III Semestar Swching

CCNA Exploration 4.
0
LAN Switching And Wireless
1. SWITCH PREGLED STANJA, PASSWORD RECOVERY, IOS RECOVERY
LAB 1.1: PREGLED STANJA SWITCHA
TOPOLOGIJA:
ZADATAK:
Napravite konzolni spoj raunala na switch, pokrenite na raunalu HyperTerminal ili Secure CRT i dobavite sve podatke o switchu
s pomou naredbi za pregledavanje stanja switcha.
OPIS PROCEDURA:
HyperTerminal:
1
CCNA Exploration 4.0
SWITCH>ENABLE
Switch# --> s naredbom enable preli ste iz user-executive naina rada u enable nain rada.
SWITCH#SHOW VERSION
Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(25)SEE2, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Fri 28-Jul-06 04:33 by yenanh
Image text-base: 0x00003000, data-base: 0x00AA2F34
ROM: Bootstrap program is C2960 boot loader

BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(25r)SEE1, RELEASE SOFTWARE (fc1)
Switch uptime is 3 minutes

System returned to ROM by power-on
System image file is "flash:/c2960-lanbase-mz.122-25.SEE2/c2960-lanbase-mz.122-25.SEE2.bin"
cisco WS-C2960-24TT-L (PowerPC405) processor (revision B0) with 61440K/4088K bytes of memory.
Processor board ID FOC1109ZFGZ
Last reset from power-on
1 Virtual Ethernet interface --> pregled suelja na switchu
24 FastEthernet interfaces
2 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
64K bytes of flash-simulated non-volatile configuration memory.

Base ethernet MAC Address : 00:1B:53:C4:CF:80 --> ova adresa je vana za spanning tree protokol
Motherboard assembly number : 73-10390-03
Power supply part number : 341-0097-02
Motherboard serial number : FOC11094UDB
Power supply serial number : DCA11038E9F
2
Model revision number : B0
Motherboard revision number : C0
Model number : WS-C2960-24TT-L
System serial number : FOC1109ZFGZ
Top Assembly Part Number : 800-27221-02
Top Assembly Revision Number : D0
Version ID : V02
CLEI Code Number : COM3L00BRA
Hardware Board Revision Number : 0x01
Switch Ports Model SW Version SW Image

------ ----- ----- ---------- ----------
* 1 26 WS-C2960-24TT-L 12.2(25)SEE2 C2960-LANBASE-M
Configuration register is 0xF
SWITCH#SHOW RUNNING-CONFIG
Building configuration...
Current configuration : 1217 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
no aaa new-model
ip subnet-zero
!
no file verify auto
spanning-tree mode pvst --> defaul spanning-tree protokol
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
!
!.................................................(isputen je dio ispisa)
!
interface GigabitEthernet0/1
!
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
ip http server
!
control-plane
!
line con 0
line vty 0 4
no login
line vty 5 15
no login
!
end
3
SWITCH#SHOW STARTUP-CONFIG
Using 1217 out of 65536 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
no aaa new-model
ip subnet-zero
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!................................................. (isputen je dio ispisa)
!
!
!
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
ip http server
!
control-plane
!
!
line con 0
line vty 0 4
no login
line vty 5 15
no login
!
end
4
SWITCH#SHOW VLAN (NA SWITCU NEMA KREIRANIH VLAN-OVA)

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 --> svi portovi inicijalno pripadaju VLAN-u 1
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup --> ovih 5 VLAN-ova ne moete obrisati sa switcha
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
...................... izostavljen je dio ispisa ..........................................................
SWITCH#SHOW VLAN (NA SWITCHU SU KREIRANI VLAN-OVI I PRIDRUENI SU IM PORTOVI)

---- -------------------------------- --------- -------------------------------
1 default active Fa0/5, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gi0/1, Gi0/2
10 Prodaja active Fa0/6, Fa0/7, Fa0/8, Fa0/9
20 Servis active Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15
99 management active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
99 enet 100099 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
.................... izostavljen je dio ispisa .....................................
5
SWITCH#SHOW INTERFACE VLAN1
---- -------------------------------- --------- -------------------------------
Fa0/5, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gi0/1, Gi0/2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
............................. izostavljen je dio ispisa.....................................................
SWITCH#SHOW IP INTERFACE VLAN 99

Vlan99 is up, line protocol is down
Internet address is 192.168.10.2/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is disabled
IP CEF switching is disabled
IP Null turbo vector
IP multicast fast switching is disabled
IP multicast distributed fast switching is disabled
IP route-cache flags are None
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Probe proxy name replies are disabled
Policy routing is disabled
Network address translation is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
BGP Policy Mapping is disabled
Switch#
6
SWITCH#SHOW IP INTERFACE BRIEF

Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES manual administratively down down
Vlan99 192.168.10.2 YES manual up down
FastEthernet0/1 unassigned YES unset up up
FastEthernet0/5 unassigned YES unset down down
............................... (isputen je dio ispisa)
GigabitEthernet0/1 unassigned YES unset down down
GigabitEthernet0/2 unassigned YES unset down down
Switch#
SWITCH#SHOW INTERFACE FASTETHERNET 0/18

FastEthernet0/18 is down, line protocol is down (notconnect)
Hardware is Fast Ethernet, address is 001b.53c4.cf92 (bia 001b.53c4.cf92)
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex, Auto-speed, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
---------------------------------------------- (isputen je dio ispisa)
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
Switch#
SWITCH#DIR
Directory of flash:/
2 -rwx 1217 Mar 1 1993 00:02:32 +00:00 config.text
3 -rwx 736 Mar 1 1993 00:17:06 +00:00 vlan.dat
4 -rwx 2608 Mar 1 1993 00:02:53 +00:00 sarup-config
5 drwx 192 Mar 1 1993 00:06:08 +00:00 c2960-lanbase-mz.122-25.SEE2
620 -rwx 5 Mar 1 1993 00:02:32 +00:00 private-config.text
32514048 bytes total (24798720 bytes free)

Switch#
7
SWITCH#DIR FLASH: (ILI SHOW FLASH:)

2 -rwx 1217 Mar 1 1993 00:02:32 +00:00 config.text
3 -rwx 736 Mar 1 1993 00:17:06 +00:00 vlan.dat
4 -rwx 2608 Mar 1 1993 00:02:53 +00:00 sarup-config
5 drwx 192 Mar 1 1993 00:06:08 +00:00 c2960-lanbase-mz.122-25.SEE2 (d.... znai direktorij)
620 -rwx 5 Mar 1 1993 00:02:32 +00:00 private-config.text
SWITCH#SHOW FLASH (KAO I DIR FLASH:)
SWITCH#DIR FLASH:C2960-LANBASE-MZ.122-25.SEE2
Directory of flash:/c2960-lanbase-mz.122-25.SEE2/
6 drwx 4480 Mar 1 1993 00:04:26 +00:00 html

618 -rwx 4670535 Mar 1 1993 00:05:51 +00:00 c2960-lanbase-mz.122-25.SEE2.bin
619 -rwx 457 Mar 1 1993 00:05:51 +00:00 info

Switch#
SWITCH#SHOW INTERFACE TRUNK

Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 99
Port Vlans allowed on trunk

Fa0/1 1-4094
Fa0/2 1-4094
Fa0/3 1-4094
Fa0/4 1-4094
Port Vlans allowed and active in management domain

Fa0/1 1,99
Fa0/2 1,99
Fa0/3 1,99
Fa0/4 1,99
Port Vlans in spanning tree forwarding state and not pruned

Fa0/1 1,99
Fa0/2 none
Fa0/3 none

Fa0/4 none
8
LAB: 1.2 SWITCH PASSWORD RECOVERY PROCEDURE
TOPOLOGIJA:
PASSWORD RECOVERY PROCEDURE STEP-BY-STEP

1. Attach a terminal or PC with terminal emulation to the console port of the switch. Use the following terminal
settings:
9600 baud rate
No parity
8 data bits
No stop bit
2. Unplug the power cable.
3. Hold down the mode button while reconnecting the power cord to the switch. You can release the mode button
a second or two after the LED above port 1x is no longer illuminated.
The following instructions appear:
The system has been interrupted prior to initializing the
flash file system.
The following commands will initialize the flash file system,
and finish loading
the operating system software:
flash_init
load_helper
boot
4. Type flash_init.
5. Type load_helper.
6. Type dir flash:.
The switch file system is displayed:
Directory of flash:
2 -rwx 843947 Mar 01 1993 00:02:18 C2900XL-h-mz-112.8-SA
4 drwx 3776 Mar 01 1993 01:23:24 html
66 -rwx 130 Jan 01 1970 00:01:19 env_vars
68 -rwx 1296 Mar 01 1993 06:55:51 config.text
7. Type rename flash:config.text flash:config.old to rename the configuration file.
This file contains the password definition.
8. Type boot to boot the system.
9. Enter N at the prompt to start the Setup program, Continue with the configuration dialog? [yes/no] : N
10. At the switch prompt type en to turn on enable mode.
11. Type rename flash:config.old flash:config.text to rename the configuration file with its original name.
12. Copy the configuration file into memory:
Switch# copy flash:config.text system:running-config
Source filename [config.text]? (press Return)
Destination filename [running-config]? (press Return)
The configuration file is now reloaded.
13. Change the password:
9
switch#configure terminal
switch(config)#enable password Cisco
switch#control/Z
14. Write the running configuration to the configuration file:
switch(config)#write memory
LAB: 1.3 SWITCH IOS RECOVERY PROCEDURE
TOPOLOGIJA:
INTRODUCTION
This document describes how to recover from a corrupt or missing software image on the Cisco Catalyst 2900XL and 3500XL
Series Switches. When this problem exists, the error message error loading flash appears when you boot up after
power loss or after an incorrect software upgrade.
Note: Trivial File Transfer Protocol (TFTP) may be used to transfer software image files from a PC to your device. This document
was written using output from the Cisco TFTP server application. Cisco has discontinued this application and no longer supports
it. If you do not have a TFTP server, obtain any third-party TFTP server application from another source.
COMPONENTS USED
To create the examples in this document, this equipment is used:
Hyperterminal software used in Microsoft Operating Systems.
A console cable suitable for the Catalyst 2900XL / 3500XL in the switch.
The information presented in this document was created from devices in a specific lab environment. All of the devices used in
this document started with a cleared (default) configuration. If you are working in a live network, ensure that you understand
the potential impact of any command before using it.
PROBLEM ERROR LOADING FLASH MESSAGE

If you receive the error loading flash message, this indicates that there is a problem loading the current image in Flash.
The image may be corrupt, an incorrect image, or the image in Flash may be missing. If the system is unable to load a software
image in Flash, the system loads the boot helper and brings up a switch: prompt. Otherwise it is in a continuous boot cycle. If the
switch is stuck in a continuous boot cycle, use this procedure to bring up a switch: prompt:
1. Unplug the power cable.

2. Hold down the mode button located on the left side of the front panel while you reconnect the power cord to the
switch. Release the mode button a second or two after the LED above port 1x is no longer illuminated.
3. Enter the commands flash_init and load_helper.
10
This is a sample output from a failed bootup:
C2900XL Boot Loader (C2900-HBOOT-M) Version 11.2(0.28)SA4, BETA TEST SOFTWARE
Compiled Fri 06-Nov-98 00:15 by paulines
starting...
Base ethernet MAC Address: 00:50:80:39:f8:80
Xmodem file system is available.
Initializing Flash...
flashfs[0]: 175 files, 4 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 3612672
flashfs[0]: Bytes used: 3113472
flashfs[0]: Bytes available: 499200
flashfs[0]: flashfs fsck took 85 seconds.
...done Initializing Flash.
Boot Sector Filesystem (bs:) installed, fsid: 3
Parameter Block Filesystem (pb:) installed, fsid: 4
Loading "flash:c2900XL-h2s-mz-120.5-XP.bin"...flash:c2900XL-h2s-mz-120.5-
XP.bin:
no such file or directory
Error loading "flash:c2900XL-h2s-mz-120.5-XP.bin"
Interrupt within 5 seconds to abort boot process.

