Lab 3.2.3 Building a Switched Network with Redundant Links
Objectives
• Create a switched network with redundant links.
• Determine which switch is selected to be the root bridge with the factory default settings.
• Configure the BID on a switch to control the selection of the root bridge.
Background / Preparation
This lab examines the effect that selection of a root bridge has on traffic patterns in a switched network with redundant links. You will configure the network with default factory settings and then reassign the root bridge by changing the bridge priority value. You will observe the spanning tree as the network adjusts to the changes.
The following resources are required:
• Two Cisco 2960 switches or other comparable switches
• Two Windows-based PCs, one with a terminal emulation program; one as the host, one as the server
• At least one RJ-45-to-DB-9 connector console cable to configure the switches
• Two straight-through Ethernet cables
• Two crossover Ethernet cables
• Access to the PC command prompt
• Access to PC network TCP/IP configuration
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations.
Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy
Connection in the Tools section.
NOTE: SDM Enabled Routers - If the startup-config is erased in an SDM enabled router, SDM will no longer
come up by default when the router is restarted. It will be necessary to build a basic router configuration using
IOS commands. The steps provided in this lab use IOS commands and do not require the use of SDM. If you
wish to use SDM, refer to the instructions in the Lab Manual, located on the Academy Connection in the Tools
section or contact your instructor if necessary.
Step 1: Cable the network
a. Connect Host 1 to Switch 1 Fast Ethernet port Fa0/7, using a straight-through Ethernet cable.
b. Connect Host 2 to Switch 2 Fast Ethernet port Fa0/8, using a straight-through Ethernet cable.
c. Connect Switch 1 Fast Ethernet port Fa0/1 to Switch 2 Fast Ethernet port Fa0/1, using a crossover Ethernet cable.
d. Create a redundant link between the switches by connecting Switch 1 Fast Ethernet port Fa0/4 to Switch 2 Fast Ethernet port Fa0/4, using a crossover Ethernet cable. What typically undesirable traffic pattern have you created by using the two crossover cables between the two switches? Memang ada jalur yang seharusnya tidak usah dibentuk
Predict: What do you think the switches will do to keep this from becoming a problem? tidak
Step 2: Configure the switches
a. Establish a terminal emulation session to Switch 1 from Host 1.
b. Configure the switch hostname, passwords, interface VLAN 1 IP address, and subnet mask on Switch 1.
c. Save the configuration.
d. Establish a terminal emulation session to Switch 2 from either Host 1 or Host 2.
e. Configure the switch hostname, passwords, interface VLAN 1 IP address, and subnet mask on Switch 2.
f. Save the configuration.
Step 3: Configure the hosts
a. Configure each host to use an IP address in the same network as the switches.
b. Configure each host to use the same subnet mask as the switches. Why is no default gateway specified for this network? Karena memiliki dua buah media transmisi kabel cross
Step 4: Verify connectivity
a.To verify that the network is set up successfully, ping from Host 1 to Host 2.
Was the ping successful? tidak If the ping is not successful, verify the connections and configurations again. Check to ensure that all cables are correct and that connections are seated.
b.If the ping is not successful, what utility could you use to determine where the connection is failing?
Step 5: Examine interface VLAN 1 information
a. From the terminal emulation session on either switch, enter the command show interface vlan1 ? at the privileged EXEC mode prompt.
SwitchA#show interface vlan1 ?
List some of the options that are available.
b. On SwitchA, enter the command show interface vlan1 at the privileged EXEC mode prompt.
SwitchA#show interface vlan1
What is the MAC address of the switch?
What other term for MAC address is used?
c. On SwitchB, enter the command show interface vlan1 at the privileged EXEC mode prompt.
What is the MAC address of the switch?
Which switch should be the root of the spanning tree for this network?
Step 6: Examine the spanning-tree tables on each switch
a. On SwitchA, enter the command show spanning-tree at the privileged EXEC mode prompt.
b. On SwitchB, enter the command show spanning-tree at the privileged EXEC mode prompt.
c. Examine the outputs and answer the following questions:
Which switch is the root bridge?
What is the priority of the root bridge?
What is the bridge ID of the root bridge?
Which ports are forwarding on the root bridge?
Which ports are blocking on the root bridge? What is the priority of the non-root bridge?
What is the bridge ID of the non-root bridge?
Which ports are forwarding on the non-root bridge?
Which ports are blocking on the non-root bridge?
d. Examine the link lights on both switches.
Can you tell which port is in blocking state?
Why is there no change in the link lights?
Step 7: Reassign the root bridge
What would you do if you wanted a different switch to be the root bridge for this network?
Why might you want to do this?
For the purposes of this lab, assume that the switch that is currently the root bridge is undesirable.
The example assumes that SwitchB is preferred as the root switch. To “force” SwitchB to become the new
root bridge, you need to configure a new priority for it.
a. Go to the console and enter configuration mode on SwitchB.
b. Determine the options that can be configured for the Spanning Tree Protocol by issuing this
a. On SwitchA, enter show spanning-tree at the privileged EXEC mode prompt.
b. On SwitchB, enter show spanning-tree at the privileged EXEC mode prompt.
c. Examine the outputs and answer the following questions:
Which switch is the root bridge?
