2.9.2 Lab – Basic Switch and End Device Configuration (Answers)

Topology

 

Addressing Table

Objectives

Configure the Network's Topology

Configure Personal Computer Hosts

Configure and Verify the Basic Switch Configuration

Context / Scenario

You will construct a basic network with two hosts and two switches in this experiment. Additionally, you will establish fundamental settings such as the hostname, local passwords, and login banner. To view the current configuration, IOS version, and interface status, use the show command. Copy device settings using the copy command.

You will configure the PCs and switches in this lab with IP addresses to allow communication between the devices. Verify connection with the ping programme.

Cisco Catalyst 2960 switches running Cisco IOS Release 15.0(2) were utilised (lanbasek9 image). Other Cisco switches and Cisco IOS versions are also supported. Depending on the model and Cisco IOS version, the available commands and output may differ from what is shown in the labs.

Nota bene: Ensure that the switches have been wiped and are not configured for startup. The technique for initialising and reloading a switch is detailed in Appendix A.

Ressources Required

2 Cisco 2960 switches (with Cisco IOS Release 15.0(2) lanbasek9 image or equivalent)

2 Personal Computers (Windows with terminal emulation program, such as Tera Term)

To configure Cisco IOS devices through the console ports, use console cables.

Ethernet cables in the topology diagram

Instructor Note: The 2960 switches' Ethernet ports are self-sensing and will take either a straight-through or a cross-over cable for all connections. If the switches in the topology are not the 2960 type, a cross-over cable will almost certainly be required to link the two switches.

Instructions

The First Step is to Configure the Network Topology.

This phase will connect the devices in accordance with the network topology.

a. Turn on all devices.

All devices in the topology should be turned on. The switches do not have a power switch; they will automatically power on when the power cable is plugged in.

b. Wire the two switches together.

One end of an Ethernet cable should be connected to F0/1 on S1 and the other end to F0/1 on S2. Both switches' F0/1 lights should become yellow and then green. This signifies that the switches were properly connected.

b. Connect the personal computers to their assigned switches.

One end of the second Ethernet wire should be connected to the NIC port on PC-A. Connect the cable's opposite end to F0/6 on S1. After connecting the PC to the switch, the light for F0/6 should turn amber and then green, indicating that PC-A was connected properly.

One end of the final Ethernet wire should be connected to the NIC port on PC-B. Connect the cable's opposite end to F0/18 on S2. After connecting the PC to the switch, the light for F0/18 should turn amber and then green, indicating that the PC-B has been properly connected.

b. Inspect network connections visually.

After wiring the network devices, take a minute to thoroughly test the connections to save time troubleshooting network connectivity difficulties in the future.

Configure PC Hosts in Step 2 a. Configure the PCs' static IP addresses in accordance with the Addressing Table.

Navigate to the Control Panel on PC-A. Under the Network and Internet header in the Category view, click View network status and tasks > click Change adapter settings.

Nota bene: There are several methods to access the adapter settings in Windows.

Select Properties by right-clicking the selected network adapter.

Click Properties on the Internet Protocol Version 4 (TCP/IPv4).

Select Utilize the IP address shown below. In the IP addressing table, enter the IP address (192.168.1.10) and subnet mask (255.255.255.0) for PC-A. At this point, you may keep the default gateway blank since there is no router connected to the network. To proceed, click OK. To close the Properties window, click Close.

Rep the preceding procedures to configure PC-IP B's address.

b. Check your computer's settings and connection.

Open a Command Prompt on PC-A and use the ipconfig /all command at the prompt to validate the PC's configuration and connection.

C:\Users\Student> ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : PC-A
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet0:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
   Physical Address. . . . . . . . . : 00-05-56-B3-86-BA
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a4b0:503d:84f4:f467%6(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 50334761
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-24-EA-06-D5-00-50-56-B3-86-BA
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

To test the connectivity to PC-B, enter ping 192.168.1.11 at the prompt. The ping should be successful. If not, troubleshoot as necessary.

C:\Users\Student> ping 192.168.1.11

Pinging 192.168.1.11 with 32 bytes of data:
Reply from 192.168.11: bytes=32 time<1ms TTL=128
Reply from 192.168.11: bytes=32 time<1ms TTL=128
Reply from 192.168.11: bytes=32 time<1ms TTL=128
Reply from 192.168.11: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.1.11:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
Instructor Note: If your student does not get a response from PC-B, it may be essential to deactivate the firewall on the student's computer in order to ping between them. ( To turn off Windows Firewall, go to Control Panel > System and Security > Windows Firewall > Turn Windows Firewall on or off > Turn off Windows Firewall (not recommended).

