Our contacts :- FB Fanpage : www.facebook.com/tawfikfans -FB profile www.facebook.com/ahmedtawfik1987 -YT channel www.youtube.com/@ahmedtawfik1 -whatsapp https://wa.me/201094246444 010-9-42-46-444 -سابقه اعمالنا https://bit.ly/3wOCBHy Guideline This is a lab item in which tasks will be performed on virtual devices 1-refer to the tasks tab to view the tasks for this lab item 2-refer to the topology tab to access the device console and perform the tasks 3-console success is available for all required devices by clicking the device icon or using the tab above the console window 4-all necessary pre-configuration have been applied 5-do not change the enable password or hostname for any device 6-save your configuration to NVRAM before moving to next tab 7-click next at the bottom of the screen to submit This lab and move to next question 8-when next is clicked the lab closes and cannot be reopened LAB#1 Tasks Physical connectivity is implemented between the two layer 2 switches and the network connectivity between them must be configured 1-configure an lacp etherchannel and number it as 44 Configure it between SW1 and SW2 using interfaces ethernet 0/0 and ethernet 0/1 on both sides The lacp mode must match on both ends 2-configure the etherchannel as trunk link 3-configure the trunk link with 802.1q tag 4-configure VLAN ” MONITORING” as untagged VLAN of the EtherChannel SW1 e0/0 e0/1 e0/0 e0/1 SW2 SW1(conf)#interface range e0/0 – 1 SW1(conf-if-range)#channel-group 44 mode active SW1(conf-if-range)#exit SW2(conf)#interface range e0/0 – 1 SW2(conf-if-range)#channel-group 44 mode active SW2(conf-if-range)#exit SW1(conf)#interface po 44 SW1(conf-if)#shutdown SW1(conf-if)#switchport trunk encapsulation dot1q SW1(conf-if)#switchport mode trunk SW2(conf)#interface po 44 SW2(conf-if)#shutdown SW2(conf-if)#switchport trunk encapsulation dot1q SW2(conf-if)#switchport mode trunk SW1(conf-if)#switchport trunk native vlan 746 SW1(conf-if)#no shutdown SW1(conf-if)#exit SW1(conf)#exit SW1#write SW2(conf-if)#switchport trunk native vlan 746 SW2(conf-if)#no shutdown SW2(conf-if)#exit SW2(conf)#exit SW2#write LAB#2 Tasks configure IPv4 and IPv6 connectivity between two routers for IPv4 use /28 network from 192.168.180.0/24 private range For IPv6 use the first /64 subnet from the 2001:0db8:acca::/48 subnet 1-using ethernet 0/1on routers R1and R2 configure the next usable /28from the 192.168.180.0/24 range The network 192.168.180.0/28 is un available 2-for the IPv4 /28 subnet router R1 must be configured with the first usable host address 3-for the IPv4 /28 subnet router R2 must be configured with the last usable host address 4-for the IPv6 /64 subnet configure the routers with the ip addressing provided from the topology 5-a ping must work between the routers on the IPv4 and IPv6 address range R2 R1 e0/1 192.168.180.x/28 2001:db8:acca::1/64 e0/1 192.168.180.x/28 2001:db8:acca::2/64 R1>en R1#configure t R1(config)#int e0/1 R1(config-if)#ip address 192.168.180.17 255.255.255.240 R1(config-if)#ipv6 enable R1(config-if)#ipv6 address 2001:db8:acca::1/64 R1(config-if)#no shutdown R1(config-if)#exit R1#write R2>en R2#configure t R2(config)#int e0/1 R2(config-if)#ip address 192.168.180.30 255.255.255.240 R2(config-if)#ipv6 enable R2(config-if)#ipv6 address 2001:db8:acca::2/64 R2(config-if)#no shutdown R2(config-if)#exit R2#write LAB#3 Tasks Ip