Boot process failed...
SOLUTION
(SECTION A) VERIFY SOFTWARE IMAGE IN FLASH AND ATTEMPT TO MANUALLY BOOT PROCESS
Follow these steps when you verify the software image in Flash and attempt to boot manually.
1. Connect a terminal to the console port of the switch.
In the absence of software image or with corrupted image, the software image does not load.
The switch starts in boot loader mode. This is indicated by the switch: prompt
2. Verify the software contents of Flash by issuing the dir flash: command.
switch: dir flash:
189 -rwx 856 <date> vlan.dat

3 -rwx 1112393 <date> c2900XL-h2-mz-112.8.5-SA6.bin
4 drwx 10816 <date> html
2 -rwx 106 <date> info
175 -rwx 1490584 <date> c2900XL-h2s-mz-120.5-XP.bin
176 -r-- 302 <date> env_vars
174 -rwx 106 <date> info.ver
177 -r-- 1306 <date> config.text
499200 bytes available (3113472 bytes used)
3. Verify that the image in Flash is the correct image for the platform. The hardware model number is on the front of the
switch. For information on how to verify the image, refer to the Catalyst 2900XL and 3500XL section of Managing
Software Images and Working with Configuration Files on Catalyst Switches.
Note the hardware model here.
For Standard / Enterprise Edition hardware, the image name must contain the suffix "h2".
For Original Edition hardware, the image name must contain the suffix "h" and not "h2".
If the software image present is incorrect for the switch, or if it is missing, proceed to (Section B) Copy a New Software
Image from ROM Monitor.
11
4. If the software image in Flash is correct, manually boot this software image with the help of the boot flash:<filename>
command.
switch: boot flash:c2900XL-h2s-mz-120.5-XP.bin
If the system boots correctly and does not return to the switch: prompt, proceed to (Section C) Change and Verify
Boot Configuration.
If the system still fails to load the image correctly, proceed to (Section B) Copy a New Software Image from ROM
Monitor.
(SECTION B) COPY A NEW SOFTWARE IMAGE FROM ROM MONITOR

To copy a new software image from a ROMmon follow these steps. For additional documentation on this procedure, refer to
Recovering Catalyst 2950, 2955, and 3550 Series Switches from a Corrupted or Missing Image.
1. Check the remaining memory capacity. If the size of the file to be loaded is larger than the available capacity, delete the
existing image in Flash to make space for a new image.
The command to delete the existing image in Flash is delete flash: filname , where filename is the name of the file to be
deleted. A sample command output is shown here.
delete flash:cat2900XL-h2s-mz.112-8.5-SA6.bin
2. Download a new Cisco IOS-only image file from the Cisco Software Center ( registered customers only) to your PC. Do
not download a Cisco IOS image with Cluster Management Suite (CMS) files. Xmodem transfer is a very slow procedure.
It takes longer to copy the larger images.
3. Copy the image to the Flash using HyperTerminal for Microsoft Windows, or another terminal software program. The
command on the switch is copy xmodem: flash:filename , where filename is the name of file that you downloaded.
With HyperTerminal, use the TRANSFER -- SEND FILE option using the XMODEM protocol. Start the XMODEM download
within three seconds. Otherwise, the switch times out the XMODEM copy.
When the XMODEM request appears, issue the appropriate command on the terminal-emulation software to start the
transfer. Copy the software image into Flash memory. The command to issue is switch: copy xmodem:
flash:image_filename .
An example is shown here.
switch:
switch: copy xmodem: flash:c3500XL-c3h2s-mz.120-5.1.XP.bin
CCC.....................................................................
.....
(BEGIN XMODEM DOWNLOAD ON TERMINAL SOFTWARE NOW)
File "xmodem:" successfully copied to "flash:c3500XL-c3h2s-mz.120-

5.1.XP.bin"
4. After the new image has been loaded, boot the new image using the boot flash:filname command where filename is
the name of the file that is downloaded. A sample command output is shown here.
boot flash:c2900XL-hs-mz.112-8.6-SA6.bin
5. After you boot the system, download a bundled image. For information on how to download a bundled image (.tar),
refer to Upgrading Software in Catalyst 2900XL and 3500XL Switches Using the Command Line Interface.
Note: The .tar file on Cisco.com is named c3500XL-c3h2s-mz-120_5_1-XP .tar. The Cisco IOS file inside is called c3500XL-
c3h2s-mz-120.5.1-XP.bin.
When you follow the upgrade instructions in the above link, the old image is renamed using an underscore. The new
image is copied into Flash. Instead of the new image overwriting the old one, the result is two images, one old and one
new. Reloading this causes the XL series switch to reload to the old image (now confusingly called by the new name in
Flash).
The problem is overcome by renaming the .tar file downloaded from Cisco.com to the exact same name as the .bin file
enclosed within it.
12
After you upgrade from Cisco IOS Software Release 11.2 to Cisco IOS Software Release 12.0.5(1), there is a file left in
Flash named c3500XL-diag-mz-112.8.2-SA6. The box now runs Cisco IOS Software Release 12.0. There is no similar diag
file for Cisco IOS Software Release 12.0. The Cisco IOS Software Release 11.2 diag file is useless and can be deleted.
(SECTION C) CHANGE AND VERIFY BOOT CONFIGURATION

Follow these steps when you change and verify the boot configuration.
1. Enter enable mode by issuing the enable command. View the boot configuration by issuing the show boot command. A
sample command output is shown here.
Switch#: show boot
BOOT path-list: Flash:c3500XL-c3h2s-mz-120.5.1-XP.bin
Config file: Flash:config.text E
Enable Break: no
Manual Boot: no
HELPER path-list:
NVRAM / Config file
buffer size: 32768

2. Verify that the boot configuration is correct by viewing the contents of Flash. Issue the dir flash: command to view the
boot configuration.
Switch# dir flash:
Directory of Flash:/
189 -rwx 856 <date> vlan.dat

4 drwx 10816 <date> html
2 -rwx 106 <date> info
175 -rwx 1490584 <date> c2900XL-h2s-mz-120.5-XP.bin
176 -r-- 302 <date> env_vars
174 -rwx 106 <date> info.ver
177 -r-- 1306 <date> config.text
499200 bytes available (3113472 bytes used)
3. If the boot variable is not correct, change the boot variable by entering the global configuration mode and issuing the
command boot system flash:filename , where filename is the name of the image to boot.
4. Save the configuration by issuing the write memory command. Verify the boot parameter by issuing the show boot
command.
5. The switch boots automatically the next time that the switch is reloaded.
IMPORTANT NOTES
The Catalyst 2900XL / 3500XL series switches are referred to as 4 Mg and 8 Mg switches. This refers to the amount of DRAM
present on the switches as shown in show version command output. The actual differences in these switches is not only DRAM
and Flash. The physical chipset for the Ethernet PHY is changed between these switches to allow for more functionality
(including VLAN trunking) in the 8 Mg switches. No amount of software upgrades or memory upgrades (which actually are not
possible anyway) allow the older 4 Mg switches the newer functionality (memory on the XLs is not upgradable). This section
provides a brief history of upgrades on the Catalyst 2900XLs.
Cisco IOS Software Release 11.2(8)SAx software was created for the Catalyst 2900XL with the first shipment of the 4 Mg
switches. Improvements were made on the original Cisco IOS Software Release 11.2(8)SA in Cisco IOS Software Releases
11.2(8)SA1, 11.2(8)SA2, and 11.2(8)SA3. The additional features are exposed in the Enterprise version versus the Standard
version. However, these only apply to the 4 Mg switches.
13
At the same time the 8 Mg switches were released, Cisco IOS Software Release 11.2(8)SA4 was created to support these new
switches. It was also created to support new modules that had been made for the Catalyst 2900XL (ws-x2922-xl-v ws-x2914-xl-v),
which are trunking capable. Cisco IOS Software Release 11.2(8)SA4 was available in two versions, Standard and Enterprise. Both
versions ran on both types of switches.
In Cisco IOS Software Release 11.2(8)SA5, a break was made. Software was added to take full advantage of the features made
available by the hardware changes in the 8 Mg switches. Both versions of software did not run on all switches. The original
version of SA5 ran on the 4 Mg switches. The Standard and Enterprise versions ran on the 8 Mg switches (with minor feature
additions in the Enterprise version).
Cisco IOS Software Release 11.2(8)SA6 continued this behavior. It is important to note that Cisco IOS Software Release
11.2(8)SA6 is the final version of software for the 4 Mg switches. All bug fixes and maintenance releases were created as Cisco
IOS Software Release 11.2(8.x)SA6. Currently, these switches run Cisco IOS Software Release 11.2(8.5)SA6. SA6 was the first
version to support clustering switch management.
The 8 Mg switches are capable of SA7 for Cisco IOS Software Release 12.0(5.1)XP or later.
Always use the latest release on the Catalyst 2900XLs (and the Catalyst 3500XLs). New features and vital bug fixes are
incorporated at each step.
14
LAB 1.4: ODREIVANJE OKOLINE SWITCHA
TOPOLOGIJA:
ZADATAK:
S pomou CDP-a (Cisco Discovery Protokol Layer 2 protokol) istraite okolinu switcha S1. (Admin je na S1 vezan samo s
konzolom i ne vidi niti jednu vezu switcha S1 s okolnim ureajima, a niti ureaje).
SWITCH#SHOW CDP NEIGHBORS

S1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
R1 Fas 0/5 143 R C1841 Fas 0/1 (hostname, moj port, to je, model, koji njegov port)
S3 Fas 0/2 131 S 2960 Fas 0/1
S2 Fas 0/1 122 S 2960 Fas 0/1
Primijetite:
administrator nije vidio niti jedan ureaj spojen na S1, i nije znao niti koliko veza ima,
CDP je pronaao:
ureaj s nazivom (hostname) R1 spojen na port Fa0/5 switcha, to je ruter, model je C1841 i
koriten je njegov port Fa0/1,
ureaj s nazivom S3 spojen na port Fa0/2 switcha, to je Switch, model 2960 i koriten je
njegov port Fa0/1,
ureaj s nazivom S2 spojen na port Fa0/1 switcha, to je Switch, model 2960 i koriten je
njegov port Fa0/1.
15
SWITCH#SHOW CDP NEIGHBORS DETAIL OBAVIJEST O IP ADRESAMA OKOLINE
S1#show cdp neighbors detail
Device ID: R1 --> naziv ureaja iz okoline
Entry address(es):
IP address : 172.17.10.1 --> IP adresa ureaja iz okoline
Platform: cisco C1841, Capabilities: Router --> to je ruter C1841
Interface: FastEthernet0/5, Port ID (outgoing port): FastEthernet0/1 --> moj port Fa0/5 vezan je na njegov Fa0/1
Holdtime: 129
Version :
Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Compiled Wed 18-Jul-07 04:52 by pt_team
advertisement version: 2
Duplex: full
Device ID: S3
Entry address(es):
IP address : 172.17.10.13
Platform: cisco 2960, Capabilities: Switch
Interface: FastEthernet0/2, Port ID (outgoing port): FastEthernet0/1
Holdtime: 177
Version :
Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(25)FX, RELEASE SOFTWARE (fc1)
Compiled Wed 12-Oct-05 22:05 by pt_team
advertisement version: 2
Duplex: full
----------------------- izostavljen je dio ispisa ----------------------------
16
2. OSNOVNA KONFIGURACIJA SWITCH-A
LAB 2.1: OSNOVNA KONFIGURACIJA SWITCH-A S SIGURNOSNIM POSTAVKAMA, IP ADRESE
TOPOLOGIJA:
ZADATAK:
Mreu spojiti prema shemi, obriite sve postojee konfiguracije sa switcha, napravite osnovnu konfiguraciju switcha s
sigurnosnim postavkama, switchu dodijelite IP adresu (sluite se za sada s VLAN-om 1) i adresu default gateway-a. Raunalima
klijentima dodijelite IP adrese. Provjerite rad mree. Odredite MAC adrese koje je switch "nauio".
KONFIGURACIJA UREAJA:
Konfigurajte switch:
obriite sve postojee konfiguracije na switchu,
napravite sigurnosne postavke na switchu:
hostname (prema shemi),
onemoguiti dns-lookup,
banner (poruka ne smije sadravati nikakve znakove dobrodolice ili pozdrave),
postaviti enable secret password (class),
postaviti konzolni password (cisco) - korisnik se mora logirati,
postaviti vty password (cisco) - korisnik se mora logirati.
Switchu dodijelite IP adresu (prema shemi) i adresu default-gateway-a (prema shemi) za to se posluite s ve
postojeim VLAN 1.
17
Konfigurajte router:
Konfigurirajte ruter uz sigurnosne postavke: hostname (prema shemi), onemoguiti dns-lookup, banner
(poruka ne smije sadravati nikakve znakove dobrodolice ili pozdrave), postaviti enable secret password
(class), postaviti konzolni password (cisco) - korisnik se mora logirati, postaviti vty password (cisco) -
korisnik se mora logirati.
Konfigurirajte suelje Fa0/0 prema shemi.
Klijenti:
Konfigurirajte mrene adrese klijenata i default-gateway prema skici.
PROVJERA RADA MREE:

Pregledajte routing tablicu na ruteru Router1 da li Router vidi mreu?
pingajte PC7 --> PC2, PC7 --> S1, PC7 --> Router1,
odredite koje je MAC adrese switch "nauio",

Telnet s PC2 na S1, promijenite naziv switcha u Switch-1.
OPIS PROCEDURA:
1. BRISANJE STARTUP KONFIGURACIJE I RELOAD SWITCH-A

Switch>enable
Switch#dir
1 -rw- 3058048 <no date> c2950-i6q4l2-mz.121-22.EA4.bin
Switch#erase startup-config --> brisanje startup konfiguracije
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase of nvram: complete
%SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram
Switch#reload --> reload switcha (ista poetna konfiguracija)
Proceed with reload? [confirm]
%SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command.
C2950 Boot Loader (C2950-HBOOT-M) Version 12.1(11r)EA1, RELEASE SOFTWARE (fc1)
Compiled Mon 22-Jul-02 18:57 by miwang
Cisco WS-C2950-24 (RC32300) processor (revision C0) with 21039K bytes of memory.
2950-24 starting...
......... ....................... .....................
...done Initializing Flash.
........................ ..................... .........................
Boot Sector Filesystem (bs:) installed, fsid: 3
Parameter Block Filesystem (pb:) installed, fsid: 4
Loading "flash:/c2950-i6q4l2-mz.121-22.EA4.bin"...
########################################################################## [OK]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is

subject to restrictions as set forth in subparagraph
.................. .................. .......................
18
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA4, RELEASE SOFTWARE(fc1)
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 18-May-05 22:31 by jharirba
Cisco WS-C2950-24 (RC32300) processor (revision C0) with 21039K bytes of memory.
Processor board ID FHK0610Z0WC
Running Standard Image
24 FastEthernet/IEEE 802.3 interface(s)
32K bytes of flash-simulated non-volatile configuration memory.

