Scribd
Upload
144 views6 pages

Skill

This document outlines configuration steps to set up routing and switching on routers and switches. It configures basic settings like hostnames, passwords, and banners. It sets up OSPF routing between the routers. It configures subinterfaces, VLANs, trunking, and other Layer 2 settings on the switches to segment traffic. It also sets port security on one of the switches.

Uploaded by

philotanus
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
144 views6 pages

Skill

This document outlines configuration steps to set up routing and switching on routers and switches. It configures basic settings like hostnames, passwords, and banners. It sets up OSPF routing between the routers. It configures subinterfaces, VLANs, trunking, and other Layer 2 settings on the switches to segment traffic. It also sets port security on one of the switches.

Uploaded by

philotanus
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 6

Task 2

Step 1
Router>
Router>enable
Router#conf ter
Router(config)#hostname HQ-1
HQ-1(config)#enable secret class
HQ-1(config)#no ip domain lookup
HQ-1(config)#line con 0
HQ-1(config-line)#password cisco
HQ-1(config-line)#login
HQ-1(config-line)#logging synchronous
HQ-1(config-line)#line vty 0 4
HQ-1(config-line)#password cisco
HQ-1(config-line)#login
HQ-1(config-line)#exit
HQ-1(config)#banner motd #Unauthorised use prohibited#
Step 2
HQ-1(config)#int s0/0
HQ-1(config-if)#description WAN link to R2
HQ-1(config-if)#ip add 192.168.2.233 255.255.255.252
HQ-1(config-if)#clock rate 64000
HQ-1(config-if)#no shut
HQ-1(config-if)#exit
HQ-1(config)#int Lo0
HQ-1(config-if)#ip add 172.17.0.1 255.255.0.0
HQ-1(config-if)#exit
Step 3
HQ-1(config)#int s0/1
HQ-1(config-if)#encapsulation ppp
HQ-1(config-if)#no shut
HQ-1(config-if)#ppp authentication chap
HQ-1(config-if)#username R3 password cisco
HQ-1(config)#end
Step 4
HQ-1(config)#router ospf 1
HQ-1(config-router)#network 172.17.0.0 0.0.255.255 area 0
HQ-1(config-router)#network 192.168.2.232 0.0.0.3 area 0
HQ-1(config-router)#network 10.200.10.0 0.0.0.255 area 0
Step 5
HQ-1(config)#ip route 0.0.0.0 0.0.0.0 s0/0/1
HQ-1(config)#router ospf 1
HQ-1(config-router)#default-information originate
Step 6
HQ-1(config)#int s0/0
HQ-1(config-if)#ip nat inside
HQ-1(config-if)#int s0/1
HQ-1(config-if)#ip nat outside
HQ-1(config-if)#exit
HQ-1(config)#access-list 1 permit 192.168.2.0 0.0.0.255
HQ-1(config)#ip nat inside source list 1 interface s0/1 overload
HQ-1(config)#copy run start

Task 3
Step 1
Router>enable
Router#conf ter
Router(config)#hostname R2
R2 (config)#enable secret class
R2(config)#no ip domain lookup
R2(config)#line con 0
R2(config-line)#password cisco
R2(config-line)#login
R2(config-line)#logging synchronous
R2(config-line)#line vty 0 4
R2(config-line)#password cisco
R2(config-line)#login
R2(config-line)#exit
R2(config)#banner motd #Unauthorised use prohibited#
Step 2
R2(config)#int fa0/0
R2(config-if)#no shut
R2(config-if)#int fa0/0.1
R2(config-subif)#encapsulation dot1q 1 native
R2(config-subif)#ip add 192.168.2.225 255.255.255.248
R2(config-subif)#exit
R2(config)#int fa0/0.21
R2(config-subif)#encapsulation dot1q 21
R2(config-subif)#ip add 192.168.2.129 255.255.255.192
R2(config)#int fa0/0.22
R2(config-subif)#encapsulation dot1q 22
R2(config-subif)#ip add 192.168.2.1 255.255.255.128
R2(config-subif)#exit
R2(config)#int s0/0
R2(config-if)#description WAN link to HQ
R2(config-if)#ip add 192.168.2.234 255.255.255.252
R2(config-if)#clock rate 64000
R2(config-if)#no shut
Step 3
R2(config)#router ospf 1
R2(config-router)#network 192.168.2.232 0.0.0.3 area 0
R2(config-router)#network 192.168.2.224 0.0.0.7 area 0
R2(config-router)#network 192.168.2.0 0.0.0.127 area 0
R2(config-router)#network 192.168.2.128 0.0.0.63 area 0
R2(config-router)#end
R2#copy run start
Task 4
Step 1
Switch>enable
Switch#delete flash:vlan.dat
Switch#reload !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Switch#conf ter
Switch(config)#hostname S1
S1(config)#enable secret class
S1(config)#no ip domain lookup
S1(config)#line con 0
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#logging synchronous
S1(config-line)#line vty 0 15
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#exit
S1(config)#banner motd #Unauthorised use prohibited#
Step 2
S1(config)#vlan 21
S1(config-vlan)#name Dept1
S1(config-vlan)#exit
S1(config)#vlan 22
S1(config-vlan)#name Dept2
S1(config-vlan)#exit
S1(config)#int range fa0/3-11
S1(config-if-range)#switchport access vlan 21
S1(config-if-range)#exit
S1(config)#int range fa0/12-24
S1(config-if-range)#switchport access vlan 22
S1(config-if-range)#exit
Step 3
S1(config)#int vlan 1
S1(config-if)#ip add 192.168.2.226 255.255.255.248
S1(config-if)#exit
S1(config)#ip default-gateway 192.168.2.225
Step 4
S1(config)#int fa0/1
S1(config-if)#switchport mode trunk
S1(config-if)#switchport trunk encapsulation dot1q
S1(config-if)#dot1q native vlan 1
S1(config)#int fa0/2
S1(config-if)#switchport mode trunk
S1(config-if)#switchport trunk encapsulation dot1q
S1(config-if)#dot1q native vlan 1

