Beruflich Dokumente
Kultur Dokumente
Grading The exam is divided into two parts. If the exam is conducted in two separate sessions, hand out Part 1 on planning and let the students complete it. Then have them turn in Part 1 so that you can grade it before the second session. Return Part 1 to the students at the start of the second session, which is a hands-on session. If there are problems with the planning in Part 1, the student will know of them before starting on Part 2. If both parts of the exam are done in one session, you should still grade Part 1 before the students start on Part 2. Students must complete Part 1 before starting Part 2. Suggested point totals are listed for the main fill-in-the-blank questions. They currently total 100 points, but can be adjusted or changed as desired. Divide the correct points by the possible points for an overall percentage grade. Exam Time The time allowed to complete Part 1 is 50 minutes. Part 2 takes longer than 50 minutes.
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 41
At the instructors discretion, the amount of time allowed may be adjusted. Part 2 of the exam can be split into two parts to accommodate class schedules. Part 3 begins with Task 8: Configure ACL Security on HQ and R2. To save time and avoid splitting Part 2, have the equipment set up and cabled for the students prior to starting device configuration.
Exam Overview
This skills-based assessment is the final practical exam for the course CCNA Discovery Introducing Routing and Switching in the Enterprise. The exam is divided into two parts, and Part 1 must be completed before Part 2. In Part 1, you develop an IP subnet scheme and document the device interfaces. In Part 2, you cable the network and configure customer routers and switches using Cisco IOS CLI commands. The remote office router routes between the local network and the headquarters router. The headquarters router is configured to provide access to the ISP router. The OSPF routing protocol is used between the remote office and headquarters router. Static routing is used between the headquarters router and the ISP. The instructor will preconfigure the ISP router and erase the startup configuration in the headquarters router and the remote office router prior to starting the exam. When you have completed Part 1, give it to the instructor to check before starting on Part 2. You have 50 minutes to complete Part 1. The instructor will inform you of how Part 2 will be conducted and the time allotted, Instructor Note: For this exam, the ISP router is set up to connect to two sets of student equipment. By adding the second ISP router as shown in the diagram, two additional students can be tested simultaneously using a single Discovery Server. If needed, you can add more ISP routers. Two students can be tested for each ISP router added. See the instructor lab setup diagram and ISP router running-config at the end of this document.
Objectives
Part 1 Create an IP addressing plan and document the network device interfaces. Part 2 Connect and configure the network equipment and verify network connectivity.
Required Equipment
The following equipment is required for each student: ISP router with two serial and two Fast Ethernet interfaces (preconfigured by the instructor) One computer to act as the Discovery Server (using the Discovery Server Live CD). Optionally, the ISP router can be configured with a loopback address. If the loopback address is used, it restricts the protocols that can be filtered using an ACL. One switch or crossover cable to connect the Discovery Server to the ISP router One 1841 HQ router (or other router with two serial interfaces) One 1841 R2 router (or other router with one serial interface and one Fast Ethernet interface) Two Ethernet 2960 switches Two Windows XP-based PCs Cat 5 and serial cabling, as necessary
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 41
VLSM Subnet Requirements [7 points, one for each VLSM block size]
Network Area AnyCompanyX block size to subdivide HQ local network R2 local network / VLANs VLAN 1 (Default/Mgmt-IP) VLAN 11 (Dept 1) VLAN 12 (Dept 2) R2 to HQ WAN link Total users and total block sizes Number of Users / IPs N/A 23 5 45 97 2 172 VLSM Block Size / Number of IPs (Powers of 2) 256 (8 bits) 32 8 64 128 4 236
b. To optimally allocate addresses from the /24 address assigned, sort the block sizes from largest to smallest. Use the table below to order the network areas by the VLSM block size. List the blocks starting with the largest to the smallest. [3 points for the correct order]
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 41
Network Area / VLAN R2 VLAN 12 (Dept 2) R2 VLAN 11 (Dept 1) HQ Local network R2 VLAN 1 (Default/Mgmt-IP) R2 HQ Wan link
Step 3: Allocate blocks of addresses to each area of the network. [15 points, one for each address/prefix, usable range, and subnet mask]
a. Determine which blocks of the CIDR address to assign to each area of the network or VLAN. You may use the CIDR / VLSM subnet chart (Appendix A) to enter the subnet information for each CIDR block. b. Fill in the following table based on the subnet information in the VLSM Subnet Requirements tables above. Instructor note: Answers may vary depending on the VLSM addressing used. The following sample answers in Steps 3, 4, and 5 are for AnyCompany1.
