Escolar Documentos
Profissional Documentos
Cultura Documentos
Configuration of RPVST+
Configuration of EtherChannel
Configure EtherChannel.
Configure trunking.
Configure EtherChannel.
Configure trunking.
Activate RPVST+.
Bldg3:
Configure EtherChannel.
Configure trunking.
Device
Interface
Network
Configuration Details
S0/0/0
192.168.100.20/30
S0/0/1
192.168.100.28/30
G0/0
192.168.8.0/24
G0/1
192.168.9.0/24
S0/0/0
192.168.100.20/30
S0/0/1
192.168.100.36/30
S0/1/0
203.0.113.16/29
S0/0/0
192.168.100.28/30
S0/0/1
192.168.100.36/30
G0/1.2
10.10.2.0/24
East
Central
West
G0/1.4
10.10.4.0/24
G0/1.8
10.10.8.0/24
G0/1.15
10.10.15.0/24
G0/1.25
10.10.25.0/24
Bldg1
SVI
10.10.25.0/24
Bldg2
SVI
10.10.25.0/24
Bldg3
SVI
10.10.25.0/24
Host 1
NIC
192.168.8.0/24
Host 2
NIC
192.168.9.0/24
NetAdmin 1
NIC
10.10.15.0/24
NetAdmin 2
NIC
10.10.15.0/24
Addressing Table:
VLAN Switch Port Assignment Table:
VLAN
15
25
Name
LAB-A
LAB-B
LAB-C
NetAdmin
SWAdmin
Network
Device
Switch
Ports
Bldg1
Fa0/5
Bldg3
Fa0/7
Bldg1
Fa0/10
Bldg3
Fa0/10
Bldg1
Fa0/15
Bldg3
Fa0/15
Bldg1
Fa0/24
Bldg3
Fa0/24
Bldg1
SVI
Bldg2
SVI
10.10.2.0/24
10.10.4.0/24
10.10.8.0/24
10.10.15.0/24
10.10.25.0/24
99
spare
N/A
Device
Interfaces
Bldg1
Fa0/1, Fa0/2
Bldg3
Fa0/1, Fa0/2
Bldg1
Fa0/3, Fa0/4
Bldg2
Fa0/3, Fa0/4
Bldg2
Fa0/5, Fa0/6
Bldg3
Fa0/5, Fa0/6
Instructions
Bldg3
SVI
Bldg1
all
unused
ports
All configurations must be performed through a direct terminal connection to the device
console lines from an available host.
Part I: EIGRP Router Configuration
Step 1: Plan the Addressing.
Determine the IP addresses that you will use for the required interfaces on the devices
and LAN hosts. Follow the configuration details provided in the Addressing Table.
Step 2: Configure East.
Configure East with initial settings:
Configure the router host name: East. This value must be entered exactly as it appears here.
Prevent the router from attempting to resolve command line entries to IP addresses.
Protect device configurations from unauthorized access with an encrypted secret password.
Configure IP addressing.
Configure EIGRP for IPv4 to route between the internal networks. Use ASN 100.
Use the precise wild card masks for all network statements.
You are not required to route the SW-Admin VLAN network over EIGRP.
Prevent routing updates from being sent on the LAN networks. Do not
use the default keyword version of the command to do so.
Prevent EIGRP for IPv4 from performing automatic route summarization on all routers.
b. On the Central router:
Configure a default route to the Internet. Use the exit interface argument.
Configure EIGRP for IPv4 to distribute the default route to the other routers.
Step 6: Customize EIGRP for IPv4.
Customize EIGRP for IPv4 by performing the following configuration tasks:
Set the bandwidth of the link between East and Central to 128 kb/s.
Create a summary route for the LANs connected to Bldg3. It should include all networks from
10.10.0.0 to 10.10.15.0.
Configure EIGRP for IPv4 with the route summary so that it will be sent to the other routers. Be
sure to configure the summary on all of the appropriate interfaces.
Step 7: Configure Access Control Lists.
You will configure two access control lists in this step. You should use
the any and host keywords in the ACL statements where appropriate. The ACL specifications
are as follows:
Create a named standard ACL using the name TELNET-BLOCK. Be sure that you enter this
name exactly as it appears in this instruction.
