Professional Documents
Culture Documents
Completed Topology
Objectives
• View the default Layer 2 configuration.
• Configure EtherChannel.
Background/Scenario
EtherChannel enables the switch administrator to increase bandwidth between switches by bundling together
between 2 and 8 links. In this scenario, you will bundle two Fast Ethernet links to form a single logical link with an
effective full-duplex bandwidth of 400 Mb/s.
NOTE: This activity is for observation purposes only and does not require configuration, thus grading will not be
conducted.
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 32
CCNA Exploration
LAN Switching and Wireless
Step 2. Add a logical Port Channel associated with the physical interfaces.
a. Create Port Channel 1 with the interface port-channel 1 command.
b. Enter the switchport mode trunk command.
Observation: Ports F0/11 and F0/12 appear under Group 1, associated with a Port Channel labeled
Po1.The default port bundling protocol is PAgP.
Observation: The physical ports F0/11 and F0/12, and the logical port Po1 all appear as 802.11Q trunk
ports.
c. On DLS1, enter the command ping 10.10.10.2. The ping should be successful.
d. Enter the command show running-config to determine the EtherChannel load-balancing mechanism.
Observation: The output displays “port-channel load-balance src-mac”, indicating that load balancing
across the logical EtherChannel is based on the source MAC address of the data.
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 32
CCNA Exploration
LAN Switching and Wireless
Background/Scenario
Four routers must be interconnected in a hub-and-spoke Frame Relay configuration. Router R1 is the hub, and
routers R2, R3, and R4 are spoke routers. The Frame Relay connections will be established using Frame Relay
point-to-point connections over subinterfaces from R1 to each spoke router. Routing will be established using
static routes on the hub router and default routes on all spoke routers. The frame relay switch(es) have already
been configured within the cloud.
Remote administrative access is established using SSH with the username admin and password cisco.
Task 1: Configure Frame Relay and Static Routing on the Hub Router (R1).
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 32
CCNA Exploration
LAN Switching and Wireless
j. Create and configure subinterface s0/0/0.102. From global configuration mode, enter the following
commands:
R1(config)# interface Serial0/0/0.102 point-to-point
R1(config-subif)# ip address 10.0.1.1 255.255.255.252
R1(config-subif)# frame-relay interface-dlci 102
R1(config-subif)# exit
k. Repeat the above steps to create and configure subinterface s0/0/0.103 and s0/0/0.104.
R1(config)# interface Serial0/0/0.103 point-to-point
R1(config-subif)# ip address 10.0.1.5 255.255.255.252
R1(config-subif)# frame-relay interface-dlci 103
R1(config-subif)# exit
R1(config)# interface Serial0/0/0.104 point-to-point
R1(config-subif)# ip address 10.0.1.9 255.255.255.252
R1(config-subif)# frame-relay interface-dlci 104
R1(config-subif)# exit
Step 4. Configure Static Routing on R1 to reach the LANs of each spoke router.
Routing between sites could be configured using dynamic or static routing. In this activity, you will configure static
routes to each remote LAN sites.
l. From global configuration mode, enter the following static routes.
R1(config)# ip route 10.20.20.0 255.255.255.0 10.0.1.2
R1(config)# ip route 10.30.30.0 255.255.255.0 10.0.1.6
R1(config)# ip route 10.40.40.0 255.255.255.0 10.0.1.10
m. Exit out of configuration mode and issue the show running-config command to view the final
configuration on R1.
Task 2: Configure Frame Relay and Default routing on the Spoke Routers.
Step 1. Configure the Physical Frame Relay Interface on the spoke routers.
Just as we configured the hub router for Frame Relay, the spoke routers must also be configured.
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 32
CCNA Exploration
LAN Switching and Wireless
q. On router R4, configure the following commands. Assign DCLI 101 to the frame-relay connection.
