8/22/2019 Skill Capitulo 3
1/13
ESwitching Basic Switching/Wireless PT Practice SBA
A few things to keep in mind while completing this activity:
1. Do not use the browserBack button or close or reload any exam windows during the
exam.2. Do not close Packet Tracer when you are done. It will close automatically.
3. Click the Submit Assessment button to submit your work.
Introduction
In this practice Packet Tracer Skills Exam, you will:
configure VLANs using VTP
configure inter-VLAN routing
modify STP
configure port security
add a wireless LAN
Addressing Table
Device Interface Address Subnet Mask Default Gateway
Router1
Fa0/0.10 172.16.10.1 255.255.255.0 n/a
Fa0/0.20 172.16.20.1 255.255.255.0 n/a
Fa0/0.43 172.16.43.1 255.255.255.0 n/a
Fa0/0.67 172.16.67.1 255.255.255.0 n/a
WRSInternet 172.16.67.10 255.255.255.0 172.16.67.1
Wireless 172.16.100.1 255.255.255.0 n/a
SW_DS1 VLAN 43 172.16.43.11 255.255.255.0 172.16.43.1
SW_AC2 VLAN 43 172.16.43.12 255.255.255.0 172.16.43.1
SW_AC3 VLAN 43 172.16.43.13 255.255.255.0 172.16.43.1
PC1 NIC 172.16.10.10 255.255.255.0 172.16.10.1
PC2 NIC 172.16.20.10 255.255.255.0 172.16.20.1
PC3 NIC 172.16.10.11 255.255.255.0 172.16.10.1
PC4 NIC DHCP assigned 255.255.255.0 172.16.100.1
Note: The password for user EXEC mode is cisco. The password for privileged EXECmode is class.
Step 1: Configure the Switches for Remote Access.
Create, enable, and address VLAN43 as the management interface on all three switches.Use the values found in the addressing table.
SW_DS1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW_DS1(config)#interface vlan 43
8/22/2019 Skill Capitulo 3
2/13
SW_DS1(config-if)#ip address 172.16.43.11 255.255.255.0
SW_DS1(config-if)#no shutdown
SW_DS1(config)#ip default-gateway 172.16.43.1
SW_DS1(config)#end
SW_DS1#wr
SW_AC2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW_AC2(config)#interface vlan 43
SW_AC2(config-if)#ip address 172.16.43.12 255.255.255.0
SW_AC2(config-if)#no shutdown
SW_AC2(config-if)#exit
SW_AC2(config)#ip default-gateway 172.16.43.1
SW_AC2(config)#end
SW_AC2#wr
SW_AC3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW_AC3(config)#interface vlan 43
SW_AC3(config-if)#ip address 172.16.43.13 255.255.255.0
SW_AC3(config-if)#exit
SW_AC3(config)#ip default-gateway 172.16.43.1
SW_AC3(config)#end
SW_AC3#wr
Step 2: Configure Trunking.
Note: Packet Tracer now supports the use of the range argument forthe interface command.
For interfaces FastEthernet 0/19 through FastEthernet 0/24 on all three switches:
Configure static trunking.
Assign VLAN 43 as the native VLAN.
SW_DS1(config)#interface range FastEthernet 0/19 - 24
SW_DS1(config-if-range)#switchport mode trunk
SW_DS1(config-if-range)#switchport trunk native vlan 43
SW_DS1(config-if-range)#no shutdown
SW_DS1(config-if-range)#end
SW_DS1#
SW_DS1#wr
Building configuration...
[OK]SW_DS1#
8/22/2019 Skill Capitulo 3
3/13
SW_AC2(config)#interface range fastEthernet 0/19 - 24
SW_AC2(config-if-range)#switchport mode trunk
SW_AC2(config-if-range)#switchport trunk native vlan 43
SW_AC2(config-if-range)#no shut
SW_AC2(config-if-range)#endSW_AC2#
SW_AC2#wr
Building configuration...
[OK]
SW_AC2#
SW_AC3(config)#interface range fastEthernet 0/19 - 24
SW_AC3(config-if-range)#switchport mode trunk
SW_AC3(config-if-range)#switchport trunk native vlan 43
SW_AC3(config-if-range)#no shutdownSW_AC3(config-if-range)#end
SW_AC3#
SW_AC3#wr
Building configuration...
[OK]
SW_AC3#
Step 3: Configure VTP and VLANs.
a. Configure SW_DS1 as VTP server and the following VTP parameters: SW_DS1 is the VTP server. VTP domain name: CCNA VTP password: cisco
SW_DS1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW_DS1(config)#vtp mode server
Setting device to VTP SERVER mode.
