Blog Archives %%page%% - 2008 June

Monthly Archive for June, 2008

Cisco Tackling the Global Shortage of Skilled Network Engineers

Published

on June 24, 2008

. 0 Comments

Cisco today announced three new Cisco Certified Network Associate (CCNA®) concentrations namely Security, Voice and finally Wireless. All candidates wanting to go for the concentrations must have the CCNA first and then can specialize into one of the fields of interest.

BCMSN VLAN-ACL Lab 8

Published

Deon Botha

on June 23, 2008

in ACL, BCMSN, Certification, Cisco Systems, VACL and VLAN

. 0 Comments

LAB_2

Virtual Local Area Network (VLAN) Access Control Lists (ACL) (VACL or VLAN-ACL)

The CCNA taught ACLs standard, extended and named (standard and extended) the VACL is a standard or extended access list (no surprise) that is supported on Cisco IOS Software on Multilayer Switches (this is important) that can be mapped as the name suggests to a specific VLAN (take note).

This means that instead of an ACL filtering all traffic ingressing or egressing a particular port the ACL will filter all traffic ingressing and egressing a particular VLAN (cool huh).

The below config uses a named ACL in conjunction with the other particulars to make the VACL work. If you are rusty on the Access Lists the previous lab used an extended access list you can then also go on to try your hand at standard access lists on your own.

The aim of this lab is to block telnet, ftp, www and allow all other traffic to PC1 and PC2.

PC1 is in VLAN 10 with IP address 192.168.10.200 255.255.255.0 Default Gateway (DG) 192.168.10.1

PC2 is in VLAN 20 with IP Address 192.168.20.250 255.255.255.0 DG 192.168.10.50

Enter Privelaged Mode switch>enable Enter Global Configuration Mode switch#configure terminal Change the hostname of the switch switch(config)#hostname DSW1 Enable secret and password DSW1(config)#enable password cisco DSW1(config)#enable secret cisco Setup the console port password DSW1(config)#line con 0 DSW1(config-line)#password cisco DSW1(config-line)#login DSW1(config-line)#exit Setup the Virtual Teletype Terminal (VTY) Password DSW1(config)#line vty 0 4 DSW1(config-line)#password cisco DSW1(config-line)#login DSW1(config-line)#exit Setup the default VLAN DSW1(config)#interface vlan 1 DSW1(config-if)#ip address 192.168.1.1 255.255.255.0 DSW1(config-if)#no shut DSW1(config-if)#exit Setup VLAN 10 DSW1(config)#interface vlan 10 DSW1(config-if)#ip address 192.168.10.1 255.255.255.0 DSW1(config-if)#no shut DSW1(config-if)#exit Setup VLAN 20 DSW1(config)#interface vlan 20 DSW1(config-if)#ip address 192.168.20.1 255.255.255.0 DSW1(config-if)#no shut DSW1(config-if)#exit Setup Fastethernet Interfaces DSW1(config)#interface fastethernet 0/1 DSW1(config-if)#description DSW1 - ASW1 DSW1(config-if)#no shut DSW1(config-if)#exit DSW1(config)#interface fastethernet 0/2 DSW1(config-if)#description DSW1 - ASW1 DSW1(config-if)#no shut DSW1(config-if)#exit DSW1(config)#interface fastethernet 0/3 DSW1(config-if)#description DSW1 - ASW2 DSW1(config-if)#no shut DSW1(config-if)#exit DSW1(config)#interface fastethernet 0/4 DSW1(config-if)#description DSW1 - ASW2 DSW1(config-if)#no shut DSW1(config-if)#exit DSW1(config)#interface fastethernet 0/11 DSW1(config-if)#description DSW1 - DSW2 DSW1(config-if)#no shut DSW1(config-if)#exit DSW1(config)#interface fastethernet 0/12 DSW1(config-if)#description DSW1 - DSW2 DSW1(config-if)#no shut DSW1(config-if)#exit Enable QoS Globally DSW1(config)#mls qos Create Access Lists DSW1(config)#access-list 150 permit udp any any eq tftp DSW1(config)#access-list 150 permit tcp any any eq ftp DSW1(config)#access-list 150 permit tcp any any eq ftp-data DSW1(config)#access-list 151 permit udp any any eq echo DSW1(config)#access-list 151 permit udp any any eq echo-reply DSW1(config)#access-list 151 permit udp any any eq echo Create a class map DSW1(config)#class-map File-Transfer DSW1(config-cmap)#match access-group 150 DSW1(config-cmap)#exit DSW1(config)#class-map Echo DSW1(config-cmap)#match access-group 151 DSW1(config-cmap)#exit Create a policy map DSW1(config)#policy-map Precedence DSW1(config-pmap)#class file-transfer DSW1(config-pmap-c)#set ip precedence 5 DSW1(config-pmap-c)#exit DSW1(config-pmap)#class echo DSW1(config-pmap-c)#set ip precedence 1 DSW1(config-pmap-c)#exit DSW1(config-pmap)#exit Create a VLAN access map DSW1(config)#vlan access-map vlan_map_10 10 DSW1(config-access-map)#match ip address blocked_protocols DSW1(config-access-map)#action drop DSW1(config-access-map)#exit DSW1(config)#vlan access-map vlan_map_10 20 DSW1(config-access-map)#match ip address allowed_protocols DSW1(config-access-map)#action forward DSW1(config-access-map)#exit Create an Named Extended Access List DSW1(config)#ip access-list extended blocked_protocols DSW1(config-ext-ipacl)#permit tcp any any eq telnet DSW1(config-ext-ipacl)#permit tcp any any eq ftp DSW1(config-ext-ipacl)#permit tcp any any eq ftp-data DSW1(config-ext-ipacl)#permit tcp any any eq www DSW1(config-ext-ipacl)#exit DSW1(config)#ip access-list extended allowed_protocols DSW1(config-ext-ipacl)#permit ip any any DSW1(config-ext-ipacl)#exit Apply the VLAN ACL to Filter a VLAN DSW1(config)#vlan filter vlan_map_10 vlan-list 10 Associate VLANs with Fe 1 to 4 DSW1(config)#interface range fastethernet 0/1 - 4 DSW1(config-if-range)#speed 100 DSW1(config-if-range)#duplex auto DSW1(config-if-range)#switchport DSW1(config-if-range)#switchport trunk encapsulation dot1q DSW1(config-if-range)#switchport trunk native vlan 1 DSW1(config-if-range)#switchport trunk allowed vlan 1,20,10 DSW1(config-if-range)#switchport mode trunk Apply QoS Policy DSW1(config-if-range)#service-policy input precedence DSW1(config-if-range)#exit Associate VLANs with Fe 11 and 12 DSW1(config)#interface range fastethernet 0/11 - 12 DSW1(config-if-range)#speed 100 DSW1(config-if-range)#duplex auto DSW1(config-if-range)#switchport DSW1(config-if-range)#switchport trunk encapsulation dot1q DSW1(config-if-range)#switchport trunk native vlan 1 DSW1(config-if-range)#switchport trunk allowed vlan 1,20,10 DSW1(config-if-range)#switchport mode trunk DSW1(config-if-range)#exit Aministratively shutdown all ports not connected DSW1(config)#interface range fastethernet 0/5 - 10 DSW1(config-if-range)#shut DSW1(config-if-range)#exit Enable Spanning Tree Protocol on VLANs DSW1(config)#spanning-tree vlan 1 root primary DSW1(config)#spanning-tree vlan 10 root primary DSW1(config)#spanning-tree vlan 20 root secondary Enable Routing and a Protocol DSW1(config)#ip routing DSW1(config)#router eigrp 100 DSW1(config-router)#network 192.168.0.0 DSW1(config-router)#exit Exit Global Configuration Mode DSW1(config)#exit Check that you named the interfaces correctly, havent missed out on a connected interface and that the duplex and speed setting are correct DSW1#show interfaces status Check that you configured STP DSW1#show spanning-tree Check routing is correct DSW1#show ip route Check QoS is enabled DSW1#show mls qos Check Access Lists DSW1#show access-lists Check class maps DSW1#show class-map Check policy map DSW1#show policy-map Check that QoS is applied to the interfaces DSW1#show run | begin interface FastEthernet 0/1 Check VLAN Access-Map DSW1#show vlan access-map Confirm Named Access lists DSW1#show access-lists blocked_protocols DSW1#show access-lists allowed_protocols DSW1#show access-lists Confirm VLAN filter DSW1#show vlan filter Copy the running configuration to the startup configuration. I got in the bad habbit to do this the other way around for a while (did it in an exam)… oops copy start run DSW1#copy run start

