Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
AccessAdapt, Alpine, BlackDiamond, ESRP, Ethernet Everywhere, Extreme Enabled, Extreme Ethernet Everywhere,
Extreme Networks, Extreme Standby Router Protocol, Extreme Turbodrive, Extreme Velocity, ExtremeWare,
ExtremeWorks, ExtremeXOS, the Go Purple Extreme Solution, Sentriant, ServiceWatch, ScreenPlay, Summit,
SummitStack, Unified Access Architecture, Unified Access RF Manager, UniStack, Universal Port, the Extreme
Networks logo, the Alpine logo, the BlackDiamond logo, the Extreme Turbodrive logo, the Summit logos, the
Powered by ExtremeXOS logo, and the Color Purple, among others, are trademarks or registered trademarks of
Extreme Networks, Inc. or its subsidiaries in the United States and/or other countries.
Adobe, Flash, and Macromedia are registered trademarks of Adobe Systems Incorporated in the U.S. and/or other
countries. AutoCell is a trademark of AutoCell. Avaya is a trademark of Avaya, Inc. Merit is a registered trademark
of Merit Network, Inc. Internet Explorer is a registered vctrademark of Microsoft Corporation. Mozilla Firefox is a
registered trademark of the Mozilla Foundation. sFlow is a registered trademark of sFlow.org. Solaris and Java are
trademarks of Sun Microsystems, Inc. in the U.S. and other countries.
Specifications are subject to change without notice.
All other registered trademarks, trademarks, and service marks are property of their respective owners.
2009 Extreme Networks, Inc. All Rights Reserved.
ii
Table of Contents
PuTTY Console Configuration
Student Objectives .................................................................................................................... vii
Part 1: Clear the Registry ........................................................................................................... vii
Part 2: Fill the Registry with Extremes Saved Sessions................................................................ viii
Part 3: Run the PuTTY Executable............................................................................................... ix
Part 4: Establish Initial Connection to the Virtual PC ..................................................................... xi
Part 5: Virtual PC Tips ............................................................................................................... xii
1
2
6
8
13
14
15
17
21
23
26
29
30
31
33
37
43
iii
Table of Contents
59
60
61
62
63
66
83
85
86
90
94
iv
Table of Contents
123
124
125
126
128
132
136
139
140
141
142
145
147
151
Lab 13: Netlogin Using Local MAC Address Authentication Configuration Lab
Student Objectives ................................................................................................................. 155
Part 1: Setting up for Netlogin ................................................................................................ 156
Part 2: Configuring the Client Workstation ................................................................................ 157
Part 3: Displaying the Network Login Configuration ................................................................... 161
Part 4: Configuring the Network Login VLAN............................................................................. 161
Part 5: Configuring MAC Address Authentication....................................................................... 161
Part 6: Managing the Authorized MAC Addresses ...................................................................... 162
Part 7: Testing the Configuration .............................................................................................163
Part 8: Just in Case.... ............................................................................................................164
Table of Contents
189
191
193
199
202
205
206
208
210
211
214
vi
Student Objectives
In this lab, you will:
Clear the Simon Tatham directory from the registry (do this only if it already exists on your PC).
Load preconfigured PuTTY profile settings and select the proper key.
vii
4 To clear any previous version of Saved Sessions/Keys from the registry. When the Registry Editor
window opens look for Simon Tatham in the registry. Navigate to:
My Computer > HKEY_CURRENT_USER > Software > Simon Tatham
5 To clear any previous version of Saved Sessions/Keys from the registry - look for Simon Tatham in
the registry. If you do not have an entry for Simon Tatham in your registry proceed to step 7.
6 Highlight Simon Tatham; right-click and select Delete.
viii
ix
11 Using the number assigned to you by the instructor, SS-1 through SS-6, double-click on SS- {your
number} in the Saved Sessions window.
12 When you see the PuTTY Security Alert window open- click Yes.
13 When the switch console window opens, enter [the remote authentication password obtained from
your instructor] then press Enter twice.
14 To log on to the switch, enter the following:
Login: admin
password: no password -- press Enter again, this brings up SS-X (Student Switch-1 shown).
16 Go to your Start Menu > Programs > Accessories > Remote Desktop Connection.
17 In the Computer: window enter: 127.0.0.1:101X, where X is the number assigned by your instructor
(1-6), and select Connect. This example shows Student One's Virtual PC.
18 When Log On to Windows prompt appears, type User Name: student and Password: student
xi
If you choose to close the remote desktop connection to 127.0.0.101X, the best practice is to logoff the
virtual PC using Start Menu > Logoff.
xii
If for some reason the virtual machine needs to be rebooted, hold down on the ALT-CTRL-END
keys and then select the Shutdown tab and choose restart.
Student Objectives
This lab provides you with hands-on experience using the Command Line Interface (CLI) to configure
secure user accounts.
At the end of this lab, you will be able to:
Refer to the values in Table 1 to configure switch parameters for this lab.
Functional Name
Switch Name
Sales Management
SAM_1
Executive Staff
EXC_2
Accounting
ACT_3
Manufacturing Floor
MFG_4
Engineering
ENG_5
Human Resources
HUR_6
3 Enter y when asked this question: Restore all factory defaults and reboot? (y/N)
The (pending-AAA) login: prompt is a restricted login made available while the switch is still in the
process of loading remaining software components. Logging in at this point will not provide access
to switch management and configuration, and attempting to use standard login accounts will result
in failure. Wait until you see the following prompt before proceeding:
Authentication Service (AAA) on the master node is now available for login.
5 Press the Enter key until the system displays the login prompt.
6 Enter admin.
The password prompt displays.
7 The switch will not have an admin password configured. Press the Enter key.
The following displays:
This switch currently has all management methods enabled for security
reasons. Please answer these questions about the security settings you
would like to use.
Telnet is enabled by default. Telnet is unencrypted and has been the trget
of security exploits in the past.
Would you like to disable Telnet? [y/N]
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
InPkts 0
OutPkts
Gets
Sent
GetNexts 0
Sets
AuthTraps Enabled
0
0
Errors 0
AuthErrors
15 Configure the SNMP system name of the switch, by entering the following command:
configure snmp sysname <switch name>
Where <switch name> is the switch name identified for your lab group in Table 1.
16 The command line prompt with the new system name displays.
* X450a-24t.2 # configure snmp sysname <switch name>
* <switch name>.3 #
17 Verify that all the data ports are disabled, by entering the following command:
show ports configuration
18 Press the Esc key. Display the login session, by entering the following command:
show session
The switch reports all active sessions, including the user name, they type of access, and the level of
authorization as shown below:
CLI
#
Login Time
User
Type
Auth
Auth Location
================================================================================
*1
Wed Feb 20 20:36:31 2008 admin
console local dis serial
InPkts 0
Gets
0
Sent
0
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
OutPkts
0
Errors 0
GetNexts 0
Sets
0
AuthTraps Enabled
AuthErrors 0
21 Notice the new configuration setting for SNMP access, it is now enabled.
-----0
0
0
7 Enter y.
The following displays:
Saving configuration ........ done!
Configuration saved to primary.cfg successfully.
InPkts 0
Gets
0
Sent
0
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
OutPkts
0
Errors 0
GetNexts 0
Sets
0
AuthTraps Enabled
AuthErrors 0
2 Notice the configuration settings for CLI max number of login attempts, CLI max number of
sessions, and Telnet access.
3 Limit the number of CLI sessions to 2, by entering the following command:
configure cli max-sessions 2
4 Limit the number of login attempts to two, by entering the following command:
configure cli max-failed-logins 2
5 Limit Telnet connections to the virtual router VR-MGMT, by entering the following command:
configure telnet vr vr-mgmt
6 Enable the lockout on login failure feature, by entering the following command:
configure account ADMIN_X password-policy lockout-on-login-failures on
Where ADMIN_X is the name of the account created in Part 2, Step 1.
InPkts 0
Gets
0
Sent
0
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
OutPkts
0
Errors 0
GetNexts 0
Sets
0
AuthTraps Enabled
AuthErrors 0
8 Notice the configuration changes between this display and the previous for CLI max number of
login attempts, CLI max number of sessions, and Telnet access.
9 Save the configuration to nonvolatile storage, by entering the following command:
save primary
The following displays:
The configuration file primary.cfg already exists.
Do you want to save configuration to primary.cfg and overwrite it? (y/n)
10 Enter y.
The following displays:
Saving configuration ........ done!
Configuration saved to primary.cfg successfully.
Failed
-----0
0
2
16 Clear the lock on the flagged account by entering the following command:
clear account ADMIN_X lockout
17 Restore the number of CLI sessions to 8, by entering the following command:
configure cli max-sessions 8
18 Restore Telnet connections to the all virtual routers, by entering the following command:
configure telnet vr all
19 Display the switch management configuration, by entering the following command:
show management
The following displays:
CLI idle timeout
CLI max number of login attempts
CLI max number of sessions
CLI paging
CLI space-completion
CLI configuration logging
CLI scripting
CLI scripting error mode
CLI persistent mode
Telnet access
SSH access
Total Read Only Communities
Total Read Write Communities
RMON
SNMP access
SNMP Traps
SNMP v1/v2c TrapReceivers
SNMP stats:
SNMP traps:
InPkts 0
Gets
0
Sent
0
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
OutPkts
0
Errors 0
GetNexts 0
Sets
0
AuthTraps Enabled
AuthErrors 0
20 Notice the entries for CLI max number of sessions and Telnet access.
21 Save the configuration to nonvolatile storage, by entering the following command:
save primary
10
22 Enter y.
The following displays:
Saving configuration ........ done!
Configuration saved to primary.cfg successfully.
11
12
Student Objectives
This lab provides you with a hands-on experience configuring the switch for basic IP management and
to transfer configuration files.
At the end of this lab, you will be able to:
13
Functional Name
Switch Name
VLAN Name
VLAN IP Address
Sales Management
SAM_1
Mgmt
192.168.0.11/24
Executive Staff
EXC_2
Mgmt
192.168.0.12/24
Accounting
ACT_3
Mgmt
192.168.0.13/24
Manufacturing Floor
MFG_4
Mgmt
192.168.0.14/24
Engineering
ENG_5
Mgmt
192.168.0.15/24
Human Resources
HUR_6
Mgmt
192.168.0.16/24
5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch
will then display the following prompt for the password:
login: admin
password:
6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring
the switch.
14
SysHealth check:
Recovery Mode:
System Watchdog:
Enabled (Normal)
All
Enabled
Current Time:
Timezone:
Boot Time:
Boot Count:
Next Reboot:
Current State:
Image Selected:
Image Booted:
Primary ver:
Secondary ver:
OPERATIONAL
primary
primary
12.1.0.0
12.1.0.0
Config Selected:
Config Booted:
primary.cfg
Factory Default
primary.cfg
8 For your switch, notice the entries for the following parameters: system name, MAC address,
system boot time, software image selected, software image booted, switch configuration selected,
switch configuration booted, and the date the primary configuration was last saved.
15
3 Verify the IP address and mask of VLAN Mgmt by entering the following command:
show vlan mgmt
Now the default VLAN configuration displays with the Primary IP address and mask:
VLAN Interface with name Mgmt created by user
Admin State:
Enabled
Tagging:
802.1Q Tag 4095
Virtual router: VR-Mgmt
Primary IP
: 192.168.0.1X/24
IPv6:
None
STPD:
None
Protocol:
Match all unfiltered protocols
Loopback:
Disabled
NetLogin:
Disabled
QosProfile:
None configured
Flood Rate Limit QosProfile:
None configured
Ports:
1.
(Number of active ports=1)
Untag: Mgmt-port on Mgmt is active
4 Use PING to test for IP connectivity between the lab switch and the TFTP server. At the command
prompt, enter the following:
ping vr vr-mgmt 192.168.0.101
5 Notice that, because the mgmt VLAN is not a member of the default virtual router, the virtual router
vr-mgmt must be specified in the command.
6 Display the history of commands for the current session by entering the following command:
history
The command history displays.
7 Use the command recall function by pressing the up arrow key to display the show switch
command again and press the Enter key. The switch management configuration displays.
16
9 Enter n at the following prompt because we do not want to make this the default configuration:
The current selected default configuration database to boot up the system
(Lab_ECF02-X.cfg) is different than the one just saved (switch_X.cfg).
Do you want to make switch_4.cfg the default database? (y/N) No
3 Verify the file has been created by entering the following command:
ls
17
1
1
1
1
1
1
1
1
root
root
root
root
root
root
root
root
0
0
0
0
0
0
0
0
136986
117497
1400
2341
114209
67
114231
114231
Jun
Aug
Jul
Jul
Aug
Jul
Aug
Aug
13
20
28
28
8
11
25
28
08:09
09:26
14:20
14:22
08:37
02:44
09:58
11:12
Lab_IGP06-4.cfg
Lab_NTLGN-4.cfg
MFG_4a.xsf
MFG_4b.xsf
TFTPMAN-4.cfg
pim-crp.pol
primary.cfg
switch_X.cfg
6 Verify the file has been created by entering the following command:
ls
The list of files displays:
-rw-rw-rw-rw-rw-rw-rw-r--r--rw-r--r--rw-rw-rw-rw-rw-rw-rw-r--r--rw-rw-rw-
1
1
1
1
1
1
1
1
root
root
root
root
root
root
root
root
0
0
0
0
0
0
0
0
136986
117497
1400
2341
114209
114231
67
114231
Jun
Aug
Jul
Jul
Aug
Aug
Jul
Aug
13
20
28
28
8
28
11
25
08:09
09:26
14:20
14:22
08:37
11:12
02:44
09:58
Lab_IGP06-4.cfg
Lab_NTLGN-4.cfg
MFG_4a.xsf
MFG_4b.xsf
TFTPMAN-4.cfg
newname.cfg
pim-crp.pol
primary.cfg
8 Verify the file has been removed, by entering the following command:
ls
The list of files displays:
-rw-rw-rw-rw-rw-rw-rw-r--r--rw-r--r--rw-rw-rw-rw-r--r--rw-rw-rw-
18
1
1
1
1
1
1
1
root
root
root
root
root
root
root
0
0
0
0
0
0
0
136986
117497
1400
2341
114209
67
114231
Jun
Aug
Jul
Jul
Aug
Jul
Aug
13
20
28
28
8
11
25
08:09
09:26
14:20
14:22
08:37
02:44
09:58
Lab_IGP06-4.cfg
Lab_NTLGN-4.cfg
MFG_4a.xsf
MFG_4b.xsf
TFTPMAN-4.cfg
pim-crp.pol
primary.cfg
NOTE
Wait here until the instructor verifies that the configuration file has been successfully copied to the TFTP upload
directory.
10 Upon the instructors direction, download the first image file by entering the following command:
download image 192.168.0.101 summitX450-11.6.4.11.xos vr vr-mgmt secondary
Enter n at the following prompt:
Do you want to install image after downloading? (y - yes, n - no, <cr> - cancel)
11 Verify that the secondary software image version is on the switch by entering the following
command:
show switch
12 Install the downloaded image to the secondary image location by entering the following command:
install image summitX450-11.6.4.11.xos secondary
The following displays:
Installing to Switch...............................................................
...................................................................................
...................................................................................
13 Verify the secondary software image version on the switch by entering the following command:
show switch
19
SAM_1
SysHealth check:
Recovery Mode:
System Watchdog:
Enabled (Normal)
All
Enabled
Current Time:
Timezone:
Boot Time:
Boot Count:
Next Reboot:
System UpTime:
Current State:
Image Selected:
Image Booted:
Primary ver:
Secondary ver:
OPERATIONAL
secondary
primary
12.1.1.4
11.6.4.11
14 Restore the current image by entering the following command to download the second image file:
download image 192.168.0.101 summitX-12.1.1.4.xos vr vr-mgmt secondary
Enter n at the following prompt:
Do you want to install image after downloading? (y - yes, n - no, <cr> - cancel)
15 Verify that the secondary software image version is on the switch by entering the following
command:
show switch
16 Install the downloaded image to the secondary image location by entering the following command:
install image summitX-12.1.1.4.xos secondary
The following displays:
Installing to Switch...............................................................