R4(config)# interface serial0/0/0
R4(config-if)# encapsulation frame-relay
R4(config-if)# no shutdown
R4(config)# interface Serial0/0/0.101 point-to-point
R4(config-subif)# ip address 10.0.1.10 255.255.255.252
R4(config-subif)# frame-relay interface-dlci 101
R4(config-subif)# exit
R4(config)# ip route 0.0.0.0 0.0.0.0 10.0.1.9
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 32
CCNA Exploration
LAN Switching and Wireless
LMI Statistics for interface Serial0/0/0.102 (Frame Relay DTE) LMI TYPE = CISCO
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Sent 0 Num Status msgs Rcvd 0
Num Update Status Rcvd 0 Num Status Timeouts 16
LMI Statistics for interface Serial0/0/0.103 (Frame Relay DTE) LMI TYPE = CISCO
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Sent 0 Num Status msgs Rcvd 0
Num Update Status Rcvd 0 Num Status Timeouts 16
LMI Statistics for interface Serial0/0/0.104 (Frame Relay DTE) LMI TYPE = CISCO
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Sent 0 Num Status msgs Rcvd 0
Num Update Status Rcvd 0 Num Status Timeouts 16
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 6 of 32
CCNA Exploration
LAN Switching and Wireless
DLCI = 103, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0.103
DLCI = 104, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0.104
NOTE: PC1 and PC3 should now be able to successfully ping each other and the web server. If not, make sure
that you entered all the commands exactly as specified in the previous steps.
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 7 of 32
CCNA Exploration
LAN Switching and Wireless
Completed Topology
Objectives
• View the default Layer 2 configuration.
• Configure the switch virtual interfaces (SVIs).
• Verify inter-VLAN routing.
Background/Scenario
Inter-VLAN routing on distribution layer switches is made possible with switch virtual interfaces (SVIs). Multilayer
switches, such as Cisco Catalyst 3560 switches, are capable of wirespeed IP routing in addition to traditional
Layer 2 switching. In this case, distribution layer bound IP subnets with hosts pointing to the SVIs as default
gateways for the respective IP subnets. Full IP communications, previously available only with dedicated routers,
are made available with these multilayer switches.
In this configuration, two distribution layer switches, DLS1 and DLS2 are connected in a partial-mesh topology
with the access layer switches, ALS1 and ALS2. DLS1 and DLS2 load balance the traffic at Layer 2 on a per-
VLAN basis. SVIs are configured for each VLAN to enable inter-VLAN IP communication.
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 8 of 32
CCNA Exploration
LAN Switching and Wireless
Observation: Fa0/1, Fa0/2, and Fa0/3 are configured for 802.1q trunking. Additionally, all three are
configured to trunk VLANs 1, 10, 20, 30, 99 and all default vlans. The native management VLAN is
VLAN99.
b. On DLS1, configure IP addresses for each SVI. VLAN10: 10.0.10.1/24, VLAN20: 10.0.20.1/24,
VLAN30: 10.0.30.1/24, and VLAN99: 10.0.99.1/24.
Example
DLS1(config)# interface vlan 10
DLS1(config-if)# ip address 10.0.10.1 255.255.255.0
c. On DLS2, configure IP addresses for each SVI. VLAN10: 10.0.10.2/24, VLAN20: 10.0.20.2/24,
VLAN30: 10.0.30.2/24, VLAN99: 10.0.99.2/24.
Step 2. Test ICMP connectivity from the access layer switches to the distribution layer SVIs.
aa. On ALS1, issue the privileged EXEC command ping 10.0.10.1. Repeat for 10.0.10.2, 10.0.20.1,
10.0.20.2, 10.0.30.1, 10.0.30.2, 10.0.99.1, and 10.0.99.2. The ping tests should all be successful.
bb. On ALS2, issue the privileged EXEC command ping 10.0.10.1. Repeat for 10.0.10.2, 10.0.20.1,
10.0.20.2, 10.0.30.1, 10.0.30.2, 10.0.99.1, and 10.0.99.2. The ping tests should all be successful.
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 9 of 32
CCNA Exploration
LAN Switching and Wireless
Background/Scenario
Three routers must be interconnected in a simple IPv6 configuration. Routing will be established using RIPng.
