Experiment-1

Aim: Study of different types of Network cables and practically implement the cross-wired
cable and straight through cable using clamping tool.

Apparatus (Components): RJ-45 connector Crimping Tool, Twisted pair Cable

Procedure: To do these practical following steps should be done:

1. Start by stripping off about 2 inches of the plastic jacket off the end of the cable. Be very
careful at this point, as to not nick or cut into the wires, which are inside. Doing so could alter
the characteristics of your cable, or even worse render is useless. Check the wires, one more time
for nicks or cuts. If there are any, just whack the whole end off, and start over.

2. Spread the wires apart but be sure to hold onto the base of the jacket with your other hand.
You do not want the wires to become untwisted down inside the jacket. Category 5 cable must
only have 1/2 of an inch of 'untwisted' wire at the end; otherwise it will be 'out of spec'. At this
point, you obviously have ALOT more than 1/2 of an inch of un-twisted wire.

3. You have 2 end jacks, which must be installed on your cable. If you are using a pre-made
cable, with one of the ends whacked off, you only have one end to install - the crossed over end.
Below are two diagrams, which show how you need to arrange the cables for each type of cable
end. Decide at this point which end you are making and examine the associated picture below.

Diagram shows you how to prepare Cross wired connection

Diagram shows you how to prepare straight through wired connection
 Experiment-2

Aim: Performing basic end device and switch configuration.

Topology Diagram

Objectives
ÿ Perform an initial configuration of a Cisco Catalyst 2960 switch.

Background / Preparation
In this activity, you will configure these settings on the customer Cisco Catalyst 2960 switch:
ÿ Host name
ÿ Console password
ÿ vty password
ÿ Privileged EXEC mode password
ÿ Privileged EXEC mode secret
ÿ IP address on VLAN1 interface
ÿ Default gateway
Note: Not all commands are graded by Packet Tracer.

Step 1: Configure the switch host name.

a. From the Customer PC, use a console cable and terminal emulation software to connect to the
console of the customer Cisco Catalyst 2960 switch.
b. Set the host name on the switch to CustomerSwitch using these commands.

Switch>enable
Switch#configure terminal
 Switch(config)#hostname CustomerSwitch

Step 2: Configure the privileged mode password and secret.

a. From global configuration mode, configure the password as cisco.

CustomerSwitch(config)#enable password cisco

b. From global configuration mode, configure the secret as cisco123.

CustomerSwitch(config)#enable secret cisco123

Step 3: Configure the console password.

a. From global configuration mode, switch to configuration mode to configure the console
line. CustomerSwitch(config)#line console 0

b. From line configuration mode, set the password to cisco and require the password to be entered
at login.

CustomerSwitch(config-line)#password cisco
CustomerSwitch(config-line)#login
CustomerSwitch(config-line)#exit

Step 4: Configure the vty password.

a. From global configuration mode, switch to the configuration mode for the vty lines 0 through 15.

CustomerSwitch(config)#line vty 0 15

b. From line configuration mode, set the password to cisco and require the password to be entered
at login.

CustomerSwitch(config-line)#password cisco
CustomerSwitch(config-line)#login
CustomerSwitch(config-line)#exit

Step 5: Configure an IP address on interface VLAN1.

From global configuration mode, switch to interface configuration mode for VLAN1, and assign the IP
address 192.168.1.5 with the subnet mask of 255.255.255.0.

CustomerSwitch(config)#interface vlan
1CustomerSwitch(config-if)#ip address 192.168.1.5
255.255.255.0CustomerSwitch(config-if)#no
shutdownCustomerSwitch(config-if)#exit

Step 6: Configure the default gateway.

a. From global configuration mode, assign the default gateway to 192.168.1.1.

CustomerSwitch(config)#ip default-gateway 192.168.1.1

 b. Click the Check Results button at the bottom of this instruction window to check your work.

Step 7: Verify the configuration.

The Customer Switch should now be able to ping the ISP Server at 209.165.201.10. The first one or two
pings may fail while ARP converges.

CustomerSwitch(config)#end
CustomerSwitch#ping 209.165.201.10

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 209.165.201.10, timeout is 2 seconds:
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 181/189/197 ms

CustomerSwitch#

Reflection
a. What is the significance of assigning the IP address to the VLAN1 interface instead of any of the
Fast Ethernet interfaces?

b. What command is necessary to enforce password authentication on the console and vty lines?

c. How many gigabit ports are available on the Cisco Catalyst 2960 switch that you used in the activity?
 Experiment-3

Aim: Configure Initial Router Settings

Topology Diagram

Use this syntax checker to practice configuring the initial settings on a router.

 Configure the device name.

 Secure the privileged EXEC mode.
 Secure and enable remote SSH and Telnet access.
 Secure all plaintext passwords.
 Provide legal notification.

The following tasks should be completed when configuring initial settings on a router.

1. Configure the device name.

Router(config)# hostnamehostname

2. Secure privileged EXEC mode.

Router(config)# enable secretpassword

3. Secure user EXEC mode.

Router(config)# line console 0

Router(config-line)#passwordpassword
Router(config-line)# login

4. Secure remote Telnet / SSH access.

Router(config-line)#line vty 0 4
Router(config-line)# password password
Router(config-line)# login
Router(config-line)# transport input {ssh | telnet}
5. Secure all passwords in the config file.

Router(config-line)#exit
Router(config)# service password-encryption

6. Provide legal notification.

Router(config)# banner motddelimiter message delimiter

7. Save the configuration.

Router(config)# end
Router# copy running-config startup-config

Part 1: Configure Router Interfaces

At this point, your routers have their basic configurations. The next step is to configure their interfaces.
This is because routers are not reachable by end devices until the interfaces are configured. There are
many different types of interfaces available on Cisco routers. For example, the Cisco ISR 4321 router is
equipped with two Gigabit Ethernet interfaces:

 GigabitEthernet 0/0/0 (G0/0/0)

 GigabitEthernet 0/0/1 (G0/0/1)

The task to configure a router interface is very similar to a management SVI on a switch. Specifically, it
includes issuing the following commands:

Router(config)# interfacetype-and-number
Router(config-if)#descriptiondescription-text
Router(config-if)# ip addressipv4-address subnet-mask
Router(config-if)# ipv6 addressipv6-address/prefix-length
Router(config-if)# no shutdown

the description command would be helpful to enter the third-party connection and contact information.
no shutdown command activates the interface and is similar to powering on the interface.

R1>enable

 R1# configure terminal

Enter configuration commands, one per line.

End with CNTL/Z.