connectivity and ospf are pre-configured on all devices where necessary , don’t make any changes to the ip addressing or ospf . The company policy uses connected interfaces and next hops when configuring static route except for load balancing or redundancy without floating static Connectivity must be established between subnet 172.20.20.128/25 on the internet and the lan at 192.168.0.0/24 Connected to SW1 1-configure reachability to the switch SW1 lan subnet in router R2 2-configure default reachability to the internet subnet in router R1 3-configure single static route on router R2 to reach the internet subnet consider both redundant links Between R1and R2 , default route is not allowed in R2 4-configure static route on R1 toward SW1 lan subnet where the primary link must be through e0/1 And the backup link must be through e0/2 using floating route use the minimum admin distance value when required Internet 172.20.20.128/25 .254 192.168.0.0/24 10.10.254.0/24 E0/1 E0/1 SW1 R3 E0/0 10.10.13.0/24 .3 .1 E0/0 Lo:0 10.10.1.1/32 R1 E0/0 .1 .129 E0/2 E0/1 .1 10.10.12.128/25 10.10.12.0/25 .130 E0/2 E0/1 .2 .2 E0/0 R2 10.10. 31.0/24 R1>en R1#configure terminal R1(conf)#ip route 0.0.0.0 0.0.0.0 e0/0 10.10.13.3 R1(conf)#ip route192 .168.0.0 255.255.255.0 e0/1 10.10.12.2 R1(conf)#ip route192 .168.0.0 255.255.255.0 e0/2 10.10.12.130 2 R1(conf)#exit R1#write R2>en R2#configure terminal R2(conf)#ip route 192.168.0.0 255.255.255.0 e0/0 10.10.31.1 R2(conf)#ip route 172.20.20.128 255.255.255.128 10.10.1.1 R2(conf)#exit R2#write LAB#4 Tasks Three switches must be configured for Layer 2 connectivity. The company requires only the designated VLANs to be configured on their respective switches and permitted a cross any links between switches for security purposes. Do not modify or delete VTP configurations The network needs two user-defined VLANs configured VLAN 110: MARKETING VLAN 210: FINANCE 1- Configure the VLANs on the designated switches and assign them as access ports to the interfaces connected to the PCs.2. 2-Configure the e0/2 interfaces on Sw1 and Sw2 as 802.1q trunks with only the required VLANs permitted 3-Configure the e0/3 interfaces on Sw2 and Sw3 as 802.1q trunks with only the required VLANs permitted. SW1 SW3 SW2 E0/2 E0/2 E0/3 E0/3 E0/1 E0/1 E0/0 PC 5 PC 3 PC 4 PC 6 VLAN 303 10.10.3.1 VLAN 202 10.10.2.1 VLAN 202 10.10.2.2 VLAN 303 10.10.3.2 E0/1 SW2>enable SW2#configure terminal SW2(conf)#vlan 202 SW2(conf-vlan)#name MARKETING SW2(conf-vlan )#vlan 303 SW2(conf-vlan)#name FINANCE SW3>enable SW3#configure terminal SW3(conf)#vlan 202 SW3(conf-vlan)#name MARKETING SW3(conf-vlan )#vlan 303 SW3(conf-vlan)#name FINANCE SW2(conf-vlan)#interface e0/2 SW2(conf-if)#switchport trunk encapsulation dot1q SW2(conf-if)#switchport mode trunk SW2(conf-if)#switchport trunk allowed vlan 303 SW2(conf-vlan)#interface e0/3 SW2(conf-if)#switchport trunk encapsulation dot1q SW2(conf-if)#switchport mode trunk SW2(conf-if)#switchport trunk allowed vlan 202 , 303 SW2(conf-vlan)#interface e0/3 SW2(conf-if)#switchport trunk encapsulation dot1q SW2(conf-if)#switchport mode trunk SW2(conf-if)#switchport trunk allowed vlan 202 , 303 SW2(conf-vlan)#interface e0/0 SW2(conf-if)#switchport mode access SW2(conf-if)#switchport access vlan 202 SW2(conf-vlan)#interface e0/1 SW2(conf-if)#switchport mode access SW2(conf-if)#switchport access vlan 202 