Base ethernet MAC Address: 0060.473E.2030
Motherboard assembly number: 73-5781-09
Power supply part number: 34-0965-01
Motherboard serial number: FOC061004SZ
Power supply serial number: DAB0609127D
Model revision number: C0
Motherboard revision number: A0
Model number: WS-C2950-24
System serial number: FHK0610Z0WC
Cisco Internetwork Operating System Software

IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA4, RELEASE SOFTWARE(fc1)
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 18-May-05 22:31 by jharirba
Press RETURN to get started!
19
2. OSNOVNA KONFIGURACIJA I SIGURNOSNE POSTAVKE SWITCHA

Switch> --> osnovna konfiguracija switcha sa sigurnosnim postavkama
Switch>enable
Switch#configure terminal
Switch(config)#hostname S1
Switch(config)#no ip domain lookup
Switch(config)#banner motd &
********* !!! Authorized access only !!! *********** &
S1(config)#enable secret class
S1(config)#service password-encryption
S1(config)#line console 0
S1(config-line)#password cisco
S1(config-line)#login --> obavezno traite login u protivnome password nee djelovati
S1(config-line)#logging synchronous --> switch vas nee prekidati s svojim ispisima
S1(config-line)#exec-timeout 15 00 --> najdue vrijeme neaktivnosti konzole, nakon toga: password molim!
S1(config-line)#line vty 0 15
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#logging synchronous
S1(config-line)#exec-timeout 15 00
S1(config-line)#exit
S1#show running-config --> provjera uinjenoga
S1#copy running-config startup-config --> oprez, prije ove naredbe provjerite tonost upisanih passworda
3. IP ADRESA SWITCH-A I DEFAULT-GATEWAY SWITCH-A

S1(config)#interface vlan 1
S1(config-if)#ip address 172.17.1.11 255.255.255.0
S1(config-if)#no shutdown
%LINK-5-CHANGED: Interface Vlan1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
S1(config-if)#
S1(config-if)#exit
S1(config)#ip default-gateway 172.17.1.1
S1(config)#^Z
4. PROVJERA UINJENOGA NA SWITCHU

S1#show vlan --> koji su VLAN-ovi na switchu, kome pripadaju portovi na switchu
---- -------------------------------- --------- -------------------------------
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
1002 fddi-default active
................................... izostavljen ispis koji nam ne treba ..................................
S1#show ip interface vlan 1
Vlan1 is up, line protocol is up
20
Internet address is 172.17.1.11/24
Broadcast address is 255.255.255.255
Address determined by setup command
..................... izostavljen je ispis koji nam ne treba .............................
S1#show ip interfaces brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/1 unassigned YES manual down down
....................... izostavljen je ispis koji nam ne treba ...............................
Vlan1 172.17.1.11 YES manual up up
5. KONFIGURACIJA RUTERA
Router>enable
Router#dir
1 -rw- 5571584 <no date> c2600-i-mz.122-28.bin
Router#erase startup
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase of nvram: complete
Router#reload
Router>enable
Router#configure terminal
Router(config)#hostname Router-1
Router-1(config)#no ip domain-lookup
Router-1(config)#banner motd &
Enter TEXT message. End with the character '&'.
!!! Authorized access only !!!
&
Router-1(config)#enable secret class
Router-1(config)#service password-encryption
Router-1(config)#line con 0
Router-1(config-line)#pass cisco
Router-1(config-line)#login
Router-1(config-line)#logging synchronous
Router-1(config-line)#exec-timeout 15 00
Router-1(config-line)#line vty 0 4
Router-1(config-line)#password cisco
Router-1(config-line)#login
Router-1(config-line)#logging synchronous
Router-1(config-line)#exec-timeout 15 00
Router-1(config)#interface Fa0/0
Router-1(config-if)#ip address 172.17.1.1 255.255.255.0
Router-1(config-if)#no shutdown
Router-1(config-if)#^Z
Router-1#sh ip route
172.17.0.0/24 is subnetted, 1 subnets
C 172.17.1.0 is directly connected, FastEthernet0/0
21
6. PROVJERA RADA MREE
Rad mree provjerite s pinganjem (kao u zadatku).
Pregled MAC adresa ureaja koje je switch "nauio":
S1#show mac-address-table dynamic

Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0060.3ed5.0259 DYNAMIC Fa0/3 --> PC2
1 0060.702b.b7b2 DYNAMIC Fa0/9 --> PC7
1 00e0.b017.aa7c DYNAMIC Fa0/1 --> Router-1
LAB 2.2: KONFIGURACIJA SWITCHA STATIKE MAC ADRESE I PORT SECURITY
TOPOLOGIJA:
22
ZADATAK:
Spojite mreu prema skici. Napravite osnovnu konfiguraciju switcha i rutera. Portu na switchu dodijelite statiku adresu
prikljuenoga raunala. Na odabranome portu switcha konfigurirajte port security tako da taj port moe nauiti najvie dvije
MAC adrese i potom, za sluaj prikljuivanja novoga klijenta, prekida sav promet gaenjem.
Konfigurajte switch:
obriite sve postojee konfiguracije na switchu, napravite reload switcha,
napravite sigurnosne postavke na switchu: hostname (prema shemi), onemoguiti dns-lookup, banner (poruka ne smije
sadravati nikakve znakove dobrodolice ili pozdrave), postaviti enable secret password (class), postaviti konzolni
password (cisco) - korisnik se mora logirati, postaviti vty password (cisco) - korisnik se mora logirati.
Switchu dodijelite IP adresu (prema shemi) i adresu default-gateway-a (prema shemi) za to se posluite s ve
postojeim VLAN 1.
Portu Fa0/11 statiki pridruite MAC adresu raunala prikljuenoga na taj port,
definirajte Port security na portu Fa0/6 tako da taj port moe primiti najvie 2 ureaja, nauiti njihove MAC adrese i
blokirati svaki slijedei pokuaj spajanja u sluaju da spajanje pokua ureaj s nepoznatom MAC adresom tako to
port ugasi.
Konfigurajte router:
Konfigurirajte ruter uz sigurnosne postavke: hostname (prema shemi), onemoguiti dns-lookup, banner (poruka ne
smije sadravati nikakve znakove dobrodolice ili pozdrave), postaviti enable secret password (class), postaviti konzolni
Konfigurirajte suelja Fa0/0 i Fa 0/1 prema shemi.

Klijenti:
Konfigurirajte mrene adrese klijenata i default-gateway prema skici.
PROVJERA RADA MREE:

Pregledajte routing tablicu na ruteru R1 da li Router vidi mree?
Pingajte: PC1 --> PC2, PC1 --> PC3, PC1 --> S1, PC1 --> R1,
odredite koje je MAC adrese switch "nauio" i kome pripadaju,
Port Security: prikljuite PC4 na port Fa0/6, pingajte PC1. Provjerite koje MAC adrese sada zna S1.
Port Security: na Fa0/6 prikljuite jo jednoga klijenta (ne ve poznate!), dodijelite mu IP adresu i pingajte PC1. to se je
dogodilo?
23
OPIS PROCEDURA: PRIKAZUJEMO SAMO STATIKU DODJELU MAC ADRESA I PORT-SECURITY
1. STATIKA DODJELA MAC ADRESE PORTU NA SWITCHU

S pomou naredbe ipconfig/all dobavite podatak o MAC adresi raunala prikljuenoga na port Fa0/11:
Provjerite koje MAC adrese switch ima u svojoj CAM tablici i kako ih je dobavio:
S1#sh mac-address table

Mac Address Table
-------------------------------------------
---- ----------- -------- -----
1 0001.6416.6902 DYNAMIC Fa0/5 --> R1
1 000a.4163.da1e DYNAMIC Fa0/6 --> PC3
1 0060.7035.5d8c DYNAMIC Fa0/18 --> PC2
1 0060.70e5.a7b2 DYNAMIC Fa0/11 --> PC1
S1#configure terminal --> dodijelimo portu Fa0/11 statiku MAC adresu prikljuenoga klijenta (PC1)
S1(config)#mac-address-table static 0060.70E5.A7B2 vlan 1 interface Fa 0/11
S1(config)#^Z
S1#sh mac-address-table --> provjerimo uinjeno kako je switch dobavio MAC adresu na portu Fa0/11?
Mac Address Table
-------------------------------------------
---- ----------- -------- -----
1 0001.6416.6902 DYNAMIC Fa0/5
1 000a.4163.da1e DYNAMIC Fa0/6
1 0060.7035.5d8c DYNAMIC Fa0/18
1 0060.70e5.a7b2 STATIC Fa0/11
24
2. PORT SECURITY DEFINIRANJE MAKSIMALNOGA BROJA DOZVOLJENIH "POZNATIH" ADRESA, NAIN

PRIKUPLJANJA TIH ADRESA (STICKY) I GAENJE PORTA NA KOJEGA SE JE PRIKLJUIO PRKOBROJNI
"NEPOZNATI" KLIJENT
S1(config)#interface fa 0/6
S1(config-if)#switchport port-security --> enable port security
S1(config-if)#switchport port-security maximum 2
S1(config-if)#switchport port-security violation shutdown
S1(config-if)#sw port-security mac-address sticky
Pingajte PC3->S1, izvucite konektor PC3-S1 iz porta Fa0/6, na isti port prikljuite PC4,
pingajte PC4->S1,
provjerite port-security status porta F0/6:
S1#sh port-security int fa 0/6

Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 2
Total MAC Addresses :2
Configured MAC Addresses : 0
Sticky MAC Addresses :2
Last Source Address:Vlan : 000A.4163.DA1E:1
Security Violation Count : 0
S1#show runnning-config --> provjerite nauene sigurne adrese
!................ izostavljen je dio ispisa .........................
switchport mode access
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security mac-address sticky 000A.4163.DA1E
switchport port-security mac-address sticky 000C.CF85.CDB4
................. izostavljen je dio ispisa...................
Iskljuite PC4 iz porta Fa0/6, prikljuite novo "nepoznato" raunalo i s njega pingajte S1:
S1#
%LINK-5-CHANGED: Interface FastEthernet0/6, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/6, changed state to down --> port je ugaen
S1#
Iskljuite "nepoznato" raunalo iz porta Fa0/6 i aktivirajte ga runo!
25
3. KONFIGURACIJA VLAN-OVA, TRUNKOVA I ACCESS PORTOVA NA SWITCHU
LAB 3.1: KONFIGURIRANJE VLAN-OVA I PORTOVA SWITCHA U TRUNK I ACCESS NAINU RADA
TOPOLOGIJA
ZADATAK:
Mreu spojite prema skici. Na switchevima konfigurirajte VLAN-ove. VLAN-ovima na svakome switchu dodijelite portove za
prikljuak klijentskih raunala (access mode porta). Spoj switcheva konfigurirajte kao trunk s ime osiguravate prolaz prometa iz
obadvaju VLAN-ova.
Konfigurajte switcheve:
obriite sve postojee konfiguracije sa switcheva, napravite reload switcheva,

napravite sigurnosne postavke na switchevima: hostname (prema shemi), onemoguiti dns-lookup, banner (poruka ne
Switchevima dodijelite IP adrese (prema shemi) i adresu default-gateway-a (prva adresa iz VLAN 10) za to se posluite
s VLAN 10, koji e biti i native VLAN.
Na switchevima konfigurirajte VLAN 10 i VLAN 20, s time da e VLAN 10 sluiti i kao native VLAN.
Raspodjela portova na switchevima: konfigurirajte portove u access i trunk nainu rada prema tablici:
26
Switch trunk VLAN 10 Uprava VLAN 20 Prodaja
S1 Fa0/1 trunk Fa0/6-10 access Fa0/11-17 access
S2 Fa0/1 trunk Fa0/6-10 access Fa0/11-17 access
Konfigurajte klijente:
mrene kartice klijenata konfigurirajte s IP adresama prema shemi, klijente prikljuite u portove switcheva (prema
shemi).
PROVJERA RADA:
Provjerite na obadva switcha kreirane VLAN-ove i portove koji tim VLAN-ovima pripadaju,
provjerite na obadva switcha aktivnost trunk portova i native VLAN,
pingajte: PC1->PC2, PC1->PC4, PC1->PC5
PC3->PC6
OPIS PROCEDURA: OSNOVNE KONFIGURACIJE SWITCHEVA NE PRIKAZUJEMO
1. KREIRANJE IP ADRESE SWITCHA ZA UPRAVLJAKI VLAN