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 10 of 32
CCNA Exploration
LAN Switching and Wireless
R2# conf t
R2(config)# ipv6 unicast-routing
R2(config)# interface Serial0/0/0
R2(config-if)# ipv6 address 2001:410:1:10::/65 eui-64
R2(config-if)# ipv6 rip PROCESS1 enable
R2(config-if)# no shutdown
R2(config-if)# exit
R2(config)# interface Serial0/0/1
R2(config-if)# ipv6 address 2001:410:2:10::/65 eui-64
R2(config-if)# ipv6 rip PROCESS1 enable
R2(config-if)# clock rate 64000
R2(config-if)# no shutdown
R2(config-if)# exit
R3# conf t
R3(config)# ipv6 unicast-routing
R3(config)# interface Serial0/0/1
R3(config-if)# ipv6 address 2001:410:2:10::/65 eui-64
R3(config-if)# ipv6 rip PROCESS1 enable
R3(config-if)# no shutdown
R3(config-if)#end
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 11 of 32
CCNA Exploration
LAN Switching and Wireless
a. First, verify which interfaces have been configured to support IPv6 using the show ipv6 interface brief command
on R1, R2 and R3.
Note: On R1, only Serial 0/0/0 displays any IPv6 addresses. To get more information on these addresses use the
show ipv6 interface s0/0/0 command. R2 and R3 will be different. The address beginning with FE80 is the link
local address and the address beginning with 2001 is the global unicast address. Both were created when the
ipv6 address with the EUI-64 option specified. Recall that the EUI-64 inserts the hex digits FFE in the IPv6
address. Write down the global unicast address for each of the interfaces.
b. Issue the show ipv6 rip database command to verify the specifics of the IPv6 RIP database.
c. Next, verify the routing IPv6 table using the show ipv6 route command on R1.
d. Finally, test connectivity by pinging the R3 serial0/0/0 interface from R1. Use the address that you wrote down
as the global unicast address (starting with 2001). When asked for the outgoing interface, specify serial0/0/0.
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 12 of 32
CCNA Exploration
LAN Switching and Wireless
Objectives
• View the default Layer 2 configuration.
• Configure port security.
Background/Scenario
Port security enables the switch administrator to prevent unauthorized devices from gaining access to the
network. Port security is normally enabled on access layer switches for this purpose.
NOTE: This activity is for observation purposes only and does not require configuration, thus grading will not be
conducted.
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 13 of 32
CCNA Exploration
LAN Switching and Wireless
Observation: On S1, ports F0/1 and F0/2 are 802.1Q trunk ports. On S2, port F0/1 is an 802.1Q trunk
port. On S3, port F0/2 is an 802.1Q trunk port. The native VLAN is 99 for all trunk ports.
ee. Issue the show vlan command to verify proper VLAN configuration.
Observation: VLANs 10 (faculty/staff), 20 (students), 30 (guest), and 99 (management) are configured
on the three switches: VLAN 1 is the default VLAN on each switch.
S1 VLAN 1: all ports except for trunk ports F0/1 and F0/2.
S2 VLAN 1: ports F0/2-5, G1/1-2.
S2 VLAN 10: ports F0/11-17
S2 VLAN 20: ports F0/18-24
S2 VLAN 30: ports F0/6-10
S3 VLAN 1: ports F0/1, F0/3-5, G1/1-2
S3 VLAN 10: ports F0/18-24
S3 VLAN 20: ports F0/11-17
S3 VLAN 30: ports F0/6-10
Step 1. Enable port security on S2 and enforce a maximum number of MAC addresses.
jj. To enable port security on S2, enter the interface mode for port F0/6 and issue the command
switchport port-security.
ll. On ports F0/6, F0/11, and F0/18 of S2, enter the command switchport port-security maximum
mm. Enter the show run command in privileged EXEC mode to see the effect of step 2.a.
Observation: The command switchport port-security maximum 1 does not appear under the
interfaces F0/6, F0/11, and F0/18. This is because the default maximum for port security on an interface
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 14 of 32
CCNA Exploration
LAN Switching and Wireless
is 1. The command switchport port-security maximum # will only appear if a value higher than 1 is
configured.
nn. Repeat steps a through d on ports F0/6, F0/11, and F0/18 of switch S3.