No other Internet hosts (including hosts not visible in the topology) should be able to
access the vty lines of Central.
Allow only Test PC to ping addresses within the Medical Company network. Only echo
messages should be permitted.
Prevent all other Internet hosts (not only the Internet hosts visible in the topology) from
pinging addresses inside the Medical Company network. Block echo messages only.
Your ACL should be placed in the most efficient location as possible to conserve network
bandwidth and device processing resources.
c. Control access to the management interfaces (SVI) of the three switches attached
to West as follows:
Permit only addresses from the NetAdmin VLAN network to access any address on the SWAdmin VLAN network.
Hosts on the NetAdmin VLAN network should be able to reach all other destinations.
The VLAN names that you configure must match the values in the table exactly.
Each switch should be configured with all of the VLANs shown in the table.
Step 2: Assign switch ports to VLANs.
Using the VLAN table, assign the switch ports to the VLANs you created in Step 1, as follows:
All switch ports that you assign to VLANs should be configured to static access mode.
Refer to the Addressing Table. Create and address the SVIs on all three of the switches that
are attached to West. Configure the switches so that they can communicate with hosts on
other networks. Full connectivity will be established after routing between VLANs has been
configured later in this assessment.
Step 4: Configure Trunking and EtherChannel.
a. Use the information in the Port-Channel Groups table to configure EtherChannel as follows:
Use LACP.
The switch ports on both sides of Channels 1 and 2 should initiate negotiations for channel
establishment.
The switch ports on the Bldg2 side of the Channel 3 should initiate negotiations with the
switch ports on Bldg3.
The switch ports on the Bldg3 side of Channel 3 should not initiate negotiations with the
switch ports on the other side of the channel.
All channels should be ready to forward data after they have been configured.
b. Configure all port-channel interfaces as trunks.
c. Configure static trunking on the switch port on Bldg2 that is connected to West.
Step 5: Configure Rapid PVST+.
Configure Rapid PVST+ settings as follows:
a. Activate Rapid PVST+ and set root priorities.
Bldg1 should be configured as root primary for VLAN 2 and VLAN 4 using the default primary
priority values.
Bldg1 should be configured as root secondary for VLAN 8 and VLAN 15 using the default
secondary priority values.
Bldg3 should be configured as root primary for VLAN 8 and VLAN 15 using the default
primary priority values.
Bldg3 should be configured as root secondary for VLAN 2 and VLAN 4 using the default
secondary priority values.
b. Activate PortFast and BPDU Guard on the active Bldg3 switch access ports.
Activate BPDU Guard on all access ports that are connected to hosts.
Step 6: Configure switch security.
You are required to complete the following only on some of the devices in the network for this
assessment. In reality, security should be configured on all devices in the network.
a. Secure unused switch ports. Following security best practices, do the following
on Bldg1 only:
Ensure that all unused switch ports have been assigned to VLAN 99.
b. Configure port security on all active access ports on Bldg1.
Each switch port should accept only two MAC addresses before a security action occurs.
If a security violation occurs, the switch ports should provide notification that a violation has
occurred but not place the interface in an err-disabled state.
c. On Bldg2, configure the virtual terminal lines to accept only SSH connections.
Configure user-based authentication for the SSH connections with a user name
of netadmin and a secret password of SSH_secret9. The user name and password must
match the values provided here exactly in case, punctuation, and spelling.
Step 7: Configure West as a DHCP server for the hosts attached to the Bldg1 and Bldg2
switches.
Configure three DHCP pools as follows:
Create a DHCP pool for hosts on VLAN 2 using the pool name vlan2pool.
Create a DHCP pool for hosts on VLAN 4 using the pool name vlan4pool.
Create a DHCP pool for hosts on VLAN 8 using the pool name vlan8pool.
All VLAN pool names must match the provided values exactly.
Hosts on VLAN 15 should be addressed statically as indicated in the addressing table. Once
configured, the hosts should be able to ping hosts on other networks.
Hosts on the LANs attached to East should be statically assigned addressing that enables
them to communicate with hosts on other networks.
Configuration
Theese Configurations ate Created By Asitha Indunil Meegama From Srilanka.
