You are on page 1of 19

Instruction

Step 1: Cable the network in the topology diagram.

Connect the above network on Packet Tracer using 1941 Router, 2960 Switch and
Generic PCs (This step is already done for you)

Step 2: Configure initial device settings on all Switchs.

1. Configure the host names. The host name must match the value in the table
exactly in spelling, case, and punctuation.
2. Prevent the router CLI from attempting to look up mistyped commands as
URLs.
3. Configure the message-of-the-day banner as (Unauthorized Access is
Prohibited) must match exactly in spelling, case, and punctuation.
4. Configure an encrypted password for Privileged EXEC mode as (class).
5. Protect access to the device console (use password cisco).
6. Prevent IOS status messages from interrupting command line output at the
device console.
7. Encrypt all clear text passwords.

Step 3: Create and name VLANs

On all three switches, create and name the VLANs shown in the VLAN Table.

1. The VLAN names must match the values in the table exactly in spelling, case,
and punctuation.
2. Each switch should be configured with all the VLANs shown in the table.

Step 4: Assign switch ports to VLANs

Using the VLAN table, assign the switch ports to the VLANs you created in Step 3, as
follows:

1. All switch ports that you assign to VLANs should be configured to static access
mode.
2. All switch ports that you assign to VLANs should be activated.
3. Note that all the unused ports should be disabled and assigned to VLAN 999.

Step 5: Configure the SVIs

Using the addressing table, create and address the SVIs on all three switches.
Configure the switches so that they can connect with remote hosts. Full connectivity
will be established after routing between VLANs has been configured later in this
assessment.

Step 6: Configure Trunking

1. Configure all port interfaces between switches as trunks.


2. Configure trunking on the switch port on SW-A that is connected to router
Campus.

Step 7: Configure Rapid PVST+

Configure Rapid PVST+ settings as follows.

a. Activate Rapid PVST+ and set root priorities.


1. All three switches should be configured to run Rapid PVST+.
2. SW-A should be configured as root primary for VLAN 5 and VLAN
10 using the default primary priority values.
3. SW-A should be configured as root secondary for VLAN 15 and VLAN
100 using the default secondary priority values.
4. SW-C should be configured as root primary for VLAN 15 and VLAN
100 using the default primary priority values.
5. SW-C should be configured as root secondary for VLAN 5 and VLAN
10 using the default secondary priority values.

b. Activate PortFast and BPDU Guard on the SW-C switch access ports.
1. Configure PortFast on all access ports that are connected to hosts. This
must be configured on the switch ports. Do not use the portfast default
form of the command.
2. Activate BPDU Guard on all access ports that are connected to hosts.

Step 8: Configure switch security.

You are required to complete the following:

a. Secure unused switch ports. Following security best practices, do the following
on SW-B only:
1. Shutdown all unused switch ports.
2. Configure all unused switch ports as access ports.
3. All unused switch ports should be assigned to VLAN 999.
b. Configure port security on all active access ports on the SW-B. do the
following on SW-B only:
1. Each switch port should accept only two MAC addresses before a
security action occurs.
2. The learned MAC addresses should be recorded in the running
configuration.
3. If a security violation occurs, the switch ports should provide
notification that a violation has occurred but not place the interface in an
err-disabled state.
c. On SW-B, configure the virtual terminal lines to accept only SSH connections
on the virtual terminal lines.
1. Use a domain name of project1.com.
2. Use a modulus value of 1024.
3. Configure SSH version 2.
4. Configure the vty lines to only accept SSH connections.
5. Configure user-based authentication for SSH connections to the vty lines
with a user name of netadmin and a secret password of sshpass1. The
user name and password must match the values provided here exactly in
case, punctuation, and spelling.

Step 9: Configure Router-on-a-Stick Inter-VLAN Routing

Configure router Campus to route between VLANs according to the information in


the addressing table.

Do not route VLAN 999.

Step 10: Configure the router as a DHCP server.

Configure three DHCP pools as follows:

1. Create a DHCP pool for hosts on VLAN5 using the pool name vlan5pool.
2. Create a DHCP pool for hosts on VLAN10 using the pool name vlan10pool.
3. Create a DHCP pool for hosts on VLAN15 using the pool name vlan15pool.
4. All VLAN pool names must match the provided values exactly.
5. Exclude the first five addresses from each pool.
6. Configure a DNS server address of 192.0.2.62.
7. Configure the default gateway.
8. Once they have received addresses, the hosts should be able to ping hosts on
other networks.