R1(config)# interface gigabitEthernet 0/0/0

R1(config-if)#description Link to LAN

R1(config-if)#ip address 192.168.10.1 255.255.255.0

R1(config-if)#ipv6 address 2001:db8:acad:10::1/64

R1(config-if)#no shutdown

R1(config-if)#exit

R1(config)#

*Aug 1 01:43:53.435: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to down

*Aug 1 01:43:56.447: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to up

*Aug 1 01:43:57.447: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/0,

changed state to up

R1(config)#

R1(config)#

R1(config)# interface gigabitEthernet 0/0/1

R1(config-if)#description Link to R2

R1(config-if)#ip address 209.165.200.225 255.255.255.252

R1(config-if)#ipv6 address 2001:db8:feed:224::1/64

R1(config-if)#no shutdown
 R1(config-if)#exit

R1(config)#

*Aug 1 01:46:29.170: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to down

*Aug 1 01:46:32.171: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to up

*Aug 1 01:46:33.171: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1,

changed state to up

R1(config)#

Note: Notice the informational messages informing us that G0/0/0 and G0/0/1 are enabled.

Part 2: Verify Interface Configuration

There are several commands that can be used to verify interface configuration. The most useful of these is
the show ip interface brief and show ipv6 interface brief commands, as shown in the example.

R1# showip interface brief

Interface IP-Address OK? Method Status Protocol

GigabitEthernet0/0/0 192.168.10.1 YES manual up up

GigabitEthernet0/0/1 209.165.200.225 YES manual up up

Vlan1 unassigned YES unset administratively down down

R1# show ipv6 interface brief

GigabitEthernet0/0/0 [up/up]

FE80::201:C9FF:FE89:4501
 2001:DB8:ACAD:10::1

GigabitEthernet0/0/1 [up/up]

FE80::201:C9FF:FE89:4502

2001:DB8:FEED:224::1

Vlan1 [administratively down/down]

unassigned

R1#

Part 3: Configuration Verification Commands

The table summarizes the more popular show commands used to verify interface configuration.

Table caption
Commands Description
show ip interface The output displays all interfaces, their IP addresses, and their current status.
brief The configured and connected interfaces should display a Status of “up” and
show ipv6 interface Protocol of “up”. Anything else would indicate a problem with either the
brief configuration or the cabling.
show ip route
Displays the contents of the IP routing tables stored in RAM.
show ipv6 route
Displays statistics for all interfaces on the device. However, this command will
show interfaces
only display the IPv4 addressing information.
show ip interfaces Displays the IPv4 statistics for all interfaces on a router.
show ipv6 interface Displays the IPv6 statistics for all interfaces on a router.

R1# show ip interface brief Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0/0
192.168.10.1 YES manual up up GigabitEthernet0/0/1 209.165.200.225 YES manual up up Vlan1
unassigned YES unset administratively down down R1#
 Experiment-4

Aim: Interpreting Ping and Traceroute Output

Topology Diagram

Objectives
 Distinguish the difference between successful and unsuccessful ping attempts.
 Distinguish the difference between successful and unsuccessful traceroute attempts.

Background / Preparation
In this activity, you will test end-to-end connectivity using ping and traceroute. At the end of this activity, you will
be able to distinguish the difference between successful and unsuccessful ping and traceroute attempts.
Note: Before beginning this activity, make sure that the network is converged. To converge the
networkquickly, switch between Simulation mode and Realtime mode until all the link lights turn green.

Step 1: Test connectivity using ping from a host computer and a router.
Click N-Host, click the Desktop tab, and then click Command Prompt. From the Command Prompt window, ping
the Cisco server at www.cisco.com.
Packet Tracer PC Command Line 1.0
PC>ping www.cisco.com

Pinging 64.100.1.185 with 32 bytes of data:

Request timed out.

 Reply from 64.100.1.185: bytes=32 time=185ms TTL=123
Reply from 64.100.1.185: bytes=32 time=281ms TTL=123
Reply from 64.100.1.185: bytes=32 time=287ms TTL=123

Ping statistics for 64.100.1.185:

Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 185ms, Maximum = 287ms, Average = 251ms

PC>

From the output, you can see that N-Host was able to obtain an IP address for the Cisco server. The IP address was
obtained using (DNS). Also notice that the first ping failed. This failure is most likely due to lack of ARP
convergence between the source and destination. If you repeat the ping, you will notice that all pings succeed.
From the Command Prompt window on N-Host, ping E-Host at 192.168.4.10. The pings fail. If you do not want to
wait for all four unsuccessful ping attempts, press Ctrl+C to abort the command, as shown below.
PC>ping 192.168.4.10

Pinging 192.168.4.10 with 32 bytes of data:

Request timed out.

Request timed out.

Ping statistics for 192.168.4.10:

Packets: Sent = 3, Received = 0, Lost = 3 (100% loss),

Control-C
^C
PC>

Click the N-Branch router, and then click the CLI tab. Press Enter to get the router prompt. From the router prompt,
ping the Cisco server at www.cisco.com.
N-Branch>ping www.cisco.com
Translating "www.cisco.com"...domain server (64.100.1.242)
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 64.100.1.185, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 210/211/213 ms

N-Branch>

As you can see, the ping output on a router is different from a PC host. Notice that the N-Branch router resolved the
domain name to the same IP address that N-Host used to send its pings. Also notice that the first ping fails, which is
indicated by a period (.), and that the next four pings succeed, as shown with an exclamation point (!).
From the CLI tab on N-Branch, ping E-Host at 192.168.4.10. Again, the pings fail. To not wait for all the
failures, press Ctrl+C.
N-Branch>ping 192.168.4.10

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.4.10, timeout is 2 seconds:
...
Success rate is 0 percent (0/4)

N-Branch>
Step 2: Test connectivity using traceroute from a host computer and a router.
a. Click N-Host, click the Desktop tab, and then click Command Prompt. From the Command
Prompt window, trace the route to the Cisco server at www.cisco.com.

PC>tracert www.cisco.com

Tracing route to 64.100.1.185 over a maximum of 30 hops:

1 92 ms 77 ms 86 ms 192.168.1.1
2 91 ms 164 ms 84 ms 64.100.1.101
3 135 ms 168 ms 1 5 1 m s 64.100.1.6
4 185 ms 261 ms 1 6 1 m s 64.100.1.34
5 257 ms 280 ms 2 2 4 m s 64.100.1.62
6 310 ms 375 ms 2 9 8 m s 64.100.1.185

Trace complete.

PC>

The above output shows that you can successfully trace a route all the way to the Cisco server at 64.100.1.185.
Each hop in the path is a router responding three times to trace messages from N-Host. The trace continues until the
destination for the trace (64.100.1.185) responds three times.
From the Command Prompt window on N-Host, trace a route to E-Host at 192.168.4.10. The trace fails, but notice
that the tracert command traces up to 30 hops. If you do not want to wait for all 30 attempts to time out, press
Ctrl+C.