Student of Srilanka Institiute of Infromation Technology and Curtin University of
Technology Australia.
I have scored 98% for this and i have corrected my mistake also here.
You can score 100%
1. Before begin please read the whole assesment.
2. And change the host name of Esat or Site 1 router accordingly.
3. To apply theese commands in each device go to global Configuration mode {
(config)# } and paste them all there without changing.
Thanks !!!
***BLDG1*** or ***SW-A***
ip default-gateway 10.10.25.1
vlan 2
name sales
vlan 4
name prod
vlan 8
name acct
vlan 15
name admin
vlan 25
name SVI-NET
vlan 99
name null
interface vlan 25
ip address 10.10.25.254 255.255.255.0
no shutdown
interface fa0/5
switchport mode acces
switchport acces vlan 2
interface fa0/10
switchport mode acces
switchport acces vlan 4
interface fa0/15
switchport mode acces
switchport acces vlan 8
interface fa0/24
switchport mode acces
switchport acces vlan 15
interface range fa0/6-9,fa0/11-14,fa0/16-23
switchport mode acces
switchport acces vlan 99
shutdown
interface range gi1/1-2
switchport mode acces
switchport acces vlan 99
shutdown
ETHERCHANNEL
interface range fa0/1-2
channel-group 1 mode active
interface port-channel 1
switchport mode trunk
***BLDG2*** or ***SW-B***
ip default-gateway 10.10.25.1
vlan 2
name sales
vlan 4
name prod
vlan 8
name acct
vlan 15
name admin
vlan 25
name SVI-NET
vlan 99
name null
interface vlan 25
ip address 10.10.25.253 255.255.255.0
no shutdown
interface gi 1/1
***BLDG3*** or ***SW-C***
ip default-gateway 10.10.25.1
vlan 2
name sales
vlan 4
name prod
vlan 8
name acct
vlan 15
name admin
vlan 25
name SVI-NET
vlan 99
name null
interface vlan 25
ip address 10.10.25.252 255.255.255.0
no shutdown
interface fa0/7
switchport mode acces
switchport acces vlan 2
interface fa0/10
switchport mode acces
switchport acces vlan 4
interface fa0/15
switchport mode acces
no shutdown
***Central*** or ***HQ***
ip route 0.0.0.0 0.0.0.0 s0/1/0
interface serial 0/0/0
bandwidth 128
ip address 192.168.100.22 255.255.255.252
description SITE
no shutdown
interface serial 0/0/1
bandwidth 128
ip address 192.168.100.37 255.255.255.252
description SITE
clock rate 128000
no shutdown
interface serial 0/1/0
bandwidth 128
ip address 203.0.113.18 255.255.255.248
description INTERNET
no shutdown
EIGRP
router eigrp 100
redistribute static
network 192.168.100.20 0.0.0.3
network 192.168.100.36 0.0.0.3
no auto-summary
ACCESS LIST
ip access-list standard TELNET-BLOCK
permit host 198.51.100.5
access-list 101 permit icmp 198.51.100.5 0.0.0.0 any echo
access-list 101 deny icmp any any echo
access-list 101 permit ip any any
line vty 0 4
access-class TELNET-BLOCK in
interface serial 0/1/0
ip access-group 101 in
***East*** or ***Site1***
hostname Site-1
no ip domain-lookup
enable secret cisco
line console 0
logging synchronous
password cisco
login
line vty 0 4
password cisco
login
service password-encryption
banner motd * Authorized acces only *
***West*** or ***Site2***
interface serial 0/0/0
bandwidth 128
ip address 192.168.100.30 255.255.255.252
description SITE
no shutdown
interface serial 0/0/1
bandwidth 128
ip address 192.168.100.38 255.255.255.252
description SITE
no shutdown
interface gig 0/1
description SITE
no shutdown
interface gi 0/1.2
encapsulation dot1q 2
ip address 10.10.2.1 255.255.255.0
interface gi 0/1.4
encapsulation dot1q 4
ip address 10.10.4.1 255.255.255.0
interface gi 0/1.8
encapsulation dot1q 8
***HOSTS***
Assighn Ip addersses and Defauld gateways Accordingly.
For the hosts which do not have an IP address set them as dhcp.