Step 11: Configure host addressing

1. Hosts on VLANs 5, 10 and 15 should be configured to receive addresses


dynamically over DHCP.
2. Hosts on VLAN 100 should be addressed statically as indicated in the
addressing table.
3. Once configured, the hosts should be able to ping hosts on other networks.

Step 12:Verify End-to-End Connectivity

Step 13: Save and Submit your project

1. Save your configuration in all devices


2. Save the packet tracer file as first-last.pkt where first and last are your first
and last names.
SW-A#show run
Building configuration...

Current configuration : 2648 bytes


!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname SW-A
!
no logging console
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
!
!
no ip domain-lookup
!
!
spanning-tree mode rapid-pvst
spanning-tree vlan 5,10 priority 24576
spanning-tree vlan 15,100 priority 28672
!
interface Port-channel 1
switchport mode trunk
!
interface Port-channel 2
switchport mode trunk
!
interface FastEthernet0/1
switchport mode trunk
channel-group 1 mode active
!
interface FastEthernet0/2
switchport access vlan 999
switchport mode trunk
channel-group 1 mode active
shutdown
!
interface FastEthernet0/3
switchport mode trunk
channel-group 2 mode active
!
interface FastEthernet0/4
switchport access vlan 999
switchport mode trunk
channel-group 2 mode active
shutdown
!
interface FastEthernet0/5
switchport access vlan 5
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 999
switchport mode access
shutdown
!
interface FastEthernet0/7
switchport access vlan 999
switchport mode access
shutdown
!
interface FastEthernet0/8
switchport access vlan 999
switchport mode access
shutdown
!
interface FastEthernet0/9
switchport access vlan 999
switchport mode access
shutdown
!
interface FastEthernet0/10
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
switchport access vlan 15
switchport mode access
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
switchport access vlan 999
switchport mode access
shutdown
!
interface FastEthernet0/21
switchport access vlan 999
switchport mode access
shutdown
!
interface FastEthernet0/22
switchport access vlan 999
switchport mode access
shutdown
!
interface FastEthernet0/23
switchport access vlan 999
switchport mode access
shutdown
!
interface FastEthernet0/24
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet0/1
switchport mode trunk
!
interface GigabitEthernet0/2
switchport access vlan 999
switchport mode access
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan199
mac-address 0030.a383.a201
ip address 10.10.199.254 255.255.255.0
!
ip default-gateway 10.10.199.1
!
banner motd ^C
Unauthorized Access is Prohibited^C
!
!
!
line con 0
password 7 0822455D0A16
logging synchronous
login
!
line vty 0 4
logging synchronous
login
line vty 5 15
logging synchronous
login
!
!
!
End

SW-B#sh r
Building configuration...

Current configuration : 3857 bytes


!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname SW-B
!
no logging console
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
!
!
ip ssh version 2
no ip domain-lookup
ip domain-name SW-B.project1.com
!
username netadmin secret 5 $1$mERr$XqAboRkRK/5Ms2gWBDaG71
!
!
spanning-tree mode rapid-pvst
!
interface Port-channel 2
switchport mode trunk
!
interface Port-channel 3
switchport mode trunk
!
interface FastEthernet0/1
switchport access vlan 999
switchport mode access
shutdown
!
interface FastEthernet0/2
switchport access vlan 999
switchport mode access
shutdown
!
interface FastEthernet0/3
switchport mode trunk
channel-group 2 mode active
!
interface FastEthernet0/4
switchport access vlan 999
switchport mode trunk
channel-group 2 mode active
shutdown
!
interface FastEthernet0/5
switchport mode trunk
channel-group 3 mode active
!
interface FastEthernet0/6
switchport access vlan 999
switchport mode trunk
channel-group 3 mode active
shutdown
!
interface FastEthernet0/7
switchport access vlan 5
switchport mode access
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security violation restrict
!
interface FastEthernet0/8
switchport access vlan 999
switchport mode access
shutdown
!
interface FastEthernet0/9
switchport access vlan 999
switchport mode access
shutdown
!
interface FastEthernet0/10
switchport access vlan 10
switchport mode access
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security violation restrict
!
interface FastEthernet0/11
switchport access vlan 999
switchport mode access
shutdown
!
interface FastEthernet0/12
switchport access vlan 999
switchport mode access
shutdown
!
interface FastEthernet0/13
switchport access vlan 999
switchport mode access
shutdown
!
interface FastEthernet0/14
switchport access vlan 999
switchport mode access
shutdown
!
interface FastEthernet0/15
switchport access vlan 15
switchport mode access
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security violation restrict
!
interface FastEthernet0/16
switchport access vlan 999
switchport mode access
shutdown
!
interface FastEthernet0/17
switchport access vlan 999
switchport mode access
shutdown
!
interface FastEthernet0/18
switchport access vlan 999
switchport mode access
shutdown
!
interface FastEthernet0/19
switchport access vlan 999
switchport mode access
shutdown
!
interface FastEthernet0/20
switchport access vlan 999
switchport mode access
shutdown
!
interface FastEthernet0/21
switchport access vlan 999
switchport mode access
shutdown
!
interface FastEthernet0/22
switchport access vlan 999
switchport mode access
shutdown
!
interface FastEthernet0/23
switchport access vlan 999
switchport mode access
shutdown
!
interface FastEthernet0/24
switchport access vlan 100
switchport mode access
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security violation restrict
!
interface GigabitEthernet0/1
switchport access vlan 999
switchport mode access
shutdown
!
interface GigabitEthernet0/2
switchport access vlan 999
switchport mode access
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan199
mac-address 0050.0f0b.d301
ip address 10.10.199.251 255.255.255.0
!
ip default-gateway 10.10.199.1
!
banner motd ^C
Unauthorized Access is Prohibited.^C
!
!
!
line con 0
password 7 0822455D0A16
logging synchronous
login
!
line vty 0 4
logging synchronous
login local
transport input ssh
line vty 5 15
logging synchronous
login
!
!
!
End
SW-C#sh r
Building configuration...

