Tuesday, September 30, 2008

Cisco 2950 Switch VLAN & Trunking Lab

Prerequisite Setup – You will configure an Ethernet router with an IP address of to E0. You will connectE0 on your Router to E0/1 on Switch1. You will then connect Switch 1 and 2 together via port FA0/12 on each. Finally, you will connect a PC with an IP of default gateway to E0/1 via Switch2.

1. In this lab, you will configure basic IOS commands on switch1 and switch2 which are Catalyst 2950 switches.
2. HyperTerminal into Switch1 (Catalyst 2950). Press enter to get into the user prompt mode.
Enter enable to get into privileged mode.
Type ? to see a list of privileged mode commands. Enter disable to go back to user mode.
> enable
# ?
# disable
3. On switch1, go into privileged mode and then into global configuration mode. Assign Switch1 a host name of 2950sw1.
Use exit or ctrl-z to get out of configuration mode.
> enable
# configure terminal
(config)# hostname 2950sw1
2950sw1(config)# exit
4. On switch1, type show running-config to see the active configuration.
2950sw1# show running-config
5. On switch1, type copy running-config startup-config to save the active configuration to NVRAM. Display the saved configuration in NVRAM
with the show startup-config command.
2950sw1# copy running-config startup-config
2950sw1# show startup-config
6. On switch1, erase the saved configuration and reload the box.
2950sw1# erase startup-config
2950sw1# reload
7. On switch1, go into privileged mode and then into global configuration mode. Reassign the switch a hostname of 2950sw1 and an enable pass of ‘cisco’ (unencrypted).
Assign the switch an IP address of with a subnet mask of
Assign the switch a default gateway of (your router’s Ethernet address).
> enable
# configure terminal
(config)# hostname 2950sw1
2950sw1(config)# enable password cisco
2950sw1(config)# interface vlan1
2950sw1(config-if)# ip address
2950sw1(config-if)# no shutdown
2950sw1(config-if)# exit
2950sw1(config)# ip default-gateway
8. On switch1, issue the show interface vlan1 command to verify that the IP address, mask, and default gateway are correct.
2950sw1# show interface vlan1
9. On switch1, issue the show interfaces command.
2950sw1# show interfaces
10. HyperTerminal into Switch 2 (Catalyst 2950). Configure it with a hostname of 2950sw2 and an enable password of cisco
(the enable password should be encrypted when displaying the configuration file). Assign an IP address of and a default gatew
> enable
# configure terminal
(config)# hostname 2950sw2
2950sw2(config)# enable secret cisco
2950sw2(config)# interface vlan1
2950sw2(config-if)# ip address
2950sw2(config-if)# no shutdown
2950sw2(config-if)# exit
2950sw2(config)# ip default-gateway
On switch2, issue the show version command.
2950sw2# show version
11. On switch4, issue the show spantree command.
2950sw4# show spantree
12. On switch2, issue the show mac-address-table command. This shows which devices are attached to which switch ports.
2950sw4# show mac-address-table
13. On switch2, permanently assign a device with MAC address 4444-4444-4444 to port fa0/5. Issue the show mac-address-table command to verify the device is in the table as a permanent entry.
2950sw2(config)# mac-address-table static 4444-4444-4444 vlan 1 int fa0/5
2950sw2(config)# exit
2950sw2# show mac-address-table
14. On switch2, configure port security for port fa0/9. The switch will ‘sticky-learn’ the MAC address of the device connected to port fa0/9 and will only allow that device to connect to the port in the future.
2950sw2(config)# interface fa0/9
2950sw2(config-if)# switchport port-security
2950sw2(config-if)# switchport port-security maximum 1

LAB VLANs and TRUNKING (Catalyst 2950 Switches)

1. In this lab, you will set up VLANs on switch1 and switch2 (Catalyst 2950 switches) and test them by pinging between your router and PC.
Your Router is connected to e0/1 on switch1 and the PC is connected to e0/1 on switch2.
Switch1 and switch2 are interconnected through their fa0/12 Fast Ethernet ports.
2. On the PC using winipcfg, configure an IP address of and a default gateway of
c:> winipcfg
3. Verify you can presently ping between the PC and your router. If you cannot ping successfully, check that your router’s Ethernet0 IP address is 197.10.1
and that the interface is enabled. Also, using the winipcfg utility, check that PC has a configured IP address of
c:> ping
4. On switch1 and switch2, issue the show vlan command. You should note that, by default, all switch ports are in VLAN1. Because your router, PC and the switch-to-switch link are all in VLAN1, you should be able to ping between the PC2 and the router.
2950swx# show vlan
5. On switch1 and switch2, set up a VTP domain called ciscokits. Verify it has been created with the show vtp status command.
2950swx# vlan database
2950swx(vlan)# vtp domain ciscokits
2950swx(vlan)# ctrl-z
2950swx# show vtp status
6. On switch1 and switch2, create VLAN 20, calling it 2950vlan. Issue the show vlan command to verify it was successfully created.
2950swx# vlan database
2950swx(vlan)# vlan 20 name 2950vlan
2950swx(vlan)# exit
2950swx# show vlan
7. On switch1 and switch2, assign the fa0/1 ports to the new VLAN you created. Your Router and PC are attached to these ports. Issue the show vlan command on both switches to verify these ports have been moved to VLAN20. .
2950swx(config)# interface fa0/1
2950swx(config-if)# switchport access vlan 20
2950swx(config-if)# ctrl-z
2950swx# show vlan
8. Now that both your router and PC are in VLAN20, try to ping from the PC to the router. It should fail.
c:> ping
9. Make the link between switch1 and switch2 a trunk line capable of carrying traffic for any VLAN.
Use the show interface fa0/12 switchport command to verify trunking is enabled on port fa0/12 on both switches.
2950swx(config)# interface fa0/12
2950swx(config-if)# switchport mode trunk
2950swx(config-if)# ctrl-z
2950swx# show interface fa0/12 switchport
10. Now ping between the PC and the router. The pings should succeed because both devices are in the same VLAN and the inter-switch link is a trunk line capable of carrying traffic for any VLAN.
c:> ping

No comments:

Your Ad Here