SW2(conf-vlan)#interface e0/1 SW2(conf-if)#switchport mode access SW2(conf-if)#switchport access vlan 303 SW1>enable SW1#configure terminal SW1(conf)#vlan 202 SW1(conf-vlan)#name MARKETING SW1(conf-vlan )#vlan 303 SW1(conf-vlan)#name FINANCE SW1(conf-vlan)#interface e0/2 SW1(conf-if)#switchport trunk encapsulation dot1q SW1(conf-if)#switchport mode trunk SW1(conf-if)#switchport trunk allowed vlan 303 SW1(conf-vlan)#interface e0/1 SW1(conf-if)#switchport mode access SW1(conf-if)#switchport access vlan 303 SW1,SW2,SW3#write LAB#5 Tasks Connectivity between four routers has been established , ip connectivity must be configured in the order presented To complete the implementation , no dynamic routing protocol are included 1-configure static routing using host routes to establish connectivity from router R3 to router R1 loopback address Using the source ip of 209.165.200.230 2-configure an ipv4 default route on router R2 destined to router R4 3-configure an ipv6 default route on router R2 destined to router R4 Loopback 1 192.168.2.1 Loopback 1 192.168.1.1 209.165.200.224/30 R1 E0/0 .225 E0/0 .226 Loopback 1 192.168.3.1 209.165.200.228/30 R2 E0/1 .229 E0/2 .129 2001:db8:abcd::1 209.165.202.128/22 2001:db0:abcd::0/64 .130 2001:db8:abcd::2 E0/2 R4 E0/1 .230 R3 Task 1 R3(conf)#ip route 192.168.1.1 255.255.255.255 209.165.200.229 R2(conf)#ip route 192.168.1.1 255.255.255.255 209.165.200.225 R1(conf)#ip route 209.165.200.230 255.255.255.255 209.165.200.226 Task 2 R2(conf)#ip route 0.0.0.0 0.0.0.0 209.165.202.130 Task 3 R2(conf)#ipv6 route ::/0 2001:db8:abcd::2 R1,R2,R3#copy run start LAB#6 Tasks All physical cabling between the two switches is installed . Configure the network connectivity between the switches using the designated VLANs and interfaces . 1. Configure VLAN 12 named Compute and VLAN 34 named Telephony where required for each task . 2. Configure Ethernet 0/1 on SW2 to use the existing VLAN named Available. 3. Configure the connection between the switches using access ports . 4. Configure Ethernet 0/1 on SW1 using data and voice VLANs. 5. Configure Ethernet 0/1 on SW2 so that the Cisco Proprietary neighbor discovery protocol is turned off for the designated interface only. SW1 SW2 E0/0 VLAN 12 E0/0 E0/1 E0/1 VLAN 12 VLAN 34 VLAN avilable SW1> enable SW2> enable SW1 # config t SW2 # conf t SW1 (config) # vlan 12 SW2 (config) # vlan 12 SW1 (config-vlan) # name Compute SW2 (config-vlan) # name Compute SW1 (config-vlan) # vlan 34 SW2 (config-vlan) # vlan 34 SW1 (config-vlan) # name Telephone SW2 (config-vlan) # name Telephone SW1 (config-vlan) # int e0/0 SW2 (config-vlan) # int e0/0 SW1 ( config - if) # switchport mode access SW2 ( config - if) # switchport mode access SW1 ( config - if) # switchport access vlan 12 SW2 ( config - if) # switchport access vlan 12 SW1 ( config - if) # int e0/1 SW2 ( config - if) # int e0/1 SW1 ( config - if) # switchport mode access SW2 ( config - if) # switchport mode access SW1 ( config - if) # switchport access vlan 12 SW2 ( config - if) # switchport access vlan 99 SW1 ( config - if) # switchport voice vlan 34 SW2 ( config - if) # no cdp enable SW1 ( config - if) # end SW2 ( config - if) # end SW1 # wr SW2 # wr LAB#7 Tasks Connectivity between three routers has been established, and IP services must be configured in the order presented to complete the implementation . Tasks assigned include configuration of NAT, NTP, DHCP and SSH services. 