by default, detect a trunk link because all ports are set to 

dynamic desirable. Record the command, including correct prompt, to configure a port for trunking. 

Switch(config-if)#switchport mode trunk 

For the 1900 series switches and the 2950 series switches, you do not have to configure the encapsulation 

type on a trunk link. However, if you are using a 2900 series switch, which supports both ISL and IEEE 

802.1q, then you have to configure the encapsulation type. Record the command, including correct prompt, 

to configure a port to use ISL encapsulation. 

Switch(config-if)#switchport trunk encapsulation isl 

Note: If you are not sure about this command, check Curriculum Lab 9-1, “Trunking with ISL (9.1.5a).” 

Now record the command, including correct prompt, to configure a port to use IEEE 802.1q encapsulation. 

Switch(config-if)#switchport trunk encapsulation dot1q 

If your switch is a 2950 series, you do not configure the encapsulation type. The command is not even 

available. However, when configuring a router with a VLAN trunk to a switch, you must specify the 

encapsulation type because the router IOS does not auto-detect it. These commands are reviewed later in 

the chapter, in the section, “Inter-VLAN Routing Overview.”


To quickly verify trunking, you can use the show interface trunk command to display output similar to the 

following: 






Fa0/1 1-4094 

Fa0/2 1-4094 

Fa0/3 1-4094 


Fa0/1 1,10,20,30 

Fa0/2 1,10,20,30 

Fa0/3 1,10,20,30 


Fa0/1 1,10,20,30 

Fa0/2 1,10,20,30 

Fa0/3 1,10,30 

You can also view more specific information about a port by using the show interface fa0/1 switchport 

command to display output similar to the following: 

Name: Fa0/1 
















Appliance trust: none


Basic Trunk Configuration Exercise 

Use Figure 9-1 to answer the following configuration scenario questions. 

Figure 9-1 Basic Trunk Configuration 

SWA and SWB are both 1900 switches. Record the command or commands, including prompt, needed to 

set the Fa0/2 and Fa0/3 interfaces to trunking. If necessary, specify ISL as the encapsulation. You may 

need to research the answer for this question. Try your favorite search engine or Cisco.com. 

Switch(config)#interface fa 0/2 

Switch(config-if)#trunk on 


Switch(config-if)#trunk on 

!Trunk configuration is always ISL so no configuration needed 


set the Fa0/2 and Fa0/3 interfaces to trunking. If necessary, specify ISL as the encapsulation. 








set the Fa0/2 and Fa0/3 interfaces to trunking. If necessary, specify IEEE 802.1q as the encapsulation. 

VTP 

000e.385d.e380 


SWA 




fa0/2 

fa0/3 


!Trunk configuration is always IEEE 802.1q so no configuration needed 

Which switch is the STP root bridge and why? 

000d.6562.e380 


SWB is the STP root bridge, because it has the lowest MAC address. 

VTP was created by Cisco to solve operational problems in a switched network with VLANs. It is a Cisco 

proprietary protocol. With VTP, VLAN configuration is consistently maintained across a common administrative 

domain. Additionally, VTP reduces management and monitoring complexities of networks with 

VLANs. 

In this section, you will work through exercises that cover the basic concepts and configurations of VTP. 

You will also find several concept questions to answer. A lesson from Cisco.com will round out your study 

of VTP. 

fa0/2 

fa0/3 

SWB



The role of VLAN Trunking Protocol, or VTP, is to maintain VLAN configuration consistency across a 

common network administration domain. Although switch ports are normally assigned to only a single 

VLAN, trunk ports by default carry frames from all VLANs. 

Switches can operate in one of three VTP modes. The default mode is VTP server. A switch operating in 

VTP server mode propagates configuration changes as VTP messages across trunk links to all connected 

switches in the network. Switches that are in VTP client mode and share the same domain name and password 

as the server use VTP messages to adjust the local VLAN database. Switches that are in VTP transparent 

mode do not use VTP messages. However, a switch in this mode forwards the VTP messages out all 

trunk links except for the link the messages were originally received on. In addition, a switch in transparent 

mode can create, modify, and delete its own local VLANs. Provide the missing information in Table 9-1. 

Table 9-1 VTP Mode Comparisons 

Feature Server Mode Client Mode Transparent Mode 

Source VTP messages Yes Yes No 

Listen to VTP messages Yes Yes No 

Create VLANs Yes No Yes 1 

Remember VLANs Yes No Yes 1 

1. Locally significant only. 

Before the VTP server will propagate VTP messages, it must be configured with a VTP domain name. The 

default name is null. Because all switches are in VTP server mode by default, there must be a method to 

determine which VLAN database will have priority. This is done through the concept of a configuration 

revision number, which is 0 when the switch first boots. Each time a VLAN is added, deleted, or modified 

by the VTP server, the configuration revision number is incremented and a VTP message is sent out all 

trunk ports. If more than one VTP server exists in the same VTP domain, then messages from the server 

with the highest configuration revision number take precedence over all other messages. As a precaution 

against misconfigurations, it is always a good idea to configure both VTP servers and VTP clients with a 

VTP password. 

VTP Basic Configuration Exercise 


Figure 9-2 VTP Basic Configuration 

You want to configure local VLANs on SWB that will not be propagated to SWA or SWC. In addition, 

you do not want SWB to apply any VLANs created by SWA or SWC. Therefore, you need to configure 

SWB to be in VTP transparent mode. Record the commands, including prompt, to configure SWB in this 

mode. 


Switch(vlan)#vtp transparent 

!or 

SWA 

Domain: CCNA3 

Server Transparent 

SWB 


SWC 

Client


Switch#config t 

Switch(config)#vtp mode transparent 

All your domain-wide VLANs are going to be created on SWA and propagated throughout the domain. 

Therefore, you need to configure SWA to be in VTP server mode. Record the commands, including 

prompt, to configure SWA in this mode. 


Switch(vlan)#vtp server 

!or 


Switch(config)#vtp mode server 

You do not want SWC to inadvertently be able to create VLANs. Therefore, you need to configure SWC 

to be in VTP client mode. Record the commands, including prompt, to configure SWC in this mode. 


Switch(vlan)#vtp client 

!or 


Switch(config)#vtp mode client 

Are there any problems with your configuration? Will SWC update its VLANs when SWA makes VLAN 

changes? Explain any problems and how to fix them. 

You need to make sure that SWC has a lower configuration revision number than SWA or it will disregard 

any VTP messages sent by SWA. You can verify that SWC has a lower revision number by using the show 

vtp status command on both switches. However, it is best to delete the VLAN database and then reload the 

switch: 

SWC#delete flash:vlan.dat 

Because SWB is in transparent mode, SWC will receive all VTP messages from SWA. However, no 

VLAN updates will occur until the domain name has been specified on switches wishing to participate in 

the domain. The following command needs to be entered on both SWA and SWC: 


Switch(vlan)#vtp domain CCNA3 

!or 


Switch(config)#vtp domain CCNA3 


Explain why VTP was developed by Cisco to solve operational problems in a switched network with 

VLANs. 

With VTP, VLAN configuration consistency is maintained across a common administration domain. 

Additionally, VTP reduces the complexity of managing and monitoring VLAN networks. A network engineer 

can make changes on a central switch and have those changes automatically communicated to all 

other switches in the same domain. 

List the two main types of VTP advertisements. 

Requests from clients that want information at bootup and responses from servers are the two main types 

of VTP advertisements.

List and describe the three types of VTP messages. 

■ Advertisement requests—Clients request VLAN information and the server responds with summary 

and subset advertisements. 

■ Summary advertisements—Sent by clients and servers every 5 minutes. If the switch receives a revision 

number that is higher than the current revision number in that switch, it issues an advertisement 

request for new VLAN information. 

■ Subset advertisements—Detailed information about VLANs such as VTP version type, domain name 

and related fields, and the configuration revision number. 

List at least three actions that can trigger a server to send subset advertisements. 

■ Create a VLAN 

■ Delete a VLAN 

■ Suspend a VLAN 

■ Change the name of a VLAN 

■ Change the MTU of a VLAN 

Internet Research: VTP 

At Cisco.com, you will find a very thorough review of VTP including information not covered in this 

chapter. Use the following link to access this VTP lesson online: 

http://www.cisco.com/warp/public/473/vtp_flash/ 

When you are done, answer the questions that follow. 

Introduction to VTP 

VTP is a Layer 2 messaging protocol used to maintain VLAN configuration consistency by managing the 

addition, deletion, and renaming of VLANs on a network-wide basis. 

In a network with six switches and VLANs that are shared across switches, what would you have to do if 

you did not use VTP? 

Manually configure and maintain the VLANs on every switch. 

A VTP frame consists of a VTP header and a VTP message type. The VTP information is inserted in the 

data portion of an Ethernet frame. 

What kind of address do VTP messages use? 

VTP messages use a reserved multicast address. 

How often are summary advertisements sent and what is their purpose? 

Summary advertisements are sent every 5 minutes by servers and clients to inform other switches in the 

domain of what they believe the current configuration revision number to be. They are also sent when a 

configuration change is made. 

What does an advertisement request cause to happen? 


An advertisement request causes the server to send both a summary and subset advertisements.


VTP Domain and VTP Modes 

When a switch has been cleared and rebooted, it has the following VTP configuration: 

■ VTP Domain Name = null 

■ VTP Mode = Server 

■ Configuration Revision = 0 

■ VLANs = 1 

The VTP server can add, delete, or rename VLANs. It also advertises the domain name, VLAN configuration, 

and configuration revision number to all other switches in the VTP domain. It also maintains a list of 

all VLANs in NVRAM so that it can retrieve this information if the switch is reset. 

A VTP client cannot add, delete, or rename VLANs. It does not store VLANs in NVRAM. 

Switches in VTP transparent mode must have their VLANs configured manually. They do not participate 

in VTP or advertise their VLAN configuration. When is it useful to configure a switch in this mode? 

When you want to manually configure VLANs or when VLANs are only locally significant and do not 

span the rest of the network. 

Before VLANs will be advertised by the VTP server, you must configure a domain name. 

Assume that VLANs 10, 20, and 30 have been added to a VTP server with appropriate names. What is the 

configuration revision number? 3 

Now assume that the name for VLAN 10 is changed, VLAN 30 is deleted, and VLAN 40 is added. What is 

the configuration revision number? 6 

List the three types of trunk links that VTP messages will be sent across. 

ISL, 802.1q, and LANE trunks 

What MAC address are VTP messages sent to? 

Multicast MAC 01-00-0C-CC-CC-CC 

Assume that you configure six VLANs on a VTP transparent switch. What would be the configuration 

revision number? 0 

The configuration revision number is not incremented in transparent mode. 

It what situations will a VTP transparent switch forward VTP messages to other switches. 

When it is configured in the same domain as the server or when it is configured in the null domain. 

Common VTP Issues 

Assuming that a new switch was configured with the correct domain name, what would happen if you 

were to add a VTP client or server switch with a higher configuration revision number to the network? 

As soon as a trunk link is established with the new switch, it will send out a summary advertisement. The 

other switches in the network will note the higher configuration revision number and send advertisement 

requests to the new switch. The new switch will then send out summary and subset advertisements with 

the VLAN configuration. All other switches will delete any existing VLAN configuration and update their 

VLANs with the VLANs advertised by the new switch. They will also update their configuration revision 

number. This scenario will occur regardless of whether the new switch is in client or server mode.

List three possible ways to reset the configuration revision number on a switch. (Only two methods are 

discussed in the presentation. Can you think of another way?) 

The quickest way to reset a configuration revision number is to temporarily set the VTP mode to transparent. 

You could also temporarily change the domain name. A third way is to delete the vlan.dat file and 

reload the switch. 

Internet Research: VTP Pruning 

There will be a lot of traffic on a large switched network with VLANs that span multiple switches. VTP 

pruning is a method of reducing traffic. Research VTP pruning and briefly describe what it is, how it operates, 

and what configuration commands, if any, you would use. Make sure to list your sources. 

If the student simply enters “vtp pruning” in the Google search engine, one of the first links should be 

Cisco.com. Encourage students to use the Cisco.com explanation as their primary source of information, 

especially when learning about a Cisco proprietary technology like VTP. However, also encourage them to 

explore third-party explanations that might come at a difficult topic from a different perspective. 

The following link provides the Cisco.com discussion of VTP pruning: 

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_4_2/config/vlans.htm 

The following links are helpful third-party sources: 

http://www.certificationzone.com/cisco/newsletter/SL/nla_11-30-04_newage.html 

http://www.firewall.cx/vlans-vtp-pruning.php 

http://www.networknewz.com/2004/0317.html 

Inter-VLAN Routing Overview 

Inter-VLAN communication cannot occur without a Layer 3 device, such as a router. You will use ISL or 

IEEE 802.1q to enable trunking on a router subinterface. In this section, you will briefly review the concept 

of inter-VLAN routing. Then, you will work through a inter-VLAN routing configuration exercise. 




Inter-VLAN communication crosses broadcast domains. When a host in one broadcast domain wishes to 

communicate with a host in another broadcast domain, you must use a router. When connecting a router to 

a switched network with multiple VLANs, one interface is needed per VLAN because each is on its own 

logical network or subnet. You can reduce the number of physical interfaces needed to route VLANs by 

using a trunk link between the switch and router. You achieve logical division of a physical interface by 

implementing subinterfaces. One subinterface would be configured per VLAN. Each subinterface would 

also be configured with an IP address from a separate logical subnet.


Basic Inter-VLAN Configuration Exercise 


Figure 9-3 Basic Inter-VLAN Configuration 

What does a router like RTA require in order to route between VLANs? 

It requires a Fast Ethernet interface and an IOS that supports inter-VLAN routing. 

Record the commands, including prompt, to configure RTA to route for all the VLANs shown in Figure 9- 

3. Use IEEE 802.1q encapsulation. Describe all interfaces and make sure you append the word native to 

the end of the encapsulation configuration for VLAN 1. Use the first available IP address in each network. 

RTA(config)#interface FastEthernet 0 

! Activate the physical interface if it won’t come up 


VLAN 1 192.168.1.0/24 

VLAN 100 192.168.100.0/24 

VLAN 200 192.168.200.0/24 

VLAN 300 192.168.300.0/24 

! Configure the Management VLAN 1. Don’t forget ‘native’ 

RTA(config-if)#interface FastEthernet 0.1 

RTA(config-subif)#description Management VLAN 1 

RTA(config-subif)#encapsulation dot1Q 1 native 

RTA(config-subif)#ip address 192.168.1.1 255.255.255.0 

! Configure routing for VLAN 100 

RTA(config-subif)#interface FastEthernet0.100 

RTA(config-subif)#description Accounting VLAN 100 

RTA(config-subif)#encapsulation dot1Q 100 




RTA(config-subif)#description Marketing VLAN 200 




VLAN 100 

Accounting 


RTA(config-subif)#description Purchasing VLAN 300 


RTA 

fa0 

SWA 

VLAN 200 

Marketing 


VLAN 300 

Purchasing

Lab Exercises 



for a 1900 Catalyst switch. 

1900 Switch Command Description 


Switch(config-if)#trunk on Turns port to trunking mode 

Switch#show trunk A Displays trunking information about port 0/26, which is 

trunk A 

Switch(config)#vtp client Changes the switch to client mode 

Switch(config)#vtp server Changes the switch to server mode 

Switch(config)#vtp transparent Changes the switch to transparent mode 

Switch(config)#vtp domain CCNA3 Sets the name of the VTP management domain to CCNA3 

Switch(config)#vtp password cisco Set the VTP password to cisco 

Switch#show vtp Displays all VTP information 


for a 2900 Catalyst switch. When appropriate, use VLAN database configuration mode. 