Enter Privelaged Mode switch>enable Enter Global Configuration Mode switch#configure terminal Change the hostname of the switch switch(config)#hostname DSW2 Enable secret and password DSW2(config)#enable password cisco DSW2(config)#enable secret cisco Setup the console port password DSW2(config)#line con 0 DSW2(config-line)#password cisco DSW2(config-line)#login DSW2(config-line)#exit Setup the Virtual Teletype Terminal (VTY) Password DSW2(config)#line vty 0 4 DSW2(config-line)#password cisco DSW2(config-line)#login DSW2(config-line)#exit Setup the default VLAN DSW2(config)#interface vlan 1 DSW2(config-if)#ip address 192.168.1.50 255.255.255.0 DSW2(config-if)#no shut DSW2(config-if)#exit Setup VLAN 10 DSW2(config)#interface vlan 10 DSW2(config-if)#ip address 192.168.10.50 255.255.255.0 DSW2(config-if)#no shut DSW2(config-if)#exit Setup VLAN 20 DSW2(config)#interface vlan 20 DSW2(config-if)#ip address 192.168.20.50 255.255.255.0 DSW2(config-if)#no shut DSW2(config-if)#exit Setup Fastethernet Interfaces DSW2(config)#interface fastethernet 0/1 DSW2(config-if)#description DSW2 - ASW2 DSW2(config-if)#no shut DSW2(config-if)#exit DSW2(config)#interface fastethernet 0/2 DSW2(config-if)#description DSW2 - ASW2 DSW2(config-if)#no shut DSW2(config-if)#exit DSW2(config)#interface fastethernet 0/3 DSW2(config-if)#description DSW2 - ASW1 DSW2(config-if)#no shut DSW2(config-if)#exit DSW2(config)#interface fastethernet 0/4 DSW2(config-if)#description DSW2 - ASW1 DSW2(config-if)#no shut DSW2(config-if)#exit DSW2(config)#interface fastethernet 0/11 DSW2(config-if)#description DSW2 - DSW1 DSW2(config-if)#no shut DSW2(config-if)#exit DSW2(config)#interface fastethernet 0/12 DSW2(config-if)#description DSW2 - DSW1 DSW2(config-if)#no shut DSW2(config-if)#exit Enable QoS Globally DSW2(config)#mls qos Create Access Lists DSW2(config)#access-list 150 permit udp any any eq tftp DSW2(config)#access-list 150 permit tcp any any eq ftp DSW2(config)#access-list 150 permit tcp any any eq ftp-data DSW2(config)#access-list 151 permit udp any any eq echo DSW2(config)#access-list 151 permit udp any any eq echo-reply DSW2(config)#access-list 151 permit udp any any eq echo Create a class map DSW2(config)#class-map File-Transfer DSW2(config-cmap)#match access-group 150 DSW2(config-cmap)#exit DSW2(config)#class-map Echo DSW2(config-cmap)#match access-group 151 DSW2(config-cmap)#exit Create a policy map DSW2(config)#policy-map Precedence DSW2(config-pmap)#class file-transfer DSW2(config-pmap-c)#set ip precedence 5 DSW2(config-pmap-c)#exit DSW2(config-pmap)#class echo DSW2(config-pmap-c)#set ip precedence 1 DSW2(config-pmap-c)#exit DSW2(config-pmap)#exit Create a VLAN access map DSW2(config)#vlan access-map vlan_map_20 10 DSW2(config-access-map)#match ip address blocked_protocols DSW2(config-access-map)#action drop DSW2(config-access-map)#exit DSW2(config)#vlan access-map vlan_map_20 20 DSW2(config-access-map)#match ip address allowed_protocols DSW2(config-access-map)#action forward DSW2(config-access-map)#exit Create an Named Extended Access List DSW2(config)#ip access-list extended blocked_protocols DSW2(config-ext-ipacl)#permit tcp any any eq telnet DSW2(config-ext-ipacl)#permit tcp any any eq ftp DSW2(config-ext-ipacl)#permit tcp any any eq ftp-data DSW2(config-ext-ipacl)#permit tcp any any eq www DSW2(config-ext-ipacl)#exit DSW2(config)#ip access-list extended allowed_protocols DSW2(config-ext-ipacl)#permit ip any any DSW2(config-ext-ipacl)#exit Apply the VLAN ACL to Filter a VLAN DSW2(config)#vlan filter vlan_map_20 vlan-list 20 Associate VLANs with Fe 1 to 4 DSW2(config)#interface range fastethernet 0/1 - 4 DSW2(config-if-range)#speed 100 DSW2(config-if-range)#duplex auto DSW2(config-if-range)#switchport DSW2(config-if-range)#switchport trunk encapsulation dot1q DSW2(config-if-range)#switchport trunk native vlan 1 DSW2(config-if-range)#switchport trunk allowed vlan 1,20,10 DSW2(config-if-range)#switchport mode trunk Apply QoS Policy DSW2(config-if-range)#service-policy input precedence DSW2(config-if-range)#exit Associate VLANs with Fe 11 and 12 DSW2(config)#interface range fastethernet 0/11 - 12 DSW2(config-if-range)#speed 100 DSW2(config-if-range)#duplex auto DSW2(config-if-range)#switchport DSW2(config-if-range)#switchport trunk encapsulation dot1q DSW2(config-if-range)#switchport trunk native vlan 1 DSW2(config-if-range)#switchport trunk allowed vlan 1,20,10 DSW2(config-if-range)#switchport mode trunk DSW2(config-if-range)#exit Aministratively shutdown all ports not connected DSW2(config)#interface range fastethernet 0/5 - 10 DSW2(config-if-range)#shut DSW2(config-if-range)#exit Enable Spanning Tree Protocol on VLANs DSW2(config)#spanning-tree vlan 1 root secondary DSW2(config)#spanning-tree vlan 10 root secondary DSW2(config)#spanning-tree vlan 20 root primary Enable Routing and a Protocol DSW2(config)#ip routing DSW2(config)#router eigrp 100 DSW2(config-router)#network 192.168.0.0 DSW2(config-router)#exit Exit Global Configuration Mode DSW2(config)#exit Check that you named the interfaces correctly, havent missed out on a connected interface and that the duplex and speed setting are correct DSW2#show interfaces status Check that you configured STP DSW2#show spanning-tree Check routing is correct DSW2#show ip route Check QoS is enabled DSW2#show mls qos Check Access Lists DSW2#show access-lists Check class maps DSW2#show class-map Check policy map DSW2#show policy-map Check that QoS is applied to the interfaces DSW2#show run | begin interface FastEthernet 0/1 Check VLAN Access-Map DSW2#show vlan access-map Confirm Named Access lists DSW2#show access-lists blocked_protocols DSW2#show access-lists allowed_protocols DSW2#show access-lists Confirm VLAN filter DSW2#show vlan filter Copy the running configuration to the startup configuration. I got in the bad habbit to do this the other way around for a while (did it in an exam)… oops copy start run DSW2#copy run start

Enter Privelaged Mode switch>enable Enter Global Configuration Mode switch#configure terminal Change the hostname of the switch switch(config)#hostname ASW1 Enable secret and password ASW1(config)#enable password cisco ASW1(config)#enable secret cisco Setup the console port password ASW1(config)#line con 0 ASW1(config-line)#password cisco ASW1(config-line)#login ASW1(config-line)#exit Setup the Virtual Teletype Terminal (VTY) Password ASW1(config)#line vty 0 4 ASW1(config-line)#password cisco ASW1(config-line)#login ASW1(config-line)#exit Default Gateway ASW1(config-line)#ip default-gateway 192.168.1.1 Setup the default VLAN ASW1(config)#interface vlan 1 ASW1(config-if)#ip address 192.168.1.100 255.255.255.0 ASW1(config-if)#no shut ASW1(config-if)#exit Setup VLAN 10 ASW1(config)#interface vlan 10 ASW1(config-if)#ip address 192.168.10.100 255.255.255.0 ASW1(config-if)#no shut ASW1(config-if)#exit Setup VLAN 20 ASW1(config)#interface vlan 20 ASW1(config-if)#ip address 192.168.20.100 255.255.255.0 ASW1(config-if)#no shut ASW1(config-if)#exit Setup Fastethernet Interfaces ASW1(config)#interface fastethernet 0/1 ASW1(config-if)#description ASW1 - DSW1 ASW1(config-if)#no shut ASW1(config-if)#exit ASW1(config)#interface fastethernet 0/2 ASW1(config-if)#description ASW1 - DSW1 ASW1(config-if)#no shut ASW1(config-if)#exit ASW1(config)#interface fastethernet 0/3 ASW1(config-if)#description ASW1 - DSW2 ASW1(config-if)#no shut ASW1(config-if)#exit ASW1(config)#interface fastethernet 0/4 ASW1(config-if)#description ASW1 - DSW2 ASW1(config-if)#no shut ASW1(config-if)#exit Setup Fastethernet 0/12 for 10mbs half duplex as an access level end-point interface ASW1(config)#interface fastethernet 0/12 ASW1(config-if)#description ASW1 - PC1 ASW1(config-if)#speed 10 ASW1(config-if)#duplex half ASW1(config-if)#switchport Make the port as an access port ASW1(config-if)#switchport mode access Make the port an access port for VLAN 10 ASW1(config-if)#switchport access vlan 10 Enable PortFast on end-points ASW1(config-if)#spanning-tree portfast ASW1(config-if)#no shut ASW1(config-if)#exit Associate VLANs with Fe 1 to 4 ASW1(config)#interface range fastethernet 0/1 - 4 ASW1(config-if-range)#speed 100 ASW1(config-if-range)#duplex auto ASW1(config-if-range)#switchport ASW1(config-if-range)#switchport trunk encapsulation dot1q ASW1(config-if-range)#switchport trunk native vlan 1 ASW1(config-if-range)#switchport trunk allowed vlan 1,20,10 ASW1(config-if-range)#switchport mode trunk Configure UplinkFast ASW1(config-if-range)#spanning-tree uplinkfast ASW1(config-if-range)#exit Aministratively shutdown all ports not connected ASW1(config)#interface range fastethernet 0/5 - 11 ASW1(config-if-range)#shut ASW1(config-if-range)#exit Enable Spanning Tree Protocol on VLANs ASW1(config)#spanning-tree vlan 1 ASW1(config)#spanning-tree vlan 10 ASW1(config)#spanning-tree vlan 20 Exit Global Configuration Mode ASW1(config)#exit Check that you named the interfaces correctly, havent missed out on a connected interface and that the duplex and speed setting are correct ASW1#show interfaces status Check that you configured STP DSW1#show spanning-tree Copy the running configuration to the startup configuration. I got in the bad habbit to do this the other way around for a while (did it in an exam)… oops copy start run ASW1#copy run start