What is the priority of the root bridge?
What is the bridge ID of the root bridge?
Which ports are forwarding on the root bridge? Which ports are blocking on the root bridge?
What is the priority of the non-root bridge?
What is the bridge ID of the non-root bridge?
Which ports are forwarding on the non-root bridge?
Which ports are blocking on the non-root bridge?
Step 9: Verify the running configuration file on the root bridge
a. On the switch that was changed to be the root bridge, enter the show running-config command
at the privileged EXEC mode prompt.
b. Locate the spanning-tree priority information for this switch.
c. How can you tell from the information given that this switch is the root bridge?
Step 10: Reflection
Suppose that you are adding new switches to a company’s network. Why should you plan the physical design carefully? Why should you be prepared to make adjustments to factory default settings?
Lab 3.3.2 Configuring, Verifying, and Troubleshooting VLANs
Objectives
• Observe default switch VLAN configuration and operation.
• Configure static VLANs on a switch.
• Verify VLAN configuration and operation.
• Modify an existing VLAN configuration.
Background / Preparation
This lab focuses on the basic VLAN configuration of the Cisco 2960 switch (or similar) using Cisco IOS commands. The information in this lab applies to other switches; however, command syntax may vary. Depending upon the switch model, the interface designations may differ. For example, modular switches have multiple slots; therefore, the Fast Ethernet ports may be FastEthernet 0/1 or FastEthernet 1/1, depending on the slot and port. The router used can be any router.
The following resources are required:
• One Cisco 2960 switch or equivalent switch
• One Cisco 1841 router or equivalent
• Two Windows-based PCs with a terminal emulation program
• At least one RJ-45-to-DB-9 connector console cable to configure the switch and the router
• Three straight-through Ethernet cables to connect from the PCs to Switch 1
NOTE: Make sure that the router and all the switches have been erased and have no startup configurations. For detailed instructions, refer to the Lab Manual that is located on Academy Connection in the Tools section.
NOTE: SDM Routers – If the startup-config is erased in an SDM router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. Contact your instructor if necessary.
Step 1: Connect the equipment
a. Connect the router Fa0/0 interface with a straight-through cable to Switch 1 Fa0/8 interface.
b. Connect the Host 1a Ethernet interface with a straight-through cable to Switch 1 Fa0/2 interface.
c. Connect the Host 1b Ethernet interface with a straight-through cable to Switch 1 Fa0/3 interface.
d. Connect a PC with a console cable to perform configurations on the router and switches.
e. Configure IP addresses on the hosts as shown in the chart.
Step 2: Perform basic configuration on the router
a. Connect a PC to the console port of the router to perform configurations using a terminal emulation program.
b. Configure Router 1 with a hostname and console, Telnet, and privileged passwords according to the table diagram.
Step 3: Configure Switch 1
a. Configure S1 hostname and passwords.
b. Configure Switch 1 with a hostname and console, Telnet, and privileged passwords according to the
addressing table.
c. Configure S1 with an IP address and default gateway.
S1(config)#interface vlan1
S1(config-if)#ip address 172.16.1.2 255.255.255.0
S1(config-if)#no shutdown
S1(config-if)#exit
S1(config)#ip default-gateway 172.16.1.1
S1(config)#end
Step 4: Verify connectivity and default VLAN configuration
a. Verify LAN connectivity by pinging from the router to the switch and the hosts. Also verify that you can ping from host to host.
b. Verify default VLAN configuration with the show vlan command on S1.
S1#show vlan
Are all switch ports assigned to VLAN 1? Ya, VLAN 1 port switchnya memang pada S1
Step 5: Configure VLANs on S1
a. Create and name two additional VLANs on S1.
S1(config)#vlan 20
S1(config-vlan)#name fred
S1(config-vlan)#exit
S1(config)#vlan 30
S1(config-vlan)#name wilma
S1(config-vlan)#exit
b. Verify the creation of the new VLANs with the show vlan command.
S1#show vlan
Do the new VLANs appear in the output? ya
What interfaces belong to the new VLANs? R1 yaitu FA0/0
c. Assign interfaces to VLANs. Assign S1 port Fa0/2 to VLAN 20 and ports Fa0/3 – Fa0/8 to VLAN 30.
S1(config)#int Fa0/2
S1(config-if)#switchport access vlan 20
S1(config-if)#exit
S1(config-)#interface range Fa0/3 - 8
S1(config-if-range)#switchport access vlan 30
S1(config-if-range)#end
S1#show running-config
Observe that the switchport access command was applied to ports Fa0/2 – Fa0/8.
d. Verify the port assignments of the new VLANs with the show vlan command.
S1#show vlan
Which interfaces now belong to VLAN 1? R1
Which interfaces belong to VLAN 20? S1
Which interfaces belong to VLAN 30? 1b
e. Other commands can be used to show different amounts of information or specific pieces of
information. Enter the following commands on S1 and observe the output:
S1#show vlan brief
Is all of the basic VLAN membership information shown? Tidak semuanya ditampilkan pada command show VLAN brief
S1#show vlan id 30
What information is shown?hanya IP address
S1#show vlan name fred
What information is shown? Nama – nama port yang terhubung.