S1(config)#interface vlan 10 --> ovo morate napraviti na svakome switchu
S1(config-if)#exit
S1(config)#
S2(config-if)#exit
S2(config)#
2. KREIRANJE VLAN-OVA NA SWITCHU

S1(config)#vlan 10
S1(config-vlan)#name Uprava
S1(config-vlan)#vlan 20
S1(config-vlan)#name Prodaja
S2(config)#vlan 10
S2(config-vlan)#^Z
27
S2#sh vlan --> provjerimo uinjeno na S2
---- -------------------------------- --------- -------------------------------
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
10 Uprava active
20 Prodaja active
..................... izostavljen je dio ispisa ...................................
3. KREIRANJE ACCESS NAINA RADA PORTOVA PRIDRUIVANJE PORTOVA VLAN-OVIMA

S1(config)#interface range Fa0/6 10 --> ovo morate napraviti na switchevima
S1(config-if-range)#switchport mode access
S1(config-if-range)#switchport access vlan 10
S1(config-if-range)#exit
S1(config)#interface range fa 0/11 - 17

S2(config)#interface range fa0/6 - 10

S2(config)#
S2#show vlan --> provjerimo uinjeno na S2

---- -------------------------------- --------- -------------------------------
Fa0/5, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
10 Uprava active Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10
20 Prodaja active Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17
1002 fddi-default active
........................... izostavljen je dio ispisa ..................................................
28
4. KREIRANJE TRUNK NAIN RADA PORTOVA PORTOVI VODE PROMET VIE RAZLIITIH VLAN-OVA
S1(config)#interface fa0/1
S1(config-if)#switchport mode trunk
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
S1(config-if)#switchport trunk native vlan 10
S2(config)#
%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/1 (1), with S1 FastEthernet0/1
(10). S2 jo nezna to se deava na portu Fa0/1, ali native VLAN mu ne tima na trunku Fa0/1
S2(config-if)#switchport trunk native vlan 10 --> ovo mora biti isto
S2(config-if)#
%SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking FastEthernet0/1 on VLAN0010. Port consistency restored.
%SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking FastEthernet0/1 on VLAN0001. Port consistency restored.
Informacija o trunku je prola, native VLAN 10 je isti na obje strane
S2(config-if)#^Z
5. PROVJERA TRUNKOVA NA SWITCHEVIMA

S1#show interface trunk

Fa0/1 1-1005

Fa0/1 1,10,20,1002,1003,1004,1005

Fa0/1 1,10,20,1002,1003,1004,1005
S2#show interface trunk


Fa0/1 1-1005

Fa0/1 1,10,20,1002,1003,1004,1005

Fa0/1 1,10,20,1002,1003,1004,1005
29
4. VLAN TRUNKING PROTOKOL VTP
LAB 4.1: VTP KONFIGURACIJA S VTP SERVEROM I S VTP KLIJENTIMA
TOPOLOGIJA:
ZADATAK:
Spojite mreu prema shemi. Konfigurirajte switcheve za VTP. Na VTP serveru kreirajte VLAN-ove, VTP domenu i VTP password.
Provjerite da li je VTP server prenio konfiguraciju na VTP klijente.

napravite sigurnosne postavke na switchevima: hostname (prema shemi), onemoguiti dns-lookup, banner
(class), postaviti konzolni password (cisco) - korisnik se mora logirati, postaviti vty password (cisco) - korisnik se
mora logirati.
Switchevima dodijelite IP adrese (prema shemi) i adresu default-gateway-a (prva adresa iz VLAN 99) za to se
posluite s VLAN 99, koji e biti i native VLAN.
30
Switch S1 je VTP server, naziv domene Lab4, VTP domain password: cisco4, njegovi portovi (prema skici) su
trunk, nema prikljuenih klijenata,
Na VTP serveru kreirajte VLAN-ove:
VLAN VLAN naziv Mrena adresa

oznaka
10 Prodaja 172.17.10.0/24
20 Servis 172.17.20.0/24
30 Uprava 172.17.30.0/24
99 Administratorski 192.168.99.0/24 S1: 192.168.99.11
(native VLAN) S2: 192.168.99.12
S3: 192.168.99.13
default-gateway: 192.168.99.1
Switchevi S2 i S3 su VTP klijenti u istoj domeni i s istim passwordom. Portovi na njima su:
Switch VLAN 10 VLAN 20 VLAN 30 VLAN 99

S1 nema nema nema Fa0/1 2 trunk
S2 Fa 0/11 - 17 Fa 0/18 - 24 Fa 0/6 - 10 Fa 0/1 trunk
S3 Fa 0/11 - 17 Fa 0/18 - 24 Fa 0/6 - 10 Fa 0/2 trunk
Provjerite da li je VTP server prenio obavijesti o VLAN-ovima svojim klijentima (S2 i S3).
Prikljuite klijente na switcheve S2 i S3 (pazite na portove), dodijelite im mrene adrese (prema skici).
PROVJERA RADA:
Provjerite rad mree s pinganjem (intra-vlan routing: VLAN10 --> VLAN10....).
31
OPIS PROCEDURA: PRIKAZUJEMO SAMO KONFIGURACIJU ZA VTP
1. DODJELA IP ADRESA (IZ UPRAVLJAKOGA VLAN-A 99 ADMIN VLAN) SWITCHEVIMA

S1(config-if)#exit
S1(config)#
S2(config-if)#ip add 192.168.99.12 255.255.255.0
S2(config-if)#no sh
S2(config-if)#exit
S3(config-if)#no sh
S3(config-if)#ip default-gateway 192.168.99.1
S3(config)#
2. KONFIGURIANJE TRUNK PORTOVA NA SWITCHEVIMA

S1(config)#interface range fa0/1 - 2
S1(config-if-range)#switchport mode trunk
S1(config-if-range)#switchport trunk native vlan 99
S1(config)#
S2(config-if)#
S3(config)#interface fa 0/2
S3(config-if)#
3. KONFIGURACIJA VTP SERVERA I VTP KLIJENATA U VTP DOMENI

S1(config)#vtp mode server
Device mode already VTP SERVER.
S1(config)#vtp domain Lab4
Changing VTP domain name from NULL to Lab4
S1(config)#vtp password cisco4
Setting device VLAN database password to cisco4
S1(config)#
S2(config)#vtp mode client

Setting device to VTP CLIENT mode.
32
S2(config)#
S3(config)#vtp mode client
Setting device to VTP CLIENT mode.
S3(config)#
4. KONFIGURACIJA VLAN-OVA NA VTP SERVERU I PREGLED STANJA NA VTP KLIJENTIMA

S1(config)#vlan 10
S1(config-vlan)#name Servis
S1(config-vlan)#name Admin
S1(config-vlan)#exit
S1(config)#
S1#sh vtp status

VTP Version :2
Configuration Revision :8
Maximum VLANs supported locally : 255
Number of existing VLANs :9
VTP Operating Mode : Server
VTP Domain Name : Lab4
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x0A 0x79 0x67 0x94 0x08 0xB9 0xE2 0xB3
Configuration last modified by 0.0.0.0 at 3-1-93 00:23:18
Local updater ID is 192.168.99.11 on interface Vl99 (lowest numbered VLAN interface found)
S2#sh vtp status --> provjerimo da li je S2 primio i primijenio konfiguracijske objave s S1 (servera)
VTP Version :2
Configuration Revision :8
Maximum VLANs supported locally : 255
Number of existing VLANs :9
VTP Operating Mode : Client
VTP Domain Name : Lab4
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x0A 0x79 0x67 0x94 0x08 0xB9 0xE2 0xB3
Configuration last modified by 0.0.0.0 at 3-1-93 00:23:18
S2#sh vlan
---- -------------------------------- --------- -------------------------------
33
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24, Gig1/1
Gig1/2
10 Prodaja active
20 Servis active
30 Uprava active
99 Admin active
...................
izostavljen je dio ispisa koji nam ne treba ....................................
S2#sh int trunk

Fa0/1 1-1005

Fa0/1 1,10,20,30,99,1002,1003,1004,1005

Fa0/1 1,10,20,30,99,1002,1003,1004,1005
34
LAB 4.2: VTP KONFIGURACIJA VTP SERVER, VTP TRANSPARENT I VTP KLIJENTI
TOPOLOGIJA:
ZADATAK:
Spojite mreu prema skici. Konfigurirajte switcheve za VTP: server, klijente i transparentni. Na serveru kreirajte VLAN-ove prema
skici. Provjerite da li su VTP klijenti primili konfiguracijsku obavijest od VTP servera i primijenili je. Na VTP transparentnome
switchu kreirajte lokalni VLAN. Provjerite da li je lokalni VLAN prenijet na koji od klijenata ili na server. Provjerite rad mree s
pinganjem.
Switchevima dodijelite IP adrese (prema shemi) i adresu default-gateway-a (prva adresa iz VLAN 99) za to se posluite
s VLAN 99, koji e biti i native VLAN za sve switcheve u domeni.
35
Switch S1 je VTP server, naziv domene Lab46, VTP domain password: cisco46, njegovi portovi (prema skici) su
trunk, nema prikljuenih klijenata.
Switchevi S2 i S3 su VTP klijenti u istoj domeni i s istim domenskim passwordom.

Switch ST je transparentni switch u VTP domeni s istim domenskim passwordom.

oznaka
10 Prodaja 172.17.10.0/24
20 Servis 172.17.20.0/24
30 Uprava 172.17.30.0/24
99 Administratorski 192.168.99.0/24 S1: 192.168.99.11
(native VLAN) S2: 192.168.99.12
S3: 192.168.99.13
default-gateway: 192.168.99.1
Raspored portova na switchevima S1, S2, S3 i ST je:
Switch VLAN 10 VLAN 20 VLAN 30 VLAN 99

S1 nema nema nema Fa0/1 2 trunk
S2 Fa 0/11 - 17 Fa 0/18 - 24 Fa 0/6 - 10 Fa 0/1 trunk
S3 Fa 0/11 - 17 Fa 0/18 - 24 Fa 0/6 - 10 Fa 0/3 trunk
ST nema nema nema Fa0/2 3 trunk
Provjerite da li je VTP server prenio obavijesti o VLAN-ovima svojim klijentima (S2 i S3).
Provjerite VTP transparentni switch ST: na sebi ne smije imati niti jedan od VLAN-ova sa VTP servera.
Na VTP transparentnome switchu ST kreirajte VLAN 88, naziv Lokalni88, mrena adresa 172.24.88.0/24. Raspon
portova koji pripada tome VLAN-u je Fa 0/6 - 15.
Provjerite VTP server i VTP klijente: na njima ne smije biti VLAN 88.
PROVJERA RADA:
Rad mree provjerite s meusobnim pinganjem klijenata iz istih VLAN-ova.
OPIS PROCEDURA:
Lab polaznici izrauju samostalno sluei se s dosada usvojenim vjetinama.
36
LAB 4.3: VTP KONFIGURACIJA INTER-VLAN ROUTING
TOPOLOGIJA:
ZADATAK:
Spojite mreu prema skici. Konfigurirajte VTP server i klijente. Na VTP serveru kreirajte VLAN-ove. Konfigurirajte ruter tako da
omogui inter-VLAN routing. Provjerite rad mree.