Instructor Note: If the initial ICMP packet times out, it is possible that the destination address is being resolved by the PC. This should not occur if you ping the IP again, since it is already cached.

Configure and Verify the Switch's Basic Settings a. Incorporate the console inside the switch. Enter the configuration mode for the whole system.

Utilize Tera Term to establish a console connection to the switch from PC-A.

In privileged EXEC mode, you have access to all switch commands. The privileged EXEC command set comprises all commands available in user EXEC mode, as well as the configure command, which grants access to all other command modes. By issuing the enable command, you may enter privileged EXEC mode.
Switch> enable
Switch#
The prompt changed from Switch> to Switch# which indicates privileged EXEC mode.
Use the configuration terminal command to enter configuration mode.
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#
The prompt changed to reflect global configuration mode.
b. Give the switch a name according to the Addressing Table.
Use the hostname command to change the switch name to S1.
c. switch(config)# hostname S1 c. switch(config)# hostname S1 c. Avoid unnecessary DNS lookups.

Disable the Domain Name System (DNS) search to prevent the switch from trying to convert poorly typed commands as hostnames.

S1(config)# no ip domain-lookup d. S1(config)# no ip domain-lookup d. Local passwords must be entered. Use class as the EXEC password and cisco as the console password.

Configure passwords to prevent unwanted access to the switch.

S1(config)# enable secret class S1(config)# line con 0 S1(config-line)# password cisco S1(config-line)# login Configure and activate the SVI in accordance with the Addressing Table's specifications.

S1(config)# vlan 1 interface
S1(config-if)# 192.168.1.1 255.255.255.0 ip address S1(config-if)# no shut f. Create a login MOTD banner to alert users about potential illegal access.

A login banner, also known as a message of the day (MOTD) banner, should be designed to alert anybody attempting to access the switch that unauthorised access would not be permitted.

To identify the content of the banner message, the banner motd command needs the usage of delimiters. Any letter may be used as the delimiting character as long as it does not exist in the message. As a result, symbols such as the # are often utilised.

S1(config)# motd banner #
Enter your TEXT message here. Complete the sentence using the letter '#'.
Access without authorization is highly banned and will be punished to the fullest extent of the law. # S1(config)# exit g. # S1(config)# exit g. Configuration should be saved.

Copy the running configuration to the startup file on non-volatile random access memory using the copy command (NVRAM).

S1# copy running-config startup-config [startup-config]? [Enter]
Configuration of the building...
[OK]
S1# \sh. The current configuration is shown.

The show running-config command shows the running configuration in its entirety, one page at a time. The spacebar is used to progress the paging. Below are highlighted the commands set in Steps a–h.

S1# show running-config Configuration of the building...

!!!!!!!!!!!!!! The setting was last modified at 03:49:17 UTC on Mon Mar 1, 1993!
Version 15.0 does not have a service pad.
service service timestamps debug datetime msec timestamps no service timestamps log datetime msec password-encryption \s!
S1 as the hostname!
boot-start-marker
boot-end-marker \s!
Activate secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2 \s!
no aaa new-model system with 1500 mtu routing!
there is no ip domain lookup.

omitted output> interface Vlan 1 192.168.1.1 255.255.255.0

server ip http
ip http secure-server! motd banner
C Unauthorized access is expressly banned and will be punished to the fullest degree permitted by law.
C! line con 0 password cisco login line vty 0 4 login line vty 5 15 login The IOS version and other relevant switch information are shown.

The show version command displays the IOS version running on the switch, as well as other helpful information. Again, the spacebar will be required to navigate through the presented information.

S1# show version Cisco IOS Software, Cisco C2960 Software (C2960-LANBASEK9-M), Release Software Version 15.0(2)SE (fc1)
Technical Support: http://www.cisco.com/techsupport Cisco Systems, Inc. (c) 1986-2012.
Compiled by prod rel team on Sat 28-Jul-12 00:29

ROM: The bootloader is the C2960 boot loader.
BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(53r)SEY3, RELEASE SOFTWARE BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(53r)SEY3, RELEASE SOFTWARE (fc1)

S1 has a 1 hour, 38 minute uptime.
By powering on, the system returns to ROM. The system image file is "flash:/c2960-lanbasek9-mz.150-2.SE.bin".