PC>tracert 192.168.4.10

Tracing route to 192.168.4.10 over a maximum of 30 hops:

1103 ms 45 ms 91 ms 192.168.1.1
256 ms 110 ms 125 ms 64.100.1.101
3174 ms 195 ms 134 ms 64.100.1.6
4246 ms 183 ms 179 ms 64.100.1.34
5217 ms 285 ms 226 ms 64.100.1.62
6246 ms 276 ms 245 ms 64.100.1.154
7 * * * R eq u est tim ed o u t.
8 * * * R eq u est tim ed o u t.
9 * * * R eq u est tim ed o u t.
10
Control-C
^C
PC>

The tracert command can be helpful in finding the potential source of a problem. The last device to
respond was 64.100.1.154, so you would start troubleshooting by determining which device is
configured with the IP address 64.100.1.154. The source of the problem might not be that device,
but the trace has given you a starting point, whereas a ping simply tells you that the destination is
either reachable or unreachable.
Click the N-Branch router, and then click the CLI tab. Press Enter to get the router prompt. From the router prompt,
trace the route to the Cisco server at www.cisco.com.
 N-Branch>traceroute www.cisco.com
Translating "www.cisco.com"...domain server (64.100.1.242)
Type escape sequence to abort.
Tracing the route to 64.100.1.185

1 64.100.1.101 6 0 m sec 32 msec 59 m sec

2 64.100.1.6 98 msec 65 msec 65 msec
3 64.100.1.34 138 msec 147 msec 147 msec
4 64.100.1.62 189 msec 148 msec 145 msec
5 64.100.1.185 219 msec 229 msec 293 msec
N-Branch>

As you can see, traceroute output on a router is very similar to the output on a PC host. The
only difference is that on a PC host, the IP address is listed after the three millisecond outputs.
From the CLI tab on N-Branch, trace the route to E-Host at 192.168.4.10. The trace fails at the same IP address as
it failed when tracing from N-Host. Again, you can use Ctrl+C to abort the command.

N-Branch>traceroute 192.168.4.10
Type escape sequence to abort.
Tracing the route to 192.168.4.10

1 64.100.1.101 4 1 m sec 19 msec 32 msec

2 64.100.1.6 33 msec 92 msec 1 1 7 m sec
3 64.100.1.34 98 msec 102 msec 102 msec
4 64.100.1.62 166 msec 172 msec 156 msec
5 64.100.1.154 157 msec 223 msec 240 msec
6 * * *
7 * * *
8 * * *
9
N-Branch>

Step 3: Practice the ping and trace route commands.

Throughout this course, you will often use ping and traceroute to test connectivity and troubleshoot problems.
To practice these commands, ping and trace from W-Host and S-Host to any other destination in the network.
You can also ping and trace from N-Branch to other locations.
 Experiment-5

Objective: Use Wireshark to View Network Traffic.

Topology

Objectives
Part 1: Capture and Analyze Local ICMP Data in Wireshark
Part 2: Capture and Analyze Remote ICMP Data in Wireshark

Background / Scenario
Wireshark is a powerful software protocol analyzer, commonly known as a “packet sniffer.”It is used for network troubleshooting,
analysis, software development, and education.As data flows across a network, Wireshark captures each protocol data unit (PDU)
and decodes its content based on relevant specifications (such as RFCs).

Required Resources
 1 PC (Windows with internet access)
 Additional PCs on a local-area network (LAN) will be used to reply to ping requests.

Instructions

Part 4: Capture and Analyze Local ICMP Data in Wireshark

In Part 1 of this lab, you will ping another PC on the LAN and capture ICMP requests and replies in Wireshark. You will also
look inside the frames captured for specific information. This analysis should help to clarify how packet headers are used to
transport data to their destination.
Step 1: Retrieve your PC interface addresses.
For this lab, you will need to retrieve your PC IP address and its network interface card (NIC) physical address, also called the
MAC address.
a) Open a Windows Command Prompt:
b) Retrieve IP Address and MAC Address:
i) In the Command Prompt window, type the following command: ipconfig /all
ii) Press Enter.
iii) Look for the following information:
 IPv4 Address: This is your PC’s IP address (e.g., 192.168.1.147).
 Physical Address: Also known as the MAC address (e.g., 00-26-B9-DD-00-91).
c) Share IP Address with Team Members:
Communicate your PC’s IP address to your team members And Do not share your MAC address at this time.
Open a Windows command prompt.
Close a Windows Command Prompt.

Step 2: Start Wireshark and begin capturing data.

1. Launch Wireshark:
o Open the installed Wireshark application.
2. Select the Network Interface:
o Double-click the name of the desired network interface under the Capture section.
o Choose the interface that corresponds to the network you want to monitor (e.g., your wireless network).
3. Start Capturing Packets:
o As soon as you click the interface’s name, you’ll see the packets start to appear in real time.

4. Stop Capturing:
o When you want to stop capturing traffic, click the red “Stop” button near the top left corner of the Wireshark
window.
Step 3: Examine the captured data.
In Step 3, examine the data that was generated by the ping requests of your team member PC. Wireshark data is displayed in
three sections: 1) The top section displays the list of PDU frames captured with a summary of the IP packet information listed;
2) the middle section lists PDU information for the frame selected in the top part of the screen and separates a captured PDU
frame by its protocol layers; and 3) the bottom section displays the raw data of each layer. The raw data is displayed in both
hexadecimal and decimal form.
a. Click the first ICMP request PDU frames in the top section of Wireshark. Notice that the Source column has your PC IP
address, and the Destination column contains the IP address of the teammate PC that you pinged.
b. With this PDU frame still selected in the top section, navigate to the middle section. Click the plus sign to the left of the
Ethernet II row to view the destination and source MAC addresses.
Questions:

Does the source MAC address match your PC interface?

Type your answers here.
Yes
Does the destination MAC address in Wireshark match your team member MAC address?
Type your answers here.
Yes
How is the MAC address of the pinged PC obtained by your PC?
Type your answers here.
The MAC address is obtained through an ARP request.
Note: In the preceding example of a captured ICMP request, ICMP data is encapsulated inside an IPv4 packet PDU (IPv4
header) which is then encapsulated in an Ethernet II frame PDU (Ethernet II header) for transmission on the LAN.

Part 5: Capture and Analyze Remote ICMP Data in Wireshark

In Part 2, you will ping remote hosts (hosts not on the LAN) and examine the generated data from those pings. You will then
determine what is different about this data from the data examined in Part 1.

Step 1: Start capturing data on the interface.

a. Start the data capture again.
b. A window prompts you to save the previously captured data before starting another capture. It is not necessary to save
this data. Click Continue without Saving.
c. With the capture active, ping the following three website URLs from a Windows command prompt:
Open a Windows command prompt

1) www.yahoo.com
2) www.cisco.com
3) www.google.com
Note: When you ping the URLs listed, notice that the Domain Name Server (DNS) translates the URL to an IP address.
Note the IP address received for each URL.
d. You can stop capturing data by clicking the Stop Capture icon.