Enter Privelaged Mode switch>enable Enter Global Configuration Mode switch#configure terminal Change the hostname of the switch switch(config)#hostname ASW2 Enable secret and password ASW2(config)#enable password cisco ASW2(config)#enable secret cisco Setup the console port password ASW2(config)#line con 0 ASW2(config-line)#password cisco ASW2(config-line)#login ASW2(config-line)#exit Setup the Virtual Teletype Terminal (VTY) Password ASW2(config)#line vty 0 4 ASW2(config-line)#password cisco ASW2(config-line)#login ASW2(config-line)#exit Default Gateway ASW2(config-line)#ip default-gateway 192.168.1.50 Setup the default VLAN ASW2(config)#interface vlan 1 ASW2(config-if)#ip address 192.168.1.150 255.255.255.0 ASW2(config-if)#no shut ASW2(config-if)#exit Setup VLAN 10 ASW2(config)#interface vlan 10 ASW2(config-if)#ip address 192.168.10.150 255.255.255.0 ASW2(config-if)#no shut ASW2(config-if)#exit Setup VLAN 20 ASW2(config)#interface vlan 20 ASW2(config-if)#ip address 192.168.20.150 255.255.255.0 ASW2(config-if)#no shut ASW2(config-if)#exit Setup Fastethernet Interfaces ASW2(config)#interface fastethernet 0/1 ASW2(config-if)#description ASW2 - DSW2 ASW2(config-if)#no shut ASW2(config-if)#exit ASW2(config)#interface fastethernet 0/2 ASW2(config-if)#description ASW2 - DSW2 ASW2(config-if)#no shut ASW2(config-if)#exit ASW2(config)#interface fastethernet 0/3 ASW2(config-if)#description ASW2 - DSW1 ASW2(config-if)#no shut ASW2(config-if)#exit ASW2(config)#interface fastethernet 0/4 ASW2(config-if)#description ASW2 - DSW1 ASW2(config-if)#no shut ASW2(config-if)#exit Setup Fastethernet 0/12 for 10mbs half duplex as an access level end-point interface ASW2(config)#interface fastethernet 0/12 ASW2(config-if)#description ASW2 - PC2 ASW2(config-if)#speed 10 ASW2(config-if)#duplex half ASW2(config-if)#switchport Make the port as an access port ASW2(config-if)#switchport mode access Make the port an access port for VLAN 20 ASW2(config-if)#switchport access vlan 20 Enable PortFast on end-points ASW2(config-if)#spanning-tree portfast ASW2(config-if)#no shut ASW2(config-if)#exit Associate VLANs with Fe 1 to 4 ASW2(config)#interface range fastethernet 0/1 - 4 ASW2(config-if-range)#speed 100 ASW2(config-if-range)#duplex auto ASW2(config-if-range)#switchport ASW2(config-if-range)#switchport trunk encapsulation dot1q ASW2(config-if-range)#switchport trunk native vlan 1 ASW2(config-if-range)#switchport trunk allowed vlan 1,20,10 ASW2(config-if-range)#switchport mode trunk Configure UplinkFast ASW2(config-if-range)#spanning-tree uplinkfast ASW2(config-if-range)#exit Aministratively shutdown all ports not connected ASW2(config)#interface range fastethernet 0/5 - 10 ASW2(config-if-range)#shut ASW2(config-if-range)#exit Enable Spanning Tree Protocol on VLANs ASW2(config)#spanning-tree vlan 1 ASW2(config)#spanning-tree vlan 10 ASW2(config)#spanning-tree vlan 20 Exit Global Configuration Mode ASW2(config)#exit Check that you named the interfaces correctly, havent missed out on a connected interface and that the duplex and speed setting are correct ASW2#show interfaces status Check that you configured STP ASW2#show spanning-tree Copy the running configuration to the startup configuration. I got in the bad habbit to do this the other way around for a while (did it in an exam)… oops copy start run ASW2#copy run start

The end result of this will be if you attempt to for example telnet from one of the ASW switches to the PCs (1 or 2) you should get the following:

ASW1#telnet 192.168.10.200 Trying 192.168.10.200 ... % Connection timed out; remote host not responding

Still trying to sort out LAB time so will test this out and update as needed.

Notes and Notices:

This is a part of my personal BCMSN notes and research to assist myself in learning and understanding the concepts and theory for the BCMSN exam. I learn by making notes reading and writing things down and wish to file them where I can’t lose them. These notes are not to be seen, judged or mistaken for replacements to Cisco recognized and authorized training which I personally support and attend and suggest you undertake if you are going for the BCMSN Certification.

BCMSN QoS Routing Lab 7

Published

Deon Botha

on June 19, 2008

in BCMSN, Certification, Cisco Systems, Concepts and Constructs and QoS

. 0 Comments

LAB_2

QoS

The idea behind this config is to enable Quality of Service (QoS) create access-lists that apply to certain traffic/data (TFTP, FTP and icmp (echo) in this case), define a class, create a policy define precedence and apply those settings to downstream switches. If you remember from previous QoS posts the higher the precedence (voice) the more important and delay sensitive the lower the precedence (www) the less delay sensitive and easier it can handle dropped packets without end-user issues.

PC1 is in VLAN 10 with IP address 192.168.10.200 255.255.255.0 Default Gateway (DG) 192.168.10.1

PC2 is in VLAN 20 with IP Address 192.168.20.250 255.255.255.0 DG 192.168.10.50

Enter Privelaged Mode switch>enable Enter Global Configuration Mode switch#configure terminal Change the hostname of the switch switch(config)#hostname DSW1 Enable secret and password DSW1(config)#enable password cisco DSW1(config)#enable secret cisco Setup the console port password DSW1(config)#line con 0 DSW1(config-line)#password cisco DSW1(config-line)#login DSW1(config-line)#exit Setup the Virtual Teletype Terminal (VTY) Password DSW1(config)#line vty 0 4 DSW1(config-line)#password cisco DSW1(config-line)#login DSW1(config-line)#exit Setup the default VLAN DSW1(config)#interface vlan 1 DSW1(config-if)#ip address 192.168.1.1 255.255.255.0 DSW1(config-if)#no shut DSW1(config-if)#exit Setup VLAN 10 DSW1(config)#interface vlan 10 DSW1(config-if)#ip address 192.168.10.1 255.255.255.0 DSW1(config-if)#no shut DSW1(config-if)#exit Setup VLAN 20 DSW1(config)#interface vlan 20 DSW1(config-if)#ip address 192.168.20.1 255.255.255.0 DSW1(config-if)#no shut DSW1(config-if)#exit Setup Fastethernet Interfaces DSW1(config)#interface fastethernet 0/1 DSW1(config-if)#description DSW1 - ASW1 DSW1(config-if)#no shut DSW1(config-if)#exit DSW1(config)#interface fastethernet 0/2 DSW1(config-if)#description DSW1 - ASW1 DSW1(config-if)#no shut DSW1(config-if)#exit DSW1(config)#interface fastethernet 0/3 DSW1(config-if)#description DSW1 - ASW2 DSW1(config-if)#no shut DSW1(config-if)#exit DSW1(config)#interface fastethernet 0/4 DSW1(config-if)#description DSW1 - ASW2 DSW1(config-if)#no shut DSW1(config-if)#exit DSW1(config)#interface fastethernet 0/11 DSW1(config-if)#description DSW1 - DSW2 DSW1(config-if)#no shut DSW1(config-if)#exit DSW1(config)#interface fastethernet 0/12 DSW1(config-if)#description DSW1 - DSW2 DSW1(config-if)#no shut DSW1(config-if)#exit Enable QoS Globally DSW1(config)#mls qos Create Access Lists DSW1(config)#access-list 150 permit udp any any eq tftp DSW1(config)#access-list 150 permit tcp any any eq ftp DSW1(config)#access-list 150 permit tcp any any eq ftp-data DSW1(config)#access-list 151 permit udp any any eq echo DSW1(config)#access-list 151 permit udp any any eq echo-reply DSW1(config)#access-list 151 permit udp any any eq echo Create a class map DSW1(config)#class-map File-Transfer DSW1(config-cmap)#match access-group 150 DSW1(config-cmap)#exit DSW1(config)#class-map Echo DSW1(config-cmap)#match access-group 151 DSW1(config-cmap)#exit Create a policy map DSW1(config)#policy-map Precedence DSW1(config-pmap)#class file-transfer DSW1(config-pmap-c)#set ip precedence 5 DSW1(config-pmap-c)#exit DSW1(config-pmap)#class echo DSW1(config-pmap-c)#set ip precedence 1 DSW1(config-pmap-c)#exit DSW1(config-pmap)#exit Associate VLANs with Fe 1 to 4 DSW1(config)#interface range fastethernet 0/1 - 4 DSW1(config-if-range)#speed 100 DSW1(config-if-range)#duplex auto DSW1(config-if-range)#switchport DSW1(config-if-range)#switchport trunk encapsulation dot1q DSW1(config-if-range)#switchport trunk native vlan 1 DSW1(config-if-range)#switchport trunk allowed vlan 1,20,10 DSW1(config-if-range)#switchport mode trunk Apply QoS Policy DSW1(config-if-range)#service-policy input precedence DSW1(config-if-range)#exit Associate VLANs with Fe 11 and 12 DSW1(config)#interface range fastethernet 0/11 - 12 DSW1(config-if-range)#speed 100 DSW1(config-if-range)#duplex auto DSW1(config-if-range)#switchport DSW1(config-if-range)#switchport trunk encapsulation dot1q DSW1(config-if-range)#switchport trunk native vlan 1 DSW1(config-if-range)#switchport trunk allowed vlan 1,20,10 DSW1(config-if-range)#switchport mode trunk DSW1(config-if-range)#exit Aministratively shutdown all ports not connected DSW1(config)#interface range fastethernet 0/5 - 10 DSW1(config-if-range)#shut DSW1(config-if-range)#exit Enable Spanning Tree Protocol on VLANs DSW1(config)#spanning-tree vlan 1 root primary DSW1(config)#spanning-tree vlan 10 root primary DSW1(config)#spanning-tree vlan 20 root secondary Enable Routing and a Protocol DSW1(config)#ip routing DSW1(config)#router eigrp 100 DSW1(config-router)#network 192.168.0.0 DSW1(config-router)#exit Exit Global Configuration Mode DSW1(config)#exit Check that you named the interfaces correctly, havent missed out on a connected interface and that the duplex and speed setting are correct DSW1#show interfaces status Check that you configured STP DSW1#show spanning-tree Check routing is correct DSW1#show ip route Check QoS is enabled DSW1#show mls qos Check Access Lists DSW1#show access-lists Check class maps DSW1#show class-map Check policy map DSW1#show policy-map Check that QoS is applied to the interfaces DSW1#show run | begin interface FastEthernet 0/1 Copy the running configuration to the startup configuration. I got in the bad habbit to do this the other way around for a while (did it in an exam)… oops copy start run DSW1#copy run start