Network Area / VLAN R2 VLAN 12 (Dept 2) R2 VLAN 11 (Dept 1) HQ Local network (simulated with Lo0) R2 VLAN 1 (Default/Mgmt) R2 HQ Wan link Unused IP addresses c.
Subnet Address and Prefix 192.168.1.0 /25 192.168.1.128 /26 192.168.1.192 /27 192.168.1.224/29 192.168.1.232/30
Useable Address Range 192.168.1.1 192.168.1.126 192.168.1.129 192.168.1.190 192.168.1.193 192.168.1.222 192.168.1.225 192.168.1.230 192.168.1.233 192.168.1.234
Have the instructor verify that your addressing scheme is accurate and assigns address space efficiently. You should not have any overlapping subnets and should have unused contiguous blocks of addresses that can be used for future growth.
Step 4: Select IP addresses for use when configuring devices. [22 points, one for IP each address and subnet mask]
Select addresses from the block assigned to an area of the network, and fill in the VLSM block size, IP address and subnet mask for each device/interface in the topology. Include the /# bits mask with the IP address These IP addresses are used in Part 2 when you configure the network equipment. Note: When you are finished with this step, check with the instructor before proceeding.
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 41
Device
HQ-X
Interface
Serial 0/0/0 Serial 0/0/1 (Use the next address compatible with the ISP serial interface address of AnyCompanyX) Loopback0
IP Address
192.168.1.234/30 209.165.201.2/30 (AnyCompany1) 209.165.201.6/30 (AnyCompany2) 192.168.1.193/27 192.168.1.233/30 None 192.168.1.225/29 192.168.1.129/26 192.168.1.1/25 209.165.201.1/30 (AnyCompany1) 209.165.201.5/30 (AnyCompany2) 172.17.0.1
Subnet Mask
255.255.255.252 255.255.255.252
R2
Serial 0/0/0 Fast Ethernet 0/0 Subint Fa0/0.1 Subint Fa0/0.11 Subint Fa0/0.12
ISP ISP
Serial 0/0/0 (pre-configured) Serial 0/0/1 (pre-configured) Fa0/0 (pre-configured default gateway for Discovery Server. Optional if ISP loopback is used.)
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 41
Step 6: Check your work with the instructor before going on to Part 2.
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 41
Note: This is a sample diagram for the instructor version only. IP addresses may vary based on the VLSM addressing scheme used. If the student desires, interfaces on switch ports may be shown, but are not part of the logical diagram because they do not have IP addresses assigned.
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 41
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 41
Step 5: Configure a default route to the ISP on HQ and propagate this route to R2 using OSPF.
HQ-1(config)#ip route 0.0.0.0 0.0.0.0 s0/0/1 HQ-1(config)#router ospf 1 HQ-1(config-router)#default-information originate
R2(config-subif)#interface fa0/0.12 R2(config-subif)#encapsulation dot1Q 12 R2(config-subif)#ip address 192.168.1.1 255.255.255.128 R2(config-subif)#interface s0/0/0 R2(config-if)#ip address 192.168.1.233 255.255.255.252 R2(config-if)#no shutdown
S1(config)#vlan 11 S1(config-vlan)#name Dept1 S1(config-vlan)#vlan 12 S1(config-vlan)#name Dept2 S1(config-vlan)#exit S1(config-if-range)#interface range fa0/3-11 S1(config-if-range)#switchport mode access S1(config-if-range)#switchport access vlan 11 S1(config-if-range)#interface range fa0/12-24 S1(config-if-range)#switchport mode access S1(config-if-range)#switchport access vlan 12 S1(config-if-range)#exit
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 10 of 41
Step 5: Configure switch port Fa0/2 as an 802.1Q trunk to carry VLAN information.
S2(config)#interface fa0/1 S2(config-if)#switchport mode trunk S2(config-if)#interface fa0/2 S2(config-if)#switchport mode trunk
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 12 of 41
Task 7: Verify Device Configurations and Basic Connectivity [33 points, one for each item verified with command output and checked by instructor]
Before configuring ACLs in the next task, verify the items listed in the table and indicate which command you used. Include the IP address to be pinged when verifying connectivity. Have the instructor check off each item when verified. Instructor note: Other commands than the ones listed may be used if they verify the same information. See the end of the lab for the show-run output and sample output for other commands on HQ, R2, S1, and S2.