Step 2: Examining and analyzing the data from the remote hosts.
Review the captured data in Wireshark and examine the IP and MAC addresses of the three locations that you pinged. List the
destination IP and MAC addresses for all three locations in the space provided.
 Questions:

IP address for www.yahoo.com:

MAC address for www.yahoo.com:
IP address for www.cisco.com:
MAC address for www.cisco.com:
IP address for www.google.com:
MAC address for www.google.com:
Type your answers here.
P addresses: 98.137.246.7, 96.7.79.147, 172.217.14.100 (these IP addresses may vary)
AC address: This will be the same for all three locations. It is the physical address of the default-gateway LAN
interface of the router.
What is significant about this information?
The MAC addresses for all three locations are the same.
How does this information differ from the local ping information you received in Part 1?s here.
A ping to a local host returns the MAC address of the PC NIC. A ping to a remote host returns the MAC address
of the default gateway LAN interface.
Close the Windows command prompt

Reflection Question
Why does Wireshark show the actual MAC address of the local hosts, but not the actual MAC address for the remote hosts?
MAC addresses for remote hosts are not known on the local network, so the MAC address of the default-gateway is
used. After the packet reaches the default-gateway router, the Layer 2 information is stripped from the packet and a
new Layer 2 header is attached with the destination MAC address of the next hop router.

Part 1: Create a new inbound rule allowing ICMP traffic through the firewall.
a. Navigate to the Control Panel and click the System and Security option in the Category view.
b. In the System and Security window, click Windows Defender Firewall or Windows Firewall.
c. In the left pane of the Windows Defender Firewall or Windows Firewall window, click advanced settings.
d. On the Advanced Security window,click the Inbound Rules option on the left sidebar and then click New Rule… on
the right sidebar.
e. This launches the New Inbound Rule wizard. On the Rule Type screen, click the Custom radio button and click next.
f. In the left pane, click the Protocol and Ports option and using the Protocol Type drop-down menu, select ICMPv4, and
then click next.
g. Verify that Any IP address for both the local and remote IP addresses are selected. Click Next to continue.
h. Select allow the connection. Click Next to continue.
i. By default, this rule applies to all the profiles. Click Next to continue.
j. Name the rule with Allow ICMP Requests. Click Finish to continue. This new rule should allow your team members to
receive ping replies from your PC.

Part 2: Disabling or deleting the new ICMP rule.

After the lab is complete, you may want to disable or even delete the new rule you created in Step 1. Using the Disable Rule
option allows you to enable the rule again at a later date. Deleting the rule permanently deletes it from the list of inbound
rules.
a. On the Advanced Security window, click Inbound Rules in the left pane and then locate the rule you created
previously.
 b. Right-click the ICMP rule and select Disable Rule if so desired. You may also select Delete if you want to permanently
delete it. If you choose this option, you must re-create the rule again to allow ICMP replies.

Objective: View Wired and Wireless NIC Information

Objectives
Part 1: Identify and Work with PC NICs
Part 2: Identify and Use the System Tray Network Icons

Background / Scenario
This lab requires you to determine the availability and status of the network interface cards (NICs) on the PC that you use.
Windows provides a number of ways to view and work with your NICs.
In this lab, you will access the NIC information of your PC and change the status of these cards.

Required Resources
 1 PC (Windows with two NICs, wired and wireless, and a wireless connection)
Note: At the start of this lab, the wired Ethernet NIC in the PC was cabled to one of the integrated switch ports on a wireless
router and the Local Area Connection (wired) was enabled. The wireless NIC was disabled initially. If the wired and wireless
NICs are both enabled the PC will receive two different IP addresses and the wireless NIC will take precedence.

Instructions

Part 3: Identify and Work with PC NICs.

You will explore different ways to extract information about these NICs and how to activate and deactivate them.
1. Open Network and Sharing Center:
o Navigate to the Control Panel.
o Click View network status and tasks under the Network and Internet heading (in Category View).
2. Access Network Adapter Settings:
o In the left pane, click Change adapter settings.
o You’ll see a list of NICs available on your PC in the Network Connections window.
3. Observe NIC Information:
o Identify both wired and wireless NICs.
o Note their names, status, and other relevant details.
4. Modify NIC Settings (if needed):
o Right-click on a NIC to:
 Enable or disable it.
 Change settings (such as IP configuration).
5. Remember to Disable or Delete Rules (if applicable):
o After completing the lab, consider disabling or deleting any rules you created.
o Use the Disable Rule option to enable it later, or Delete to remove it permanently.
Part 4: Identify and Use the System Tray Network Icons
In Part 2, you will use the network icons in your system tray to determine and control the NICs on your PC.
1. Open Network and Sharing Center:
o Navigate to the Control Panel.
o Click View network status and tasks under the Network and Internet heading (in Category View).
2. Access Network Adapter Settings:
o In the left pane, click Change adapter settings.
o You’ll see a list of NICs available on your PC in the Network Connections window.
3. Observe NIC Information:
o Identify both wired and wireless NICs.
o Note their names, status, and other relevant details.
4. Modify NIC Settings (if needed):
o Right-click on a NIC to:
 Enable or disable it.
 Change settings (such as IP configuration).
5. Remember to Disable or Delete Rules (if applicable):
o After completing the lab, consider disabling or deleting any rules you created.
o Use the Disable Rule option to enable it later, or Delete to remove it permanently.

Objective: Use Wireshark to Examine Ethernet Frames

Topology

Objectives
Part 1: Examine the Header Fields in an Ethernet II Frame
Part 2: Use Wireshark to Capture and Analyze Ethernet Frames

Background / Scenario
When upper layer protocols communicate with each other, data flows down the Open Systems Interconnection (OSI) layers
and is encapsulated into a Layer 2 frame. The frame composition is dependent on the media access type. For example, if the
upper layer protocols are TCP and IP and the media access is Ethernet, then the Layer 2 frame encapsulation will be Ethernet
II. This is typical for a LAN environment. When learning about Layer 2 concepts, it is helpful to analyze frame header
information. In the first part of this lab, you will review the fields contained in an Ethernet II frame. In Part 2, you will use
Wireshark to capture and analyze Ethernet II frame header fields for local and remote traffic.
Required Resources
 1 PC (Windows with internet access and with Wireshark installed)

Instructions

Part 5: Examine the Header Fields in an Ethernet II Frame

In Part 1, you will examine the header fields and content in an Ethernet II frame. A Wireshark capture will be used to examine
the contents in those fields.

Step 1: Review the Ethernet II header field descriptions and lengths.

Destination Source Frame

Preamble Address Address Type Data FCS

8 Bytes 6 Bytes 6 Bytes 2 Bytes 46 – 1500 Bytes 4 Bytes

Step 2: Examine the network configuration of the PC.

In this example, this PC host IP address is 192.168.1.147 and the default gateway has an IP address of 192.168.1.1.
C:\>ipconfig /all

Step 3: Examine Ethernet frames in a Wireshark capture.

