Configuring EtherChannel (Instructor Version

)
Completed Topology

Objectives
• View the default Layer 2 configuration. • Configure EtherChannel.

Background/Scenario
EtherChannel enables the switch administrator to increase bandwidth between switches by bundling together between 2 and 8 links. In this scenario, you will bundle two Fast Ethernet links to form a single logical link with an effective full-duplex bandwidth of 400 Mb/s. NOTE: This activity is for observation purposes only and does not require configuration, thus grading will not be conducted.

Task 1: View the Default Configuration.
Step 1. Verify the trunking and VLAN configuration on the switches.
a. On the two switches, enter privileged EXEC mode. b. Perform a show run to view the current configuration. c. Issue the show interfaces trunk and show interfaces switchport commands. Observation: The show interface truck command displayed no output, hence there are no trunk ports configured. The show interfaces switchport command displayed all ports in dynamic auto mode. d. Issue the show vlan command to verify proper VLAN configuration. Observation: VLAN 10 is the only non-default VLAN appearing. Currently, all ports are associated with VLAN 1.

Step 2. Verify the VTP configuration on the switches.
e. From privileged EXEC mode on both DLS1 and DLS2 access layer switches, issue the show vtp status command to verify VTP modes and VLAN information. Observation: Both DLS1 and DLS2 are VTP servers with no VTP domain name configured.

Step 3. Verify IEEE 802.1D spanning-tree.
a. From each switch, issue the show spanning-tree command.

All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 1 of 32

CCNA Exploration

LAN Switching and Wireless b. Verify that all switches are running IEEE 802.1D spanning-tree. c. Verify that S1 is the root bridge for VLANs 1-1001. Observation: Both switches are running IEEE 802.1D. DLS1 is the spanning-tree root bridge for all VLANs.

Task 2: Configure EtherChannel on the switches.
Step 1. Add EtherChannel functionality to DLS1 and DLS2.
a. To enable EtherChannel on DLS1, enter the interface range mode for ports F0/11 and F0/12 on with the command interface range f0/11 - 12. b. Enter the command switchport mode trunk. c. Enter the command channel-group 1 mode desirable. d. Repeat steps a through c on DLS2.

Step 2. Add a logical Port Channel associated with the physical interfaces.
a. Create Port Channel 1 with the interface port-channel 1 command. b. Enter the switchport mode trunk command.

Task 3: Verify the EtherChannel configuration.
a. Enter the command show etherchannel summary and observe the output. Observation: Ports F0/11 and F0/12 appear under Group 1, associated with a Port Channel labeled Po1.The default port bundling protocol is PAgP. b. Enter the command show interface switchport. Observation: The physical ports F0/11 and F0/12, and the logical port Po1 all appear as 802.11Q trunk ports. c. On DLS1, enter the command ping 10.10.10.2. The ping should be successful. d. Enter the command show running-config to determine the EtherChannel load-balancing mechanism. Observation: The output displays “port-channel load-balance src-mac”, indicating that load balancing across the logical EtherChannel is based on the source MAC address of the data.

All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 2 of 32

CCNA Exploration

LAN Switching and Wireless

PT: Configuring Frame Relay
Objectives
• • • • View the default internetwork configuration. Configure Frame Relay connectivity. Configure Static and Default routing. Verify connectivity.

Background/Scenario
Four routers must be interconnected in a hub-and-spoke Frame Relay configuration. Router R1 is the hub, and routers R2, R3, and R4 are spoke routers. The Frame Relay connections will be established using Frame Relay point-to-point connections over subinterfaces from R1 to each spoke router. Routing will be established using static routes on the hub router and default routes on all spoke routers. The frame relay switch(es) have already been configured within the cloud. Remote administrative access is established using SSH with the username admin and password cisco.

Task 1: Configure Frame Relay and Static Routing on the Hub Router (R1).
Step 1. Verify Default Configurations.
e. On all four routers, enter privileged EXEC mode with the password cisco. f. From privileged EXEC mode on all four routers, issue the show running-config command to verify running configurations.

Note: All routers have been preconfigured with hostnames, enable password, and SSH connectivity. All LAN interfaces have also been configured with IP addresses and are currently active. g. Use the show ip route command to verify routing tables.

Step 2. Configure the Physical Frame Relay Interface on R1.
When configuring frame-relay subinterfaces, the main physical interface must be enabled for Frame Relay connectivity; therefore, configure Frame Relay on the serial 0/0/0 interface of router R1. The Frame Relay LMI type is autosensed and will not be manually configured. h. From privileged EXEC mode on R1, enter global configuration mode. i. Enter the following commands on R1 to enable Frame Relay on the physical interface. R1(config)# interface serial0/0/0 R1(config-if)# encapsulation frame-relay R1(config-if)# no shutdown

All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 3 of 32

0.1.40.1.255.255.102 point-to-point R1(config-subif)# ip address 10.9 SM: 255.9 255. In this activity.255. Configure the point-to-point connections to the three spoke routers via subinterfaces and assign the appropriate dlci number to each frame relay connection.5 255.255.255.1.103 S0/0/0.1.0.255.255.255. This document is Cisco Public Information. Just as we configured the hub router for Frame Relay.255.0 255.102.252 IP: 10.255.104 IP: 10.1. R1(config)# interface Serial0/0/0.1 255.0.103 point-to-point R1(config-subif)# ip address 10. All contents are Copyright © 1992–2008 Cisco Systems.255.0.102 S0/0/0.CCNA Exploration LAN Switching and Wireless Step 3.252 R1(config-subif)# frame-relay interface-dlci 102 R1(config-subif)# exit k.20. you will configure static routes to each remote LAN sites.0.1.1 SM: 255. All rights reserved.0.1. enter the following commands: R1(config)# interface Serial0/0/0.1.30. l. Frame Relay subinterfaces will be configured using point-to-point Frame Relay.1.0 10.30.40. Configure Static Routing on R1 to reach the LANs of each spoke router.252 R1(config-subif)# frame-relay interface-dlci 104 R1(config-subif)# exit Step 4.2 R1(config)# ip route 10.0 10. Page 4 of 32 .0. Create and configure subinterface s0/0/0. the spoke routers must also be configured.255. Task 2: Configure Frame Relay and Default routing on the Spoke Routers. From global configuration mode. Exit out of configuration mode and issue the show running-config command to view the final configuration on R1.255. enter the following static routes. Step 1.103 and s0/0/0.6 R1(config)# ip route 10.255. Configure the Subinterfaces on R1.0.255.252 R1(config-subif)# frame-relay interface-dlci 103 R1(config-subif)# exit R1(config)# interface Serial0/0/0.0 10. Routing between sites could be configured using dynamic or static routing.255.10 m. R1(config)# ip route 10.255.0 255. From global configuration mode.255.0 255. Configure the Physical Frame Relay Interface on the spoke routers. Repeat the above steps to create and configure subinterface s0/0/0.104 point-to-point R1(config-subif)# ip address 10.0. Inc.252 IP: 10.20. see the table below: S0/0/0.5 SM: 255.104.252 DLCI: 102 DLCI: 103 DLCI: 104 j.