Switchevima dodijelite IP adrese (prema shemi) i adresu default-gateway-a za to se posluite s VLAN 10, koji e biti i
native VLAN za sve switcheve u domeni.
Switch S1 je VTP server, naziv domene Lab48, VTP domain password: cisco, switchevi S2 i S3 su VTP klijenti u
istoj domeni i s istim domenskim passwordom.
37

10 Kontrolni (native) 192.168.10.0/24 S1: 192.168.10.11
S2: 192.168.10.12
S3: 192.168.10.13
50 Learning & Data 172.17.50.0/24
Raspored portova na switchevima S1, S2 i S3 je:
Switch VLAN 10 VLAN 50 trunk

S1 Fa0/3 Fa0/4 Fa0/1 2
S2 Fa 0/11 - 17 Fa 0/18 - 24 Fa 0/1 trunk
S3 Fa 0/11 - 17 Fa 0/18 - 24 Fa 0/2 trunk
Provjerite da li je VTP server poslao konfiguracijske obavijesti VTP klijentima i da li na VTP klijentima postoje
potrebni VLAN-ovi.
Radi sigurnosti, pogasite sve nepotrebne portove na S2 i S3.
Na S2 i S3 za sve aktivne portove konfigurirajte port-security tako da portovi naue samo MAC adrese
prikljuenih ureaja, a za sluaj pokuaja spajanja novoga ureaja port e biti ugaen.
Konfigurirajte ruter:
obriite sve postojee konfiguracije sa rutera, napravite reload rutera,
napravite sigurnosne postavke na ruteru: hostname (prema shemi), onemoguiti dns-lookup, banner (poruka
ne smije sadravati nikakve znakove dobrodolice ili pozdrave), postaviti enable secret password (class),
postaviti konzolni password (cisco) - korisnik se mora logirati, postaviti vty password (cisco) - korisnik se mora
logirati.
Konfigurirajte interface Fa0/0 s adresom iz VLAN-a 10 (prema shemi),

konfigurirajte interface Fa0/1 s adresom iz VLAN-a 50 (prema shemi),
prikljuite R1:Fa0/0 > Fa0/3:S1 i R1:Fa0/1 --> Fa04:S1, provjerite routing tablicu.
PROVJERA RADA:
Provjerite rad mree s pinganjem: PC1 -> PC2, PC1 -> PC3, PC1 -> WWW server.
S PC1 dohvatite WWW stranicu s WWW servera,
s PC1 telnetirajte se na R1 i kopirajte running-config rutera na TFTP server.
Provjerite rad port-security-a.
OPIS PROCEDURA:
Polaznici Lab rjeavaju samostalno.
38
5. SPANNING-TREE PROTOKOL (STP)
LAB 5.1: STP I RSTP U JEDNOSTAVNOME SLUAJU
TOPOLOGIJA:
ZADATAK:
Spojite mreu prema skici. Utvrdite djelovanje spanning-tree protokola na sprjeavanju pojave petlji na Layer-u 2. Pokrenite
Rapid STP i utvrdite njegovo djelovanje.
Konfiguracija switcheva:
Switchevima dodijelite IP adrese (prema shemi) i adresu default-gateway-a za to se posluite s VLAN-om 99, koji e biti
i native VLAN za sve switcheve u domeni.
Switch S2 je VTP server, naziv domene Lab, VTP domain password: cisco.
Switch S1 je VTP klijent u istoj domeni i s istim passwordom.
39
VLAN oznaka VLAN naziv Mrena adresa

10 Prodaja 192.168.10.0/24
20 Servis 192.168.20.0/24
99 Management 192.168.99.0/24
Raspored portova na switchevima je:
Switch VLAN 10 VLAN 20 VLAN 99

S1 Fa 0/6 - 10 Fa 0/11 - 17 Fa 0/1- 5 trunk
S2 Fa 0/6 - 10 Fa 0/11 - 17 Fa 0/1- 5 trunk
Provjerite da li je VTP server prenio obavijesti o VLAN-ovima svojem klijentu.
Provjerite da li je STP aktivan na S1 i S2 i za koje je mree (VLAN-ove) aktivan.

Oitavajui stanje STP-a za svaki pojedini VLAN utvrdite koji je switch root-switch za taj VLAN i zato.
Oitavajui stanje portova na S1 i S2 za pojedine mree (VLAN-ove) utvrdite da li su obadvije putanje od S1 do
S2 aktivne za svaku od mrea (VLAN), a ako nisu tada utvrdite koja je aktivna.
Prekinite aktivnu putanju S1->S2 i ponovno provjerite stanje STP-a (ali samo za jedan VLAN). Nakon utvrivanja
stanja aktivirajte prekinutu putanju.
Za odabrani VLAN podesite STP tako da drugi switch preuzme ulogu root-switcha. Ponovno provjerite stanje
putanji izmeu switcheva S1 i S2.
Aktivirajte Rapid spanning-tree protokol. Ponovno provjerite stanje na switchevima (tko je root-switch i koja je
putanja aktivna).
Klijentska raunala:
PROVJERA RADA:
Rad mree provjerite s meusobnim pinganjem klijenata iz iste mree.
OPIS PROCEDURA:
40
1. PROVJERA AKTIVNOSTI SPANNING-TREE PROTOKOLA, ROOT-SWITCH I AKTIVNA PUTANJA S1-> S2

S1#show spanning-tree
VLAN0001 --> Stanje za VLAN 1
Spanning tree enabled protocol ieee --> to je PVSTP
Root ID Priority 32769 --> 32768+1=32769
Address 000A.F39D.64E9
This bridge is the root --> ZA VLAN 1 ovaj je switch ROOT (svi portovi bit e designated)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Aging Time 20
Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.1 P2p --> veza prema S2
VLAN0010 --> stanje za VLAN 10

Spanning tree enabled protocol ieee
Root ID Priority 32778 --> 32768+10=32778
This bridge is the root --> ovaj switch je ROOT za VLAN 10 (svi portovi bit e designated)

Aging Time 20

---------------- ---- --- --------- -------- --------------------------------
Fa0/6 Desg FWD 19 128.6 P2p --> klijentsko raunalo
VLAN0020 --> stanje za VLAN 20

Root ID Priority 32788
This bridge is the root --> za VLAN 20 ovaj switch je ROOT (svi portovi su designated)

Aging Time 20
41
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/11 Desg FWD 19 128.11 P2p
VLAN0099
This bridge is the root

Aging Time 20

---------------- ---- --- --------- -------- --------------------------------
S1#
S2#show spanning-tree
VLAN0001
Address 000A.F39D.64E9 --> S2 zna da je root S1, ovo su podatci za ROOT
Cost 19
Port 1(FastEthernet0/1)

Address 0040.0BAC.D292--> ovo su podatci za S2
Aging Time 20

---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Root FWD 19 128.1 P2p --> Fa0/1 vodi na S1, to je root-port i vodi
Fa0/2 Altn BLK 19 128.2 P2p --> Fa0/2 spojen je na S1, ali je blokiran ostaje samo jedna putanja
VLAN0010 --> stanje za VLAN 10 --> obratite pozornost na stanje portova

Cost 19
42
Address 0040.0BAC.D292
Aging Time 20

---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Root FWD 19 128.1 P2p
Fa0/2 X Altn BLK 19 128.2 P2p
............ izostavljen je dio ispisa..........................................................................................
S2#
Zakljuak:
STP (PVSTP) proraunava putanje za svaki VLAN posebno.

U izborima za ROOT-switch pobijedio je S1 (ima najmanju MAC adresu uz isti prioritet).
Od dviju veza izmeu S1 i S2 ostala je samo veza S2:Fa0/1 --> S1:Fa0/1.
Veza S2:Fa0/2 --> S1:Fa0/2 je privremeno blokirana nema redundantnih putanja (i petlji).
2. DJELOVANJE STP-A U SLUAJU PREKIDA AKTIVNE PUTANJE

Prekinimo aktivnu putanju S2:Fa0/1 --> S1:Fa0/1 i provjerimo stanje STP-a za VLAN 20:
S1(config)#interface Fa0/1
S1(config-if)#shutdown
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
S1(config-if)#^Z
S2#show spanning-tree vlan 20

VLAN0020
Address 000A.F39D.64E9 --> S1 je i dalje root
Cost 19

Aging Time 20

---------------- ---- --- --------- -------- --------------------------------
Fa0/2 Root LRN 19 128.2 P2p --> ovaj port je sada root-port (jo ui nakon prekida)
Fa0/11 Desg FWD 19 128.11 P2p
S1#show spanning-tree VLAN 20

VLAN0020
43
This bridge is the root --> i dalje je root

Aging Time 20

---------------- ---- --- --------- -------- --------------------------------
Fa0/2 Desg FWD 19 128.2 P2p --> ovaj port je i dalje u stanju voenja
Fa0/11 Desg FWD 19 128.11 P2p
Zakljuak:
po prekidu aktivne putanje STP je preraunao nove mogunosti,

za VLAN 20 switch S1 je i dalje ostao root, njegov port Fa0/2 i dalje je u stanju designated,
za VLAN 20 switch S2 je izgubio ugaeni port, ali je zato aktiviran port Fa0/2,
znai da je STP pronaao i aktivirao drugu putanju (opet samo jednu) za voenje prometa S2 --> S1,
aktivna putanja je sada S2:Fa0/2 --> S1:Fa0/2.
3. FORSIRANA PROMJENA ROOT-SWITCHA

Za VLAN 20 forsirajmo odabir switcha S2 za root-switch:
S2#configure terminal
S2(config)#spanning-tree vlan 20 priority 4096 --> s pomou prioriteta (najmanjega) to e biti root.
S2(config)#^Z
S2#sh spanning-tree vlan 20 --> provjera uinjenoga

VLAN0020
Root ID Priority 4116 (4096+20=4116)

Aging Time 20

---------------- ---- --- --------- -------- --------------------------------
Fa0/2 Desg FWD 19 128.2 P2p --> ovaj port je sada designated (ali za VLAN 20)
Fa0/11 Desg FWD 19 128.11 P2p
Zakljuak:
S pomou prioriteta moemo eljeni switch za odabrani VLAN proglasiti root-switchem,
STP za taj odabrani VLAN radi novi izraun putanji i prilagoava stanje portova novoj situaciji.
44
4. RAPID SPANNING-TREE PROTOKOL - AKTIVIRANJE
S2(config)#spanning-tree mode rapid-pvst --> to morate napraviti i na switchu S1

S2(config)#^Z
S2#show spanning-tree vlan 20

VLAN0020
Spanning tree enabled protocol rstp

Aging Time 20

---------------- ---- --- --------- -------- --------------------------------
Fa0/11 Desg FWD 19 128.11 P2p
S1#show spanning-tree summary --> detaljnjiji podatci o spanning-tree prtokolu na S1 s stanjem portova
S2#show spanning-tree summary
45
LAB 5.2: STP I RSTP U SLOENIJEM SLUAJU (S INTER-VLAN ROUTINGOM)
TOPOLOGIJA:
ZADATAK:
Spojite mreu prema skici. Konfigurirajte VTP u domeni. Utvrdite aktivnu putanju STP-a. Pomaknite root-switch i ponovno
utvrdite putanju. Konfigurirajte RSTP. Konfigurirajte routing protokol OSPF. Provjerite komunikaciju VLAN-ova s WWW/TFTP
serverom.
46
Switchevima dodijelite IP adrese i adresu default-gateway-a za to se posluite s VLAN-om 10, koji e biti i native VLAN
za sve switcheve u domeni.
Switchevi S2 i S3 su VTP klijenti u istoj domeni i s istim passwordom.


10 Prodaja 172.17.10.0/24
20 Servis 172.17.20.0/24

S1 nema nema Fa 0/1- 4 trunk
S2 Fa 0/6 - 10 Fa 0/11 - 17 Fa 0/1- 4 trunk
S3 Fa0/5 Fa0/6 Fa0/1 4 trunk
Provjerite da li je VTP server prenio obavijesti o VLAN-ovima svojem klijentu.
Provjerite da li je STP aktivan i koji je switch root-switch za VLAN 10 i zato je root..

Utvrdite aktivnu putanju za VLAN 20 od klijenta iz VLAN 20 do rutera R1.
Za VLAN 20 podesite STP tako da S1 preuzmu ulogu root-switcha. Tono utvrdite aktivnu putanju prometa
VLAN-a 20 do R1.
Aktivirajte Rapid spanning-tree protokol. Ponovno provjerite stanje na switchevima (tko je root-switch i koja je
putanja aktivna).
Konfiguracija rutera:
napravite sigurnosne postavke na ruterima: hostname (prema shemi), onemoguiti dns-lookup, banner (poruka
logirati.
Za serijsku vezu R1 <--> R2 posluite se s mreom 121.121.121.192/27 koju uinkovito subnetirajte (koliko
hostova trebate?). Bandwidth ovoga serijskoga linka je 64000b/s.
Konfigurirajte suelja na ruterima.
Na ruterima R1 i R2 konfigurirajte routing protokol OSPF 5, area 0, tako da:
R1 objavi sve svoje mree,

R2 objavi samo serijski link.
R1 i R2 moraju osigurati komunikaciju VLAN-a 10 i VLAN-a 20 s mreom u kojoj je WWW server potrebne
dopune ne smijete uiniti s pomou objava u OSPF-u.
47
Konfiguracija klijenata i WWW servera:
IP adrese prema shemi.
PROVJERA RADA:
Rad mree provjerite s meusobnim pinganjem: PC1 -> PC2, PC1 -> WWW,
S PC1 telnetirajte se na R1 i kopirajte njegovu running-config na TFTP server.
OPIS PROCEDURA:
Polaznici samostalno izrauju ovaj Lab.
48
6. INTER-VLAN ROUTING
LAB 6.1: INTER-VLAN ROUTING - KLASINI
TOPOLOGIJA:
ZADATAK:
Spojite mreu prema shemi. Na switchu kreirajte VLAN-ove i pridruite im portove ukljuujui i portove vezane na ruter, pazei
pri tome koji je port switcha vezan na koje suelje rutera. Na ruteru konfigurirajte suelja. Provjerite rad mree.
Konfiguracija switcha:
obriite sve postojee konfiguracije sa switcha, napravite reload switcha,

