skill capitulo 3

8/22/2019 Skill Capitulo 3

1/13

ESwitching Basic Switching/Wireless PT Practice SBA

A few things to keep in mind while completing this activity:

1. Do not use the browserBack button or close or reload any exam windows during the

exam.2. Do not close Packet Tracer when you are done. It will close automatically.

3. Click the Submit Assessment button to submit your work.

Introduction

In this practice Packet Tracer Skills Exam, you will:

configure VLANs using VTP

configure inter-VLAN routing

modify STP

configure port security

add a wireless LAN

Addressing Table

Device Interface Address Subnet Mask Default Gateway

Router1

Fa0/0.10 172.16.10.1 255.255.255.0 n/a

Fa0/0.20 172.16.20.1 255.255.255.0 n/a

Fa0/0.43 172.16.43.1 255.255.255.0 n/a

Fa0/0.67 172.16.67.1 255.255.255.0 n/a

WRSInternet 172.16.67.10 255.255.255.0 172.16.67.1

Wireless 172.16.100.1 255.255.255.0 n/a

SW_DS1 VLAN 43 172.16.43.11 255.255.255.0 172.16.43.1

SW_AC2 VLAN 43 172.16.43.12 255.255.255.0 172.16.43.1

SW_AC3 VLAN 43 172.16.43.13 255.255.255.0 172.16.43.1

PC1 NIC 172.16.10.10 255.255.255.0 172.16.10.1

PC2 NIC 172.16.20.10 255.255.255.0 172.16.20.1

PC3 NIC 172.16.10.11 255.255.255.0 172.16.10.1

PC4 NIC DHCP assigned 255.255.255.0 172.16.100.1

Note: The password for user EXEC mode is cisco. The password for privileged EXECmode is class.

Step 1: Configure the Switches for Remote Access.

Create, enable, and address VLAN43 as the management interface on all three switches.Use the values found in the addressing table.

SW_DS1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

SW_DS1(config)#interface vlan 43


2/13

SW_DS1(config-if)#ip address 172.16.43.11 255.255.255.0

SW_DS1(config-if)#no shutdown

SW_DS1(config)#ip default-gateway 172.16.43.1

SW_DS1(config)#end

SW_DS1#wr

SW_AC2#configure terminal


SW_AC2(config)#interface vlan 43

SW_AC2(config-if)#ip address 172.16.43.12 255.255.255.0

SW_AC2(config-if)#no shutdown

SW_AC2(config-if)#exit

SW_AC2(config)#ip default-gateway 172.16.43.1

SW_AC2(config)#end

SW_AC2#wr



SW_AC3(config)#interface vlan 43

SW_AC3(config-if)#ip address 172.16.43.13 255.255.255.0

SW_AC3(config-if)#exit

SW_AC3(config)#ip default-gateway 172.16.43.1

SW_AC3(config)#end

SW_AC3#wr

Step 2: Configure Trunking.

Note: Packet Tracer now supports the use of the range argument forthe interface command.

For interfaces FastEthernet 0/19 through FastEthernet 0/24 on all three switches:

Configure static trunking.

Assign VLAN 43 as the native VLAN.

SW_DS1(config)#interface range FastEthernet 0/19 - 24

SW_DS1(config-if-range)#switchport mode trunk

SW_DS1(config-if-range)#switchport trunk native vlan 43

SW_DS1(config-if-range)#no shutdown

SW_DS1(config-if-range)#end

SW_DS1#

SW_DS1#wr

Building configuration...

[OK]SW_DS1#


3/13

SW_AC2(config)#interface range fastEthernet 0/19 - 24

SW_AC2(config-if-range)#switchport mode trunk

SW_AC2(config-if-range)#switchport trunk native vlan 43

SW_AC2(config-if-range)#no shut

SW_AC2(config-if-range)#endSW_AC2#

SW_AC2#wr


[OK]

SW_AC2#

SW_AC3(config)#interface range fastEthernet 0/19 - 24

SW_AC3(config-if-range)#switchport mode trunk

SW_AC3(config-if-range)#switchport trunk native vlan 43

SW_AC3(config-if-range)#no shutdownSW_AC3(config-if-range)#end

SW_AC3#

SW_AC3#wr


[OK]

SW_AC3#

Step 3: Configure VTP and VLANs.

a. Configure SW_DS1 as VTP server and the following VTP parameters: SW_DS1 is the VTP server. VTP domain name: CCNA VTP password: cisco



SW_DS1(config)#vtp mode server

Setting device to VTP SERVER mode.

SW_DS1(config)#vtp domain CCNA

Changing VTP domain name from NULL to CCNA

SW_DS1(config)#vtp password cisco

Setting device VLAN database password to cisco

SW_DS1(config)#end

SW_DS1#wr


[OK]

SW_DS1#


4/13

b. Create and name the following VLANs on SW_DS1. VLAN 10: Student VLAN 20: Faculty VLAN 43: Management VLAN 67: Wireless



SW_DS1(config)#vlan 10

SW_DS1(config-vlan)#name Student

SW_DS1(config-vlan)#exit


SW_DS1(config-vlan)#name Faculty



SW_DS1(config-vlan)#name Management



SW_DS1(config-vlan)#name Wireless

SW_DS1(config-vlan)#end

SW_DS1#

SW_DS1#wr


[OK]

SW_DS1#

c. Configure SW_AC2 and SW_AC3 as VTP clients to participate in the CCNA VTP domain.

SW_AC2(config)#vtp mode client

Setting device to VTP CLIENT mode.

SW_AC2(config)#vtp domain CCNA

Domain name already set to CCNA.