Step 2. Configure dynamic learning for port security and verify operation.
oo. On ports F0/6, F0/11, and F0/18 of S2 and S3, enter the command switchport port-security mac-
address sticky. Issue the show run command to view the final configuration on both S2 and S3.
pp. Click on PC6. PC6 is currently connected to Fa0/6 on S3. From the command prompt on PC6, issue
the command ping 172.17.30.23. This will ping PC3, which is connected to Fa0/6 on S2. The ping
should be successful.
qq. On S2 and S3, enter the command show run and check to see if anything has changed in the output.
Observation: On S2, the entry “switchport port-security mac-address sticky 0001.C7CA.E31C” now
appears under the configuration for port F0/6. On S3, the entry “switchport port-security mac-address
sticky 0030.A3A5.A8C2” now appears under the configuration for port F0/6.
tt. Select the lightening bolt button on the bottom left-hand corner of the PT window to pull up
connection types. Click the “copper straight-through” connection. Click the TestPC device and select
the fastethernet port. Next, click on S3 and select port Fa0/6.
uu. From the command prompt of TestPC type the command ping 172.17.30.23. The ping should fail.
ww.Delete the connection between TestPC and S3. Place a new connection between PC6 and S3 using
port Fa0/6. Remember that once a port is shutdown due to a security violation, the port must be
administratively shutdown and re-enabled to bring the port back online. On Fa0/6 on S3, issue the
command no shutdown.
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 15 of 32
CCNA Exploration
LAN Switching and Wireless
xx. From the command prompt on PC6, type the command ping 172.17.30.23. The ping should succeed.
On S3, issue the command show port-security interface Fa0/6. The status of the port should be back
to normal.
Configuring RSTP
Objectives
• View the default Layer 2 configuration.
• Enable RSTP.
• Configure primary and secondary root bridges.
Background/Scenario
Spanning tree modes other than PVST+ are available. One of these modes is RSTP (rapid spanning tree
protocol), which greatly reduces the time between a port coming up and changing to forwarding, while still
preventing bridging loops. During the transition period between RSTP states, rapid spanning tree falls back to
regular spanning tree on links that have regular spanning tree on one side.
In this configuration, two distribution layer switches, DLS1 and DLS2 are connected in a full-mesh topology with
the access layer switches, ALS1 and ALS2. DLS1 and DLS2 load balance the traffic at Layer 2 on a per-VLAN
basis.
b. From privileged EXEC mode, issue the show interfaces trunk and show interfaces switchport commands.
Observation: Fa0/7, Fa0/9 and Fa0/11 have all been configured as trunk ports.
c. On the two distribution switches (DLS1 and DLS2), issue the show vlan command to verify proper VLAN
configuration.
Observation: Ports Fa0/7, Fa0/9 and Fa0/11 are not listed within a specific vlan. Also VLAN100, 110, 120 and
130 are created and active:
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 16 of 32
CCNA Exploration
LAN Switching and Wireless
Observation: In DLS1 and DLS2, the operating mode is set to “server”. In ALS1 and ALS2, the operating mode is
set to “client”.
c. Verify that DLS1 is the root bridge for all the VLANs.
Observation: In the show spanning-tree output the line “This bridge is the root” indicates the current switch is
the root bridge. Additionally, the show spanning-tree summary output indicates: Root bridge for: default Server-
Farm-1 Server-Farm-2 Net-Eng Staff
d. Verify that ports F0/7, F0/9, and F0/11 are designated forwarding ports on DLS1.
Observation: In the output, each interface is listed with the status set to forward. Example: Fa0/7 Desg FWD
Step 4. Verify IEEE 802.1D spanning-tree and port status on DLS2, ALS1, and
ALS2.
a. On each switch, issue the show spanning-tree command.
b. On DLS2, verify that port F0/7 is designated forwarding, port F0/9 is non-designated blocking, and F0/11 is root
forwarding.
c. On ALS1, verify that port F0/7 is root forwarding and ports F0/9 and F0/11 are designated forwarding.
d. On ALS2, verify that ports F0/7 and F0/11 are non-designated blocking and port F0/9 is root forwarding.
Observation: in the show spanning-tree output, you should see each interface listed with the status set.
Example: Fa0/9 Altn BLK (meaning non-designated blocking)
Step 2. Configure DLS1 as the primary root bridge for VLANs 1, 100, and 120 and
as the secondary root bridge for VLANs 110 and 130.
a. On DLS1, issue the spanning-tree vlan 1,100,120 root primary command.
