BASIC DEVICE CONFIGURATION

1.1. Configure a Switch with Initial Settings

1.1.1 Switch Boot Sequence

1.1.2 The boot system Command

1.1.3 Switch LED Indicators

1.1.4 Recovering from a System Crash

1.1.5 Switch Management Access

1.1.6 Switch SVI Configuration Example

1.1.7 Lab - Basic Switch Configuration

1.2. Configure Switch Ports

1.2.1 Duplex Communication

1.2.2 Configure Switch Ports at the Physical Layer

1.2.3 Auto-MDIX

1.2.4 Switch Verification Commands

1.2.5 Verify Switch Port Configuration

1.2.6 Network Access Layer Issues

1.2.7 Interface Input and Output Errors

1.2.8 Troubleshooting Network Access Layer Issues

1.2.9 Syntax Checker - Configure Switch Ports

1.3. Secure Remote Access

1.3.1 Telnet Operation

1.3.2 SSH Operation

1.3.3 Verify the Switch Supports SSH

1.3.4 Configure SSH

1.3.5 Verify SSH is Operational

1.3.6 Packet Tracer - Configure SSH

1.4. Basic Router Configuration

1.4.1 Configure Basic Router Settings

 1.4.2 Syntax Checker - Configure Basic Router Settings

1.4.3 Dual Stack Topology

1.4.4 Configure Router Interfaces

1.4.5 Syntax Checker - Configure Router Interfaces

1.4.6 IPv4 Loopback Interfaces

1.4.7 Packet Tracer- Configure Router Interfaces

1.5. Verify Directly Connected Networks

1.5.1 Interface Verification Commands

1.5.2 Verify Interface Status

1.5.3 Verify IPv6 Link Local and Multicast Addresses

1.5.4 Verify Interface Configuration

1.5.5 Verify Routes

1.5.6 Filter Show Command Output

1.5.7 Syntax Checker - Filter Show Command Output

1.5.8 Command History Feature

1.5.9 Syntax Checker - Command History Features

Switching Concepts

2.1. Frame Forwarding

2.1.1 Switching in Networking

2.1.2 The Switch MAC Address Table

2.1.3 The Switch Learn and Forward Method

2.1.4 Video - MAC Address Tables on Connected Switches

2.1.5 Switching Forwarding Methods

2.1.6 Store-and-Forward Switching

2.1.7 Cut-Through Switching

2.1.8 Activity - Switch It!

2.2. Collision and Broadcast Domains

2.2.1 Collision Domains

2.2.2 Broadcast Domains

2.2.3 Alleviate Network Congestion

3.1. Overview of VLANs
5/5

3.1.1 VLAN Definitions

3.1.2 Benefits of a VLAN Design

3.1.3 Types of VLANs

3.1.4 Packet Tracer - Who Hears the Broadcast?

3.2. VLANs in a Multi-Switched Environment
9/9

3.2.1 Defining VLAN Trunks

3.2.2 Network without VLANs

3.2.3 Network with VLANs

3.2.4 VLAN Identification with a Tag

3.2.5 Native VLANs and 802.1Q Tagging

3.2.6 Voice VLAN Tagging

3.2.7 Voice VLAN Verification Example

3.2.8 Packet Tracer - Investigate a VLAN Implementation

3.3. VLAN Configuration
12 / 12

3.3.1 VLAN Ranges on Catalyst Switches

3.3.2 VLAN Creation Commands

3.3.3 VLAN Creation Example

3.3.4 VLAN Port Assignment Commands

3.3.5 VLAN Port Assignment Example

3.3.6 Data and Voice VLANs

3.3.7 Data and Voice VLAN Example

 3.3.8 Verify VLAN Information

3.3.9 Change VLAN Port Membership

3.3.10 Delete VLANs

3.3.11 Syntax Checker - VLAN Configuration

3.4. VLAN Trunks
6/6

3.4.1 Trunk Configuration Commands

3.4.2 Trunk Configuration Example

3.4.3 Verify Trunk Configuration

3.4.4 Reset the Trunk to the Default State

3.4.5 Packet Tracer - Configure Trunks

3.4.6 Lab - Configure VLANs and Trunking

3.5. Dynamic Trunking Protocol