...................................................................................
...................................................................................
17 Verify the secondary software image version on the switch by entering the following command:
show switch
20
SAM_1
SysHealth check:
Recovery Mode:
System Watchdog:
Enabled (Normal)
All
Enabled
Current Time:
Timezone:
Boot Time:
Boot Count:
Next Reboot:
System UpTime:
Current State:
Image Selected:
Image Booted:
Primary ver:
Secondary ver:
OPERATIONAL
secondary
primary
12.1.1.4
12.1.1.4
NOTE
The instructor will demonstrate how to use a text editor to edit the configuration and change the system contact
(SysContact) information in an uploaded file.
21
3 Show the list of files on the switch and verify that ECF02.xsf is there:
ls
4 Verify the current system contact by entering the following command:
show switch
The following display is an example from Lab Group 1s switch:
SysName:
SysLocation:
SysContact:
System MAC:
System Type:
SAM_1
SysHealth check:
Recovery Mode:
System Watchdog:
Enabled (Normal)
All
Enabled
Current Time:
Timezone:
Boot Time:
Boot Count:
Next Reboot:
System UpTime:
Current State:
Image Selected:
Image Booted:
Primary ver:
OPERATIONAL
primary
primary
12.1.1.4
5 Load the ASCII-formatted configuration file on the switch, by entering the following command
which is case-sensitive:
load script ECF02.xsf
Commands in the script display. Ignore any error messages.
6 Verify the new system contact by entering the following command:
show switch
22
SAM_1
SysHealth check:
Recovery Mode:
System Watchdog:
Enabled (Normal)
All
Enabled
Current Time:
Timezone:
Boot Time:
Boot Count:
Next Reboot:
System UpTime:
Current State:
Image Selected:
Image Booted:
OPERATIONAL
primary
primary
23
-rw-r--r--rw-r--r--rw-rw-rw-
1 root
1 root
1 root
0
0
0
SAM_1
SysHealth check:
Recovery Mode:
System Watchdog:
Enabled (Normal)
All
Enabled
Current Time:
Timezone:
Boot Time:
Boot Count:
Next Reboot:
System UpTime:
Current State:
Image Selected:
Image Booted:
OPERATIONAL
primary
primary
24
SAM_1
Sales Management
Extreme Networks tames chaos at the edge!
00:04:96:27:B6:61
X450a-24t
SysHealth check:
Recovery Mode:
System Watchdog:
Enabled (Normal)
All
Enabled
Current Time:
Timezone:
Boot Time:
Boot Count:
Next Reboot:
System UpTime:
Current State:
Image Selected:
Image Booted:
Primary ver:
OPERATIONAL
primary
primary
12.1.1.4
25
3 While the switch is rebooting, hold down the SPACE key. The switch resets and displays the
following bootstrap prompt:
BootStrap>
boot a loader
enable features
on-line help
on-line help
on-line help
Sets which BootLoader BootStrap will boot
Reboot system (hard reset)
zmodem download
6 While the switch is rebooting, hold down the SPACE key. The switch resets and displays the
following bootRom prompt:
BootRom>
26
boot an image
Sets which BootLoader BootStrap will boot
Reboot system (hard reset)
zmodem download
display information
select configuration
enable features
on-line help
on-line help
on-line help
display command history
list contents of CF directory
change working CF directory
print working CF directory
ping remote host
configure the bootloader ip address
show the configuration of the bootloader ip address
download an image
27
28
Student Objectives
This lab provides you with hands-on experience to configure physical port parameters, create a
dynamic Link Aggregation group that uses the address-based aggregation algorithm, and enable LLDP.
At the end of this lab, you will be able to:
Create a dynamic Link Aggregation group that uses the address-based algorithm
Enable LLDP
29
Switch Name
VLAN Name
VLAN IP Address
SAM_1
Default
10.0.1.11/24
10.0.1.21/24
EXC_2
Default
10.0.1.12/24
10.0.1.22/24
ACT_3
Default
10.0.1.13/24
10.0.1.23/24
MFG_4
Default
10.0.1.14/24
10.0.1.24/24
ENG_5
Default
10.0.1.15/24
10.0.1.25/24
HUR_6
Default
10.0.1.16/24
10.0.1.26/24
30
6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring
the switch.
4 Turn off auto negotiation, set the speed to 10 Mbps, and set the duplex to half by entering the
following command:
configure port 13 auto off speed 10 duplex half
5 Use the PING command again to test if the switch can still communicate with the upstream switch:
ping 10.0.1.1
The following displays:
Ping(ICMP) 10.0.1.1: 4 packets, 8 data bytes, interval 1 second(s).
44 bytes from 10.0.1.11: icmp_seq=3 Destination Host Unreachable
--- 10.0.1.1 ping statistics --4 packets transmitted, 0 received, 100% loss
round-trip min/avg/max = 0/0/0 ms
31
32
2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.
3 The utility opens a secure session window displaying the student login ID and the public key. The
tunnel is complete when the $ prompt appears:
33
5 Enter the combined IP address and unique port number identifying the target lab PC in the format
127.0.0.1:101X, where X is the lab group number assigned in Table 1:
6 Enter the login and password credentials. For all lab stations, the User Name is student and the
Password is student:
34
This batch file will automatically configure the PC IP address. The following screen will appear
while the file executes, and then close automatically when it terminates:
8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run
dialog box enter cmd to open a Command window:
35
Notice that the Lab Network interface has been assigned your lab group PC's IP address and mask
found in Table 1.
This completes the setup of the Lab Group PC.
36
from
from
from
from
10.0.1.1X:
10.0.1.1X:
10.0.1.1X:
10.0.1.1X:
bytes=32
bytes=32
bytes=32
bytes=32
time=2ms
time<1ms
time<1ms
time<1ms
TTL=255
TTL=255
TTL=255
TTL=255
4 To create a port share group with only port 13 as a member, enter the following command:
enable sharing 13 grouping 13 algorithm address-based L3_L4 lacp
The options after the algorithm parameter above specify that the link aggregation control protocol is
used to manage the port group.
The following displays:
Warning: Any config on the master port is lost (STP, IGMP Filter, IGMP Static Group,
MAC-Security, etc. etc.)
37
:
:
:
:
Yes
Yes
00:04:96:27:b6:49
1145
Lag
Actor
Actor
Partner
Partner Partner Agg
Sys-Pri Key
MAC
Sys-Pri Key
Count
-------------------------------------------------------------------------------13
X 0x03f5 00:04:96:27:bc:ce
X 0x03e9
2
================================================================================
9 Verify the dynamic link aggregation configuration by entering the following command:
show lacp lag 13
The following displays:
Lag
Actor
Actor
Partner
Partner Partner Agg
Sys-Pri Key
MAC
Sys-Pri Key
Count
-------------------------------------------------------------------------------13
X 0x03f5 00:04:96:27:bc:ce
X 0x03e9
2
Port list:
Member
Port
Rx
Sel
Mux
Actor
Partner
Port
Priority State
Logic
State
Flags
Port
-------------------------------------------------------------------------------13
0
Current
Selected
Collect-Dist
A-GSCD-- 100X
15
0
Current
Selected
Collect-Dist
A-GSCD-- 101X
================================================================================
Actor Flags: A-Activity, T-Timeout, G-Aggregation, S-Synchronization
C-Collecting, D-Distributing, F-Defaulted, E-Expired
10 Verify the identity of the load sharing master port by entering the following command:
show ports configuration no-refresh
38
11 Verify the load sharing trunk configuration by entering the following command:
show ports sharing
The following displays:
Load Sharing Monitor
Config
Current
Agg
Ld Share
Ld Share Agg
Link
Link Up
Master
Master
Control
Algorithm
Group
Mbr
State
transitions
==============================================================================
13
13
LACP
L3_L4
13
Y
A
6
L3_L4
15
Y
A
1
==============================================================================
Link State: A-Active, D-Disabled, R-Ready, NP-Port not present, L-Loopback
Load Sharing Algorithm: (L2) Layer 2 address based, (L3_L4) Layer 3 address and Layer
4 port based
Note: Layer 4 ports are not used for distribution for traffic ingressing
ports on X450-24t and X450-24x switches.
Default algorithm: L2
Number of load sharing trunks: 1
39
PDUs
Bulk
Bulk
PDUs
PDUs
:
:
:
:
:
1145
0
0
0
0
Lag
Member
Rx
Rx Drop Rx Drop Rx Drop Tx
Tx
Group
Port
Ok
PDU Err Not Up
Same MAC Sent Ok Xmit Err
-------------------------------------------------------------------------------13
13
36
0
0
0
36
0
15
33
0
0
0
34
0
================================================================================
13 From the Lab Group PC, open a command prompt window and use the following command to
generate a continuous stream of ping packets to Core Switch B:
ping t 10.0.1.2
The following displays:
Pinging 10.0.1.2 with 32 bytes of data:
Reply
Reply
Reply
Reply
from
from
from
from
10.0.1.2:
10.0.1.2:
10.0.1.2:
10.0.1.2:
bytes=32
bytes=32
bytes=32
bytes=32
time<1ms
time<1ms
time<1ms
time<1ms
TTL=255
TTL=255
TTL=255
TTL=255
14 From the Lab Group PC, open a second command prompt window and use the following command to
generate a continuous stream of ping packets to Core Switch A:
ping t 10.0.1.1
The following displays:
Pinging 10.0.1.1 with 32 bytes of data:
Reply
Reply
Reply
Reply
from
from
from
from
10.0.1.1:
10.0.1.1:
10.0.1.1:
10.0.1.1:
bytes=32
bytes=32
bytes=32
bytes=32
time<1ms
time<1ms
time<1ms
time<1ms
TTL=255
TTL=255
TTL=255
TTL=255
15 On the switch, display the port activity by entering the following command:
show ports stat
40
Port Statistics
Mon Aug 11 17:05:00 2008
Port
Link
Tx Pkt
Tx Byte
Rx Pkt
Rx Byte Rx Pkt Rx Pkt
State
Count
Count
Count
Count
Bcast Mcast
================================================================================
1
R
0
0
0
0
0
0
2
R
0
0
0
0
0
0
3
R
0
0
0
0
0
0
4
R
0
0
0
0
0
0
5
R
0
0
0
0
0
0
6
R
0
0
0
0
0
0
7
R
0
0
0
0
0
0
8
R
0
0
0
0
0
0
9
R
0
0
0
0
0
0
10
R
0
0
0
0
0
0
11
R
0
0
0
0
0
0
12
R
0
0
0
0
0
0
13
A
0
0
0
0
0
0
14
R
0
0
0
0
0
0
15
A
0
0
0
0
0
0
16
R
0
0
0
0
0
0
================================================================================
Link State: A-Active, R-Ready, NP-Port Not Present L-Loopback 0->Clear Counters
U->page up D->page down ESC->exit
17 Monitor the activity for ports 13 and 15 over a period of time to verify that the ping traffic is being
distributed across the aggregated ports. If configured correctly, the results look similar to this:
Port Statistics
Mon Aug 11 17:05:00 2008
Port
Link
Tx Pkt
Tx Byte
Rx Pkt
Rx Byte Rx Pkt Rx Pkt
State
Count
Count
Count
Count
Bcast Mcast
================================================================================
1
R
0
0
0
0
0
0
2
R
0
0
0
0
0
0
3
R
0
0
0
0
0
0
4
R
0
0
0
0
0
0
5
R
0
0
0
0
0
0
6
R
0
0
0
0
0
0
7
R
0
0
0
0
0
0
8
R
0
0
0
0
0
0
9
R
0
0
0
0
0
0
10
R
0
0
0
0
0
0
11
R
0
0
0
0
0
0
12
R
0
0
0
0
0
0
13
A
89
7340
97
8485
0
11
14
R
0
0
0
0
0
0
15
A
87
7276
92
8168
0
6
16
R
0
0
0
0
0
0
================================================================================
Link State: A-Active, R-Ready, NP-Port Not Present L-Loopback 0->Clear Counters
U->page up D->page down ESC->exit
41
Flags
Link
Link Num Num Num
Jumbo QOS
Load
State
ELSM UPS STP VLAN Proto Size profile Master
=================================================================================
1
Dm------e--fMB- ready
0
0
0
0
9216 none
2
Dm------e--fMB- ready
0
0
0
0
9216 none
3
Dm------e--fMB- ready
0
0
0
0
9216 none
4
Dm------e--fMB- ready
0
0
0
0
9216 none
5
Dm------e--fMB- ready
0
0
0
0
9216 none
6
Dm------e--fMB- ready
0
0
0
0
9216 none
7
Dm------e--fMB- ready
0
0
0
0
9216 none
8
Dm------e--fMB- ready
0
0
0
0
9216 none
9
Dm------e--fMB- ready
0
0
0
0
9216 none
10
Dm------e--fMB- ready
0
0
0
0
9216 none
11
Dm------e--fMB- ready
0
0
0
0
9216 none
12
Dm------e--fMB- ready
0
0
0
0
9216 none
13
Em-la---e--fMB- active
0
1
1
1
9216 none
13 a
14
Dm------e--fMB- ready
0
0
0
0
9216 none
15
Em-la---e--fMB- active
0
1
1
1
9216 none
13 a
16
Dm------e--fMB- ready
0
0
0
0
9216 none
17
Dm------e--fMB- ready
0
0
0
0
9216 none
18
Dm------e--fMB- ready
0
0
0
0
9216 none
19
Dm------e--fMB- ready
0
0
0
0
9216 none
20
Dm------e--fMB- ready
0
0
0
0
9216 none
21
Dm------e--fMB- ready
0
0
0
0
9216 none
22
Dm------e--fMB- ready
0
0
0
0
9216 none
23
Dm------e--fMB- ready
0
0
0
0
9216 none
24
Em------e--fMB- active
0
1
1
1
9216 none
25
Dm------e--fMB- NotPresent 0
0
0
0
9216 none
26
Dm------e--fMB- NotPresent 0
0
0
0
9216 none
===================================================================================
Flags : a - Load Sharing Algorithm address-based, D - Port Disabled,
e - Extreme Discovery Protocol Enabled, E - Port Enabled,
l - Load Sharing Enabled, m - MACLearning Enabled, f - Unicast Flooding
Enabled,M - Multicast Flooding Enabled, B - Broadcast Flooding Enabled
19 Notice that the ports in the load share group are flagged to use address-based load sharing.
20 Verify all lacp-related configuration parameters by displaying the section of the configuration file
related to lacp by entering the following command:
show configuration lacp
The following displays:
#
# Module lacp configuration.
#
configure sharing 13 lacp system-priority X
42
:
:
:
:
:
:
30 seconds
4 (used TTL = 120 seconds)
2 seconds
5 seconds
2 seconds
3
Rx
Tx
SNMP
Optional enabled transmit TLVs
Mode
Mode
Notification LLDP
802.1 802.3 MED
AvEx
============================================================================
13
Enabled
Enabled
---D-- --------- ---VLAN: Default
----- --------- ---============================================================================
Notification: (L) lldpRemTablesChange, (M) lldpXMedTopologyChangeDetected
LLDP Flags : (P) Port Description, (N) System Name, (D) System Description
(C) System Capabilities, (M) Mgmt Address
802.1 Flags : (P) Port VLAN ID, (p) Port & Protocol VLAN ID, (N) VLAN Name
802.3 Flags : (M) MAC/PHY Configuration/Status, (P) Power via MDI
(L) Link Aggregation, (F) Frame Size
MED Flags
: (C) MED Capabilities, (P) Network Policy,
(L) Location Identification, (p) Extended Power-via-MDI
AvEx Flags : (P) PoE Conservation Request, (C) Call Server, (F) File Server
(Q) 802.1Q Framing
3 Enable the advertisement of the system name by entering the following command:
configure lldp ports 13 advertise system-name
4 Verify the LLDP advertisement of the system name, by entering the following command:
show lldp port 13 detailed
43
:
:
:
:
:
:
30 seconds
4 (used TTL = 120 seconds)
2 seconds
5 seconds
2 seconds
3
Rx
Tx
SNMP
Optional enabled transmit TLVs
Mode
Mode
Notification LLDP
802.1 802.3 MED
AvEx
============================================================================
13
Enabled
Enabled
--ND-- --------- ---VLAN: Default
----- --------- ---============================================================================
Notification: (L) lldpRemTablesChange, (M) lldpXMedTopologyChangeDetected
LLDP Flags : (P) Port Description, (N) System Name, (D) System Description
(C) System Capabilities, (M) Mgmt Address
802.1 Flags : (P) Port VLAN ID, (p) Port & Protocol VLAN ID, (N) VLAN Name
802.3 Flags : (M) MAC/PHY Configuration/Status, (P) Power via MDI
(L) Link Aggregation, (F) Frame Size
MED Flags
: (C) MED Capabilities, (P) Network Policy,
(L) Location Identification, (p) Extended Power-via-MDI
AvEx Flags : (P) PoE Conservation Request, (C) Call Server, (F) File Server
(Q) 802.1Q Framing
44
Overview
You will watch a short presentation on how to set up and configure a stacked switch using
SummitStack.