Switch(config-if)#switchport mode trunk Turns port to trunking mode 

Switch(config-if)#switchport trunk encapsulation isl Sets encapsulation type to ISL 

Switch(config-if)#switchport trunk encapsulation dot1q Sets encapsulation type to Dot1Q— 

the default encapsulation type 

Switch#vlan database Enters VLAN database mode 

Switch(vlan)#vtp client Changes the switch to client mode 

Switch(vlan)#vtp server Changes the switch to server mode 

Switch(vlan)#vtp transparent Changes the switch to transparent mode 

Switch(vlan)#vtp domain CCNA3 Sets the name of the VTP management 

domain to CCNA3 

Switch(vlan)#vtp password cisco Set the VTP password to cisco 

Switch(vlan)#vtp v2-mode Sets VTP mode to version 2 

Switch(vlan)#vtp pruning Enables VTP pruning 


Switch(vlan)#exit Applies the VLAN database changes and 

exits the mode



for a 2950 Catalyst switch. When appropriate, use global configuration mode. Do not use VLAN database 

configuration mode. 



Switch(config-if)#switchport mode trunk Turns port to trunking mode 

Switch#show int fa 0/1 switchport Shows the status of interface Fa0/1, including trunking 

information (works with both 2900 and 2950 switches) 

Switch(config)#vtp mode client Changes the switch to client mode 

Switch(config)#vtp mode server Changes the switch to server mode 

Switch(config)#vtp mode transparent Changes the switch to transparent mode 

Switch(config)#vtp domain CCNA3 Sets the name of the VTP management domain to CCNA3 

Switch(config)#vtp password cisco Set the VTP password to cisco 

Switch(config)#vtp v2-mode Sets VTP mode to version 2 

Switch(config)#vtp pruning Enables VTP pruning 

Switch#show vtp status Displays VTP domain status (works with both 2900 and 

2950 switches) 

Switch#show vtp counters Displays VTP statistics (works with both 2900 and 2950 

switches) 

In the table that follows, record the command, including the correct router prompt, that fits the description 

for a 2600 series router. 

2600 Command Description 

Router(config)#int fa0/0 Enters interface mode for interface Fa0/0 

Router(config-if)#no shutdown Turns on the interface 

Router(config-if)#int fa 0/0.1 Creates subinterface 0/0.1 

Router(config-subif)#encapsulation dot1q 1 native Assigns the native VLAN to this logical 

subinterface using Dot1Q encapsulation 

Router(config-subif)#ip address 192.168.1.1 255.255.255.0 Assigns the IP address 192.168.1.1/24 to 

this logical interface 

Router(config-subif)#int fa0/0.10 Creates subinterface 0/0.10 

Router(config-subif)#encapsulation dot1q 10 Assigns VLAN 10 to this logical interface 

using Dot1Q encapsulation 

Router(config-subif)#ip address 192.168.10.1 255.255.255.0 Assigns the IP address 192.168.10.1/24 to 

this logical interface

Curriculum Lab 9-1: Trunking with ISL (9.1.5a) 



Switch Switch Name VLAN 1 IP Address VLAN Names Switch Port 

Designation and Numbers Assignments 

Switch 1 Switch_A 192.168.1.2 VLAN 1 Native Fa0/2–0/3 

VLAN 10 Accounting Fa0/4–0/6 

VLAN 20 Marketing Fa0/7–0/9 

VLAN 30 Engineering Fa0/10–0/12 

Switch 2 Switch_B 192.168.1.3 VLAN 1 Native Fa0/2–0/3 






The subnet mask for both routers is 255.255.255.0. 

Objectives 

FA0/1 FA0/1 

FA0/12 Trunk 802.1q 

FA0/12 

Switch 1 Switch 2 




Serial Cable 


■ Create multiple VLANs, name them, and assign multiple member ports to them. 


■ Create an ISL trunk line between the two switches to allow communication between paired VLANs. 

■ Test the VLANs’ functionality by moving a workstation from one VLAN to another.



Important Note: The use of Catalyst 2950 switches is not appropriate for this lab, because those switches support 

only 802.1q trunking. 

Trunking changes the formatting of the packets. The ports need to be in agreement as to which format is 

being used to transmit data on the trunk, or no data will be passed. If different trunking encapsulation 

occurs on the two ends of the link, they will not able to communicate. A similar situation will occur if one 

of your ports is configured in trunking mode (unconditionally) and the other one is in access mode (unconditionally). 





Cable a network that is similar to the one in Figure 9-4. The configuration output used in this lab is produced 

from a 2900 switch. Another switch might produce different output. You should execute the following 

steps on each switch unless you are specifically instructed otherwise. 


Implement the procedure documented in Appendix B, “Erasing and Reloading the Switch,” before you 



Configure the hostname, access, and command mode passwords, as well as the management LAN settings. 

These values are shown in Table 9-2. If you have problems while performing this configuration, refer to 

Lab 6-2, “Basic Switch Configuration.” 












—— ———————————————— ————- ———————————————- 


Fa0/5, Fa0/6, Fa0/7, Fa0/8 

Fa0/5, Fa0/6, Fa0/7, Fa0/8 

Fa0/13, Fa0/14, Fa0/15, Fa0/16





Fa0/17, Fa0/18, Fa0/19, Fa0/20 

Fa0/21, Fa0/22, Fa0/23, Fa0/24 


—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1 enet 100001 1500 - - - - - 0 0 

1002 fddi 101002 1500 - - - - - 0 0 

1003 tr 101003 1500 - - - - - 0 0 

1004 fdnet 101004 1500 - - - ieee - 0 0 

1005 trnet 101005 1500 - - - ibm - 0 0 


——————————————————————————————————————— 


———- ————- ————————- ————————————————————— 

Task 5: Create and Name Three VLANs 

Use the following commands to create three named VLANs: 

2900 Switch 


Switch_A(vlan)#vlan 10 name Accounting 

Switch_A(vlan)#vlan 20 name Marketing 

Switch_A(vlan)#vlan 30 name Engineering 


2950 Switch 


Switch_A(config)#vlan 10 

Switch_A(config-vlan)#name Accounting 

Switch_A(config-vlan)#vlan 20 

Switch_A(config-vlan)#name Marketing 


Switch_A(config-vlan)#name Engineering 

Note: VLAN database mode is being deprecated in future releases of Cisco IOS. For now, both VLAN database mode 

and global configuration mode are supported for creating VLANs. 


Chapter 9: VLAN Trunking Protocol 393


You must assign ports to VLANs from the interface mode. Enter the following commands to add ports 0/4 

to 0/6 to VLAN 10: 





Switch_A(config-if)#interface fastethernet 0/5 







Note: Use the range parameter to quickly configure several interfaces with the same command. For example: 


Switch_A(config)#interface range fastethernet 0/4 - 6 

Switch_A(config-if-range)#switchport mode access 

Switch_A(config-if-range)#switchport access vlan 10 

Switch_A(config-if-range)#end 


Enter the following commands to add ports 0/7 to 0/9 to VLAN 20: 




















Switch_A(config-if)#switchport access vlan 30





Task 9: Create VLANs on Switch_B 

Repeat Tasks 5 through 8 on Switch_B to create its VLANs. 




Are ports 0/10 to 0/12 assigned to VLAN 30? Yes 

Switch_A#sh vlan 


—— ———————————————— ————- ———————————————- 


Fa0/14, Fa0/15, Fa0/16, Fa0/17 

Fa0/18, Fa0/19, Fa0/20, Fa0/21 

Fa0/22, Fa0/23, Fa0/24 

10 Accounting active Fa0/4, Fa0/5, Fa0/6 

20 Marketing active Fa0/7, Fa0/8, Fa0/9 

30 Engineering active Fa0/10, Fa0/11, Fa0/12 






—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1 enet 100001 1500 - - - - - 0 0 

10 enet 100010 1500 - - - - - 0 0 

20 enet 100020 1500 - - - - - 0 0 

30 enet 100030 1500 - - - - - 0 0 

1002 fddi 101002 1500 - - - - - 0 0 

1003 tr 101003 1500 - - - - - 0 0 


—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1004 fdnet 101004 1500 - - - ieee - 0 0 

1005 trnet 101005 1500 - - - ibm - 0 0 



———————————————————————————————————————



———- ————- ————————- ————————————————————— 


Step 1. Ping from the host in Switch_A port 0/12 to the host in Switch_B port 0/12. 


Why? 

No trunk has been configured. 

Step 2. Ping from the host in Switch_A port 0/12 to the switch IP 192.168.1.2. 


Why? 

The interfaces are in different VLANs. 

Task 12: Create the ISL Trunk 

On both Switch_A and Switch_B, enter the following command at the Fast Ethernet 0/1 interface command 

prompt: 


Switch_A(config-if)#switchport mode trunk 

Switch_A(config-if)#switchport trunk encapsulation isl 


Switch_B(config)#interface fastethernet 0/1 

Switch_B(config-if)#switchport mode trunk 

Switch_B(config-if)#switchport trunk encapsulation isl 

Switch_B(config-if)#end 

Task 13: Verify the ISL Trunk 

To verify that port Fast Ethernet 0/1 has been established as a trunk port, enter show interface fastethernet 

0/1 switchport at the privileged EXEC mode prompt. 

What type of trunking encapsulation is shown in the output? ISL 

According to the output with show interface fastethernet 0/1 switchport on Switch_B, is there a difference 

between the Administrative Trunking Encapsulation and the Operational Trunking Encapsulation? 

Switch_A#show interface fastEthernet 0/1 switchport 

Name: Fa0/1 


Administrative mode: trunk 


Administrative Trunking Encapsulation: isl 

Operational Trunking Encapsulation: isl 

Negotiation of Trunking: Disabled 

Access Mode VLAN: 0 ((Inactive))



Trunking VLANs Active: 1,10,20,30 


Priority for untagged frames: 0 

Override vlan tag priority: FALSE 


Appliance trust: none 

Self Loopback: No 

No, both encapsulation types are ISL. 

On the fragment “Trunking VLANs Enable” from the last output, what does the word ALL mean? 

It means that traffic from all VLANs is allowed to cross the trunked link. 

What would happen if the two ports of the trunk were using different encapsulation? 

It would not form a trunk. 

Explain. 

The encapsulation must match on both sides of the link in order for the trunk to form. 

Task 14: Test the VLANs and the Trunk 

Step 1. To test the VLANs and the trunk, ping from the host in Switch_A port 0/12 to the host in 

Switch_B port 0/12. 


Why? 

The hosts are on the same VLAN with trunking enabled on port 0/1. 



Why? 

The interfaces are on different VLANs. 


Move the host in Switch_A from port 0/12 to port 0/8, wait until the port LED turns green, and then go to 

the next task. 





Why? 

The hosts are on different VLANs. 





Why? 

The hosts are on different VLANs. 


Move the host in Switch_B from port 0/12 to port 0/7, wait until the port LED turns green, and then go to 






Why? 

The hosts are now on the same VLAN (VLAN 20). 



Why? 

The interfaces are on different VLANs. 










Why? 

Both interfaces are assigned to the same VLAN (VLAN 1). 




Task 22: Test the VLANs and the Trunk




Why? 

Both hosts now belong to the same VLAN. 

Step 2. Ping from the host in Switch_B port 0/3 to the switch IP 192.168.1.2. 


Why? 




Why? 


What conclusions can you draw from the testing that you just performed in regard to VLAN 

membership and VLANs across a trunk? 

Hosts must be grouped together into the same VLAN before they can communicate with each 

other. Trunk links carry VLAN traffic across switches. 

Step 4. After you complete the previous steps, log off (by typing exit) and turn all the devices off. 

Then, remove and store the cables and adapter. 

Switch_A 



Current configuration: 

! 

version 12.0 





! 


! 

enable secret 5 $1$Spup$4rLiyqQseDcu2xWzhd9Ko. 



! 


! 



! 


! 


! 



! 

interface FastEthernet0 


! 



! 



! 



! 



!



! 



! 



! 

interface VLAN1 

ip address 192.168.1.2 255.255.255.0 

no ip directed-broadcast 


! 


! 

line con 0 


login 

transport input none 

stopbits 1 

line vty 0 4 


login 

line vty 5 15 


login 

! 

end 



Curriculum Lab 9-2: Trunking with 802.1q (9.1.5b) 



Switch Switch VLAN 1 IP VLAN Names Switch Port 

Designation Name Address and Numbers Assignments 












Objectives 



■ Create an 802.1q trunk line between the two switches to allow communication between paired VLANs. 

■ Test the VLANs’ functionality by moving a workstation from one VLAN to another. 


FA0/1 FA0/1 


FA0/12 





Serial Cable 

Trunking changes the formatting of the packets. The ports need to be in agreement as to which format is 

being used to transmit data on the trunk, or no data will be passed. If the two ends of the link have a different 

trunking encapsulation, they will not be able to communicate. A similar situation will occur if one 

of your ports is configured in trunking mode (unconditionally) and the other one is in access mode (unconditionally). 




broadcast domains.

Cable a network that is similar to the one in Figure 9-5. The configuration output that is used in this lab is 

produced from a 2950 series switch. Another switch might produce different output. You should execute 

the following steps on each switch unless you are specifically instructed otherwise. 






Lab 6-2, “Basic Switch Configuration.” Do not configure VLANs and trunking yet. 




To verify that the hosts and switch are configured correctly, ping the switch from the hosts. 









—— ———————————————— ————- ———————————————- 


Fa0/5, Fa0/6, Fa0/7, Fa0/8 

Fa0/5, Fa0/6, Fa0/7, Fa0/8 

Fa0/13, Fa0/14, Fa0/15, Fa0/16 

Fa0/17, Fa0/18, Fa0/19, Fa0/20 

Fa0/21, Fa0/22, Fa0/23, Fa0/24 






—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1 enet 100001 1500 - - - - - 0 0


1002 fddi 101002 1500 - - - - - 0 0 

1003 tr 101003 1500 - - - - - 0 0 

1004 fdnet 101004 1500 - - - ieee - 0 0 

1005 trnet 101005 1500 - - - ibm - 0 0 


——————————————————————————————————————— 


———- ————- ————————- ————————————————————— 


Enter the following commands to create three named VLANs: 

2900 Switch 






2950 Switch 
























































Task 9: Create VLANs on Switch_B 

Repeat Tasks 5 through 8 on Switch_B to create its VLANs. 




On both switches, enter the command show vlan at the privileged EXEC mode prompt. 



Switch_A#sh vlan 


—— ———————————————— ————- ———————————————- 


Fa0/14, Fa0/15, Fa0/16, Fa0/17 

Fa0/18, Fa0/19, Fa0/20, Fa0/21 

Fa0/22, Fa0/23, Fa0/24 









—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1 enet 100001 1500 - - - - - 0 0 

10 enet 100010 1500 - - - - - 0 0 

20 enet 100020 1500 - - - - - 0 0 

30 enet 100030 1500 - - - - - 0 0 

1002 fddi 101002 1500 - - - - - 0 0 

1003 tr 101003 1500 - - - - - 0 0 


—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1004 fdnet 101004 1500 - - - ieee - 0 0 

1005 trnet 101005 1500 - - - ibm - 0 0 


——————————————————————————————————————— 


———- ————- ————————- ————————————————————— 


Step 1. Ping from the host in Switch_A port 0/12 to the host in Switch_B port 0/12. 

Was the ping successful? No

Why? 

No trunk has been configured yet. 



Why? 