Step 6: Verify VLAN segmentation
In the previous step, the ports connected to R1 and Host 1b were placed in one VLAN and Host 1a was
placed in another. Even though these hosts are connected to one switch, it appears as if there are two
separate switches. Connectivity tests will prove this.
a. Ping from Host 1b to R1.
Were the pings successful? Ya berhasil
b. Ping from Host 1b to Host 1a.
Were the pings successful?berhasil
c. Ping from Host 1b to R1.
Were the pings successful? tidak
Why were some pings successful and others not?
Karena beberapa ada yang perlu dilakukan VLAN agar dapat berkomunikasi sedangkan yang lain hanya perlu switch agar dapat berkomunikasi.
How could Host 1b communicate with Host 1a in different VLAN?
Menggunakan interface dari R1
Step 7: Change and delete VLAN configurations
a. Reassign S1 port Fa0/3 to VLAN 20.
S1(config)#interface Fa0/3
S1(config-if)#switchport access vlan 20
S1(config)#end
S1#show vlan
Does the output reflect the VLAN membership change? ya
b. Remove VLAN 30.
Which two commands would be used to delete all VLAN configuration and return to the default
configuration?
Step 8: Reflection
a. Why would VLANs be configured in a network?
Jawaban = vlan dapat digunakan untuk menghubungkan dan membatasi dan juga bias memferivikasi ports ports yagn bisa terkoneksi.
b. What must be set up to communicate between VLANS?
Yang harus diatur ialah menentukan VLAN 1 berserta IP address dan Gateway
c. With no configuration, what VLAN are all ports a member of?
• Configure passwords to ensure that access to the CLI is secured.
• Configure a switch to remove http server status for security.
• Configure port security.
• Disable unused ports.
• Test security configuration by connecting unspecified hosts to secure ports.
Background / Preparation
Set up a network similar to the one in the topology diagram. The following resources are required:
• One Cisco 2960 or comparable switch
• Two Windows-based PCs, at least one with a terminal emulation program
• At least one RJ-45-to-DB-9 connector console cable
• Two straight-through Ethernet cables (PC1 and PC2 to switch)
• Access to the PC command prompt
• Access to PC network TCP/IP configuration
NOTE: Make sure that the switch has been erased and has no startup configurations. Instructions for erasing both switches and routers are provided in the Lab Manual, located on Academy Connection in the Tools section.
Step 1: Connect PC1 to the switch
a. Connect PC1 to Fast Ethernet switch port Fa0/1. Configure PC1 to use the IP address, mask, and gateway shown in the table.
b. Establish a terminal emulation session to the switch from PC1.
Step 2: Connect PC2 to the switch
a. Connect PC2 to Fast Ethernet switch port Fa0/4.
b. Configure PC2 to use the IP address, mask, and gateway shown in the table.
Step 3: Configure PC3 but do not connect
A third host is needed for this lab.
a. Configure PC3 using IP address 192.168.1.5. The subnet mask is 255.255.255.0, and the default gateway is 192.168.1.1.
b. Do not connect this PC to the switch yet. It will be used for testing security.
Step 4: Perform an initial configuration on the switch
a. Configure the hostname of the switch as Switch1.
Switch>enable
Switch#config terminal
Switch(config)#hostname Switch1
b. Set the privileged EXEC mode password to cisco.
Switch1(config)#enable password cisco
c. Set the privileged EXEC mode secret password to class.
Switch1(config)#enable secret class
d. Configure the console and virtual terminal lines to use a password and require it at login.
Switch1(config)#line console 0
Switch1(config-line)#password cisco
Switch1(config-line)#login
Switch1(config-line)#line vty 0 15
Switch1(config-line)#password cisco
Switch1(config-line)#login
Switch1(config-line)#end
e. Exit from the console session and log in again. Which password was required to enter privileged EXEC mode? Why?
Jawaban = password yang digunakan ialah CISCO, karena telah dikonfihurasi untuk menampilkan izin login.
Step 5: Configure the switch management interface on VLAN 1
a. Enter the interface configuration mode for VLAN 1.
Switch1(config)#interface vlan 1
b. Set the IP address, subnet mask, and default gateway for the management interface.
Why does interface VLAN 1 require an IP address in this LAN?
Jawaban= karena alamat IP digunakan sebagai interface management.
What is the purpose of the default gateway?
Jawaban = tujuan dari default gateway ialah sebagai penjembatan agar jaringan local bias mengakses jaringan induk.
Step 6: Verify the management LANs settings
a. Verify that the IP address of the management interface on the switch VLAN 1 and the IP address of PC1 and PC2 are on the same local network. Use the show running-config command to check the IP address configuration of the switch.
b. Verify the interface settings on VLAN 1.
Switch1#show interface vlan 1
What is the bandwidth on this interface?
What are the VLAN states?
VLAN 1 is and line protocol is
Step 7: Disable the switch from being an http server
Turn off the feature of the switch being used as an http server.