Command Used
show running-config show ip route show running-config show show show show running-config ip route vlans vlans
Check
show running-config show vlan brief show vlan brief show interfaces trunk show spanning-tree show vtp status show running-config, show port-security show running-config show vlan brief show vlan brief show interfaces trunk show vtp status show running-config, show port-security
S2 basic config (host, pass, IPs) S2 VLANs S2 ports in correct VLANs S2 802.1Q trunk ports S2 is VTP client S2 port security
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Command Used
telnet IP address show ip nat translations
Check
Step 1: Create and apply an numbered extended ACL on R2. [6 points, one for each instructor check]
The ACL must allow web requests and pings to leave the R2 network if they originated from any location within the R2 AnyCompanyX network. Telnet traffic is permitted if it originates in VLAN 11, and FTP traffic (FTP control and FTP data) is permitted if it originates in VLAN 12. All other traffic is denied. a. Add an explicit deny statement to the end of the ACL so that statistics can be collected on the number of packets denied. Apply the ACL to the appropriate R2 interface. Include remarks in your ACL to document what it is doing. Have the instructor verify the ACL statements and placement. __________ Instructor check. Example ACL: R2(config)#access-list R2(config)#access-list R2(config)#access-list R2(config)#access-list R2(config)#access-list R2(config)#access-list R2(config)#access-list R2(config)#access-list data R2(config)#access-list R2(config)#access-list 101 101 101 101 101 101 101 101 remark permit remark permit remark permit remark permit allow web access for R2 internal network tcp 192.168.1.0 0.0.0.255 any eq www allow pings for R2 internal network icmp 192.168.1.0 0.0.0.255 any allow telnet for VLAN 11 tcp 192.168.1.128 0.0.0.63 any eq telnet allow FTP for VLAN 12 tcp 192.168.1.0 0.0.0.127 any eq ftp-
101 permit tcp 192.168.1.0 0.0.0.127 any eq ftp 101 deny ip any any
R2(config)#interface Serial0/0/0 R2(config)#ip access-group 101 out b. Test the ACL by pinging from H1 and H2 to the ISP loopback address or the IP address of the Discovery Server. Have the instructor verify. _______ Instructor check. Pings should be successful. c. Using a browser from H1 and H2, enter the ISP router Loopback0 address or the IP address of the Discovery Server. Have the instructor verify. _________ Instructor check. Should be able to get to the login screen of the router HTTP/SDM interface or the default web page on the Discovery Server.
d. Telnet from host H2 in VLAN 12 to the HQ router using its S0/0/0 IP address. You should not be able to telnet from a host in VLAN 12. Have the instructor verify. _______ Instructor check. The R2 ACL blocks telnet from VLAN 12 hosts. Telnet from host H1 in VLAN 11 to the HQ router using its S0/0/0 IP address. You should be able to telnet from any host in VLAN 11. Have the instructor verify. _______ Instructor check. The R2 ACL permits telnet from VLAN 11 hosts. e. Use the show access-lists command to verify that the ACL is working. You should see counts on several ACL statements. Have the instructor verify. _______ Instructor check.
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 14 of 41
R2#show access-lists Extended IP access list 101 10 permit tcp 192.168.1.0 0.0.0.255 any eq www (10 matches) 20 permit icmp 192.168.1.0 0.0.0.255 any (4 matches) 30 permit tcp 192.168.1.128 0.0.0.63 any eq telnet (6 matches) 40 permit tcp 192.168.1.0 0.0.0.127 any eq ftp-data 50 permit tcp 192.168.1.0 0.0.0.127 any eq ftp 60 deny ip any any (6 matches)
Step 2: Create and apply a standard ACL to control vty access to the HQ router. [4 points, one for each instructor check]
The ACL should deny vty access for all hosts from any network or interface to the HQ router, except for host H1 on VLAN 11. a. Add an explicit deny statement to the end of the ACL so that statistics can be collected on the number of packets denied. Apply the ACL to vty lines 0 through 4 on the HQ router. Have the instructor verify the ACL statements and placement. __________ Instructor check. HQ-1(config)#access-list 2 permit host 192.168.1.130 HQ-1(config)#access-list 2 deny any HQ-1(config)#line vty 0 4 HQ-1(config-line)#access-class 2 in b. Telnet from host H1 in VLAN 11 to the HQ router using its S0/0/0 IP address. Have the instructor verify. _______ Instructor check. The HQ vty ACL permits telnet from host H1. c. Change the IP address of H1 to another address that is on VLAN 11, and telnet again from host H1 in VLAN 11 to the HQ router using its S0/0/0 IP address. Have the instructor verify. _______ Instructor check. The HQ vty ACL denies telnet from any host IP address other than the original one for H1.