The interfaces are in different VLANs. 

Task 12: Create the Trunk 

On both switches, Switch_A and Switch_B, enter the following command at the Fast Ethernet 0/1 interface 

command prompt. Note that it is not necessary to specify the encapsulation on a 2950, because it only 

supports 802.1q. 







2900: 

Switch_A(config)#interface fastethernet0/1 


Switch_A(config-if)#switchport trunk encapsulation dot1q 


Switch_B(config)#interface fastethernet0/1 


Switch_B(config-if)#switchport trunk encapsulation dot1q 


Task 13: Verify the Trunk 



What type of trunking encapsulation is shown on the output results? Dot1q 

According to the output with show interface fastethernet 0/1 switchport on Switch_B, is there a difference 

between the Administrative Trunking Encapsulation and the Operational Trunking Encapsulation? 


Name: Fa0/1 






















No, both encapsulation types were Dot1q. 

On the fragment “Trunking VLANs Enable” from the last output, what does the word ALL mean? 

It means that traffic from all VLANs is allowed to cross the trunk link. 

What would happen if the two ports of the trunk were using different encapsulation? 

It would not form a trunk. 

Explain. 

The encapsulation must match on both sides of the link in order for the trunk to form. 





Why? 

Both hosts are in the same VLAN and the trunk has been configured. 



Why? 

The interfaces belong to different VLANs. 



the next task.





Why? 

The hosts are on separate VLANs. 



Why? 









Why? 

The hosts are now on the same VLAN (VLAN 20). 



Why? 





the next task.








Why? 









Why? 




Why? 




Why? 


What conclusions can you draw from the testing that you just performed in regard to VLAN 

membership and VLANs across a trunk? 

Hosts must be grouped together into the same VLAN before they can communicate with each 

other. Trunk links carry VLAN traffic across switches. 



Curriculum Lab 9-3: VTP Client and Server 

Configurations (9.2.5) 



Switch Switch Name VLAN 1 VLAN Names Switch Port 

Designation IP Address and Numbers Assignments 












Objectives 



■ Configure the VTP protocol to establish server and client switches. 

■ Create an 802.1q trunk line between the two switches to allow communication between paired 

VLANs. 

■ Test the VLANs’ functionality by moving a workstation from one VLAN to another. 


FA0/1 FA0/1 


FA0/12 






Serial Cable 



VLAN 1 by default.


Cable a network that is similar to the one in Figure 9-6. The configuration output used in this lab is produced 

from a 2950 series switch. Another switch might produce different output. You should execute the 

following steps on each switch unless you are specifically instructed otherwise. 










To verify that the hosts and switch are configured correctly, ping the switch from the hosts. 








—— ———————————————— ————- ———————————————- 


Fa0/5, Fa0/6, Fa0/7, Fa0/8 

Fa0/5, Fa0/6, Fa0/7, Fa0/8 

Fa0/13, Fa0/14, Fa0/15, Fa0/16 

Fa0/17, Fa0/18, Fa0/19, Fa0/20 

Fa0/21, Fa0/22, Fa0/23, Fa0/24 






—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1 enet 100001 1500 - - - - - 0 0 

1002 fddi 101002 1500 - - - - - 0 0 

1003 tr 101003 1500 - - - - - 0 0 

1004 fdnet 101004 1500 - - - ieee - 0 0

1005 trnet 101005 1500 - - - ibm - 0 0 


——————————————————————————————————————— 


———- ————- ————————- ————————————————————— 

Task 5: Configure VTP 

You need to configure VLAN Trunking Protocol (VTP) on both switches. VTP is the protocol that communicates 

information about which VLANs exist from one switch to another. If VTP did not provide this 

information, you would have to create VLANs on all switches individually. 

By default, the Catalyst switch series are configured as VTP servers. If the server services are turned off, 

use the following command to turn it back on. 

2900 Switch 


Switch_A(vlan)#vtp server 


2950 Switch 


Switch_A(config)#vtp mode server 





Enter the following commands to create three named VLANs: 

2900 Switch 






2950 Switch 





























































—— ———————————————— ————- ———————————————- 


Fa0/14, Fa0/15, Fa0/16, Fa0/17 

Fa0/18, Fa0/19, Fa0/20, Fa0/21 

Fa0/22, Fa0/23, Fa0/24 









—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1 enet 100001 1500 - - - - - 0 0 

10 enet 100010 1500 - - - - - 0 0 

20 enet 100020 1500 - - - - - 0 0 

30 enet 100030 1500 - - - - - 0 0 

1002 fddi 101002 1500 - - - - - 0 0 

1003 tr 101003 1500 - - - - - 0 0 


—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1004 fdnet 101004 1500 - - - ieee - 0 0 

1005 trnet 101005 1500 - - - ibm - 0 0 


——————————————————————————————————————— 


———- ————- ————————- ————————————————————— 




Task 11: Configure the VTP Client 

Configure Switch_B to be a VTP client. 

Switch_B#vlan database 

Switch_B(vlan)#vtp client 

Switch_B(vlan)#vtp domain group1 

Switch_B(vlan)#exit 


On both Switch_A and Switch_B, enter the following command at the Fast Ethernet 0/1 interface command 

prompt. Note that it is not necessary to specify the encapsulation on a 2950, because it only supports 

802.1q. 







2900: 





Switch_B(config)#interface fastethernet0/1 


Switch_B(config-if)#switchport trunk encapsulation dot1q 


Task 13: Verify the Trunk 




Name: Fa0/1 









Voice VLAN: none











What type of trunking encapsulation is shown in the output? Dot1q 


On Switch_B, enter the command show vlan at the privileged EXEC mode prompt. 

Switch_B#show vlan 




—— ———————————————— ————- ———————————————- 


Fa0/5, Fa0/6, Fa0/7, Fa0/8 

Fa0/9, Fa0/10, Fa0/11, Fa0/12 

Fa0/13, Fa0/14, Fa0/15, Fa0/16 

Fa0/17, Fa0/18, Fa0/19, Fa0/20 

Fa0/21, Fa0/22, Fa0/23, Fa0/24 

10 Accounting active 

20 Marketing active 

30 Engineering active 






—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1 enet 100001 1500 - - - - - 0 0 

10 enet 100010 1500 - - - - - 0 0 

20 enet 100020 1500 - - - - - 0 0 

30 enet 100030 1500 - - - - - 0 0 


—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1002 fddi 101002 1500 - - - - - 0 0 

1003 tr 101003 1500 - - - - - 0 0


1004 fdnet 101004 1500 - - - ieee - 0 0 

1005 trnet 101005 1500 - - - ibm - 0 0 


——————————————————————————————————————— 


———- ————- ————————- ————————————————————— 

Do VLANs 10, 20, and 30 show without your having to type them in? Yes 

Why did this happen? 

Because Switch_A is a VTP server and it sent VLAN information to Switch_B. 


Although the VLAN definitions have migrated to Switch_B by using VTP, you still must assign ports to 

these VLANs on Switch_B. You must assign ports to VLANs from the interface mode. Enter the following 

commands to add ports 0/4 to 0/6 to VLAN 10: 

Switch_B#configure terminal 


Switch_B(config-if)#switchport mode access 

Switch_B(config-if)#switchport access vlan 10 

Switch_B(config-if)#interface fastethernet 0/5 



















Switch_B(config-if)#end















On Switch_B, enter the command show vlan at the privileged EXEC mode prompt. 





—— ———————————————— ————- ———————————————- 


Fa0/14, Fa0/15, Fa0/16, Fa0/17 

Fa0/18, Fa0/19, Fa0/20, Fa0/21 

Fa0/22, Fa0/23, Fa0/24 









—— ——- ————— ——- ——— ——— ———— —— ———— ——— ——— 

1 enet 100001 1500 - - - - - 0 0 

10 enet 100010 1500 - - - - - 0 0 

20 enet 100020 1500 - - - - - 0 0 

30 enet 100030 1500 - - - - - 0 0 

1002 fddi 101002 1500 - - - - - 0 0 

1003 tr 101003 1500 - - - - - 0 0 


—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———


1004 fdnet 101004 1500 - - - ieee - 0 0 

1005 trnet 101005 1500 - - - ibm - 0 0 


——————————————————————————————————————— 


———- ————- ————————- ————————————————————— 






Why? 

Both hosts are in the same VLAN with the trunk link properly configured. 



Why? 









Why? 

The hosts are on separate VLANs. 



Why? 




Curriculum Lab 9-4: Configuring Inter-VLAN Routing 

(9.3.6) 



Switch Switch Name VLAN 1 VLAN Names Switch Port 

Designation IP Address and Numbers Assignments 

Switch 1 Switch_A 192.168.1.2 VLAN 1 Native 

VLAN 10 Sales 

VLAN 20 SupportFa0/1–0/4 

Fa0/5–0/8 

Fa0/9–0/12 




Objectives 



■ Create a basic configuration on a router. 

■ Create an 802.1q trunk line between the switch and router to allow communication between VLANs. 

■ Test the routing functionality. 


FA0/5 

FA0/9 




Cable a network that is similar to the one in Figure 9-7. The configuration output that is used in this lab is 

produced from a 2950 series switch. Another switch might produce different output. You should execute 

erase and reload procedures on each switch unless you are specifically instructed otherwise. Instructions 

are also provided for the 1900 series switch, which initially displays a User Interface Menu. Select the 

FA0/1 


Serial Cable


Command Line option from the menu to perform the steps for this lab. 

Note: The router used must have a Fast Ethernet interface in order to support trunking and inter-VLAN routing. The 

2500 series router cannot be used for this lab. 








Configure the hosts by using the following information. 

The host in port 0/5: 

IP address: 192.168.5.2 

Subnet mask: 255.255.255.0 


The host in port 0/9: 

IP address: 192.168.7.2 

Subnet mask: 255.255.255.0 



Step 1. Verify that the switch ports and host NIC link lights are lit. 

Step 2. Ping the switch IP address from the hosts. 

Were the pings successful? No 

Why or why not? 

The hosts are on different networks. 




Switch_A(vlan)#vlan 10 name Sales 

Switch_A(vlan)#vlan 20 name Support 

Switch_A(vlan)#exit

1900: 


Switch_A(config)#vlan 10 name Sales 

Switch_A(config)#vlan 20 name Support 









Switch_A(config-if)#interface fastethernet0/6 










1900: 





























1900: 












On Switch_A, enter the command show VLAN at the privileged EXEC mode prompt. 




—— ———————————————— ————- ———————————————- 


Fa0/13, Fa0/14, Fa0/15, Fa0/16 

Fa0/17, Fa0/18, Fa0/19, Fa0/20 

Fa0/21, Fa0/22, Fa0/23, Fa0/24 

10 Sales active Fa0/5, Fa0/6, Fa0/7, Fa0/8 

20 Support active Fa0/9, Fa0/10, Fa0/11, Fa0/12 






—— ——- ————— ——- ——— ——— ———— —— ———— ——— ———

1 enet 100001 1500 - - - - - 0 0 

10 enet 100010 1500 - - - - - 0 0 

20 enet 100020 1500 - - - - - 0 0 

1002 fddi 101002 1500 - - - - - 0 0 

1003 tr 101003 1500 - - - - - 0 0 

1004 fdnet 101004 1500 - - - ieee - 0 0 

1005 trnet 101005 1500 - - - ibm - 0 0 


——————————————————————————————————————— 


———- ————- ————————- ————————————————————— 

Are ports assigned correctly? Yes 


On Switch_A, enter the following command at the Fast Ethernet 0/1 interface command prompt. Note that 

Fast Ethernet 0/1 and the other access ports on a 1900 switch only support 10-Mbps Ethernet and cannot 

be used as trunk ports. The trunk ports (if present) on a 24-port 1900 are typically Fast Ethernet 0/26 and 

0/27. 




2900: 





1900: 



Switch_A(config-if)#trunk on 

Task 9: Configure the Router 

Step 1. Configure the router with the following data. Note that, to support trunking and inter-VLAN 

routing, the router must have a Fast Ethernet interface. 

Hostname: Router_A 

Console, VTY, and enable passwords: cisco 

Enable secret password: class 



Step 2. Configure the Fast Ethernet interface by using the following commands: 

Note: If working with a 1900 switch, replace the dot1.q encapsulation with isl in the following router configuration 

commands. 

Router_A(config)#interface fastethernet 0/0 

Router_A(config-if)#no shutdown 

Router_A(config-if)#interface fastethernet 0/0.1 

Router_A(config-subif)#encapsulation dot1q 1 

Router_A(config-subif)#ip address 192.168.1.1 255.255.255.0 



Router_A(config-subif)#ip address 192.168.5.1 255.255.255.0 



Router_A(config-subif)#end 

Task 10: Save the Router Configuration 

Enter the copy run start command to save the current running configuration to NVRAM. 

Task 11: Display the Router Routing Table 

Enter show ip route at the privileged EXEC mode prompt. 

Router_A#show ip route 






area 




C 192.168.5.0/24 is directly connected, FastEthernet0/0.2 



Router_A# 

Do entries exist in the routing table? Yes, 3 

What interface are the entries pointing to? Fast Ethernet 0/0 

Why is there not a need to run a routing protocol? 

All interfaces are connected.


Step 1. To test the VLANs and the trunk, ping from the host in Switch_A port 0/9 to the host in port 

0/5. 


Why? 

The trunk to the router forwarded packets from VLAN 20 to VLAN 10. 




Move the hosts to other VLANs and try pinging the management VLAN 1. Note the results. 

All pings should be successful with correct IP settings on the host. 



Switch_A 




! 

version 12.1 





! 


! 

enable secret 5 $1$5kx7$u7JjZnEXhjhJ0cJIplN4t. 

! 


! 




! 



no ip address 

! 


no ip address 

! 




no ip address 

! 


no ip address 

! 




no ip address 

! 




no ip address 

! 




no ip address 

! 




no ip address 

! 




no ip address 

! 




no ip address 

! 




no ip address 

! 




no ip address 

! 


no ip address 

! 


no ip address 

! 


no ip address 

! 


no ip address 

! 


no ip address 

! 


no ip address 

! 


no ip address 

! 


no ip address 

! 


no ip address 

! 


no ip address 

! 


no ip address 

! 


no ip address 

! 


ip address 192.168.1.2 255.255.255.0 


! 



! 

line con 0 


login 

line vty 0 4 




login 

line vty 5 15 


login 

! 

end 

Switch_B 

Router_A#show runnig-config 



! 

version 12.2 




! 

hostname Router_A 

! 

enable secret 5 $1$ihY0$.S.8M7iVky3u28ZYmHgWx1 

! 


! 

call rsvp-sync 

! 


no ip address 

duplex auto 

speed auto 

! 

interface FastEthernet0/0.1 

encapsulation dot1Q 1 native 

ip address 192.168.1.1 255.255.255.0 

! 


encapsulation dot1Q 10 

ip address 192.168.5.1 255.255.255.0 

! 



ip address 192.168.7.1 255.255.255.0 

! 


no ip address

shutdown 

no fair-queue 

! 


no ip address 

shutdown 

! 

ip classless 


! 

! 

! 

dial-peer cor custom 

! 

line con 0 


login 

line aux 0 

line vty 0 4 


login 

! 

end 

Comprehensive Lab 9-5: Inter-VLAN and VTP 

Configuration 

Note: This lab continues where Challenge Lab 8-4, “Static VLANs, STP, and Port Security” ended. You need to complete 

that lab before proceeding with this lab. Another option is to continue on to Challenge Lab 9-6, “Advanced 

Switching,” which is not dependent on any previous labs. 