101 point-to-point R2(config-subif)# ip address 10. Configure the Subinterfaces on R2.6 255. Configure Default Routing on R2. Repeat Steps 1 – 3 on R3 and R4.10 255. R4(config)# interface serial0/0/0 R4(config-if)# encapsulation frame-relay R4(config-if)# no shutdown R4(config)# interface Serial0/0/0.0. Enter the following commands on R2.1.0.0.255.0. All rights reserved. Inc. R2(config)# interface Serial0/0/0. Assign DLCI 101 to the frame relay connection R3(config)# interface serial0/0/0 R3(config-if)# encapsulation frame-relay R3(config-if)# no shutdown R3(config)# interface Serial0/0/0.1. From privileged EXEC mode on R2.1.1. From global configuration mode.101 point-to-point R3(config-subif)# ip address 10.0 10.0.0 0. enter global configuration mode. From global configuration mode.255.0. On router R4. Configure the main physical interface for Frame Relay connectivity.101 point-to-point R4(config-subif)# ip address 10.0. enter the following commands to create and configure the subinterface.0.0.2 255.0 0.255. This document is Cisco Public Information. R2(config)# ip route 0.0.0.0 10.0.1.252 R4(config-subif)# frame-relay interface-dlci 101 R4(config-subif)# exit R4(config)# ip route 0.0.252 R3(config-subif)# frame-relay interface-dlci 101 R3(config-subif)# exit R3(config)# ip route 0.255.0. configure the following commands.252 R2(config-subif)# frame-relay interface-dlci 101 R2(config-subif)# exit Step 3.255. R2(config)# interface serial0/0/0 R2(config-if)# encapsulation frame-relay R2(config-if)# no shutdown Step 2. o. enter the following static routes.1 Step 4. configure the following commands.1. Assign DLCI number 101 to the connection.0 10.CCNA Exploration LAN Switching and Wireless n.0. Assign DCLI 101 to the frame-relay connection.255. p.0.0.0. On router R3. Page 5 of 32 .5 q.0 0.9 All contents are Copyright © 1992–2008 Cisco Systems.

After configuring Frame Relay on all routers. broadcast. issue the show frame-relay lmi command on R1. Page 6 of 32 . R1# show frame-relay lmi LMI Statistics for interface Serial0/0/0 (Frame Relay DTE) LMI TYPE = CISCO Invalid Unnumbered info 0 Invalid Prot Disc 0 Invalid dummy Call Ref 0 Invalid Msg Type 0 Invalid Status Message 0 Invalid Lock Shift 0 Invalid Information ID 0 Invalid Report IE Len 0 Invalid Report Request 0 Invalid Keep IE Len 0 Num Status Enq. verify the Frame Relay configuration on R1. status defined. Issue the show frame-relay map command on R1 to verify the connections to the spoke routers. r. status defined.103 (up): point-to-point dlci.CCNA Exploration LAN Switching and Wireless Task 4: Verify Connectivity. This document is Cisco Public Information. Sent 0 Num Status msgs Rcvd 0 Num Update Status Rcvd 0 Num Status Timeouts 16 LMI Statistics for interface Serial0/0/0. issue the show frame-relay pvc command on R1. dlci 103. dlci 102.102 (up): point-to-point dlci.103 (Frame Relay DTE) LMI TYPE = CISCO Invalid Unnumbered info 0 Invalid Prot Disc 0 Invalid dummy Call Ref 0 Invalid Msg Type 0 Invalid Status Message 0 Invalid Lock Shift 0 Invalid Information ID 0 Invalid Report IE Len 0 Invalid Report Request 0 Invalid Keep IE Len 0 Num Status Enq. active s. status defined. R1# show frame-relay map Serial0/0/0. active Serial0/0/0.104 (up): point-to-point dlci. Sent 26 Num Status msgs Rcvd 26 Num Update Status Rcvd 0 Num Status Timeouts 16 LMI Statistics for interface Serial0/0/0. Finally. R1# show frame-relay pvc All contents are Copyright © 1992–2008 Cisco Systems.102 (Frame Relay DTE) LMI TYPE = CISCO Invalid Unnumbered info 0 Invalid Prot Disc 0 Invalid dummy Call Ref 0 Invalid Msg Type 0 Invalid Status Message 0 Invalid Lock Shift 0 Invalid Information ID 0 Invalid Report IE Len 0 Invalid Report Request 0 Invalid Keep IE Len 0 Num Status Enq. Inc.104 (Frame Relay DTE) LMI TYPE = CISCO Invalid Unnumbered info 0 Invalid Prot Disc 0 Invalid dummy Call Ref 0 Invalid Msg Type 0 Invalid Status Message 0 Invalid Lock Shift 0 Invalid Information ID 0 Invalid Report IE Len 0 Invalid Report Request 0 Invalid Keep IE Len 0 Num Status Enq. Step 1. Next. Sent 0 Num Status msgs Rcvd 0 Num Update Status Rcvd 0 Num Status Timeouts 16 t. Sent 0 Num Status msgs Rcvd 0 Num Update Status Rcvd 0 Num Status Timeouts 16 LMI Statistics for interface Serial0/0/0. dlci 104. active Serial0/0/0. All rights reserved. broadcast. broadcast. Verify the Frame Relay network.

Verify connectivity to the spoke LANs. If not.104 input pkts 14055 out bytes 6216155 in BECN pkts 0 in DE pkts 0 out bcast pkts 32795 output pkts 32795 dropped pkts 0 out FECN pkts 0 out DE pkts 0 out bcast bytes 6216155 in bytes 1096228 in FECN pkts 0 out BECN pkts 0 NOTE: PC1 and PC3 should now be able to successfully ping each other and the web server. INTERFACE = Serial0/0/0. INTERFACE = Serial0/0/0. ping the LAN interfaces of routers R2. Check results. DLCI USAGE = LOCAL. From the R1 router. R3. make sure that you entered all the commands exactly as specified in the previous steps. PVC STATUS = ACTIVE. Step 3. DLCI USAGE = LOCAL. Inc. INTERFACE = Serial0/0/0. and R4. click Check Results to see which required components are not yet completed. PVC STATUS = ACTIVE. All rights reserved. Page 7 of 32 . Your completion percentage should be 100%. This document is Cisco Public Information. Step 2. You should be able to successfully ping.CCNA Exploration LAN Switching and Wireless PVC Statistics for interface Serial0/0/0 (Frame Relay DTE) DLCI = 102. All contents are Copyright © 1992–2008 Cisco Systems. PVC STATUS = ACTIVE.103 input pkts 14055 out bytes 6216155 in BECN pkts 0 in DE pkts 0 out bcast pkts 32795 output pkts 32795 dropped pkts 0 out FECN pkts 0 out DE pkts 0 out bcast bytes 6216155 in bytes 1096228 in FECN pkts 0 out BECN pkts 0 DLCI = 104. DLCI USAGE = LOCAL.102 input pkts 14055 out bytes 6216155 in BECN pkts 0 in DE pkts 0 out bcast pkts 32795 output pkts 32795 dropped pkts 0 out FECN pkts 0 out DE pkts 0 out bcast bytes 6216155 in bytes 1096228 in FECN pkts 0 out BECN pkts 0 DLCI = 103. If not.