Enter Privelaged Mode switch>enable Enter Global Configuration Mode switch#configure terminal Change the hostname of the switch switch(config)#hostname DSW2 Enable secret and password DSW2(config)#enable password cisco DSW2(config)#enable secret cisco Setup the console port password DSW2(config)#line con 0 DSW2(config-line)#password cisco DSW2(config-line)#login DSW2(config-line)#exit Setup the Virtual Teletype Terminal (VTY) Password DSW2(config)#line vty 0 4 DSW2(config-line)#password cisco DSW2(config-line)#login DSW2(config-line)#exit Setup the default VLAN DSW2(config)#interface vlan 1 DSW2(config-if)#ip address 192.168.1.50 255.255.255.0 DSW2(config-if)#no shut DSW2(config-if)#exit Setup VLAN 10 DSW2(config)#interface vlan 10 DSW2(config-if)#ip address 192.168.10.50 255.255.255.0 DSW2(config-if)#no shut DSW2(config-if)#exit Setup VLAN 20 DSW2(config)#interface vlan 20 DSW2(config-if)#ip address 192.168.20.50 255.255.255.0 DSW2(config-if)#no shut DSW2(config-if)#exit Setup Fastethernet Interfaces DSW2(config)#interface fastethernet 0/1 DSW2(config-if)#description DSW2 - ASW2 DSW2(config-if)#no shut DSW2(config-if)#exit DSW2(config)#interface fastethernet 0/2 DSW2(config-if)#description DSW2 - ASW2 DSW2(config-if)#no shut DSW2(config-if)#exit DSW2(config)#interface fastethernet 0/3 DSW2(config-if)#description DSW2 - ASW1 DSW2(config-if)#no shut DSW2(config-if)#exit DSW2(config)#interface fastethernet 0/4 DSW2(config-if)#description DSW2 - ASW1 DSW2(config-if)#no shut DSW2(config-if)#exit DSW2(config)#interface fastethernet 0/11 DSW2(config-if)#description DSW2 - DSW1 DSW2(config-if)#no shut DSW2(config-if)#exit DSW2(config)#interface fastethernet 0/12 DSW2(config-if)#description DSW2 - DSW1 DSW2(config-if)#no shut DSW2(config-if)#exit Enable QoS Globally DSW2(config)#mls qos Create Access Lists DSW2(config)#access-list 150 permit udp any any eq tftp DSW2(config)#access-list 150 permit tcp any any eq ftp DSW2(config)#access-list 150 permit tcp any any eq ftp-data DSW2(config)#access-list 151 permit udp any any eq echo DSW2(config)#access-list 151 permit udp any any eq echo-reply DSW2(config)#access-list 151 permit udp any any eq echo Create a class map DSW2(config)#class-map File-Transfer DSW2(config-cmap)#match access-group 150 DSW2(config-cmap)#exit DSW2(config)#class-map Echo DSW2(config-cmap)#match access-group 151 DSW2(config-cmap)#exit Create a policy map DSW2(config)#policy-map Precedence DSW2(config-pmap)#class file-transfer DSW2(config-pmap-c)#set ip precedence 5 DSW2(config-pmap-c)#exit DSW2(config-pmap)#class echo DSW2(config-pmap-c)#set ip precedence 1 DSW2(config-pmap-c)#exit DSW2(config-pmap)#exit Associate VLANs with Fe 1 to 4 DSW2(config)#interface range fastethernet 0/1 - 4 DSW2(config-if-range)#speed 100 DSW2(config-if-range)#duplex auto DSW2(config-if-range)#switchport DSW2(config-if-range)#switchport trunk encapsulation dot1q DSW2(config-if-range)#switchport trunk native vlan 1 DSW2(config-if-range)#switchport trunk allowed vlan 1,20,10 DSW2(config-if-range)#switchport mode trunk Apply QoS Policy DSW2(config-if-range)#service-policy input precedence DSW2(config-if-range)#exit Associate VLANs with Fe 11 and 12 DSW2(config)#interface range fastethernet 0/11 - 12 DSW2(config-if-range)#speed 100 DSW2(config-if-range)#duplex auto DSW2(config-if-range)#switchport DSW2(config-if-range)#switchport trunk encapsulation dot1q DSW2(config-if-range)#switchport trunk native vlan 1 DSW2(config-if-range)#switchport trunk allowed vlan 1,20,10 DSW2(config-if-range)#switchport mode trunk DSW2(config-if-range)#exit Aministratively shutdown all ports not connected DSW2(config)#interface range fastethernet 0/5 - 10 DSW2(config-if-range)#shut DSW2(config-if-range)#exit Enable Spanning Tree Protocol on VLANs DSW2(config)#spanning-tree vlan 1 root secondary DSW2(config)#spanning-tree vlan 10 root secondary DSW2(config)#spanning-tree vlan 20 root primary Enable Routing and a Protocol DSW2(config)#ip routing DSW2(config)#router eigrp 100 DSW2(config-router)#network 192.168.0.0 DSW2(config-router)#exit Exit Global Configuration Mode DSW2(config)#exit Check that you named the interfaces correctly, havent missed out on a connected interface and that the duplex and speed setting are correct DSW2#show interfaces status Check that you configured STP DSW2#show spanning-tree Check routing is correct DSW2#show ip route Check QoS is enabled DSW2#show mls qos Check Access Lists DSW2#show access-lists Check class maps DSW2#show class-map Check policy map DSW2#show policy-map Check that QoS is applied to the interfaces DSW2#show run | begin interface FastEthernet 0/1 Copy the running configuration to the startup configuration. I got in the bad habbit to do this the other way around for a while (did it in an exam)… oops copy start run DSW2#copy run start

Enter Privelaged Mode switch>enable Enter Global Configuration Mode switch#configure terminal Change the hostname of the switch switch(config)#hostname ASW2 Enable secret and password ASW2(config)#enable password cisco ASW2(config)#enable secret cisco Setup the console port password ASW2(config)#line con 0 ASW2(config-line)#password cisco ASW2(config-line)#login ASW2(config-line)#exit Setup the Virtual Teletype Terminal (VTY) Password ASW2(config)#line vty 0 4 ASW2(config-line)#password cisco ASW2(config-line)#login ASW2(config-line)#exit Default Gateway ASW2(config-line)#ip default-gateway 192.168.1.50 Setup the default VLAN ASW2(config)#interface vlan 1 ASW2(config-if)#ip address 192.168.1.150 255.255.255.0 ASW2(config-if)#no shut ASW2(config-if)#exit Setup VLAN 10 ASW2(config)#interface vlan 10 ASW2(config-if)#ip address 192.168.10.150 255.255.255.0 ASW2(config-if)#no shut ASW2(config-if)#exit Setup VLAN 20 ASW2(config)#interface vlan 20 ASW2(config-if)#ip address 192.168.20.150 255.255.255.0 ASW2(config-if)#no shut ASW2(config-if)#exit Setup Fastethernet Interfaces ASW2(config)#interface fastethernet 0/1 ASW2(config-if)#description ASW2 - DSW2 ASW2(config-if)#no shut ASW2(config-if)#exit ASW2(config)#interface fastethernet 0/2 ASW2(config-if)#description ASW2 - DSW2 ASW2(config-if)#no shut ASW2(config-if)#exit ASW2(config)#interface fastethernet 0/3 ASW2(config-if)#description ASW2 - DSW1 ASW2(config-if)#no shut ASW2(config-if)#exit ASW2(config)#interface fastethernet 0/4 ASW2(config-if)#description ASW2 - DSW1 ASW2(config-if)#no shut ASW2(config-if)#exit Setup Fastethernet 0/12 for 10mbs half duplex as an access level end-point interface ASW2(config)#interface fastethernet 0/12 ASW2(config-if)#description ASW2 - PC2 ASW2(config-if)#speed 10 ASW2(config-if)#duplex half ASW1(config-if)#switchport Make the port as an access port ASW2(config-if)#switchport mode access Make the port an access port for VLAN 20 ASW2(config-if)#switchport access vlan 20 Enable PortFast on end-points ASW2(config-if)#spanning-tree portfast ASW2(config-if)#no shut ASW2(config-if)#exit Associate VLANs with Fe 1 to 4 ASW2(config)#interface range fastethernet 0/1 - 4 ASW2(config-if-range)#speed 100 ASW2(config-if-range)#duplex auto ASW2(config-if-range)#switchport ASW2(config-if-range)#switchport trunk encapsulation dot1q ASW2(config-if-range)#switchport trunk native vlan 1 ASW2(config-if-range)#switchport trunk allowed vlan 1,20,10 ASW2(config-if-range)#switchport mode trunk Configure UplinkFast ASW2(config-if-range)#spanning-tree uplinkfast ASW2(config-if-range)#exit Aministratively shutdown all ports not connected ASW2(config)#interface range fastethernet 0/5 - 10 ASW2(config-if-range)#shut ASW2(config-if-range)#exit Enable Spanning Tree Protocol on VLANs ASW2(config)#spanning-tree vlan 1 ASW2(config)#spanning-tree vlan 10 ASW2(config)#spanning-tree vlan 20 Exit Global Configuration Mode ASW2(config)#exit Check that you named the interfaces correctly, havent missed out on a connected interface and that the duplex and speed setting are correct ASW2#show interfaces status Check that you configured STP DSW1#show spanning-tree Copy the running configuration to the startup configuration. I got in the bad habbit to do this the other way around for a while (did it in an exam)… oops copy start run ASW2#copy run start

Notes and Notices:

BCMSN Layer 3 Routing Lab 6

Published

Deon Botha

on June 19, 2008

in BCMSN, Certification and Cisco Systems

. 0 Comments

LAB_2

Layer 3 Switching

PC1 is in VLAN 10 with IP address 192.168.10.200 255.255.255.0 Default Gateway (DG) 192.168.10.1