Switch1(config)#no ip http server
Step 8: Verify connectivity
a. To verify that hosts and switch are correctly configured, ping the switch IP address from the hosts.
Were the pings successful? If the ping is not successful, verify the connections and configurations again. Check to ensure that all cables are correct and that connections are seated. Check the host and switch configurations.
b. Save the configuration.
Step 9: Record the host MAC addresses
Determine and record the Layer 2 addresses of the PC network interface cards. From the command prompt of each PC, enter ipconfig /all.
PC1 192.168.1.1
PC2 192.168.1.2
PC3 192.168.1.3
Step 10: Determine what MAC addresses the switch has learned
Determine what MAC addresses the switch has learned by using the show mac-address-table command at the privileged EXEC mode prompt.
Switch1#show mac-address-table
How many dynamic addresses are there? 3 buah
How many total MAC addresses are there?3 buah
Do the MAC addresses match the host MAC addresses? Ya, cocok.
Step 11: View the show mac-address-table options
View the options that the show mac-address-table command has available.
Switch1(config)#show mac-address-table ?
What options are available? Untuk memutuskan , melihat nama dari PC yang mengakses.
Step 12: Set up a static MAC address
Set up a static MAC address on FastEthernet interface 0/4. Use the address that was recorded for PC2 in Step 9. The MAC address 00e0.2917.1884 is used in this example statement only.
a. Why would port security be enabled on a switch?
Jawaban = agar ketika mengakses jaringan hanya no Mac address ayng terdaftar aygn bias mengakses.
b. Why should unused ports on a switch be disabled?
Jawaban = agar ports yagn tidak terpakai tidak mengganggu dan menyebabkan data terkirim ke port yagn dipakai. Dan otomatis jika semakin sedikit port semakin cepat koneksi aygn diperoleh.
Lab 3.4.2 Configuring a Trunk Port to Connect Switches
Objectives
• Observe default switch VLAN configuration and operation.
• Configure static VLANs on a switch.
• Verify VLAN configuration and operation.
• Configure trunking between switches.
Background / Preparation
This lab focuses on the basic VLAN configuration of the Cisco 2960 switch (or similar) using Cisco IOS commands. The information in this lab applies to other switches; however, command syntax may vary. Depending upon the switch model, the interface designations may differ. For example, modular switches have multiple slots; therefore, the Fast Ethernet ports may be Fast Ethernet 0/1 or Fast Ethernet 1/1, depending on the slot and port.
The following resources are required:
• Two Cisco 2960 switches or equivalent switches
• Two Windows-based PCs with a terminal emulation program
• At least one RJ-45-to-DB-9 connector console cable to configure the switch and the router
• Three straight-through Ethernet cables to connect from the PCs to the switches
• One crossover Ethernet cable to connect S1 to S2
NOTE: Make sure that the routers and the switches have been erased and have no startup configurations. Instructions for erasing both switch and router are provided in the Lab Manual, located on Academy Connection in the Tools section.
Step 1: Connect the equipment
a. Connect Switch 1 Fa0/1 interface to Switch 2 Fa0/1 interface with a crossover cable.
b. Connect Host 1a Ethernet interface with a straight-through cable to Switch 1 Fa0/2 interface.
c. Connect Host 1b Ethernet interface with a straight-through cable to Switch 1 Fa0/3 interface.
d. Connect Host 2 Ethernet interface with a straight-through cable to Switch 2 Fa0/2 interface.
e. Connect a PC with a console cable to perform configurations on the router and switches.
f. Configure IP addresses on the hosts as shown in the chart.
Step 2: Perform basic configuration of Switch 1 and Switch 2
a. Connect a PC to the console port of the switches to perform configurations using a terminal emulation program.
b. Configure Switch 1 with a hostname and console, Telnet, and privileged passwords according to the table diagram. Save the configuration.
c. Configure Switch 2 with a hostname and console, Telnet, and privileged passwords according to the table diagram. Save the configuration.
Step 3: Configure host PCs
Configure the host PCs according to the information in the table and diagram.
Step 4: Verify default VLAN configuration and connectivity
a. When directly connecting some switches, as in this lab, the switch ports automatically configure themselves for trunking. To prevent this, manually configure the switch ports for normal operation on
S1 and S2.
S1(config)#interface fa0/1
S1(config-if)#
S2(config)#
switchport mode access
interface fa0/1
S2(config-if)#switchport mode access
b. Verify default VLAN configurations on both switches with the show vlan command.
S1#show vlan
S2#show vlan
Is every switch port assigned to a VLAN?
Jawaban = ya
Which VLAN do the ports appear in? switch 1 Fa0/1
Should any host or switch be able to ping any other host or switch at this time?
c. Verify this by pinging from Host 1a to all the other hosts and switches. Are all the pings successful?
Jawaban = ya, berhasil karena masih didalam 1 kelas.
Step 5: Create and verify VLAN configuration
a. Create and name VLANs 2 and 3 on both switches.