Step 5
S1(config)#spanning-tree vlan 1 priority 4096
Step 6
S1(config)#vtp domain AnyCompany2
S1(config)#vtp password cisco
S1(config)#?????vtp mode client|server????????????

Step 7
S1(config)#int fa0/9
S1(config-if)#switchport port-security mac-address sticky
S1(config-if)#switchport port-security violation shutdown
S1(config-if)#switchport port-security maximum 1
S1(config-if)#end
S1#copy run start
Task 5
Step1
Switch>enable
Switch#delete flash:vlan.dat
Switch#reload !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Switch#conf ter
Switch(config)#hostname S2
S2(config)#enable secret class
S2(config)#no ip domain lookup
S(config)#line con 0
S2(config-line)#password cisco
S2(config-line)#login
S2(config-line)#logging synchronous
S2(config-line)#line vty 0 15
S2(config-line)#password cisco
S2(config-line)#login
S2(config-line)#exit
S2(config)#banner motd #Unauthorised use prohibited#
Step2
S1(config)#vtp domain AnyCompany2
S1(config)#vtp password cisco
Step3
S2(config)#int range fa0/3-11
S2(config-if-range)#switchport access vlan 21
S2(config-if-range)#exit
S2(config)#int range fa0/12-24
S2(config-if-range)#switchport access vlan 22
S2(config-if-range)#exit
Step4
S2(config)#int vlan 1
S2(config-if)#ip add 192.168.2.227 255.255.255.248
S2(config-if)#exit
S2(config)#ip default-gateway 192.168.2.225
Step5
S1(config)#int fa0/1
S1(config-if)#switchport mode trunk
S1(config-if)#switchport trunk encapsulation dot1q
S1(config-if)#dot1q native vlan 1

Step6
S1(config)#int fa0/15
S1(config-if)#switchport port-security mac-address sticky
S1(config-if)#switchport port-security violation shutdown
S1(config-if)#switchport port-security maximum 1
S1(config-if)#end
S1#copy run start

Task 6 Host IP
Task 7
HQ basic config (host,pass,IPs) sh run
HQ routing table (OSPF,static/default) sh ip route
HQ NAT config(ACL,interfaces)
R2 basic config (host,pass,IPs) sh run
R2 routing table (OSPF,static/default) sh ip route
R2 subinterfaces on Fa0/0 sh ip int brief
R2 subinterfaces encapsulation sh run
S1 basic config sh run
S1 VLANs sh vlan brief
S1 ports in correct VLANs sh run, sh vlan brief
S1 802.1q trunk ports sh trunk, sh run, sh int trunk
S1 is root switch sh spanning-tree detail
S1 is VTP server sh vtp status
S1 port security sh run
S2 basic config sh run
S2 VLANs sh vlan brief
S2 ports in correct VLANs sh run, sh vlan brief
S2 dot1q trunk ports sh trunk, sh run, sh int trunk
S2 is VTP client sh vtp status
S2 port security sh run

Ping S1 from H1 and H2


Ping S2 from H1 and H2
Ping R2 def. Gateway from H1,H2
Ping R2 def. Gateway from S1,S2
Ping HQ from R2
Ping from H1,H2 to HQ S0/0/0
Ping from H1,H2 to HQ Lo0
Ping from H1,H2 to ISP S0/0/0
Telnet from H1,H2 to HQ,R2
Verify HQ NAT translations
Task 8
Step 1
R2(config)#access-list 110 remark Allow web request
R2(config)#access-list 110 permit tcp 192.168.2.0 0.0.0.255 any eq www
R2(config)#access-list 110 remark Allow ping
R2(config)#access-list 110 permit icmp any any echo
R2(config)#access-list 110 remark Allow ftp from VLAN22
R2(config)#access-list 110 permit tcp 192.168.2.0 0.0.0.127 any eq 20
R2(config)#access-list 110 permit tcp 192.168.2.0 0.0.0.127 any eq 21
R2(config)#access-list 110 deny any any
R2(config)#access-list 101 remark Allow telnet from VLAN21
R2(config)#access-list 101 allow tcp 192.168.2.128 0.0.0.63 any eq telnet
R2(config)#access-list 101 deny any any
R2(config)#line vty 0 4
R2(config-line)#access-class 101 in
R2(config-line)#exit

R2(config)#int fa0/0
R2(config-if)#ip access-group 110 in
R2(config-if)#exit

Step 2
HQ-1(config)#access-list 2 remark Allow telnet only for H1 on VLAN21
HQ-1(config)#access-list 2 permit host 192.168.2.190
HQ-1(config)#access-list 2 deny any
HQ-1(config)#line vty 0 4
HQ-1(config-line)#access-class 2 in
HQ-1(config-line)#end

You might also like