The screenshots of the Wireshark capture below shows the packets generated by a ping being issued from a PC host to its
default gateway. A filter has been applied to Wireshark to view the ARP and ICMP protocols only. ARP stands for address
resolution protocol.
This screenshot highlights the frame details for an ARP request.
 This screenshot highlights the frame details for an ARP reply.

Step 4: Examine the Ethernet II header contents of an ARP request.

The following table takes the first frame in the Wireshark capture and displays the data in the Ethernet II header fields.

Field Value Description

Preamble Not shown in capture This field contains synchronizing bits, processed by the NIC
hardware.
Destination Address Broadcast (ff:ff:ff:ff:ff:ff)
Layer 2 addresses for the frame. Each address is 48 bits long, or
6 octets, expressed as 12 hexadecimal digits, 0-9,A-F.
A common format is 12:34:56:78:9A:BC.
The first six hex numbers indicate the manufacturer of the
Source Address Netgear_99:c5:72
network interface card (NIC), the last six hex numbers are the
(30:46:9a:99:c5:72)
serial number of the NIC.
The destination address may be a broadcast, which contains all
ones, or a unicast. The source address is always unicast.
Frame Type 0x0806 For Ethernet II frames, this field contains a hexadecimal value
that is used to indicate the type of upper-layer protocol in the
data field. There are numerous upper-layer protocols supported
by Ethernet II. Two common frame types are these:
Value Description
0x0800 IPv4 Protocol
0x0806 Address Resolution Protocol (ARP)
Data ARP Contains the encapsulated upper-level protocol. The data field is
between 46 – 1,500 bytes.
 Field Value Description

FCS Not shown in capture Frame Check Sequence, used by the NIC to identify errors during
transmission. The value is computed by the sending device,
encompassing frame addresses, type, and data field. It is verified
by the receiver.

What is the MAC address of the source in the first frame?

It varies; in this case, it is f0:1f:af:50:fd:c8.
What is the Vendor ID (OUI) of the Source NIC in the ARP reply?
It varies, in this case, it is Netgear.
What portion of the MAC address is the OUI?
The first 3 octets of the MAC address indicate the OUI.
What is the NIC serial number of the source?
It may vary, it is 99:c5:72 in this case.

Part 6: Use Wireshark to Capture and Analyze Ethernet Frames

In Part 2, you will use Wireshark to capture local and remote Ethernet frames. You will then examine the information that is
contained in the frame header fields.

Step 1: Determine the IP address of the default gateway on your PC.

Open a Windows command prompt.

Open a command prompt window and issue the ipconfig command.

What is the IP address of the PC default gateway?
Type your answers here.
Answers will vary.
Close a Windows command prompt.

Step 2: Start capturing traffic on your PC NIC.

a. Open Wireshark to start data capture.
b. Observe the traffic that appears in the packet list window.

Step 3: Filter Wireshark to display only ICMP traffic.

You can use the filter in Wireshark to block visibility of unwanted traffic. The filter does not block the capture of unwanted
data; it only filters what you want to display on the screen. For now, only ICMP traffic is to be displayed.
In the Wireshark Filter box, type icmp. The box should turn green if you typed the filter correctly. If the box is green, click
Apply (the right arrow) to apply the filter.

Step 4: From the command prompt window, ping the default gateway of your PC.
Open a Windows command prompt.

From the command window, ping the default gateway using the IP address that you recorded in Step 1.
Close Windows command prompt.

Step 5: Stop capturing traffic on the NIC.

Click the Stop Capturing Packets icon to stop capturing traffic.

Step 6: Examine the first Echo (ping) request in Wireshark.

The Wireshark main window is divided into three sections: the packet list pane (top), the Packet Details pane (middle), and
the Packet Bytes pane (bottom). If you selected the correct interface for packet capturing previously, Wireshark should
display the ICMP information in the packet list pane of Wireshark.
 a. In the packet list pane (top section), click the first frame listed. You should see Echo (ping) request under the Info
heading. The line should now be highlighted.
b. Examine the first line in the packet details pane (middle section). This line displays the length of the frame.
c. The second line in the packet details pane shows that it is an Ethernet II frame. The source and destination MAC
addresses are also displayed.
Questions:

What is the MAC address of the PC NIC?

Type your answers here.
Your answers will vary.
What is the default gateway’s MAC address?
Type your answers here.
Your answers will vary.
d. You can click the greater than (>) sign at the beginning of the second line to obtain more information about the Ethernet
II frame.
Question:

What type of frame is displayed?

Type your answers here.
0x0800 or an IPv4 frame type.
e. The last two lines displayed in the middle section provide information about the data field of the frame. Notice that the
data contains the source and destination IPv4 address information.
Questions:

What is the source IP address?

Type your answers here.
Your answers will vary.
What is the destination IP address?
Type your answers here.
Your answers will vary.
f. You can click any line in the middle section to highlight that part of the frame (hex and ASCII) in the Packet Bytes pane
(bottom section). Click the Internet Control Message Protocol line in the middle section and examine what is
highlighted in the Packet Bytes pane.
Question:

What do the last two highlighted octets spell?

Type your answers here.
hi
g. Click the next frame in the top section and examine an Echo reply frame. Notice that the source and destination MAC
addresses have reversed, because this frame was sent from the default gateway router as a reply to the first ping.
Question:

What device and MAC address is displayed as the destination address?

Type your answers here.
Your answers will vary.

Step 7: Capture packets for a remote host.

a. Click the Start Capture icon to start a new Wireshark capture. You will receive a popup window asking if you would
like to save the previous captured packets to a file before starting a new capture. Click Continue without Saving.
Open a Windows command prompt.

b. In a command prompt window, ping www.cisco.com.

Close a Windows command prompt.

c. Stop capturing packets.

 d. Examine the new data in the packet list pane of Wireshark.
Questions:

In the first echo (ping) request frame, what are the source and destination MAC addresses?
Source:
Type your answers here.
This should be the MAC address of the PC.
Destination:
Type your answers here.
This should be the MAC address of the Default Gateway.
What are the source and destination IP addresses contained in the data field of the frame?
Source:
Type your answers here.
This is still the IP address of the PC.
Destination:
Type your answers here.
This is the address of the server at www.cisco.com.
Compare these addresses to the addresses you received in Step 6. The only address that changed is the destination IP
address. Why has the destination IP address changed, while the destination MAC address remained the same?
Type your answers here.
Layer 2 frames never leave the LAN. When a ping is issued to a remote host, the source will use the default
gateway MAC address for the frame destination. The default gateway receives the packet, strips the Layer 2 frame
information from the packet and then creates a new frame header with the MAC address of the next hop. This
process continues from router to router until the packet reaches its destination IP address.