S1(config)#vlan 2
S1(config-vlan)#name fred
S1(config-vlan)#exit
S1(config)#vlan 3
S1(config-vlan)#name wilma
S1(config-vlan)#exit
S2(config)#vlan 2
S2(config-vlan)#name fred
S2(config-vlan)#
S2(config)#
exit
vlan 3
S2(config-vlan)#name wilma
S2(config-vlan)#exit
b. Assign switch ports to VLANs. The ports connecting Hosts 1a and 2 will be assigned to VLAN 2 and the port connecting Host 1b will be assigned to VLAN 3. Save the configurations.
S1(config)#int fa0/2
S1(config-if)#switchport access vlan 2
S1(config-if)#exit
S1(config)#interface fa0/3
S1(config-if)#switchport access vlan 3
S1(config-if)#end
S1#copy running-config startup-config
S2(config)#int fa0/2
S2(config-if)#switchport access vlan 2
S2(config-if)#
S2#copy running-config startup-config
End
c. Test connectivity between devices.
1) Ping from S1 to S2.
Are the pings successful? berhasil
To what VLAN do the management interfaces of S1 and S2 belong? Host 1a
2) Ping from Host 1a to Host 2.
Are the pings successful? Ya berhasil
To what VLAN do Hosts 1a and 2 belong? Switch 1 (s1)
To what VLAN do the Fa0/1 interfaces of the switches belong? Sebagai interface S1 dan S2
If Hosts 1a and 2 belong to the same VLAN, why can’t they ping each other? Karena tidak adanya konfigurasi yang menentukan siapa yang akan menjadi gatewaynya.
3) Ping from host 1a to S1.
Are the pings successful? tidak
Why can’t Host 1a ping S1? Karena Switch 1 berfungsi hanya sebagai penerus dari S2.
Step 6: Configure and verify trunking
To allow connectivity within multiple VLANs across multiple switches, trunking can be configured. Without trunking, each VLAN requires a separate physical connection between switches.
a. Configure trunking on S1 and S2. Port Fa0/1 on S1 is already connected to port Fa0/1 on S2.
S1(config)#int Fa0/1
S1(config-if)#switchport mode trunk
S1(config-if)#end
S2(config)#int Fa0/1
S2(config-if)#switchport mode trunk
S2(config-if)#end
b. Verify the creation of the trunk with the show interfaces trunk command.
S1#show interfaces trunk
S2#show interfaces trunk
Do the trunk interfaces appear in the output? Ya, muncul
What VLAN is set as the native VLAN? 1a
What VLANs are allowed to communicate over the trunk? 1b
c. View the VLAN configuration on both switches with the show vlan command.
S1#show vlan
S2#show vlan
Do the S1 and S2 Fa0/1 interfaces appear in a VLAN? Why or why not?
Jawaban = ya muncul, karena telah diberikan perintah konfigurasi untuk memunculkan kedua swtich
d. Retest the connectivity between devices.
1) Ping from S1 to S2.
Are the pings successful? Ya berhasil
2) Ping from Host 1a to Host 2.
Are the pings successful? Ya, berhasil
3) Ping from Host 1b to Host 2.
Are the pings successful? Ya berhasil
4) Ping from Host 1a to S1.
Are the pings successful? Ya berhasil
e. The ping test should show that devices that belong to the same VLAN can now communicate with each other across switches, but devices in different VLANs cannot communicate with each other. What would have to be configured to allow devices in different VLANs to communicate with each other?
Jawaban = ayng harus dikonfigurasi ialah alamat pada NIC address
Step 7: Observe the default trunking behavior of switches
a. Previously in this lab, the Fa0/1 interfaces on the switches were manually configured for trunking. Remove that configuration with the no switchport mode trunk command.
S1(config)#int Fa0/1
S1(config-if)#no switchport mode trunk
S1(config-if)#end
S2(config)#int Fa0/1
S2(config-if)#no switchport mode trunk
S2(config-if)#end
b. View the trunking status of the switch ports.
S1#show interfaces trunk
S2#show interface trunk
Are Fa0/1 on S1 and S2 in trunking mode? ya
What trunking mode did they default to?
What trunking encapsulation did they default to?
Step 8: Reflection
a. Why would trunking be configured in a network?
Jawaban= untuk menentukan switch mana yang berfungsi sebagai VLAN atau switch yang berfungsi hanya sebagai jalur transmisi dan bias memanfaat kan setiap switch yagn dimiliki untuk membentuk VLAN.
b. Does trunking allow for communication between VLANS?
Ya, itu mendukung.
c. With no configuration, from which VLAN are frames forwarded across the trunk without VLAN tagging added? Jawaban= jika tampa dikonfigurasi maka, Pc yang hanay dlam satu jalur yang bis berkomunikasi.
• Use Wireshark to capture protocol data packets as they cross the networks.
• Use Wireshark to analyze protocol data packets from the captured results.
Background / Preparation
This lab focuses on the basic configuration of the Cisco 1841 or comparable routers using Cisco IOS commands. The information in this lab applies to other routers; however, command syntax may vary. The Cisco Catalyst 2960 switch comes preconfigured and only needs to be assigned basic security information before being connected to a network.