Figure 9-8 Inter-VLAN and VTP Configuration 

VLAN 1 10.1.0.0/16 

VLAN 10 10.10.0.0/16 

VLAN 20 10.20.0.0/16 

VLAN 30 10.30.0.0/16 

VLAN 10 


fa0/1 

802.1q Trunk 

fa0/1 

RTA 

SWA 

VLAN 20 


VLAN 1: 10.1.0.2 

DefGate: 10.1.0.1 

fa0/2 

fa0/3 

VLAN 30 


VLAN 10 



VLAN 1: 10.1.0.3 

DefGate: 10.1.0.1 

fa0/2 

fa0/3 SWB 

VLAN 20 


VLAN 30 




Device Interface IP Address Subnet 

Mask 

SWA VLAN 1 10.1.0.2 255.255.0.0 

SWB VLAN 1 10.1.0.3 255.255.0.0 

RTA Fa0/1.1 10.1.0.1 255.255.0.0 

Objectives 

■ Delete the VLAN database. 

■ Configure VTP parameters. 

■ Configure inter-VLAN routing. 

■ Modify VLANs. 

■ Verify and document configurations. 

Fa0/1.10 10.10.0.1 255.255.0.0 

Fa0/1.20 10.20.0.1 255.255.0.0 

Fa0/1.30 10.30.0.1 255.255.0.0 

The topology shown in Figure 9-8 is using 2950 switches and a 2621 router. You can also use a 1700 

series router that supports VLAN trunking. 


This lab is fully compatible with a standard NetLab Basic Switch Pod. 


Step 1. SWA and SWB should be loaded with your saved configurations for Challenge Lab 8-4, “Static 

VLANs, STP, and Port Security.” If you did not complete that lab, you need to do so now. 

Step 2. Configure RTA with basic router configurations, including: 

■ Hostname 


■ Global passwords 

■ Host tables 

■ Banner 

■ Other instructor-required global configurations 

Task 2: Configure VTP Parameters 

Step 1. SWA will be the VTP server. Configure SWA with the domain name CCNA3 and password 

cisco. Verify your configuration with the show vtp status command. 

SWA#show vtp status 

VTP Version : 2 

Configuration Revision : 3 

Maximum VLANs supported locally : 250 

Number of existing VLANs : 8

VTP Operating Mode : Server 

VTP Domain Name : CCNA3 

VTP Pruning Mode : Disabled 

VTP V2 Mode : Disabled 

VTP Traps Generation : Disabled 

MD5 digest : 0x3B 0x01 0x37 0x7F 0x25 0x20 0xD0 0x0F 

Configuration last modified by 0.0.0.0 at 3-1-93 00:30:56 

Local updater ID is 10.1.0.2 on interface Vl1 (lowest numbered VLAN interface 

found) 

Step 2. Notice in the preceding output that the configuration revision number is 3. Why? 

Three VLANs have been added (Accounting VLAN 10, Marketing VLAN 20, and Purchasing 

VLAN 30). The configuration revision number increments by 1 each time a change is made. 

Step 3. On SWB, you need to remove the current VLAN configurations and reload the switch. What 

command will delete the VLAN database file? 

SWB#delete flash:vlan.dat 

Delete filename [vlan.dat]? 

Delete flash:vlan.dat? [confirm] 

SWB#reload 

Proceed with reload? [confirm] 

Step 4. After you delete the VLAN database and reload the switch, your show vlan brief command 

should display the following: 

SWB#show vlan brief 


—— ———————————————— ————- ———————————————- 








—— ———————————————— ————- ———————————————- 






Step 5. Your VTP status should display the following output. Take note of the configuration revision 

number, the operating mode, and the domain name. 

SWB#show vtp status 




Number of existing VLANs : 5 


VTP Domain Name : 






MD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD 



found) 

Step 6. Enter the commands to configure SWB as a VTP client on the CCNA3 VTP domain with the 

password cisco. Record the commands you used. 

SWB(config)#vtp mode client 

Setting device to VTP CLIENT mode. 

SWB(config)#vtp domain CCNA3 

Changing VTP domain name from NULL to CCNA3 

SWB(config)#vtp password cisco 

Setting device VLAN database password to cisco 

Step 7. It may take a while for SWB to receive a VTP message from the server, because, unless there 

is a change or unless a request is made, the server sends out VTP advertisements only every 5 

minutes. You can speed up the process by shutting down the trunks attached to SWA and then 

reactivating them. This will force an exchange of VTP messages. Verify SWB now has the 

VLAN information from SWA. 






VTP Operating Mode : Client 





MD5 digest : 0x3B 0x01 0x37 0x7F 0x25 0x20 0xD0 0x0F 




—— ———————————————— ————- ———————————————- 



Fa0/8 

20 Marketing active Fa0/9, Fa0/10, Fa0/11, 

Fa0/12 

Fa0/13, Fa0/14, Fa0/15, 

Fa0/16 

30 Purchasing 

Fa0/24 

active Fa0/17, Fa0/18, Fa0/19, 

Fa0/20 

Fa0/21, Fa0/22, Fa0/23, 




1005 trnet-default active

Task 3: Configure Inter-VLAN Routing 

Step 1. The Fast Ethernet interface on RTA that is attached to SWA will trunk VLANs. Make sure you 

configure the Fa0/1 port on SWA to trunking mode and activate it. 



Step 2. Configure RTA to trunk for all three VLANs by using the subinterface designations and IP 

addresses shown in Table 9-6. Make sure the physical interface is activated. Also, for VLAN 1, 

make sure you add the native argument to the end of the encapsulation command. 

RTA(config-if)#interface FastEthernet0/1.1 

RTA(config-subif)#encapsulation dot1Q 1 native 


RTA(config-subif)#interface FastEthernet0/1.10 









RTA(config-subif)#end 


Output from the show ip interface brief command should look like the following: 

RTA#show ip interface brief 

Interface IP-Address OK? Method Status Protocol 

FastEthernet0/0 unassigned YES unset administratively down down 

Serial0/0 unassigned YES unset administratively down down 

FastEthernet0/1 unassigned YES unset up up 

FastEthernet0/1.1 10.1.0.1 YES manual up up 




Step 3. Attach two workstations to the network. One should be attached to a port on SWA. Attach the 

other to SWB on a port that belongs to a different VLAN from the workstation attached to 

SWA. Document your choices in the space provided. Remember that the default gateway will 

be the IP address of the router’s subinterface that belongs to the same VLAN.


Workstation attached to SWA: 

Port __________ 

VLAN __________ 

IP address ________________ 

Subnet mask _______________ 

Workstation attached to SWB: 

Port __________ 

VLAN __________ 

IP address ________________ 

Subnet mask _______________ 

Step 4. Verify that the two workstations can ping each other. If they cannot, troubleshoot. 

Task 4: Adding, Moving, and Deleting VLANs 

Step 1. A few employees from the Warehousing department are relocating to the office serviced by the 

SWB switch. Create a new VLAN 40 named Warehousing. Record the commands, including 

switch prompt, to create this new VLAN. 

SWA(config)#vlan 40 

SWA(config-vlan)#name Warehousing 

Step 2. Verify that SWB has incremented its VTP configuration revision number and has the new 

VLAN listed. 











MD5 digest : 0xBC 0xD2 0x4A 0x5B 0xF3 0x03 0x26 0x75 




—— ———————————————— ————- ———————————————- 



Fa0/8 


Fa0/13, Fa0/14, Fa0/15, Fa0/16 


Fa0/21, Fa0/22, Fa0/23, Fa0/24

40 Warehousing active 





Step 3. Because the Purchasing department has only four employees in the office serviced by SWB, 

reassign the last four ports on SWB to the new Warehousing VLAN. Record the commands 

you used and verify your configuration with the show vlan brief command. 

SWB(config)#interface range fa0/21 - 24 

SWB(config-if-range)#switchport access vlan 40 




—— ———————————————— ————- ———————————————- 



Fa0/8 


Fa0/13, Fa0/14, Fa0/15, Fa0/16 


40 Warehousing active Fa0/21, Fa0/22, Fa0/23, Fa0/24 





Step 4. The Purchasing department has been consolidated with the Accounting department. The 

Purchasing employees on SWB have transferred to the office serviced by SWA. Record the 

command to delete VLAN 30. Verify with the show vtp status and show vlan brief commands 

on SWB. 

SWA(config)#no vlan 30 

SWA(config)#exit 











MD5 digest : 0x80 0xED 0x23 0x29 0x92 0x92 0xBE 0x09 


SWB#show vlan brief



—— ———————————————— ————- ———————————————- 



Fa0/8 


Fa0/13, Fa0/14, Fa0/15, Fa0/16 






Step 5. Notice from the show vlan brief output for SWB that ports Fa0/17 through Fa0/20 are not 

assigned to any VLAN. Correct this by assigning them to the Warehousing VLAN. Record the 

commands you used and then verify with the show vlan brief command. 

SWB(config)#interface range fa0/17 - 20 

SWB(config-if-range)#switchport access vlan 40 



—— ———————————————— ————- ———————————————- 



Fa0/8 


Fa0/13, Fa0/14, Fa0/15, Fa0/16 


Fa0/21, Fa0/22, Fa0/23, Fa0/24 





Step 6. On SWA, assign the ports that belonged to the Purchasing VLAN to the Accounting VLAN. 

Record the commands you used and then verify with the show vlan brief command. 

SWA(config)#interface range fa0/17 - 24 




—— ———————————————— ————- ———————————————- 

1 default active Fa0/1, Gi0/1, Gi0/2 


Fa0/8, Fa0/17, Fa0/18, Fa0/19 

Fa0/20, Fa0/21, Fa0/22, Fa0/23 

Fa0/24


Fa0/13, Fa0/14, Fa0/15, Fa0/16 






Step 7. If you attach a workstation to the Warehousing VLAN, it will not be able to ping any workstations 

outside its own VLAN. Try it. Why were the pings unsuccessful? 

Because RTA has not yet been configured to route for VLAN 40. 


Step 8. Record and implement the configuration changes necessary to ensure that Warehousing workstations 

have inter-VLAN communication ability. Verify that a Warehousing workstation can 

ping another workstation attached to a different VLAN. 

RTA(config)#no interface fa0/1.30 

Not all config may be removed and may reappear after reactivating the subinterface 

RTA(config)#interface fa0/1.40 

RTA(config-subif)#description Warehousing VLAN 40 

RTA(config-subif)#encapsulation dot1q 40 


RTA(config-subif)#end 









FastEthernet0/1.30 unassigned YES manual deleted down 

FastEthernet0/1.40 10.40.0.1 YES manual up up


Task 5: Documentation 

Document your configurations by capturing the following output: 

■ show run 

■ show vlan brief 

■ show vtp status 

■ On RTA, capture show run and show ip interface brief 

Final scripts and verification output: 

RTA 

! 

hostname RTA 

! 


! 

no ip domain lookup 



! 


no shutdown 

! 


description Management VLAN 1 


ip address 10.1.0.1 255.255.0.0 

! 


description Accounting VLAN 10 


ip address 10.10.0.1 255.255.0.0 

! 


description Marketing VLAN 20 


ip address 10.20.0.1 255.255.0.0 

! 


description Warehousing VLAN 40 


ip address 10.40.0.1 255.255.0.0 

! 

banner motd $ 

*********************************** 


***********************************

$ 

! 

line con 0 




login 

line aux 0 




login 

line vty 0 4 




login 

end 









FastEthernet0/1.30 unassigned YES manual deleted down 


SWA !———————————————————— 

!VTP and VLAN configuration does not show 

!———————————————————— 

enable 

config t 

vtp mode server 

vtp domain CCNA3 

vtp password cisco 



vlan 10 


vlan 20 


vlan 40 

name Warehousing 

!———————————————————— 

! 

hostname SWA 

! 


! 



ip host RTA 10.1.0.1 

! 


! 



! 



! 








! 








! 






switchport port-security mac-address sticky


! 



! 

ip address 10.1.0.2 255.255.0.0 

no shutdown 


! 

banner motd $ 

*********************************** 


*********************************** 

$ 

! 

line con 0 




login 

line vty 0 4 




login 

line vty 5 15 

! 




login 

end 



—— ———————————————— ————- ———————————————- 

1 default active Fa0/1, Gi0/1, Gi0/2 


Fa0/8, Fa0/17, Fa0/18, Fa0/19 

Fa0/20, Fa0/21, Fa0/22, Fa0/23 

Fa0/24 





Fa0/13, Fa0/14, Fa0/15, Fa0/16

















Local updater ID is 10.1.0.2 on interface Vl1 (lowest numbered VLAN interface found) 

SWB !———————————————————— 


!———————————————————— 

enable 

config t 

vtp mode client 



!———————————————————— 

! 

hostname SWB 

! 


! 



ip host RTA 10.1.0.1 

! 


! 

shutdown 


! 



! 

switchport mode trunk







! 








! 








! 



! 

ip address 10.1.0.3 255.255.0.0 

no shutdown 


! 

banner motd $ 

*********************************** 


*********************************** 

$ 

! 

line con 0 




login 

line vty 0 4 




login 



line vty 5 15 

! 




login 

end 



—— ———————————————— ————- ———————————————- 



Fa0/8 


Fa0/13, Fa0/14, Fa0/15, Fa0/16 
















Fa0/21, Fa0/22, Fa0/23, Fa0/24 


Configuration last modified by 10.1.0.2 at 3-1-93 02:07:29

Challenge Lab 9-6: Advanced Switching 

Figure 9-9 Advanced Switching Challenge Lab 



SWA VLAN 1 172.16.39.2 255.255.255.248 

SWB VLAN 1 172.16.39.3 255.255.255.248 

DIST Fa0/1.1 172.16.39.1 255.255.255.248 

Objectives 

■ Configure STP. 

■ Configure port security. 

■ Configure the VTP server and client. 

■ Configure and assign VLANs. 

■ Configure inter-VLAN routing. 

■ Verify and document configurations. 

Equipment 

VLAN 10 


fa0/1 

802.1q Trunk 

fa0/1 

Fa0/1.10 172.16.32.1 255.255.252.0 

Fa0/1.20 172.16.36.1 255.255.254.0 

Fa0/1.30 172.16.38.1 255.255.255.0 

The topology shown in Figure 9-9 is using 2950 switches and a 2621 router. You can also use a 1700 

series router that supports VLAN trunking. 


DIST 

SWA 

VLAN 20 


fa0/2 

fa0/3 802.1q Trunk 

VLAN 30 


VLAN 10 



VLAN 1 172.16.39.0/29 

VLAN 10 172.16.32.0/22 

VLAN 20 172.16.36.0/23 

VLAN 30 172.16.38.0/24 

This lab is fully compatible with a standard NetLab Basic Switch Pod although you will not be able to 

fully test your VLANs or port security. 

fa0/2 

fa0/3 

SWB 

VLAN 20 


VLAN 30 




Step 1. Choose two 2950 switches and one router with a Fast Ethernet interface (1700 or 2600) and 

cable them according to the topology. (If using NetLab, choose a switch router pod.) 

Step 2. Configure the switches and router according to your instructor’s required basic configuration 

hostnames, host tables, lines, and banner. Configure each of the switches with the correct 

VLAN 1 IP addresses and the correct default gateway. 

Step 3. Verify connectivity between SWA and SWB. Pings should be successful. If they are not, troubleshoot. 

Task 2: Configure the Root Bridge for STP 

Step 1. SWA should always be the root bridge. Configure SWA with a spanning-tree priority of 4096 

for all four VLANs (1, 10, 20, and 30). 