issue the show vlan command to verify proper VLAN configuration. issue the show interfaces trunk and show interfaces switchport commands. v. Inc. DLS1 and DLS2 load balance the traffic at Layer 2 on a perVLAN basis.CCNA Exploration LAN Switching and Wireless Configuring Inter-VLAN Routing with Multilayer Switches Instructor Version Completed Topology Objectives • View the default Layer 2 configuration. enter privileged EXEC mode with the enable command. Verify the trunking and VLAN configuration on the switches. Full IP communications. Background/Scenario Inter-VLAN routing on distribution layer switches is made possible with switch virtual interfaces (SVIs). w. DLS1 and DLS2 are connected in a partial-mesh topology with the access layer switches. All contents are Copyright © 1992–2008 Cisco Systems. SVIs are configured for each VLAN to enable inter-VLAN IP communication. From privileged EXEC mode. • Verify inter-VLAN routing. On the two distribution switches. Task 1: View the Default Configuration. In this case. On all four switches. • Configure the switch virtual interfaces (SVIs). This document is Cisco Public Information. previously available only with dedicated routers. All rights reserved. u. such as Cisco Catalyst 3560 switches. are made available with these multilayer switches. ALS1 and ALS2. Step 1. Page 8 of 32 . are capable of wirespeed IP routing in addition to traditional Layer 2 switching. distribution layer bound IP subnets with hosts pointing to the SVIs as default gateways for the respective IP subnets. two distribution layer switches. Multilayer switches. In this configuration.

Repeat for 10. 10.0.2.1D spanning-tree.2.0. The ping tests should all be successful.10. DLS2 is the root bridge for VLANs 10 and 30. Verify that all switches are running IEEE 802. 30. Task 2: Configure inter-VLAN routing on the switches.2. Repeat for 10.255. b. issue the show vtp status command to verify the propagation of VLAN information.30.0.2/24. Give ALS1 the management interface IP address of 10. and 99. Example DLS1(config)# interface vlan 10 DLS1(config-if)# ip address 10. 10. b.20. issue the show spanning-tree command.1/24.1D spanning-tree.3/24. c.2/24.0. x.1 255. 20. VLAN20: 10. which switch is the root bridge? Observation: DLS1 is the root bridge for VLANs 1.99.1. and 10. issue the privileged EXEC command ping 10. Test ICMP connectivity from the access layer switches to the distribution layer SVIs.0.1/24.2. configure the default gateway to be 10. For VLANs 1.1/24. On ALS1. VLAN30: 10.2. and 10.0.0.4/24. enter the global configuration command interface vlan x on DLS1 and DLS2 for VLANs 10.10. Enter interface vlan 1 mode on ALS1 and ALS2 and enter the shutdown command. Step 1.1q trunking.10.0. 20. Inc.0.2. VLAN30: 10. a.2. all three are configured to trunk VLANs 1.0.1. a. On ALS2.1.99. 10.0. Verify the VTP configuration on the switches. y.0. Step 2. On DLS1.0.1.2/24. Create the SVIs on the distribution layer switches. and 99. 10. configure IP addresses for each SVI. 10.99. Step 3.CCNA Exploration LAN Switching and Wireless Observation: Fa0/1.20. 10. On DLS2.99.255. and VLAN99: 10. All contents are Copyright © 1992–2008 Cisco Systems.0.0. VLAN99: 10.10.0. VLAN10: 10. VLAN10: 10.20.0. Verify IEEE 802.20.0.99. f. Configure IP addressing on the access layer switches. 10.99.99.30. 99 and all default vlans.0. VLAN20: 10.1/24.10.30.0. Give ALS2 the management interface IP address of 10. The native management VLAN is VLAN99. Fa0/2.0 c. Page 9 of 32 . 20.2/24. 20.1. 10.20.30.0. Step 1.99.0. aa.1. 10. On ALS1. Step 2.99.1/24. Additionally.1. configure IP addresses for each SVI. 10.30. DLS1 and DLS2 should be VTP servers.2/24.0.0. configure the default gateway to be 10. z.1.30. From privileged EXEC mode on the access layer switches. This document is Cisco Public Information. Task 3: Verify inter-VLAN routing. 30 and 99.0. 10.10. Issue the interface vlan 99 command followed by the no shutdown command on ALS1 and ALS2. On ALS2. and Fa0/3 are configured for 802. issue the privileged EXEC command ping 10. d. The ping tests should all be successful.0.0.20. To create SVIs switches.99. 30. bb.10.0.2.0. ALS1 and ALS2 should be VTP clients. All rights reserved. e. From each switch. 10.

click Check Results to see which required components are not yet completed. Check Results. b. Check results. Routing will be established using RIPng. If not. Task 1: Configure Router R1 to Support IPv6. Configure an IPv6 Address and RIPng on S0/0/0. All IPv6 routers must be enabled to support IPv6 unicast routing. This document is Cisco Public Information. enable the RIPng process called "PROCESS1" and configure a clock rate of 64000 using the following commands. Page 10 of 32 . Your completion percentage should be 100%. PT: IPv6 and RIPng Configuration Objectives • • • • Enable IPv6 Unicast Routing. a. If not. Step 2. Your completion percentage should be 25%. Configure IPv6 addresses. Step 1. All contents are Copyright © 1992–2008 Cisco Systems. On the Serial 0/0/0 interface of router R1. click Check Results to see which required components are not yet completed. Verify the IPv6 configuration. Enable RIPng on appropirate interfaces. From privileged EXEC mode on R1. Enter the ipv6 unicast-routing command. All rights reserved. R1(config)# interface Serial0/0/0 R1(config-if)# ipv6 address 2001:410:1:10::/65 eui-64 R1(config-if)# ipv6 rip PROCESS1 enable R1(config-if)# clock rate 64000 R1(config-if)# no shutdown R1(config-if)# exit Step 3. Enable IPv6 Unicast Routing on R1. configure an EUI IPv6 address. Background/Scenario Three routers must be interconnected in a simple IPv6 configuration. Inc. enter global configuration mode.CCNA Exploration LAN Switching and Wireless Step 3.