1. All traffic send from R3 to the R1 Loopback address must be configured for NAT on R2. All source addresses must be translated from R3 to the IP address of Ethernet 0/0 on R2 , while using only a standard access list named NAT. To verify, a ping must be successful to the R1 Loopback address sourced from R3. Do not use NVI NAT configuration. 2-Configure R1 as an NTP server and R2 as a client , not as a peer , using the IP address of the R1 Ethernet 0/2 interface . Set the clock on the NTP server for midnight on January 1, 2019. 3-Configure R1 as a DHCP server for the network 10.1.3.0/24 in a pool named NETPOOL. Using a single command, exclude addresses 1 – 10 from the range . Interface Ethernet 0/2 on R3 must be issued the IP address of 10.1.3.11 via DHCP. 4-Configure SSH connectivity from R1 to R3 , while excluding access via other remote connection protocols. Access for user netadmin and password N3t4ccess must be set on router R3 using RSA and 1024 bits. Verify connectivity using an SSH session from router R1 using a destination address of 10.1.3.11. DO NOT modify console access or line numbers to accomplish this task Lo:1 192.168.2.1 Lo:1 192.168.1.1 10.1.2.2 E0/0 10.1.2.1 E0/0 R2 R1 E0/1 10.2.3.2 E0/2 10.1.3.1 10.1.3.11 E0/2 10.2.3.3 E0/1 R3 Lo:1 192.168.3.1 Task 1 R2(conf)#ip access-list standard NAT R2(conf-std-nacl)#permit 10.2.3.3 R2(conf-std-nacl)#permit 192.168.3.1 R2(conf-std-nacl)#permit 10.1.3.11 R2(conf-std-nacl)#exit R2(conf)#interface e0/1 R2(conf-if)#ip nat inside R2(conf-if)#exit R2(conf)#interface e0/0 R2(conf-if)#ip nat outside R2(conf-if)#exit R2(conf)#ip nat inside source list NAT interface e0/0 overload Verification R3#ping 192.68.1.1 Task 2 R1#clock set 00:00:00 1 jan 2019 R1#config terminal R1(conf)#ntp master 1 R1(conf)#interface e0/2 R1(conf-if)#ip address 10.1.3.1 255.255.255.0 R2#configure terminal R2(conf)#ntp server 10.1.3.1 Task 3 R1#config terminal R1(conf)#ip dhcp pool NETPOOL R1(dhcp-conf)#network 10.1.3.0 255.255.255.0 R1(dhcp-conf)#exit R1(conf)#ip dhcp excluded-address 10.1.3.1 10.1.3.10 R3#conf terminal R3(conf)#interface e0/2 R3(conf-if)#ip address dhcp Verification R3#show ip interface brief Task 4 R3#config terminal R3(conf)#line vty 0 4 R3(conf-line)#transport input ssh R3(conf-line)#login local R3(conf-line)#exit R3(conf)#username netadmin password N3t4ccess R3(conf)#crypto key generate rsa module 1024 Verification R3#ssh –l netadmin 10.1.3.11 R1,R2,R3#copy run start LAB#8 Tasks Ip connectivity between the three routers is configured. OSPF adjacencies must be established. 1. Configure R1 and R2 Router IDs using the interface IP addresses from the link that is shared between them . 2. Configure the R2 links with a max value facing R1 and R3.R2 must become the DR. R1 and R3 links facing R2 must remain with the default OSPF configuration for DR election . Verify the configuration after clearing the OSPF Process. 3-Using a host wildcard mask, configure all three routers to advertise their respective Loopback 1 networks. 