Use the show access-lists command to verify that the ACL is working. You should see counts on several ACL statements. Have the instructor verify. _______ Instructor check. HQ-1#sh access-lists Standard IP access list 1 10 permit 192.168.1.0, wildcard bits 0.0.0.255 (20 matches) Standard IP access list 2 10 permit 192.168.1.130 (2 matches) 20 deny any (6 matches)
Step 3: On R2 and HQ, save the router running configuration to NVRAM. Step 4: Save the running configurations for each networking device to a file. [5 points]
Save the output from HQ-X, R2, S1, and S2 to a single text file on your desktop and name it XXX-D3-SBAConfigs.txt (where XXX are your initials). Show it to the instructor. _________ Instructor check.
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 15 of 41
Appendix A
Instructor note: For student version of lab, remove the values and colors from the body of the chart. Leave the headings in bold for the first 3 rows and the words Subnet # (octets 3&4) in row 5, column 1. Remove the Possible Solution at the end of this spreadsheet.
1.0
1.0
1.0
1.0
1.0
1.0
1.0 1.4
1.8
1.8 1.12
1.16
1.16
1.16 1.20
1.24
1.24 1.28
1.32
1.32
1.32
1.32 1.36
1.40
1.40 1.44
1.48
1.48
1.48 1.52
1.56
1.56 1.60
1.64
1.64
1.64
1.64
1.64 1.68
1.72
1.72 1.76
1.8
1.80
1.80 1.84
1.88
1.88 1.92
1.96
1.96
1.96 . 1.104
1.112
1.112
1.112 1.116
1.120
1.120 1.124
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 16 of 41
1.128
1.128
1.128
1.128
1.128
1.128 1.132
1.136
1.136 1.140
1.144
1.144
1.144 1.148
1.152
1.152 1.156
1.160
1.160
1.160
1.160 1.164
1.168
1.168 1.172
1.176
1.176
1.176 1.180
1.184
1.184 1.188
1.192
1.192
1.192
1.192
1.192 1.196
1.200
1.200 1.204
1.208
1.208 1.212
1.216
1.216 1.220
1.224
1.224
1.224
1.224 1.228
1.232
1.232 1.236
1.240
1.240
1.240 1.244
1.248
1.248 1.252
Possible Solution Color code Area / VLAN R2 VLAN 12 R2 VLAN 11 HQ Network R2 VLAN 1 R2/HQ WAN link Unused addresses Total Block size 128 64 32 8 4 20 256 Subnet / Prefix 192.168.1.0/25 192.168.1.128/26 192.168.1.192/27 192.168.1.224/27 192.168.1.232/27
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 17 of 41
Appendix B
HQ-1 Router Config (1841 Cisco IOS 12.4) Plus sample command outputs
Instructor note: Config items to be tested are highlighted in green HQ-1#show running-config Building configuration...
Current configuration : 1650 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname HQ-1 ! enable secret 5 $1$k611$ET5OUWkjhCLvgkWJg36yQ0 enable password cisco ! no ip domain lookup ! username ISP-A password 0 cisco ! interface Loopback0 ip address 192.168.1.193 255.255.255.224 ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto !
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 18 of 41
interface Serial0/0/0 ip address 192.168.1.234 255.255.255.252 ip nat inside clock rate 64000 ! interface Serial0/0/1 ip address 209.165.201.2 255.255.255.252 ip nat outside encapsulation ppp ppp authentication chap ! interface Vlan1 no ip address ! router ospf 1 log-adjacency-changes network 192.168.1.192 0.0.0.31 area 0 network 192.168.1.232 0.0.0.3 area 0 network 209.165.201.0 0.0.0.3 area 0 default-information originate ! ip route 0.0.0.0 0.0.0.0 Serial0/0/1 ! ! ip http server no ip http secure-server ip nat inside source list 1 interface Serial0/0/1 overload ! access-list 1 permit 192.168.1.0 0.0.0.255 access-list 2 permit 192.168.1.130 access-list 2 deny ! banner motd ^CUnauthorized use prohibited^C ! line con 0 password cisco login line aux 0 any
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 19 of 41
HQ-1#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route
209.165.201.0/24 is variably subnetted, 2 subnets, 2 masks C C 209.165.201.1/32 is directly connected, Serial0/0/1 209.165.201.0/30 is directly connected, Serial0/0/1 192.168.1.0/24 is variably subnetted, 5 subnets, 5 masks O C O O O S* HQ-1# 192.168.1.0/25 [110/65] via 192.168.1.233, 00:57:54, Serial0/0/0 192.168.1.232/30 is directly connected, Serial0/0/0 192.168.1.224/29 [110/65] via 192.168.1.233, 00:57:54, Serial0/0/0 192.168.1.224/29 [110/65] via 192.168.1.233, 00:57:54, Serial0/0/0 192.168.1.128/26 [110/65] via 192.168.1.233, 00:57:54, Serial0/0/0 0.0.0.0/0 is directly connected, Serial0/0/1
HQ-1#show ip nat translations Pro Inside global Inside local Outside local 172.17.1.1:512 172.17.1.1:80 Outside global 172.17.1.1:512 172.17.1.1:80 172.17.1.1:23
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 20 of 41
R2 Router Config (1841 Cisco IOS 12.4) Plus sample command outputs
R2#show running-config Building configuration...
Current configuration : 2062 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 ! enable secret 5 $1$wQ9o$JKvDTtgVJY9qSV1KB6mZ7/ enable password cisco ! no ip domain lookup ! interface FastEthernet0/0 no ip address duplex auto speed auto ! interface FastEthernet0/0.1 encapsulation dot1Q 1 native ip address 192.168.1.225 255.255.255.248 ! interface FastEthernet0/0.11 encapsulation dot1Q 11 ip address 192.168.1.129 255.255.255.192 ! interface FastEthernet0/0.12 encapsulation dot1Q 12 ip address 192.168.1.1 255.255.255.128 ! interface FastEthernet0/1 no ip address
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 21 of 41
shutdown duplex auto speed auto ! interface Serial0/0/0 ip address 192.168.1.233 255.255.255.252 ip access-group 101 out no fair-queue ! interface Serial0/0/1 no ip address shutdown ! interface Vlan1 no ip address ! router ospf 1 log-adjacency-changes network 192.168.1.0 0.0.0.127 area 0 network 192.168.1.128 0.0.0.63 area 0 network 192.168.1.224 0.0.0.7 area 0 network 192.168.1.232 0.0.0.3 area 0 ! ip http server no ip http secure-server ! access-list 101 remark allow web access for R2 internal network access-list 101 permit tcp 192.168.1.0 0.0.0.255 any eq www access-list 101 remark allow pings for R2 internal network access-list 101 permit icmp 192.168.1.0 0.0.0.255 any access-list 101 remark allow telnet for VLAN 11 access-list 101 permit tcp 192.168.1.128 0.0.0.63 any eq telnet access-list 101 remark allow FTP for VLAN 12 access-list 101 permit tcp 192.168.1.0 0.0.0.127 any eq ftp-data access-list 101 permit tcp 192.168.1.0 0.0.0.127 any eq ftp access-list 101 deny ! ! ip any any
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 22 of 41
banner motd ^CUnauthorized use prohibited^C ! line con 0 password cisco login line aux 0 line vty 0 4 password cisco login ! end
R2#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route
209.165.201.0/30 is subnetted, 1 subnets O 209.165.201.0 [110/128] via 192.168.1.234, 03:01:40, Serial0/0/0 192.168.1.0/24 is variably subnetted, 5 subnets, 5 masks C C C O C 192.168.1.0/25 is directly connected, FastEthernet0/0.12 192.168.1.232/30 is directly connected, Serial0/0/0 192.168.1.224/29 is directly connected, FastEthernet0/0.1 192.168.1.193/32 [110/65] via 192.168.1.234, 03:01:40, Serial0/0/0 192.168.1.128/26 is directly connected, FastEthernet0/0.11
R2#sh vlans
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 23 of 41
FastEthernet0/0.1
Address: 192.168.1.225
Received: 2211 0
3376 packets, 706302 bytes input 2578 packets, 327975 bytes output
FastEthernet0/0.11
Address: 192.168.1.129
Received: 512 0