3.5.1 Introduction to DTP

3.5.2 Negotiated Interface Modes

3.5.3 Results of a DTP Configuration

3.5.4 Verify DTP Mode

3.5.5 Packet Tracer - Configure DTP

3.5.6 Check Your Understanding - Dynamic Trunking Protocol

Inter-VLAN Routing

4.1. Inter-VLAN Routing Operation

5/5

4.1.1 What is Inter-VLAN Routing?

4.1.2 Legacy Inter-VLAN Routing

4.1.3 Router-on-a-Stick Inter-VLAN Routing

4.1.4 Inter-VLAN Routing on a Layer 3 Switch

4.2. Router-on-a-Stick Inter-VLAN Routing
8/8

4.2.1 Router-on-a-Stick Scenario

 4.2.2 S1 VLAN and Trunking Configuration

4.2.3 S2 VLAN and Trunking Configuration

4.2.4 R1 Subinterface Configuration

4.2.5 Verify Connectivity Between PC1 and PC2

4.2.6 Router-on-a-Stick Inter-VLAN Routing Verification

4.3. Inter-VLAN Routing using Layer 3 Switches
8/8

4.3.1 Layer 3 Switch Inter-VLAN Routing

4.3.2 Layer 3 Switch Scenario

4.3.3 Layer 3 Switch Configuration

4.3.4 Layer 3 Switch Inter-VLAN Routing Verification

4.3.5 Routing on a Layer 3 Switch

4.3.6 Routing Scenario on a Layer 3 Switch

4.3.7 Routing Configuration on a Layer 3 Switch

5. STP CONCEPTS
6. EtherChannel
6.1. EtherChannel Operation
10 / 10

6.1.1 Link Aggregation

6.1.2 EtherChannel

6.1.3 Advantages of EtherChannel

6.1.4 Implementation Restrictions

6.1.5 AutoNegotiation Protocols

6.1.6 PAgP Operation

6.1.7 PAgP Mode Settings Example

6.1.8 LACP Operation

Configure EtherChannel
4/4

6.2.1 Configuration Guidelines

 6.2.2 LACP Configuration Example

6.2.3 Syntax Checker - Configure EtherChannel

6.3. Verify and Troubleshoot EtherChannel
4/4

6.3.1 Verify EtherChannel

6.3.2 Common Issues with EtherChannel Configurations

6.3.3 Troubleshoot EtherChannel Example

7. DHCPv4
7.2. Configure a Cisco IOS DHCPv4 Server
10 / 10

7.2.1 Cisco IOS DHCPv4 Server

7.2.2 Steps to Configure a Cisco IOS DHCPv4 Server

7.2.3 Configuration Example

7.2.4 DHCPv4 Verification Commands

7.2.5 Verify DHCPv4 is Operational

7.2.6 Syntax Checker - Configure DHCPv4

7.2.7 Disable the Cisco IOS DHCPv4 Server

7.2.8 DHCPv4 Relay

7.2.9 Other Service Broadcasts Relayed

7.2.10 Packet Tracer - Configure DHCPv4

7.3. Configure a DHCPv4 Client
4/4

7.3.1 Cisco Router as a DHCPv4 Client

7.3.2 Configuration Example

7.3.3 Home Router as a DHCPv4 Client

7.3.4 Syntax Checker - Configure a Cisco Router as DHCP Client

8. LAN Security Concepts

8.2. Access Control
7/7

8.2.1 Authentication with a Local Password

8.2.2 AAA Components

8.2.3 Authentication

8.2.4 Authorization

8.2.5 Accounting

8.2.6 802.1X
8.3. Layer 2 Security Threats
4/4

8.3.1 Layer 2 Vulnerabilities

8.3.2 Switch Attack Categories

8.3.3 Switch Attack Mitigation Techniques

8.4. MAC Address Table Attack
4/4

8.4.1 Switch Operation Review

8.4.2 MAC Address Table Flooding

8.4.3 MAC Address Table Attack Mitigation

8.5. LAN Attacks
11 / 11

8.5.1 Video - VLAN and DHCP Attacks

8.5.2 VLAN Hopping Attacks

8.5.3 VLAN Double-Tagging Attack

8.5.4 DHCP Messages

8.5.5 DHCP Attacks

8.5.6 Video - ARP Attacks, STP Attacks, and CDP Reconnaissance

8.5.7 ARP Attacks

8.5.8 Address Spoofing Attack

8.5.9 STP Attack

8.5.10 CDP Reconnaissance

WLAN Configuration
9.1. Remote Site WLAN Configuration

9.1.1 Video - Configure a Wireless Network

9.1.2 The Wireless Router