Reflection Question
Wireshark does not display the preamble field of a frame header. What does the preamble contain?
Type your answers here.
The preamble field contains seven octets of alternating 1010 sequences, and one octet that signals the beginning of the
frame, 10101011.
 Experirment-6
Aim: Subnet an IPv4 Network: Variable Length Subnetting

Topology Diagram

Addressing Tablesubnet 1 S1 192.168.0.0

Device Interface IP Address Subnet Mask Default Gateway

CustomerRouter G0/0 192.168.0.1 255.255.255.192 N/A

G0/1 192.168.0.65

S0/1/0 209.165.201.2 255.255.255.252

LAN-A Switch VLAN1 192.168.0.2 255.255.255.192 192.168.0.1

LAN-B Switch VLAN1 192.168.0.66 255.255.255.192 192.168.0.65

PC-A NIC 192.168.0.62 255.255.255.192 192.168.0.1

PC-B NIC 192.168.0.126 255.255.255.192 192.168.0.65

 ISPRouter G0/0 209.165.200.225 255.255.255.224 N/A
S0/1/0 209.165.201.1 255.255.255.252
ISPSwitch VLAN1 209.165.200.226 255.255.255.224 209.165.200.225
ISP Workstation NIC 209.165.200.235 255.255.255.224 209.165.200.225

ISP Server NIC 209.165.200.240 255.255.255.224 209.165.200.225

Objectives

Part 1: Design an IPv4 Network Subnetting Scheme Part 2: Configure the Devices

Part 3: Test and Troubleshoot the Network

Background / Scenario

In this activity, you will subnet the Customer network into multiple subnets. The subnet scheme should be based on the
number of host computers required in each subnet, as well as other network considerations, like future network host
expansion.
After you have created a subnetting scheme and completed the table by filling in the missing host and interface
IP addresses, you will configure the host PCs, switches and router interfaces.
After the network devices and host PCs have been configured, you will use the ping command to test for network
connectivity.

Instructions

Part 7: Part 1: Subnet the Assigned Network

Step 1: Step 1: Create a subnetting scheme that meets the required number of subnets and required number of host
addresses.
In this scenario, you are a network technician assigned to install a new network for a customer. You must create multiple
subnets out of the 192.168.0.0/24 network address space to meet the following requirements:
a. The first subnet is the LAN-A network. You need a minimum of 50 host IPaddresses.
b. The second subnet is the LAN-B network. You need a minimum of 40 host IPaddresses.
c. You also need at least two additional unused subnets for future networkexpansion.
Note: Variable length subnet masks will not be used. All of the device subnet masks should be the same length.
d. Answer the following questions to help create a subnetting scheme that meets the statednetwork
requirements:

How many host addresses are needed in the largest required subnet?50
What is the minimum number of subnets required?4
 The network that you are tasked to subnet is 192.168.0.0/24. What is the /24 subnet mask in binary?
e. The subnet mask is made up of two portions, the network portion, and the host portion. Thisis
represented in the binary by the ones and the zeros in the subnetmask.
In the network mask, what do the ones represent?Network ID
In the network mask, what do the zeros represent?Host Id
f. To subnet a network, bits from the host portion of the original network mask are changed into subnet
bits. The number of subnet bits defines the number ofsubnets.
Given each of the possible subnet masks depicted in the following binary format, how many subnets and
how many hosts are created in each example?
Hint: Remember that the number of host bits (to the power of 2) defines the number of hosts per subnet (minus 2),
and the number of subnet bits (to the power of two) defines the number of subnets. The subnet bits (shown in bold)
are the bits that have been borrowed beyond the original network mask of /24. The
/24 is the prefix notation and corresponds to a dotted decimal mask of 255.255.255.0. 1) (/25)
11111111.11111111.11111111.10000000

Dotted decimal subnet mask equivalent:

Number of subnets? Number of hosts?2/

2) (/26) 11111111.11111111.11111111.11000000
Dotted decimal subnet mask equivalent:
Number of subnets? Number of hosts?
3) (/27) 11111111.11111111.11111111.11100000
Dotted decimal subnet mask equivalent:
Number of subnets? Number of hosts?
4) (/28) 11111111.11111111.11111111.11110000
Dotted decimal subnet mask equivalent:
Number of subnets? Number of hosts?
5) (/29) 11111111.11111111.11111111.11111000
Dotted decimal subnet mask equivalent:
Number of subnets? Number of hosts?
6) (/30) 11111111.11111111.11111111.11111100
Dotted decimal subnet mask equivalent:
Number of subnets? Number of hosts?
Considering your answers above, which subnet masks meet the required number of minimum host addresses? /26
Considering your answers above, which subnet masks meets the minimum number of subnets
required?Considering your answers above, which subnet mask meets both the required
minimum number of hosts and the minimum number of subnets required?
 When you have determined which subnet mask meets all of the stated network requirements,
deriveeach of the subnets. List the subnets from first to last in the table. Remember that the
first subnet is 192.168.0.0 with the chosen subnetmask.

Subnet Address Prefix Subnet Mask

192.168.0.0/192.168.0.63/64 /26
First usable address: 192.168.0.1 192.168.0.65 192.168.0.129 192.168.0.193
Last usable address: 192.168.0.62 192.168.0.126 192.168.0.190 192.168.0.254

Subnet Address Prefix Subnet Mask

192.168.0.64/192.168.0.127/64
192.168.0.128/192.168.0.191/64
192.168.0.192/192.168.0.255/64

Step 2: Step 2: Fill in the missing IP addresses in the Addressing Table 192.168.0.0---192.168.0.63
Assign IP addresses based on the following criteria: Use the ISP Network settings as an example.256-
a. Assign the first subnet toLAN-A.
1) Use the first host address for the CustomerRouter interface connected to LAN-Aswitch.
2) Use the second host address for the LAN-A switch. Make sure to assign a default gatewayaddress for
theswitch.
3) Use the last host address for PC-A. Make sure to assign a default gateway address for thePC.
b. Assign the second subnet toLAN-B.
1) Use the first host address for the CustomerRouter interface connected to LAN-Bswitch.
2) Use the second host address for the LAN-B switch. Make sure to assign a default gatewayaddress for
theswitch.
3) Use the last host address for PC-B. Make sure to assign a default gateway address for thePC.

Part 8: Part 2: Configure the Devices

Configure basic settings on the PCs, switches, and router. Refer to the Addressing Table for device names and address
information.

Step 1: Step 1: Configure CustomerRouter.

a. Set the enable secret password on CustomerRouter to Class123
b. Set the console login password toCisco123.
c. Configure CustomerRouteras the hostname for therouter.
d. Configure the G0/0 and G0/1 interfaces with IP addresses and subnet masks, and then enablethem.
e. Save the running configuration to the startup configurationfile.

Step 2: Step 2: Configure the two customer LAN switches.

Configure the IP addresses on interface VLAN 1 on the two customer LAN switches. Make sure to configure the
correct default gateway on each switch.

Step 3: Step 3: Configure the PC interfaces.

Configure the IP address, subnet mask, and default gateway settings on PC-A and PC-B.