Transmitted: 2338 27
512 packets, 61184 bytes input 2365 packets, 217830 bytes output
FastEthernet0/0.12
Address: 192.168.1.1
Received: 23016 0
Transmitted: 1486 21
23016 packets, 2216436 bytes input 1507 packets, 140912 bytes output
ISP-A Router Config (1841 Cisco IOS 12.4) Plus sample command outputs. Configured by instructor
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 24 of 41
Current configuration : 1467 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP-A ! enable secret 5 $1$9Vz7$DM5oMilgvcjBS5O/ojl2Z. enable password cisco ! no ip domain lookup ! username HQ-1 password 0 cisco username HQ-2 password 0 cisco ! interface FastEthernet0/0 description Gateway for ISP Web Server ip address 172.17.0.1 255.255.0.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 description Connection to AnyCompany1 network ip address 209.165.201.1 255.255.255.252 encapsulation ppp no fair-queue ppp authentication chap
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 25 of 41
! interface Serial0/0/1 description Connection to AnyCompany2 network ip address 209.165.201.5 255.255.255.252 encapsulation ppp clock rate 64000 ppp authentication chap ! interface Vlan1 no ip address ! ip route 209.165.201.0 255.255.255.252 Serial0/0/0 ip route 209.165.201.4 255.255.255.252 Serial0/0/1 ! ! ip http server no ip http secure-server ! banner motd ^CUnauthorized use prohibited^C ! line con 0 password cisco login line aux 0 line vty 0 4 password cisco login ! scheduler allocate 20000 1000 end
Note: AnyCompany2 is not connected, so the route to 209.165.201.4/30 is not present in the routing table. ISP-A#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 26 of 41
E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route
C C
S1 Switch Config (2960 Cisco IOS 12.2) Plus sample command outputs
S1#show running-config Building configuration...
Current configuration : 2780 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname S1 ! enable secret 5 $1$hhGK$.eOmFIEBgkDnl.Gm6MkyD1 enable password cisco ! no aaa new-model ip subnet-zero ! no ip domain-lookup ! spanning-tree mode pvst spanning-tree extend system-id spanning-tree vlan 1 priority 4096 ! vlan internal allocation policy ascending
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 27 of 41
! interface FastEthernet0/1 switchport mode trunk ! interface FastEthernet0/2 switchport mode trunk ! interface FastEthernet0/3 switchport access vlan 11 switchport mode access ! interface FastEthernet0/4 switchport access vlan 11 switchport mode access ! interface FastEthernet0/5 switchport access vlan 11 switchport mode access ! interface FastEthernet0/6 switchport access vlan 11 switchport mode access ! interface FastEthernet0/7 switchport access vlan 11 switchport mode access ! interface FastEthernet0/8 switchport access vlan 11 switchport mode access ! interface FastEthernet0/9 switchport access vlan 11 switchport mode access switchport port-security switchport port-security mac-address sticky switchport port-security mac-address sticky 000b.db04.a5cd (Note: MAC address is learned dynamically and will vary)
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 28 of 41
! interface FastEthernet0/10 switchport access vlan 11 switchport mode access ! interface FastEthernet0/11 switchport access vlan 11 switchport mode access ! interface FastEthernet0/12 switchport access vlan 12 switchport mode access ! interface FastEthernet0/13 switchport access vlan 12 switchport mode access ! interface FastEthernet0/14 switchport access vlan 12 switchport mode access ! interface FastEthernet0/15 switchport access vlan 12 switchport mode access ! interface FastEthernet0/16 switchport access vlan 12 switchport mode access ! interface FastEthernet0/17 switchport access vlan 12 switchport mode access ! interface FastEthernet0/18 switchport access vlan 12 switchport mode access ! interface FastEthernet0/19
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 29 of 41
switchport access vlan 12 switchport mode access ! interface FastEthernet0/20 switchport access vlan 12 switchport mode access ! interface FastEthernet0/21 switchport access vlan 12 switchport mode access ! interface FastEthernet0/22 switchport access vlan 12 switchport mode access ! interface FastEthernet0/23 switchport access vlan 12 switchport mode access ! interface FastEthernet0/24 switchport access vlan 12 switchport mode access ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip address 192.168.1.226 255.255.255.248 no ip route-cache ! ip default-gateway 192.168.1.225 ip http server ! banner motd ^CCUnauthorized use prohibited^C ! line con 0 password cisco