PC2 is in VLAN 20 with IP Address 192.168.20.250 255.255.255.0 DG 192.168.10.50

Enter Privelaged Mode switch>enable Enter Global Configuration Mode switch#configure terminal Change the hostname of the switch switch(config)#hostname ASW2 Enable secret and password ASW2(config)#enable password cisco ASW2(config)#enable secret cisco Setup the console port password ASW2(config)#line con 0 ASW2(config-line)#password cisco ASW2(config-line)#login ASW2(config-line)#exit Setup the Virtual Teletype Terminal (VTY) Password ASW2(config)#line vty 0 4 ASW2(config-line)#password cisco ASW2(config-line)#login ASW2(config-line)#exit Default Gateway ASW2(config-line)#ip default-gateway 192.168.1.50 Setup the default VLAN ASW2(config)#interface vlan 1 ASW2(config-if)#ip address 192.168.1.150 255.255.255.0 ASW2(config-if)#no shut ASW2(config-if)#exit Setup VLAN 10 ASW2(config)#interface vlan 10 ASW2(config-if)#ip address 192.168.10.150 255.255.255.0 ASW2(config-if)#no shut ASW2(config-if)#exit Setup VLAN 20 ASW2(config)#interface vlan 20 ASW2(config-if)#ip address 192.168.20.150 255.255.255.0 ASW2(config-if)#no shut ASW2(config-if)#exit Setup Fastethernet Interfaces ASW2(config)#interface fastethernet 0/1 ASW2(config-if)#description ASW2 - DSW2 ASW2(config-if)#no shut ASW2(config-if)#exit ASW2(config)#interface fastethernet 0/2 ASW2(config-if)#description ASW2 - DSW2 ASW2(config-if)#no shut ASW2(config-if)#exit ASW2(config)#interface fastethernet 0/3 ASW2(config-if)#description ASW2 - DSW1 ASW2(config-if)#no shut ASW2(config-if)#exit ASW2(config)#interface fastethernet 0/4 ASW2(config-if)#description ASW2 - DSW1 ASW2(config-if)#no shut ASW2(config-if)#exit Setup Fastethernet 0/12 for 10mbs half duplex as an access level end-point interface ASW2(config)#interface fastethernet 0/12 ASW2(config-if)#description ASW2 - PC2 ASW2(config-if)#speed 10 ASW2(config-if)#duplex half ASW1(config-if)#switchport Make the port as an access port ASW2(config-if)#switchport mode access Make the port an access port for VLAN 20 ASW2(config-if)#switchport access vlan 20 Enable PortFast on end-points ASW2(config-if)#spanning-tree portfast ASW2(config-if)#no shut ASW2(config-if)#exit Associate VLANs with Fe 1 to 4 ASW2(config)#interface range fastethernet 0/1 - 4 ASW2(config-if-range)#speed 100 ASW2(config-if-range)#duplex auto ASW2(config-if-range)#switchport ASW2(config-if-range)#switchport trunk encapsulation dot1q ASW2(config-if-range)#switchport trunk native vlan 1 ASW2(config-if-range)#switchport trunk allowed vlan 1,20,10 ASW2(config-if-range)#switchport mode trunk Configure UplinkFast ASW2(config-if-range)#spanning-tree uplinkfast ASW2(config-if-range)#exit Aministratively shutdown all ports not connected ASW2(config)#interface range fastethernet 0/5 - 10 ASW2(config-if-range)#shut ASW2(config-if-range)#exit Enable Spanning Tree Protocol on VLANs ASW2(config)#spanning-tree vlan 1 ASW2(config)#spanning-tree vlan 10 ASW2(config)#spanning-tree vlan 20 Exit Global Configuration Mode ASW2(config)#exit Check that you named the interfaces correctly, havent missed out on a connected interface and that the duplex and speed setting are correct ASW2#show interfaces status Check that you configured STP DSW1#show spanning-tree Copy the running configuration to the startup configuration. I got in the bad habbit to do this the other way around for a while (did it in an exam)… oops copy start run ASW2#copy run start

The point of this exercise is is to get a dynamic routing protocol in this case EIGRP working.

Notes and Notices:

Networkers at Cisco Live!

Published

Deon Botha

on June 17, 2008

in Cisco Systems and Off-Topic

. 1 Comment

The South African Networkers at Cisco Live! website is online for those who want to have a look. The conference/event/networking symposium is from December 1 – 4, 2008 and registration opens in August. The ticket prices seem steep (unless you are in government, a CCIE or an educator) but from past Cisco events there should be something of value in going.

Certguard and a Blog

Published

Deon Botha

on June 16, 2008

in Off-Topic

. 2 Comments

Since late last week there has been some waves in the online networking community about a post by Robert Williams from CertGuard. Since that post many things have happened, I am however not going to talk about the specific situation, how it is probably affecting the mentioned CCIE etc. Some notable comment can be read from members of the networking community like Colin McNamara, Arden Packeer and Greg Ferro

I have been following the situation and reading responses and trying to figure this out for myself. I am however finding myself with more questions than answers as I try and get information to make an educated decision as to the this whole story. My main questions are around Certguard.

To kick off why this whole thing is upsetting me and probably many other people. I practice what I do on my good name, If it calls for it I spend extra non-billing hours (working days without sleep) keeping my good name in tact with clients who are not happy with a product or service either I or a competitor placed because my good name and the good name of my vendor of choice is important to me. This extends into daily life where dressing appropriately for functions, being on time for meetings (early ussually) and being affable and amiable in company goes to preserving my good name. I have spent time, been careful and made sure my name is not sullied and not dragged through any mud or tarnished by schoolboy playground antics because people buy products and services from people. Basic marketing theory says that word of mouth is the best and worst marketing where one good experience brings maybe one extra customer; one bad experience sends 10 customers away forever. In the end of the day my good name is very important to me because it is my brand and my image. This situation is upsetting because it has to do directly with this concept and the sullying of someone’s good name in a disgraceful very underhanded way.

CertGuard seems to be a self appointed Information Technology (IT) Watchdog where it concerns test taking and certifications. How this is done around the back-end isn’t so clear to me at this point. I have read that they have no affiliation with Cisco or Pearson Vue (I only care about their links with Cisco I don’t much care whether Microsoft or another vendor uses their products/services). Their website isn’t exactly transparent as to all their specifics but I will outline my thoughts and findings below.

I want to know WHAT they do, they say they keep the industry clean by focusing on braindumps websites. For those who don’t know what braindumps are these are basically compiled documents of test questions that may or may not appear in the exams. A braindump is not certified study material according to the agreement you sign every time you take a Cisco exam. The fact remains to me that they aren’t affiliated with Cisco and they make a leap somewhere from “braindumps websites” to “decertifying individuals” that is a bit far fetched and I don’t know how that happens. This leap is more than just bothering me, its annoying me, I have looked through the CertGuard website, done Google Searches and tried asking others but no one knows WHAT they do other than selling a product type service.

Personally I learnt in grade school that cheating was wrong, I received a degree without trying to write crib notes on various body parts to get them into exams (a girl wrote half the theory on her breasts in one exam thinking it was the only place the invigilator wouldn’t look) and I certainly know that unless I know something outright I am not going to pass any exam (sometime down the line I am going to look stupid if I don’t know how to do something I have written an exam on). The company doesn’t seem to be closing down braindump websites but monitoring them, they dont seem affiliated with Cisco to take away a certifications from individuals and they seem to be selling information based products to end-users and not vendors. This whole thing leaves me with more questions than answers.

What CertGuard is doing is great in theory (noble and almost altruistic) protecting the intrinsic value of something like a certification (which is not like a conferred degree) is in everyones interest that is working towards getting that certification. What is rubbing me raw though is what do they actually do? Are they working for a Vendor at a higher level or are they trying to create a new economy for validating online 3rd party course content information? Are they trying to become the de facto “trusted authority” for who you can use for content and who you cant? Or are they none of the above and I’m just to stupid to see what they really do and don’t do.

One of the links in the pecking order that’s also bothering me is how CertGuard can share/give/pass information as a “trusted authority” to Cisco/Vue (other) and as a trusted authority Cisco/Vue acts on the information by tripping someone of a certification (if at all). My concern here is that I have paid a small fortune to get learning material, certifications, hardware and training from Cisco and/or Cisco Partners, I have spent countless hours in front of books, PEC, and at training losing sleep, weekends and time I could have spent focusing on other activities. If a company who is not affiliated with Cisco, recognized by Cisco and was not given a mandate by Cisco starts to act “as-if” they are working on behalf of Cisco I am going to be a very unhappy camper and would hope Cisco Systems and the community at large cuts them down to size instead of siding with them because you may be next.

I am unsure of CertGuards place in the macro network environment and how they interact with the ecosystem at this point. Is this a fear based marketing and advertising ploy in very bad taste to drum up traffic and in the end sales for their products. Network World seems to rubber stamp them and if not endorse them fully by allowing them a place from which to gather an audience. Their website doesn’t clearly state anything substantial about them, I want specifics, facts and concrete information if they are so important to the industry. I want to know that my future as a small fish in a big pond in the network industry isn’t going to be jepordized by some unknown CEO from a company who you know but also dont know what they do (I don’t trust them nor know anything about nor care about them*) turns my world upside down one sunny day.

The modus operandi of using a highly visible public platform in the network industry to blackball a blogger without prior consultation or attempted mediation is uncouth to say the least. This is something that I don’t think I can agree was/is the correct method(s) or acceptable in the least. As a person who is active online, who writes (in my case notes from various sources) and posts them to a blog, my concern is am I going to be the next lamb to slaughter (probably not but the fear is there). As rational or irrational as that is who will be the next target for Mr Williams? If you note their services they offer Blog & Forum Monitoring (feels like big brother is watching).

I certainly don’t get paid for blogging I also don’t know anyone who does, I am certainly not going to jeopardize my future so that someone can take me out at the knees for something because they feel a need to scratch something that itches.

*An online business without a complete website explaining at least Who they are, What they do, How they do it, Where they come from, How they relate to me, Why I should care, Why they should be there and have a Telephone number and Physical address FOR THE REASON I VISITED THE SITE in plain view without the need to search for it or do a whois on the domain in my experience is trying to scam me in some way.

In this case Who is Certguard to me as a Cisco Networker? What does CertGaurd have to do with Cisco? How does Certguard do what they do with relation to Cisco and Cisco Certification and the mechanics of it? Where is their value proposition with relation to Cisco and Cisco Certification? How this relates to my studies and certification process with Cisco? Why this will and will not affect me and my life? Why CertGaurd should be there and exist at all and affect my life? and where can I call someone if they make my life hell and/or buy a plane ticket to come make someones life hell if need be?

Finally I have probably edited this thing a 100 times to get it to say what I want I am adding links to the Disclaimer and if you want to know about me and finally should anyone try and muck me around thus far all posts fall under the following notice:

Followup: Ethan Banks is back in action, his blog post can be found here.