Only interface S0/0/1 on R3 needs to be configured. All contents are Copyright © 1992–2008 Cisco Systems. Just as we configured the router R1 to support IPv6. Check Results. Your completion percentage should be 62%. enable IPv6 unicast routing. R2# conf t R2(config)# ipv6 unicast-routing R2(config)# interface Serial0/0/0 R2(config-if)# ipv6 address 2001:410:1:10::/65 eui-64 R2(config-if)# ipv6 rip PROCESS1 enable R2(config-if)# no shutdown R2(config-if)# exit R2(config)# interface Serial0/0/1 R2(config-if)# ipv6 address 2001:410:2:10::/65 eui-64 R2(config-if)# ipv6 rip PROCESS1 enable R2(config-if)# clock rate 64000 R2(config-if)# no shutdown R2(config-if)# exit Step 2. If not. All rights reserved. Page 11 of 32 . Configure Router R2. Step 1. Check Results. Inc. click Check Results to see which required components are not yet completed. configure an EUI IPv6 address and enable the RIPng process called "PROCESS1" on interfaces Serial 0/0/0 and Serial 0/0/1 using the following commands. Step 3. Note that only the S0/0/1 interface requires the clock rate. Your completion percentage should be 100%. click Check Results to see which required components are not yet completed. If not. This document is Cisco Public Information. we must also configure routers R2 and R3 as well. Repeat Step 1 on router R3 using the following commands: R3# conf t R3(config)# ipv6 unicast-routing R3(config)# interface Serial0/0/1 R3(config-if)# ipv6 address 2001:410:2:10::/65 eui-64 R3(config-if)# ipv6 rip PROCESS1 enable R3(config-if)# no shutdown R3(config-if)#end Step 4.CCNA Exploration LAN Switching and Wireless Task 2: Configure Router R2 and R3 to Support IPv6. On router R2. Configure Router R3.

d. c. Page 12 of 32 . The address beginning with FE80 is the link local address and the address beginning with 2001 is the global unicast address. Verify the IPv6 Configuration on R1. Note: On R1. First. Inc. To get more information on these addresses use the show ipv6 interface s0/0/0 command. Next. All contents are Copyright © 1992–2008 Cisco Systems. specify serial0/0/0. Finally. a. verify which interfaces have been configured to support IPv6 using the show ipv6 interface brief command on R1. The following are several IPv6 commands. This document is Cisco Public Information. test connectivity by pinging the R3 serial0/0/0 interface from R1.CCNA Exploration LAN Switching and Wireless Task 3: Verify the IPv6 Configuration. verify the routing IPv6 table using the show ipv6 route command on R1. Use the address that you wrote down as the global unicast address (starting with 2001). All rights reserved. Write down the global unicast address for each of the interfaces. R2 and R3 will be different. Issue the show ipv6 rip database command to verify the specifics of the IPv6 RIP database. only Serial 0/0/0 displays any IPv6 addresses. b. Step 1. When asked for the outgoing interface. Both were created when the ipv6 address with the EUI-64 option specified. IPv6 retains the same common commands as IPv4 with the exception that we must specify that these are IPv6 commands. R2 and R3. There are several commands available to verify the IPv6. Recall that the EUI-64 inserts the hex digits FFE in the IPv6 address.

On the three switches. This document is Cisco Public Information. Port security is normally enabled on access layer switches for this purpose. issue the show interfaces trunk and show interfaces switchport commands. cc. Inc. All rights reserved. Task 1: View the Default Configuration. Background/Scenario Port security enables the switch administrator to prevent unauthorized devices from gaining access to the network. dd. thus grading will not be conducted. NOTE: This activity is for observation purposes only and does not require configuration. Step 1. • Configure port security. From privileged EXEC mode. enter privileged EXEC mode using the console password cisco and the secret password class. Page 13 of 32 .CCNA Exploration LAN Switching and Wireless Configuring Port-Security (Instructor Version) Completed Topology Objectives • View the default Layer 2 configuration. All contents are Copyright © 1992–2008 Cisco Systems. Verify the trunking and VLAN configuration on the switches.

issue the show vtp status command to verify VTP modes and VLAN information. Observation: S1 is a VTP server. The VLANs configured on S1 successfully propagated to S2. Enable port security on S2 and enforce a maximum number of MAC addresses. F0/3-5. issue the show spanning-tree command. S2 VLAN 10: ports F0/11-17 S2 VLAN 20: ports F0/18-24 S2 VLAN 30: ports F0/6-10 S3 VLAN 1: ports F0/1. F0/11. hh. enter the command switchport port-security maximum Enter the show run command in privileged EXEC mode to see the effect of step 2. and F0/18 of S2.a. S1 VLAN 1: all ports except for trunk ports F0/1 and F0/2. Issue the show vlan command to verify proper VLAN configuration.1Q trunk ports. This is because the default maximum for port security on an interface All contents are Copyright © 1992–2008 Cisco Systems. Task 2: Configure port security on the switches. On S3. This document is Cisco Public Information. enter the interface mode for port F0/6 and issue the command switchport port-security. S3 is in VTP transparent mode. Observation: VLANs 10 (faculty/staff). F0/11. and 99 (management) are configured on the three switches: VLAN 1 is the default VLAN on each switch. All rights reserved. S2 VLAN 1: ports F0/2-5. ports F0/1 and F0/2 are 802. port F0/1 is an 802. On S2.1Q trunk port. S2 is a VTP client. G1/1-2 S3 VLAN 10: ports F0/18-24 S3 VLAN 20: ports F0/11-17 S3 VLAN 30: ports F0/6-10 Step 2. ff. Verify that all switches are running IEEE 802.1D spanning-tree. kk.a. gg. The native VLAN is 99 for all trunk ports. Repeat step 1. Observation: The command switchport port-security maximum 1 does not appear under the interfaces F0/6.1D spanning-tree. ii.1D. jj. ee. 20 (students). mm. Observation: All switches are running IEEE 802. On ports F0/6. and F0/18. 30 (guest). From each switch. Verify that S1 is the root bridge for VLANs 1-1001. Step 1. Step 3. Page 14 of 32 . From privileged EXEC mode on the access layer switches. S1 is the spanning-tree root bridge for the topology. G1/1-2. on ports F0/11 and F0/18 of S2. Verify the VTP configuration on the switches. ll. port F0/2 is an 802.1Q trunk port. Verify IEEE 802. Inc. To enable port security on S2.CCNA Exploration LAN Switching and Wireless Observation: On S1.

This will ping PC3.C7CA. Observe what happens when a security violation occurs. nn. This document is Cisco Public Information. Page 15 of 32 .CCNA Exploration LAN Switching and Wireless is 1. Place a new connection between PC6 and S3 using port Fa0/6. enter the command show port-security interface fa0/6. which is connected to Fa0/6 on S2. ww. vv. port-status is secure-shutdown. Click on PC6. and F0/18 of switch S3.Delete the connection between TestPC and S3. enter the command show run and check to see if anything has changed in the output. Click the “copper straight-through” connection. security violation count is 0. This will allow you to delete a connection in the topology. uu. Remember that once a port is shutdown due to a security violation. On ports F0/6. On S3. enter the command show port-security interface fa0/6.A3A5. the port must be administratively shutdown and re-enabled to bring the port back online. issue the command ping 172. Place the x over the connection between PC6 and S3 and click.17. port-status is secure-up. On Fa0/6 on S3. tt.30. click on S3 and select port Fa0/6. Observation: Port security is enabled.30. qq. PC6 is currently connected to Fa0/6 on S3. enter the command switchport port-security macaddress sticky. Configure dynamic learning for port security and verify operation. F0/11. The ping should fail. Repeat steps a through d on ports F0/6. ss. security violation count is 1. The connection should disappear. F0/11. Issue the show run command to view the final configuration on both S2 and S3. The ping should be successful. On S2 and S3. the entry “switchport port-security mac-address sticky 0001. Next. The command switchport port-security maximum # will only appear if a value higher than 1 is configured. Click on the red x button on the right hand portion of the PT window. From the command prompt of TestPC type the command ping 172. Step 2. pp. the entry “ switchport port-security mac-address sticky 0030. Inc. Select the lightening bolt button on the bottom left-hand corner of the PT window to pull up connection types. Observation: Port security is enabled. Step 3.17.E31C” now appears under the configuration for port F0/6. From the command prompt on PC6.23. Observation: On S2. All rights reserved. On S3.A8C2” now appears under the configuration for port F0/6. Click the TestPC device and select the fastethernet port. issue the command no shutdown.23. All contents are Copyright © 1992–2008 Cisco Systems. rr. and F0/18 of S2 and S3. On S3. oo.