Your instructor will add information and answer questions throughout the presentation.
45
46
Student Objectives
This lab provides you with hands-on experience to create FDB entries, enable and verify the locklearning feature, and enable and verify the limit-learning feature.
At the end of this lab, you will be able to:
47
Switch Name
VLAN Name
VLAN IP Address
Functional Name
Sales Management
SAM_1
Default
10.0.1.11/24
Executive Staff
EXC_2
Default
10.0.1.12/24
Accounting
ACT_3
Default
10.0.1.13/24
Manufacturing Floor
MFG_4
Default
10.0.1.14/24
Engineering
ENG_5
Default
10.0.1.15/24
Human Resources
HUR_6
Default
10.0.1.16/24
5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch
will then display the following prompt for the password:
login: admin
password:
48
Dyn: 6
Dropped: 0
Locked: 0
49
Destination
10.0.1.1
10.0.1.12
10.0.1.13
10.0.1.14
10.0.1.15
10.0.1.16
Dynamic Entries
Pending Entries
In Request
Out Request
Failed Requests
Proxy Answered
Rx Error
Rejected Count
Rejected Port
:
:
:
:
:
:
:
:
:
Mac
00:04:96:27:bc:ce
00:04:96:27:bd:0b
00:04:96:27:b7:57
00:04:96:27:b6:61
00:04:96:34:cb:64
00:04:96:34:cb:5c
6
0
26
25
2
0
0
4096
Enabled
20 minutes
Age
1
1
1
1
1
1
Static
NO
NO
NO
NO
NO
NO
VLAN
Default
Default
Default
Default
Default
Default
VID
1
1
1
1
1
1
Port
13
13
13
13
13
13
Static Entries
In Response
Out Response
:
:
13
5
Dup IP Addr
Rejected IP
Rejected I/F
:
:
:
0.0.0.0
:
:
256
Enabled
6 Use the IP/MAC address pairs in the IP ARP table to determine which MAC address belongs to
which lab group.
50
Dyn: 0
Dropped: 0
Locked: 0
NOTE
Depending upon network activity, the fbd table may contain entries even though you issued the clear fdb command.
This is due to the fact that some devices on the network transmitted packets between the time you cleared the fdb
and subsequently displayed it.
3 Use the PING command to re-populate the FDB with the MAC address of Core Switch A:
ping 10.0.1.1
NOTE
Your switch may have already repopulated the fbd due to other students or network activities.
4 Verify that only the Core Switch A MAC address is in the FDB by entering the following:
show fdb
51
5 Clear the fdb again and the lock the MAC address learned on port 13 by entering the following:
clear fdb
ping 10.0.1.1
configure ports 13 vlan default lock-learning
NOTE
In order to minimize the number of entries that find their way into the fdb, we recommend that you cut and paste
the three commands above into the cli interface on the switch. However, even if you take this precaution, you may
find that the locking feature captures more then just the MAC address of Core Switch A.
Port
13
24
Limit
State
Unlimited Locked
Unlimited Unlocked
Learned
0
0
Blackholed
5
0
Locked
1
0
NOTE
In the example above, notice that 5 MAC addresses are designated as Blackhole entries. Any MAC addresses seen
after the lock is activated will be blackholed.
7 Verify that the permanent entry and lock learning flags are set for port 13 by entering the following
command:
show fdb
52
Dyn: 2
Dropped: 0
Locked: 1
8 Use the PING command to try to communicate with each of the configured neighbor lab groups
switches by entering the following:
ping <neighbor VLAN IP address>
Example:
ping 10.0.1.1X
Where X is each neighbor lab group number in Table 1.
The following displays the ping reply, Destination Host Unreachable, when Lab Group 1 pings the
neighbor with the VLAN IP address 10.0.1.12:
NOTE
All ping attempts to neighboring switches should fail. However, this is dependent upon the entries in the fdb table.
53
Dyn: 5
Dropped: 0
Locked: 1
10 Notice in the example above, that the MAC addresses for all 5 neighbor switches have been flagged
as Blackhole for both ingress and egress. Your fdb table may vary slightly from this example.
11 Remove MAC address lock down by entering the following command:
configure ports 13 vlan default unlock-learning
12 Show the forwarding database and verify that the lockdown has been removed by entering the
following command:
show fdb
The following displays:
Mac
Vlan
Age Flags
Port / Virtual Port List
----------------------------------------------------------------------------Flags : d
x
b
D
Dyn: 0
Dropped: 0
Locked: 0
13 Notice that unlocking learning will clear the FDB of all entries.
54
Dyn: 0
Dropped: 0
Locked: 0
NOTE
Depending upon network activity you may have entries quickly repopulate even after you clear the fdb.
3 Limit the MAC address learning on port 13 to three entries by entering the following commands:
clear fdb
configure ports 13 vlan default limit-learning 3
4 Verify the configuration by entering the following command:
show vlan default security
The following displays:
Port
13
24
Limit
State
3
Unlocked
Unlimited Unlocked
Learned
0
0
Blackholed
0
0
Locked
0
0
5 Display the MAC security information for the specified port by entering the following command:
show ports 13 information detail
55
13
Virtual-router: VR-Default
Type:
UTP
Random Early drop:
Unsupported
Admin state:
Enabled with auto-speed sensing
ELSM Link State:
Up
Link State:
Active, 1Gbps, full-duplex
Link Counter: Up
2 time(s)
VLAN cfg:
auto-duplex
6 Use the PING command to try to communicate with each of the configured neighbor lab groups
switches and Core Switch A. Because the neighbor lab groups may be performing this same step
simultaneously or even before you, three or fewer PINGs may actually work. Enter the following:
ping <neighbor VLAN IP address>
Example:
ping 10.0.1.1X
Where X is each neighbor lab group number in Table 1.
7 Confirm which MAC addresses were permitted and which were blocked by displaying the
forwarding database with the following command:
show fdb
The following is an example display from Lab Group 1s switch:
Mac
Vlan
Age Flags
Port / Virtual Port List
----------------------------------------------------------------------------00:04:96:27:b6:61
Default(0001) 0020 d m
13
00:04:96:27:b7:57
Default(0001) 0061 d m Bb
13
00:04:96:27:bc:ce
Default(0001) 0076 d m Bb
13
00:04:96:27:bd:0b
Default(0001) 0020 d m
13
00:04:96:34:cb:5c
Default(0001) 0020 d m
13
00:04:96:34:cb:64
Default(0001) 0079 d m Bb
13
Flags : d
x
b
D
Dyn: 6
Dropped: 0
Locked: 0
8 Notice that the MAC addresses for 2 neighbor switches and Core Switch A have been flagged as
Blackhole for both ingress and egress in the example above.
9 Remove the limit learning on the port by entering the following command:
configure ports 13 vlan default unlimited-learning
56
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
Active
Up
Up
HelloRx(+)
1 sec
2
6
Enabled
4.0 sec
6.0 sec
19496
1
19497
0
UP: 0
DOWN: 0
3 Notice both the Link State and the ELSM Link State for this port.
NOTE
Wait here while Core Switch A is rebooted to simulate link state change.
4 Wait until the instructor gives the class direction to move forward.
5 While Core Switch A is rebooting, re-verify the status of the port by entering the following
command:
show elsm ports 13
57
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
Ready
Down
Down
HelloRx(-)
1 sec
2
6
Enabled
4.0 sec
6.0 sec
19588
1
19589
0
UP: 0
DOWN: 1
6 Notice the changes to the port Link State, ELSM Link State, ELSM State, Hello Transmit State, and
ELSM Up/Down Count.
7 After the switch has fully re-booted, verify the status of the port by entering the following command
again:
show elsm ports 13
When the link stabilizes, the following displays:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
Active
Up
Up
HelloRx(+)
1 sec
2
6
Enabled
4.0 sec
6.0 sec
19593
1
19593
1
UP: 1
DOWN: 1
8 Notice again, the changes to the port Link State, ELSM Link State, ELSM State, Hello Transmit
State, and ELSM Up/Down Count.
58
Student Objectives
A common approach to deploying Voice-Over-IP on a converged network is to configure a single,
layer 2 broadcast domain (VLAN) dedicated to the voice-enabled devices (phones, call managers, call
gateways, etc.).
This lab provides you with hands-on experience to create port-based VLANs, add ports to the VLANs,
and extend the VLANs across multiple switches.
At the end of this lab, you will be able to:
59
VLAN Name
VLAN IP Address
Lab Group PC
IP Address
SAM_1
Voice
10.0.2.11/24
10.0.2.101/24
EXC_2
Voice
10.0.2.12/24
10.0.2.102/24
ACT_3
Voice
10.0.2.13/24
10.0.2.103/24
MFG_4
Voice
10.0.2.14/24
10.0.2.104/24
ENG_5
Voice
10.0.2.15/24
10.0.2.105/24
HUR_6
Voice
10.0.2.16/24
10.0.2.106/24
60
6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring
the switch.
61
4 Notice that the assigned ports are not active, they are disabled(!) and untagged.
62
2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.
3 The utility opens a secure session window displaying the student login ID and the public key. The
tunnel is complete when the $ prompt appears:
63
5 Enter the combined IP address and unique port number identifying the target lab PC in the format
127.0.0.1:101X, where X is the lab group number assigned in Table 1:
6 Enter the login and password credentials. For all lab stations, the User Name is student and the
Password is student:
64
This batch file will automatically configure the PC IP address. The following screen will appear
while the file executes, and then close automatically when it terminates:
8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run
dialog box enter cmd to open a Command window:
65
Note that the Lab Network interface has been assigned your lab group PC's IP address and mask
found in Table 1.
This completes the setup of the Lab Group PC. Minimize this window now and return to the switch.
66
4 Upon the instructors direction, return to your Lab Group PCs desktop and open a DOS window.
Use the PING command to verify that the PC can communicate with the other configured neighbor
Lab Group PCs by entering the following:
ping <neighbor PC IP address>
Example:
ping 10.0.2.10X
Where X is each neighbor lab group number in Table 1.
The following is an example reply from Lab Group 1s PC while pinging Lab Groups 2 PC:
C:\Documents and Settings\student>ping 10.0.2.102
Pinging 10.0.2.102 with 32 bytes of data:
Reply
Reply
Reply
Reply
from
from
from
from
10.0.2.102:
10.0.2.102:
10.0.2.102:
10.0.2.102:
bytes=32
bytes=32
bytes=32
bytes=32
time<1ms
time<1ms
time<1ms
time<1ms
TTL=128
TTL=128
TTL=128
TTL=128
67
Dyn: 11
Dropped: 0
Locked: 0
6 Notice that all learned MAC addresses in the example above are from the VLAN voice.
68
Student Objectives
Frequently, todays voice-over-IP desk sets incorporate a second Ethernet port that provides
connectivity for a PC through the same switch port as the phone. However you often see the traffic for
both devices separated into VLANs, or distinct collision domains.
This lab provides you with hands-on experience to create tagged VLANs for each traffic type, add ports
to the VLANs, and extend the VLANs across multiple switches using a single physical link.
At the end of this lab, you will be able to:
Integrate a data VLAN into the network and verify the operation of the entire network.
69
Switch Name
VLAN Name
VLAN IP Address
SAM_1
Voice
10.0.2.11/24
10.0.2.101/24
Data
10.0.3.11/24
10.0.3.101/24
Voice
10.0.2.12/24
10.0.2.102/24
Data
10.0.3.12/24
10.0.3.102/24
Voice
10.0.2.13/24
10.0.2.103/24
Data
10.0.3.13/24
10.0.3.103/24
Voice
10.0.2.14/24
10.0.2.104/24
Data
10.0.3.14/24
10.0.3.104/24
Voice
10.0.2.15/24
10.0.2.105/24
Data
10.0.3.15/24
10.0.3.105/24
Voice
10.0.2.16/24
10.0.2.106/24
Data
10.0.3.16/24
10.0.3.106/24
EXC_2
ACT_3
MFG_4
ENG_5
HUR_6
70
5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch
will then display the following prompt for the password:
login: admin
password:
6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring
the switch.
2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.
71
4 From your computer's Start menu, open the Accessories folder and launch the Remote Desktop
Connect utility:
5 Enter the combined IP address and unique port number identifying the target lab PC in the format
127.0.0.1:101X, where X is the lab group number assigned in Table 1:
72
7 From the Lab PC desktop, open the Lab Networking Addressing folder. Double-click on the
Config_ECF06a-X batch file, where X is your lab group number assigned in Table 1:
This batch file will automatically configure the PC IP address. The following screen will appear
while the file executes, and then close automatically when it terminates
73
9 In the command window, display the IP interface information on the PC by entering the following
command:
ipconfig
The system displays the following:
Note that the Lab Network interface has been assigned your Lab Group PC's IP address and mask
associated with the VLAN voice found in Table 1.
This completes the first setup of the Lab Group PC. Minimize this window now and return to the
switch.
74
75
9 Upon the instructors direction, turn to the Lab Group PC and open a DOS window. Use the PING
command to verify that the PC can communicate with the other neighbor Lab Group PCs configured
in the same subnet by entering the following:
ping 10.0.2.10X
Where X is the lab group number assigned to each Lab Group in Table 1.
76
Dyn: 11
Dropped: 0
Locked: 0
12 Notice that all learned MAC addresses are from the VLAN voice.
77
VID
Protocol Addr
Flags
Proto
Ports Vir
Active rou
/Total
-------------------------------------------------------------------------------data
4093 10.0.3.1X
/24 ----------------------- ANY
0 /0
V
Default
1
------------------------------------------- ANY
0 /0
V
Mgmt
4095 ------------------------------------------- ANY
1 /1
V
voice
10
10.0.2.1X
/24 ----------------------- ANY
2 /2
V
--------------------------------------------------------------------------------
4 Configure VLAN data with a tag value of 20 by entering the following command:
configure vlan data tag 20
5 Configure port 13 as a trunk port for both VLAN voice and VLAN data by adding it as tagged in
VLAN data with the following command:
configure vlan data add ports 13 tagged
6 Verify by entering the following command:
show vlan
The following displays:
Name
VID
Protocol Addr
Flags
Proto
Ports Vir
Active rou
/Total
-------------------------------------------------------------------------------data
20
10.0.3.1X
/24 ----------------------- ANY
0 /0
V
Default
1
------------------------------------------- ANY
0 /0
V
Mgmt
4095 ------------------------------------------- ANY
1 /1
V
voice
10
10.0.2.1X
/24 ----------------------- ANY
2 /2
V
--------------------------------------------------------------------------------
CAUTION
Be careful to add the port as tagged to the second VLAN. For example, if you try to add the port untagged
(configure vlan data add ports 13) you will see the following error display:
Error: Protocol conflict when adding untagged port 13. Either add this
port as tagged or assign another protocol to this VLAN.