4-Configure the link between R1 and R3 to disable their ability to add other OSPF routers. L1 192.168.1.1/24 Lo:0 10.10.1.1/32 E0/0 R1 10.10.12.0/24 E0/1 10.10.13.0/24 E0/0 E0/1 10.10.23.0/24 R2 E0/2 L1 192.168.2.2/24 Lo:0 10.10.2.2/32 E0/2 R3 L1 192.168.3.3/24 Lo:0 10.10.3.3/32 R1# config t R1(config)# interface e0/1 R1(config-if)# ip ospf network point-to-point R1(config-if)# exit R1(config)# router ospf 1 R1(config-router)# router-id 10.10.12.1 R1(config-router)# network 10.10.12.0 0.0.0.255 area 0 R1(config-router)# network 10.10.13.0 0.0.0.255 area 0 R1(config-router)# network 192.168.1.1 0.0.0.0 area 0 R1(config-router)# end R1# clear ip ospf process Yes R1# write R2(config)# interface e0/0 R2(config-if)# ip ospf priority 255 R2(config-if)# interface e0/2 R2(config-if)# ip ospf priority 255 R2(config-if)# exit R2(config)# router ospf 1 R2(config-router)# router-id 10.10.12.2 R2(config-router)# network 10.10.12.0 0.0.0.255 area 0 R2(config-router)# network 10.10.23.0 0.0.0.255 area 0 R2(config-router)# network 192.168.2.2 0.0.0.0 area 0 R2(config-router)# end R2# clear ip ospf process Yes R3# config t R3(config)# interface e0/1 R3(config-if)# ip ospf network point-to-point R3(config-if)# exit R3(config)# router ospf 1 R3(config-router)# network 10.10.13.0 0.0.0.255 area 0 R3(config-router)# network 10.10.23.0 0.0.0.255 area 0 R3(config-router)# network 192.168.3.3 0.0.0.0 area 0 R3(config-router)# end R3# clear ip ospf process yes R3# write LAB#9 Tasks IP connectivity between the three routers is established. IP services must be configured in the order presented to complete the implementation. 1. Configure dynamic one – to – one address mapping on R2 using a standard list named XLATE , which allows all traffic to translate the source address of R3 to a pool named test pool using the 10.10.10.0/24 network for traffic sent from R3 to R1 . Avoid using an NVI configuration. Verify reachability by sending a ping to 192.168.100.1 from R3. 2- Configure R3 to dynamically receive an Ip address on Ethernet 0/2 from the DHCP server. 3-Configure R1 as an NTP server and R2 as a client , not as a peer , using the IP address 10.1.2.1 . 4-Configure SSH access from R1 to R3 , while excluding access via other remote connection protocols using the user root and password s3cret on router R3 using RSA . Verify connectivity from router R1 to R3 using a destination address assigned to interface E0/2 on R3 . Lo:1 192.168.200.1 Lo:1 192.168.100.1 10.1.2.1 E0/0 R1 10.1.2.2 E0/0 R2 E0/1 10.2.3.2 E0/2 10.1.3.1 10.1.3.11 E0/2 10.2.3.3 E0/1 R3 Lo:1 192.168.3.1 R1>en R2# config t R1# config t R2(config)# ntp server 10.1.2.1 R1(config)# ntp master 1 R2(config)# ip access-list standard XLATE R1(config)# ntp source e0/0 R2(config-std-nacl)# permit 10.2.3.0 0.0.0.255 R1(config)# end R2(config-std-nacl)# permit 192.168.3.1 0.0.0.0 R1# wr R2(config-std-nacl)# exit R2(config)# ip nat pool test_pool 10.10.10.1 10.10.10.254 netmask 255.255.255.0 R2(config)# ip nat inside source list XLATE pool test_pool R2(config)# int e0/0 R2(config-if)# ip nat outside R2(config-if)# int e0/1 R2(config-if)# ip nat inside R2(config-if)# end R2# wr R3>en R3# config t R3(config)# interface e0/2 R3(config-if)# ip address dhcp R3(config-if)# exit R3(config)# username root password s3cret R3(config)# crypto key generate rsa modulus 1024 R3(config)# line vty 0 4 R3 (config-line)# login local R3(config-line)# transport input ssh R3(config-line)# end R3# wr Verification R1#ssh –l root 10.1.3.11 LAB#10 Tasks Refer to the topology . All physical cabling is in place . Configure local users accounts , modify the Named ACL ( NACL) , and configure DHCP Snooping . The current contents of the NACL must remain intact. Task 1 Configure a local account on GW1 with telnet access only on virtual ports 0-4 . Use the following information . 