Step 1. Observation: Ports Fa0/7. Task 1: View the Default Configuration. enter privileged EXEC mode with the enable command. issue the show vlan command to verify proper VLAN configuration. Fa0/9 and Fa0/11 are not listed within a specific vlan. type the command ping 172. 110. issue the show interfaces trunk and show interfaces switchport commands. This document is Cisco Public Information. a. two distribution layer switches.23. The ping should succeed. Fa0/9 and Fa0/11 have all been configured as trunk ports. Observation: Fa0/7. On the two distribution switches (DLS1 and DLS2). ALS1 and ALS2. During the transition period between RSTP states. Page 16 of 32 . b. You have completed this configuration/observation activity. On S3. DLS1 and DLS2 are connected in a full-mesh topology with the access layer switches. Enable RSTP.CCNA Exploration LAN Switching and Wireless xx. 120 and 130 are created and active: 100 Server-Farm-1 active 110 Server-Farm-2 active 120 Net-Eng active 130 Staff active All contents are Copyright © 1992–2008 Cisco Systems. Configure primary and secondary root bridges. rapid spanning tree falls back to regular spanning tree on links that have regular spanning tree on one side. From privileged EXEC mode. Also VLAN100. DLS1 and DLS2 load balance the traffic at Layer 2 on a per-VLAN basis.30. while still preventing bridging loops. On all four switches. issue the command show port-security interface Fa0/6. Inc.17. From the command prompt on PC6. Verify the trunking and VLAN configuration on the switches. All rights reserved. One of these modes is RSTP (rapid spanning tree protocol). In this configuration. c. Background/Scenario Spanning tree modes other than PVST+ are available. The status of the port should be back to normal. which greatly reduces the time between a port coming up and changing to forwarding. Configuring RSTP Objectives • • • View the default Layer 2 configuration.

Step 3. b. On DLS1. issue the spanning-tree vlan 1. the operating mode is set to “server”. port F0/9 is non-designated blocking. On DLS1. To enable RSTP on the switches. a. DLS2.1D spanning-tree. b. On switch DLSI. verify that ports F0/7 and F0/11 are non-designated blocking and port F0/9 is root forwarding. verify that port F0/7 is root forwarding and ports F0/9 and F0/11 are designated forwarding. the show spanning-tree summary output indicates: Root bridge for: default ServerFarm-1 Server-Farm-2 Net-Eng Staff d. ALS1. On ALS2. Observation: In the output.130 root secondary command. issue the spanning-tree vlan 110. a. Page 17 of 32 . ALS1. All contents are Copyright © 1992–2008 Cisco Systems. Example: Fa0/7 Desg FWD Step 4. Verify that DLS1 is the root bridge for all the VLANs.CCNA Exploration LAN Switching and Wireless Step 2. enter the global configuration command spanning-tree mode rapid-pvst on each switch.1D spanning-tree and Root configuration on DLS1. c. From privileged EXEC mode on the DLS1. Step 1. and F0/11 is root forwarding. On DLS2. issue the show spanning-tree command and the show spanning-tree summary command.100. verify that port F0/7 is designated forwarding. Observation: In the show spanning-tree output the line “This bridge is the root” indicates the current switch is the root bridge. Example: Fa0/9 Altn BLK (meaning non-designated blocking) Task 2: Configure RSTP on the switches and load balance. b. Configure DLS1 as the primary root bridge for VLANs 1. Observation: in the show spanning-tree output. 100. On ALS1. issue the show spanning-tree command. Verify IEEE 802. c. Verify that ports F0/7. and F0/11 are designated forwarding ports on DLS1. each interface is listed with the status set to forward. the operating mode is set to “client”. and ALS2. and ALS2. Enable RSTP. Verify IEEE 802. F0/9. Verify that it is running IEEE 802. On each switch. Observation: In DLS1 and DLS2. Step 2. All rights reserved. a. In ALS1 and ALS2. issue the show vtp status command to verify the propagation of VLAN information. Verify the VTP configuration on the switches. Additionally. d. and 120 and as the secondary root bridge for VLANs 110 and 130.120 root primary command. you should see each interface listed with the status set.1D spanning-tree and port status on DLS2. Inc. This document is Cisco Public Information.

Observation: DLS2# show spanning-tree summary Switch is in rapid-pvst mode Root bridge for: Server-Farm-2 Staff Note: If this output does not appear. After configuring RSTP on all switches. and 120.100. go back and ensure that all commands from Task 2 were performed on all switches. Page 18 of 32 . click on the button “power cycle devices”. a. Observation: DLS1# show spanning-tree summary Switch is in rapid-pvst mode Root bridge for: default Server-Farm-1 Net-Eng b. Inc. You have completed this observation activity. Step 4. 100.120 root secondary command. All contents are Copyright © 1992–2008 Cisco Systems.CCNA Exploration LAN Switching and Wireless Step 3. b. below the topology. Verify the RSTP configuration. On DLS2. All rights reserved. be sure to power cycle the devices to allow for quicker convergence in PT. Also. This document is Cisco Public Information. issue the command copy run start . issue the spanning-tree vlan 1. Save the configuration and power cycle all devices. Task 3: Verify RSTP output. Next. On DLS2. a. Issue the show spanning-tree summary command to verify which version of spanning tree protocol is running on DLS1 and to observe the VLANs for which DLS1 is the root bridge. b. On each swich. issue the show spanning-tree summary command to verify which version of spanning tree protocol is running on DLS2 and to observe the VLANs for which DLS2 is the root bridge. a. On PT. issue the spanning-tree vlan 110. Configure DLS2 as the primary root bridge for VLANs 110 and 130 and as the secondary root bridge for VLANs 1. Step 1.130 root primary command. verify the RSTP configuration on DLS1.