78
2 Assign the device-connected port to VLAN data, untagged, by entering the following command:
configure vlan data add ports 24 untagged
3 Verify the detailed configuration of VLAN data by entering the following command:
show vlan data
The following displays:
VLAN Interface with name data created by user
Admin State:
Enabled
Tagging:
802.1Q Tag 20
Virtual router: VR-Default
Primary IP
: 10.0.3.1X/24
IPv6:
None
STPD:
None
Protocol:
Match all unfiltered protocols
Loopback:
Disabled
NetLogin:
Disabled
QosProfile:
None configured
Egress Rate Limit Designated Port: None configured
Flood Rate Limit QosProfile:
None configured
Ports:
1.
(Number of active ports=1)
Untag:
*24
Tag:
*13
Flags:
(*) Active, (!) Disabled, (g) Load Sharing port
(b) Port blocked on the vlan, (m) Mac-Based port
(a) Egress traffic allowed for NetLogin
(u) Egress traffic unallowed for NetLogin
(t) Translate VLAN tag for Private-VLAN
(s) Private-VLAN System Port, (L) Loopback port
(e) Private-VLAN End Point Port
79
Dyn: 10
Dropped: 0
Locked: 0
7 On the Lab Group PC, return to the open Command Prompt window and, using the PING
command, try to ping the interface assigned to the voice subnet on each of the configured lab groups
switches by entering the following:
ping 10.0.2.1X
Where X is each lab group number assigned in Table 1.
All of these pings fail.
This is because the port to which the PCs are attached, port 24, is now associated with the VLAN
data, while the switch addresses are associated with the VLAN voice. Traffic cannot cross the
boundary between two VLANs without enabling layer 3 routing.
8 Now, return to the Lab Group PC with the open DOS window and PING the interface assigned to
the data subnet on each of the configured lab groups switches by entering the following:
ping 10.0.3.1X
All of these pings fail also.
PINGing the IP address assigned to VLAN data from the Lab Group PC also fails because these two
devices are not in the same IP network even though they are in the same broadcast domain (VLAN).
80
This batch file will automatically configure the PC IP address. The following screen will appear
while the file executes, and then close automatically when it terminates:
1 To confirm the workstation IP address, from the Start menu, click on the Run option. Enter cmd to
open a Command window:
2 In the command window, display the IP interface information on the PC by entering the following
command:
ipconfig
81
Note that the Lab Network interface has been assigned your lab group PC's IP address and mask
associated with the VLAN data found in Table 1.
This completes the reconfiguration of the Lab Group PC.
NOTE
Stop and wait here, do not proceed until all students in the class have reconfigured their Lab Group PCs.
1 Upon the Instructors direction, return to the Lab Group PC and use the PING command to verify
that the PC can communicate with all configured switch IP addresses in VLAN data:
ping 10.0.3.1X
Where X is each lab group number assigned in Table 1.
2 Finally, use the PING command to verify that the PC can communicate with each of the configured
neighbor Lab Group PCs in the 10.0.3.0/24 network by entering the following:
ping 10.0.3.10X
Where X is each lab group number assigned in Table 1.
82
Student Objectives
One deployment strategy for edge switches in a production wiring closet is to build a dual-home,
layer 2 loop to the upstream aggregation or core switches. This uses a redundant router protocol like
VRRP to forward traffic between VLANs or out to the Internet (Figure 1). When you use Spanning Tree
Protocol to resolve the loop, the failover between the two upstream paths is faster than if you extended
the layer 3 protocol all the way down to the edge switch.
In addition you will configure the core switches for six independent spanning tree domains. In this
configuration there are only six loops to resolve, as opposed to the much larger number of potential
loops that would need to be addressed if all of the links were managed by a single STPD (Figure 2).
This further reduces convergence time in the event of a lost link.
83
Focusing only on the layer-2 loop-resolution component, this lab provides with hands-on experience to
configure, enable, and verify the Spanning Tree Protocol (STP).
In this lab, you will:
Refer to the values listed in Table 1 to configure switch parameters for this lab.
Table 1: Group, Switch, OSPF VLAN, OSPF and RIP Edge and Interface Names
84
Lab
Group
Number
Switch
Name
SAM_1
2
3
VLAN
Tags
Group
STPD
sales
10
sam_st
10.0.1.1/24
10.0.1.2/24
10.0.1.101/24
EXC_2
executive
20
exc_st
10.0.2.1/24
10.0.2.2/24
10.0.2.101/24
ACT_3
accounting
30
act_st
10.0.3.1/24
10.0.3.2/24
10.0.3.101/24
MFG_4
manufacturing
40
mfg_st
10.0.4.1/24
10.0.4.2/24
10.0.4.101/24
ENG_5
engineering
50
eng_st
10.0.5.1/24
10.0.5.2/24
10.0.5.101/24
HUR_6
human_resources
60
hur_st
10.0.6.1/24
10.0.6.2/24
10.0.6.101/24
Group VLAN
Lab Group PC
CS-A IP Address CS-B IP Address IP Address
5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch
will then display the following prompt for the password:
login: admin
password:
6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring
the switch.
85
2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.
3 The utility opens a secure session window displaying the student login ID and the public key. The
tunnel is complete when the $ prompt appears:
86
5 Enter the combined IP address and unique port number identifying the target lab PC in the format
127.0.0.1:101X, where X is the lab group number assigned in Table 1:
6 Enter the login and password credentials. For all lab stations, the User Name is student and the
Password is student:
87
This batch file will automatically configure the PC IP address. The following screen will appear
while the file executes, and then close automatically when it terminates:
8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run
dialog box enter cmd to open a Command window:
88
9 In the command window, display the IP interface information on the PC by entering the following
command:
ipconfig
The system displays the following:
Note that the Lab Network interface has been assigned your lab group PC's IP address and mask
found in Table 1.
This completes the setup of the Lab Group PC.
89
Where <Group VLAN> is the group VLAN name and XX is the VLAN tag assigned to your lab group
in Table 1.
2 Create the group-specific spanning tree domain by entering the following command:
create stpd <group STPD>
Where <group STPD> is the one assigned to your lab group in Table 1.
3 Configure the operational mode for the group STP domain to be 802.1w, by entering the following
command:
configure stpd <group STPD> mode dot1w
4 Add the group VLAN and the ports interconnecting the switches to the group spanning tree
protocol domain by entering the following command:
configure stpd <group STPD> add vlan <group VLAN> ports 13,14
Example using Lab Group Number 4:
configure stpd mfg_st add vlan manufacturing ports 13,14
5 Assign the same 802.1q tag to the spanning tree domain as is assigned to the member VLAN by
entering the following command:
configure stpd <group STPD> tag <VLAN tag>
Example using Lab Group Number 4:
configure stpd mfg_st tag 40
Where <group STPD> and <VLAN tag> are the ones assigned to your lab group in Table 1.
90
Mode
State
EMISTP DISABLED
EMISTP DISABLED
Cost Flags
Priority Port ID Designated Bridge
20000 e?pp-w--- 128
800d
00:00:00:00:00:00:00:00
20000 e?pp-w--- 128
800e
00:00:00:00:00:00:00:00
Total Ports: 2
------------------------- Flags: ---------------------------1:
e=Enable, d=Disable
2: (Port role)
R=Root, D=Designated, A=Alternate, B=Backup, M=Master
3: (Config type) b=broadcast, p=point-to-point, e=edge, a=auto
4: (Oper. type)
b=broadcast, p=point-to-point, e=edge
5:
p=proposing, a=agree
6: (partner mode) d = 802.1d, w = 802.1w, m = mstp
7:
i = edgeport inconsistency
8:
S = edgeport safe guard active
s = edgeport safe guard configured but inactive
9:
B = Boundary, I = Internal
91
Mode
State
Cost Flags
Priority Port ID Designated Bridge
EMISTP FORWARDING 20000 eDpp-w--- 128
800d
80:00:00:04:96:27:b6:49
EMISTP FORWARDING 20000 eDpp-w--- 128
800e
80:00:00:04:96:27:b6:49
Total Ports: 2
------------------------- Flags: ---------------------------1:
e=Enable, d=Disable
2: (Port role)
R=Root, D=Designated, A=Alternate, B=Backup, M=Master
3: (Config type) b=broadcast, p=point-to-point, e=edge, a=auto
4: (Oper. type)
b=broadcast, p=point-to-point, e=edge
5:
p=proposing, a=agree
6: (partner mode) d = 802.1d, w = 802.1w, m = mstp
7:
i = edgeport inconsistency
8:
S = edgeport safe guard active
s = edgeport safe guard configured but inactive
9:
B = Boundary, I = Internal
Number of Ports: 2
Default Binding Mode: EMISTP
ForwardDelay: 15s
CfgBrForwardDelay: 15s
Hold time: 1s
Topology Change: FALSE
13 Notice that the BridgeID and Designated Root are the same, indicating that the switch is the root
bridge for this spanning tree domain.
92
from
from
from
from
10.0.X.1:
10.0.X.1:
10.0.X.1:
10.0.X.1:
bytes=32
bytes=32
bytes=32
bytes=32
time=2ms
time<1ms
time<1ms
time<1ms
TTL=255
TTL=255
TTL=255
TTL=255
from
from
from
from
10.0.X.2:
10.0.X.2:
10.0.X.2:
10.0.X.2:
bytes=32
bytes=32
bytes=32
bytes=32
time=1ms
time<1ms
time<1ms
time<1ms
TTL=255
TTL=255
TTL=255
TTL=255
15 On the switch, use the PING command to also verify that the switch cannot communicate with any
of the interfaces assigned to each of the configured neighbor PC IP interfaces by entering the
following:
ping 10.0.X.101
Where X is each of the neighbor lab group numbers assigned in Table 1.
The following is an example display that should occur with each ping:
Ping(ICMP) 10.0.X.101:
Packet transmit error;
Packet transmit error;
Packet transmit error;
Packet transmit error;
93
Number of Ports: 2
Default Binding Mode: EMISTP
ForwardDelay: 15s
CfgBrForwardDelay: 15s
Hold time: 1s
Topology Change: FALSE
In Part 3 above, we noted that because the BridgeID and Designated Root MAC addresses were the
same, this switch is the root bridge in this spanning tree domain. One aspect of a root bridge is that
all ports will be in the FORWARDING state; any blocked ports will be resolved on the non-root
bridges.
2 Confirm that the STPD ports are in the FORWARDING state by entering the following command:
show stpd <group STPD> ports
The following displays:
Port
13
14
Mode
State
Cost Flags
Priority Port ID Designated Bridge
EMISTP FORWARDING 20000 eDpp-w--- 128
800d
80:00:00:04:96:27:b6:49
EMISTP FORWARDING 20000 eDpp-w--- 128
800e
80:00:00:04:96:27:b6:49
Total Ports: 2
------------------------- Flags: ---------------------------1:
e=Enable, d=Disable
2: (Port role)
R=Root, D=Designated, A=Alternate, B=Backup, M=Master
3: (Config type) b=broadcast, p=point-to-point, e=edge, a=auto
4: (Oper. type)
b=broadcast, p=point-to-point, e=edge
5:
p=proposing, a=agree
6: (partner mode) d = 802.1d, w = 802.1w, m = mstp
7:
i = edgeport inconsistency
8:
S = edgeport safe guard active
s = edgeport safe guard configured but inactive
9:
B = Boundary, I = Internal
94
4 Confirm that the switch is no longer the root bridge by entering the following command:
show stpd <group STPD>
The following display is an example from Lab Group 1s switch:
Stpd: sam_st
Stp: ENABLED
Rapid Root Failover: Disabled
Operational Mode: 802.1W
802.1Q Tag: 10
Ports: 13,14
Participating Vlans: sales
Auto-bind Vlans: (none)
Bridge Priority: 49152
BridgeID:
c0:00:00:04:96:27:b6:49
Designated root:
a0:00:00:04:96:27:bc:ce
RootPathCost: 20000
Root Port: 13
MaxAge: 20s
HelloTime: 2s
CfgBrMaxAge: 20s
CfgBrHelloTime: 2s
Topology Change Time: 35s
Topology Change Detected: FALSE
Number of Topology Changes: 4
Time Since Last Topology Change: 7s
Number of Ports: 2
Default Binding Mode: EMISTP
ForwardDelay: 15s
CfgBrForwardDelay: 15s
Hold time: 1s
Topology Change: FALSE
5 Notice that the BridgeID is no longer the same as the MAC address of the Designated root and the
Bridge Priority is now 49152.
6 Confirm that the STPD ports are in the FORWARDING state by entering the following command:
show stpd <group STPD> ports
The following displays:
Port
13
14
Mode
State
Cost Flags
Priority Port ID Designated Bridge
EMISTP FORWARDING 20000 eRppaw--- 128
800d
a0:00:00:04:96:27:bc:ce
EMISTP BLOCKING
20000 eAppaw--- 128
800e
b0:00:00:04:96:27:b7:11
Total Ports: 2
7 Notice that one of the ports is now in the BLOCKING state to prevent a loop in the STP domain.
NOTE
Stop and wait here until all the students in class reach this point and the Instructor disables port 23 on CS-A.
95
Mode
State
Cost Flags
Priority Port ID Designated Bridge
EMISTP FORWARDING 20000 eRppaw--- 128
800d
a0:00:00:04:96:27:bc:ce
EMISTP FORWARDING 20000 eDpp-w--- 128
800e
c0:00:00:04:96:27:b6:49
Total Ports: 2
9 Notice that both ports are now FORWARDING to ensure connectivity between all of the switches in
the domain (the student switch, CS-A, and CS-B).
96
This lab tests your ability to configure two EAPS domains on top of a single ring topology.
A common strategy for edge switches in a production wiring closet is to use a Layer 2 loop resolution
protocol for local traffic in combination with a redundant router protocol like VRRP to forward traffic
between VLANs at the core or out to the Internet (Figure 1).
Student Objectives
In this lab, you will:
97
Refer to the values listed in Table 1 to configure specific switch parameters throughout the course of the
lab.
Table 1: Lab Group Number, Switch Name, Protected VLAN, PV Tag, Control VLAN, CV Tag, and EAPS
Domain
98
Lab
Group
Number
Switch Name
Protected VLAN
PV Tag
Control VLAN
CV Tag
EAPS
Domain
Lab PC IP Address
SAM_1
closet_1
101
ctrl_1
111
ed_1
10.100.1.101/24
EXC_2
closet_2
201
ctrl_2
211
ed_2
10.100.2.101/24
ACT_3
closet_3
301
ctrl_3
311
ed_3
10.100.3.101/24
MFG_4
closet_4
401
ctrl_4
411
ed_4
10.100.4.101/24
ENG_5
closet_5
501
ctrl_5
511
ed_5
10.100.5.101/24
HUR_6
closet_6
601
ctrl_6
611
ed_6
10.100.6.101/24
5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch
will then display the following prompt for the password:
login: admin
password:
6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring
the switch.
99
8 Examine the details of the Protected and the Control VLAN by entering the following commands:
show vlan closet_X
show vlan ctrl_X
The following is an example display for VLAN closet_X:
VLAN Interface with name closet_X created by user
Admin State:
Enabled
Tagging:
802.1Q Tag X01
Protocol:
Match all unfiltered protocols
Loopback:
Disabled
NetLogin:
Disabled
QosProfile:
None configured
Egress Rate Limit Designated Port: None configured
Flood Rate Limit QosProfile:
None configured
Ports:
2.
(Number of active ports=0)
Tag:
!13,
!14
Flags:
(*) Active, (!) Disabled, (g) Load Sharing port
100
NOTE
Both core switches CS-A and CS-B are pre-configured as transit switches for both of these EAPS domains.