Switchu dodijelite IP adresu i adresu default-gateway-a za to se posluite s VLAN-om 10.
Na switchu kreirajte VLAN 10 i VLAN 20 i pridruite im portove prema shemi:
49
Switch VLAN 10 VLAN 20
S1 F0/1 - 3 F0/10 12
napravite sigurnosne postavke na ruteru: hostname (prema shemi), onemoguiti dns-lookup, banner (poruka ne smije
Konfigurirajte suelja rutera:
Fa0/0 s adresom iz VLAN-a 10,
Fa0/1 s adresom iz VLAN-a 20.
Provjerite sadraj routing tablice.
Konfiguracija klijenata:
klijentska raunala prikljuite na portove switcha, potom im dodijelite IP adrese prema shemi.
PROVJERA RADA:
Rad mree provjerite s meusobnim pinganjem:
klijenata iz istoga VLAN-a,

klijenata iz razliitih VLAN-ova.
OPIS PROCEDURA:
1. KONFIGURACIJA SWITCHA ZA KLASINI INTER-VLAN ROUTING

S1(config)#interface vlan 10 --> dodjela IP adrese za upravljanje
S1(config-if)#exit
S1(config)#vlan 10 --> kreacijs VLAN-ova

S1(config-vlan)#interface range Fa0/1 3 --> dodjela portova VLAN-u 10

S1(config)#interface range fa0/10 12 --> dodjela portova VLAN-u 20

50
2. KONFIGURACIJA RUTERA ZA KLASINI INTER-VLAN ROUTING
R1(config)#interface fa0/0 --> konfiguracija suelja za mreu VLAN 10

R1(config-if)#ip address 172.17.10.1 255.255.255.0
R1(config-if)#no shutdown
R1(config)#interface fa0/1 --> konfiguracija suelja za mreu VLAN 20

R1(config-if)#ip address 172.17.20.1 255.255.255.0
R1(config-if)#no shutdown
R1#sh ip route --> provjera routing tablice

.......................... izostavljen je dio ispisa .......................
51
LAB 6.2: INTER-VLAN ROUTING ROUTER ON THE STICK
TOPOLOGIJA:
ZADATAK:
Spojite mreu prema skici. Na switchu kreirajte VLAN-ove, VLAN-ovima pridruite portove za prikljuivanje klijenata. Na jednome
portu switcha kreirajte trunk koji e posluiti za vezu s ruterom. Ruter konfigurirajte kao router-on-the-stick. Provjerite rad
mree.
Switchu dodijelite IP adresu i adresu default-gateway-a za to se posluite s VLAN-om 10, koji e biti i native VLAN.
52
Na switchu kreirajte VLAN-ove 10, 20 i 30 i pridruite im portove prema shemi:
Switch VLAN 10 VLAN 20 VLAN 30 trunk

S1 F0/11 - 17 F0/18 24 F0/6 - 10 F0/5
Konfigurirajte suelja rutera:
Fa0/0 s adresom iz iz mree WWW/TFTP servera,
Fa0/1 za inter-VLAN routing:
Fa0/1.10 za VLAN 10, enkapsulacija dot1q,
Fa0/1.20 za VLAN 20, enkapsulacija dot1q,
Fa0/1.30 za VLAN 30, enkapsulacija dot1q.

klijentska raunala prikljuite na portove switcha, potom im dodijelite IP adrese prema shemi,
PROVJERA RADA:
sa klijenta PC1 iz VLAN-a 10 pingajte redom klijente iz drugih VLAN-ova ukljuujui i WWW server.
OPIS PROCEDURA:
1. KONFIGURACIJA SWITCHA ZA ROUTER-ON-THE-STICK: VLAN-OVI, PRIDRUIVANJE PORTOVA VLAN-

OVIMA, TRUNK PORT
S1(config)#interface vlan 10 --> dodjela IP adrese za upravljanje
S1(config-if)#exit
S1(config)#ip default-gateway 172.17.10.1 --> dodjela IP adrese default-gateway-a
S1(config)#vlan 10 --> kreacija VLAN-ova

S1(config-vlan)#exit
S1(config)#interface range fa 0/11 17 --> dodjela portova VLAN-ovima (za klijente)
53
S1(config)#interface fa0/5 --> kreacija trunk porta
S1(config-if)#sw trunk native vlan 10
2. ROUTER-ON-THE-STICK: KONFIGURACIJA SUBINTERFACES

R1(config)#interface fa 0/1
R1(config-if)#no shutdown --> samo ga upalite!
R1(config-if)#interface fa0/1.10 --> subinterface za VLAN 10
R1(config-subif)#encapsulation dot1q 10 native
R1(config-subif)#ip address 172.17.10.1 255.255.255.0
R1(config-subif)#interface fa 0/1.20
R1(config-subif)#encapsulation dot1q 20
R1(config-subif)#interface fa 0/1.30
R1(config-subif)#encapsulation dot1q 30
R1#sh ip route
....................... izostavljen je dio ispisa koji nam ne treba .....................
C 172.17.10.0 is directly connected, FastEthernet0/1.10
54
LAB 6.3: INTER-VLAN ROUTING ROUTER ON THE STICK I ROUTING PROTOKOL
TOPOLOGIJA:
ZADATAK:
Spojite mreu prema skici. Konfiguriajte switcheve za VTP. Konfigurirajte Rapid STP, postavite root-switch za zadani VLAN.
Konfigurirajte ruter tako da osigura inter-VLAN routing. Konfigurirajte routing protokol. Ruteri moraju osigurati komunikaciju
VLAN-ova s WWW serverom. Provjerite rad mrea.
55
Switchevima dodijelite IP adrese i adresu default-gateway-a za to se posluite s VLAN-om 10, koji e biti i native VLAN
za sve switcheve u domeni.
Switchevi S2 i S3 su VTP klijenti u istoj domeni i s istim passwordom.


10 Prodaja 172.17.10.0/24
20 Servis 172.17.20.0/24
30 Uprava 172.17.30.0/24

S1 nema nema nema Fa 0/1- 4 trunk
S2 Fa 0/11 - 17 Fa 0/18 - 24 Fa 0/6 - 10 Fa 0/1- 4 trunk
S3 nema nema nema Fa 0/1 5 trunk
Provjerite da li je VTP server prenio obavijesti o VLAN-ovima svojim klijentima.

Aktivirajte Rapid spanning-tree protokol na svim switchevima, utvrdite koji je switch root za VLAN 20 i utvrdite
tonu putanju prometa od klijenata iz VLAN-a 20 do R1.
Postavite S1 kao root switch za VLAN 10 i S3 kao root switch za VLAN-ove 20 i 30.
napravite sigurnosne postavke na ruterima: hostname (prema shemi), onemoguiti dns-lookup, banner (poruka
logirati.
Za serijsku vezu R1 <--> R2 posluite se s mreom 121.121.121.64/27 koju uinkovito subnetirajte (koliko
hostova trebate?). Bandwidth ovoga serijskoga linka je 64000b/s.
Konfigurirajte suelja na ruterima.

Na ruterima R1 i R2 konfigurirajte routing protokol EIGRP id 4, tako da:
56
R1 objavi sve svoje mree,
R2 objavi samo serijski link.
R1 i R2 moraju osigurati komunikaciju VLAN-ova s mreom u kojoj je WWW server potrebne dopune ne
smijete uiniti s pomou objava u EIGRP-u.
Konfiguracija klijenata i WWW servera:
IP adrese prema shemi.
PROVJERA RADA:
Rad mree provjerite s meusobnim pinganjem klijenata iz VLAN-ova i potom s pinganjem klijenata iz VLAN-ova
s WWW serverom,
S PC3 telnetirajte se na R1 i kopirajte njegovu running-config na TFTP server.
OPIS PROCEDURA:
Polaznici ovaj Lab rjeavaju samostalno.
57
7. WIRELESS LAN
LAB 7.1: JEDNOSTAVNA BEZINA MREA
TOPOLOGIJA:
ZADATAK:
Konfigurirajte bezini ruter tako da osigurate meusobnu bezinu vezu klijenata i bezinu vezu klijenata s Serverom. Svi klijent
svoje IP adrese primaju automatski (DHCP), osim Servera ija je adresa fiksna. Provjerite rad mree.
Konfiguracija Wireless routera:
ruteru pristupite s ianom vezom s PC1 na Ethernet port rutera,

podesite ruter za bezinu mreu:
SSID: Lab7, security mode: WEP, encription: 40/64 bita, Key: 1234567890,
adresa bezine mree: 10.10.10.0/24 ruter e imati prvu adresu,
dodjela IP adresa klijentima: ukupno 10 adresa, s time da je poetna: 10.10.10.20.
Ne mijenjajte inicijalni username i password.

Spremite uinjeno i prekinite ianu vezu PC1->WRS2.
Konfiguracija bezinih klijenata:

podesite bezini adapter klijenta tako da adresu prima preko DHCP-a,
potraite dostupne bezine mree, odaberite mreu Lab7 i prikljuite se.
Provjerite IP adresu koju je klijent primio od svojega DHCP servera.
58
Konfiguriranje WWW/TFTP servera:
Na jednome klijentu pokrenite Eagle-server, podesite bezinu karticu sa statikom adresom,

prikljuite se na svoju mreu.
PROVJERA RADA:
Rad mree provjerite s meusobnim pinganjem klijenata i dostupom na WWW/TFTP server.
OPIS PROCEDURA:
1. PODEAVANJE BEZINOGA RUTERA: PRISTUP RUTERU, NAZIV MREE, AUTENTIFIKACIJA, ENKRIPCIJA,

KLJU ZA PRISTUP, RASPON AUTOMATSKOGA DODIJELJIVANJA ADRESA KLIJENTIMA
ruteru pristupate s ianom vezom s PC1 na Ethernet port rutera:
inicijalno: adresa rutera: 192.168.0.1/24, user: admin, password: admin,
raunalo PC1 mora imati adresu iz mree 192.168.0.0/24, na PC1 pokrenite Internet-pretraiva i
upiite adresu rutera.
u Setupu rutera podesite:

SSID: Lab7, security mode: WEP, encription: 40/64 bita, Key: 1234567890.
Internet connection type: za sada nebitno,
Definirajte bezinu mreu:
Network setup/Router IP: 10.10.10.1/24 (mrea je 10.10.10.0/24),
IP adrese klijenti primaju preko DHCP-a, prvodostupna adresa neka je 10.10.10.20 i bit e
dodijeljeno 10 adresa.
Spremite uinjeno i prekinite ianu vezu PC1 -> WRS2.
59
elite li ruteru ponovno pristupiti s ianom vezom, morate PC1-u dati adresu iz mree 10.10.10.0/24 s
time da mu ne moete dati adresu rutera (10.10.10.1).
60
61
LAB 7.2: UKLJUIVANJE BEZINE MREE U IANU MREU
TOPOLOGIJA:
ZADATAK:
Spojite mreu prema shemi. Na switchu konfigurirajte VLAN-ove ukljuujui i VLAN za prihvat bezinoga rutera. Na bezinome
ruteru konfigurirajte mreu bezinih klijenata s automatskom dodjelom IP adresa. Konfigurirajte ruter tako da osigura promet
izmeu svih VLAN-ova. Provjerite rad mree.
Switchu dodijelite IP adresu i adresu default-gateway-a za to se posluite s VLAN-om 10, koji e biti i native VLAN.
62
Na switchu kreirajte VLAN-ove 10, 20 i 88, VLAN-ovima pridruite portove prema shemi:

S1 F 0/11 - 17 F 0/18 - 24 F 0/7 F 0/5
Osigurajte trunk sa switcha na ruter.
Konfiguracija rutera R1:

Konfigurirajte suelja rutera tako da ruter osigura inter-VLAN routing za sve VLAN-ove.
ruteru pristupite s ianom vezom s PC1 na Ethernet port rutera,
podesite ruter za bezinu mreu:

SSID: Lab72, security mode: WEP, encription: 40/64 bita, Key: 1234567890,
"Internet veza rutera" sa switchem S1: mrea 172.17.88.0/24, ruter ima statiku adresu (prema
shemi).
Adresa bezine mree za koju je ruter Access point: 172.17.40.0/24 ruter e imati prvu adresu,
dodjela IP adresa klijentima:
s pomou DHCP-a
ukupno 10 adresa, s time da je poetna adresa: 172.17.40.100/24.