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 17 of 32
CCNA Exploration
LAN Switching and Wireless
Step 3. Configure DLS2 as the primary root bridge for VLANs 110 and 130 and as
the secondary root bridge for VLANs 1, 100, and 120.
a. On DLS2, issue the spanning-tree vlan 110,130 root primary command.
b. On PT, below the topology, click on the button “power cycle devices”.
a. Issue the show spanning-tree summary command to verify which version of spanning tree protocol is running
on DLS1 and to observe the VLANs for which DLS1 is the root bridge.
Observation:
DLS1# show spanning-tree summary
Switch is in rapid-pvst mode
Root bridge for: default Server-Farm-1 Net-Eng
b. Next, issue the show spanning-tree summary command to verify which version of spanning tree protocol is
running on DLS2 and to observe the VLANs for which DLS2 is the root bridge.
Observation:
DLS2# show spanning-tree summary
Switch is in rapid-pvst mode
Root bridge for: Server-Farm-2 Staff
Note: If this output does not appear, go back and ensure that all commands from Task 2 were performed on all
switches. Also, be sure to power cycle the devices to allow for quicker convergence in PT.
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 18 of 32
CCNA Exploration
LAN Switching and Wireless
Configuring SSH
Objectives
• View the default internetwork configuration.
• Enable SSH.
• Interconnect using SSH.
Background/Scenario
Traditionally, remote administrative access on routers was configured using Telnet on TCP port 23. However,
Telnet was developed in the days when security was not an issue. For this reason, all Telnet traffic is forwarded in
plain text. SSH has replaced Telnet as the best practice for providing remote router administration with
connections that support strong privacy and session integrity. SSH uses port TCP 22. It provides functionality that
is similar to that of an outbound Telnet connection, except that the connection is encrypted. With authentication
and encryption, SSH allows for secure communications over an insecure network. In this configuration, four
routers are interconnected in a hub-and-spoke Frame Relay configuration. Router R1 is the hub, and routers R2,
R3, and R4 are the spokes. Dynamic routing has been configured using multiarea OSPF.
c. From privileged EXEC mode on all four routers, issue the show frame-relay map command to verify Frame
Relay connectivity.
From privileged EXEC mode on all four routers, issue the show ip route command to verify the all network
segments are being advertised.
b. Again from router R1, Telnet to R2 using it’s LAN interface IP address. Exit and repeat the step for routers R3
and R4.Ping other PCs on the same network.
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 19 of 32
CCNA Exploration
LAN Switching and Wireless
a. The hostname on R1 is pre-configured. Therefore configure the domain name cisco.com using the ip domain-
name domain-name command.
b. The asymmetrical RSA keys must be generated on R1 using the crypto key generate rsa command. When
prompted for a modulus size, specify a modulus of 1024 bits.
c. SSH will prompt for a username and password combination when enabled. Therefore, a local username
database entry must be configured using the username name password password command. Create a local
account for the user admin and password cisco.
d. Configure the SSH version using the ip ssh version command. In this lab, we will be configuring to use version
2.
e. Next, we need to disable Telnet and enable SSH communication to the VTY lines. To do so, enter the following
commands on R1.
Your completion percentage should be 25%. If not, click Check Results to see which required components are not
yet completed.
Your completion percentage should be 100%. If not, click Check Results to see which required components are
not yet completed.
After configuring SSH on all routers, verify the SSH configuration on R1.
a. Issue the show ip ssh command to verify which version of SSH is configured, and what the default settings
are.
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 20 of 32
CCNA Exploration
LAN Switching and Wireless
b. Next, issue the show ip ssh command to verify if SSH is currently running.
R1#show ssh
%No SSHv2 server connections running.
%No SSHv1 server connections running.
a. Now Telnet to router R2.ext, to issue the show ip ssh command to verify if SSH is currently running.
Recall that Telnet was deactivated using the no transport input all command. Only SSH can be used to establish a
remote connection.
b. Using R1 as the SSH client, SSH to router R2 using the ssh –l username ip-address command.