SW_DS1(config)#vtp domain CCNA
Changing VTP domain name from NULL to CCNA
SW_DS1(config)#vtp password cisco
Setting device VLAN database password to cisco
SW_DS1(config)#end
SW_DS1#wr
Building configuration...
[OK]
SW_DS1#
8/22/2019 Skill Capitulo 3
4/13
b. Create and name the following VLANs on SW_DS1. VLAN 10: Student VLAN 20: Faculty VLAN 43: Management VLAN 67: Wireless
SW_DS1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW_DS1(config)#vlan 10
SW_DS1(config-vlan)#name Student
SW_DS1(config-vlan)#exit
SW_DS1(config)#vlan 20
SW_DS1(config-vlan)#name Faculty
SW_DS1(config-vlan)#exit
SW_DS1(config)#vlan 43
SW_DS1(config-vlan)#name Management
SW_DS1(config-vlan)#exit
SW_DS1(config)#vlan 67
SW_DS1(config-vlan)#name Wireless
SW_DS1(config-vlan)#end
SW_DS1#
SW_DS1#wr
Building configuration...
[OK]
SW_DS1#
c. Configure SW_AC2 and SW_AC3 as VTP clients to participate in the CCNA VTP domain.
SW_AC2(config)#vtp mode client
Setting device to VTP CLIENT mode.
SW_AC2(config)#vtp domain CCNA
Domain name already set to CCNA.
SW_AC2(config)#vtp password cisco
Setting device VLAN database password to cisco
SW_AC2(config)#end
SW_AC2#
SW_AC2#wr
Building configuration...
[OK]
SW_AC2#
8/22/2019 Skill Capitulo 3
5/13
SW_AC3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW_AC3(config)#vtp mode client
Setting device to VTP CLIENT mode.
SW_AC3(config)#vtp domain CCNA
Domain name already set to CCNA.
SW_AC3(config)#vtp password cisco
Setting device VLAN database password to cisco
SW_AC3(config)#end
SW_AC3#
SW_AC3#wr
Building configuration...
[OK]
SW_AC3#
d. Verify that VTP is operational.Hacer ping a desde el SW_DS1 al los equipos SW_AC2 y SW_AC3
Hacer ping desde SW_AC2 a SW_AC3
Verificar que se hayan transferido las VLAN creadas en SW_DS1
Step 4: Configure Interfaces for VLAN Access
VLAN port assignments on each switch are as follows:
Device Ports Assignment
SW_AC2, SW_AC3 Fa0/1 0/10 10
SW_AC2, SW_AC3 Fa0/11 0/17 20
SW_AC3 Fa0/18 67
a. Configure access ports on access layer switches. Configure the appropriate interfaces on SW_AC2 and SW_AC3 for access
mode.
Assign VLANs according to the port assignments table.SW_AC2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW_AC2(config)#interface range fastEthernet 0/1 10
SW_AC2(config-if-range)#switchport mode access
SW_AC2(config-if-range)#switchport access vlan 10
SW_AC2(config-if-range)#exit
8/22/2019 Skill Capitulo 3
6/13
SW_AC2(config)#interface range fastEthernet 0/11 17
SW_AC2(config-if-range)#switchport mode access
SW_AC2(config-if-range)#switchport access vlan 20
SW_AC2(config-if-range)#exit
SW_AC2(config)#end
SW_AC2#
SW_AC2#wr
Building configuration...
[OK]
SW_AC2#
SW_AC3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW_AC3(config)#interface range fastEthernet 0/1 10
SW_AC3(config-if-range)#switchport mode access
SW_AC3(config-if-range)#switchport access vlan 10
SW_AC3(config-if-range)#exit
SW_AC3(config)#interface range fastEthernet 0/11 17
SW_AC3(config-if-range)#switchport mode access
SW_AC3(config-if-range)#switchport access vlan 20
SW_AC3(config-if-range)#exit
SW_AC3(config)#interface fastEthernet 0/18
SW_AC3(config-if)#switchport mode access
SW_AC3(config-if)#switchport access vlan 67
SW_AC3(config-if)#end
SW_AC3#
SW_AC3#wr
Building configuration...
[OK]
SW_AC3#
b. Verify trunking and VLAN assignments.Comandos de verificacin
Show vlan brief
Show vlan id (# de la vlan) para cada una de ellas 10, 20, 43 y 67
Show vtp status
Step 5: Configure Spanning Tree.
a. Modify STP root bridge elections. Using a priority of4096, set SW_DS1 as the root bridge forall VLANs.