3 Configure port 13 as the primary (unblocked) port to the ed_X EAPS domain:
configure eaps ed_X primary port 13
4 Configure port 14 as the secondary (blocked) port:
configure eaps ed_X secondary port 14
5 Verify the configuration for the EAPS domain by entering the following command:
show eaps ed_X
The system displays the following:
Name: ed_X
State: Idle
Running: No
Enabled: No
Mode: Master
Primary port:
13
Port status: Unknown
Tag status: Undetermined
Secondary port: 14
Port status: Unknown
Tag status: Undetermined
Hello timer interval: 1 sec 0 millisec
Fail timer interval: 3 sec
Fail Timer expiry action: Send alert
Last valid EAPS update: None till now.
EAPS Domain's Controller Vlan: Unassigned
EAPS Domain's Protected Vlan(s): Unassigned
Number of Protected Vlans: 0
6 Add the ports that will participate in the EAPS ring, tagged, to the control VLAN:
configure vlan ctrl_X add ports 13,14 tagged
The system displays the following:
7 Enter y.
8 Add the control VLAN to the EAPS domain by entering the following command:
configure eaps ed_X add control vlan ctrl_X
9 Add the protected VLAN by entering the following command:
configure eaps ed_X add protected vlan closet_X
101
3 Notice that the EAPS state is Complete and the secondary port is blocked to prevent a Layer 2 loop.
102
2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.
3 The utility opens a secure session window displaying the student login ID and the public key. The
tunnel is complete when the $ prompt appears:
103
5 Enter the combined IP address and unique port number identifying the target lab PC in the format
127.0.0.1:101X, where X is the lab group number assigned in Table 1:
6 Enter the login and password credentials. For all lab stations, the User Name is student and the
Password is student:
104
This batch file will automatically configure the PC IP address. The following screen will appear
while the file executes, and then close automatically when it terminates:
8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run
dialog box enter cmd to open a Command window:
105
10 Notice that the Lab Network interface has been assigned your lab group's IP address and mask
associated with the first EAPS domain found in Table 1.
11 On the switch, add the switch port connected to the Lab Group PC to the protected VLAN by
entering the following command:
configure vlan closet_X add ports 24 untagged
Where X is your lab group number found in Table 1.
12 Display the port statistics for both ring ports and the client port by entering the following command:
show port 13,14,24 statistics
The following displays:
Port Statistics
Tue Aug 19 11:25:12 2008
Port
Link
Tx Pkt
Tx Byte
Rx Pkt
Rx Byte Rx Pkt Rx Pkt
State
Count
Count
Count
Count
Bcast Mcast
================================================================================
13
A
157
18656
7
1396
0
3
14
A
6
1788
157
18656
4
1
24
A
5
1056
11
2060
4
1
NOTE
Ports 13 and 14 are incrementing at the rate of 1 per second, consistent with the EAPS hello packet polling
interval.
106
from
from
from
from
from
from
from
from
from
from
from
from
10.100.0.101:
10.100.0.101:
10.100.0.101:
10.100.0.101:
10.100.0.101:
10.100.0.101:
10.100.0.101:
10.100.0.101:
10.100.0.101:
10.100.0.101:
10.100.0.101:
10.100.0.101:
bytes=32
bytes=32
bytes=32
bytes=32
bytes=32
bytes=32
bytes=32
bytes=32
bytes=32
bytes=32
bytes=32
bytes=32
time=13ms TTL=127
time<1ms TTL=127
time<1ms TTL=127
time<1ms TTL=127
time<1ms TTL=127
time<1ms TTL=127
time<1ms TTL=127
time<1ms TTL=127
time<1ms TTL=127
time<1ms TTL=127
time<1ms TTL=127
time<1ms TTL=127
2 Display the port statistics for both ring ports and the client port by entering the following command:
show port 13,14,24 statistics
3 Reset the counters by pressing the 0 key. The system displays the following:
Port Statistics
Thu Aug 14 18:24:28 2008
Port
Link
Tx Pkt
Tx Byte
Rx Pkt
Rx Byte Rx Pkt Rx Pkt
State
Count
Count
Count
Count
Bcast Mcast
================================================================================
13
A
18
1764
11
1334
0
0
14
A
0
0
9
1026
0
0
24
A
9
702
9
702
0
0
4 Notice that port 13, the active port on the ring, is reporting almost twice the traffic of ports 14 and
24. This is because port 24 is only seeing PING traffic (at the rate of 1 per second) and port 14 is only
seeing EAPS hello packets (also at the rate of 1 per second), but port 13 is seeing both the PING and
EAPS hello packets.
NOTE
Wait here for the instructor to simulate a link failure between the transit switches in the core.
107
6 Display the status for the EAPS domain ed_X by entering the following command:
show eaps ed_X
The following displays:
Name: ed_X
State: Failed
Running: Yes
Enabled: Yes
Mode: Master
Primary port:
13
Port status: Up Tag status: Tagged
Secondary port: 14
Port status: Up Tag status: Tagged
Hello timer interval: 1 sec 0 millisec
Fail timer interval: 3 sec
Fail Timer expiry action: Send alert
Last update: From Master Id 00:04:96:27:b6:49, at Thu Aug 14 18:28:01 2008
EAPS Domain has following Controller Vlan:
Vlan Name
VID
ctrl_X
X11
EAPS Domain has following Protected Vlan(s):
Vlan Name
VID
closet_X
X01
Number of Protected Vlans: 1
NOTE
The ring state is now Failed and the secondary port status has been changed to Up.
7 Display the port statistics for both ring ports and the client port by entering the following command:
show port 13,14,24 statistics
108
8 Notice that port 13 is still incrementing at twice the rate of the client port, 24, indicating that the
primary path to the target device is unchanged. This is because the break in the ring did not occur
between the source and the target. Note also that port 14 is no longer receiving any packets, further
indication that there is a fault in the ring.
109
110
Student Objectives
In this lab, you will:
Enable IP forwarding
111
Table 1: Group, Switch, WAN VLAN, User VLAN Names and Interface Numbers
Lab Group
Number
Switch
Name
WAN VLAN
WAN VLAN
Interface
User VLAN
User VLAN
Interface
Lab Group
PC IP Address
NC_1
wan_1
10.0.1.2/24
data_1
10.0.101.1/24
10.0.101.11/24
OSBU_2
wan_2
10.0.2.2/24
data_2
10.0.102.1/24
10.0.102.11/24
EC_3
wan_3
10.0.3.2/24
data_3
10.0.103.1/24
10.0.103.11/24
RA_4
wan_4
10.0.4.2/24
data_4
10.0.104.1/24
10.0.104.11/24
SC_5
wan_5
10.0.5.2/24
data_5
10.0.105.1/24
10.0.105.11/24
WC_6
wan_6
10.0.6.2/24
data_6
10.0.106.1/24
10.0.106.11/24
5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch
will then display the following prompt for the password:
login: admin
password:
112
2 Notice that both VLANs have assigned ports, but do not have tags nor IP addresses.
3 Before a VLAN can function at layer 3, you must first associate it with an IP network by assigning it
an IP address. Assign an IP address to the VLAN wan_X by entering the following command:
configure vlan <wan_X> ipaddress <WAN VLAN Interface>
Example:
configure vlan wan_X ipaddress 10.0.X.2/24
Where X is your lab group number assigned in Table 1.
4 Assign an IP address to the VLAN data_X by entering the following command:
configure vlan <data_X> ipaddress <User VLAN Interface>
Example:
configure vlan data_X ipaddress 10.0.10X.1/24
Where X is your lab group number assigned in Table 1.
113
6 Display the switch route table by entering the following summary command:
show iproute
The following displays:
Ori
d
d
Destination
10.0.X.0/24
10.0.10X.0/24
Gateway
10.0.X.2
10.0.10X.1
Mtr
1
1
Flags
VLAN
-------um--- wan_X
-------um--- data_X
Duration
0d:0h:2m:14s
0d:0h:1m:29s
7 Notice that, even without IP forwarding enabled, the route table still displays directly-connected
interfaces (in this case, the User and WAN VLANs).
114
3 Notice that both the User and WAN VLANs have been assigned the flag f, indicating that IP
forwarding is enabled on these interfaces.
NOTE
The default route is a special type of static route. It instructs the switch to forward all traffic destined to
unknown routes (routes not present in the switch route table) to a specified IP address. In a single-connected,
star-hub network configuration like the one described in this lab, using the default route saves the administrator
from having to configure individual static routes for each of the five neighbor User VLANs. This way, each edge
switch only needs to forward non-local traffic to the Main Campus switch; forwarding between these networks will
be managed in the hub.
4 Add a default route to the IP route table by entering the following command:
configure iproute add default 10.0.X.1
Where X is your lab group number assigned in Table 1.
5 Notice that this IP address is in the same network assigned to WAN VLAN.
115
Destination
Default Route
10.0.X.0/24
10.0.10X.0/24
Gateway
10.0.X.1
10.0.X.2
10.0.10X.1
Mtr
1
1
1
Flags
-G---S-um---------um---------um---
VLAN
wan_X
wan_X
data_X
Duration
0d:0h:0m:17s
0d:0h:12m:30s
0d:0h:11m:46s
2 routes at length 24
7 Again, notice that the Default Route is associated with the WAN VLAN. Even though the mask is
not declared when the route is configured, the IP address is assumed to be part of the same network.
116
2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.
3 The utility opens a secure session window displaying the student login ID and the public key. The
tunnel is complete when the $ prompt appears:
117
5 Enter the combined IP address and unique port number identifying the target lab PC in the format
127.0.0.1:101X, where X is the lab group number assigned in Table 1:
6 Enter the login and password credentials. For all lab stations, the User Name is student and the
Password is student:
118
This batch file will automatically configure the PC IP address. The following screen will appear
while the file executes, and then close automatically when it terminates:
8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run
dialog box enter cmd to open a Command window:
119
Note that the Lab Network interface has been assigned your Lab Group PC's IP address and mask
found in Table 1.
This completes the setup of the Lab Group PC.
120
121
122
Refer to the values listed in Table 1 to configure switch parameters for this lab.
Table 1: Group, Switch, VLAN, Interface Names, and VLAN and PC addresses
Lab
Group
#
Switch
Name
WAN
VLAN
WAN VLAN
Interface
WAN_BU
VLAN
NC_1
wan_1
10.0.1.2/24
wanbu_1
10.0.101.11/24
OSBU_2
wan_2
10.0.2.2/24
wanbu_2
10.0.102.11/24
EC_3
wan_3
10.0.3.2/24
wanbu_3
10.0.103.11/24
RA_4
wan_4
10.0.4.2/24
wanbu_4
10.0.104.11/24
SC_5
wan_5
10.0.5.2/24
wanbu_5
10.0.105.11/24
WC_6
wan_6
10.0.6.2/24
wanbu_6
10.0.106.11/24
User VLAN
Interface
PC IP Address
123
5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch
will then display the following prompt for the password:
login: admin
password:
6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring
the switch.
124
Destination
10.0.X.0/24
10.0.1X.0/24
10.0.10X.0/24
Gateway
10.0.X.2
10.0.1X.2
10.0.10X.1
Mtr
1
1
1
Flags
-------um---------um---------um---
VLAN
wan_X
wanbu_X
data_X
Duration
0d:0h:9m:47s
0d:0h:9m:47s
0d:0h:9m:47s
4 Notice there are three directly connected networks representing the three VLANs with assigned IP
addresses in the example above.
125
3 Notice that the three VLANs have been assigned the flag f, indicating that IP forwarding is enabled
on these interfaces.
4 Configure RIP on each IP interface by entering the following commands:
configure rip add vlan data_X
configure rip add vlan wan_X
configure rip add vlan wanbu_X
Where X is your lab group number in Table 1.
5 Confirm that the VLANs were added to the RIP protocol by entering the following summary
command:
show vlan
126
6 Notice that the three VLANs have been assigned the flag r, indicating that RIP will dynamically
learn routes on these interfaces.
7 In this scenario, the second Main Campus switch will only forward traffic when the primary path to
the first switch through port 13 fails. To ensure this performance, increase the cost associated with
the secondary path by entering the following command:
configure rip wanbu_X cost 10
Where X is your lab group number in Table 1.
8 Confirm that the cost metric is changed for this VLAN by entering the following summary
command:
show rip interface wanbu_X
The following displays:
VLAN
:
RouterRIP
:
TxMode
:
Input Policy
:
Trusted GW Policy
:
Rcved Packets
:
Rcved Bad Packets
:
Secondary Interfaces:
wanbu_X
Disabled
V2
None
None
0
0
Interface
Cost
RxMode
Output Policy
Sent Trig. Updates
Sent Packets
Rcved Bad Routes
:
:
:
:
:
:
:
10.0.1X.2/24
10
V1orV2
None
0
0
0
Rcvd
Rcvd
Rcvd
Rcvd
PeerIPAddress
Age Ver Pkts
Updts
BadPkts BadRouts
--------------------------------------------------------------------------------
127
Enabled
Enabled
Enabled
30
120
Disabled
None
Poison Reverse
Aggregation
Route Timeout
Router Alert
:
:
:
:
Enabled
Disabled
180
Disabled
Protocol
Status
Cost Tag Policy
----------------------------------------------------------Direct
Disabled 0
0
none
Static
Disabled 0
0
none
OSPFIntra Disabled 0
0
none
OSPFInter Disabled 0
0
none
OSPFExt1
Disabled 0
0
none
OSPFExt2
Disabled 0
0
none
E-BGP
Disabled 0
0
none
I-BGP
Disabled 0
0
none
ISISL1
Disabled 0
0
none
ISISL2
Disabled 0
0
none
ISISL1Ext Disabled 0
0
none
ISISL2Ext Disabled 0
0
none
4 Confirm that learned routes are being added to the IP route table by entering the following
command:
show iproute
128
Destination
10.0.1.0/24
10.0.2.0/24
10.0.3.0/24
10.0.4.0/24
10.0.5.0/24
10.0.6.0/24
10.0.11.0/24
10.0.12.0/24
10.0.13.0/24
10.0.14.0/24
10.0.15.0/24
10.0.16.0/24
10.0.101.0/24
10.0.102.0/24
10.0.103.0/24
10.0.104.0/24
10.0.105.0/24
10.0.106.0/24
Gateway
10.0.6.1
10.0.6.1
10.0.6.1
10.0.6.1
10.0.6.1
10.0.6.2
10.0.16.1
10.0.16.1
10.0.16.1
10.0.16.1
10.0.16.1
10.0.16.2
10.0.6.1
10.0.6.1
10.0.6.1
10.0.6.1
10.0.6.1
10.0.106.1
Mtr
2
2
2
2
2
1
11
11
11
11
11
1
3
3
3
3
3
1
Flags
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
U------um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
U------um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
U------um--f
VLAN
wan_6
wan_6
wan_6
wan_6
wan_6
wan_6
wanbu_6
wanbu_6
wanbu_6
wanbu_6
wanbu_6
wanbu_6
wan_6
wan_6
wan_6
wan_6
wan_6
data_6
Duration
0d:0h:3m:25s
0d:0h:3m:25s
0d:0h:3m:25s
0d:0h:3m:25s
0d:0h:3m:25s
0d:0h:46m:57s
0d:0h:3m:25s
0d:0h:3m:25s
0d:0h:3m:25s
0d:0h:3m:25s
0d:0h:3m:25s
0d:0h:46m:57s
0d:0h:3m:25s
0d:0h:3m:25s
0d:0h:3m:25s
0d:0h:3m:25s
0d:0h:3m:25s
0d:0h:46m:58s
Origin(Ori): (b) BlackHole, (be) EBGP, (bg) BGP, (bi) IBGP, (bo) BOOTP
(ct) CBT, (d) Direct, (df) DownIF, (dv) DVMRP, (e1) ISISL1Ext
(e2) ISISL2Ext, (h) Hardcoded, (i) ICMP, (i1) ISISL1 (i2) ISISL2
(is) ISIS, (mb) MBGP, (mbe) MBGPExt, (mbi) MBGPInter, (mp) MPLS Lsp
(mo) MOSPF (o) OSPF, (o1) OSPFExt1, (o2) OSPFExt2
(oa) OSPFIntra, (oe) OSPFAsExt, (or) OSPFInter, (pd) PIM-DM, (ps) PIM-SM
(r) RIP, (ra) RtAdvrt, (s) Static, (sv) SLB_VIP, (un) UnKnown
(*) Preferred unicast route (@) Preferred multicast route
(#) Preferred unicast and multicast route
Flags: (B)
(L)
(P)
(T)
(f)
Mask distribution:
18 routes at length 24
Route Origin distribution:
3 routes from Direct
5 Notice that, except for the directly-connected VLAN, all of the edge data network entries are learned
via the wan_X VLAN.