This product incorporates cryptographic features and is subject to import, export, transfer, and usage restrictions under United States and local country law. Cisco's delivery of cryptographic products does not constitute authorization for third parties to import, export, distribute, or utilise encryption.
Importers, exporters, distributors, and users are all responsible for adhering to applicable US and foreign laws. By using this product, you acknowledge that you will adhere to all relevant laws and regulations. If you are unable to comply with applicable US and local regulations, immediately return this merchandise.

A description of the legislation affecting Cisco cryptographic products in the United States is available at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html.

If you want more help, please contact us at export@cisco.com.

Cisco WS-C2960-24TT-L (PowerPC405) processor with 65536K bytes of RAM (revision R0).
FCQ1628Y5LE is the identification number for the processor board.
1 Virtual Ethernet interface was last reset during power-on
24 interfaces FastEthernet
There are two Gigabit Ethernet interfaces.
The method for password recovery is enabled.

64K bytes of non-volatile flash-simulated configuration memory.
Ethernet fundamentals 0C:D9:96:E2:3D:00 MAC Address
73-12600-06 is the motherboard assembly number.
341-0097-03 is the component number for the power supply.
Serial number of the motherboard: FCQ16270N5G
Serial number of the power supply: DCA1616884D
R0 is the model revision number.
A0 is the revision number of the motherboard.
WS-C2960-24TT-L is the model number.
Serial number of the system: FCQ1628Y5LE
Part Number for the Top Assembly: 800-32797-02
A0 is the revision number for the top assembly.
Version ID: V11 CLEI Code: COM3L00BRF
0x0A is the revision number of the hardware board.

Switch Ports Model SW Version SW Image
——— ——- ——- ————— ————— 26 WS-C2960-24TT-L 15.0(2)SE C2960-LANBASEK9-M

0xF j is the configuration register. The status of the switch's linked interfaces is shown.

The show ip interface short command may be used to determine the status of connected interfaces. To move to the end of the list, use the spacebar.

S1# show ip interface short Is the IP-Address of the interface correct? Protocol Status Vlan1 192.168.1.1 YES, unset up up
FastEthernet0/1 unassigned YES unset up up
FastEthernet0/2 unassigned YES unset down down
FastEthernet0/3 unassigned YES unset down down
FastEthernet0/4 unassigned YES unset down down
FastEthernet0/5 unassigned YES unset down down
FastEthernet0/6 unassigned YES unset up up
FastEthernet0/7 unassigned YES unset down down
FastEthernet0/8 unassigned YES unset down down
FastEthernet0/9 unassigned YES unset down down
FastEthernet0/10 unassigned YES unset down down
FastEthernet0/11 unassigned YES unset down down
FastEthernet0/12 unassigned YES unset down down
FastEthernet0/13 unassigned YES unset down down
FastEthernet0/14 unassigned YES unset down down
FastEthernet0/15 unassigned YES unset down down
FastEthernet0/16 unassigned YES unset down down
FastEthernet0/17 unassigned YES unset down down
FastEthernet0/18 unassigned YES unset down down
FastEthernet0/19 unassigned YES unset down down
FastEthernet0/20 unassigned YES unset down down
FastEthernet0/21 unassigned YES unset down down
FastEthernet0/22 unassigned YES unset down down FastEthernet0/23 unassigned YES unset down down
FastEthernet0/24 unassigned YES unset down down GigabitEthernet0/1 unassigned YES unset down down GigabitEthernet0/2 unassigned YES unset down down k. S2 should be configured.

Rep for Switch S2. Ascertain that the hostname is set to S2.

l. Maintain a record of the state of the following interfaces.


m. From a PC, ping S1 and S2. The pings should be successful.



n. From a switch, ping PC-A and PC-B. The pings should be successful.

Reflection Question 
Why are certain FastEthernet ports on the switches active while others are inactive?
 When cables are attached to the FastEthernet ports, they are active until administrators actively shut them off. Otherwise, the ports would be rendered inoperable. 
 What may prevent a ping between the PCs from being sent?
 Incorrect IP address, disconnected media, switched off or administratively closed ports, firewall.