The following resources are required:
• Cisco 2960 switch or other comparable switch
• Two Cisco 1841 or comparable routers with minimum one serial and one fast Ethernet interface
• Two Windows-based PCs, one with a terminal emulation program. Use one PC as the host, and use the other as the server.
• RJ-45-to-DB-9 connector console cable to configure the routers
• Two straight-through Ethernet cables
• One crossover Ethernet cable
• Access to the PC command prompt
• Access to PC network TCP/IP configuration
Step 1: Connect the routers and configure
a. Connect the two routers with a serial cable. RouterA will provide the clocking signal between the two routers. Use S0/0/0 on both routers to connect them.
b. Use RIP as the protocol when configuring both routers. Advertise the appropriate networks on each router.
c. Connect the Fa0/0 on RouterA with a crossover cable to the server running the Discovery Server Live CD.
d. RouterB will use a straight-through cable from its Fa0/0 to connect to the switch through the Fa0/1. Configure the routers as shown in the topology diagram above.
Step 2: Connect the host to the switch and configure
Step 3: Verify connectivity using ping
a. To verify that the network is set up successfully, ping from the host to the server.
b. If the ping is not successful, verify the connections and configurations again. Check to ensure that all cables are correct and that connections are seated. Check the host, server, and router configurations.
c. Was the ping successful?
Jawaban = ya, tes ping telah berhasil dilakukan ditandai dengan adanya replay from.
Step 4: Launch Wireshark
NOTE: Wireshark may be downloaded from the Internet at www.wireshark.org and installed on each local host. If this is not possible, Wireshark may be run from the Discovery Live CD. Check with your instructor to determine which procedure to follow.
a. If running Wireshark from the local host, double-click on the icon to begin the application and proceed to step d. If running Wireshark from the Discovery server, proceed to step b.
b. From the K Start menu on the server desktop, choose Internet> Wireshark Network Analyzer.
c. Launch Wireshark if it is not already open. If prompted for a password, enter discoverit.
d. To start data capture, go to the Capture menu click Options. The Options dialog provides a range of settings and filters that determine how much data traffic is captured.
e. Ensure that Wireshark is set to monitor the correct interface. From the Interface drop-down list, select the network adapter in use. For most computers, this will be the connected Ethernet Adapter.
f. Next, other options can be set. The two options highlighted below are worth examination: Capture packets in promiscuous mode and Enable transport name resolution.
• Setting Wireshark to capture packets in promiscuous mode
• Setting Wireshark for network name resolution
• Clicking the Start button starts the data capture process. A message box displays the progress of this process.
• Create some traffic to be captured. Issue a ping and tracert from the host and watch for routing updates.
• Clicking the Stop button terminates the capture process. The main screen is displayed.
• The PDU (or Packet) List pane at the top of the diagram displays a summary of each packet captured. By clicking on packets in this pane, you control what is displayed in the other two panes.
• The PDU (or Packet) Details pane in the middle of the diagram displays the packet selected in the Packet List Pane in more detail.
• The PDU (or Packet) Bytes pane at the bottom of the diagram displays the actual data (in hexadecimal form representing the actual binary) from the packet selected in the Packet List pane, and highlights the field selected in the Packet Details pane.
Packet List Pane
Each line in the Packet List pane corresponds to one PDU or packet of the captured data. If you select a line in this pane, additional details are displayed in the Packet Details and Packet Bytes panes. The example above shows the PDUs captured when the ping utility was used and http://www.Wireshark.org was accessed. Packet number 1 is selected in this pane. Packet Details Pane The Packet Details pane shows the current packet (selected in the Packet List pane) in a more detailed form. This pane shows the protocols and protocol fields of the selected packet. The protocols and fields of the packet are displayed using a tree, which can be expanded and collapsed. Packet Bytes Pane The Packet Bytes pane shows the data of the current packet (selected in the Packet List pane) in what is known as "hexdump" style. In this lab, this pane will not be examined in detail. However, when a more in-depth analysis is required, this displayed information is useful for examining the binary values and content of PDUs. The information captured for the data PDUs can be saved in a file. This file can then be opened in Wireshark for future analysis without the need to recapture the same data traffic again. The information displayed when a capture file is opened is the same as the original capture. When closing a data capture screen or exiting Wireshark, you are prompted to save the captured PDUs.
Step 5: Ping PDU Capture
a. Launch Wireshark.
b. Set the Capture Options as described in Step 4 and start the capture process.
c. From the command line of the host, ping the IP address of the server on the other end of the lab topology. In this case, ping the Discovery Server Live CD using the command ping 172.17.1.1.
d. After receiving the successful replies to the ping in the command-line window, stop the packet capture.
Step 6: Examine the Packet List pane
a. The Packet List pane on Wireshark should now look similar to this:
b. Look at the packets listed; we are interested in the packets numbered 3 through 10.
c. Locate the equivalent packets on the packet list on your computer. The numbers may be different.
d. From the Wireshark Packet List, answer the following questions:
3) What are the names of the two ping messages? Replay and Request
4) Are the listed source and destination IP addresses what you expected?
5) Why?
Jawaban = ya tercantum alamat IP situs yang diharapkan, karena wireshark sudah tersedia program packet list pane dan packet details pane.