129
wan_X
Enabled
V2
None
None
31
0
Interface
Cost
RxMode
Output Policy
Sent Trig. Updates
Sent Packets
Rcved Bad Routes
:
:
:
:
:
:
:
10.0.X.2/24
12
V1orV2
None
2
32
0
Rcvd
Rcvd
Rcvd
Rcvd
PeerIPAddress
Age Ver Pkts
Updts
BadPkts BadRouts
-------------------------------------------------------------------------------10.0.X.1
25 2
31
31
0
0
8 Confirm that edge routes are now being learned through the backup interface by entering the
following command:
show iproute
130
Destination
10.0.1.0/24
10.0.2.0/24
10.0.3.0/24
10.0.4.0/24
10.0.5.0/24
10.0.6.0/24
10.0.11.0/24
10.0.12.0/24
10.0.13.0/24
10.0.14.0/24
10.0.15.0/24
10.0.16.0/24
10.0.101.0/24
10.0.102.0/24
10.0.103.0/24
10.0.104.0/24
10.0.105.0/24
10.0.106.0/24
Gateway
10.0.6.1
10.0.6.1
10.0.6.1
10.0.6.1
10.0.6.1
10.0.6.2
10.0.16.1
10.0.16.1
10.0.16.1
10.0.16.1
10.0.16.1
10.0.16.2
10.0.16.1
10.0.16.1
10.0.16.1
10.0.16.1
10.0.16.1
10.0.106.1
Mtr
13
13
13
13
13
1
11
11
11
11
11
1
12
12
12
12
12
1
Flags
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
U------um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
U------um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
U------um--f
VLAN
wan_6
wan_6
wan_6
wan_6
wan_6
wan_6
wanbu_6
wanbu_6
wanbu_6
wanbu_6
wanbu_6
wanbu_6
wanbu_6
wanbu_6
wanbu_6
wanbu_6
wanbu_6
data_6
Duration
0d:0h:4m:59s
0d:0h:7m:9s
0d:0h:7m:9s
0d:0h:7m:9s
0d:0h:7m:9s
0d:1h:3m:27s
0d:0h:19m:55s
0d:0h:19m:55s
0d:0h:19m:55s
0d:0h:19m:55s
0d:0h:19m:55s
0d:1h:3m:27s
0d:0h:6m:40s
0d:0h:6m:40s
0d:0h:6m:40s
0d:0h:6m:40s
0d:0h:6m:40s
0d:1h:3m:28s
Origin(Ori): (b) BlackHole, (be) EBGP, (bg) BGP, (bi) IBGP, (bo) BOOTP
(ct) CBT, (d) Direct, (df) DownIF, (dv) DVMRP, (e1) ISISL1Ext
(e2) ISISL2Ext, (h) Hardcoded, (i) ICMP, (i1) ISISL1 (i2) ISISL2
(is) ISIS, (mb) MBGP, (mbe) MBGPExt, (mbi) MBGPInter, (mp) MPLS Lsp
(mo) MOSPF (o) OSPF, (o1) OSPFExt1, (o2) OSPFExt2
(oa) OSPFIntra, (oe) OSPFAsExt, (or) OSPFInter, (pd) PIM-DM, (ps) PIM-SM
(r) RIP, (ra) RtAdvrt, (s) Static, (sv) SLB_VIP, (un) UnKnown
(*) Preferred unicast route (@) Preferred multicast route
(#) Preferred unicast and multicast route
Flags: (B)
(L)
(P)
(T)
(f)
Mask distribution:
18 routes at length 24
Route Origin distribution:
3 routes from Direct
9 Restore the network by decreasing the cost associated with the primary path. Enter the following
command:
configure rip wan_X cost 1
Where X is your lab group number.
131
2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.
3 The utility opens a secure session window displaying the student login ID and the public key. The
tunnel is complete when the $ prompt appears:
132
5 Enter the combined IP address and unique port number identifying the target lab PC in the format
127.0.0.1:101X, where X is the lab group number assigned in Table 1:
6 Enter the login and password credentials. For all lab stations, the User Name is student and the
Password is student:
133
This batch file will automatically configure the PC IP address. The following screen will appear
while the file executes, and then close automatically when it terminates:
8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run
dialog box enter cmd to open a Command window:
134
Note that the Lab Network interface has been assigned your lab group PC's IP address and mask
found in Table 1.
This completes the setup of the Lab Group PC.
135
IP Address
10.0.10X.1
10.0.X.2
10.0.1X.2
Flags
/24 EUf---MPuRX------/24 EUf---MPuRX------/24 EUf---MPuRX-------
nSIA
0
0
0
2 Confirm which VLANs have been added to RIP and display any associated statistics by entering the
following summary command:
show rip interface
136
IP Address
data_X
wan_X
wanbu_X
10.0.10X.1
10.0.X.2
10.0.1X.2
Flags
/24 rif/24 rif/24 rif-
Sent
Packets
72
69
67
Rcvd
Packets
0
64
77
Triggered
Updates
9
6
4
Cost
1
1
10
3 Display all routes associated with or learned via RIP by entering the following command:
show rip routes
The system displays data similar to the following example which is from Lab Group 6s switch:
Ori
>r
>r
>r
>r
>r
>r
>r
>r
>r
>r
>r
>r
>r
>r
>r
>r
>r
>r
Destination
10.0.1.0/24
10.0.2.0/24
10.0.3.0/24
10.0.4.0/24
10.0.5.0/24
10.0.6.0/24
10.0.11.0/24
10.0.12.0/24
10.0.13.0/24
10.0.14.0/24
10.0.15.0/24
10.0.16.0/24
10.0.101.0/24
10.0.102.0/24
10.0.103.0/24
10.0.104.0/24
10.0.105.0/24
10.0.106.0/24
Peer
10.0.6.1
10.0.6.1
10.0.6.1
10.0.6.1
10.0.6.1
0.0.0.0
10.0.16.1
10.0.16.1
10.0.16.1
10.0.16.1
10.0.16.1
0.0.0.0
10.0.6.1
10.0.6.1
10.0.6.1
10.0.6.1
10.0.6.1
0.0.0.0
Age
3
3
3
3
3
0
14
14
14
14
14
0
3
3
3
3
3
0
Next-hop
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
137
138
Enable IP forwarding
139
Table 1: Group, Switch, VLAN, Interface Names, and VLAN and PC addresses
Lab
Group
Switch
Number Name
WAN
VLAN
WAN VLAN
Interface
WAN_BU
VLAN
NC_1
wan_1
10.0.1.2/30
wanbu_1
10.0.1.6/30
closet_1 10.1.1.1/24
10.1.1.11/24
OSBU_2 wan_2
10.0.2.2/30
wanbu_2
10.0.2.6/30
closet_2 10.2.1.1/24
10.2.1.11/24
EC_3
wan_3
10.0.3.2/30
wanbu_3
10.0.3.6/30
closet_3 10.3.1.1/24
10.3.1.11/24
RA_4
wan_4
10.0.4.2/30
wanbu_4
10.0.4.6/30
closet_4 10.4.1.1/24
10.4.1.11/24
SC_5
wan_5
10.0.5.2/30
wanbu_5
10.0.5.6/30
closet_5 10.5.1.1/24
10.5.1.11/24
WC_6
wan_6
10.0.6.2/30
wanbu_6
10.0.6.6/30
closet_6 10.6.1.1/24
10.6.1.11/24
User VLAN
Interface
PC IP Address
140
6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring
the switch.
141
Destination
10.0.X.0/30
10.0.X.4/30
10.X.1.0/24
Gateway
10.0.X.2
10.0.X.6
10.X.1.1
Mtr
1
1
1
Flags
-------um---------um---------um---
VLAN
wan_X
wanbu_X
closet_X
Duration
0d:0h:10m:38s
0d:0h:10m:38s
0d:0h:10m:38s
Origin(Ori): (b) BlackHole, (be) EBGP, (bg) BGP, (bi) IBGP, (bo) BOOTP
(ct) CBT, (d) Direct, (df) DownIF, (dv) DVMRP, (e1) ISISL1Ext
(e2) ISISL2Ext, (h) Hardcoded, (i) ICMP, (i1) ISISL1 (i2) ISISL2
(is) ISIS, (mb) MBGP, (mbe) MBGPExt, (mbi) MBGPInter, (mp) MPLS Lsp
(mo) MOSPF (o) OSPF, (o1) OSPFExt1, (o2) OSPFExt2
(oa) OSPFIntra, (oe) OSPFAsExt, (or) OSPFInter, (pd) PIM-DM, (ps) PIM-SM
(r) RIP, (ra) RtAdvrt, (s) Static, (sv) SLB_VIP, (un) UnKnown
(*) Preferred unicast route (@) Preferred multicast route
(#) Preferred unicast and multicast route
Flags: (B)
(L)
(P)
(T)
(f)
Mask distribution:
1 routes at length 24
2 routes at length 30
4 Notice there are three directly connected networks representing the three VLANs with assigned IP
addresses.
142
3 Notice that the three VLANs have been assigned the flag f, indicating that IP forwarding is enabled
on these interfaces.
4 Configure OSPF on each IP interface by entering the following commands:
configure ospf add vlan closet_X area 0.0.0.0
configure ospf add vlan wan_X area 0.0.0.0
configure ospf add vlan wanbu_X area 0.0.0.0
Where X is your lab group number assigned in Table 1.
5 Confirm that the VLANs were added to the OSPF protocol by entering the following summary
command:
show vlan
143
6 Notice that the three VLANs have been assigned the flag o, indicating that OSPF will dynamically
learn routes on these interfaces.
7 In this scenario, you want the switch to only forward traffic along the wanbu_X VLAN when the
primary path through port 13 of the wan_X VLAN fails. To ensure this performance, increase the
cost associated with the secondary path by entering the following command:
configure ospf wanbu_X cost 20
Where X is the name assigned to your lab group in Table 1.
8 Confirm that the cost metric is changed for this VLAN by entering the following summary
command:
show ospf interface
The following displays:
VLAN
closet_X
wan_X
wanbu_X
Flags : f
n
r
A
144
IP Address
10.X.1.1
10.0.X.2
10.0.X.6
-
AREA ID
/24 0.0.0.0
/30 0.0.0.0
/30 0.0.0.0
Flags
--if--if--if-
Cost
10/A
10/A
20/C
State
-------------
Neighbors
0
0
0
Enabled
10.X.1.1
No
0
6
3
Enabled
10
4
Disabled
Disabled
Disabled
Status
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
cost
0
0
0
0
0
0
0
0
0
Type
0
0
0
0
0
0
0
0
0
Tag
0
0
0
0
0
0
0
0
0
No
Automatic
No
0x0
21
30s
: 5
: 2
:
: Disabled (0)
Policy
None
None
None
None
None
None
None
None
None
5 Notice that, in the absence of an explicitly-configured value, the protocol assigns the highest-order IP
address of all configured OSPF interfaces as the RouterID.
6 Confirm that OSPF learned routes are being added to the IP route table by entering the following
command:
show iproute
145
Mtr
8
8
8
8
8
8
8
8
8
8
1
1
8
13
13
13
13
13
1
Flags
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
U------um--f
U------um--f
UG-D---um--UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
U------um--f
VLAN
wan_6
wan_6
wan_6
wan_6
wan_6
wan_6
wan_6
wan_6
wan_6
wan_6
wan_6
wanbu_6
wan_6
wan_6
wan_6
wan_6
wan_6
wan_6
closet_6
Duration
0d:0h:3m:1s
0d:0h:3m:1s
0d:0h:3m:1s
0d:0h:3m:1s
0d:0h:3m:1s
0d:0h:3m:1s
0d:0h:3m:1s
0d:0h:3m:1s
0d:0h:3m:2s
0d:0h:3m:2s
0d:1h:23m:32s
0d:1h:23m:32s
0d:0h:3m:2s
0d:0h:3m:2s
0d:0h:3m:2s
0d:0h:3m:2s
0d:0h:3m:2s
0d:0h:3m:2s
0d:1h:23m:32s
Origin(Ori): (b) BlackHole, (be) EBGP, (bg) BGP, (bi) IBGP, (bo) BOOTP
(ct) CBT, (d) Direct, (df) DownIF, (dv) DVMRP, (e1) ISISL1Ext
(e2) ISISL2Ext, (h) Hardcoded, (i) ICMP, (i1) ISISL1 (i2) ISISL2
(is) ISIS, (mb) MBGP, (mbe) MBGPExt, (mbi) MBGPInter, (mp) MPLS Lsp
(mo) MOSPF (o) OSPF, (o1) OSPFExt1, (o2) OSPFExt2
(oa) OSPFIntra, (oe) OSPFAsExt, (or) OSPFInter, (pd) PIM-DM, (ps) PIM-SM
(r) RIP, (ra) RtAdvrt, (s) Static, (sv) SLB_VIP, (un) UnKnown
(*) Preferred unicast route (@) Preferred multicast route
(#) Preferred unicast and multicast route
Flags: (B)
(L)
(P)
(T)
(f)
Mask distribution:
6 routes at length 24
13 routes at length 30
7 Notice that, except for the directly-connected VLAN, all of the edge data network entries are learned
via the wan_X VLAN.
146
2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.
3 The utility opens a secure session window displaying the student login ID and the public key. The
tunnel is complete when the $ prompt appears:
147
5 Enter the combined IP address and unique port number identifying the target lab PC in the format
127.0.0.1:101X, where X is the lab group number assigned in Table 1:
6 Enter the login and password credentials. For all lab stations, the User Name is student and the
Password is student:
148
This batch file will automatically configure the PC IP address. The following screen will appear
while the file executes, and then close automatically when it terminates:
8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run
dialog box enter cmd to open a Command window:
149
Note that the Lab Network interface has been assigned your lab group PC's IP address and mask
found in Table 1.
This completes the setup of the Lab Group PC.
150
IP Address
10.X.1.1
10.0.X.2
10.0.X.6
Flags
/24 EUf---MPuRX------/30 EUf---MPuRX------/30 EUf---MPuRX-------
Confirm which VLANs have been added to OSPF and display any associated statistics by entering
the following summary command:
show ospf interface
The following displays:
VLAN
closet_X
wan_X
wanbu_X
Flags : f
n
r
A
IP Address
10.X.1.1
10.0.X.2
10.0.X.6
-
AREA ID
/24 0.0.0.0
/30 0.0.0.0
/30 0.0.0.0
Flags
-rif-rif-rif-
Cost
5/A
4/A
20/C
State
DR
DR
DR
Neighbors
0
1
1
151
4 Notice that the area specified can be any area configured on the switch.
5 Open a Command Prompt window on the Lab Group PC and use the PING command to verify that
the PC can communicate with the wan_X VLAN Interface, wanbu_X VLAN Interface, closet_X
Interface, and PC IP address for each of the configured neighbor lab groups by entering the
following for each group:
ping <wan_X Interface>
Example:
ping 10.0.X.2
ping <wanbu_X Interface>
Example:
ping 10.0.X.6
ping <closet_X Interface>
Example:
ping 10.X.1.1
ping <neighbor PC IP address>
Example:
ping 10.X.1.11
Where X is the lab group number of each neighbor lab group.
