LAB 1 : starting our review to pass ICND1 & 2 certification

LAB1 : Basic Configuration and inter Vlan Routing:

Step by step configuration :

Configure Basic Settings, VLANs, and Trunks, Port Security on Switches and Router on a stick.

In this task, you will configure basic settings on the switches and secure administrative access to the switches. You will also configure VLANs and trunks on the switches and put PCs into different VLANs. You will enable port security on the switches to prevent unauthorized access to the LAN. Finally, you configure inter-Vlan Routing with router in a stick in BRANCH router.

Step 1:

Delete the startup configuration from the SW1 and SW2 switches. Delete the vlan.dat file from the flash memory of the switches. Reload the switches in order to boot the switches with empty configurations.

SW1#write erase


SW1#reload

Step 2:

Configure a host name (SW1, SW2) on the switches.

Switch(config)#hostname SW1


SW1(config)#






Step 3:

Configure IP addresses on both switches for management purposes. Assign the IP address to the VLAN 1 interface.

SW1(config)#interface vlan 1

SW1(config-if)#ip address 10.1.10.11 255.255.255.0


SW1(config-if)#no shutdown

Step 4:

Configure the enable password on the SW1 and SW2 switches. Use the command that will store the configured password in SHA-256 encrypted form. Use cisco as the password.

SW1(config)#enable algorithm-type sha256 secret cisco

Step 5:

Secure console access to the switches by enabling a password on the console. Use cisco as the password.

SW1(config)#line console 0
SW1(config-line)#password cisco


By default, if the switch wants you to know something, it will let you know right away. It will interrupt your work to deliver a message. Disable this behavior on both switches, using the logging synchronous command.


SW1(config-line)#logging syncronious

Step 6:

Enable SSH version 2 remote access to the SW1 and SW2 switches. Use 1024-bit RSA keys. Use cisco.com as the domain name. Telnet should not be allowed.

SW1(config)#ip domain-name cisco.com
SW1(config)#crypto key generate rsa modulus 1024

SW(config)#line vty 0 4

SW1(config-line)#transport input ssh

Step 7:

Create a local user account on the switches that will be used to authenticate users accessing the switches via SSH or Telnet. Use ccna as a username and cisco as a password. Configure all of the virtual lines for checking for username and password. Do this step on SW1 and SW2.

SW(config)#username ccna password cisco

SW(config)#line vty 0 4

SW(config-line)login local

Step 8:

Create two additional VLANs on both switches. Use VLANs 10 and 20.

SW1(config)#vlan 10

SW1(config-vlan)#exit

SW1(config)#vlan 20

SW1(config-vlan)#exit

SW1(config)#

Step 9:

Configure a trunk between SW1 and SW2 switches Allow only VLANs 1, 10, and 20 on the trunk link.

SW1(config)#interface range ethernet 0/1-2
SW1(config-if-range)#switchport 
SW1(config-if-range)#switchport trunk encapsulation dot1q 
SW1(config-if-range)#switchport mode trunk

SW1(config-if-range)#switchport trunk allowed vlan 1,10,20

Step 10:

On the SW1, configure the port connecting to PC1 as an access port. Put the port into VLAN 10.

SW1(config)#interface ethernet 0/3
SW1(config-if)#switchport 
SW1(config-if)#switchport mode access 
SW1(config-if)#switchport access vlan 10

Step 11:

On the SW2, configure the port connecting to PC2 as an access port. Put the port into VLAN 20.

SW1(config)#interface ethernet 0/2
SW1(config-if)#switchport 
SW1(config-if)#switchport mode access 
SW1(config-if)#switchport access vlan 20

Step 12:

On the SW1 and SW2 switches, enable port security on the interfaces connecting to the PCs (FastEthernet0/1) in order to allow only PCs to connect to the switches. Use the following port security parameters:Violation action: Protect Maximum MAC addresses 1.

SW1(config-if)#switchport port-security 
SW1(config-if)#switchport port-security maximum 1
SW1(config-if)#switchport port-security violation protect

Step 13: 

Router on a Stick ROAS:

In SW1: Configure trunk connection between router BRANCH and Switch SW1.

SW1(config)#interface  ethernet 0/0
SW1(config-if-range)#switchport 
SW1(config-if-range)#switchport trunk encapsulation dot1q 
SW1(config-if-range)#switchport mode trunk

In Router BRANCH: Create sub interface 10 & 20 and allow routing between the Vlan 10 and Vlan 20.

BRANCH(config)#interface ethernet 0/1
BRANCH(config-if)#no shutdown 
BRANCH(config-if)#exit
BRANCH(config)#interface ethernet 0/1.10
BRANCH(config-subif)#encapsulation dot1Q 10
BRANCH(config-subif)#ip address 10.1.10.1 255.255.255.0
BRANCH(config-subif)#no shutdown 
BRANCH(config-subif)#exit
BRANCH(config)#interface ethernet 0/1.20 
BRANCH(config-subif)#encapsulation dot1Q 20 
BRANCH(config-subif)#ip address 10.1.20.1 255.255.255.0
BRANCH(config-subif)#no shutdown 
BRANCH(config-subif)#exit
BRANCH(config)#

In PCs: Configure IP address and gateway

PC1: 10.1.10.100 255.255.255.0 gateway 10.1.10.1

PC2: 10.1.20.100 255.255.255.0 gateway 10.1.20.1

Test connectivity with ping:

PC1: ping 10.1.10.1, ping 10.1.20.1, and ping PC2: 10.1.20.100.


PC2: ping 10.1.10.1, ping 10.1.20.1, and ping PC2: 10.1.10.100.

Thank you, everyone, who came and saw this article have an amazing day!

My Facebook Group: FACEBOOK

Original source: here 

Cisco,Cisco Press,Microsoft,Oracle,CompTIA,CIW,Adobe,ISC2,Linux,Cisco Press,e-learning,CCNA,CCNP,CCIE,HCNA,HCNP,HCIE,CCNP,CCIE,HCNA,HCNP,HCIE,bootcamp,IT certification,MCTS,MCITP,A+,Network+,Security+,Online tutorials for Internet,Networking,Security,Website Development,Network Design,Computers,Information Security,exams,free practice tests,router simulations,hands-on labs,CCNA,CCENT,ICND1,ICND2,CISCO,NETWORK,TEST QUESTIONS,PREPARATION STUDY GROUP