9.1.3 Log in to the Wireless Router

9.1.4 Basic Network Setup

9.1.5 Basic Wireless Setup

9.1.6 Configure a Wireless Mesh Network

9.1.7 NAT for IPv4

9.1.8 Quality of Service

9.1.9 Port Forwarding

9.2. Configure a Basic WLAN on the WLC
7/7

9.2.1 Video - Configure a Basic WLAN on the WLC

9.2.2 WLC Topology

9.2.3 Log in to the WLC

9.2.4 View AP Information

9.2.5 Advanced Settings

9.2.6 Configure a WLAN

9.3. Configure a WPA2 Enterprise WLAN on the WLC
12 / 12

9.3.1 Video - Define an SNMP and RADIUS Server on the WLC

9.3.2 SNMP and RADIUS

9.3.3 Configure SNMP Server Information

9.3.4 Configure RADIUS Server Information

9.3.5 Video - Configure a VLAN for a New WLAN

9.3.6 Topology with VLAN 5 Addressing

 9.3.7 Configure a New Interface

9.3.8 Video - Configure a DHCP Scope

9.3.9 Configure a DHCP Scope

9.3.10 Video - Configure a WPA2 Enterprise WLAN

9.3.11 Configure a WPA2 Enterprise WLAN

9.3.12 Packet Tracer - Configure a WPA2 Enterprise WLAN on the WLC

9.4. Troubleshoot WLAN Issues
5/5

9.4.1 Troubleshooting Approaches

9.4.2 Wireless Client Not Connecting

9.4.3 Troubleshooting When the Network Is Slow

9.4.4 Updating Firmware

Overview of VLANs

Virtual LANs (VLANs) are a group of devices that can communicate as if each device
was attached to the same cable. VLANs are based on logical instead of physical
connections. Administrators use VLANs to segment networks based on factors such
as function, team, or application. Each VLAN is considered a separate logical
network. Any switch port can belong to a VLAN. A VLAN creates a logical broadcast
domain that can span multiple physical LAN segments. VLANs improve network
performance by separating large broadcast domains into smaller ones. Each VLAN in
a switched network corresponds to an IP network; therefore, VLAN design must use
a hierarchical network-addressing scheme. Types of VLANs include the default
VLAN, data VLANs, the native VLAN, management VLANs. and voice VLANs.

VLAN Configuration

Different Cisco Catalyst switches support various numbers of VLANs including

normal range VLANs and extended range VLANs. When configuring normal range
VLANs, the configuration details are stored in flash memory on the switch in a file
called vlan.dat. Although it is not required, it is good practice to save running
configuration changes to the startup configuration. After creating a VLAN, the next
step is to assign ports to the VLAN. There are several commands for defining a port
to be an access port and assigning it to a VLAN. VLANs are configured on the switch
port and not on the end device. An access port can belong to only one data VLAN at
a time. However, a port can also be associated to a voice VLAN. For example, a port
connected to an IP phone and an end device would be associated with two VLANs:
one for voice and one for data. After a VLAN is configured, VLAN configurations can
be validated using Cisco IOS show commands. If the switch access port has been
incorrectly assigned to a VLAN, then simply re-enter the switchport
access vlan vlan-id interface configuration command with the correct VLAN ID.
The no vlan vlan-id global configuration mode command is used to remove a VLAN
from the switch vlan.dat file.