152
from
from
from
from
10.0.6.2:
10.0.6.2:
10.0.6.2:
10.0.6.2:
bytes=32
bytes=32
bytes=32
bytes=32
time=2ms
time<1ms
time<1ms
time<1ms
TTL=255
TTL=255
TTL=255
TTL=255
from
from
from
from
10.0.6.6:
10.0.6.6:
10.0.6.6:
10.0.6.6:
bytes=32
bytes=32
bytes=32
bytes=32
time<1ms
time<1ms
time<1ms
time<1ms
TTL=255
TTL=255
TTL=255
TTL=255
from
from
from
from
10.6.1.1:
10.6.1.1:
10.6.1.1:
10.6.1.1:
bytes=32
bytes=32
bytes=32
bytes=32
time<1ms
time<1ms
time<1ms
time<1ms
TTL=255
TTL=255
TTL=255
TTL=255
from
from
from
from
10.6.1.11:
10.6.1.11:
10.6.1.11:
10.6.1.11:
bytes=32
bytes=32
bytes=32
bytes=32
time<1ms
time<1ms
time<1ms
time<1ms
TTL=128
TTL=128
TTL=128
TTL=128
153
154
You and your team will be configuring switches to accommodate the IP phones. Since the phones are
not yet onsite, you will be testing the solutions using a PC.
Refer to the values listed in Table 1 to understand the configuration parameters for this lab.
Table 1: Lab Group, Station, Remote PC IP Address, Lab Group PC IP Address, Location, Gateway
Lab
Group
Number
Station
Remote PC
IP Address
Lab Group PC
IP Address
Location
Gateway
1a
10.209.10.11/24
192.168.1.31/24
Phone 11
192.168.1.1/24
2a
10.209.10.12/24
192.168.2.31/24
Phone 21
192.168.2.1/24
3a
10.209.10.13/24
192.168.3.31/24
Phone 31
192.168.3.1/24
4a
10.209.10.14/24
192.168.4.31/24
Phone 41
192.168.4.1/24
5a
10.209.10.15/24
192.168.5.31/24
Phone 51
192.168.5.1/24
6a
10.209.10.16/24
192.168.6.31/24
Phone 61
192.168.6.1/24
155
5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch
will then display the following prompt for the password:
login: admin
password:
6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring
the switch.
7 View the VLAN configuration, enter the following command:
show vlan
156
3 The utility opens a secure session window displaying the student login ID and the public key. The
tunnel is complete when the $ prompt appears:
157
5 Enter the combined IP address and unique port number identifying the target lab PC in the format
127.0.0.1:101X, where X is the lab group number assigned in Table 1:
6 Enter the login and password credentials. For all lab stations, the User Name is student and the
Password is student:
158
This batch file will automatically configure the PC IP address. The following screen appears while
the file executes, follow the instructions on the screen:
159
8 Notice that the Lab Network interface has been assigned your Lab Group PC's IP address and mask
found in Table 1.
9 Verify the setup by pinging the default gateway from the vPC.
C:\>ping 192.168.X.1
from
from
from
from
192.168.X.1:
192.168.X.1:
192.168.X.1:
192.168.X.1:
bytes=32
bytes=32
bytes=32
bytes=32
time<1ms
time<1ms
time<1ms
time<1ms
TTL=128
TTL=128
TTL=128
TTL=128
160
2 Verify that the local MAC database (the list of MAC addresses that is stored on the switch) is empty.
show netlogin mac-list
The following displays:
SS-0X.3 # show netlogin mac-list
SS-0X.4 #
161
timed
timed
timed
timed
out.
out.
out.
out.
DNS
. .
. .
. .
. .
. .
. .
Suffix
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .
.
.
.
.
.
.
.
:
:
:
:
:
:
:
In the example above, the MAC address for the Lab Network Ethernet Adapter is 00-50-56-00-00-FB.
162
bytes=32
bytes=32
bytes=32
bytes=32
time<1ms
time<1ms
time<1ms
time<1ms
TTL=128
TTL=128
TTL=128
TTL=128
NOTE
The reply may not take effect immediately, if you get request timed out - wait a minute, and then try again.
163
164
:
:
:
:
:
:
Port(s)
-----------------------any
Re-authentication period
: 0 (Re-authentication disabled)
Authentication Database
: Local-User database
-----------------------------------------------Port: 24, Vlan: Default, State: Enabled, Authentication: mac-based
Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled
MAC
00:0c:29:aa:d6:8c
00:e0:2b:00:00:01
IP address
192.168.1.31
0.0.0.0
Authenticated
Yes, Locally
No
Type
MAC
MAC
ReAuth-Timer
0
0
User
000C29AAD68C
165
:
:
:
:
:
:
Password (encrypted)
-----------------------------<not configured>
Port(s)
-----------------------any
Re-authentication period
: 0 (Re-authentication disabled)
Authentication Database
: Local-User database
-----------------------------------------------Port: 24, Vlan: Default, State: Enabled, Authentication: mac-based
Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled
MAC
00:0c:29:aa:d6:8c
00:e0:2b:00:00:01
IP address
192.168.1.31
0.0.0.0
Authenticated
Yes, Locally
No
Type
MAC
MAC
ReAuth-Timer User
0
000C29AAD68C
0
3 To view the Network Login configuration of the port, enter the following command:
show netlogin port 24
The following displays:
Port
Port Restart
Allow Egress
Vlan
Authentication
Port State
Guest Vlan
Auth Failure Vlan
Auth Service-Unavailable Vlan
MAC
00:0c:29:aa:d6:8c
00:e0:2b:00:00:01
166
:
:
:
:
:
:
:
:
:
IP address
192.168.1.31
0.0.0.0
24
Disabled
None
Default
mac-based
Enabled
Disabled
Disabled
Disabled
Authenticated
Yes, Locally
No
Type
MAC
MAC
ReAuth-Timer User
0
000C29AAD68C
0
167
168
Student Objectives
In this lab, you will:
Test and validate that the profile is applied when the user authenticates
169
Data
VLAN
Data
VLAN
Tag
Data VLAN IP
Address
Data PC IP
Address
Voice
VLAN
Voice
VLAN
Tag
Voice VLAN IP
Address
Switch
Name
Voice PC IP
Address
10.0.11.1/24
10.0.11.101 voice_1
1012
10.0.12.1/24 10.0.12.101
EXC_2
data_2 1021
10.0.21.1/24
10.0.21.101 voice_2
1022
10.0.22.1/24 10.0.22.101
ACT_3
data_3 1031
10.0.31.1/24
10.0.31.101 voice_3
1032
10.0.32.1/24 10.0.32.101
10.0.41.1/24
10.0.41.101 voice_4
1042
10.0.42.1/24 10.0.42.101
10.0.51.1/24
10.0.51.101 voice_5
1052
10.0.52.1/24 10.0.52.101
10.0.61.1/24
10.0.61.101 voice_6
1062
10.0.62.1/24 10.0.62.101
170
6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring
the switch.
2 Notice that each switch is configured with a netlogin vlan, nl_vlan, and that all VLANs are already
associated with a single port (port 24).
3 Review the existing MAC-based netlogin configuration by entering the following command:
show netlogin mac
171
:
:
:
:
:
:
Password (encrypted)
-----------------------------<not configured>
<not configured>
Port(s)
-----------------------24
24
Re-authentication period
: 0 (Re-authentication disabled)
Authentication Database
: Local-User database
------------------------------------------------
4 Notice that mac-based authentication is DISABLED, but is pre-configured for two MAC addresses one for each of your two lab PC's.
Also notice that the authentication database is set for the Local-User database. Because we are not
using a RADIUS server in this exercise, this will become an important factor later in the lab.
172
2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.
3 The utility opens a secure session window displaying the student login ID and the public key. The
tunnel is complete when the $ prompt appears:
173
5 Enter the combined IP address and unique port number identifying the target lab PC in the format
127.0.0.1:101X, where X is the lab group number assigned in Table 1:
6 Enter the login and password credentials. For all lab stations, the User Name is student and the
Password is student:
174
This batch file will automatically configure the PC IP address. The following screen appears while
the file executes, and then closes automatically when it terminates:
8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run
dialog box enter cmd to open a Command window:
175
10 Notice that the Lab Network interface for this PC has been assigned an IP address on the network
associated with the Data PC IP Address (127.0.0.1:101X) found in Table 1 (where X is your Lab
Group number).
11 From the Data PC desktop, right-click on My Network Places and select Properties from the menu:
176
13 To block the station from sending any packets prior to testing, select Disable this network device
from the Network Tasks menu:
This will be configured as the Voice PC and assigned the respective IP address found in Table 1 for
your lab group.
177
16 From the PC desktop, open the Lab Networking Addressing folder:. Double-click on the
Config_ECF19-Xb batch file, where X is your lab group number assigned in Table 1:
This batch file will automatically configure the PC IP address. The following screen appears while
the file executes, and then close automatically when it terminates:
178
19 Notice that the Lab Network interface for this PC has been assigned an IP address the network
associated with the Voice PC IP Address (127.0.0.1:102X) found in Table 1 (where X is your Lab
Group number).
20 From the PC desktop, right-click on My Network Places and select Properties from the menu:
179
22 To block the station from sending any packets prior to testing, select Disable this network device
from the Network Tasks menu:
180
181
8 This can also be validated with the summary profile information, shown by entering the following
command:
show upm profile
The system displays the following:
================================================================================
UPM Profile
Events
Flags Ports
================================================================================
ecf-19-Xa
user-authenticated
e 24
ecf-19-Xb
user-authenticated
e 24
================================================================================
Number of UPM Profiles: 2
Number of UPM Events in Queue for execution: 0
Flags: d - disabled, e - enabled
Event name: log-message(Log filter name) - Truncated to 20 chars
182
Extended-VLAN VSA
----------------------------<not configured>
<not configured>
Security Profile
---------------------<not configured>
<not configured>
2 Notice that the MAC address is entered without delimiters, and all alpha characters are capitalized.
3 An additional requirement of local authorization is to bind the Universal Port profile to the specific
Netlogin user by entering the following commands:
configure netlogin local-user <User A MAC> security-profile ecf-19-Xa
configure netlogin local-user <User B MAC> security-profile ecf-19-Xb
Example:
configure netlogin local-user 000C29AAD68C security-profile ecf-19-1a
configure netlogin local-user 000C296BAF67 security-profile ecf-19-1b
Replace <User A MAC> and <User B MAC> with their respective MAC addresses as displayed in
step 1 above, and X with your lab group number found in Table 1.
4 Confirm that the profiles were correctly associated with the user accounts by entering the following
command:
show netlogin local-users
The system displays the following:
Extended-VLAN VSA
----------------------------<not configured>
<not configured>
Security Profile
---------------------ecf-19-Xa
ecf-19-Xb
183
:
:
:
:
:
:
web-based DISABLED;
"nl_vlan"
Deny
5 minutes
Disabled
None
802.1x DISABLED;
mac-based ENABLED
Password (encrypted)
-----------------------------<not configured>
<not configured>
Port(s)
-----------------------24
24
Re-authentication period
: 0 (Re-authentication disabled)
Authentication Database
: Local-User database
-----------------------------------------------Port: 24, Vlan: data_X, State: Enabled, Authentication: mac-based
Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled
MAC
IP address
Authenticated
-----------------------------------------------
Type
ReAuth-Timer
User
Type
ReAuth-Timer
User
Type
ReAuth-Timer
User
3 Enable the port connecting to the Lab Group PCs by entering the following command:
enable ports 24
4 Display the summary VLAN information by entering the following command:
show vlan
184
5 Notice that neither the data_X nor the voice_X VLANs have been assigned IP addresses.
6 On the Data PC desktop(127.0.0.1:101X), from Network Connections, re-enable the Lab Network
interface by selecting Enable this network device from the Network Tasks menu:
7 On the Data PC desktop(127.0.0.1:101X), open a Command Window and launch a PING to the
Data_X VLAN IP address by entering the following command:
ping 10.0.X1.1
Where X is your lab group number found in Table 1. The system displays the following:
C:\Documents and Settings\student>ping 10.0.X1.1
Reply from 10.0.X1.1: bytes=32 time=1ms TTL=255
Reply from 10.0.X1.1: bytes=32 time<1ms TTL=255
Reply from 10.0.X1.1: bytes=32 time<1ms TTL=255
Reply from 10.0.X1.1: bytes=32 time<1ms TTL=255
Ping statistics for 10.0.X1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
8 On the switch, display the MAC-based authentication Netlogin information by entering the
following command:
show netlogin mac
185
:
:
:
:
:
:
Password (encrypted)
-----------------------------<not configured>
<not configured>
Port(s)
-----------------------24
24
Re-authentication period
: 0 (Re-authentication disabled)
Authentication Database
: Local-User database
-----------------------------------------------Port: 24, Vlan: data_1, State: Enabled, Authentication: mac-based
Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled
MAC
IP address
Authenticated
00:0c:29:aa:d6:8c 10.0.11.101
Yes, Locally
-----------------------------------------------
Type
MAC
ReAuth-Timer
0
User
000C29AAD68C
Type
MAC
ReAuth-Timer
0
User
Type
ReAuth-Timer
User
9 Notice that the MAC address for the Data PC (127.0.0.1:101X)has been authenticated on the data_X
VLAN.
10 On the switch, display the summary VLAN information by entering the following command:
show vlan
186
11 Notice that the data_X VLAN has been assigned the IP address sent a PING.
12 On the Voice PC desktop(127.0.0.1:102X), from Network Connections, re-enable the Lab Network
interface by selecting Enable this network device from the Network Tasks menu:
13 On the Voice PC desktop(127.0.0.1:102X), open a Command Window and launch a PING to the
voice_X VLAN IP address by entering the following command:
ping 10.0.X2.1
Where X is your lab group number found in Table 1. The system displays the following:
C:\Documents and Settings\student>ping 10.0.X2.1
Reply from 10.0.X2.1: bytes=32 time=1ms TTL=255
Reply from 10.0.X2.1: bytes=32 time<1ms TTL=255
Reply from 10.0.X2.1: bytes=32 time<1ms TTL=255
Reply from 10.0.X2.1: bytes=32 time<1ms TTL=255
Ping statistics for 10.0.X2.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
14 On the switch, display the MAC-based authentication Netlogin information by entering the
following command:
show netlogin mac
187
Type
MAC
ReAuth-Timer
0
User
000C296BAF67
15 Notice that the MAC address for the Voice PC(127.0.0.1:102X) has been authenticated on the voice_X
VLAN.
16 Display the summary VLAN information by entering the following command:
show vlan
The system displays the following:
--------------------------------------------------------------------------------------Name
VID Protocol Addr
Flags
Proto Ports Virtual
Active router
/Total
--------------------------------------------------------------------------------------data_X
10X1 10.0.X1.1
/24 ----------------------- ANY
1 /1
VR-Default
Default
1
------------------------------------------- ANY
0 /0
VR-Default
Mgmt
4095 ------------------------------------------- ANY
1 /1
VR-Mgmt
nl_vlan
4093 ----------------------LN------------------- ANY
1 /1
VR-Default
voice_X
10X2 10.0.X2.1
/24 ----------------------- ANY
1 /1
VR-Default
--------------------------------------------------------------------------------------Total number of VLAN(s) : 5
17 Notice that the voice_X VLAN has been assigned the IP address sent a PING.
188
189
Refer to the values listed in Table 1 to configure switch parameters for this lab.