Followup: Robert Williams public apology to Ethan Banks and the Network Community.

Cisco Training Videos

Published

Deon Botha

on June 13, 2008

in Cisco Systems and Vine

. 2 Comments

Head on over to Josh Horton’s blog (blindhog.net) he has a nice post on Cisco training videos from Trainsignal pricing in at around R 4,900 ($ 597) including links to sample videos. The nice thing about training videos are that you can watch them again and again and again (this works for some people while it doesn’t for others), compared to boot camps where you need to go in thoroughly prepared (they set a frantic pace) spend your R 15,000 ($ 1,800) on the training and hope you keep up for the week.

Depending on what works for you and how you learn use what is best for you to learn and get your certifications. I have a friend that swears by CBT Nuggets he says that if it weren’t for their videos have been able to get his certifications at all.

BCMSN STP Lab 5

Published

Deon Botha

on June 10, 2008

in BCMSN, Certification, Cisco Systems, Concepts and Constructs and STP

. 0 Comments

LAB_2

Spanning Tree Protocol
As a base config use the config of LAB 3 because this enables trunking between all the switches. The reason for this is because you want VLAN 1, 10, and 20 are going to be passed between ASW and DSW switches.

For reference look at this document it contains STP, PortFast and UplinkFast information and configuration information.

Enter Privelaged Mode switch>enable Enter Global Configuration Mode switch#configure terminal Change the hostname of the switch switch(config)#hostname ASW1 Enable secret and password ASW1(config)#enable password cisco ASW1(config)#enable secret cisco Setup the console port password ASW1(config)#line con 0 ASW1(config-line)#password cisco ASW1(config-line)#login ASW1(config-line)#exit Setup the Virtual Teletype Terminal (VTY) Password ASW1(config)#line vty 0 4 ASW1(config-line)#password cisco ASW1(config-line)#login ASW1(config-line)#exit Setup the default VLAN ASW1(config)#interface vlan 1 ASW1(config-if)#ip address 192.168.1.100 255.255.255.0 ASW1(config-if)#no shut ASW1(config-if)#exit Setup VLAN 10 ASW1(config)#interface vlan 10 ASW1(config-if)#ip address 192.168.10.100 255.255.255.0 ASW1(config-if)#no shut ASW1(config-if)#exit Setup VLAN 20 ASW1(config)#interface vlan 20 ASW1(config-if)#ip address 192.168.20.100 255.255.255.0 ASW1(config-if)#no shut ASW1(config-if)#exit Setup Fastethernet Interfaces ASW1(config)#interface fastethernet 0/1 ASW1(config-if)#description ASW1 - DSW1 ASW1(config-if)#no shut ASW1(config-if)#exit ASW1(config)#interface fastethernet 0/2 ASW1(config-if)#description ASW1 - DSW1 ASW1(config-if)#no shut ASW1(config-if)#exit ASW1(config)#interface fastethernet 0/3 ASW1(config-if)#description ASW1 - DSW2 ASW1(config-if)#no shut ASW1(config-if)#exit ASW1(config)#interface fastethernet 0/4 ASW1(config-if)#description ASW1 - DSW2 ASW1(config-if)#no shut ASW1(config-if)#exit Setup Fastethernet 0/12 for 10mbs half duplex as an access level end-point interface ASW1(config)#interface fastethernet 0/12 ASW1(config-if)#description ASW1 - PC1 ASW1(config-if)#speed 10 ASW1(config-if)#duplex half ASW1(config-if)#switchport Make the port as an access port ASW1(config-if)#switchport mode access Make the port an access port for VLAN 10 ASW1(config-if)#switchport access vlan 10 Enable PortFast on end-points ASW1(config-if)#spanning-tree portfast ASW1(config-if)#no shut ASW1(config-if)#exit Associate VLANs with Fe 1 to 4 ASW1(config)#interface range fastethernet 0/1 - 4 ASW1(config-if-range)#speed 100 ASW1(config-if-range)#duplex auto ASW1(config-if-range)#switchport ASW1(config-if-range)#switchport trunk encapsulation dot1q ASW1(config-if-range)#switchport trunk native vlan 1 ASW1(config-if-range)#switchport trunk allowed vlan 1,20,10 ASW1(config-if-range)#switchport mode trunk Configure UplinkFast ASW1(config-if-range)#spanning-tree uplinkfast ASW1(config-if-range)#exit Aministratively shutdown all ports not connected ASW1(config)#interface range fastethernet 0/5 - 11 ASW1(config-if-range)#shut ASW1(config-if-range)#exit Enable Spanning Tree Protocol on VLANs ASW1(config)#spanning-tree vlan 1 ASW1(config)#spanning-tree vlan 10 ASW1(config)#spanning-tree vlan 20 Exit Global Configuration Mode ASW1(config)#exit Check that you named the interfaces correctly, havent missed out on a connected interface and that the duplex and speed setting are correct ASW1#show interfaces status Check that you configured STP DSW1#show spanning-tree Copy the running configuration to the startup configuration. I got in the bad habbit to do this the other way around for a while (did it in an exam)… oops copy start run ASW1#copy run start

Enter Privelaged Mode switch>enable Enter Global Configuration Mode switch#configure terminal Change the hostname of the switch switch(config)#hostname ASW2 Enable secret and password ASW2(config)#enable password cisco ASW2(config)#enable secret cisco Setup the console port password ASW2(config)#line con 0 ASW2(config-line)#password cisco ASW2(config-line)#login ASW2(config-line)#exit Setup the Virtual Teletype Terminal (VTY) Password ASW2(config)#line vty 0 4 ASW2(config-line)#password cisco ASW2(config-line)#login ASW2(config-line)#exit Setup the default VLAN ASW2(config)#interface vlan 1 ASW2(config-if)#ip address 192.168.1.150 255.255.255.0 ASW2(config-if)#no shut ASW2(config-if)#exit Setup VLAN 10 ASW2(config)#interface vlan 10 ASW2(config-if)#ip address 192.168.10.150 255.255.255.0 ASW2(config-if)#no shut ASW2(config-if)#exit Setup VLAN 20 ASW2(config)#interface vlan 20 ASW2(config-if)#ip address 192.168.20.150 255.255.255.0 ASW2(config-if)#no shut ASW2(config-if)#exit Setup Fastethernet Interfaces ASW2(config)#interface fastethernet 0/1 ASW2(config-if)#description ASW2 - DSW2 ASW2(config-if)#no shut ASW2(config-if)#exit ASW2(config)#interface fastethernet 0/2 ASW2(config-if)#description ASW2 - DSW2 ASW2(config-if)#no shut ASW2(config-if)#exit ASW2(config)#interface fastethernet 0/3 ASW2(config-if)#description ASW2 - DSW1 ASW2(config-if)#no shut ASW2(config-if)#exit ASW2(config)#interface fastethernet 0/4 ASW2(config-if)#description ASW2 - DSW1 ASW2(config-if)#no shut ASW2(config-if)#exit Setup Fastethernet 0/12 for 10mbs half duplex as an access level end-point interface ASW2(config)#interface fastethernet 0/12 ASW2(config-if)#description ASW2 - PC2 ASW2(config-if)#speed 10 ASW2(config-if)#duplex half ASW1(config-if)#switchport Make the port as an access port ASW2(config-if)#switchport mode access Make the port an access port for VLAN 20 ASW2(config-if)#switchport access vlan 20 Enable PortFast on end-points ASW2(config-if)#spanning-tree portfast ASW2(config-if)#no shut ASW2(config-if)#exit Associate VLANs with Fe 1 to 4 ASW2(config)#interface range fastethernet 0/1 - 4 ASW2(config-if-range)#speed 100 ASW2(config-if-range)#duplex auto ASW2(config-if-range)#switchport ASW2(config-if-range)#switchport trunk encapsulation dot1q ASW2(config-if-range)#switchport trunk native vlan 1 ASW2(config-if-range)#switchport trunk allowed vlan 1,20,10 ASW2(config-if-range)#switchport mode trunk Configure UplinkFast ASW2(config-if-range)#spanning-tree uplinkfast ASW2(config-if-range)#exit Aministratively shutdown all ports not connected ASW2(config)#interface range fastethernet 0/5 - 10 ASW2(config-if-range)#shut ASW2(config-if-range)#exit Enable Spanning Tree Protocol on VLANs ASW2(config)#spanning-tree vlan 1 ASW2(config)#spanning-tree vlan 10 ASW2(config)#spanning-tree vlan 20 Exit Global Configuration Mode ASW2(config)#exit Check that you named the interfaces correctly, havent missed out on a connected interface and that the duplex and speed setting are correct ASW2#show interfaces status Check that you configured STP DSW1#show spanning-tree Copy the running configuration to the startup configuration. I got in the bad habbit to do this the other way around for a while (did it in an exam)… oops copy start run ASW2#copy run start

PC1 is in VLAN 10 with IP address 192.168.10.200 255.255.255.0
PC2 is in VLAN 20 with IP Address 192.168.20.250 255.255.255.0

Notes and Notices:

BCMSN VTP Lab 4

Published

Deon Botha

on June 10, 2008

in BCMSN, Certification, Cisco Systems and VTP

. 0 Comments

VTP

This post I am going to deviate from how I have done things. In the previous posts I wrote out the entire configurations, in this post all I need is a working configuration. Use the initial config and work from here that has trunk links and setup VTP.

Run the following config on the DSW switches (both of them)

DSW1(config)#interface range fastethernet 0/1 - 4 DSW1(config-if-range)#no switchport trunk allowed vlan 1,100 DSW1(config)#interface range fastethernet 0/11 - 12 DSW1(config-if-range)#no switchport trunk allowed vlan 1,100

And this config on the ASW switches (both of them)

ASW1(config)#interface range fastethernet 0/1 - 4 ASW1(config-if-range)#no switchport trunk allowed vlan 1,100

This is because the top commands restrict the vlans to only allow vlan 1 and vlan 100 on the trunk. By default a trunk link will allow all vlans but one can restrict what vlans are allowed over a trunk through the use of the above commands (slipped it in there didn’t I).