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 30 of 41
login line vty 0 4 password cisco login line vty 5 15 password cisco login ! end
S1#
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1 11 default Dept1 active active Gi0/1, Gi0/2 Fa0/3, Fa0/4, Fa0/5, Fa0/6 Fa0/7, Fa0/8, Fa0/9, Fa0/10 Fa0/11 12 Dept2 active Fa0/12, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24 1002 fddi-default 1003 token-ring-default 1004 fddinet-default 1005 trnet-default S1# S1# S1#show interfaces trunk act/unsup act/unsup act/unsup act/unsup
Mode on on
Native vlan 1 1
Port Fa0/1
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 31 of 41
Fa0/2
1-4094
Vlans in spanning tree forwarding state and not pruned 1,11-12 1,11-12
S1#show spanning-tree
VLAN0001 Spanning tree enabled protocol ieee Root ID Priority Address 4097 001d.4635.0c80
This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID
4097
Interface
Prio.Nbr Type
---------------- ---- --- --------- -------- -------------------------------Fa0/1 Fa0/2 Desg FWD 19 Desg FWD 19 128.1 128.2 P2p P2p
VLAN0011 Spanning tree enabled protocol ieee Root ID Priority Address 32779 001d.4635.0c80
This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 32 of 41
Bridge ID
32779
Interface
Prio.Nbr Type
---------------- ---- --- --------- -------- -------------------------------Fa0/1 Fa0/2 Fa0/9 Desg FWD 19 Desg FWD 19 Desg FWD 19 128.1 128.2 128.9 P2p P2p P2p
VLAN0012 Spanning tree enabled protocol ieee Root ID Priority Address 32780 001d.4635.0c80
This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID
32780
Interface
Prio.Nbr Type
---------------- ---- --- --------- -------- -------------------------------Fa0/1 Fa0/2 Desg FWD 19 Desg FWD 19 128.1 128.2 P2p P2p
Maximum VLANs supported locally : 255 Number of existing VLANs VTP Operating Mode VTP Domain Name : 7 : Server : AnyCompany1
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 33 of 41
VTP Pruning Mode VTP V2 Mode VTP Traps Generation MD5 digest
: Disabled : Disabled : Disabled : 0x86 0x1A 0x63 0x7B 0x6F 0xDC 0xD9 0x8C
Configuration last modified by 0.0.0.0 at 3-1-93 00:07:14 Local updater ID is 192.168.1.226 on interface Vl1 (lowest numbered VLAN interfa ce found) S1# S1# S1# S1#show port-security Secure Port MaxSecureAddr (Count) CurrentAddr (Count) SecurityViolation (Count) Security Action
--------------------------------------------------------------------------Fa0/9 1 1 0 Shutdown
Max Addresses limit in System (excluding one mac per port) : 8320 S1# 7677777767
S2 Switch Config (2960 Cisco IOS 12.2) Plus sample command outputs
S2#show running-config Building configuration...
Current configuration : 2743 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname S2 ! enable secret 5 $1$2NCL$Q/ICmXfABr8mOF70h7H2A0 enable password cisco ! no aaa new-model
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 34 of 41
ip subnet-zero ! no ip domain-lookup ! no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! interface FastEthernet0/1 switchport mode trunk ! interface FastEthernet0/2 switchport mode trunk ! interface FastEthernet0/3 switchport access vlan 11 switchport mode access ! interface FastEthernet0/4 switchport access vlan 11 switchport mode access ! interface FastEthernet0/5 switchport access vlan 11 switchport mode access ! interface FastEthernet0/6 switchport access vlan 11 switchport mode access ! interface FastEthernet0/7 switchport access vlan 11 switchport mode access ! interface FastEthernet0/8 switchport access vlan 11
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 35 of 41
switchport mode access ! interface FastEthernet0/9 switchport access vlan 11 switchport mode access ! interface FastEthernet0/10 switchport access vlan 11 switchport mode access ! interface FastEthernet0/11 switchport access vlan 11 switchport mode access ! interface FastEthernet0/12 switchport access vlan 12 switchport mode access ! interface FastEthernet0/13 switchport access vlan 12 switchport mode access ! interface FastEthernet0/14 switchport access vlan 12 switchport mode access ! interface FastEthernet0/15 switchport access vlan 12 switchport mode access switchport port-security switchport port-security mac-address sticky switchport port-security mac-address sticky 0007.e963.ce53 (Note: MAC address is learned dynamically and will vary) ! interface FastEthernet0/16 switchport access vlan 12 switchport mode access !