Password:
c. When prompted for a password, enter cisco. You should now be connected to router R2.
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 21 of 32
CCNA Exploration
LAN Switching and Wireless
Background/Scenario
The spanning-tree protocol is useful in ensuring that loops do not exist in the network. However, it can introduce
increased latency and unintended inefficiencies if left to auto negotiate the root bridge. In this activity, observe
how the spanning-tree protocol affects path selection and how that path selection can change based on the
configuration of the root bridge.
zz. From privileged EXEC mode, issue the show spanning-tree command and observe the output.
Observation: Central is NOT the root bridge. Notice that Fa0/13 is placed in designated forwarding,
Gi0/2 is placed in alternate blocking, and Gi0/1 is specified as Root Fwd. Gi0/1 is connected to Switch1.
aaa. On Switch1, from the privileged EXEC mode, issue the show spanning-tree command.
Observation: Switch1 is NOT the root bridge. Notice that all ports are forwarding, and fa0/22 is specified
as Root Fwd. Fa0/22 is connected to SW-B.
bbb. On SW-B, from the privileged EXEC mode, issue the show spanning-tree command.
Observation: SW-B is the root bridge. This is evident by the line “This bridge is the root”.
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 22 of 32
CCNA Exploration
LAN Switching and Wireless
ddd. Close the Event List window by selecting the x in the upper right-hand corner, just below the
Viewport button. This will allow you to see then entire topology.
eee. Notice the Auto Capture / Play button and the Capture / Forward button on the bottom screen of
the PT window. Below these buttons is a drop down box with Scenario 0 and Scenario 1. Be sure that
Scenario 0 is selected. Scenario 0 is a ping originating from PC-PT E1 and destined to Server-PT
Workgroup Server 1. Click the Auto Capture / Play button to view the path that the packet will take to
reach that server. When the Buffer Full message appears, click on view previous events.
fff. Is the path that the packet took to reach that destination the most efficient path? Why did the packet
take that path?
ggg. Next, in the drop down box, select Scenario 1. Scenario 1 is a ping originating from PC-PT E2
and destined for Server-PT Workgroup Server 2. Click the Auto Capture / Play button to view the path
that the packet will take to reach that server. When the Buffer Full message appears, click on view
previous events.
hhh. Is the path that the packet took to reach that destination the most efficient path? Why did the
packet take that path?
kkk.From the EXEC priviledge mode, enable the central switch as the root bridge by typing the command
spanning-tree vlan 1 root primary.
lll. Save the configuration with the command copy run start.
nnn. From the EXEC priviledge mode, enable the Switch 2 as the secondary root bridge by typing the
command spanning-tree vlan 1 root secondary.
ooo. Save the configuration with the command copy run start.
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 23 of 32
CCNA Exploration
LAN Switching and Wireless
through the blocking, listening, or learning states. For this exercise, enable portfast on ports that
are connected to servers.
ppp. Click on SW-A
qqq. Using the interface range command, enable portfast on ports Fa0/1 – Fa0/4. Additionally enable
portfast on the port connected to Workgroup Server 2 (Fa0/13)
Example:
Switch(config)# interface range fa0/1 – fa0/4
Switch(config-if-range)# spanning-tree portfast
Switch(config-if-range)# interface fa0/13
Switch(config-if)# spanning-tree portfast
rrr. Save the configuration with the copy run start command.
sss.Repeat steps a and b on switches SW-B, SW-C, SW-D, SW-E, and SW-F. In addition, on switch
Central, enable portfast on port fa0/13
ttt. Once you have completed the configuration, click the button “power cycle devices”. This will reboot all
devices and allow you to watch the spanning-tree convergence. Be sure that you saved all
configurations before rebooting devices.
vvv.Close the Event List window by selecting the x in the upper right-hand corner, just below the Viewport
button. This will allow you to see then entire topology.
www. In the drop down box, select Scenario 0. Scenario 0 is a ping originating from PC-PT E1 and
destined to Server-PT Workgroup Server 1. Click the Auto Capture / Play button to view the path that
the packet will take to reach that server. When the Buffer Full message appears, click on view
previous events.
xxx.How has the path changed? Is the path more efficient? Is there more efficient paths available?
yyy.Next, in the drop down box, select Scenario 1. Scenario 1 is a ping originating from PC-PT E2 and
destined for Server-PT Workgroup Server 2. Click the Auto Capture / Play button to view the path that
the packet will take to reach that server. When the Buffer Full message appears, click on view
previous events.
zzz.How has the path changed? Is the path more efficient? Is there more efficient paths available?