Some comment on VTP is that it is a very funny animal to work with (even if it is dead useful. If you do it wrong you lose all VLANs in the VLAN database because of how an update happens from server to client. This makes VTP a very dangerous beast because in large networks there may be 100s of VLANs (you can double that number if you run voice and use separate vlans for each voice end-point) and if you add a new switch to VTP that’s configured wrong…. POOF…..like magic all VLANs gone

To begin a VTP configuration see below and notice how I start with the mode command, this is just something I do because I like knowing it starts in the right mode, its paranoia more than anything and getting it wrong enough that makes me do this. You may do it in another way (at your own risk).

Its an idea to go over the table I have on this page regarding the VTP Modes so that you understand why you use a certain mode at a certain times. If you need to for example add a switch to a network where the switch must NEVER participate in VTP for example you use transparent

Step 1.1: Configure VTP

Enter Global Configuration Mode ASW1#configure terminal Set the VTP Mode ASW1(config)#vtp mode transparent Set the VTP Version 1/2 and 3 (higher level switch platforms) ASW1(config)#vtp version 2 Set the password and domain to prevent unauthorized joining to the VTP domain ASW1(config)#vtp password cisco ASW1(config)#vtp domain ciscolabnet Exit Global Configuration Mode ASW1(config)#exit

Step 1.2: Add VLANs

Enter VLAN Database Mode ASW1#vlan database Create a VLAN and assign it a name ASW1(vlan)#vlan 100 name Marketing VLAN 100 added: Name: Marketing Create another VLAN and assign it a name ASW1(vlan)#vlan 150 name Sales VLAN 150 added: Name: Sales APPLY your config (it will do this anyway on the next step but just make sure it applies changes) ASW1(vlan)#apply Exit VLAN Database Mode ASW1(vlan)#exit APPLY completed. Exiting.......

Repeat the above steps exactly on ASW2. The VTP process is now running on both ASW switches. To check that this is the case:

ASW2#show vtp status

The DSWs I am going to make clients to the ASWs (bottom-up)

Step 2: Configure VTP on the DSW switches

Enter Global Configuration Mode DSW1#configure terminal Set the VTP Mode DSW1(config)#vtp mode client Set the VTP Version 1/2 and 3 (higher level switch platforms) DSW1(config)#vtp version 2 Set the password and domain to prevent unauthorized joining to the VTP domain DSW1(config)#vtp password cisco DSW1(config)#vtp domain cisco Exit Global Configuration Mode DSW1(config)#exit

Step 3: Change the VTP Mode on the ASW switches

Do the same config on DSW2 making sure you configure the mode as client. After this is done go back to the ASWs and change them to servers:

ASW1#configure terminal ASW1(config)#vtp mode server

ASW2#configure terminal ASW2(config)#vtp mode server

After you have done this go to all the switches and try the following command

ASW2#show vlan

You should see the Sales and Marketing VLANS propogated on all the switches.

Notes and Notices:

BCMSN Trunking Lab 3

Published

Deon Botha

on June 10, 2008

in BCMSN, Certification, Cisco Systems and Trunk

. 2 Comments

Im grafting so quantity over quality… I will go over this sometime this coming weekend for mistakes

Trunking

This lab builds directly onto the previous lab where the default VLAN was shut and a new VLAN was created (basically to give practice for creating a vlan). This lab will now create trunk links between switches to allow more than a single VLANs information to traverse a link. If you are wondering why I am explicitly declaring trunks instead of allowing DTP to do its thing read this, and this.

Distribution Switch 1

Step 1: Setup the basics all of the following is CCNA level stuff and should easy if not second nature. This is to get the security and host name down before going onto the interface configuration.

Enter Privileged Mode switch>enable Enter Global Configuration Mode switch#configure terminal Change the hostname of the switch switch(config)#hostname DSW1 Enable secret and password DSW1(config)#enable secret ciscosystems DSW1(config)#enable password cisco Setup a local user database DSW1(config)#username admin@mydomain.com privilege 15 password cisco Setup the console port password DSW1(config)#line con 0 DSW1(config-line)#login local DSW1(config-line)#exit Setup the Virtual Teletype Terminal (VTY) Password DSW1(config)#line vty 0 4 DSW1(config-line)#password cisco DSW1(config-line)#login DSW1(config-line)#exit Setup the Auxiliary Password DSW1(config)#line aux 0 DSW1(config-line)#no exec DSW1(config-line)#exit

Step 2: Setup the management interface

Setup the default VLAN ip address from remote ip admin if there was a GUI and to Telnet to the switch DSW1(config)#interface vlan 1 DSW1(config-if)#ip address 192.168.1.1 255.255.255.0 NB I am shutting the interface DSW1(config-if)#shut DSW1(config-if)#exit

Step 3: Assign an ip address to the new VLAN to ping

Setup VLAN 100 ip address from remote ip admin if there was a GUI and to Telnet to the switch DSW1(config)#interface vlan 100 DSW1(config-if)#ip address 192.168.100.1 255.255.255.0 DSW1(config-if)#no shut DSW1(config-if)#exit

Step 4: Setup other interfaces

Setup Fastethernet Interfaces DSW1(config)#interface fastethernet 0/1 DSW1(config-if)#description DSW1 - ASW1 DSW1(config-if)#exit DSW1(config)#interface fastethernet 0/2 DSW1(config-if)#description DSW1 - ASW1 DSW1(config-if)#exit DSW1(config)#interface fastethernet 0/3 DSW1(config-if)#description DSW1 - ASW2 DSW1(config-if)#exit DSW1(config)#interface fastethernet 0/4 DSW1(config-if)#description DSW1 - ASW2 DSW1(config-if)#exit Create and Associate VLAN 100 with Fe 1 to 4 DSW1(config)#interface range fastethernet 0/1 - 4 DSW1(config-if-range)#speed 100 DSW1(config-if-range)#duplex auto DSW1(config-if-range)#switchport DSW1(config-if-range)#switchport trunk encapsulation dot1q DSW1(config-if-range)#switchport trunk native vlan 1 DSW1(config-if-range)#switchport trunk allowed vlan 1,100 DSW1(config-if-range)#switchport mode trunk DSW1(config-if-range)#exit DSW1(config)#interface fastethernet 0/11 DSW1(config-if)#description DSW1 - DSW2 DSW1(config-if)#exit DSW1(config)#interface fastethernet 0/12 DSW1(config-if)#description DSW1 - DSW2 DSW1(config-if)#exit Associate VLAN 100 with Fe 11 and 12 DSW1(config)#interface range fastethernet 0/11 - 12 DSW1(config-if-range)#speed 100 DSW1(config-if-range)#duplex auto DSW1(config-if-range)#switchport DSW1(config-if-range)#switchport trunk encapsulation dot1q DSW1(config-if-range)#switchport trunk native vlan 1 DSW1(config-if-range)#switchport trunk allowed vlan 1,100 DSW1(config-if-range)#switchport mode trunk DSW1(config-if-range)#exit

Step 5: Shut down non-used interfaces

Administratively shut down all ports not connected DSW1(config)#interface range fastethernet 0/5 - 10 DSW1(config-if-range)#shut DSW1(config-if-range)#exit Exit Global Configuration Mode DSW1(config)#exit

Step 6: Check your work

Check that you named the interfaces correctly, havent missed out on a connected interface and that the duplex and speed setting are correct DSW1#show interfaces status show the vlans that are configured DSW1#show vlan show switchport you can change the fastethernet 0/4 for any active port for information DSW1#show interface fasthethernet 0/4 switchport show which interfaces are trunking DSW1#show interfaces trunk show run the running configuration DSW1#show run

Step 7: Save your work

Copy the running configuration to the startup configuration. I got in the bad habbit to do this the other way around for a while (did it in an exam)... oops copy start run DSW1#copy run start

Distribution Switch 2

Enter Privileged Mode switch>enable Enter Global Configuration Mode switch#configure terminal Change the hostname of the switch switch(config)#hostname DSW2 Enable secret and password DSW2(config)#enable secret cisco DSW2(config)#enable password cisco Setup a local user database DSW2(config)#username admin@mydomain.com privilege 15 password cisco Setup the console port password DSW2(config)#line con 0 DSW2(config-line)#login local DSW2(config-line)#exit Setup the Virtual Teletype Terminal (VTY) Password DSW2(config)#line vty 0 4 DSW2(config-line)#password cisco DSW2(config-line)#login DSW2(config-line)#exit Setup the Auxiliary Password DSW2(config)#line aux 0 DSW2(config-line)#no exec DSW2(config-line)#exit

Step 2: Setup the management interface

Setup the default VLAN ip address from remote ip admin if there was a GUI and to Telnet to the switch DSW2(config)#interface vlan 1 DSW2(config-if)#ip address 192.168.1.50 255.255.255.0 NB I am shutting the interface DSW2(config-if)#shut DSW2(config-if)#exit

Step 3: Assign an ip address to the new VLAN to ping

Setup the VLAN ip address DSW2(config)#interface vlan 100 DSW2(config-if)#ip address 192.168.100.50 255.255.255.0 DSW2(config-if)#no shut DSW2(config-if)#exit

Step 4: Setup other interfaces

Setup Fastethernet Interfaces DSW2(config)#interface fastethernet 0/1 DSW2(config-if)#description DSW1 - ASW1 DSW2(config-if)#exit DSW2(config)#interface fastethernet 0/2 DSW2(config-if)#description DSW1 - ASW1 DSW2(config-if)#exit DSW2(config)#interface fastethernet 0/3 DSW2(config-if)#description DSW1 - ASW2 DSW2(config-if)#exit DSW2(config)#interface fastethernet 0/4 DSW2(config-if)#description DSW1 - ASW2 DSW2(config-if)#exit Create and Associate VLAN 100 with Fe 1 to 4 DSW2(config)#interface range fastethernet 0/1 - 4 DSW2(config-if-range)#speed 100 DSW2(config-if-range)#duplex full DSW2(config-if-range)#switchport DSW2(config-if-range)#switchport trunk encapsulation dot1q DSW2(config-if-range)#switchport trunk native vlan 1 DSW2(config-if-range)#switchport trunk allowed vlan 1,100 DSW2(config-if-range)#switchport mode trunk DSW2(config-if-range)#exit DSW2(config)#interface fastethernet 0/11 DSW2(config-if)#description DSW1 - DSW2 DSW2(config-if)#exit DSW2(config)#interface fastethernet 0/12 DSW2(config-if)#description DSW1 - DSW2 DSW2(config-if)#exit Associate VLAN 100 with Fe 11 and 12 DSW2(config)#interface range fastethernet 0/11 - 12 DSW2(config-if-range)#speed 100 DSW2(config-if-range)#duplex full DSW2(config-if-range)#switchport DSW2(config-if-range)#switchport trunk encapsulation dot1q DSW2(config-if-range)#switchport trunk native vlan 1 DSW2(config-if-range)#switchport trunk allowed vlan 1,100 DSW2(config-if-range)#switchport mode trunk DSW2(config-if-range)#exit