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 36 of 41
interface FastEthernet0/17 switchport access vlan 12 switchport mode access ! interface FastEthernet0/18 switchport access vlan 12 switchport mode access ! interface FastEthernet0/19 switchport access vlan 12 switchport mode access ! interface FastEthernet0/20 switchport access vlan 12 switchport mode access ! interface FastEthernet0/21 switchport access vlan 12 switchport mode access ! interface FastEthernet0/22 switchport access vlan 12 switchport mode access ! interface FastEthernet0/23 switchport access vlan 12 switchport mode access ! interface FastEthernet0/24 switchport access vlan 12 switchport mode access ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip address 192.168.1.227 255.255.255.248
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 37 of 41
no ip route-cache ! ip default-gateway 192.168.1.225 ip http server ! banner motd ^CCUnauthorized use prohibited^C ! line con 0 password cisco login line vty 0 4 password cisco login line vty 5 15 password cisco login ! end
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1 11 default VLAN0011 active active Fa0/1, Gi0/1, Gi0/2 Fa0/3, Fa0/4, Fa0/5, Fa0/6 Fa0/7, Fa0/8, Fa0/9, Fa0/10 Fa0/11 12 VLAN0012 active Fa0/12, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24 1002 fddi-default 1003 token-ring-default 1004 fddinet-default 1005 trnet-default act/unsup act/unsup act/unsup act/unsup
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 38 of 41
Port Fa0/2
Mode on
Encapsulation 802.1q
Status trunking
Native vlan 1
Port Fa0/2
Port Fa0/2
S2#show spanning-tree
VLAN0001 Spanning tree enabled protocol ieee Root ID Priority Address Cost Port Hello Time 4097 001d.4635.0c80 19 2 (FastEthernet0/2) 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID
32769
Interface
Prio.Nbr Type
---------------- ---- --- --------- -------- -------------------------------Fa0/2 Root FWD 19 128.2 P2p
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 39 of 41
VLAN0011 Spanning tree enabled protocol ieee Root ID Priority Address Cost Port Hello Time 32779 001d.4635.0c80 19 2 (FastEthernet0/2) 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID
32779
Interface
Prio.Nbr Type
---------------- ---- --- --------- -------- -------------------------------Fa0/2 Root FWD 19 128.2 P2p
VLAN0012 Spanning tree enabled protocol ieee Root ID Priority Address Cost Port Hello Time 32780 001d.4635.0c80 19 2 (FastEthernet0/2) 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID
32780
Interface
Prio.Nbr Type
---------------- ---- --- --------- -------- -------------------------------Fa0/2 Fa0/15 Root FWD 19 Desg FWD 19 128.2 128.15 P2p P2p
S2#
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 40 of 41
Maximum VLANs supported locally : 255 Number of existing VLANs VTP Operating Mode VTP Domain Name VTP Pruning Mode VTP V2 Mode VTP Traps Generation MD5 digest : 7 : Client : AnyCompany1 : Disabled : Disabled : Disabled : 0xC3 0xA3 0x05 0x9F 0x27 0x3D 0xC0 0x03
Configuration last modified by 0.0.0.0 at 3-1-93 00:12:24 S2# S2# S2# S2#show port-security Secure Port MaxSecureAddr (Count) CurrentAddr (Count) SecurityViolation (Count) Security Action
--------------------------------------------------------------------------Fa0/15 1 1 0 Shutdown
Max Addresses limit in System (excluding one mac per port) : 8320 S2# S2# S2# S2#
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 41 of 41