Inter-VLAN Routing Operation

Hosts in one VLAN cannot communicate with hosts in another VLAN unless there is
a router or a Layer 3 switch to provide routing services. Inter-VLAN routing is the
process of forwarding network traffic from one VLAN to another VLAN. Three options
include legacy, router-on-a-stick, and Layer 3 switch using SVIs. Legacy used a
router with multiple Ethernet interfaces. Each router interface was connected to a
switch port in different VLANs. Requiring one physical router interface per VLAN
quickly exhausts the physical interface capacity of a router. The ‘router-on-a-stick’
inter-VLAN routing method only requires one physical Ethernet interface to route
traffic between multiple VLANs on a network. A Cisco IOS router Ethernet interface is
configured as an 802.1Q trunk and connected to a trunk port on a Layer 2 switch.
The router interface is configured using subinterfaces to identify routable VLANs. The
configured subinterfaces are software-based virtual interfaces, associated with a
single physical Ethernet interface. The modern method is Inter-VLAN routing on a
Layer 3 switch using SVIs. The SVI is created for a VLAN that exists on the switch.
The SVI performs the same functions for the VLAN as a router interface. It provides
Layer 3 processing for packets being sent to or from all switch ports associated with
that VLAN.

Inter-VLAN Routing using Layer 3 Switches

Enterprise campus LANs use Layer 3 switches to provide inter-VLAN routing. Layer 3
switches use hardware-based switching to achieve higher-packet processing rates
than routers. Capabilities of a Layer 3 switch include routing from one VLAN to
another using multiple switched virtual interfaces (SVIs) and converting a Layer 2
switchport to a Layer 3 interface (i.e., a routed port). To provide inter-VLAN routing,
Layer 3 switches use SVIs. SVIs are configured using the same interface vlan vlan-
id command used to create the management SVI on a Layer 2 switch. A Layer 3 SVI
must be created for each of the routable VLANs. To configure a switch with VLANS
and trunking, complete the following steps: create the VLANS, create the SVI VLAN
interfaces, configure access ports, and enable IP routing. From a host, verify
connectivity to a host in another VLAN using the ping command. Next, verify
connectivity with the host using the ping Windows host command. VLANs must be
advertised using static or dynamic routing. To enable routing on a Layer 3 switch, a
routed port must be configured. A routed port is created on a Layer 3 switch by
disabling the switchport feature on a Layer 2 port that is connected to another Layer
3 device. The interface can be configured with an IPv4 configuration to connect to a
router or another Layer 3 switch. To configure a Layer 3 switch to route with a router,
follow these steps: configure the routed port, enable routing, configure routing, verify
routing, and verify connectivity.

DHCPv4 Concepts

The DHCPv4 server dynamically assigns, or leases, an IPv4 address to a client from
a pool of addresses for a limited period of time chosen by the server, or until the
client no longer needs the address. The DHCPv4 lease process begins with the client
sending message requesting the services of a DHCP server. If there is a DHCPv4
server that receives the message it will respond with an IPv4 address and possible
other network configuration information. The client must contact the DHCP server
periodically to extend the lease. This lease mechanism ensures that clients that
move or power off do not keep addresses that they no longer need. When the client
boots (or otherwise wants to join a network), it begins a four-step process to obtain a
lease: DHCPDISCOVER, then DHCPOFFER, then DHCPREQUEST, and finally
DHCPACK. Prior to lease expiration, the client begins a two-step process to renew
the lease with the DHCPv4 server: DHCPREQUEST then DHCPACK.