1. 2. 3. 4. Username: wheel Password: lock3path Algorithm type : Scrypt Privilege level : Exec mode Task 2 Configure and apply a NACL on GW1 to control netwok traffic from VLAN 10 1. Name : CORP_ ACL 2. Allow BOOTP and HTTPS 3. Restrict all other traffic and log the ingress interface , source mac address , the packet’s source and destination IP addresses , and ports. Task 3 Configure SW1: 1. 2. 3. 4. Enable DHCP Snooping for VLAN 10 Disable DHCP Option-82 data insertion Enable DHCP Snooping MAC address verification Enable trusted interfaces DHCP VLAN 10 server Internet 209.165.201.0/30 E0/2 GW1 E0/0 HOST C E1/0 E0/3 E0/0 E0/2 VLAN 10 E0/0 HOST D VLAN 20 E0/2 VLAN 20 SW3 HOST B E0/2 E0/0 E0/1 HOST A E0/1 SW1 SW2 GW1 GW1> enable GW1 # config t GW1 ( config) # username wheel privilege 15 algorithm- type scrypt secret lock3path GW1 ( config) # lin vty 0 4 GW1 ( config - line) # login local GW1 ( config - line) # transport input telnet GW1 ( config - line) # exit GW1 ( config ) # ip access – list extended CORP_ACL GW1 ( config – ext-nacl) # permit udp 10.10.0.0 0.0.0.255 any eq bootp GW1 ( config – ext-nacl) # permit tcp 10.10.0.0 0.0.0.255 any eq 443 GW1 ( config – ext-nacl) # deny ip any any GW1 ( config – ext-nacl) # int e0/0 GW1 ( config – if) # ip access-group CORP_ACL in GW1 ( config – if ) # end GW1# wr SW1 SW1 >en Sw1# config t SW1 (confg)# ip dhcp snooping SW1 (config )# ip dhcp snooping vlan 10 SW1 (config )# no ip dhcp snooping information option SW1 (config )# ip dhcp snooping verify mac – address SW1 ( config-if ) # int range e0/1-2 SW1 ( config-if - range) # ip dhcp snooping trust SW1 ( config-if - range) # end SW1 # wr LAB#11 Tasks VLANS 35 and 45 have been configured in all three switches . All Physical connectivity has been installed and verified . All inter– switch links must be operational . 1. Configure SW-1 and SW-2 switch ports e0/0 and e0/1 for 802.1q trunking allowing all VLANS. 2. Configure the inter-switch links on SW-1 e02 , SW-2 e0/2 , and SW-3 e0/0 and e0/1 to use native NLAN 35. Configure SW-1 and SW-2 switch ports e0/0 and e0/1 for link aggregaton . SW-1 should immediately negotiate LACP and SW-2 must only respond to LACP requests Po12 SW1 SW2 E0/0 E0/0 E0/1 E0/1 E0/2 E0/2 E0/0 E0/1 SW3 SW1 SW1> en SW1 # config t SW1 ( config )# int range e0/0-2 SW1( config – if –range )#switchport trunk encapsulation dot1q SW1( config – if –range )# switchport mode trunk SW1( config – if –range )# int range e0/0-1 SW1( config – if –range )# channel-group 12 mode active SW1( config – if –range )# int e0/2 SW1 ( config-if) # switchport trunk native vlan 35 SW1 (config –if )# end SW1# wr SW2 SW3 SW2> en SW1> en SW2 # config t SW1 # config t SW2 ( config )# int range e0/0-2 SW1 ( config )# int range e0/0-1 SW2( config – if –range )#switchport trunk encapsulation dot1q SW1( config – if –range )#switchport trunk encapsulation dot1q SW2( config – if –range )# switchport mode trunk SW1( config – if –range )# switchport mode trunk SW2( config – if –range )# int range e0/0-1 SW1 ( config-if) # switchport trunk native vlan 35 SW2( config – if –range )# channel-group 12 mode passive SW1 (config –if -range)# end SW2( config – if –range )# int e0/2 SW1# wr SW2 ( config-if) # switchport trunk native vlan 35 SW2 (config –if )# end SW2# wr LAB#12 Tasks Refer to the topology . All physical cabling is in place . Configure local users accounts , modify the Named ACL ( NACL) , and security. Task1 Configure a local account on SW101 with telnet access only on virtual ports 0-4 . Use the following information . 