eswitching basic switching-wireless pt practice sba.docx
TRANSCRIPT
ESwitching Basic Switching/Wireless PT Practice SBA
A few things to keep in mind while completing this activity:
1. Do not use the browser Back button or close or reload any exam windows during the exam.
2. Do not close Packet Tracer when you are done. It will close automatically.
3. Click the Submit Assessment button to submit your work.
IntroductionIn this practice Packet Tracer Practice Skills Based Assement, you will:
configure VLANs using VTP
configure inter-VLAN routing
modify STP
configure port security
add a wireless LAN
Addressing Table
Device Interface Address Subnet Mask Default Gateway
Branch
Fa0/0.40 10.10.40.1 255.255.255.0 n/a
Fa0/0.50 10.10.50.1 255.255.255.0 n/a
Fa0/0.55 10.10.55.1 255.255.255.0 n/a
Fa0/0.80 10.10.80.1 255.255.255.0 n/a
WLANInternet 10.10.80.10 255.255.255.0 10.10.80.1
Wireless 10.10.100.1 255.255.255.0 n/a
S1 VLAN 55 10.10.55.11 255.255.255.0 10.10.55.1
S2 VLAN 55 10.10.55.12 255.255.255.0 10.10.55.1
S3 VLAN 55 10.10.55.13 255.255.255.0 10.10.55.1
Staff 1 NIC 10.10.40.10 255.255.255.0 10.10.40.1
Staff 2 NIC 10.10.40.11 255.255.255.0 10.10.40.1
Admin NIC 10.10.50.10 255.255.255.0 10.10.50.1
WRS PC NIC DHCP assigned 255.255.255.0 10.10.100.1
Note: The password for user EXEC mode is cisco. The password for privileged EXEC mode is class.
Step 1: Configure the Switches for Remote Access.
Create, enable, and address VLAN 55 as the management interface on all three switches. Use the values found in the addressing table.
Step 2: Configure Trunking.
Note: Packet Tracer now supports the use of the range argument for the interface command.
For interfaces FastEthernet 0/19 through FastEthernet 0/24 on all three switches:
Configure static trunking.
Assign VLAN 55 as the native VLAN.
Step 3: Configure VTP and VLANs.
a. Configure S1 as VTP server and the following VTP parameters:
S1 is the VTP server.
VTP domain name: BRANCH
VTP password: vtpbranch
b. Create and name the following VLANs on S1.
VLAN 40: Staff
VLAN 50: Admin
VLAN 55: Management
VLAN 80: Wireless
c. Configure S2 and S3 as VTP clients to participate in the BRANCH VTP domain.
d. Verify that VTP is operational.
Step 4: Configure Interfaces for VLAN Access
VLAN port assignments on each switch are as follows:
Device Ports Assignment
S2, S3 Fa0/1 – 0/10 40
S2, S3 Fa0/11 – 0/17 50
S3 Fa0/18 80
a. Configure access ports on access layer switches.
Configure the appropriate interfaces on S2 and S3 for access mode.
Assign VLANs according to the port assignments table.
b. Verify trunking and VLAN assignments.
Step 5: Configure Spanning Tree.
a. Modify STP root bridge elections.
Using a priority of 12288, set S1 as the root bridge for all VLANs.
Using a priority of 16384, set S2 so that it will become the root for all VLANs if S1 fails.
b. Verify the spanning tree election.
Step 6: Configure Inter-VLAN Routing.
Use the information in the Addressing Table to configure Branch for inter-VLAN routing. Be sure to designate the native VLAN.
Verify inter-VLAN routing.
Step 7: Configure Port Security.
Note: Best practice requires port security on all access ports. However, for this practice exercise you will only configure one port with security.
a. Configure S3 with port security on FastEthernet 0/2.
Enable port security.
No more than two MAC addresses are allowed on the FastEthernet 0/2 port for S3.
Once learned, MAC addresses should be automatically added to the running configuration.
If this policy is violated, the port should be automatically disabled.
b. Verify that port security is implemented.
Step 8: Configure the Wireless LAN.
Refer to the Addressing Table to configure the wireless LAN.
a. Configure WLAN.
Use static addressing on the Internet interface.
Set the router IP and subnet mask.
Use the DHCP Server Settings to configure the router to provide wireless hosts with an IP address.
The starting IP address in the wireless LAN subnet is 10.10.100.15.
The maximum number of users is 75.
b. Configure wireless security.
Set the SSID to Branch_WLAN.