Table 1: Group, Switch, VLAN Names, CV Tags, Ports and PC, and Target VLAN Addresses
Lab Group
Number
1
2
3
4
5
6
190
VLAN
Target VLAN
IP Address on
Target Switches
192.168.1.101/24
target_1a
192.168.101.1/24
14u
101
13t, 23u
192.168.11.101/24
target_1b
192.168.111.1/24
16u
102
21
13t, 24u
192.168.2.101/24
target_2a
192.168.102.1/24
14u
201
closet_2b
22
13t, 23u
192.168.22.101/24
target_2b
192.168.122.1/24
16u
202
ACT_3 closet_3a
31
13t, 24u
192.168.3.101/24
target_3a
192.168.103.1/24
14u
301
closet_3b
32
13t, 23u
192.168.33.101/24
target_3b
192.168.133.1/24
16u
302
MFG_4 closet_4a
41
13t, 24u
192.168.4.101/24
target_4a
192.168.104.1/24
14u
401
closet_4b
42
13t, 23u
192.168.44.101/24
target_4b
192.168.144.1/24
16u
402
ENG_5 closet_5a
51
13t, 24u
192.168.5.101/24
target_5a
192.168.105.1/24
14u
501
closet_5b
52
13t, 23u
192.168.55.101/24
target_5b
192.168.155.1/24
16u
502
HUR_6 closet_6a
61
13t, 24u
192.168.6.101/24
target_6a
192.168.106.1/24
14u
601
closet_6b
62
13t, 23u
192.168.66.101/24
target_6b
192.168.166.1/24
16u
602
CV
CV
Tag Ports
Lab Group PC
IP Addresses
SAM_1 closet_1a
11
13t, 24u
closet_1b
12
EXC_2 closet_2a
Switch
Name
Closet
VLAN (CV)
Target
TV
TV
Ports Tag
5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch
will then display the following prompt for the password:
login: admin
password:
6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring
the switch.
191
8 Notice that ports have been assigned and enabled. Also, both target VLANs are configured with IP
addresses. This will be the destination IP addresses used to test the QoS feature later in the lab.
192
2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.
3 The utility opens a secure session window displaying the student login ID and the public key. The
tunnel is complete when the $ prompt appears:
193
5 Enter the combined IP address and unique port number identifying the target lab PC in the format
127.0.0.1:101X, where X is the lab group number assigned in Table 1:
6 Enter the login and password credentials. For all lab stations, the User Name is student and the
Password is student:
194
This batch file will automatically configure the Lab Group PC IP address. The following screen
appears while the file executes, and then closes automatically when it terminates.
8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run
dialog box enter cmd to open a Command window:
195
10 Notice that the ethernet adapter Untagged has been assigned your first Lab Group PC IP Address
and mask found in Table 1.
11 For the second Lab Group PC (127.0.0.1:102X), open the Accessories folder again and re-launch the
Remote Desktop Connect utility.
196
13 Enter the login and password credentials. For all lab stations, the User Name is student and the
Password is student.
14 From the 127.0.0.1:102X Lab Group PC desktop, open the Lab Networking Addressing folder.
Double click on the Config_ECF17-Xb batch file, where X is the lab group number assigned in
Table 1.
This batch file will automatically configure the Lab Group PC IP address. The following screen will
appear while the file executes, and then close automatically when it terminates:
197
17 Notice that the ethernet adapter Untagged has been assigned your second Lab Group PC IP Address
and mask found in Table 1.
198
This batch file will send a 5MB UDP stream for fifty minutes (3000 seconds) to the target address
192.168.10X.1.
2 Show the port utilization for the first Lab Group PC port (port 24) and the uplink port to CS-A (port
13) by entering the following command on your switch:
show ports 13,24 utilization
Change the display by pressing the SPACE bar on your keyboard until you are viewing the Link
Utilization Averages screen.
The system displays the following:
Link Utilization Averages
Wed Aug 27 09:23:24 2008
Port
Link
Link
Receive
Peak Rx
Transmit
Peak Transmit
State
Speed % bandwidth
% bandwidth % bandwidth % bandwidth
================================================================================
13
A
10
0.05
0.06
40.11
42.27
24
A
100
4.01
4.21
0.01
0.01
================================================================================
> indicates Port Display Name truncated past 8 characters
Link State: A-Active, R-Ready, NP-Port Not Present, L-Loopback
Spacebar->toggle screen U->page up D->page down ESC->exit
3 Notice that, in this example, the Receive % bandwidth for port 24 is equal to the Transmit %
bandwidth for port 13. Note also that port 13 has been configured for 10MB, so the UDP stream
from the first Lab Group PC accounts for over 40% of the ports total capacity.
199
This batch file will send a 10MB UDP stream for fifty minutes (3000 seconds) to the target address
192.168.1XX.1.
5 Show the port utilization for the first Lab Group PC port (port 24), the second Lab Group PC port
(port 23), and the uplink port to CS-A (port 13) by entering the following command:
show ports 13,23,24 utilization
Change the display by pressing the SPACE bar on your keyboard until you are viewing the Link
Utilization Averages screen.
The system displays the following:
Link Utilization Averages
Wed Aug 27 09:38:12 2008
Port
Link
Link
Receive
Peak Rx
Transmit
Peak Transmit
State
Speed % bandwidth
% bandwidth % bandwidth % bandwidth
================================================================================
13
A
10
0.11
0.11
99.04
100.00
23
A
100
6.90
6.90
0.01
0.01
24
A
100
3.60
3.86
0.01
0.01
================================================================================
> indicates Port Display Name truncated past 8 characters
Link State: A-Active, R-Ready, NP-Port Not Present, L-Loopback
Spacebar->toggle screen U->page up D->page down ESC->exit
6 Notice that, in this example, the Receive % Bandwidth for port 23 is at the expected 10Mbyte (the
size of the UDP transmitted stream), and that the Transmit % Bandwidth for port 13 is now
hovering at 100% utilization.
7 No QoS has been configured, so the traffic streams are being forwarded by the default, best-effort
profile, QP1. Confirm that all traffic is being service by QP1 by showing the QoS monitor statistics
for the uplink port, Port 13, with the following command:
show port 13 qosmonitor
200
The actual target interfaces, 192.168.10X.1 and 192.168.1XX.1, are configured on the student switch.
The streams are forwarded to the first core switch, CS-A, where they cross the routing boundary and
pass to the second core switch, CS-B via the cross-connect with CS-A. The two streams are then sent
back via layer-2 to the student switch on two separate links, port 14 and port 16.
8 You can get a sense of how the best-effort servicing on port 14 affects the amount of traffic
forwarded from either stream by displaying the port utilization information for these two inbound
ports with the following command:
show ports 14,16 utilization
9 Change the display by pressing the SPACE bar on your keyboard until you are viewing the Link
Utilization Averages screen.
The system displays the following:
Link Utilization Averages
Wed Aug 27 09:57:33 2008
Port
Link
Link
Receive
Peak Rx
Transmit
Peak Transmit
State
Speed % bandwidth
% bandwidth % bandwidth % bandwidth
================================================================================
14
A
10
35.81
39.55
0.05
0.06
16
A
10
67.83
69.71
0.05
0.06
10 Notice that, in this example, while the original bandwidth for the first Lab Group PC was 5MB, the
Receive % bandwidth for port 14 shows that only approximately 35%, or roughly 3.5MB, is reaching
the target. Notice also, a similar situation for the traffic sent from the second Lab Group PC is
occurring. Of the 10MB original stream, only 6.7MB arrives at the target.
This information is consistent with what you know of the size of the original streams and QoS
profile that is servicing them. The combined streams from the first and second Lab Group PC total
15MB. This means that the first Lab Group PC accounts for approximately one third of the total, and
the second Lab Group PC accounts for, approximately, the remaining two thirds. Since all of the
traffic is being forwarded by the same QoS queue, the traffic is forwarded according to the
percentage of the total, resulting in the numbers you see being received on ports 14 and 16 in the
above illustration.
201
QP1
QP8
Weight =
Weight =
1
1
2 Since the traffic from the first Lab Group PC is only a production stream and you do not want to
arbitrarily assign it to your management traffic queue. Begin by first creating the QoS profile QP2 for
the smaller stream by entering the following command:
create qosprofile qp2
3 Confirm that you successfully created the new profile by entering the following command:
show qosprofile
The system displays the following:
QP1
QP2
QP8
Weight =
Weight =
Weight =
1
1
1
4 Since we want to guarantee that the traffic from the first Lab Group PC arrives at its destination,
enter the following command to implement strict priority queue scheduling:
configure qosscheduler strict-priority
5 Notice that the queues will now be serviced only in order of priority and the profile weight be
ignored.
6 Assign the newly-created profile QP2 to the VLAN servicing the smaller data stream, closet_Xa, by
entering the following command:
configure closet_Xa qosprofile qp2
Where X is your lab group number found in Table 1.
7 Confirm that the qosprofile is correctly assigned to the VLAN by entering the following command:
show vlan closet_Xa
202
8 If necessary, restart the iPerf utility to ensure that both Lab Group PCs are transmitting their
respective UDP streams. Confirm that the traffic on the uplink port, port 13, is now being serviced
by queues 1 and 2 with the following command:
show port 13 qosmonitor
NOTE
If the iPerf timer on the batch file on either PC has expired, re-launch the utility.
10 While the above confirms that both QP1 and QP2 are servicing the streams equally, it is impossible
to tell anything about the actual traffic flow. We can get more insight into how the traffic is moving
through the switch by displaying the port utilization information for the four inbound ports (ports
14, 16, 23, and 24) and one outbound port (port 13) with the following command:
show ports 13,14,16,23,24 utilization
203
================================================================================
> indicates Port Display Name truncated past 8 characters
Link State: A-Active, R-Ready, NP-Port Not Present, L-Loopback
Spacebar->toggle screen U->page up D->page down ESC->exit0
12 Notice that, in this example, as expected, the information for inbound ports 23 and 24, and outbound
port 13, remain unchanged.
The highlighted statistics for the inbound ports 14 and 16, however, is very different than in the
best-effort trial. In this case, port 14 and port 16 are showing roughly the same utilization
approximately 40% and approximately 60% of a 10MB port, or approximately 5MB of utilization.
This proves that all of the higher priority traffic from the smaller stream is now being forwarded out
the oversubscribed uplink port, port 13.
The remaining bandwidth (approximately 5MB) is used by the lower-priority stream from the
second Lab Group PC.
Ensure to clear the configuration on both Lab Group PCs by running the cleanup config file.
13 From the 127.0.0.1:101X Lab Group PC desktop, open the Lab Networking Addressing folder.
Double-click on the Config_cleanup_ECF17-Xa batch file, where X is your lab group number
assigned in Table 1.
14 From the 127.0.0.1:102X Lab Group PC desktop, open the Lab Networking Addressing folder.
Double click on the Config_cleanup_ECF17-Xb batch file, where X is the lab group number assigned
in Table 1.
204
205
7 Press the Enter key until the system displays the login prompt.
8 Enter admin to login to the switch with administrator privilege.
9 The switch should not have an admin password configured. Press the Enter key.
The system displays the command line prompt.
Because it has been reset to the factory default, the switch will prompt for several security settings.
First, the following displays:
Telnet is enabled by default. Telnet is unencrypted and has been the target of
security exploits in the past.
Would you like to disable Telnet? [y/N]:
206
207
2 Display the memory use for the specific process CLI by entering the following command:
show memory process cli
The following displays:
System Memory Information
------------------------Total DRAM (KB): 262144
System
(KB): 17380
User
(KB): 95176
Free
(KB): 149588
Memory Utilization Statistics
----------------------------Process Name
Memory (KB)
----------------------------cli
17848
3 Display detailed information for the CLI processes by entering the following command:
show process cli detail
208
4 Display the heartbeat for the CLI process by entering the following command:
show heartbeat process cli
The following displays:
Process Name
Hello HelloAck
Last Heartbeat Time
---------------------------------------------------------------------cli
0
215
Tue Mar 11 22:55:32 2008
5 Display the CPU usage for all running processes by entering the following command:
top
209
USER
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
STATUS
R
S
S
S
S
S <
S <
S <
S <
S <
S N
S <
S <
S <
S <
S <
S <
S <
S <
RSS
880
17M
17M
17M
17M
11M
11M
11M
11M
11M
11M
11M
11M
11M
11M
11M
11M
11M
11M
6 Notice that, in this example, the PID for the CLI process, 409, indicates that the process is not
currently consuming any CPU resource, but that it is using 7.2% of memory.
7 Use Ctrl-C to return to the command line.
Enter Yes to the tftpd config warning message that asks if you want to continue.
210
4 Notice that, in this example, the Restart count is set to 0 and the State is Stopped.
5 Re-start the TFTP process, by entering the following command:
start process tftpd
The following displays:
Started tftpd successfully
6 Verify the state of the TFTP process, by entering the following command:
show process tftpd
The following displays:
Process Name
Version Restart
State
Start Time
------------------------------------------------------------------------tftpd
3.0.0.2
1
Ready
Tue Mar 11 23:27:30 2008
X450a-24t
SysHealth check:
Recovery Mode:
System Watchdog:
Enabled (Normal)
All
Enabled
.
.
.
211
23:55:15.49
23:55:13.53
23:51:33.11
23:27:30.49
23:27:30.17
23:15:53.81
23:15:53.81
23:15:35.62
212
00:35:12.26
00:13:51.48
00:13:51.32
00:13:45.96
00:13:41.56
00:13:36.73
00:13:26.66
00:13:23.61
00:13:21.68
00:13:21.08
00:13:17.58
00:13:17.58
00:13:16.52
00:13:16.50
00:13:15.47
00:13:13.33
00:13:09.96
00:13:09.95
00:13:09.41
00:13:07.71
00:05:52.91
213
3 Notice that there is one more test in extended diagnostics than in normal diagnostics, and that
several tests display more detailed test information. Highlight any failures and report them to the
instructor.
4 Login and display the summary results of the test by entering the following command:
show diagnostics
The following displays:
Last Test Date: Mar-12-2008
Summary: Diagnostics Pass
214
01:05:26.00
00:54:09.75
00:54:09.44
00:54:03.79
00:53:59.50
00:53:55.35
00:53:45.50
00:53:42.84
00:53:40.36
00:53:39.88
00:53:36.86
00:53:36.86
00:53:35.78
00:53:35.62
00:53:34.73
00:53:32.32
00:53:29.04
00:53:28.93
00:53:28.42
00:53:26.72
00:45:25.70
215
216
217
Switch Name
NC_1
OSBU_2
EC_3
RA_4
SC_5
WC_6
Ports
IP Address
OSPF Area
wan_X
13
10.0.X.2/24
0.0.0.0
wanbu_X
15
10.0.1X.2/24
0.0.0.0
data_X
24
10.0.10X.1/24
0.0.0.0
Lab Group PC
IP Address
10.0.10X.101/24
Table 2 contains the correct values required for the network you are troubleshooting. X is your lab
group number found in Table 1.
In this exercise your lab group has been assigned eight embedded configuration errors. These
represent some of the most common problems found in a production environment.
1 Use the information in the tables above and the appropriate commands to help identify these faults.
2 Record each error on the Fault Description side of the worksheet as you discover them.
3 Apply the changes and record the configuration command that you use to correct the error on the
Command side of the worksheet.
218
5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch
will then display the following prompt for the password:
login: admin
password:
6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring
the switch.
3 The utility opens a secure session window displaying the student login ID and the public key. The
tunnel is complete when the $ prompt appears:
219
5 Enter the combined IP address and unique port number identifying the target lab PC in the format
127.0.0.1:101X, where X is the lab group number assigned in Table 1:
6 Enter the login and password credentials. For all lab stations, the User Name is student and the
Password is student:
220
This batch file will automatically configure the PC IP address. The following screen will appear
while the file executes, and then close automatically when it terminates:
8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run
dialog box enter cmd to open a Command window:
221
Note that the Lab Network interface has been assigned your lab group PC's IP address and mask
found in Table 2.
This completes the setup of the Lab Group PC. Minimize this window and return to the switch now.
222
Fault Description
Command
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242