Step 2. Verify that SWA is the root with the show spanning-tree summary command. SWA should be 

listed as the root bridge, as shown in the following output. 



Root bridge for: VLAN0001, VLAN0010, VLAN0020, VLAN0030 











——————————— ———— ————- ———— ————— ————— 

VLAN0001 0 0 0 3 3 

VLAN0010 0 0 0 3 3 

VLAN0020 0 0 0 3 3 

VLAN0030 0 0 0 3 3 

——————————— ———— ————- ———— ————— ————— 

4 vlans 0 0 0 12 12 



Root bridge for: none 









Pathcost method used is short


——————————— ———— ————- ———— ————— ————— 

VLAN0001 1 0 0 1 2 

VLAN0010 1 0 0 1 2 

VLAN0020 1 0 0 1 2 

VLAN0030 1 0 0 1 2 

——————————— ———— ————- ———— ————— ————— 

4 vlans 4 0 0 4 8 

Task 3: Configure Port Security 

Step 1. As a security precaution, disable the Fast Ethernet 0/1 interface on SWB, because this interface 

will not be used for access mode or trunk mode. 

Perform the following steps on both SWA and SWB. 


Step 2. Configure the access ports (Fa0/4 to 24) for access mode and turn on port security. 

Step 3. Enter the command to make the first MAC address learned “stick” to the port. No other MAC 

addresses should be allowed (maximum of one MAC per port). 

Step 4. Enter the command that will automatically shut down the port if a security violation occurs. 

Step 5. Verify port security with the show port-security command. Your output should look similar to 

the following: 



Action 


———————————————————————————————————————- 






















———————————————————————————————————————- 


Max Addresses limit in System : 1024


SWB#show port-security 


Action 


———————————————————————————————————————- 






















———————————————————————————————————————- 



Task 4: Configure VTP and VLANs 

Step 1. Configure SWA as the VTP server with the domain name CCNA3 and password cisco. 

Configure SWB as a VTP client in the same domain using the same password. 

Step 2. Configure VLANs with names on the VTP server. 

■ VLAN 10 is the Accounting VLAN. 

■ VLAN 20 is the Marketing VLAN. 

■ VLAN 30 is the Purchasing VLAN. 

Step 3. Configure the appropriate ports on SWA and SWB for trunking. Verify trunking is properly 

configured with the show interface trunk command on both SWA and SWB. 

SWA#show interface trunk 






Fa0/1 1-4094 

Fa0/2 1-4094

Fa0/3 1-4094 


Fa0/1 1,10,20,30 

Fa0/2 1,10,20,30 

Fa0/3 1,10,20,30 


Fa0/1 1,10,20,30 

Fa0/2 1,10,20,30 

Fa0/3 1,10,20,30 

SWB#show interface trunk 





Fa0/2 1-4094 

Fa0/3 1-4094 


Fa0/2 1,10,20,30 

Fa0/3 1,10,20,30 


Fa0/2 1,10,20,30 

Fa0/3 none 

Step 4. Assign access ports to their correct VLAN as specified in the topology. 

Step 5. Verify both the VTP status and VLAN configuration on both switches with the show vtp status 

and show vlan brief commands. Your output should look similar to the following: 











MD5 digest : 0xE0 0x67 0x70 0x4A 0x3C 0xAB 0x44 0x67 



found) 




—— ———————————————— ————- ———————————————-


1 default active 


Fa0/8 


Fa0/13, Fa0/14, Fa0/15, Fa0/16 


Fa0/21, Fa0/22, Fa0/23, Fa0/24 















MD5 digest : 0xE0 0x67 0x70 0x4A 0x3C 0xAB 0x44 0x67 




—— ———————————————— ————- ———————————————- 



Fa0/8 


Fa0/13, Fa0/14, Fa0/15, Fa0/16 


Fa0/21, Fa0/22, Fa0/23, Fa0/24 




1005 trnet-default active

Task 5: Set Up DHCP on the DIST Router 

Although DHCP (Dynamic Host Configuration Protocol) is a CCNA 4 objective, it will help in this lab to 

use dynamic assignment of IP addresses. Later in the lab, when you connect a workstation to one of the 

switches, a DHCP broadcast will be sent to DIST. DIST will send a DHCP offer to your workstation with 

an appropriate IP address for the VLAN the workstation is attached to. Make sure your workstations are 

set to “Obtain IP address automatically.” Add the following commands while in global configuration mode 

on DIST: 

ip dhcp excluded-address 172.16.32.1 172.16.32.10 



! 

ip dhcp pool VLAN10 

network 172.16.32.0 255.255.252.0 

default-router 172.16.32.1 

! 


network 172.16.36.0 255.255.254.0 


! 


network 172.16.38.0 255.255.255.0 


Task 6: Configure Inter-VLAN Routing 

Configure DIST to route all VLANs by completing the following: 

Step 1. Activate the physical interface. 

Step 2. Create subinterfaces for each of the four VLANs. Number each subinterface with the VLAN 

number. For example, the VLAN 1 subinterface should be numbered fa0.1 or fa0/0.1, depending 

on the router. 

Step 3. Configure each subinterface for 802.1q trunking and assign each subinterface the first IP 

address in the appropriate subnet for that VLAN (refer to the topology). 

Step 4. Configure each subinterface with an appropriate description. 


Step 5. Verify that the show ip interface brief command output is similar to the following output: 

DIST#show ip interface brief 










Step 6. Verify connectivity between all three devices. Each device should be able to ping the other two 

devices. 

DIST#ping SWA 



!!!!! 


DIST#ping SWB 



!!!!! 


SWB#ping SWA 



!!!!! 


Task 7: Verify Inter-VLAN Routing 

Step 1. Attach two workstations to different VLANs. 

Step 2. Verify that each workstation received an IP address from the DHCP server on DIST. 

Step 3. Verify that the two workstations can ping each other. Traceroute should show that the ping 

packets are going through the router. The following is some sample output of this verification. 

Yours should look similar. 

——————————————————————————- 

Configuration for a Workstation attached to VLAN 10 

——————————————————————————- 

C:\>ipconfig 

Windows IP Configuration 

Ethernet adapter Local Area Connection: 

Connection-specific DNS Suffix . : 

IP Address. . . . . . . . . . . . : 172.16.32.11 

Subnet Mask . . . . . . . . . . . : 255.255.252.0 

Default Gateway . . . . . . . . . : 172.16.32.1 

——————————————————————————- 

Configuration for a Workstation attached to VLAN 20 

——————————————————————————- 

C:\>ipconfig

Windows IP Configuration 

Ethernet adapter Local Area Connection: 

Connection-specific DNS Suffix . : 

IP Address. . . . . . . . . . . . : 172.16.36.11 

Subnet Mask . . . . . . . . . . . : 255.255.255.0 

Default Gateway . . . . . . . . . : 172.16.36.1 

——————————————————————- 

VLAN 10 Workstation pings VLAN 20 workstation 

——————————————————————- 

C:\>ping 172.16.36.11 





Reply from 172.16.36.11: bytes=32 timetracert 172.16.36.11 

Tracing route to 172.16.36.12 over a maximum of 30 hops 

1 1 ms 1 ms





1 000c.857f.9ea0 DYNAMIC Fa0/1 

1 000d.28f2.6942 DYNAMIC Fa0/2 

1 000d.28f2.6943 DYNAMIC Fa0/3 


10 000d.56a1.a975 STATIC Fa0/4 


20 000d.56a1.c8f7 STATIC Fa0/9 


SWA#show run 

 

! 


switchport port-security mac-address sticky 000d.56a1.a975 

! 


switchport port-security mac-address sticky 000d.56a1.c8f7 

Step 5. Enter the show port-security command. The output should now show that the two ports are 

counted. 



Action 


———————————————————————————————————————- 






















———————————————————————————————————————- 


Max Addresses limit in System : 1024


Step 6. Verify that a port currently used by one of your workstations will shut down when another 

workstation is attached to the same port. When you attach the workstation, you will see the link 

beat light go green for a brief moment. Then it will go dark as the port is automatically shut 

down. On the switch console, you may get syslog messages similar to the following output. 

2d23h: %LINK-3-UPDOWN: Interface FastEthernet0/4, changed state to down 

2d23h: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, 

caused by MAC address 000d.56a1.acfc on port Fa0/4. 

2d23h: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/4, 

putting Fa0/4 in err-disable state 

Step 7. Verify that the port is shut down with the show interface and show port-security commands. 

SWA#show interface fastethernet 0/4 

FastEthernet0/4 is down, line protocol is down (err-disabled) 



Action 


———————————————————————————————————————- 






















———————————————————————————————————————- 



Step 8. Complete the procedures necessary to remove this port from the err-disabled state and allow 

the new workstation’s MAC address to “stick” to the configuration.


Task 8: Documentation 

Document your configurations by capturing the following output: 

■ show run 


■ show spanning-tree summary 


■ show port-security 

■ show mac-address-table 

■ On DIST, capture show run 

Final scripts and verification output: 

DIST# 

! 

ena 

config t 

! 

hostname DIST 

! 


! 




! 


network 172.16.32.0 255.255.252.0 


! 


network 172.16.36.0 255.255.254.0 


! 


network 172.16.38.0 255.255.255.0 


! 


ip host SWB 172.16.39.3 

ip host SWA 172.16.39.2 

! 


no shutdown 

! 

interface FastEthernet0/1.1

! 



ip address 172.16.39.1 255.255.255.248 


! 



ip address 172.16.32.1 255.255.252.0 


! 



ip address 172.16.36.1 255.255.254.0 


! 

description Purchasing VLAN 30 


ip address 172.16.38.1 255.255.255.0 

banner motd $ 

*********************************** 


*********************************** 

$ 

! 

line con 0 




login 

line aux 0 




login 

line vty 0 4 




login 

end 

SWA ena 

config t 

!———————————————————— 




!———————————————————— 

vtp mode server 



vlan 10 


vlan 20 


vlan 30 


!———————————————————— 

! 

hostname SWA 

! 


! 

ip host SWB 172.16.39.3 

ip host DIST 172.16.39.1 

! 

! 





! 

! 


! 



! 



! 








! 



switchport access vlan 20





! 








! 



! 

ip address 172.16.39.2 255.255.255.248 

no shutdown 


! 

banner motd $ 

*********************************** 


*********************************** 

$ 

! 

line con 0 




login 

line vty 0 4 




login 

line vty 5 15 

! 




login 

end 





—— ———————————————— ————- ———————————————- 

1 default active Gi0/1, Gi0/2 


Fa0/8 


Fa0/13, Fa0/14, Fa0/15, Fa0/16 








Root bridge for: VLAN0001, VLAN0010, VLAN0020, VLAN0030 










Fa0/21, Fa0/22, Fa0/23, Fa0/24 


——————————— ———— ————- ———— ————— ————— 

VLAN0001 0 0 0 3 3 

VLAN0010 0 0 0 3 3 

VLAN0020 0 0 0 3 3 

VLAN0030 0 0 0 3 3 

——————————— ———— ————- ———— ————— ————— 

4 vlans 0 0 0 12 12 










VTP Traps Generation : Disabled

MD5 digest : 0xDB 0xC6 0x01 0xD9 0x27 0x8E 0x51 0xF3 



!The output below was captured from a NetLab switch 

!No workstations show. Your output should show ‘CurrentAddr’ for workstations 




———————————————————————————————————————- 






















———————————————————————————————————————- 




!No workstations show. Your output should show workstation MACs 

SWA#show mac-address-table 


—————————————————————- 


—— —————- ———— ——- 

All 000e.385d.e380 STATIC CPU 



SWB ena 




1 000d.6562.e380 DYNAMIC Fa0/2 

1 000d.6562.e382 DYNAMIC Fa0/2 

1 000d.6562.e383 DYNAMIC Fa0/3 

1 000e.382f.4d81 DYNAMIC Fa0/1 


config t 

!——————————————————— 

!VTP configuration does not show 

!——————————————————— 

vtp mode client 



!——————————————————— 

! 

hostname SWB 

! 


! 


ip host SWA 172.16.39.2 

ip host DIST 172.16.39.1 

! 


! 

shutdown 


! 



! 








! 


interface range FastEthernet0/9 - 16






! 








! 



! 

ip address 172.16.39.3 255.255.255.248 

no shutdown 


! 

banner motd $ 

*********************************** 


*********************************** 

$ 

! 

line con 0 




login 

line vty 0 4 




login 

line vty 5 15 

! 




login 

end 





—— ———————————————— ————- ———————————————- 



Fa0/8 


Fa0/13, Fa0/14, Fa0/15, Fa0/16 








Root bridge for: none 










Fa0/21, Fa0/22, Fa0/23, Fa0/24 


——————————— ———— ————- ———— ————— ————— 

VLAN0001 1 0 0 1 2 

VLAN0010 1 0 0 1 2 

VLAN0020 1 0 0 1 2 

VLAN0030 1 0 0 1 2 

——————————— ———— ————- ———— ————— ————— 

4 vlans 4 0 0 4 8 








VTP Pruning Mode : Disabled



MD5 digest : 0xDB 0xC6 0x01 0xD9 0x27 0x8E 0x51 0xF3 



!No workstations show. Your output should show ‘CurrentAddr’ for workstations 

SWB#show port-security 



———————————————————————————————————————- 






















———————————————————————————————————————- 




!No workstations show. Your output should show workstation MACs 

SWB#show mac-address-table 


—————————————————————- 


—— —————- ———— ——- 



All 000d.6562.e380 STATIC CPU 




1 000e.382f.4d81 DYNAMIC Fa0/2 

1 000e.385d.e382 DYNAMIC Fa0/2 

10 000e.385d.e382 DYNAMIC Fa0/2 

20 000e.385d.e382 DYNAMIC Fa0/2 

30 000e.385d.e382 DYNAMIC Fa0/2 

Total Mac Addresses for this criterion: 9

APPENDIX A 

Router Interface Summary Chart 

For most of the CCNA 3 labs, you need to examine the following chart to correctly reference the router 

interface identifiers to use in commands based on the equipment in your lab. 

Router Ethernet Ethernet Serial Serial 

Model Interface 1 Interface 2 Interface 1 Interface 2 

800 (806) Ethernet 0 (E0) Ethernet 1 (E1) 

1600 Ethernet 0 (E0) Ethernet 1 (E1) Serial 0 (S0) Serial 1 (S1) 

1700 FastEthernet 0 (FA0) FastEthernet 1 (FA1) Serial 0 (S0) Serial 1 (S1) 

2500 Ethernet 0 (E0) Ethernet 1 (E1) Serial 0 (S0) Serial 1 (S1) 

2600 FastEthernet 0/0 (FA0/0) FastEthernet 0/1 (FA0/1) Serial 0/0 (S0/0) Serial 0/1 (S0/1) 

To find out exactly how the router is configured, look at the interfaces to identify what type and how many 

the router has. There is no way to effectively list all of the combinations of configurations for each router 

class. The chart provides the identifiers for the possible combinations of interfaces in the device. This 

interface chart does not include any other type of interface even though a specific router might contain 

one. An example of this is an ISDN BRI interface. The string in parentheses is the legal abbreviation that 

you can use in Cisco IOS Software commands to represent the interface.


APPENDIX B 

Erasing and Reloading the Switch 

For the majority of the labs in CCNA 3 focusing on switch configuration, it is necessary to start with a 

basic unconfigured switch; otherwise, the configuration parameters you enter might combine with previous 

ones and produce unpredictable results. The instructions here enable you to prepare the switch prior to performing 

the lab so that previous configuration options do not interfere with your configurations. 

The following is the procedure for clearing out previous configurations and starting with an unconfigured 

switch. Instructions are provided for the 2900, 2950, and 1900 series switches. 

2900 and 2950 Series Switches 

Step 1. Disconnect the switch to be erased from all other switches. Verify that there is no uplink or 

backbone cabling to any other switch, otherwise VLAN configuration information can be transferred 

automatically. 

Step 2. Enter into privileged EXEC mode by typing enable. If prompted for a password, enter class (if 

that does not work, ask the instructor). 

Switch> enable 

Step 3. Remove the VLAN database information file: 

Switch# delete flash:vlan.dat 

Delete filename [vlan.dat]?[Enter] 

Delete flash:vlan.dat? [confirm][Enter] 

If there was no VLAN file, the following message appears: 

%Error deleting flash:vlan.dat (No such file or directory) 

Step 4. Remove the switch startup configuration file from NVRAM: 

Switch#erase startup-config 

The responding line prompt will be 

Erasing the nvram filesystem will remove all files! Continue? [confirm] 

Press Enter to confirm. 

The response should be 

Erase of nvram: complete 

Step 5. Check that VLAN information was deleted. 

Verify that the VLAN configuration was deleted in Step 3 using the show vlan command. If 

previous VLAN configuration information (other than the default management VLAN 1) is still 

present, it will be necessary to power cycle the switch (hardware restart) instead of issuing the 

reload command. To power cycle the switch, remove the power cord from the back of the 

switch or unplug it. Then plug it back in. 

If the VLAN information was successfully deleted in Step 3, go to Step 6 and restart the switch 

using the reload command.


Step 6. Restart the software (using the reload command): 

Note: This step is not necessary if the switch was restarted using the power cycle method. 

1. In privileged EXEC mode, enter the command reload: 

Switch(config)# reload 


System configuration has been modified. Save? [yes/no]: 

2. Type n and then press Enter. 


Proceed with reload? [confirm][Enter] 

The first line of the response will be 

Reload requested by console. 

After the switch has reloaded, the line prompt will be 


3. Type n and then press Enter. 


Press RETURN to get started![Enter] 

1900 Series Switches 

Step 1. Remove VLAN Trunking Protocol (VTP) information: 

#delete vtp 

This command resets the switch with VTP parameters set to factory defaults. 

All other parameters will be unchanged. 

Reset system with VTP parameters set to factory defaults, [Y]es or [N]o? 

Enter y and press Enter. 

Step 2. Remove the switch startup configuration from NVRAM: 

#delete nvram 

This command resets the switch with factory defaults. All system 

parameters will revert to their default factory settings. All static 

and dynamic addresses will be removed. 

Reset system with factory defaults, [Y]es or [N]o? 

Enter y and press Enter.

APPENDIX C 

Erasing and Reloading the Router 

For some of the CCNA 3 labs, it is necessary to start with a basic unconfigured router; otherwise, the configuration 

parameters you enter might combine with previous ones and produce unpredictable results. The 

instructions here allow you to prepare the router prior to performing the lab so that previous configuration 

options do not interfere with your configurations. 

The following is the procedure for clearing out previous configurations and starting with an unconfigured 

router. 

Step 1. Enter into privileged EXEC mode by typing enable. 

Router>enable 

If prompted for a password, enter class. (If that does not work, ask your instructor.) 

Step 2. In privileged EXEC mode, enter the command erase startup-config. 

Router#erase startup-config 

The response from the router will be 

Erasing the nvram filesystem will remove all files! Continue? [confirm] 

Step 3. Press Enter to confirm. 

The response will be 

Erase of nvram: complete 

Step 4. Now in privileged EXEC mode, enter the command reload. 

Router#reload 

response: 

System configuration has been modified. Save? [yes/no]: 

Step 5. Type n and then press Enter. 

The router will respond with the following: 

Proceed with reload? [confirm] 

Step 6. Press Enter to confirm. 

The first line of the response will be 

Reload requested by console. 

After the router reloads, the prompt will be 


Step 7. Type n and then press Enter. 

The responding prompt will be 

Press RETURN to get started! 

Step 8. Press Enter. 

Now, the router is ready for you to perform the assigned lab.


APPENDIX D 

CCNA 3 Skills-Based Assessment Practice 

Ultimately, your success on the CCNA exams, and in your networking career, will depend heavily upon 

your ability to plan, design, implement, operate, and troubleshoot internetworks. In Switching Basics and 

Intermediate Routing CCNA 3, you have learned many new skills. Now it is time to apply what you have 

learned to comprehensive skills-based assessments. Because your CCNA 3 coursework is divided into 

routing and switching, this appendix includes a skills-based assessment for routing and a skills-based 

assessment for switching. Then, you will combine skills from both routing and switching in the CCNA 3 

comprehensive skills-based assessment. 

CCNA 3 Skills-Based Assessment: Routing 

Figure D-1 CCNA 3 Skills-Based Assessment: Routing 

Objectives 

■ Configure OSPF with authentication 

■ Configure EIGRP 

■ Configure a default route and propagate it using OSPF 

■ Verify network connectivity and gather documentation 

Equipment 

The topology shown in Figure D-1 is using 2600 series routers. However, you can use any router series 

that supports OSPF, including the 1700 and 2500 series. 


OSPF 

Area 0 

172.16.1.2/30 

S0/0 

DCE 

Router2 

S0/0 

DTE 

10.10.1.1/30 

S0/1 

DCE 

S0/1 

DTE 

Router1 Router3 

Fa0/0 

172.16.1.1/30 

172.16.2.33/27 

Fa0/0 

172.30.1.1/24 

This lab is fully compatible with a standard NetLab Basic Router Pod. 

10.10.1.2/30 

Fa0/0 

172.30.2.1/24


Preconfigurations 

Use the following scripts to preconfigure the routers: 

Router1 

hostname Router1 


ip address 172.16.2.33 255.255.255.224 

no shutdown 


ip address 172.16.1.2 255.255.255.252 


no shutdown 

Router2 



ip address 172.30.1.1 255.255.255.0 

no shutdown 


ip address 172.16.1.1 255.255.255.252 

no shutdown 

interface serial0/1 

ip address 10.10.1.1 255.255.255.252 


no shutdown 

Router3 



ip address 172.30.2.1 255.255.255.0 

no shutdown 

interface serial0/1 

ip address 10.10.1.2 255.255.255.252 

no shutdown 

Task 1: Configure OSPF with Authentication 

Step 1. Use a loopback interface to configure Router1 with an OSPF router ID of 192.168.1.1. 

Step 2. Use a loopback interface to configure Router2 with an OSPF router ID of 192.168.2.1. 

Step 3. Configure OSPF routing between Router1 and Router2 with a process ID of 50. 

Step 4. Configure OSPF so that only the following 172.16.0.0 subnets will be routed: 

■ 172.16.2.32/27 

■ 172.16.1.0/30 

Step 5. Configure the OSPF hello interval to 5 seconds and the OSPF dead interval to 20 seconds. 

Step 6. Configure the OSPF communication between the routers to use authentication with MD5 

encryption.

Task 2: Configure EIGRP 

Step 1. Configure EIGRP between Router2 and Router3 with an AS of 100. 

Step 2. Configure EIGRP should only to route only for the following networks: 

■ 10.10.1.0/30 

■ 172.30.1.0/24 

■ 172.30.2.0/24 

Task 3: Configure Default Routing and Propagate It Using OSPF 

Step 1. On Router2, configure a default static route to Router3. 

Step 2. Propagate that default route to all routers in the OSPF routing domain. 

Task 4: Verify Connectivity and Gather Documentation 

Step 1. From Router2, verify connectivity by pinging all interfaces on all routers. 

Step 2. From Router1, ping all OSPF-enabled interfaces. 

Step 3. From Router3, ping all EIGRP-enabled interfaces. 

Note: Router1 and Router3 will not be able to ping all interfaces, because there is no redistribution between OSPF 

and EIGRP in this scenario. 

Step 4. For each of the routers, capture the following output: 

■ show run 

■ show ip route 

■ ping output showing successful pings according to Steps 1 to 3 

Router1 

Router1#show run 



! 


! 


ip host R2 172.16.1.1 

! 


ip address 192.168.1.1 255.255.255.0 

! 


ip address 172.16.2.33 255.255.255.224 

no shutdown 

! 

Appendix D: CCNA 3 Skills-Based Assessment Practice 477



description Link to R2 

ip address 172.16.1.2 255.255.255.252 

ip ospf message-digest-key 1 md5 allrouters 


ip ospf dead-interval 20 

clock rate 56000 

no shutdown 

! 

router ospf 50 



network 172.16.1.0 0.0.0.3 area 0 

network 172.16.2.32 0.0.0.31 area 0 

! 

banner motd $ 

*********************************** 


*********************************** 

$ 

! 

line con 0 




login 

line aux 0 




login 

line vty 0 4 




login 

end 

Router1#show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 



E1 - OSPF external type 1, E2 - OSPF external type 2 

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route 






O*E2 0.0.0.0/0 [110/1] via 172.16.1.1, 00:06:43, Serial0/0 

Router1#ping 172.16.1.1 



!!!!! 





!!!!! 


Router1#show version 


IOS (tm) C2600 Software (C2600-J1S3-M), Version 12.3(17a), RELEASE SOFTWARE (fc2) 

Technical Support: http://www.cisco.com/techsupport 

Copyright (c) 1986-2005 by cisco Systems, Inc. 

Compiled Mon 12-Dec-05 14:12 by evmiller 


ROM: System Bootstrap, Version 12.2(7r) [cmong 7r], RELEASE SOFTWARE (fc1) 

ROM: C2600 Software (C2600-J1S3-M), Version 12.3(17a), RELEASE SOFTWARE (fc2) 

Router1 uptime is 44 minutes 


System image file is "flash:c2600-j1s3-mz.123-17a.bin" 

Appendix D: CCNA 3 Skills-Based Assessment Practice 479 

cisco 2611XM (MPC860P) processor (revision 0x100) with 89088K/9216K bytes of mem 

ory. 

Processor board ID JAE07460SS1 (4270759778) 

M860 processor: part number 5, mask 2 

Bridging software. 

X.25 software, Version 3.0.0. 

TN3270 Emulation software. 

2 FastEthernet/IEEE 802.3 interface(s)


2 Serial network interface(s) 

32K bytes of non-volatile configuration memory. 

32768K bytes of processor board System flash (Read/Write) 

Configuration register is 0x2102 

Router2 




! 


! 


ip host R1 172.16.1.2 

ip host R3 10.10.1.2 

! 


ip address 192.168.2.1 255.255.255.0 

! 


ip address 172.30.1.1 255.255.255.0 

no shutdown 

! 



ip address 172.16.1.1 255.255.255.252 



ip ospf dead-interval 20 

no shutdown 

! 



ip address 10.10.1.1 255.255.255.252 


no clockrate 

! 



network 172.30.0.0 


! 

router ospf 50 

area 0 authentication message-digest

network 172.16.1.0 0.0.0.3 area 0 


! 


! 

banner motd $ 

*********************************** 


*********************************** 

$ 

! 

line con 0 




login 

line aux 0 




login 

line vty 0 4 




login 

end 







ia - IS-IS inter area, * - candidate default, U - per-user static route 





O 172.16.2.32/27 [110/65] via 172.16.1.2, 00:08:04, Serial0/0 



D 172.30.0.0/16 [90/2172416] via 10.10.1.2, 00:08:31, Serial0/1 


10.0.0.0/30 is subnetted, 1 subnets




S* 0.0.0.0/0 is directly connected, Serial0/1 




!!!!! 





!!!!! 














cisco 2621XM (MPC860P) processor (revision 0x100) with 118784K/12288K bytes of m 

emory. 

Processor board ID JAE07420G4S (1562611187) 









Configuration register is 0x2102

Router3 



! 


! 


! 


ip host R2 10.10.1.1 

! 


ip address 172.30.2.1 255.255.255.0 

no shutdown 

! 



ip address 10.10.1.2 255.255.255.252 

no shutdown 

! 



network 172.30.0.0 

auto-summary 

! 

banner motd $ 

*********************************** 


*********************************** 

$ 

! 

line con 0 




login 

line aux 0 




login 

line vty 0 4 






login 

end 







ia - IS-IS inter area, * - candidate default, U - per-user static route 






D 172.30.1.0/24 [90/2172416] via 10.10.1.1, 00:12:11, Serial0/1 







!!!!! 









ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) 



System returned to ROM by power-on



cisco 2621 (MPC860) processor (revision 0x102) with 56320K/9216K bytes of memory 

. 

Processor board ID JAD04300B3P (4106725847) 








16384K bytes of processor board System flash (Read/Write)



CCNA 3 Skills-Based Assessment: Switching 

Figure D-2 CCNA 3 Skills-Based Assessment: Switching 

Objectives 

■ Router VLAN configuration 

■ Basic switch configuration 

■ Configure trunk links and port security 

■ Configure STP, VTP, and VLANs 

■ Configure VLAN interfaces on switches 

■ Configure VLAN trunking and spanning tree 

■ Verify connectivity and gather documentation 

Equipment 

VLAN 1 

172.16.1.0/24 

R1 

Fa0/1 

Trunk 

802.1Q 

Fa0/1 

The topology shown in Figure D-2 has been designed for the 2950 series switch. Other hardware may have 

different interface types and numbers. 1900 series switches do not support 802.1Q encapsulation and thus 

require ISL encapsulation. 


This lab is fully compatible with a standard NetLab Basic Switch Pod. 

Task 1: Router VLAN Configuration 

Step 1. Configure the router hostname and any other basic configurations required by your instructor. 

Step 2. Configure the Ethernet interface to trunk for each VLAN on S1—VLAN 1, VLAN 10, and 

VLAN 20 using 802.1Q encapsulation: 

Note: 1900 series switches do not support 802.1Q encapsulation. Use ISL encapsulation for 1900 series switches. 

■ VLAN 1 = 172.16.1.0/24 

Fa0/2 Trunk 

Fa0/2 

S1 Fa0/3 802.1Q Fa0/3 S2 

VLAN 10 

Accounting 

172.16.10.0/24 

VLAN 20 

Marketing 

172.16.20.0/24 

VLAN 1 

172.16.1.0/24 

VLAN 10 

Accounting 

172.16.10.0/24 

VLAN 20 

Marketing 

172.16.20.0/24

■ VLAN 10 = 172.16.10.0/24 

■ VLAN 20 = 172.16.20.0/24 

Task 2: Basic Switch Configuration 

Step 1. Configure the hostname on switch S1 to S1. 

Step 2. Configure S1 with a VLAN 1 IP address of 172.16.1.3/24. 

Step 3. Configure the hostname on S2 to S2. 

Step 4. Configure S2 with a VLAN 1 IP address of 172.16.1.4/24. 

Step 5. Configure both switches with a default gateway address of 172.16.1.1. 

Task 3: Configure Trunk Links and Port Security 

Step 1. On S1, configure interfaces Fa0/1–3 in trunking mode. 

Step 2. On S2, configure interface Fa0/2–3 in trunking mode. Shut down interface Fa0/1, because it 

will not be used. 

Note: If you are using a 2900 series switch, you have to specify the encapsulation type used on the 

switch’s trunk links. 

Step 3. On both switches, configure the following on interfaces Fa0/4–24 (or 12 if using a 12-port 

switch): 

■ Set the ports to access mode. 

■ Enable port security. 

■ Enable the first MAC address to stick to the configuration. 

■ Enable port shutdown if there is a security violation. 

Task 4: Configure STP, VTP, and VLANs 

Step 1. Configure S1 to be the root bridge for VLAN 1 and VLAN 10. 

Step 2. Configure S2 to be the root bridge for VLAN 20. 

Step 3. Configure both S1 and S2 as part of VTP domain Group1. 

Step 4. Configure S1 as the VTP server and S2 as the VTP client. 

Step 5. Configure cisco as the VTP password. 

Step 6. Create VLAN 10 with the name Accounting. 

Step 7. Create VLAN 20 with the name Marketing. 

Task 5: Configure VLAN Interfaces on Switches 

Step 1. Configure the following on switch S1: 

■ Assign interfaces Fa0/4–6 to VLAN 10. 


■ Verify that all other interfaces are in VLAN 1. 

Step 2. Configure the following on switch S2: 





■ Verify that all other interfaces are in VLAN 1. 

Task 6: Configure VLAN Trunking and Spanning Tree 

Step 1. Configure trunking between S1 and S2 with 802.1Q encapsulation using ports Fa0/2 and Fa0/3 

on both switches. 

Note: Use ISL encapsulation for 1900 series switches. 

Step 2. Configure S1 for trunking between S1 and R1 with 802.1Q encapsulation using port Fa0/1. 

Step 3. Configure S1 to be the root bridge for VLAN 1 

Task 7: Verify Connectivity and Gather Documentation 

Step 1. It is not possible to verify inter-VLAN routing, because there are no hosts attached. However, 

the router and the two switches should be able to ping each other on their VLAN 1 interfaces. 

Step 2. For the router, capture the following output: 

■ show run 

■ show ip interface brief 

Step 3. For the switches, capture the following output: 

R1 

■ show run 



■ show spanning-tree summary 

R1#show run 


hostname R1 

! 


! 


ip host S2 172.16.1.4 

ip host S1 172.16.1.3 

! 


no shutdown 

! 


description Managment VLAN 1 


ip address 172.16.1.1 255.255.255.0 

! 

interface FastEthernet0/1.10



ip address 172.16.10.1 255.255.255.0 

! 




ip address 172.16.20.1 255.255.255.0 

! 

banner motd $ 

*********************************** 


*********************************** 

$ 

! 

line con 0 




login 

line aux 0 




login 

line vty 0 4 




login 

end 


R1#show ip interface brief 

Interface IP-Address OK? Method Status Prot 

ocol 








R1#show version 


IOS (tm) C2600 Software (C2600-IPBASE-M), Version 12.3(1a), RELEASE SOFTWARE (fc1) 


Compiled Fri 06-Jun-03 22:08 by dchih 

Image text-base: 0x80008098, data-base: 0x80F9CF68 


R1 uptime is 1 hour, 47 minutes 


System image file is "flash:c2600-ipbase-mz.123-1a.bin" 

cisco 2621XM (MPC860P) processor (revision 0x100) with 125952K/5120K bytes of me 

mory. 

Processor board ID JAE07420G7D (326445113) 








Configuration register is 0x2142 (will be 0x2102 at next reload) 

S1 

S1#show run 


hostname S1 

! 


! 


ip host R1 172.16.1.1 

ip host S2 172.16.1.4 

! 

! 



! 

!------------------------------------------ 

!VTP and VLAN Configurations 

!----------------------------------------vtp 

mode server

vtp domain Group1 


vlan 10 


vlan 20 


!------------------------------------------ 

! 



! 



! 



! 







switchport port-security violation shutdown 

! 








! 







! 


ip address 172.16.1.3 255.255.255.0 

no shutdown 

! 

ip default-gateway 172.16.1.1= 

! 



banner motd $ 

*********************************** 


*********************************** 

$ 

! 

line con 0 




login 

line vty 0 4 




login 

line vty 5 15 




login 

! 

end 

S1#show vlan brief 


---- -------------------------------- --------- ------------------------------- 


Fa0/14, Fa0/15, Fa0/16, Fa0/17 

Fa0/18, Fa0/19, Fa0/20, Fa0/21 

Fa0/22, Fa0/23, Fa0/24, Gi0/1 

Gi0/2 







S1#show vtp status 





VTP Operating Mode : Server

VTP Domain Name : Group1 




MD5 digest : 0xB9 0x8C 0x14 0x31 0x5F 0x85 0x67 0xFC 



S1#show spanning-tree summary 


Root bridge for: VLAN0001, VLAN0010 











---------------------- -------- --------- -------- ---------- ---------- 

VLAN0001 0 0 0 3 3 

VLAN0010 0 0 0 3 3 

VLAN0020 1 0 0 2 3 

---------------------- -------- --------- -------- ---------- ---------- 

3 vlans 1 0 0 8 9 

S1#show version 


IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(13)EA1, RELEASE SOFTWARE (fc1) 





S1 uptime is 34 minutes 


System image file is "flash:c2950-i6q4l2-mz.121-13.EA1.bin" 


cisco WS-C2950T-24 (RC32300) processor (revision K0) with 20839K bytes of memory 

. 

Processor board ID FOC0743Y1E3 

Last reset from system-reset


Running Enhanced Image 


2 Gigabit Ethernet/IEEE 802.3 interface(s) 


Base ethernet MAC Address: 00:0E:38:5D:E3:80 



Motherboard serial number: FOC07430LSF 

Power supply serial number: DAB0742EDCL 

Model revision number: K0 


Model number: WS-C2950T-24 

System serial number: FOC0743Y1E3 


S2 

S2#show run 


hostname S2 

! 


! 


ip host S1 172.16.1.3 

ip host R1 172.16.1.1 

! 

! 


! 

!------------------------------------------ 

!VTP and VLAN Configurations 

!----------------------------------------vtp 

mode client 

vtp domain Group1 


!------------------------------------------ 

! 


shutdown 

! 



! 



! 








! 








! 







! 


ip address 172.16.1.4 255.255.255.0 

no shutdown 

! 



! 

banner motd $ 

*********************************** 


*********************************** 

$ 

! 

line con 0 




login 

line vty 0 4 






login 

line vty 5 15 




login 

end 

S2#show vlan brief 


---- -------------------------------- --------- ------------------------------- 


Fa0/13, Fa0/14, Fa0/15, Fa0/16 

Fa0/17, Fa0/18, Fa0/19, Fa0/20 

Fa0/21, Fa0/22, Fa0/23, Fa0/24 







S2#show vtp status 






VTP Domain Name : Group1 




MD5 digest : 0xB9 0x8C 0x14 0x31 0x5F 0x85 0x67 0xFC 


S2#show spanning-tree summary 


Root bridge for: VLAN0020 






Loopguard is disabled by default





---------------------- -------- --------- -------- ---------- ---------- 

VLAN0001 1 0 0 1 2 

VLAN0010 1 0 0 1 2 

VLAN0020 0 0 0 2 2 

---------------------- -------- --------- -------- ---------- ---------- 

3 vlans 2 0 0 4 6 

S2#show version 


IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(13)EA1, RELEASE SOFTWARE (fc1) 





S2 uptime is 35 minutes 


System image file is "flash:/c2950-i6q4l2-mz.121-13.EA1.bin" 

cisco WS-C2950-24 (RC32300) processor (revision J0) with 20839K bytes of memory. 

Processor board ID FHK0728W0XH 





Base ethernet MAC Address: 00:0D:65:62:E3:80 



Motherboard serial number: FOC07280RA4 

Power supply serial number: DAB07278PCM 

Model revision number: J0 



System serial number: FHK0728W0XH 


S2# 



CCNA 3 Comprehensive Skills-Based Assessment 

Table D-1 VLSM Addressing Scheme 

Device Name Interface Address Subnet Mask 

ISP Lo0 209.165.202.192 255.255.255.255 

S0 209.165.201.1 255.255.255.252 

CORE S0 209.165.201.2 255.255.255.252 

E0 172.16.7.65 255.255.255.248 

DIST-A Lo0 209.165.200.225 255.255.255.255 

S0 172.16.7.81 255.255.255.252 

E0 172.16.7.66 255.255.255.248 

DIST-B Lo0 172.16.7.1 255.255.255.192 

S0 172.16.7.85 255.255.255.252 

E0 172.16.7.67 255.255.255.248 

DIST-C S0 172.16.7.82 255.255.255.252 

S1 172.16.7.86 255.255.255.252 

F0.1 172.16.7.73 255.255.255.248 

F0.10 172.16.0.1 255.255.252.0 

F0.20 172.16.4.1 255.255.254.0 

F0.30 172.16.6.1 255.255.255.0 

ALSw-A VLAN 1 172.16.7.74 255.255.255.248 

ALSw-B VLAN 1 172.16.7.75 255.255.255.248 

Objectives 

Demonstrate a comprehensive implementation of CCNA 3 skills by completing the following: 

■ Design a VLSM addressing scheme to meet requirements 

■ Configure OSPF, static, and default routing 

■ Configure STP and port security 

■ Configure VTP and VLANs 

■ Verify your configuration and gather documentation 

Scenario 

You are the network administrator for a small corporation. You are planning a migration to a three-layer 

hierarchical design using OSPF and VLANs. At the core layer, your router will provide access to the 

Internet. At the distribution layer, you will use one router for access to your public Web servers (DIST-A), 

one router for access to the enterprise server farm (DIST-B), and one router for routing VLANs (DIST-C). 

At the access layer, you will trunk two switches with VLAN implementation. In addition, you will completely 

redesign your addressing scheme using VLSM.

Design Considerations 

You can use any five routers at your disposal. However, DIST-C must be a 1700 or 2600 series router that 

will support routing VLANs. The server LANs off of ISP, DIST-A, and DIST-B can be simulated with 

loopback interfaces. 

Task 1: Lab Setup 

Step 1. Cable the lab with available equipment in the configuration shown in Figure D-3. 

Step 2. Label Figure D-3 with the appropriate interface names (such as S0, S0/0, E0, Fa0, and so on). 

Step 3. Label serial interfaces with the appropriate DTE or DCE designation. 

Task 2: Addressing Scheme 


Design an appropriate VLSM addressing scheme using the following method to assign subnets and interface 

addresses. Maximize the number of host addresses at each level of subnetting. 

Step 1. VLSM Level 1: Subnet the given address space 172.16.0.0/16 to provide enough addresses for 

1000 hosts and assign subnet zero to VLAN 10. 

Step 2. VLSM Level 2: Using subnet 1 left over from VLSM Level 1, subnet it to provide enough 

addresses for 500 hosts and assign subnet 0 to VLAN 20. 


addresses for 250 hosts and assign subnet 0 to VLAN 30. 


addresses for 60 hosts and assign subnet 0 to the server farm. 


addresses for three hosts. Assign subnet 0 to the CORE LAN (three hosts) and subnet 1 to 

VLAN 1 (three hosts). 


addresses for the remaining two WAN links. Assign subnet 0 to the WAN link between DIST-A 

and DIST-C and subnet 1 to the WAN link between DIST-B and DIST-C. 

Step 7. Fill in Table D-1 with your addressing design and label the topology with the assigned subnets. 

Step 8. On the topology in Figure D-3, label each interface with the last two octets of the interface’s IP 

address.


Figure D-3 CCNA 3 Comprehensive Skills-Based Assessment (Answer) 

Outside Public Web 

Server: 

209.165.202.129/32 

Lo0 

ISP 

Private Address 

Space 

172.16.0.0/16 

S0 

.201.1/30 

Task 3: Basic Router and Switch Configuration 

Erase the stored configuration on all routers and switches and reload without saving changes. Configure 

each with the following basic configurations: 

■ Hostnames 

■ Passwords 

■ Host table 

209.165.201.0/30 

Interface designations will 

depend on equipment used. 

S0 

.201.2/30 

CORE 

E0 

.7.65/29 

Lo0 

E0 E0 

.7.66/29 .7.67/29 

Lo0 

DIST-A S0 

S0 DIST-B 

OSPF 

Server Farm 

.7.85/30 

.7.81/30 

S0 S1 

Inside Public Web 

Server: 

209.165.200.225/32 

.7.82/30 .7.86/30 

DIST-C 

VLAN 1 .7.75/29 

Fa0.1 .7.73/20 

Fa0.10 0.1/22 

Fa0.20 .4.1/23 

Fa0.30 .6.1/24 

VLAN 1 .7.74/29 

ALSw-A 802.1Q Trunk 

ALSw-B 

VLAN 10 VLAN 20 VLAN 30 VLAN 10 VLAN 20 VLAN 30

■ Console line and Telnet lines 

■ Interface addresses 

Task 4: Configure OSPF, Static, and Default Routing 

Step 1. Configure OSPF to advertise all inside routes: 

■ The ISP router is not to participate in OSPF. 

■ CORE is not to advertise the WAN link it shares with ISP. 

■ Make sure DIST-A advertises the inside public web server. 

Step 2. CORE must never be DR and DIST-A must always be DR. 

Step 3. Configure a 5-second hello interval on OSPF enabled routers. 

Step 4. Configure OSPF routers to use MD5 authentication. 

Step 5. Set the LAN interface on DIST-C to passive so that OSPF updates do not get sent out to 

ALSw-A. 

Step 6. Configure CORE with a default static route to ISP. 

Step 7. Advertise the default route to the rest of the inside routers. 

Step 8. Configure ISP with a static route to the 172.16.0.0/16 address space and a static route to the 

inside web server at 209.165.200.225/32. 

Step 9. Verify that inside routers can now ping the outside web server. 

Task 5: Spanning Tree and Port Security 

Step 1. Configure ALSw-A to be the STP root bridge for VLAN 1 and VLAN 10. 

Step 2. Configure ALSw-B to be the STP root bridge for VLAN 20 and VLAN 30. 

Step 3. On both switches, configure the following on all access ports: 

■ Set the ports to access mode. 

■ Enable port security. 

■ Enable the first MAC address to stick to the configuration. 

■ Enable port shutdown if there is a security violation. 

Step 4. If necessary for your switch platform, configure the switch trunk links to use IEEE 802.1Q. 

Task 6: VLAN and VTP Configuration 

Step 1. Configure ALSw-A to be the VTP server in the VTP domain CCNA3 with an appropriate 

password. 

Step 2. Configure ALSw-B to be a VTP client in the VTP domain CCNA3 with the correct password. 

Step 3. Configure the VTP server with the following VLANs: 


■ VLAN 10: Finance 

■ VLAN 20: Sales 

■ VLAN 30: Purchasing 

Step 4. Choose the ports to assign to each VLAN. It is not necessary to configure every port with a 

VLAN.


Task 7: Verify Configurations and Gather Documentation 

Step 1. You should now have full connectivity from any host on the network to any other host. Verify 

end-to-end connectivity. 

Step 2. When satisfied with your configurations, gather documentation for future reference. On all five 

routers, capture the following output: 

■ show run 

■ show ip route 

■ show ip interface brief 

■ show ip ospf neighbors 

Step 3. On the two switches, capture the following output: 

ISP 

■ show run 



ISP#show run 


hostname ISP 

! 


! 


ip host DA 172.16.7.66 172.16.7.81 

ip host DB 172.16.7.67 172.16.7.85 

ip host DC 172.16.7.82 172.16.7.86 

ip host CORE 209.165.201.2 

ip host SA 172.16.7.74 

ip host SB 172.16.7.75 

! 


description Simulated Outside Public Web Server 

ip address 209.165.202.129 255.255.255.255 

! 

interface Serial0 

description Link to Enterprise 

ip address 200.20.2.1 255.255.255.252 


no shutdown 

! 

ip route 209.165.200.225 255.255.255.255 Serial0 


!

! 