Enable WEP security and use 0123456789 as key1.
c. Use branch123 as the remote management password.
d. Configure WRS PC to access the wireless network that is provided by WLAN. WRS PC uses DHCP to obtain addressing information.
Note: It will not be possible for devices to ping WRS PC since WRS PC is behind the WLAN NAT firewall.
Step 9: Verify Connectivity.
Although these are not scored, the following connectivity tests should be successful.
S1 can ping Branch.
S2 can ping Branch.
S3 can ping Branch.
Staff 1 can ping Admin.
Admin can ping Staff 2.
WRS PC can ping Staff 1.
Switch 1:
Switch(config)#vtp domain BRANCH
Switch(config)#vtp password vtpbranch
Switch(config)#vlan 40
Switch(config-vlan)#name Staff
Switch(config-vlan)#exit
Switch(config)#vlan 50
Switch(config-vlan)#name Admin
Switch(config-vlan)#exit
Switch(config)#vlan 55
Switch(config-vlan)#name Management
Switch(config-vlan)#exit
Switch(config)#vlan 80
Switch(config-vlan)#name Wireless
Switch(config-vlan)#exit
Switch(config)#hostname S1
S1(config)#vtp version 2
S1(config)#interface range fa0/19 – 24
S1(config-if-range)#switchport mode trunk
S1(config-if-range)#switchport native vlan 55
S1(config)#spanning-tree vlan 40,50,55,80 priority 12288
S1(config)#int vlan 55
S1(config-if)#ip address 10.10.55.11 255.255.255.0
S1(config)#ip default-gateway 10.10.55.1
Switch 2:
Switch(config)#vtp password vtpbranch
Switch(config)#hostname S2
S2(config)#vtp mode client
S2(config)#int range fa0/19 - 24
S2(config-if-range)#switchport mode trunk
S2(config-if-range)#switchport native vlan 55
S2(config)#int vlan 40
S2(config)#int vlan 50
S2(config)#int vlan 55
S2(config)#int vlan 80
S2(config)#interface range fastEthernet 0/1 – 10
S2(config-if-range)#switchport mode access
S2(config-if-range)#switchport access vlan 40
S2(config)#interface range fastEthernet 0/11 – 17
S2(config-if-range)#switchport mode access
S2(config-if-range)#switchport access vlan 50
S2(config)#int fa 0/18
S2(config-if)#switchport mode access
S2(config-if)#switchport access vlan 80
S2(config)#spanning-tree vlan 40,50,55,80 priority 16384
S2(config)#int vlan 55
S2(config-if)#ip address 10.10.55.12 255.255.255.0
S2(config)#ip default-gateway 10.10.55.1
Switch(config)#int vlan 55
Switch(config-if)#ip address 10.10.55.11 255.255.255.0
Switch(config-if)#no sh
Switch(config-if)#exit
Switch(config)#int fa 0/19
Switch(config-if)#swi
Switch(config-if)#switchport tr
Switch(config-if)#switchport trunk en
Switch(config-if)#switchport trunk ?
allowed Set allowed VLAN characteristics when interface is in trunking mode
native Set trunking native characteristics when interface is in trunking
mode
Switch(config-if)#switchport mode trunk
Switch(config-if)#?
cdp Global CDP configuration subcommands
channel-group Etherchannel/port bundling configuration
channel-protocol Select the channel protocol (LACP, PAgP)
description Interface specific description
duplex Configure duplex operation.
exit Exit from interface configuration mode
mac-address Manually set interface MAC address
mdix Set Media Dependent Interface with Crossover
mls mls interface commands
no Negate a command or set its defaults
shutdown Shutdown the selected interface
spanning-tree Spanning Tree Subsystem
speed Configure speed operation.
storm-control storm configuration
switchport Set switching mode characteristics
tx-ring-limit Configure PA level transmit ring limit
Switch(config-if)#sw
Switch(config-if)#switchport ?
access Set access mode characteristics of the interface
mode Set trunking mode of the interface
native Set trunking native characteristics when interface is in
trunking mode
nonegotiate Device will not engage in negotiation protocol on this
interface
port-security Security related command
priority Set appliance 802.1p priority
trunk Set trunking characteristics of the interface
voice Voice appliance attributes
Switch(config-if)#switchport tr
Switch(config-if)#switchport trunk ?
allowed Set allowed VLAN characteristics when interface is in trunking mode
native Set trunking native characteristics when interface is in trunking
mode
Switch(config-if)#switchport trunk na
Switch(config-if)#switchport na
Switch(config-if)#switchport native vlan 55
Switch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/23, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/23, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to up
Switch(config-if)#no sh
Switch(config-if)#exit
Switch(config)#int ran
Switch(config)#int range fa 0/20 - 24
Switch(config-if-range)#sw
Switch(config-if-range)#switchport mod
Switch(config-if-range)#switchport mode
%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/23 (1), with Switch FastEthernet0/23 (55).