1. Username: support 2. Password: max2learn 3. Privilege level : Exec mode Task 2 Configure and apply a single NACL on SW101 using the following : 1. 2. 3. 4. 5. Name : ENT _ACL Restrict only PC2 on VLAN 200 from pinging PC1 Allow only PC2 on VLAN 200 to telnet to SW 101 Prevent all other devices from telnetting from VLAN 200 Allow all other network traffic from VLAN 200 Task 3 Configure security on interface Ethernet 0/0 of SW 102 1. Set the maximum number of secure MAC addresses to four 2. Drop Packets with unknown source addresses until the number of secure MAC addresses 3. drops below the configured maximum value .No notification action is required . Allow Secure MAC addresses to be learned dynamically Internet E0/1 209.165.201.0/30 R1 192.168.3.0/30 VLAN 100 E0/0 E0/1 E0/2 E0/0 E0/1 VLAN 200 E0/0 SW102 SW101 PC1 192.168.100.10 PC2 192.168.200.10 SW101> en SW101# config t SW101(config)# username support privilege 15 password max2learn SW101(config)#line vty 0 4 SW101 (config-line)#login local SW101(config-line )# transport input telnet SW101(config-line)#exit SW101(config)# ip access –list extended ENT_ACL SW101(config-ext-nacl)#deny icmp host 192.168.200.10 host 192.168.100.10 SW101(config-ext-nacl)#permit tcp host 192.168.200.10 host 192.168.200.1 eq telnet SW101 (config-ext-nacl)# deny tcp 192.168.200.0 0.0.0.255 any eq telnet SW101 (config-ext-nacl)# permit ip any any SW101 (config-ext-nacl)# exit SW101 (config)# int vlan 200 SW101 (config-if)# ip access – group ENT_ACL in f SW101 (config-if)# end SW101 # wr SW102 >en SW102 # config SW102 (config)#int e0/0 SW102 (config-if )# switchport port-security SW102 (config-if )# switchport port-security maximum 4 SW102 (config-if )# switchport port-security violation protect SW102 (config-if )# switchport port-security mac-address sticky SW102 (config-if )# end SW102# wr LAB#13 Tasks R1 and R2 are pre-configured with all necessary commands. All physical cabling is in place and verified . Connectivity for PC1 and PC2 must be established to the switches , each port must only allow one VLAN and be operational. 1. 2. 3. 4. 5. Configure SW-1 with VLAN 15 and label it exactly as OPS Configure SW-2 with VLAN 66 and label it exactly as ENGINEERING Configure the switch port connecting to PC1 Configure the switch port connecting to PC2 Configure the E0/2 connections on SW-1 and SW-2 for neighbor discovery using the vendor- neutral standard protocol and ensure that e0/0 on both switches uses the Cisco proprietary protocol. R1 R2 E0/0 E0/0 E0/2 E0/2 E0/0 E0/0 SW2 SW1 E0/1 PC1 VLAN 15 172.16.15.10 E0/1 PC2 VLAN 66 192.168.66.50 DEVICE VLAN IP ADDRESS R1 15 172.16.15.1 R2 66 192.168.66.1 SW-1> en SW-2> en SW-1 # config t SW-2 # config t SW-1 (config) # lldp run SW-2 (config) # lldp run SW-1 (config) # vlan 15 SW-2 (config) # vlan 66 SW-1 (config – vlan ) # name OPS SW-2 (config – vlan ) # name ENGINEERING SW-1 (config-vlan ) # int e0/1 SW-2 (config-vlan ) # int e0/1 SW-1 (config-if) # switchport mode access SW-2 (config-if) # switchport