b. R3. Step 2. four routers are interconnected in a hub-and-spoke Frame Relay configuration. all Telnet traffic is forwarded in plain text. Exit and repeat the step for routers R3 and R4. remote administrative access on routers was configured using Telnet on TCP port 23. Background/Scenario Traditionally. Inc. Verify the routing tables. the following parameters must be configured: .Local authentication All contents are Copyright © 1992–2008 Cisco Systems. Task 1: View the Default Configuration. c. Dynamic routing has been configured using multiarea OSPF. It provides functionality that is similar to that of an outbound Telnet connection.Hostname . SSH uses port TCP 22. issue the show ip route command to verify the all network segments are being advertised. Enable SSH. a. Enter privileged EXEC mode with the password cisco. Telnet to R2 using it’s LAN interface IP address. a. Verify connectivity between routers. b.CCNA Exploration LAN Switching and Wireless Configuring SSH Objectives • • • View the default internetwork configuration. With authentication and encryption. However. From privileged EXEC mode on all four routers. and routers R2. Telnet was developed in the days when security was not an issue. and R4 are the spokes. Page 19 of 32 . Step 1. From privileged EXEC mode on all four routers. On all four routers. Enable and configure SSH on R1. SSH allows for secure communications over an insecure network. except that the connection is encrypted. Again from router R1.Domain name . All rights reserved. For this reason. Step 3.Asymmetrical keys . Step 1. SSH has replaced Telnet as the best practice for providing remote router administration with connections that support strong privacy and session integrity. Verify the Frame Relay configuration on the routers. enter user EXEC mode with the password cisco. In this configuration. Router R1 is the hub. This document is Cisco Public Information. ping all LAN interfaces to verify connectivity. Task 2: Configure SSH on the Hub Router (R1). From R1.Ping other PCs on the same network. issue the show frame-relay map command to verify Frame Relay connectivity. Interconnect using SSH. To enable SSH on the router.

specify a modulus of 1024 bits. Step 1. After configuring SSH on all routers. we need to disable Telnet and enable SSH communication to the VTY lines. Therefore. If not. When prompted for a modulus size. Step 1. The asymmetrical RSA keys must be generated on R1 using the crypto key generate rsa command. R3 and R4. e. Task 4: Verify SSH. Issue the show ip ssh command to verify which version of SSH is configured. Repeat the Steps from Task 2 on routers R2. c. Therefore configure the domain name cisco. Inc. Step 2. Step 2. All rights reserved. Your completion percentage should be 100%. R3.com using the ip domainname domain-name command. click Check Results to see which required components are not yet completed. a local username database entry must be configured using the username name password password command. Task 3: Configure SSH on the Spoke Routers R2. a. and R4. enter the following commands on R1. SSH will prompt for a username and password combination when enabled. R1# sho ip ssh All contents are Copyright © 1992–2008 Cisco Systems. b. Page 20 of 32 . To do so. Your completion percentage should be 25%. The hostname on R1 is pre-configured. Save the configuration. and what the default settings are. In this lab. Configure the SSH version using the ip ssh version command. Verify the SSH configuration. verify the SSH configuration on R1. Check results. we will be configuring to use version 2. Check results. d. click Check Results to see which required components are not yet completed.CCNA Exploration LAN Switching and Wireless a. This document is Cisco Public Information. Next. If not. Configure SSH on routers R2. R3 and R4. Create a local account for the user admin and password cisco. R1(config)# line vty 0 4 R1(config-line)# no transport input all R1(config-line)# transport input ssh R1(config-line)# login local R1(config-line)# end f.

CCNA Exploration LAN Switching and Wireless SSH Enabled . Only SSH can be used to establish a remote connection. SSH to router R2 using the ssh –l username ip-address command.version 1.20.20. All rights reserved. enter cisco. Now Telnet to router R2. R1#show ssh %No SSHv2 server connections running. issue the show ip ssh command to verify if SSH is currently running.20. [Connection to 10. Page 21 of 32 . %No SSHv1 server connections running. b. R1# telnet 10.20. You should now be connected to router R2. Using R1 as the SSH client.ext. Step 2.. R1#ssh –l admin 10.20. When prompted for a password. All contents are Copyright © 1992–2008 Cisco Systems..ext.20.1 Trying 10.1 . Inc. Authentication retries: 3 b.20. connect to R2.1 closed by foreign host] Recall that Telnet was deactivated using the no transport input all command. to issue the show ip ssh command to verify if SSH is currently running.99 Authentication timeout: 120 secs. This document is Cisco Public Information.20. a.1 Password: c. Next.

On SW-B. issue the show spanning-tree command and observe the output.CCNA Exploration LAN Switching and Wireless Configuring STP (Instructor Version) Objectives • • • • View the default configuration of the spanning tree protocol. On the Central switches. This is evident by the line “This bridge is the root”. observe how the spanning-tree protocol affects path selection and how that path selection can change based on the configuration of the root bridge. bbb. Notice that Fa0/13 is placed in designated forwarding. it can introduce increased latency and unintended inefficiencies if left to auto negotiate the root bridge. orange for blocking). View how traffic is forwarded based on SW-B as root. This document is Cisco Public Information. Observation: Central is NOT the root bridge. Step 1. behind the Realtime clock. from the privileged EXEC mode. All contents are Copyright © 1992–2008 Cisco Systems. and Gi0/1 is specified as Root Fwd. issue the show spanning-tree command. Enable portfast on ports connected directly to host devices View how these configurations change the way in which traffic is forwarded. issue the show spanning-tree command. Task 1: View the Default Configuration. In this activity. Page 22 of 32 . aaa. Spanning-tree must converge before connectivity occurs on a network. On Switch1. ccc. Step 2. Observation: SW-B is the root bridge. Inc. zz. from the privileged EXEC mode. Gi0/2 is placed in alternate blocking. Fa0/22 is connected to SW-B. Background/Scenario The spanning-tree protocol is useful in ensuring that loops do not exist in the network. Observation: All ports take equally as long to converge. Select and enable the root bridge. Observation: Switch1 is NOT the root bridge. Wait for all link lights to turn either green or orange (green for forwarding.Click on the simulation button. However. including those ports that are connected to host devices. The simulation button can be found on the lower right-hand corner of the PT window. Determine the root bridge. yy. Wait for STP convergence to occur. and fa0/22 is specified as Root Fwd. From privileged EXEC mode. All rights reserved. Step 3. Gi0/1 is connected to Switch1. enter privileged EXEC mode using the console password cisco and the secret password class. Notice that all ports are forwarding.