Configure a Cisco IOS DHCPv4 Server

A Cisco router running Cisco IOS software can be configured to act as a DHCPv4
server. Use the following steps to configure a Cisco IOS DHCPv4 server: exclude
IPv4 addresses, define a DHCPv4 pool name, and configure the DHCPv4 pool.
Verify your configuration using the show running-config | section dhcp, show ip
dhcp binding, and show ip dhcp server statistics commands. The DHCPv4
service is enabled, by default. To disable the service, use the no service
dhcp global configuration mode command. In a complex hierarchical network,
enterprise servers are usually located centrally. These servers may provide DHCP,
DNS, TFTP, and FTP services for the network. Network clients are not typically on
the same subnet as those servers. In order to locate the servers and receive
services, clients often use broadcast messages. A PC is attempting to acquire an
IPv4 address from a DHCPv4 server using a broadcast message. If the router is not
configured as a DHCPv4 server, it will not forward the broadcast. If the DHCPv4
server is located on a different network, the PC cannot receive an IP address using
DHCP. The router must be configured to relay DHCPv4 messages to the DHCPv4
server. The network administrator releases all current IPv4 addressing information
using the ipconfig /release command. Next, the network administrator attempts to
renew the IPv4 addressing information with the ipconfig /renew command. A better
solution is to configure R1 with the ip helper-address address
interface configuration command. The network administrator can use the show ip
interface command to verify the configuration. The PC is now able to acquire an
IPv4 address from the DHCPv4 server as verified with the ipconfig /all command. By
default, the ip helper-address command forwards the following eight UDP services:

 Port 37: Time

 Port 49: TACACS
 Port 53: DNS
 Port 67: DHCP/BOOTP server
 Port 68: DHCP/BOOTP client
 Port 69: TFTP
 Port 137: NetBIOS name service
 Port 138: NetBIOS datagram service

\
1. Проектиране на мрежата (топология)
Офис разпределение по схема
 Office 1 – 2 компютъра + 1 принтер
 Office 2 - Office 5 – по 1 компютър + 1 принтер
 Break Room – Wi-Fi зона (с безжичен рутер/точка за достъп)
 Main Router – разположен между мрежата и интернет/ISP
 Switch – централен суич за свързване на всички устройства
 Сървъри – ще поставим поне 2 сървъра (DHCP и FTP)
2. Проектиране на мрежата (топология) по схемата
Стаите:
 Офис 1: Главен офис – има 2 компютъра
 Офис 2–5: По 1 компютър и 1 принтер
 Break Room / Kitchen: Вероятно без устройства, но ще има Wi-Fi покритие
Мрежови устройства и свързаност:
 Рутер: Един централен рутер, свързан към интернет
 Суичове: 2 суича
 Сървъри: Ще сложим сървъри в отделен VLAN ( за файлове, принтери, DHCP)
 Принтери: Един във всеки офис (Офис 1–5)
 Wi-Fi точка за достъп: в Break Room
 Жична и безжична мрежа: Жична за офисите, безжична в общите помещения
Основна конфигурация:
 Именуване на устройства
 IP схеми (напр. 192.168.1.2)
 DHCP за клиентите (освен сървърите с фиксирани IP)
 VLAN-и:
o VLAN 10 – Офиси
o VLAN 20 – Сървъри
o VLAN 30 – Принтери
o VLAN 40 – Wi-Fi
Конфигурация на суич:
 hostname SW1
 interface vlan 1
 ip address 192.168.1.2 (SBM 255.255.255.0)
 no shutdown
 Активиране на портове, описание, VLAN
 enable SSH
Конфигурация на рутер:
 hostname R1
 ip dhcp pool
Сървъри:
 DHCP сървър
 Файлов сървър
 Принт сървър
Wi-Fi:
 SSID: OfficeNet
 WPA2 шифриране
 Разделяне на мрежа от жичната с VLAN