Part 9: Part 3: Test and Troubleshoot the Network

In Part 3, you will use the ping command to test network connectivity.
a. Determine if PC-A can communicate with its default gateway. Do you get areply?
b. Determine if PC-B can communicate with its default gateway. Do you get areply?
c. Determine if PC-A can communicate with PC-B. Do you get areply?
 Experirment-7 & 8
Aim:7 VLANCreation
Aim:8 TRUNK Creation

Module Title: Inter-VLAN Routing

Module Objective: Troubleshoot inter-VLAN routing on Layer 3 devices

What is Inter-VLAN Routing?

VLANs are used to segment switched Layer 2 networks for a variety of

reasons. Regardless of the reason, hosts in one VLAN cannot communicate
with hosts in another VLAN unless there is a router or a Layer 3 switch to
provide routing services.

Inter-VLAN routing is the process of forwarding network traffic from one

VLAN to another VLAN.

There are three inter-VLAN routing options:

• Legacy Inter-VLAN routing - This is a legacy solution. It does not scale well.
• Router-on-a-Stick - This is an acceptable solution for a small to medium-sized network.
• Layer 3 switch using switched virtual interfaces (SVIs) - This is the most scalable solution for
medium to large organizations.

Legacy Inter-VLAN Routing

• The first inter-VLAN routing solution relied on using a router with multiple Ethernet interfaces. Each router
interface was connected to a switch port in different VLANs. The router interfaces served as the default
gateways to the local hosts on the VLAN subnet.
• Legacy inter-VLAN routing using physical interfaces works, but it has a significant limitation. It is not
reasonably scalable because routers have a limited number of physical interfaces. Requiring one physical
router interface per VLAN quickly exhausts the physical interface capacity of a router.

Note: This method of inter-VLAN routing is no longer implemented in

switched networks and is included for explanation purposes only.
VLAN Configuration

VLAN Ranges on Catalyst Switches

Catalyst switches 2960 and 3650 support over 4000 VLANs.

VLAN Ranges on Catalyst Switches

VLAN Creation Commands

VLAN details are stored in the vlan.dat file. You create VLANs in the global configuration mode.
:-

VLAN Creation Example

• If the Student PC is going to be in VLAN 20, we will create the VLAN first and then name it.
• If you do not name it, the Cisco IOS will give it a default name of vlan and the four-digit number of the
VLAN. E.g. vlan0020 for VLAN 20.
 VLAN Port Assignment Commands

Once the VLAN is created, we can then assign it to the correct interfaces.

VLAN Port Assignment Example

We can assign the VLAN to the port interface.

• Once the device is assigned the VLAN, then the end device will need the IP address information for that
VLAN
• Here, Student PC receives 172.17.20.22
 Data and Voice VLANs

Data and Voice VLAN Example

• We will want to create and name both Voice and Data VLANs.
• In addition to assigning the data VLAN, we will also assign the Voice VLAN and turn on QoS for the voice
traffic to the interface.
• The newer catalyst switch will automatically create the VLAN, if it does not already exist, when it is assigned
to an interface.
Note: QoS is beyond the scope of this course. Here we do show the use of the mlsqos trust [cos | device cisco-
phone | dscp | ip-precedence] command.
Verify VLAN Information

Use the show vlan command. The complete syntax is:

show vlan [brief | id vlan-id | name vlan-name | summary]

Verify VLAN Information

 Change VLAN Port Membership

There are a number of ways to change VLAN membership:

• re-enter switchport access vlanvlan-id command
• use the no switchport access vlan to place interface back in VLAN 1
Use the show vlan brief or the show interface fa0/18 switchport commands to verify the correct VLAN
association.
 Delete VLANs

Delete VLANs with the no vlanvlan-idcommand.

Caution: Before deleting a VLAN, reassign all member ports to a different VLAN.
• Delete all VLANs with the delete flash:vlan.dat or delete vlan.dat commands.
• Reload the switch when deleting all VLANs.
Note: To restore to factory default – unplug all data cables, erase the startup-configuration and delete the
vlan.dat file, then reload the device.

Trunk Configuration Commands

Configure and verify VLAN trunks. Trunks are layer 2 and carry traffic for all VLANs.
Trunk Configuration Commands

Configure and verify VLAN trunks. Trunks are layer 2 and carry traffic for all VLANs.

Trunk Configuration Example

The subnets associated with each VLAN are:

VLAN 10 - Faculty/Staff - 172.17.10.0/24
VLAN 20 - Students - 172.17.20.0/24
VLAN 30 - Guests - 172.17.30.0/24
VLAN 99 - Native - 172.17.99.0/24

F0/1 port on S1 is configured as a trunk port.

Note: This assumes a 2960 switch using 802.1q tagging. Layer 3 switches require the encapsulation to be
configured before the trunk mode.
 Verify Trunk Configuration

Set the trunk mode and native vlan.

Notice sh int fa0/1 switchport command:
• Is set to trunk administratively
• Is set as trunk operationally (functioning)
• Encapsulation is dot1q
• Native VLAN set to VLAN 99
• All VLANs created on the switch will pass traffic on this trunk
 Reset the Trunk to the Default State

• Reset the default trunk settings with the no command.

• All VLANs allowed to pass traffic
• Native VLAN = VLAN 1
Verify the default settings with a sh int fa0/1 switchport command
Reset the Trunk to the Default State (Cont.)

Reset the trunk to an access mode with the switchport mode access command:
• Is set to an access interface administratively
• Is set as an access interface operationally (functioning)
Introduction to DTP

Dynamic Trucking Protocol (DTP) is a proprietary Cisco protocol.

DTP characteristics are as follows:
• On by default on Catalyst 2960 and 2950 switches
• Dynamic-auto is default on the 2960 and 2950 switches
• May be turned off with the nonegotiate command
• May be turned back on by setting the interface to dynamic-auto
• Setting a switch to a static trunk or static access will avoid negotiation issues with the
switchport mode trunk or the switchport mode access commands.

Negotiated Interface Modes

The switchport mode command has additional options.

Use the switchport nonegotiate interface configuration command to stop DTP negotiation.
 Results of a DTP Configuration

DTP configuration options are as follows:

Verify DTP Mode

The default DTP configuration is dependent on the Cisco IOS version and platform.
• Use the show dtp interface command to determine the current DTP mode.
• Best practice recommends that the interfaces be set to access or trunk and to turnoff DTP
 Experirment-9

Aim:9 Router-on-a-Stick Inter-VLAN Routing

Router-on-a-Stick Scenario:-

• In the figure, the R1 GigabitEthernet 0/0/1 interface is connected to the S1 FastEthernet 0/5 port.
The S1 FastEthernet 0/1 port is connected to the S2 FastEthernet 0/1 port. These are trunk links
that are required to forward traffic within and between VLANs.
• To route between VLANs, the R1 GigabitEthernet 0/0/1 interface is logically divided into three
subinterfaces, as shown in the table. The table also shows the three VLANs that will be
configured on the switches.
 • Assume that R1, S1, and S2 have initial basic configurations. Currently, PC1
and PC2 cannot ping each other because they are on separate networks. Only
S1 and S2 can ping each other, but they but are unreachable by PC1 or PC2
because they are also on different networks.
• To enable devices to ping each other, the switches must be configured with
VLANs and trunking, and the router must be configured for inter-VLAN
routing.