nnn. Close the Event List window by selecting the x in the upper right-hand corner. Select Switch 2. This will allow you to see then entire topology. kkk. Step 5. in the drop down box. it is also good practice to enable portfast on ports that are known to connect to servers and workstations. Below these buttons is a drop down box with Scenario 0 and Scenario 1. Enable Portfast. Inc. Click the Auto Capture / Play button to view the path that the packet will take to reach that server. From the EXEC priviledge mode. Next. The real time button can be found on the lower right-hand corner of the PT window.From the EXEC priviledge mode. Notice the Auto Capture / Play button and the Capture / Forward button on the bottom screen of the PT window. fff. Scenario 0 is a ping originating from PC-PT E1 and destined to Server-PT Workgroup Server 1. Save the configuration with the command copy run start. Click on the real time button. When the Buffer Full message appears. This document is Cisco Public Information. Page 23 of 32 . eee. enable the Switch 2 as the secondary root bridge by typing the command spanning-tree vlan 1 root secondary. just below the Viewport button. mmm. Select Central switch. hhh. click on view previous events. When the Buffer Full message appears. To speed up convergence. Click the Auto Capture / Play button to view the path that the packet will take to reach that server. click on view previous events. Manually configure the root bridge. jjj. iii. Save the configuration with the command copy run start. the STP for that port assumes that the port is not part of a loop and immediately moves to the forwarding state and does not go All contents are Copyright © 1992–2008 Cisco Systems. Is the path that the packet took to reach that destination the most efficient path? Why did the packet take that path? ggg. Be sure that Scenario 0 is selected. ooo. behind the simulation timed clock. Is the path that the packet took to reach that destination the most efficient path? Why did the packet take that path? Step 4. lll. When an interface is configured with portfast. enable the central switch as the root bridge by typing the command spanning-tree vlan 1 root primary. Scenario 1 is a ping originating from PC-PT E2 and destined for Server-PT Workgroup Server 2.CCNA Exploration LAN Switching and Wireless ddd. All rights reserved. select Scenario 1.

This will reboot all devices and allow you to watch the spanning-tree convergence. Click the Auto Capture / Play button to view the path that the packet will take to reach that server. click the button “power cycle devices”. All rights reserved. www. For this exercise. select Scenario 0.Repeat steps a and b on switches SW-B. on switch Central.Next. zzz. sss. Inc. Save the configuration with the copy run start command. SW-C. Step 6. vvv. click on view previous events. When the Buffer Full message appears. This will allow you to see then entire topology. or learning states. xxx. Scenario 0 is a ping originating from PC-PT E1 and destined to Server-PT Workgroup Server 1. SW-E.How has the path changed? Is the path more efficient? Is there more efficient paths available? All contents are Copyright © 1992–2008 Cisco Systems.How has the path changed? Is the path more efficient? Is there more efficient paths available? yyy.CCNA Exploration LAN Switching and Wireless through the blocking. Additionally enable portfast on the port connected to Workgroup Server 2 (Fa0/13) Example: Switch(config)# interface range fa0/1 – fa0/4 Switch(config-if-range)# spanning-tree portfast Switch(config-if-range)# interface fa0/13 Switch(config-if)# spanning-tree portfast rrr. SW-D. Be sure that you saved all configurations before rebooting devices. just below the Viewport button. enable portfast on port fa0/13 ttt. Page 24 of 32 . Click on the simulation button. and SW-F.Close the Event List window by selecting the x in the upper right-hand corner. enable portfast on ports that are connected to servers. Using the interface range command. Click on SW-A qqq. In the drop down box. select Scenario 1. in the drop down box. ppp. uuu. enable portfast on ports Fa0/1 – Fa0/4. Scenario 1 is a ping originating from PC-PT E2 and destined for Server-PT Workgroup Server 2. listening. This document is Cisco Public Information. Click the Auto Capture / Play button to view the path that the packet will take to reach that server. When the Buffer Full message appears. click on view previous events. View how traffic is forwarded based on Central as the root. In addition. Once you have completed the configuration.

All contents are Copyright © 1992–2008 Cisco Systems. How does enabling portfast increase efficiency in the network? The STP for that port assumes that the port is not part of a loop and immediately moves to the forwarding state and does not go through the blocking. listening. How does specifying the root bridge affect efficiencies in the network? Changing the root bridge affects how packets are forwarded.CCNA Exploration LAN Switching and Wireless Step 7. How can specifying multiple VLANS and different root bridges for each VLAN improve efficiency? If there are several devices that must reach a specific server. such as workgroup server 2. certain ports may be placed in blocking. So packets taking that path have faster connection times. Central is the connection to the Internet and the Workgroup Server 1 and may be the most important or commonly accessed path for all devices. cccc. this means that host devices connected to portfast enabled ports will be able to start sending and receiving traffic immediately. Whereas on other switches. versus Fastethernet. Inc. all ports are placed to forwarding. In this case. it is possible to place all of these devices and the server in a separate VLAN. In this topology there is only one VLAN and 1 root bridge. bbbb. Page 25 of 32 . All rights reserved. preventing traffic from taking the most “efficient” path. Reflection. For a switch that is newly connected to the network. the speed of the connections to Central is Gigabit. aaaa. dddd. With the root bridge. There is a separate instance of spanning-tree for each VLAN. or learning states. What are some factors that may be important to consider when selecting the root bridge? The decision varies on several factors. This document is Cisco Public Information. In addition. The root bridge for that VLAN can then be specified based on the most efficient path to reach that server.

10. 10._. 4) All other internal traffic should be denied access to Int Web Serv.2 (second value based on internal network number) should be able to access Int Web Serv with all services 4) All other internal hosts on the 10._.2._. Any other external traffic to the Ext Web Serv should be denied.) should be able to access Int.0. 10. 3) On the 10.1(located on the external network) to access.20. only host 10.0.CCNA Exploration LAN Switching and Wireless Multi-User Activity: ACL Requirements External Network Requirements: 1) Permit the management host with the IP address 10.30.0.50. 10.0.0._. including ping and telnet. 5) All other internal traffic destined for internal hosts (including ping.0/24 network (second value based on internal network number) should be able to access Int Web Serv with all services.40. 3) External html traffic should be permitted to access Ext Web Serv. 10.2.30. Examples include: 10. 2) All traffic originating from the external network 10. All rights reserved.20.4.4. 7) All other external traffic should be denied. 4) All established traffic (traffic from the external network in response to a request from a host on the internal network) should be permitted.100._._.1.2.) should be able to access Int. 2) All other ping and telnet traffic from the external network to internal devices should be denied.4.1.0. Web Serv with html traffic only.2. 10. 6) All external EIGRP traffic required to ensure routing should be permitted.0 (the second value will vary depending on the number of students participating in the multi-user activity. 3) All internal traffic originating from the 10.10.0. any host on the internal network.2. This document is Cisco Public Information.50.2. Internal Network Requirements: 1) All internal html traffic to the Ext Web Serv should be permitted.2.2.2.2. 5) All traffic originating from the external network 10.0. telnet) should be permitted.2. 10.40. 10.2.0/24 network.0 (the second value will vary depending on the number of students participating in the multi-user activity. Page 26 of 32 . Examples include: 10.0. Inc. Web Serv with html traffic only. 6) All other external traffic to the Int Web Serv should be denied.1.0.2. All contents are Copyright © 1992–2008 Cisco Systems.0.2.0 network should be able to access the Int Web Serv with html traffic only. 10.

1.1.5. This document is Cisco Public Information.255.255.255.0 ip access-group 101 in ! interface Serial0/1 ip address 10. Inc.255.CCNA Exploration LAN Switching and Wireless Multi-User Activity: ACL Solution Solutions can vary.255. All rights reserved.4. Page 27 of 32 .0 clock rate 56000 ! interface Serial0/2 no ip address shutdown ! interface Serial0/3 no ip address shutdown ! interface FastEthernet1/0 no ip address duplex auto speed auto shutdown ! interface FastEthernet1/1 no ip address duplex auto speed auto shutdown ! All contents are Copyright © 1992–2008 Cisco Systems.2 255.1.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address duplex auto speed auto shutdown ! interface Serial0/0 ip address 10.2 255. One possible solution for Peer0: Router0: hostname Router ! ! ! ! ! ip ssh version 1 ! ! interface FastEthernet0/0 ip address 10.3.1 255.