Step 5: Shut down non-used interfaces

Aministratively shutdown all ports not connected DSW2(config)#interface range fastethernet 0/5 - 10 DSW2(config-if-range)#shut DSW2(config-if-range)#exit Exit Global Configuration Mode DSW2(config)#exit

Step 6: Check your work

Check that you named the interfaces correctly, havent missed out on a connected interface and that the duplex and speed setting are correct DSW2#show interfaces status show the vlans that are configured DSW2#show vlan show switchport you can change the fastethernet 0/4 for any active port for information DSW2#show interface fasthethernet 0/4 switchport show which interfaces are trunking DSW2#show interfaces trunk show run the running configuration DSW2#show run

Step 7: Save your work

Copy the running configuration to the startup configuration. I got in the bad habbit to do this the other way around for a while (did it in an exam)... oops copy start run DSW2#copy run start

Access Switch 1

Enter Privileged Mode switch>enable Enter Global Configuration Mode switch#configure terminal Change the hostname of the switch switch(config)#hostname ASW1 Enable secret and password ASW1(config)#enable secret cisco ASW1(config)#enable password cisco Setup a local user database ASW1(config)#username admin@mydomain.com privilege 15 password cisco Setup the console port password ASW1(config)#line con 0 ASW1(config-line)#login local ASW1(config-line)#exit Setup the Virtual Teletype Terminal (VTY) Password ASW1(config)#line vty 0 4 ASW1(config-line)#password cisco ASW1(config-line)#login ASW1(config-line)#exit Setup the Auxiliary Password ASW1(config)#line aux 0 ASW1(config-line)#no exec ASW1(config-line)#exit

Step 2: Setup the management interface

Setup the default VLAN ip address from remote ip admin if there was a GUI and to Telnet to the switch ASW1(config)#interface vlan 1 ASW1(config-if)#ip address 192.168.1.100 255.255.255.0 NB I am shutting the interface ASW1(config-if)#shut ASW1(config-if)#exit

Step 3: Assign an ip address to the new VLAN to ping

Create VLAN 100 and Configure Interface ASW1(config)#vlan 100 name Marketing ASW1(config)#interface vlan 100 ASW1(config-if)#ip address 192.168.100.100 255.255.255.0 ASW1(config-if)#no shut ASW1(config-if)#exit

Step 4: Setup other interfaces

Setup Fastethernet Interfaces ASW1(config)#interface fastethernet 0/1 ASW1(config-if)#description DSW1 - ASW1 ASW1(config-if)#exit ASW1(config)#interface fastethernet 0/2 ASW1(config-if)#description DSW1 - ASW1 ASW1(config-if)#exit ASW1(config)#interface fastethernet 0/3 ASW1(config-if)#description DSW1 - ASW2 ASW1(config-if)#exit ASW1(config)#interface fastethernet 0/4 ASW1(config-if)#description DSW1 - ASW2 ASW1(config-if)#exit Associate VLAN 100 with Fe 1 to 4 ASW1(config)#interface range fastethernet 0/1 - 4 ASW1(config-if-range)#speed 100 ASW1(config-if-range)#duplex full ASW1(config-if-range)#switchport ASW1(config-if-range)#switchport trunk encapsulation dot1q ASW1(config-if-range)#switchport trunk native vlan 1 ASW1(config-if-range)#switchport trunk allowed vlan 1,100 ASW1(config-if-range)#switchport mode trunk ASW1(config-if-range)#exit

Step 5: This is where the ASW and the DSW switches differ. This connects to the Workstation end-point where the DSW switches use port 11/12 to provide failover for the distribution

Setup Fastethernet 0/12 for 10mbs half duplex as an access level end-point interface ASW1(config)#interface fastethernet 0/12 ASW1(config-if)#description ASW1 - PC1 ASW1(config-if)#speed 10 ASW1(config-if)#duplex half ASW1(config-if)#switchport Make the port as an access port ASW1(config-if)#switchport mode access Make the port an access port for VLAN 100 ASW1(config-if)#switchport access vlan 100 ASW1(config-if)#no shut ASW1(config-if)#exit

Step 6: Shut down non-used interfaces

Administratively shut down all ports not connected ASW1(config)#interface range fastethernet 0/5 - 11 ASW1(config-if-range)#shut ASW1(config-if-range)#exit Exit Global Configuration Mode ASW1(config)#exit

Step 7: Check your work

Check that you named the interfaces correctly, havent missed out on a connected interface and that the duplex and speed setting are correct ASW1#show interfaces status show the vlans that are configured ASW1#show vlan show switchport you can change the fastethernet 0/4 for any active port for information ASW1#show interface fasthethernet 0/4 switchport show which interfaces are trunking ASW1#show interfaces trunk show run the running configuration ASW1#show run

Step 8: Save your work

Copy the running configuration to the startup configuration. I got in the bad habit to do this the other way around for a while (did it in an exam)... oops copy start run ASW1#copy run start

Access Switch 2

Enter Privileged Mode switch>enable Enter Global Configuration Mode switch#configure terminal Change the hostname of the switch switch(config)#hostname ASW2 Enable secret and password ASW2(config)#enable secret cisco ASW2(config)#enable password cisco Setup a local user database ASW2(config)#username admin@mydomain.com privilege 15 password cisco Setup the console port password Setup the console port password ASW2(config)#line con 0 ASW2(config-line)#login local ASW2(config-line)#exit Setup the Auxiliary Password ASW2(config)#line aux 0 ASW2(config-line)#no exec ASW2(config-line)#exit Setup the Virtual Teletype Terminal (VTY) Password ASW2(config)#line vty 0 4 ASW2(config-line)#password cisco ASW2(config-line)#login ASW2(config-line)#exit

Step 2: Setup the management interface

Setup the default VLAN ip address from remote ip admin if there was a GUI and to Telnet to the switch ASW2(config)#interface vlan 1 ASW2(config-if)#ip address 192.168.1.200 255.255.255.0 NB I am shutting the interface ASW2(config-if)#shut ASW2(config-if)#exit

Step 3: Assign an ip address to the new VLAN to ping

Create VLAN 100 and Configure Interface ASW2(config)#vlan 100 name Marketing ASW2(config)#interface vlan 100 ASW2(config-if)#ip address 192.168.100.200 255.255.255.0 ASW2(config-if)#no shut ASW2(config-if)#exit

Step 4: Setup other interfaces

Setup Fastethernet Interfaces ASW2(config)#interface fastethernet 0/1 ASW2(config-if)#description DSW1 - ASW1 ASW2(config-if)#exit ASW2(config)#interface fastethernet 0/2 ASW2(config-if)#description DSW1 - ASW1 ASW2(config-if)#exit ASW2(config)#interface fastethernet 0/3 ASW2(config-if)#description DSW1 - ASW2 ASW2(config-if)#exit ASW2(config)#interface fastethernet 0/4 ASW2(config-if)#description DSW1 - ASW2 ASW2(config-if)#exit Associate VLAN 100 with Fe 1 to 4 ASW2(config)#interface range fastethernet 0/1 - 4 ASW2(config-if-range)#speed 100 ASW2(config-if-range)#duplex full ASW2(config-if-range)#switchport ASW2(config-if-range)#switchport trunk encapsulation dot1q ASW2(config-if-range)#switchport trunk native vlan 1 ASW2(config-if-range)#switchport trunk allowed vlan 1,100 ASW2(config-if-range)#switchport mode trunk ASW2(config-if-range)#exit

Step 5: This is where the ASW and the DSW switches differ. This connects to the Workstation end-point where the DSW switches use port 11/12 to provide failover for the distribution

Setup Fastethernet 0/12 for 10mbs half duplex as an access level end-point interface ASW2(config)#interface fastethernet 0/12 ASW2(config-if)#description ASW2 - PC2 ASW2(config-if)#speed 10 ASW2(config-if)#duplex half ASW1(config-if)#switchport Make the port as an access port ASW2(config-if)#switchport mode access Make the port an access port for VLAN 100 ASW2(config-if)#switchport access vlan 100 ASW2(config-if)#no shut ASW2(config-if)#exit

Step 6: Shut down non-used interfaces

Administratively shut down all ports not connected ASW2(config)#interface range fastethernet 0/5 - 11 ASW2(config-if-range)#shut ASW2(config-if-range)#exit Exit Global Configuration Mode ASW2(config)#exit

Step 7: Check your work

Check that you named the interfaces correctly, havent missed out on a connected interface and that the duplex and speed setting are correct ASW2#show interfaces status show the vlans that are configured ASW2#show vlan show switchport you can change the fastethernet 0/4 for any active port for information ASW2#show interface fasthethernet 0/4 switchport show which interfaces are trunking ASW2#show interfaces trunk show run the running configuration ASW2#show run

Step 8: Save your work

Copy the running configuration to the startup configuration. I got in the bad habit to do this the other way around for a while (did it in an exam)... oops copy start run ASW2#copy run start

Notes and Notices:

Network Ninja

Monthly Archive for June, 2008

Cisco Tackling the Global Shortage of Skilled Network Engineers

BCMSN VLAN-ACL Lab 8

BCMSN QoS Routing Lab 7

BCMSN Layer 3 Routing Lab 6

Networkers at Cisco Live!

Certguard and a Blog

Cisco Training Videos

BCMSN STP Lab 5

BCMSN VTP Lab 4

BCMSN Trunking Lab 3

Search

About

Latest

Archives

Categories