mode access SW-1 (config) # switchport access vlan 15 SW-2 (config) # switchport access vlan 66 SW-1 (config) # int e0/2 SW-2 (config) # int e0/2 SW-1(config - if) # no cdp enable SW-2(config - if) # no cdp enable SW-1 (config - if) # lldp transmit SW-2 (config - if) # lldp transmit SW-1 (config - if) #lldp receive SW-2 (config - if) #lldp receive SW-1 (config - if) # int e0/0 SW-2 (config - if) # int e0/0 SW-1 (config - if) # switchport trunk encapsulation isl SW-2 (config - if) # switchport trunk encapsulation isl SW-2 (config - if) # switchport mode trunk SW-1 (config - if) # switchport mode trunk SW-1 (config - if) # end SW-2 (config - if) # end SW1# wr SW2# wr LAB#14 Tasks Refer to the topology .All physical cabling is in place. Routers R3 and R4 are fully configured and inaccessible. Configure static routes for various connectivity to the ISP and the LAN, which resides on R4. 1. 2. 3. 4. Configure a default route on R2 to the ISP Configure a default route on R1 to the ISP Configure R2 with a route to the Server at 10.0.41.10 Configure R1 with a route to the LAN that prefers R3 as the primary path to the LAN ISP 209.165.200.224/27 E0/0 10.0.12.0/30 E0/2 E0/0 R1 E0/1 R2 E0/1 10.0.24.0/29 10.0.13.0/27 E0/0 E0/0 R3 E0/1 10.0.34.0/28 E0/1 DEVICE INTERFACE IP ADDRESS R2 E0/2 209.165.200.226 ISP E0/0 209.165.200.225 SERVER E0/0 10.0.41.10 R4 10.0.41.0/24 SERVER R1>en R1#config t R1(config )# ip route 0.0.0.0 0.0.0.0 209.165.200.225 R1(config )# ip route 10.0.41.0 255.255.255.0 e0/1 R1(config)#end R1# wr R2>en R2#config t R2(config )# ip route 0.0.0.0 0.0.0.0 209.165.200.225 R2(config )# ip route 10.0.41.10 255.255.255.255 e0/1 R2(config)#end R2# wr LAB#15 Tasks R1 has been pre-configured with all the necessary commands .All physical cabling is in place and verified. Connectivity for PC1 and PC2 must be established to the switches , and each port must only allow one VLAN. 1. 2. 3. 4. 5. Configure SW-1 with VLAN 35 and label it exactly as SALES Configure SW-2 with VLAN 39 and label it exactly as MARKETING Configure the switch port connecting to PC1. Configure the switch port connecting to PC2. Configure SW-1 and SW-2 for universal neighbor discovery using the industry standard protocol and disable it on the interface connecting to PC1. E0/0 R1 E0/1 VLAN IP ADDRESS E0/0.35 35 10.35.1.1 E0/0.39 39 10.39.1.1 E0/0 E0/0 E0/1 SW1 INTERFACE E0/2 E0/1 SW2 E0/2 PC2 PC1 VLAN:35 10.35.1.99 VLAN:39 10.39.1.99 SW-1 > en SW-2 > en SW-1 # config t SW-2 # config t SW-1 (config )# no cdp run SW-2 (config )# no cdp run SW-1 (config )# lldp run SW-2 (config )# lldp run SW-1 (config )# vlan 35 SW-2 (config )# vlan 39 SW-1 (config-vlan )# name SALES SW-2 (config-vlan )# name MARKETING SW-1 (config-vlan )# int e0/2 SW-2 (config-vlan )# int e0/2 SW-1 (config-if )# switchport mode access SW-2 (config-if )# switchport mode access SW-1 (config-if )# switchport access vlan 35 SW-2 (config-if) # switchport access vlan 39 SW-1 (config-if )# no lldp transmit SW-2 (config-if )# end SW-1 (config-if )# no lldp receive SW-2 # wr SW-1 (config-if )# end SW-1 # wr
0
advertisement
Download
advertisement
Add this document to collection(s)
You can add this document to your study collection(s)
Sign in Available only to authorized usersAdd this document to saved
You can add this document to your saved list
Sign in Available only to authorized users