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 24 of 32
CCNA Exploration
LAN Switching and Wireless
Step 7. Reflection.
aaaa. How does specifying the root bridge affect efficiencies in the network? Changing the root bridge
affects how packets are forwarded. With the root bridge, all ports are placed to forwarding. Whereas
on other switches, certain ports may be placed in blocking, preventing traffic from taking the most
“efficient” path.
bbbb. What are some factors that may be important to consider when selecting the root bridge? The
decision varies on several factors. In this case, Central is the connection to the Internet and the
Workgroup Server 1 and may be the most important or commonly accessed path for all devices. In
addition, the speed of the connections to Central is Gigabit, versus Fastethernet. So packets taking
that path have faster connection times.
cccc. In this topology there is only one VLAN and 1 root bridge. There is a separate instance of
spanning-tree for each VLAN. How can specifying multiple VLANS and different root bridges for each
VLAN improve efficiency? If there are several devices that must reach a specific server, such as
workgroup server 2, it is possible to place all of these devices and the server in a separate VLAN.
The root bridge for that VLAN can then be specified based on the most efficient path to reach that
server.
dddd. How does enabling portfast increase efficiency in the network? The STP for that port assumes
that the port is not part of a loop and immediately moves to the forwarding state and does not go
through the blocking, listening, or learning states. For a switch that is newly connected to the
network, this means that host devices connected to portfast enabled ports will be able to start sending
and receiving traffic immediately.
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 25 of 32
CCNA Exploration
LAN Switching and Wireless
2) All other ping and telnet traffic from the external network to internal devices should be denied.
4) All established traffic (traffic from the external network in response to a request from a host on the internal
network) should be permitted.
5) All traffic originating from the external network 10._.2.0 (the second value will vary depending on the number of
students participating in the multi-user activity. Examples include: 10.1.2.0, 10.20.2.0, 10.30.2.0, 10.40.2.0,
10.50.2.0.) should be able to access Int. Web Serv with html traffic only.
6) All other external traffic to the Int Web Serv should be denied.
2) All traffic originating from the external network 10._.2.0 (the second value will vary depending on the number of
students participating in the multi-user activity. Examples include: 10.1.2.0, 10.10.2.0, 10.20.2.0, 10.30.2.0,
10.40.2.0, 10.50.2.0.) should be able to access Int. Web Serv with html traffic only.
3) All internal traffic originating from the 10._.2.0/24 network (second value based on internal network number)
should be able to access Int Web Serv with all services.
3) On the 10._.4.0/24 network, only host 10._.4.2 (second value based on internal network number) should be
able to access Int Web Serv with all services
4) All other internal hosts on the 10._.4.0 network should be able to access the Int Web Serv with html traffic only.
4) All other internal traffic should be denied access to Int Web Serv.
5) All other internal traffic destined for internal hosts (including ping, telnet) should be permitted.
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 26 of 32
CCNA Exploration
LAN Switching and Wireless
Router0:
hostname Router
!
!
!
!
!
ip ssh version 1
!
!
interface FastEthernet0/0
ip address 10.1.4.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0
ip address 10.1.5.2 255.255.255.0
ip access-group 101 in
!
interface Serial0/1
ip address 10.1.3.2 255.255.255.0
clock rate 56000
!
interface Serial0/2
no ip address
shutdown
!
interface Serial0/3
no ip address
shutdown
!
interface FastEthernet1/0
no ip address
duplex auto
speed auto
shutdown
!
interface FastEthernet1/1
no ip address
duplex auto
speed auto
shutdown
!
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 27 of 32
CCNA Exploration
LAN Switching and Wireless
Router#
Router1:
Current configuration : 1188 bytes
!
version 12.2
no service password-encryption
!
hostname Router
!
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
!
!
!
ip ssh version 1
!