8/22/2019 Skill Capitulo 3
7/13
SW_DS1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW_DS1(config)#spanning-tree vlan 1 priority 4096
SW_DS1(config)#spanning-tree vlan 10 priority 4096
SW_DS1(config)#spanning-tree vlan 20 priority 4096
SW_DS1(config)#spanning-tree vlan 43 priority 4096
SW_DS1(config)#spanning-tree vlan 67 priority 4096
SW_DS1(config)#end
SW_DS1#
SW_DS1#wr
Building configuration...
[OK]
SW_DS1#
Using a priority of8192, set SW_AC2 so that it will become the root forallVLANs if SW_DS1 fails.
SW_AC2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW_AC2(config)#spanning-tree vlan 1 priority 8192
SW_AC2(config)#spanning-tree vlan 10 priority 8192
SW_AC2(config)#spanning-tree vlan 20 priority 8192
SW_AC2(config)#spanning-tree vlan 43 priority 8192
SW_AC2(config)#spanning-tree vlan 67 priority 8192
SW_AC2(config)#end
SW_AC2#
SW_AC2#wr
Building configuration...
[OK]
SW_AC2#
b. Verify the spanning tree election.Commando
Show spanning-tree summary
Step 6: Configure Inter-VLAN Routing.
Use the information in the Addressing Table to configure Router1 for inter-VLANrouting. Be sure to designate the native VLAN.
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface fastEthernet 0/0
Router1(config-if)#no shutdown
Router1(config-if)#exit
Router1(config)#interface fastEthernet 0/0.10
8/22/2019 Skill Capitulo 3
8/13
Router1(config-subif)#encapsulation dot1Q 10
Router1(config-subif)#ip address 172.16.10.1 255.255.255.0
Router1(config-subif)#exit
Router1(config)#interface fastEthernet 0/0.20
Router1(config-subif)#encapsulation dot1Q 20
Router1(config-subif)#ip address 172.16.20.1 255.255.255.0
Router1(config-subif)#exit
Router1(config)#interface fastEthernet 0/0.43
Router1(config-subif)#encapsulation dot1Q 43 native
Router1(config-subif)#ip address 172.16.43.1 255.255.255.0
Router1(config-subif)#exit
Router1(config)#interface fastEthernet 0/0.67
Router1(config-subif)#encapsulation dot1Q 67
Router1(config-subif)#ip address 172.16.67.1 255.255.255.0
Router1(config-subif)#end
Router1#
Router1#wr
Building configuration...
[OK]
Router1#
Verify inter-VLAN routing.
Comando
Show ip route
Show ip interface brief
Step 7: Configure Port Security.
Note: Best practice requires port security on all access ports. However, for this practiceexercise you will only configure one port with security.
a. Configure SW_AC3 with port security on FastEthernet 0/2. Enable port security.SW_AC3#configure terminal
SW_AC3(config)#interface fastEthernet 0/2
SW_AC3(config-if)#switchport port-security
No more than two MAC addresses are allowed on the FastEthernet 0/2port for SW_AC3.
SW_AC3(config-if)#switchport port-security maximum 2
Once learned, MAC addresses should be automatically added to therunning configuration.
SW_AC3(config-if)#switchport port-security mac-address sticky
8/22/2019 Skill Capitulo 3
9/13
If this policy is violated, the port should be automatically disabled.SW_AC3(config-if)#switchport port-security violation shutdown
b. Verify that port security is implemented.SW_AC3#show port-security interface fastEthernet 0/2
Step 8: Configure the Wireless LAN.
Refer to the Addressing Table to configure the wireless LAN.
a. Configure WRS. Use static addressing on the Internet interface.
Set the router IP and subnet mask. Use the DHCP Server Settings to configure the router to provide wireless
hosts with an IP address.
The starting IP address in the wireless LAN subnet is 172.16.100.10. The maximum number of users is 25.
8/22/2019 Skill Capitulo 3
10/13
b. Configure wireless security. Set the SSID to WRS_LAN. Enable WEP security and use 12345ABCDE as key1.
8/22/2019 Skill Capitulo 3
11/13
c. Use cisco123 as the remote management password.
8/22/2019 Skill Capitulo 3
12/13
d. Configure PC4 to access the wireless network that is provided by WRS. PC4 uses DHCP toobtain addressing information.
8/22/2019 Skill Capitulo 3
13/13
Note: It will not be possible for devices to ping PC4 since PC4 is behind the WRS NATfirewall.
Step 9: Verify Connectivity.
Although these are not scored, the following connectivity tests should be successful.
SW_DS1 can ping Router1.
SW_AC2 can ping Router1.
SW_AC3 can ping Router1.
PC1 can ping PC2.
PC2 can ping PC3.
PC4 can ping PC1.
Version 2.0Created in Packet Tracer 5.3.2.0027 and Marvel 1.0.1
All contents are Copyright 1992 - 2011 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.