Step 7: Examine the Packet Details pane
a. Select (highlight) the first echo request packet on the list with the mouse. The Packet Detail pane will now display something similar to this:
b. Click each of the four + to expand the information. The packet Detail Pane will now be similar to:
c. Spend some time scrolling through this information. At this stage of the course, you may not fully understand the information displayed. Make a note of the information you do recognize.
d. Locate the two different types of Source and Destination.
e. Select a line in the Packets Detail pane (middle pane). Notice that all or part of the information in the Packet Bytes pane also becomes highlighted.
f. Go to the File menu and click Close.
g. Click Continue without Saving when this message box appears.
Step 8: Perform an FTP PDU Capture
a. Assuming that Wireshark is still running from the previous steps, start packet capture by clicking the Start option on the Wireshark Capture menu.
b. At the command line on your host, enter ftp 172.17.1.1. When the connection is established, enter anonymous as the user.
c. When successfully logged in, enter get /pub/Discovery_1/document_1 and press the Enter key. Note that there is a space after get. This command will start downloading the file from the ftp server. The output will look similar to:
C:\> ftp 172.17.1.1
Connected to 172.17.1.1
220 Welcome to The CCNA-Discovery FTP service.
ftp> get /pub/Discovery_1/document_1
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for pub/Discovery_1/document_1
<73 bytes>.
226 File send OK.
ftp: 73 bytes received in 0.03Seconds 2.35Kbytes/sec.
d. When the file download is complete, enter quit.
ftp> quit
221 Goodbye.
C:\>
e. Stop the PDU capture in Wireshark.
Step9: Examine the Packet List pane
a. Increase the size of the Wireshark Packet List pane and scroll through the PDUs listed.
b. Locate and note those PDUs associated with the file download. These will be the PDUs from the Layer 4 protocol TCP and the Layer 7 protocol FTP.
c. Identify the three groups of PDUs associated with the file transfer. The first group is associated with the connection phase and logging into the server. List examples of messages exchanged in this phase.
d. Locate and list examples of messages exchanged in the second phase that is the actual download request and the data transfer.
e. The third group of PDUs relate to logging out and breaking the connection. List examples of messages exchanged during this process.
f. Locate recurring TCP exchanges throughout the FTP process. What feature of TCP does this indicate?
Step 10: Examine Packet Details and Packet Byte panes
a. Select (highlight) a packet on the list associated with the first phase of the FTP process. View the packet details in the Packet Details pane.
b. What are the protocols encapsulated in the frame?
c. Highlight the packets containing the username and password. Examine the highlighted portion in the Packet Byte pane. What does this say about the security of this FTP login process?
NOTE: SDM Enabled Routers – If the startup-config file is erased on an SDM enabled router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands. Contact your instructor if necessary. Connect the Host to attach to Fast Ethernet switch port Fa0/2. Configure the host as shown in the topology diagram above. If this feature is not checked, only PDUs destined for this computer will be captured. If this feature is checked, all PDUs destined for this computer and all those detected by the computer NIC on the same network segment (i.e., those that "pass by" the NIC but are not destined for the computer) are captured. NOTE: As you use different intermediary devices (hubs, switches, routers) to connect end devices on a network, you will experience different Wireshark results. This option allows you to control whether or not Wireshark translates network addresses found in PDUs into names. Although this is a useful feature, the name resolution process may add extra PDUs to your captured data, perhaps distorting the analysis. There are also a number of other capture filtering and process settings available on this screen. As data PDUs are captured, the types and number are indicated in the message box. The examples show the capture of a ping process and then accessing a web page. This main display window of Wireshark has three panes. Clicking Continue without Saving closes the file or exits Wireshark without saving the displayed captured data.
As you can see, the details for each section and protocol can be expanded further. Why are there two types?
Jawaban = karena masing masing memiliki fungsi tertentu, misalnya meskipun sama sama menampilkan alamat IP address akan tetapi yang pertama berfungsi sebagai koneksi dengan alamat tujuan beserta protocol yang digunakan, sedangkan yang kedua berfungsi sebagai penerjemah dari koneksi ping alamat yang dituju.
What protocols are in the Ethernet frame?
Jawaban HTTP
For example, if the second line (+ Ethernet II) is highlighted in the Details pane, the Bytes pane now highlights the corresponding values. This example shows the particular binary values that represent that information in the PDU. At this point in the course, it is not necessary to understand this information in detail.
NOTE: Capture Options do not have to be set if continuing from previous steps of this lab.
If there was no VLAN file, this message is displayed:
The responding line prompt is: Press Enter to confirm. The response should be: Verify that the VLAN configuration was deleted in Step b using the show vlan command. If previous VLAN configuration information (other than the default management VLAN 1) is still present, you must power cycle the switch (hardware restart) instead of issuing the reload command. To power cycle the switch, remove the power cord from the back of the switch or unplug it, and then plug it back in. If the VLAN information was successfully deleted in Step b, go to Step e and restart the switch using the reload command.
NOTE: This step is not necessary if the switch was restarted using the power cycle method.