%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/24 (1), with Switch FastEthernet0/24 (55).
tru
Switch(config-if-range)#switchport mode trunk
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/21, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/21, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/22, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/22, changed state to up
Switch(config-if-range)#sw
Switch(config-if-range)#switchport na
Switch(config-if-range)#switchport native vlan 55
Switch(config-if-range)#no sh
Switch(config-if-range)#exit
Switch(config)#vtp ?
domain Set the name of the VTP administrative domain.
mode Configure VTP device mode
password Set the password for the VTP administrative domain
version Set the adminstrative domain to VTP version
Switch(config)#vtp dom
Switch(config)#vtp domain ?
WORD The ascii name for the VTP administrative domain.
Switch(config)#vtp domain BRANCH
Changing VTP domain name from NULL to BRANCH
Switch(config)#vtp password vtpbranch
Setting device VLAN database password to vtpbranch
Switch(config)#vlan 40
%LINK-5-CHANGED: Interface Vlan40, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan40, changed state to up
Switch(config-vlan)#name Staff
Switch(config-vlan)#ip ?
% Unrecognized command
Switch(config-vlan)#?
VLAN configuration commands:
exit Apply changes, bump revision number, and exit mode
name Ascii name of the VLAN
no Negate a command or set its defaults
Switch(config-vlan)#exit
Switch(config)#vlan 50
Switch(config-vlan)#name Admin
Switch(config-vlan)#exit
Switch(config)#vlan 55
%LINK-5-CHANGED: Interface Vlan55, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan55, changed state to up
Switch(config-vlan)#name Management
Switch(config-vlan)#exit
Switch(config)#vlan 80
Switch(config-vlan)#name Wireless
Switch(config-vlan)#exit
Switch(config)#spanning-tree vlan 40 priority 12288
Switch(config)#spanning-tree vlan 50 priority 12288
Switch(config)#spanning-tree vlan 55 priority 12288
Switch(config)#spanning-tree vlan 80 priority 12288
Switch(config)#spanning-tree mode pvst
Router(config)#int fa 0/0.40
Router(config-subif)#ip add 10.1.40.1 255.255.255.0
% Configuring IP routing on a LAN subinterface is only allowed if that
subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q,
or ISL vLAN.
Router(config-subif)#en
Router(config-subif)#encapsulation ?
dot1Q IEEE 802.1Q Virtual LAN
Router(config-subif)#encapsulation dot
Router(config-subif)#encapsulation dot1Q
% Incomplete command.
Router(config-subif)#encapsulation dot1Q
% Incomplete command.
Router(config-subif)#en
Router(config-subif)#encapsulation d
Router(config-subif)#encapsulation dot1Q
% Incomplete command.
Router(config-subif)#encapsulation dot1Q ?
<1-1005> IEEE 802.1Q VLAN ID
Router(config-subif)#encapsulation dot1Q 40
Router(config-subif)#ip add 10.1.40.1 255.255.255.0
Router(config-subif)#exit
Router(config)#int fa 0/0.50
Router(config-subif)#ip add 10.1.50.1 255.255.255.0
% Configuring IP routing on a LAN subinterface is only allowed if that
subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q,
or ISL vLAN.
Router(config-subif)#encapsulation dot1Q 50
Router(config-subif)#ip add 10.1.50.1 255.255.255.0
Router(config-subif)#no sh
Router(config-subif)#int fa 0/0.40
Router(config-subif)#no shut
Router(config-subif)#int fa 0/0.55
Router(config-subif)#en
Router(config-subif)#encapsulation d
Router(config-subif)#encapsulation dot1Q 55
Router(config-subif)#ip add 10.10.55.1 255.255.255.0
Router(config-subif)#no sh
Router(config-subif)#int fa 0/0.50
Router(config-subif)#ip add 10.10.50.1 255.255.255.0
Router(config-subif)#int fa 0/0.40
Router(config-subif)#ip add 10.10.40.1 255.255.255.0
Router(config-subif)#exit
Router(config)#int fa 0/0.80
Router(config-subif)#en
Router(config-subif)#encapsulation d
Router(config-subif)#encapsulation dot1Q 80
Router(config-subif)#ip add 10.10.80.1 255.255.255.0
Router(config-subif)#no shut
Router(config-subif)#exit
Router(config)#