! 

line con 0 




login 

line aux 0 




login 

line vty 0 4 




login 

! 

end 

ISP#show ip interface brief 


Ethernet0 unassigned YES unset administratively down down 

Loopback0 209.165.202.129 YES manual up up 

Serial0 200.20.2.1 YES manual up up 

Serial1 unassigned YES unset administratively down down 

ISP#show ip route 










S 172.16.0.0/16 is directly connected, Serial0 


S 209.165.200.225 is directly connected, Serial0 



ISP#show version 




IOS (tm) 2500 Software (C2500-JS-L), Version 12.2(13b), RELEASE SOFTWARE (fc1) 


Compiled Thu 20-Feb-03 14:09 by pwade 

Image text-base: 0x0307C780, data-base: 0x00001000 

ROM: System Bootstrap, Version 11.0(10c), SOFTWARE 

BOOTLDR: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFTWARE (fc1) 

ISP uptime is 6 days, 2 hours, 55 minutes 

System returned to ROM by reload 

System image file is "flash:c2500-js-l.122-13b.bin" 

cisco 2500 (68030) processor (revision N) with 14336K/2048K bytes of memory. 

Processor board ID 18423267, with hardware revision 00000000 



SuperLAT software (copyright 1990 by Meridian Technology Corp). 


1 Ethernet/IEEE 802.3 interface(s) 



16384K bytes of processor board System flash (Read ONLY) 


CORE 

CORE#show run 


hostname CORE 

! 


! 



ip host SB 172.16.7.75 

ip host SA 172.16.7.74 

ip host ISP 209.165.201.2 

ip host DC 172.16.7.82 172.16.7.86 

ip host DB 172.16.7.67 172.16.7.85 

ip host DA 172.16.7.66 172.16.7.81 

ip host WEB 209.165.202.129 

! 

interface Ethernet0 

description Link to Distribution Layer

ip address 172.16.7.65 255.255.255.248 

ip ospf priority 0 



no shutdown 

! 



ip address 209.165.201.2 255.255.255.252 

no shutdown 

! 

router ospf 1 

network 172.16.7.64 0.0.0.7 area 0 



! 


! 

! 

line con 0 




login 

line aux 0 




login 

line vty 0 4 




login 

! 

end 


CORE#show ip interface brief 


Ethernet0 172.16.7.65 YES NVRAM up up 

Serial0 209.165.201.2 YES NVRAM up up 

Serial1 unassigned YES NVRAM administratively down down 

CORE#show ip route 


D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area











O 172.16.4.0/23 [110/75] via 172.16.7.67, 1d21h, Ethernet0 

[110/75] via 172.16.7.66, 1d21h, Ethernet0 












O 209.165.200.255 [110/11] via 172.16.7.66, 1d21h, Ethernet0 

S* 0.0.0.0/0 is directly connected, Serial0 

CORE#show ip ospf 1 

Routing Process "ospf 1" with ID 209.165.201.0 



It is an autonomous system boundary router 

Redistributing External Routes from, 



Number of external LSA 1. Checksum Sum 0x00C4B6 






Area BACKBONE(0) 


Area has no authentication 

SPF algorithm executed 14 times


Number of LSA 5. Checksum Sum 0x01DCA5 






CORE# 

CORE#show version 








CORE uptime is 2 days, 34 minutes 


System image file is "flash:/c2500-js-l.122-13b.bin" 












DIST-A 

DIST-A#show run 


hostname DIST-A 

! 


! 




ip host CORE 172.16.7.65 

ip host WEB 209.165.202.129 

ip host DB 172.16.7.67 172.16.7.85 

ip host DC 172.16.7.82 172.16.7.86 

ip host ISP 209.165.201.1 

ip host SA 172.16.7.74 

ip host SB 172.16.7.75 

! 


description Simulated Inside Public Web Server 

ip address 145.46.47.48 255.255.255.255 

! 


description Link to CORE and DIST-B 

ip address 172.16.7.66 255.255.255.248 



ip ospf priority 2 

! 


description Link to DIST-C 

ip address 172.16.7.81 255.255.255.252 




! 

router ospf 1 


network 145.46.47.48 0.0.0.0 area 0 

network 172.16.7.64 0.0.0.7 area 0 

network 172.16.7.80 0.0.0.3 area 0 

! 

line con 0 




login 

line aux 0 




login 

line vty 0 4 

exec-timeout 0 0



login 

! 

end 

DIST-A#show ip interface brief 


Ethernet0 172.16.7.66 YES manual up up 




DIST-A#show ip route 










O 172.16.4.0/23 [110/65] via 172.16.7.82, 1d21h, Serial0 


O 172.16.6.0/24 [110/65] via 172.16.7.82, 1d21h, Serial0 

O 172.16.0.0/22 [110/65] via 172.16.7.82, 1d21h, Serial0 



O 172.16.7.72/29 [110/65] via 172.16.7.82, 1d21h, Serial0 




O*E2 0.0.0.0/0 [110/1] via 172.16.7.65, 1d21h, Ethernet0 

DIST-A#show ip ospf neighbor 



209.165.201.2 0 FULL/DROTHER 00:00:35 172.16.7.65 Ethernet0 

172.16.7.67 1 FULL/BDR 00:00:34 172.16.7.67 Ethernet0 

172.16.7.82 1 FULL/ - 00:00:36 172.16.7.82 Serial0


DIST-A#show ip ospf 1 























DIST-A#show version 








DIST-A uptime is 6 days, 3 hours, 3 minutes 


System image file is "flash:/c2500-js-l.122-13b.bin" 








2 Serial network interface(s)




DIST-B 

DIST-B#show run 


hostname DIST-B 

! 


! 




ip host DC 172.16.7.82 172.16.7.86 

ip host WEB 209.165.202.129 

ip host DA 172.16.7.66 172.16.7.81 

ip host ISP 209.165.201.1 

ip host SA 172.16.7.74 

ip host SB 172.16.7.75 

! 

! 


description Link to Simulated Enterprise Server Farm 

ip address 172.16.7.1 255.255.255.192 

! 


description Link to CORE and DIST-A 

ip address 172.16.7.67 255.255.255.248 



no shutdown 

! 


description Link to DIST-C 

ip address 172.16.7.85 255.255.255.252 



no shutdown 

! 

router ospf 1 


network 172.16.7.0 0.0.0.63 area 0 



network 172.16.7.64 0.0.0.7 area 0 

network 172.16.7.84 0.0.0.3 area 0 

! 

line con 0 




login 

line aux 0 




login 

line vty 0 4 




login 

! 

end 

DIST-B#show ip interface brief 


Ethernet0 172.16.7.67 YES manual up up 

Ethernet1 unassigned YES unset administratively down down 




DIST-B#show ip route 










O 172.16.4.0/23 [110/65] via 172.16.7.86, 1d21h, Serial0 

O 172.16.6.0/24 [110/65] via 172.16.7.86, 1d21h, Serial0 


O 172.16.0.0/22 [110/65] via 172.16.7.86, 1d21h, Serial0 

O 172.16.7.80/30 [110/74] via 172.16.7.66, 1d21h, Ethernet0


O 172.16.7.72/29 [110/65] via 172.16.7.86, 1d21h, Serial0 



O 209.165.200.225 [110/11] via 172.16.7.66, 1d21h, Ethernet0 

O*E2 0.0.0.0/0 [110/1] via 172.16.7.65, 1d21h, Ethernet0 

DIST-B#show ip ospf neighbor 



172.16.7.82 1 FULL/ - 00:00:39 172.16.7.86 Serial0 

200.20.2.2 0 FULL/DROTHER 00:00:38 172.16.7.65 Ethernet0 

172.16.7.81 2 FULL/DR 00:00:35 172.16.7.66 Ethernet0 

DIST-B# show ip ospf 1 























DIST-B#show version 






ROM: System Bootstrap, Version 11.0(10c)XB2, PLATFORM SPECIFIC RELEASE SOFTWARE (fc1)


BOOTLDR: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c)XB2, PLATFORM SPECIFIC 

RELEASE SOFTWARE (fc1) 

DIST-B uptime is 6 days, 2 hours, 57 minutes 


System image file is "flash:c2500-js-l.122-13b.bin" 

cisco 2500 (68030) processor (revision L) with 14336K/2048K bytes of memory. 











DIST-C 

DIST-C#show run 


hostname DIST-C 

! 


! 




ip host WEB 183.84.85.86 

ip host DB 172.16.7.85 172.16.7.67 

ip host DA 172.16.7.81 172.16.7.66 

ip host ISP 200.20.2.1 

ip host SA 172.16.7.74 

ip host SB 172.16.7.75 

! 

!------------------------------------------------ 

!Although DHCP is not taught until Module 1 

!in CCNA4, it is useful in this Super Lab. 

!So the configuration is provided for instructors 

!----------------------------------------------ip 

dhcp excluded-address 172.16.0.1 172.16.0.10 

ip dhcp excluded-address 172.16.4.1 172.16.4.10


! 


network 172.16.0.0 255.255.252.0 


! 


network 172.16.4.0 255.255.254.0 


! 


network 172.16.6.0 255.255.255.0 


!------------------------------------------------ 

! 

interface FastEthernet0 

no shutdown 

! 

interface FastEthernet0.1 



ip address 172.16.7.73 255.255.255.248 

! 


description FINANCE subnet VLAN 10 


ip address 172.16.0.1 255.255.252.0 

! 


description SALES subnet VLAN 20 


ip address 172.16.4.1 255.255.254.0 

ip access-group SALES_TRAFFIC in 

! 


description PURCHASING subnet VLAN 30 


ip address 172.16.6.1 255.255.255.0 

ip access-group PURCHASING_TRAFFIC in 

! 


description Link to DIST-B 



ip address 172.16.7.82 255.255.255.252 

no shutdown 



! 


description Link to DIST-A 



ip address 172.16.7.86 255.255.255.252 


no shutdown 

! 

router ospf 1 


network 172.16.0.0 0.0.3.255 area 0 

network 172.16.4.0 0.0.0.1 area 0 

network 172.16.6.0 0.0.0.255 area 0 

network 172.16.7.72 0.0.0.7 area 0 

network 172.16.7.80 0.0.0.3 area 0 

network 172.16.7.84 0.0.0.3 area 0 

passive-interface FastEthernet 0 

! 

line con 0 




login 

line aux 0 




login 

line vty 0 4 




login 

! 

no scheduler allocate 

end 

DIST-C#show ip interface brief 


FastEthernet0 unassigned YES unset up up 

FastEthernet0.1 172.16.7.73 YES manual up up 


FastEthernet0.20 172.16.4.1 YES manual up up




DIST-C#show ip route 











C 172.16.4.0/23 is directly connected, FastEthernet0.20 


O 172.16.7.1/32 [110/782] via 172.16.7.85, 1d21h, Serial1 





O 172.16.7.64/29 [110/791] via 172.16.7.81, 1d21h, Serial0 

[110/791] via 172.16.7.85, 1d21h, Serial1 


O 209.165.200.225 [110/782] via 172.16.7.81, 1d21h, Serial0 

O*E2 0.0.0.0/0 [110/1] via 172.16.7.85, 1d21h, Serial1 

[110/1] via 172.16.7.81, 1d21h, Serial0 

DIST-C#show ip ospf 1 






LSA group pacing timer 240 secs 

Interface flood pacing timer 33 msecs 

Retransmission pacing timer 66 msecs 

Number of external LSA 1. Checksum Sum 0xC4B6 




Number of areas in this router is 1. 1 normal 0 stub 0 nssa














DIST-C#show ip ospf neighbors 


172.16.7.67 1 FULL/ - 00:00:31 172.16.7.85 Serial1 

172.16.7.81 1 FULL/ - 00:00:30 172.16.7.81 Serial0 

DIST-C#show version 


IOS (tm) C1700 Software (C1700-Y-M), Version 12.2(4)YB, EARLY DEPLOYMENT RELEASE SOFT- 

WARE (fc1) 

Synched to technology version 12.2(6.8)T2 

TAC Support: http://www.cisco.com/tac 


Compiled Fri 15-Mar-02 20:32 by ealyon 

Image text-base: 0x80008124, data-base: 0x807D8744 

ROM: System Bootstrap, Version 12.2(7r)XM1, RELEASE SOFTWARE (fc1) 

ROM: C1700 Software (C1700-Y-M), Version 12.2(4)YB, EARLY DEPLOYMENT RELEASE SOFTWARE 

(fc1) 

DIST-C uptime is 6 days, 31 minutes 


System image file is "flash:c1700-y-mz.122-4.YB.bin" 

cisco 1721 (MPC860P) processor (revision 0x100) with 29492K/3276K bytes of memory. 

Processor board ID FOC07190RE7 (3108345534), with hardware revision 0000 

MPC860P processor: part number 5, mask 2 




2 Low-speed serial(sync/async) network interface(s)




ALSw-A 

ALSw-A#show run 


hostname ALSw-A 

! 


! 



ip host WEB 209.165.202.129 

ip host DC 172.16.7.73 

ip host DB 172.16.7.85 172.16.7.67 

ip host DA 172.16.7.81 172.16.7.66 

ip host ISP 209.165.201.1 

ip host SB 172.16.7.75 

! 

! 



! 

! 



! 



! 








! 










! 








! 


ip address 172.16.7.74 255.255.255.248 

no shutdown 

! 


! 

! 

line con 0 




login 

line vty 0 4 




login 

line vty 5 15 




login 

! 

end 

ALSw-A#show vlan brief 


---- -------------------------------- --------- ------------------------------- 


10 FINANCE active Fa0/3, Fa0/4, Fa0/5, Fa0/6 

Fa0/7, Fa0/8 

20 SALES active Fa0/9, Fa0/10, Fa0/11, Fa0/12 

Fa0/13, Fa0/14, Fa0/15, Fa0/16

30 PURCHASING active Fa0/17, Fa0/18, Fa0/19, Fa0/20 

Fa0/21, Fa0/22, Fa0/23, Fa0/24 





ALSw-A#show vtp status 










MD5 digest : 0x3E 0x12 0x21 0x3C 0x7D 0x09 0xAB 0x97 



ALSw-B 

ALSw-B#show run 


hostname ALSw-B 

! 


! 



ip host SA 172.16.7.74 

ip host ISP 209.165.201.1 

ip host DA 172.16.7.81 172.16.7.66 

ip host DB 172.16.7.85 172.16.7.67 

ip host DC 172.16.7.73 

ip host WEB 209.165.202.129 

! 

! 



! 

! 




shutdown 

! 



! 








! 








! 








! 

! 


ip address 172.16.7.75 255.255.255.248 

no shutdwon 

! 


! 

! 

line con 0 




login 

line vty 0 4 


password cisco


login 

line vty 5 15 




login 

end 

ALSw-B#show vlan brief 



---- -------------------------------- --------- ------------------------------- 


10 FINANCE active Fa0/2, Fa0/3, Fa0/4, Fa0/5 

Fa0/6, Fa0/7, Fa0/8 

20 SALES active Fa0/9, Fa0/10, Fa0/11, Fa0/12 

Fa0/13, Fa0/14, Fa0/15, Fa0/16 

30 PURCHASING active Fa0/17, Fa0/18, Fa0/19, Fa0/20 

Fa0/21, Fa0/22, Fa0/23, Fa0/24 





ALSw-B#show vtp status 










MD5 digest : 0x3E 0x12 0x21 0x3C 0x7D 0x09 0xAB 0x97 

Configuration last modified by 172.16.7.74 at 3-1-93 04:07:07

CCNA 3 Labs and Study Guide - BINARYBB.INFO – @jagalbraith

Create successful ePaper yourself

Delete template?

Save as template?