Professional Documents
Culture Documents
Task 1: Configure VLAN, Voice VLAN, VTP and Inter-VLAN Routing in HQ (15 minutes)
Step 1: Configure VTP Settings on F2SW1 and F1SW1. F2SW1 is server and F1SW1 is client The domain name is HQ The password is cisco Configure F2SW1 as server and set the domain name and password.
F2SW1(config)#vtp mode server F2SW1(config)#vtp domain HQ F2SW1(config)#vtp password cisco
Now configure F1SW1 as client and set the domain name and password.
F1SW1(config)#vtp mode server F1SW1(config)#vtp domain HQ F1SW1(config)#vtp password cisco
Step 2: Configure Trunking on F2SW1 and F1SW1 Trunking ports for F2SW1 and F1SW1 are all ports attached to another switch or router. Set all trunking ports to trunk mode, and assign VLAN 6 as the native VLAN. On F2SW1, configure port Fa0/1 and Fa0/24 as trunk port.
F2SW1(config)#int fa0/1 F2SW1(config-if)#switchport F2SW1(config-if)#switchport F2SW1(config-if)#exit F2SW1(config)#int fa0/24 F2SW1(config-if)#switchport F2SW1(config-if)#switchport F2SW1(config-if)#exit mode trunk trunk native vlan 6
2 wireless 3 programmers 4 sales 5 server 6 mgmt&native 1002 fddi-default 1003 token-ring-default 1004 fddinet-default 1005 trnet-default F2SW1#
2 wireless 3 programmers 4 sales 5 server 6 mgmt&native 1002 fddi-default 1003 token-ring-default 1004 fddinet-default 1005 trnet-default F1SW1#
F2SW1(config-if-range)#switchport access vlan 5 F2SW1(config-if-range)#exit Assign ports of F1SW1 to VLANs. Assign Fa0/1 to sales VLAN, Fa0/2 and Fa0/3 to programmers VLAN, Fa0/4 to voice VLAN, and Fa0/23 to wireless VLAN. F1SW1(config)#int fa0/1 F1SW1(config-if)#switchport mode access F1SW1(config-if)#switchport access vlan 4 F1SW1(config-if)#exit F1SW1(config)#int range fa0/2-3 F1SW1(config-if-range)#switchport mode access F1SW1(config-if-range)#switchport access vlan 3 F1SW1(config-if-range)#exit F1SW1(config)#int fa0/4 F1SW1(config-if)#switchport mode access F1SW1(config-if)#switchport voice vlan 1 F1SW1(config-if)#exit F1SW1(config)#int range fa0/23 F1SW1(config-if-range)#switchport mode access F1SW1(config-if-range)#switchport access vlan 2 F1SW1(config-if-range)#exit After port assignments, return to privileged EXEC and issue the show vlan brief command to check the new port assignments.
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 63ms, Maximum = 109ms, Average = 82ms Now try to ping Sales PC1 (172.16.20.2) to Programmer PC1 (172.16.19.2). It will not be successful.
255.255.255.0
255.255.255.192
255.255.255.224
255.255.255.0
255.255.255.0
255.255.255.240
At this point you should be able to reach the hosts of different VLANs. Try to ping Sales PC1 (172.16.20.2) to Programmer PC1 (172.16.19.2). It will now be successful.
Wireless PCs and IP Phones should now get IP address from respective DHCP pool.
Step 2: Configure and activate the Serial 0/0/0 interface on BR1 Configure the interface with the following information: IP Address Frame Relay encapsulation Mappings to HQ and BR2
BR1(config)#int Se0/0/0 BR1(config-if)#encapsulation frame-relay BR1(config-if)#no shutdown BR1(config-if)#exit BR1(config)#int Se0/0/0.1 point-to-point BR1(config-subif)# description BR1 -> HQ BR1(config-subif)# ip address 10.0.1.2 255.255.255.252 BR1(config-subif)# frame-relay interface-dlci 201 BR1(config-subif)#exit BR1(config)#int Se0/0/0.2 point-to-point BR1(config-subif)# description BR1 -> BR2 BR1(config-subif)# ip address 10.0.1.9 255.255.255.252 BR1(config-subif)# frame-relay interface-dlci 203 BR1(config-subif)#exit Return to privileged EXEC and issue the command show frame-relay map command to verify the mapping.
Step 3: Configure and activate the Serial 0/0/0 interface on BR2 Configure the interface with the following information: IP Address Frame Relay encapsulation Mappings to HQ and BR1
BR2(config)#int Se0/0/0 BR2(config-if)#encapsulation frame-relay BR2(config-if)#no shutdown BR2(config-if)#exit BR2(config)#int Se0/0/0.1 point-to-point BR2(config-subif)# description BR2 -> HQ BR2(config-subif)# ip address 10.0.1.6 255.255.255.252 BR2(config-subif)# frame-relay interface-dlci 301 BR2(config-subif)#exit BR2(config)#int Se0/0/0.2 point-to-point BR2(config-subif)# description BR2 -> BR1 BR2(config-subif)# ip address 10.0.1.10 255.255.255.252
BR2(config-subif)# frame-relay interface-dlci 302 BR2(config-subif)#exit Return to privileged EXEC and issue the command show frame-relay map command to verify the mapping.
Step 4: Verify EIGRP Configuration on router BR2 and BR3 and examine routing table
Return to privileged EXEC and issue the following commands to verify EIGRP configuration. show show show show run ip eigrp neighbors ip eigrp topology ip route
At this point you should not be able to see OSPF routes in BR3. You need to do mutual redistribution in BR2.
10
Step 4: Assign IP address to Fa0/0 and activate the interface on router ISP
ISP(config)#int fa0/0 ISP(config-if)#ip add 200.2.2.17 255.255.255.252 ISP(config-if)#no shutdown
Step 2: Define an access list named SRC that will match the inside private IP addresses
HQ(config)# ip access-list standard SRC HQ(config-std-nacl)# permit 172.16.16.0 HQ(config-std-nacl)# permit 172.16.32.0 HQ(config-std-nacl)# permit 172.16.64.0 HQ(config-std-nacl)# permit 192.168.2.0 0.0.7.255 0.0.7.255 0.0.7.255 0.0.0.255
Step 3: Define the NAT translation from inside list to outside pool
HQ(config)# ip nat inside source list SRC pool public_access
11
HQ(config-subif)#int fa0/1.3 HQ(config-subif)#ip nat inside HQ(config-subif)#int fa0/1.4 HQ(config-subif)#ip nat inside HQ(config-subif)#int fa0/1.5 HQ(config-subif)#ip nat inside HQ(config-subif)#int fa0/1.6 HQ(config-subif)#ip nat inside HQ(config-subif)#int S0/0/0.1 HQ(config-subif)#ip nat inside HQ(config-subif)#int S0/0/0.2 HQ(config-subif)#ip nat inside
Task 10: Configure ACL on router ISP to restrict private IP address block (3 minutes)
Step 1: Define an access list named RST that will match the private IP address block
ISP(config)# ip access-list standard RST HQ(config-std-nacl)# deny 10.0.0.0 0.255.255.255 HQ(config-std-nacl)# deny 172.16.0.0 0.15.255.255 HQ(config-std-nacl)# deny 192.168.0.0 0.0.255.255 HQ(config-std-nacl)# permit any
12