!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
ip access-group 101 out
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.2.1 255.255.255.0
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 28 of 32
CCNA Exploration
LAN Switching and Wireless
duplex auto
speed auto
!
interface Serial0/0
ip address 10.1.3.1 255.255.255.0
!
interface Serial0/1
no ip address
shutdown
!
interface Serial0/2
no ip address
shutdown
!
interface Serial0/3
no ip address
shutdown
!
interface FastEthernet1/0
no ip address
duplex auto
speed auto
shutdown
!
interface FastEthernet1/1
no ip address
duplex auto
speed auto
shutdown
!
router eigrp 101
network 10.0.0.0
auto-summary
!
ip classless
!
!
access-list 101 permit ip host 10.100.1.1 any
access-list 101 permit tcp 10.10.2.0 0.0.0.255 host 10.1.1.2 eq www
access-list 101 permit tcp 10.20.2.0 0.0.0.255 host 10.1.1.2 eq www
! assuming that peer1 and peer2 users are also participating
access-list 101 permit ip 10.1.2.0 0.0.0.255 host 10.1.1.2
access-list 101 permit ip host 10.1.4.2 host 10.1.1.2
access-list 101 permit tcp 10.1.4.0 0.0.0.255 host 10.1.1.2 eq www
!
!
!
no cdp run
!
line con 0
line vty 0 4
login
!
!
end
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 29 of 32
CCNA Exploration
LAN Switching and Wireless
Addressing Table
Objectives
• Use various tools and show commands to troubleshoot connectivity issues.
Scenario
A network administrator recently implemented a frame relay connection from the New York office to the
offices in Paris and London. Users at the New York location are complaining that they are unable to
reach the web server www.exlond.com. Information located on both the Paris and London servers are
time sensitive. Determine the cause of the connectivity issue and fix the problem as quickly as possible.
Step 1: Verify connectivity to both the Paris and London web servers
a. On NY admin, use the web browser to attempt to access both www.exlond.com and www.exparis.com.
Observation: www.exparis.com connects, however when attempting to connect to www.exlond.com, the request
times out.
b. From the command prompt, ping the IP address of the exlond server (10.1.2.50)
Observation: By pinging the server by the IP address, this confirms whether the problem is with the DNS server
(name translation) or if connectivity is truely down. The ping fails, therefore, the problem is with the connection
between NY admin and the server. This could be a frame-relay connection issue or an OSPF issue.
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 30 of 32
CCNA Exploration
LAN Switching and Wireless
Step 2: Verify the frame relay and OSPF configurations and make any necessary configuration
changes.
a. On NY admin, use the terminal window to access Router1 via the console cable.
b. Use the show ip route command to view the routes that are available
Observation: OSPF has discovered a route to the 10.1.3.0 network, but not the 10.1.2.0 network.
c. Ping the inside interface on Router0 (192.168.0.1). Does the ping pass or fail?
d. Ping the outside interface on Router0 (10.1.2.1). Does the ping pass or fail?
Observation: The ping to 192.168.0.1 passes. This indicates that the frame-relay connection is operational.
However, the ping to 10.1.2.1 fails, indicating that routing is not operating as expected.
e. Use various tools and show commands to verify the OSPF configuration on Router1 and Router0 (this
requires telnetting to Router0). Make any necessary configuration changes.
NOTE: In Packet Tracer, OSPF convergence across a frame relay network may take up to a minute. After making
a configuration change, save the configuration and select the button "power cycle devices" to speed up
convergence times.
Reflection
1. Why would an administrator attempt to connect to both the www.exparis.com and www.exlond.com web
servers as a first step, even though www.exparis.com is not on the same network as www.exlond.com?
This confirms that the issue is only with the network connection that contains the exlond server and
narrows down where the administrator must troubleshoot.
2. List the steps that you took to solve the problem. Looking at them again, was there a more efficient way to
determine the problem? Answers vary
3. What is the purpose of the ip ospf network broadcast command? This command is used to define the
network type as broadcast. The network type is defined on nonbroadcast networks to avoid configuring
the neighbors explicitly
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 31 of 32
CCNA Exploration
LAN Switching and Wireless
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 32 of 32