SW_AC2(config)#vtp password cisco


SW_AC2(config)#end

SW_AC2#

SW_AC2#wr


[OK]

SW_AC2#


5/13



SW_AC3(config)#vtp mode client

Setting device to VTP CLIENT mode.

SW_AC3(config)#vtp domain CCNA

Domain name already set to CCNA.

SW_AC3(config)#vtp password cisco


SW_AC3(config)#end

SW_AC3#

SW_AC3#wr


[OK]

SW_AC3#

d. Verify that VTP is operational.Hacer ping a desde el SW_DS1 al los equipos SW_AC2 y SW_AC3

Hacer ping desde SW_AC2 a SW_AC3

Verificar que se hayan transferido las VLAN creadas en SW_DS1

Step 4: Configure Interfaces for VLAN Access

VLAN port assignments on each switch are as follows:

Device Ports Assignment

SW_AC2, SW_AC3 Fa0/1 0/10 10

SW_AC2, SW_AC3 Fa0/11 0/17 20

SW_AC3 Fa0/18 67

a. Configure access ports on access layer switches. Configure the appropriate interfaces on SW_AC2 and SW_AC3 for access

mode.

Assign VLANs according to the port assignments table.SW_AC2#configure terminal


SW_AC2(config)#interface range fastEthernet 0/1 10

SW_AC2(config-if-range)#switchport mode access

SW_AC2(config-if-range)#switchport access vlan 10

SW_AC2(config-if-range)#exit


6/13





SW_AC2(config)#end

SW_AC2#

SW_AC2#wr


[OK]

SW_AC2#











SW_AC3(config)#interface fastEthernet 0/18

SW_AC3(config-if)#switchport mode access

SW_AC3(config-if)#switchport access vlan 67

SW_AC3(config-if)#end

SW_AC3#

SW_AC3#wr


[OK]

SW_AC3#

b. Verify trunking and VLAN assignments.Comandos de verificacin

Show vlan brief

Show vlan id (# de la vlan) para cada una de ellas 10, 20, 43 y 67

Show vtp status

Step 5: Configure Spanning Tree.

a. Modify STP root bridge elections. Using a priority of4096, set SW_DS1 as the root bridge forall VLANs.


7/13



SW_DS1(config)#spanning-tree vlan 1 priority 4096





SW_DS1(config)#end

SW_DS1#

SW_DS1#wr


[OK]

SW_DS1#

Using a priority of8192, set SW_AC2 so that it will become the root forallVLANs if SW_DS1 fails.



SW_AC2(config)#spanning-tree vlan 1 priority 8192





SW_AC2(config)#end

SW_AC2#

SW_AC2#wr


[OK]

SW_AC2#

b. Verify the spanning tree election.Commando

Show spanning-tree summary

Step 6: Configure Inter-VLAN Routing.

Use the information in the Addressing Table to configure Router1 for inter-VLANrouting. Be sure to designate the native VLAN.

Router1#configure terminal


Router1(config)#interface fastEthernet 0/0

Router1(config-if)#no shutdown

Router1(config-if)#exit

Router1(config)#interface fastEthernet 0/0.10


8/13

Router1(config-subif)#encapsulation dot1Q 10

Router1(config-subif)#ip address 172.16.10.1 255.255.255.0

Router1(config-subif)#exit






Router1(config-subif)#encapsulation dot1Q 43 native






Router1(config-subif)#end

Router1#

Router1#wr


[OK]

Router1#

Verify inter-VLAN routing.

Comando

Show ip route

Show ip interface brief

Step 7: Configure Port Security.

Note: Best practice requires port security on all access ports. However, for this practiceexercise you will only configure one port with security.

a. Configure SW_AC3 with port security on FastEthernet 0/2. Enable port security.SW_AC3#configure terminal

SW_AC3(config)#interface fastEthernet 0/2

SW_AC3(config-if)#switchport port-security

No more than two MAC addresses are allowed on the FastEthernet 0/2port for SW_AC3.

SW_AC3(config-if)#switchport port-security maximum 2

Once learned, MAC addresses should be automatically added to therunning configuration.

SW_AC3(config-if)#switchport port-security mac-address sticky


9/13

If this policy is violated, the port should be automatically disabled.SW_AC3(config-if)#switchport port-security violation shutdown

b. Verify that port security is implemented.SW_AC3#show port-security interface fastEthernet 0/2

Step 8: Configure the Wireless LAN.

Refer to the Addressing Table to configure the wireless LAN.

a. Configure WRS. Use static addressing on the Internet interface.

Set the router IP and subnet mask. Use the DHCP Server Settings to configure the router to provide wireless

hosts with an IP address.

The starting IP address in the wireless LAN subnet is 172.16.100.10. The maximum number of users is 25.


10/13

b. Configure wireless security. Set the SSID to WRS_LAN. Enable WEP security and use 12345ABCDE as key1.


11/13

c. Use cisco123 as the remote management password.


12/13

d. Configure PC4 to access the wireless network that is provided by WRS. PC4 uses DHCP toobtain addressing information.


13/13

Note: It will not be possible for devices to ping PC4 since PC4 is behind the WRS NATfirewall.

Step 9: Verify Connectivity.

Although these are not scored, the following connectivity tests should be successful.

SW_DS1 can ping Router1.

SW_AC2 can ping Router1.

SW_AC3 can ping Router1.

PC1 can ping PC2.

PC2 can ping PC3.

PC4 can ping PC1.

Version 2.0Created in Packet Tracer 5.3.2.0027 and Marvel 1.0.1

All contents are Copyright 1992 - 2011 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

skill capitulo 3

Documents