Spremite uinjeno i prekinite ianu vezu PC1->WRS2.
"iani" klijenti: adrese su statike prema shemi,
bezini klijenti: dohvat IP adrese je preko DHCP-a.
PROVJERA RADA:
Rad mree ispitajte s meusobnim pinganjem svih klijenata.
OPIS PROCEDURA:
Polaznici ovaj Lab izrauju samostalno.
63
LAB 7.3: PRIMJENA BEZINE MREE SLOENIJI SLUAJ (SUBNETIRANJE, VLAN-OVI, STP, VTP,
WIRELESS LAN, INTER-VLAN ROUTING)
TOPOLOGIJA:
ZADATAK:
Spojite mreu prema skici. Primljenu mrenu adresu subnetiranjem podijelite u podmree tako da zadovoljite potrebe svih
mrea. Konfigurirajte VTP (server i klijente), STP i bezini ruter. Ruter R1 mora osigurati komunikaciju svih mrea. Konfigurirajte
sve klijente. Provjerite rad mree s pinganjem.
SUBNETIRANJE:
Zadana je mrea: 172.20.96.0/22 koju s subnetiranjem podijelite tako da zadovoljite potrebe svih mrea (osim ISP-a koji je
predstavljen s zadanom adresom na Loopback suelju rutera)
Mrea hostova Adresa mree/prefiks 1. - zadnji host broadcast

VLAN 10 76 172.20.97.0/25 172.20.97.1 172.20.97.126 172.20.97.127
VLAN 20 127 172.20.96.0/24 172.20.96.1 172.20.96.254 172.20.96.255
VLAN 88 4 172.20.97.144/29 172.20.97.145 172.20.97.150 172.20.97.151
Auditors 7 172.20.97.128/28 172.20.97.129 172.20.97.142 172.20.97.143
ISP Lo 0 2 10.1.1.0 /30 10.1.1.1 10.1.1.2 10.1.1.3
64
mora logirati.
Switchevima dodijelite IP adrese i adresu default-gateway-a za to se posluite s VLAN-om 10 prve 3

adrese za switcheve. (VLAN 10 nije native VLAN u zadatku toga VLAN-a nema).
Switch S3 je VTP server, domena Lab73, password cisco. Switchevi S1 i S2 su VTP klijenti.
Na VTP serveru konfigurirajte VLAN-ove (10, 20 i 88), provjerite da li su VTP klijenti preuzeli konfiguracije.
Raspored portova na switchevima:

S1 nema nema nema F 0/1 - 5
S2 F 0/11 - 17 F 0/18 - 24 F 0/7 F 0/1 - 4
S3 nema nema nema Fa 0/1 - 4
Konfigurirajte Rapid spaning-tree protokol na switchevima, S3 je root za VLAN 10 i 88.
Konfiguracija rutera R1:
napravite sigurnosne postavke na ruteru: hostname (prema shemi), onemoguiti dns-lookup, banner
(class), postaviti konzolni password (cisco) - korisnik se mora logirati, postaviti vty password (cisco) -
korisnik se mora logirati.
Konfigurirajte suelja rutera tako da ruter osigura inter-VLAN routing za sve VLAN-ove (10, 20 i 88).
Koristite zadnje adrese iz mrea.
ruterima pristupite s ianom vezom s PC1 na Ethernet port rutera,

podesite ruter WRS2 za bezinu mreu:
SSID: Auditor, security mode: WEP, encription: 40/64 bita, Key: 1234567890,
"Internet veza rutera" sa switchem S2: mrea VLAN 88, ruter ima statiku adresu prvu iz VLAN-a 88.
Adresa bezine mree za koju je ruter Access point: Auditor ruter e imati prvu adresu,
dodjela IP adresa bezinim klijentima: s pomou DHCP-a, preostalih 6 adresa.
65
"iani" klijenti: adrese su statike, one koje su raspoloive,
PROVJERA RADA:
Rad mree provjerite s pinganjem, svi klijenti moraju pingati Loopback interface Lo 0 i moraju se pingati meusobno.
OPIS PROCEDURA:
66
LAB 7.4: PRIMJENA BEZINE MREE SLOENIJI SLUAJ (SUBNETIRANJE, VLAN-OVI, STP, VTP,
WIRELESS LAN, INTER-VLAN ROUTING, ROUTING PROTKOL)
TOPOLOGIJA:
ZADATAK:
mrea. Za switcheve u ruterskoj grupi rutera R2 konfigurirajte VTP (server i klijente), STP i bezini ruter. Ruter R2 mora osigurati
komunikaciju svih svojih mrea. Za rutersku grupu rutera R1 konfigurirajte VLAN-ove. R1 mora osigurati komunikaciju svih svojih
VLAN-ova. Na ruterima R2 i R1 konfigurirajte routing protokol EIGRP. Ruter R2 ima defaultnu rutu do ISP-a koju prosljeuje
ruteru R1. Konfigurirajte sve klijente. Provjerite rad mree s pinganjem.
67
SUBNETIRANJE:
Zadana je mrea: 172.17.64.0/22 koju s subnetiranjem podijelite tako da zadovoljite potrebe svih mrea (osim mrea zadanih na
skici).

VLAN 10 60
VLAN 20 499
VLAN 30 26
VLAN 40 10
VLAN 50 105
VLAN 60 222
R1-R2 2
R2-ISP 2 209.165.200.8/30
Auditors 16 192.168.99.32/27
ISP LAN 136 209.165.222.0/24
Switchevi ruterske grupe rutera R2:
Switchevima dodijelite IP adrese i adresu default-gateway-a za to se posluite s VLAN-om 10

prve 3 adrese za switcheve. (VLAN 10 nije native VLAN u zadatku toga VLAN-a nema).
Na VTP serveru konfigurirajte VLAN-ove (10, 20, 30 i 40), provjerite da li su VTP klijenti preuzeli
konfiguracije.
Switch VLAN 10 VLAN 20 VLAN 30 VLAN 40 trunk

S1 nema nema nema nema F 0/1 - 4
S2 F 0/11 - 17 F 0/18 - 24 Fa0/6-10 F 0/5 F 0/1 - 4
S3 nema nema nema nema Fa 0/1 - 5
68
Switch ruterske grupe rutera R1:
Switchu dodijelite IP adresu i adresu default-gateway-a za to se posluite s VLAN-om 60 prva

adresa za switch. (VLAN 60 nije native VLAN u zadatku toga VLAN-a nema).

S4 Fa0/3-12 Fa0/13-22 F 0/1 - 2

Konfigurirajte suelja rutera tako da ruteri osiguravaju inter-VLAN routing za sve svoje VLAN-ove. Koristite zadnje
adrese iz mrea.
Routing protokoli: na ruterima R1 i R2 konfigurirajte routing protokol EIGRP proces id 9 tako da:
Ruter R2: oglaava sve svoje VLAN-ove i serijski link do R1. R2 ima defaultnu rutu do ISP-a koju u
EIGRP-u prosljeuje ruteru R1.
Ruter R1: oglaava sve svoje VLAN-ove i serijski link do R2,
ISP: ima statiku rutu do rutera R2.
SSID: U2, security mode: WEP, encription: 40/64 bita, Key: 1234567890,
Adresa bezine mree za koju je ruter Access point: ruter e imati prvu adresu,
dodjela IP adresa bezinim klijentima: s pomou DHCP-a, adresni raspon kao na skici.

bezini klijenti: dohvat IP adrese je preko DHCP-a (kao u shemi).
PROVJERA RADA:
Rad mree provjerite s pinganjem i s dohvatom WWW/FTP servera na ISP-u.
OPIS PROCEDURA:
69
8. OBJEDINJENI LABOVI
LAB: 8.1 SWITCHING, WIRELESS, ROUTING - KOMBINIRANO
TOPOLOGIJA:
ZADATAK:
mrea. Za switcheve u svakoj od ruterskih grupa (R2 i R1) konfigurirajte VTP (server i klijente) i STP. U ruterskoj grupi rutera R2
konfigurirajte i bezini ruter. Svaki ruter mora svojoj grupi osigurati inter-VLAN routing.
Na ruterima R1 i R2 konfigurirajte i routing protokol OSPF id 5 area 0 tako da je osigurana komunikacija svih VLAN-ova iz obadvije
ruterske grupe.
Ruter R2 ima defaultnu rutu do ISP-a (do WWW/FTP servera) koju mora proslijediti svojemu susjedu (R1).
Svi klijenti moraju moi dohvatiti Eagle server (WWW) i moi downloadati datoteke s pomou FTP-a.
70
SUBNETIRANJE:
Zadana je mrea: 172.18.64.0/21 koju s subnetiranjem podijelite tako da zadovoljite potrebe svih mrea (osim mrea zadanih na
skici).

VLAN 10 399
VLAN 20 499
VLAN 2 5
VLAN 60 110
VLAN 70 105
VLAN 80 64
R1-R2 2
R2-ISP 2 209.165.200.16/30
Auditors 14 192.168.100.0/28
ISP LAN 25 121.121.121.32/27
Switchevima dodijelite IP adrese i adresu default-gateway-a za to se posluite s VLAN-om 10 prve 3 adrese za

switcheve. (VLAN 10 nije native VLAN u zadatku toga VLAN-a nema).
Na VTP serveru konfigurirajte VLAN-ove (10, 20, i 2), provjerite da li su VTP klijenti preuzeli
konfiguracije.

S2 F 0/11 - 17 F 0/18 - 24 Fa0/5-6 F 0/1 - 4
71
Switchevima dodijelite IP adrese i adresu default-gateway-a za to se posluite s VLAN-om 80

prve 3 adrese za switcheve. (VLAN 80 nije native VLAN u zadatku toga VLAN-a nema).
Na VTP serveru konfigurirajte VLAN-ove (60, 70 i 80), provjerite da li su VTP klijenti preuzeli
konfiguracije.

S2 F 0/11 - 17 F 0/18 - 24 Fa0/5-10 F 0/1 - 4

Konfigurirajte suelja rutera tako da ruteri osiguravaju inter-VLAN routing za sve svoje VLAN-ove. Koristite zadnje
adrese iz mrea.
Routing protokoli: na ruterima R1 i R2 konfigurirajte routing protokol OSPF id 5 area 0 tako da:
Ruter R2: oglaava sve svoje VLAN-ove i serijski link do R1. R2 ima defaultnu rutu do ISP-a koju u
OSPF-u prosljeuje ruteru R1.
Ruter R1: oglaava sve svoje VLAN-ove i serijski link do R2,
ISP: ima statiku rutu do rutera R2.
SSID: Auditors, security mode: WEP, encription: 40/64 bita, Key: 1234567890,
Adresa bezine mree za koju je ruter Access point (u skici): ruter e imati prvu adresu,
dodjela IP adresa bezinim klijentima: s pomou DHCP-a, adresni raspon kao na skici.
bezini klijenti: dohvat IP adrese je preko DHCP-a (kao u shemi).
72
PROVJERA RADA:
Rad mree provjerite s pinganjem i s dohvatom WWW/FTP servera na ISP-u.
S PC1 telnetirajte se redom na switcheve ruterske grupe rutera R2 (S1, S2, S3) i ruter R2, pohranite njihove tekue
konfiguracije na TFTP server u VLAN-u 80.
S PC3 isto uinite za switcheve ruterske grupe rutera R1i ruter R1.
S PC1 i PC3 "dohvatite" Eagle server i upotrebom FTP-a downloadajte 2 datoteke na lokalni disk (po jednu na svako
raunalo).
OPIS PROCEDURA:
73
LAB: 8.2 SWITCHING, WIRELESS, ROUTING - KOMBINIRANO
TOPOLOGIJA:
ZADATAK:
mrea.
U grupi svakoga rutera konfigurirajte VTP (server i klijente) i STP za tu grupu, a za grupu rutera R3 konfigurirajte uz VTP i STP i
bezini ruter.
Na ruterima R1, R2 i R3 konfigurirajte routing protokol RIP v.2. Ruter R2 mora osigurati komunikaciju svih unutarnjih mrea s ISP-
om (omoguiti dohvat podataka s WWW servera Eagle).
Konfigurirajte sve klijente.
Provjerite rad mree s pinganjem.
74
SUBNETIRANJE:
Zadana je mrea: 172.20.96.0/21 koju s subnetiranjem podijelite tako da zadovoljite potrebe svih mrea (osim ISP-a koji je
predstavljen s zadanom adresom na Loopback suelju rutera)

VLAN 10 900
VLAN 11 110
VLAN 20 470
VLAN 22 55
VLAN 30 220
VLAN 33 27
VLAN 88 2
Bezina 12
R1-R2 2
R1-R3 2
R2-R3 2
R2-ISP 2 209.165.201.64/30
WWW svr. 150 210.210.210.0/24
75
mora logirati.
Switchevi ruterske grupe R1:
switchevima dodijelite IP adrese i adresu default-gateway-a za to se posluite s VLAN-om 10

prve 2 adrese za switcheve. (VLAN 10 nije native VLAN u zadatku toga VLAN-a nema),
S1 je VTP server grupe, domena R1, password cisco,
na VTP serveru konfigurirajte VLAN-ove (10 i 11), provjerite da li je S11 preuzeo konfiguraciju,
raspored portova je:
S1: Fa0/1-3 za trunk,
S11: Fa0/1-2 za trunk, Fa0/5-12 za VLAN 10, Fa0/13-22 za VLAN 11,
STP - Rapid: S11 je root bridge za VLAN 10 i 11.

na VTP serveru konfigurirajte VLAN-ove (20 i 22), provjerite da li je S22 preuzeo konfiguraciju,
S22: Fa0/1-2 za trunk, Fa0/5-12 za VLAN 20, Fa0/13-22 za VLAN 22,
STP - Rapid: S22 je root bridge za VLAN 20 i 22.

na VTP serveru konfigurirajte VLAN-ove (30. 33 i 88), provjerite da li je S33 preuzeo konfiguraciju,
76
S33: Fa0/1-2 za trunk, Fa0/3-4 za VLAN 88, Fa0/5-12 za VLAN 30, Fa0/13-22 za VLAN 33,
STP - Rapid: S33 je root bridge za VLAN 30, 33 i 88.

napravite sigurnosne postavke na ruterima: hostname (prema shemi), onemoguiti dns-lookup, banner (poruka ne smije
Konfigurirajte suelja rutera tako da svaki ruter osigura inter-VLAN routing za sve VLAN-ove svoje grupe. Koristite zadnje
adrese iz mrea.
Routing protokol: RIP v.2 tako da:
R1: objavljuje sve svoje mree,
R3: objavljuje sve svoje mree,
R2: objavljuje sve mree osim serijskoga linka do ISP-a, ima defaultnu rutu do ISP-a koju u RIP updateu prosljeuje
ruterima R1 i R3,
ISP: ima samo statiku rutu do R2 s kojom vraa promet unutarnjim mreama (tono tima koje su inicirale promet!).
Provjerite sadraj routing tablice svakoga rutera.
podesite ruter WRS2 za bezinu mreu:
SSID: Auditor, security mode: WEP, encription: 40/64 bita, Key: 1234567890,
Adresa bezine mree za koju je ruter Access point( Auditor) ruter e imati prvu adresu,
dodjela IP adresa bezinim klijentima: s pomou DHCP-a, preostalih 13 adresa.