3 eq www access-list 101 permit tcp 10. Page 28 of 32 .2.1 any access-list 101 deny tcp any any eq telnet access-list 101 deny icmp any any echo access-list 101 permit tcp any any established access-list 101 permit tcp any host 10.1.1.10.0 ip access-group 101 out duplex auto speed auto ! interface FastEthernet0/1 ip address 10.1.0 0.4.255.0.0 All contents are Copyright © 1992–2008 Cisco Systems.1.255.2 no service password-encryption ! hostname Router ! ! enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0 ! ! ! ! ip ssh version 1 ! ! interface FastEthernet0/0 ip address 10. All rights reserved. Inc.20.2 eq www access-list 101 permit tcp 10.255.255.CCNA Exploration LAN Switching and Wireless router eigrp 101 network 10.0. This document is Cisco Public Information.0 0.2 eq www ! assuming that peer1 and peer2 users are also participating access-list 101 permit eigrp any any ! ! ! no cdp run ! line con 0 line vty 0 4 login ! ! end Router# Router1: Current configuration : 1188 bytes ! version 12.255 host 10.1.0 auto-summary ! ip classless ! ! access-list 101 permit ip host 10.1.2.0.1 255.1.100.1 255.255 host 10.1.0.0.0.2.1.

0 0.1.255 host 10.4.4.1.10.1.0.0.1.1.100.2 eq www ! assuming that peer1 and peer2 users are also participating access-list 101 permit ip 10.1. All rights reserved.2.0.2 eq www access-list 101 permit tcp 10.20.2 host 10. This document is Cisco Public Information.1.1.1.0 auto-summary ! ip classless ! ! access-list 101 permit ip host 10. Inc.3.2 access-list 101 permit ip host 10.0.0 0.0 0.255 host 10.0 ! interface Serial0/1 no ip address shutdown ! interface Serial0/2 no ip address shutdown ! interface Serial0/3 no ip address shutdown ! interface FastEthernet1/0 no ip address duplex auto speed auto shutdown ! interface FastEthernet1/1 no ip address duplex auto speed auto shutdown ! router eigrp 101 network 10.0.0 0.0.2.0.255.2 access-list 101 permit tcp 10.1.1.255 host 10.1.0.1.1 255.0. Page 29 of 32 .2 eq www ! ! ! no cdp run ! line con 0 line vty 0 4 login ! ! end All contents are Copyright © 1992–2008 Cisco Systems.255.1 any access-list 101 permit tcp 10.2.255 host 10.CCNA Exploration LAN Switching and Wireless duplex auto speed auto ! interface Serial0/0 ip address 10.1.0.1.

3 10.255.0. All contents are Copyright © 1992–2008 Cisco Systems.168. use the web browser to attempt to access both www.0 255.50 Subnet Mask 255.255.exlond.0. Inc.1. On NY admin.255.1.255.1 192.255.CCNA Exploration LAN Switching and Wireless PT: Troubleshoot a Multipoint Frame Relay Connection with OSPF Addressing Table Device Interface S0/0/0 (DTE) Fa0/0 S0/0/0 (DTE) Fa0/0 S0/0/0 (DTE) Fa0/0 IP Address 192.50) Observation: By pinging the server by the IP address.0. this confirms whether the problem is with the DNS server (name translation) or if connectivity is truely down.2 10.255. the problem is with the connection between NY admin and the server.168. however when attempting to connect to www.401 192.168.421 Router0 Router 1 Router2 exparis (webserver) NIC exlond (webserver) NIC Objectives • Scenario Use various tools and show commands to troubleshoot connectivity issues.0. From the command prompt.255.252 255.255. Observation: www.255.1.exlond.3.0. Step 1: Verify connectivity to both the Paris and London web servers a.410 192.2 .1 10.2.2. Users at the New York location are complaining that they are unable to reach the web server www. The ping fails.255.1 192.255.1 . This document is Cisco Public Information.255. This could be a frame-relay connection issue or an OSPF issue. ping the IP address of the exlond server (10. All rights reserved.168.com. therefore.0.exlond.1. b.1.168.168.1.com.0.50 10.3 .252 255.255.com.0 255.com connects. the request times out.168.exparis.exparis.1 10.3.2 .402 192.412 192.255.420 192.3 .168. Information located on both the Paris and London servers are time sensitive.255. Determine the cause of the connectivity issue and fix the problem as quickly as possible.1.1 .2.0 255.0. Page 30 of 32 .168.0 255.0 DLCI 192. A network administrator recently implemented a frame relay connection from the New York office to the offices in Paris and London.255.0.0 255.com and www.

save the configuration and select the button "power cycle devices" to speed up convergence times.2.1. a. Does the ping pass or fail? Observation: The ping to 192.com is not on the same network as www.168.exlond. The network type is defined on nonbroadcast networks to avoid configuring the neighbors explicitly All contents are Copyright © 1992–2008 Cisco Systems.0 network.exlond. b. Ping the inside interface on Router0 (192. This document is Cisco Public Information. but not the 10.2. Use various tools and show commands to verify the OSPF configuration on Router1 and Router0 (this requires telnetting to Router0). Does the ping pass or fail? Ping the outside interface on Router0 (10. Use the show ip route command to view the routes that are available Observation: OSPF has discovered a route to the 10.1. When finished. On NY admin. NOTE: In Packet Tracer. This indicates that the frame-relay connection is operational. c. OSPF convergence across a frame relay network may take up to a minute. Make any necessary configuration changes.1.com? This confirms that the issue is only with the network connection that contains the exlond server and narrows down where the administrator must troubleshoot. All rights reserved.exparis. 2. Click Check Results. Step 3: Verify connectivity.0 network.1. Page 31 of 32 .1 fails. Inc. indicating that routing is not operating as expected. Use show commands and the web browser to verify connectivity. a. was there a more efficient way to determine the problem? Answers vary 3. However. even though www. Looking at them again. b.168.1 passes. use the terminal window to access Router1 via the console cable.0. What is the purpose of the ip ospf network broadcast command? This command is used to define the network type as broadcast. the ping to 10. d.1).com and www.3.exparis.0.com web servers as a first step. After making a configuration change. e. Why would an administrator attempt to connect to both the www. List the steps that you took to solve the problem.2.1).CCNA Exploration LAN Switching and Wireless Step 2: Verify the frame relay and OSPF configurations and make any necessary configuration changes. Reflection 1.

This document is Cisco Public Information. Inc. All rights reserved.CCNA Exploration LAN Switching and Wireless All contents are Copyright © 1992–2008 Cisco Systems. Page 32 of 32 .

Sign up to vote on this title
UsefulNot useful