Current configuration : 2195 bytes


!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname SW-C
!
no logging console
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree vlan 15,100 priority 24576
spanning-tree vlan 5,10 priority 28672
!
interface Port-channel 1
switchport mode trunk
!
interface Port-channel 3
switchport mode trunk
!
interface FastEthernet0/1
switchport mode trunk
channel-group 1 mode active
!
interface FastEthernet0/2
switchport mode trunk
channel-group 1 mode active
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
switchport mode trunk
channel-group 3 mode active
!
interface FastEthernet0/6
switchport mode trunk
channel-group 3 mode active
!
interface FastEthernet0/7
switchport access vlan 5
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
switchport access vlan 10
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
switchport access vlan 15
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
switchport access vlan 100
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan199
mac-address 0090.2181.d401
ip address 10.10.199.252 255.255.255.0
!
ip default-gateway 10.10.199.1
!
banner motd ^C
Unauthorized Access is Prohibited^C
!
!
!
line con 0
password 7 0822455D0A16
logging synchronous
login
!
line vty 0 4
logging synchronous
login
line vty 5 15
logging synchronous
login
!
!
!
End

Campus#sh r
Building configuration...
Current configuration : 1847 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname Campus
!
no logging console
!
!
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
!
ip dhcp excluded-address 10.10.5.1 10.10.5.5
ip dhcp excluded-address 10.10.10.1 10.10.10.5
ip dhcp excluded-address 10.10.15.1 10.10.15.5
!
ip dhcp pool vlan5pool
network 10.10.5.0 255.255.255.0
default-router 10.10.5.1
dns-server 192.0.2.62
ip dhcp pool vlan10pool
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 192.0.2.62
ip dhcp pool vlan15pool
network 10.10.15.0 255.255.255.0
default-router 10.10.15.1
dns-server 192.0.2.62
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
license udi pid CISCO1941/K9 sn FTX15240AK7
!
!
!
!
!
!
!
!
!
no ip domain-lookup
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.5
encapsulation dot1Q 5
ip address 10.10.5.1 255.255.255.0
!
interface GigabitEthernet0/1.10
encapsulation dot1Q 10
ip address 10.10.10.1 255.255.255.0
!
interface GigabitEthernet0/1.15
encapsulation dot1Q 15
ip address 10.10.15.1 255.255.255.0
!
interface GigabitEthernet0/1.100
encapsulation dot1Q 100
ip address 10.10.100.1 255.255.255.0
!
interface GigabitEthernet0/1.199
encapsulation dot1Q 199
ip address 10.10.199.1 255.255.255.0
ip access-group 1 out
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
ip flow-export version 9
!
!
access-list 1 permit 10.10.100.0 0.0.0.255
!
banner motd ^C
Unauthorized Access is Prohibited^C
!
!
!
!
line con 0
password 7 0822455D0A16
logging synchronous
!
line aux 0
!
line vty 0 4
logging synchronous
login
line vty 5 15
logging synchronous
login
!
!
!
end

You might also like