PROVJERA RADA:
Rad mree provjerite s pinganjem, svi klijenti moraju se pingati meusobno i moraju moi dohvatiti Eagle server.
Po jedan klijent iz svake ruterske grupe pokree Internet preglednik (koji ve ima) i s pomou FTP-a kopira s Eagle
servera po jednu datoteku iz /public mape na svoj disk.
OPIS PROCEDURA:
77
9. NAREDBE ZA KONFIGURACIJU SWITCH-A I ROUTER-A

Osnovni i privilegirani mod:
Router>user mode reload - reset ureaja
Router>enable - prelazak u privilegirani mod exit - povratak mod ispod
Router #disable - prelazak u osnovni mod end - povratak privilegirani mod
Router #configure terminal - ulazak u konfiguracijski mod
Router (config)#
Ponitavanje odluke veine naredbi -> samo ispred rije: no
Pregled i spremanje konfiguracija:

show running-config - pregled konfiguracije u radu - RAM
show startup-config - pregled snimljene konfiguracije - NVRAM
copy running-config_ili_tftp startup-config_ili_tftp snimanje konfig.
copy startup-config_ili_tftp running-config_ili_tftp osvjeavanje konfig.
erase startup-config - brisanje konfiguracije iz NVRAM-a
Neke show komande:

show version show flash show interfaces [interface] show inetrfaces trunk
show arp show ip route show ip interfaces [brief] show controllers
show cdp show cdp neighbors show vlan [brief] show spanning-tree
show mac-address-table show ip nat translations
Router modovi: Korisniki mod Router> Privilegirani mod - Sve show komande, ping, traceroute, telnet: Router #
Konfiguracijski mod: Router (config)# interface mode za podeavanje interfacea: Router (config-if)#
Line mode za podeavanje lozinki telnet linija i konzole: Router (config-line)#
Router mode za podeavanje dinamiko routing procesa: Router (config-router)#
Ukljuivanje cdp opcije (default ukljuena): Router (config)#cdp run
Ukljuivanje opcije prevoenja imena koje nije naredba (default ukljueno) -
Router (config)#ip domain-lookup
Postavljanje pozdravne poruke: R(config)#banner motd # napisani_tekst # delimiter

Podeavanje imena ureaja: R(config)#hostname ime_routera
Podeavanje pristupa konzoli:
(config)#line console 0 -za sve linije konzole
(config-line)#password cisco -postavi lozinku
(config-line)#login -pitaj kada se spojim
(config-line)#logging synchronous -ne iskai i lomi naredbe
(config-line)#exec-timeout min [sec] -kada prekine vezu sa term
Podeavanje pristupa telnetom:
(config)#line vty 0 max_linija_sa_? -za sve telnet linije
(config-line)#password cisco -postavi lozinku
(config-line)#login -pitaj kada se spojim
(config-line)#logging synchronous -ne iskai i lomi naredbe
(config-line)#exec-timeout min [sec] -kada prekine vezu sa term
Podeavanje lozinki za pristup privilegiranom modu:
(config)#enable password class -postavi enable lozinku ili
(config)#enable secret cisco -postavi je enkriptiranu
Podeavanje interface:
(config)#interface type slot/port(eventualno /sub) -npr. fa 0/0
(config-if)#ip address ip_adresa maska
(config-if)#clockrate iznos - ako je serial interface DCE strana
(config-if)#description opis_interfacea
(config-if)#no shutdown - podizanje interface , suprotno shutdown
Statiko usmjeravanje na next hop ip i/ili izlazni interface (interf. radi samo na point-to-point i null0)
(config)#ip route mrea_rutamo maska_rutamo next_hop_ip
(config)#ip route mrea_rutamo maska_rutamo izlazni_intf
(config)#ip route mrea_rutamo maska_rutamo next_ip intf
Dodavanje default route (gtw of last resort)
(config)#ip route 0.0.0.0 0.0.0.0 next_hop_ip
(config)#ip route 0.0.0.0 0.0.0.0 izlazni_intf
(config)#ip route 0.0.0.0 0.0.0.0 next_hop_ip izlazni_intf
78
RIP v1 i v2
(config)#router rip
(config-router)#network direktno_spojena_mrea_koju_oglaavamo
(config-router)#passive-interface intf_na_koji_ne_aljem_rip
(config-router)#default-information originate -alji def rutu
(config-router)#redistribute static <- poalji stat rute
(config-router)#version 1_ili_2
(config-router)#auto-summary - def. Ukljueno
EIGRP
(config)#router eigrp broj_procesa_ili_AS-a
(config-router)#network direktna_mrea [ wildcard_mree ]
(config-router)#passive-interface intf_na_koji_ne_aljem_eigrp
(config-router)#redistribute static <- poalji stat rute
(config-router)#auto-summary - def. Ukljueno
(config-if)#bandwith iznos pazi na suelju ne na routeru!
(config-if)#ip hello-interval eigrp broj_procesa iznos_sekunde
(config-if)#ip dead-interval eigrp broj_procesa iznos_sekunde
(config-if)#ip summary-address eigrp AS_broj mrea maska na svim ostalim sueljima
OSPF
(config)#router ospf broj_procesa
(config-router)#network direktna_mrea wildcard_mree area broj_area
(config-router)#passive-interface intf_na_koji_ne_aljem_ospf
(config-router)#default-information originate
(config-router)#router id ip_adresa_za_izbor <- namjetanje max ip za izbor dr ili bdr
(config-router)#auto-cost reference-bandwidth iznos - promjena ref. Bandwith za ospf
(config-if)#ip ospf priority 0_do_255 prioritet suelja za izbor dr i bdr
(config-if)#bandwith iznos pazi na suelju ne na routeru!
(config-if)#ip ospf cost iznos isto kao prethodna naredba ali direktno postavlja bez raunanja!
(config-if)#ip ospf hello-interval iznos_sekunde
(config-if)#ip ospf dead-interval iznos_sekunde
#clear ip ospf process resetiranje stanja ospf procesa (elekcija dr i brd)
Manipulacija sa portovima na switch-u

(config)#interface range tip broj broj (fa 0/1 24)
(config-if)#shutdown
(config-if)#switchport mode access
(config-if)#switchport access vlan broj dodjela porta VLAN-u
(config-if)#switchport port-security mac-address sticky zapii dinamiku adresu
(config-if)#switchport port-security maximum broj max. broj MAC adresa po portu
(config-if)#switchport port-security violation protect ili restrict ili shutdown
Postavljanje trunka na switchu
(config-if)#switchport mode trunk
(config-if)#switchport trunk native vlan broj_vlan-a
(config-if)#switchport trunk encapsulation dot1q_ili_isl ako je trunk u automodu
Manipulacija sa MAC adresama
(config)#mac-address-table static mac_adresa vlan broj_vlan interface tip broj
Podeavanje IP adrese za VLAN-a na switchu
(config)#interface vlan broj_VLAN
(config-if)#ip address ip_adresa maska
(config-if)#no shutdown - podizanje interface
(config)#ip default-gateway adresa - izlaz van za switch
Stvaranje VLAN-a na switchu
(config)#vlan broj_VLAN
(config-vlan)name ime_vlan-a
(config-vlan)#exit
VTP
(config)#vtp mode server_ili_client_ili_tranparent
(config)#vtp domain ime_domene
(config)#vtp password cisco
Spanning-tree
(config)#spanning-tree vlan brpj_vlan-a priority prioritet 0-62440(korak:4096)
(config-if)#spanning-tree portfast
Konfiguracija trunk na routeru
(config)#interface type slot/port.broj_vlan (fa 0/0.10 )
79
(config-subif)#encapsulation dot1q_ili_isl broj_vlan native native ide samo za management vlan
(config-subif)#ip address mrena_adresa mrena_maska no shutdown na fizikom suelju, ne ovdje!
80

III Semestar Swching

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

III Semestar Swching

Caricato da

Copyright:

Formati disponibili

CCNA Exploration 4.

1. SWITCH PREGLED STANJA, PASSWORD RECOVERY, IOS RECOVERY

LAB 1.1: PREGLED STANJA SWITCHA

ROM: Bootstrap program is C2960 boot loader

Switch uptime is 3 minutes

64K bytes of flash-simulated non-volatile configuration memory.

Switch Ports Model SW Version SW Image

Configuration register is 0xF

SWITCH#SHOW VLAN (NA SWITCU NEMA KREIRANIH VLAN-OVA)

SWITCH#SHOW VLAN (NA SWITCHU SU KREIRANI VLAN-OVI I PRIDRUENI SU IM PORTOVI)

SWITCH#SHOW IP INTERFACE VLAN 99

SWITCH#SHOW IP INTERFACE BRIEF

SWITCH#SHOW INTERFACE FASTETHERNET 0/18

32514048 bytes total (24798720 bytes free)

SWITCH#DIR FLASH: (ILI SHOW FLASH:)

SWITCH#SHOW FLASH (KAO I DIR FLASH:)

6 drwx 4480 Mar 1 1993 00:04:26 +00:00 html

32514048 bytes total (24801792 bytes free)

SWITCH#SHOW INTERFACE TRUNK

Port Vlans allowed on trunk

Port Vlans allowed and active in management domain

Port Vlans in spanning tree forwarding state and not pruned

Port Vlans in spanning tree forwarding state and not pruned

LAB: 1.2 SWITCH PASSWORD RECOVERY PROCEDURE

PASSWORD RECOVERY PROCEDURE STEP-BY-STEP

LAB: 1.3 SWITCH IOS RECOVERY PROCEDURE

Hyperterminal software used in Microsoft Operating Systems.

PROBLEM ERROR LOADING FLASH MESSAGE

1. Unplug the power cable.

Error loading "flash:c2900XL-h2s-mz-120.5-XP.bin"

Interrupt within 5 seconds to abort boot process.

189 -rwx 856 <date> vlan.dat

(SECTION B) COPY A NEW SOFTWARE IMAGE FROM ROM MONITOR

(BEGIN XMODEM DOWNLOAD ON TERMINAL SOFTWARE NOW)

File "xmodem:" successfully copied to "flash:c3500XL-c3h2s-mz.120-

(SECTION C) CHANGE AND VERIFY BOOT CONFIGURATION

Config file: Flash:config.text E

NVRAM / Config file

buffer size: 32768

189 -rwx 856 <date> vlan.dat

LAB 1.4: ODREIVANJE OKOLINE SWITCHA

SWITCH#SHOW CDP NEIGHBORS

2. OSNOVNA KONFIGURACIJA SWITCH-A

LAB 2.1: OSNOVNA KONFIGURACIJA SWITCH-A S SIGURNOSNIM POSTAVKAMA, IP ADRESE

PROVJERA RADA MREE:

odredite koje je MAC adrese switch "nauio",

1. BRISANJE STARTUP KONFIGURACIJE I RELOAD SWITCH-A

Use, duplication, or disclosure by the Government is

32K bytes of flash-simulated non-volatile configuration memory.

Cisco Internetwork Operating System Software

Press RETURN to get started!

2. OSNOVNA KONFIGURACIJA I SIGURNOSNE POSTAVKE SWITCHA

3. IP ADRESA SWITCH-A I DEFAULT-GATEWAY SWITCH-A

4. PROVJERA UINJENOGA NA SWITCHU

S1#show mac-address-table dynamic

LAB 2.2: KONFIGURACIJA SWITCHA STATIKE MAC ADRESE I PORT SECURITY

Konfigurirajte suelja Fa0/0 i Fa 0/1 prema shemi.

Konfigurirajte mrene adrese klijenata i default-gateway prema skici.

PROVJERA RADA MREE:

OPIS PROCEDURA: PRIKAZUJEMO SAMO STATIKU DODJELU MAC ADRESA I PORT-SECURITY

1. STATIKA DODJELA MAC ADRESE PORTU NA SWITCHU

S1#sh mac-address table

2. PORT SECURITY DEFINIRANJE MAKSIMALNOGA BROJA DOZVOLJENIH "POZNATIH" ADRESA, NAIN

S1#sh port-security int fa 0/6