S1 VLAN and Trunking Configuration

Complete the following steps to configure S1 with VLANs and trunking:
Step 1. Create and name the VLANs.
Step 2. Create the management interface.
Step 3. Configure access ports.
Step 4. Configure trunking ports.

S2 VLAN and Trunking Configuration

The configuration for S2 is similar to S1.

R1 Sub-interface Configuration: -

The router-on-a-stick method requires you to create a subinterface for

eachVLAN to be routed. A subinterface is created using
the interface interface_id
subinterface_id global configuration mode command. The
sub-interface syntax is the physical interface followed by a period and
asub-interface number.
Although not required, it is customary to match the sub-interface
number with the VLAN number.

Each sub-interface is then configured with the following two

commands:

• encapsulation dot1q vlan_id [native] - This command

configures the subinterface to respond to 802.1Q
encapsulated traffic from the specified vlan-id.
 The native keyword option is only appended to set the native
VLAN to something other than VLAN 1.
• ip address ip-address subnet-mask - This command
configures the IPv4 address of the subinterface. This address
typically serves as the default gateway for the identified
VLAN.

Repeat the process for each VLAN to be routed. Each router

subinterface must be assigned an IP address on a unique subnet for
routing to occur. When all subinterfaces have been created, enable
the physical interface using the no shutdown interface
configuration command. If the physical interface is disabled, all
subinterfaces are disabled.

R1 Subinterface Configuration (Cont.)

In the configuration, the R1 G0/0/1 subinterfaces are configured
for VLANs 10, 20, and 99.
Verify Connectivity Between PC1 and PC2

The router-on-a-stick configuration is complete after the switch

trunk and the router sub-interfaces have been configured. The
configuration can be verified from the hosts, router, and switch.

From a host, verify connectivity to a host in another VLAN using

the ping command. It is a good idea to first verify the current host
IP configuration using the ipconfig Windows host command.

Next, use ping to verify connectivity with PC2 and S1, as shown in
the figure. The ping output successfully confirms inter-VLAN
routing is operating.

Verify Connectivity Between PC1 and PC2 ( Cont…)

Router-on-a-Stick Inter-VLAN Routing Verification: -

In addition to using ping between devices, thefollowing show commands

can be used to verify and troubleshoot the router-on-a-stick
configuration.
• show ip route
• show ip interface brief
• show interfaces
• show interfaces trunk
 Experirment-10

Aim: 10-Inter-VLAN Routing using Layer 3 Switches.

Layer 3 Switch Inter-VLAN Routing

• Inter-VLAN routing using the router-on-a-stick method is simple to implement for a small to
medium-sized organization. However, a large enterprise requires a faster, much more scalable
method to provide inter-VLAN routing.
• Enterprise campus LANs use Layer 3 switches to provide inter-VLAN routing. Layer 3 switches
use hardware-based switching to achieve higher-packet processing rates than routers. Layer 3
switches are also commonly implemented in enterprise distribution layer wiring closets.

Capabilities of a Layer 3 switch include the ability to do the following:

• Route from one VLAN to another using multiple switched virtual interfaces (SVIs).
• Convert a Layer 2 switchport to a Layer 3 interface (i.e., a routed port). A routed port is similar to
a physical interface on a Cisco IOS router.
• To provide inter-VLAN routing, Layer 3 switches use SVIs. SVIs are configured using the
same interface vlan vlan-id command used to create the management SVI on a Layer 2 switch. A
Layer 3 SVI must be created for each of the routable VLANs.

Layer 3 Switch Scenario: -

In the figure, the Layer 3 switch, D1, is connected to two hosts on different VLANs. PC1 is in
VLAN 10 and PC2 is in VLAN 20, as shown. The Layer 3 switch will provide inter-VLAN
routing services to the two hosts.
 Layer 3 Switch Configuration: -

Complete the following steps to configure S1 with VLANs and trunking:

• Step 1. Create the VLANs. In the example, VLANs 10 and 20 are used.
• Step 2. Create the SVI VLAN interfaces. The IP address configured will serve as the default
gateway for hosts in the respective VLAN.
• Step 3. Configure access ports. Assign the appropriate port to the required VLAN.
• Step 4. Enable IP routing. Issue the ip routing global configuration command to allow traffic to
be exchanged between VLANs 10 and 20. This command must be configured to enable inter-
VAN routing on a Layer 3 switch for IPv4.

Layer 3 Switch Configuration: -

Layer 3 Switch Inter-VLAN Routing Verification: -

 Inter-VLAN routing using a Layer 3 switch is simpler to configure than the router-on-a-stick
method. After the configuration is complete, the configuration can be verified by testing
connectivity between the hosts.

• From a host, verify connectivity to a host in another VLAN using the ping command. It is a good
idea to first verify the current host IP configuration using the ipconfig Windows host command.
• Next, verify connectivity with PC2 using the ping Windows host command. The successful
ping output confirms inter-VLAN routing is operating

Routing on a Layer 3 Switch: -

If VLANs are to be reachable by other Layer 3 devices, then they must be advertised using static
or dynamic routing. To enable routing on a Layer 3 switch, a routed port must be configured.

A routed port is created on a Layer 3 switch by disabling the switchport feature on a Layer 2 port
that is connected to another Layer 3 device. Specifically, configuring the no switchport interface
configuration command on a Layer 2 port converts it into a Layer 3 interface. Then the interface
can be configured with an IPv4 configuration to connect to a router or another Layer 3 switch.

Routing Scenario on a Layer 3 Switch: -

In the figure, the previously configured D1 Layer 3 switch is now connected to R1. R1 and D1
are both in an Open Shortest Path First (OSPF) routing protocol domain. Assume inter-VLAN
has been successfully implemented on D1. The G0/0/1 interface of R1 has also been configured
and enabled. Additionally, R1 is using OSPF to advertise its two networks, 10.10.10.0/24 and
10.20.20.0/24.

Note: OSPF routing configuration is covered in another course. In this module, OSPF
configuration commands will be given to you in all activities and assessments. It is not required
that you understand the configuration in order to enable OSPF routing on the Layer 3 switch.

Routing Configuration on a Layer 3 Switch: -

Complete the following steps to configure D1 to route with R1:

• Step 1. Configure the routed port. Use the no switchport command to convert the port to a routed
port, then assign an IP address and subnet mask. Enable the port.
• Step 2. Enable routing. Use the ip routing global configuration command to enable routing.
• Step 3. Configure routing. Use an appropriate routing method. In this example, Single-Area
OSPFv2 is configured
• Step 4. Verify routing. Use the show ip route command.
• Step 5. Verify connectivity. Use the ping command to verify reachability