The responding line prompt is:
The responding line prompt is:
The first line of the response is:
After the switch has reloaded, the line prompt is:
The responding line prompt is:
The responding line prompt is:
The response is:
The responding line prompt is:
The responding line prompt is:
In the first line of the response is:
After the router has reloaded the line prompt is:
The responding line prompt is:
The router is ready for the assigned lab to be performed. This is the interface that a PC will connect to using a browser to bring up SDM. The PC IP address should be set to 10.10.10.2 255.255.255.248.
NOTE: An SDM router other than the 1841 may require connection to a different port to access SDM.
Replace <username> and <password> with the username and password that you want to configure.
d. Highlight a packet associated with the second phase. From any pane, locate the packet containing
the filename. What is the filename that was downloaded?
e. When finished, close the Wireshark file and continue without saving.
Step 11: Perform an HTTP PDU Capture
a. Start packet capture. Assuming that Wireshark is still running from the previous steps, start packet
capture by clicking the Start option on the Wireshark Capture menu.
b. Launch a web browser on the computer that is running Wireshark.
c. Enter the IP address of the Discovery Server 172.17.1.1 in the address box. When the webpage has
fully downloaded, stop the Wireshark packet capture.
Step 12: Examine the Packet List pane
a. Increase the size of the Wireshark Packet List pane and scroll through the PDUs listed.
b. Locate and identify the TCP and HTTP packets associated with the webpage download.
c. Note the similarity between this message exchange and the FTP exchange.
Step 13: Examine the Packet Details and Bytes panes
a. In the Packet List pane, highlight an HTTP packet that has the notation (text/html) in the Info
column.
b. In the Packet Details pane, click the + next to Line-based text data: html. When this information expands, what is displayed?
c. Examine the highlighted portion of the Byte pane. This portion shows the HTML data carried by the packet.
d. When finished, close the Wireshark file and continue without saving.
Step 14: Analyze the capture
a. Look at the capture below and examine the various protocols being used in this network.
b. List the protocols used on the network shown above.
c. Examine the capture below.
d. What two protocols are listed in this capture that was not listed in the previous capture?
e. Compare the first capture in Step 14 with the second capture. What is one noticeable difference
between the HTTP and HTTPS protocols?
Step 15: Reflection
How are the OSI and TCP/IP Layer models reflected in the captured network data provided by Wireshark?
Jawaban =
Pada wireshark disemulasikan proses pengiriman paket data sepertti halnya pada osi layer, akan tetapi pada wireshark dibagi menjadi 3 bagian, paket pertama menetukan secara umum alamat ip address dalam pengiriman data dan menggunakan protocol apa, pada paket ayng kedua jenis nya lebih merinci kepada alamat yang akan digunakan sebagai pengirim dan penerima, dan pada paket ketiga bit bit data dikalkulasikan sehingga data bisa disimpan dalam bentuk file.
Erasing and Reloading the Switch For the majority of the labs in CCNA Discovery, it is necessary to start with an unconfigured switch. Using a switch with an existing configuration may produce unpredictable results. The following instructions prepare the switch prior to performing the lab so that previous configuration options do not interfere. Instructions are provided for the 2900 and 2950 series switches.
a. Enter into privileged EXEC mode by typing enable. If prompted for a password, enter class (if that does not work, ask the instructor).
Switch>enable
b. Remove the VLAN database information file.
Switch#delete flash:vlan.dat
Delete filename [vlan.dat]?[Enter]
Delete flash:vlan.dat? [confirm] [Enter]
%Error deleting flash:vlan.dat (No such file or directory)
c. Remove the switch startup configuration file from NVRAM.
Switch#erase startup-config
Erasing the nvram filesystem will remove all files! Continue? [confirm]
Erase of nvram: complete
d. Check that VLAN information was deleted.
e. Restart the software using the reload command.
1) At the privileged EXEC mode, enter the reload command:
Switch# reload
System configuration has been modified. Save? [yes/no]:
2) Type n, and then press Enter.
Proceed with reload? [confirm] [Enter]
Reload requested by console.
Would you like to enter the initial configuration dialog? [yes/no]:
3) Type n, and then press Enter.
Press RETURN to get started! [Enter]
Erasing and Reloading the Router
a. Enter the privileged EXEC mode by typing enable.
Router>enable
c. In privileged EXEC mode, enter the erase startup-config command.
Router#erase startup-config
Erasing the nvram filesystem will remove all files! Continue?
[confirm]
d. Press Enter to confirm.
Erase of nvram: complete
e. In privileged EXEC mode, enter the reload command.
Router# reload
System configuration has been modified. Save? [yes/no]:
f. Type n and then press Enter.
Proceed with reload? [confirm]
g. Press Enter to confirm.
Reload requested by console.
Would you like to enter the initial configuration dialog? [yes/no]:
h. Type n and then press Enter.
Press RETURN to get started!
i. Press Enter.
SDM Router Basic IOS Configuration to Bring Up SDM
If the startup-config is erased in an SDM router, SDM will no longer come up by default when the router is
restarted. It will be necessary to build a basic config as follows. Further details regarding the setup and use of
SDM are can be found in the SDM Quick Start Guide:
