YOUR TASK Configuration tasks Configuration Tasks Configure OSPF Use the following values to configure OSPF on the routers: • Configure Merida with the OSPF router ID of 10.10.10.1. • Configure Vargas with the OSPF router ID of 10.10.10.2. • Configure OSPF on Merida and Vargas. • Configure OSPF so only the following 172.16.0.0 subnets will be routed. In other words, if another 172.16.0.0 interface were enabled on Merida or Vargas, such as 172.16.3.0/24, those subnets would not be propagated with OSPF. The only 172.16.0.0 subnets to be routed are: - 172.16.1.0/24 - 172.16.10.0/24 - 172.16.20.0/24 - 172.16.100.0/30 • Apply OSPF cost values to reflect the actual 64k link between Merida and Vargas. Configure OSPF Authentication Authenticate OSPF packets between Merida and Vargas using MD5 encryption. Configure a Default Route Configure a default route to the Internet on the Merida router and propagate the default route to Vargas using OSPF. VLAN Configuration on Vargas Configure the Vargas Fa0/0 interface to trunk for VLAN 1, VLAN 10, and VLAN 20 with 802.1Q encapsulation. Basic Switch Configuration Use the following IP addresses to configure the switches: • Configure Switch 1 with the VLAN 1 IP address of 172.16.1.2/24. • Configure Switch 2 with the VLAN 1 IP address of 172.16.1.3/24. • Configure both switches with the default gateway address of 172.16.1.1. Configure VLANs on the Switches Use the following values to configure VLANs on Switch 1: - On Switch 1 configure the interfaces Fa0/5 and Fa0/6 on VLAN 10. - On Switch 1 configure the interfaces Fa0/7 and Fa0/8 on VLAN 20. - All other interfaces on Switch 1 are in VLAN1. Use the following values to configure VLANs on Switch 2: - On Switch 2 configure the interfaces Fa0/5 and Fa0/6 on VLAN 10. - On Switch 2 configure the interfaces Fa0/7 and Fa0/8 on VLAN 20. The solution and full-test script are on this rapidshare link as they are too big to post here sorry Topology graphic below http://server6.theimagehosting.com/image.php?img=ccna3.gif MY SOLUTION //MERIDA CONFIG enable configure terminal ip route 0.0.0.0 0.0.0.0 192.168.1.1 router ospf 1 log-adjacency-changes area 0 authentication message-digest default-information originate ospf router-id 10.10.10.1 network 172.16.1.0 0.0.0.255 area 0 network 172.16.10.0 0.0.0.255 area 0 network 172.16.20.0 0.0.0.255 area 0 network 172.16.100.0 0.0.0.3 area 0 exit interface serial0/0 clock rate 64000 ip address 172.16.100.1 255.255.255.252 ip ospf message-digest-key 1 md5 8 bandwith 64 no shutdown exit interface loopback 0 ip address 10.10.10.1 255.255.255.255 exit interface fastethernet0/0 ip address 192.168.1.2 255.255.255.0 exit //VARGAS CONFIG enable configure terminal router ospf 1 log-adjacency-changes area 0 authentication message-digest ospf router-id 10.0.0.2 network 172.16.100.0 0.0.0.3 area 0 network 172.16.1.0 0.0.0.255 area 0 network 172.16.10.0 0.0.0.255 area 0 network 172.16.20.0 0.0.0.255 area 0 exit interface serial0/0 clock rate 64000 ip address 172.16.100.2 255.255.255.252 ip ospf message-digest-key 123 md5 8 bandwith 64 no shutdown exit interface loopback 0 ip address 10.10.10.2 255.255.255.255 exit interface fastethernet0/0 ip address 172.16.1.1 255.255.255.0 interface fastethernet0/0.1 encapsulation dot1q 1 ip address 172.16.1.1 255.255.255.0 interface fastethernet0/0.2 encapsulation dot1q 10 ip address 172.16.10.1 255.255.255.0 interface fastethernet0/0.3 encapsulation dot1q 20 ip address 172.16.20.1 255.255.255.0 end // Switch 1 enable configure terminal interface VLAN 1 ip address 172.16.1.2 255.255.255.0 exit configure terminal ip default-gateway 172.16.1.1 exit configure terminal vlan database vtp domain cisco vtp server vlan 1 name default vlan 10 name Faculty vlan 20 name Student exit configure terminal interface fastethernet0/5 switchport mode access switchport access vlan 10 port security max-mac-count 1 port security action shutdown exit configure terminal interface fastethernet0/6 switchport mode access switchport access vlan 10 port security max-mac-count 1 port security action shutdown exit configure terminal interface fastethernet0/7 switchport mode access switchport access vlan 20 port security max-mac-count 1 port security action shutdown exit configure terminal interface fastethernet0/8 switchport mode access switchport access vlan 20 port security max-mac-count 1 port security action shutdown exit configure terminal interface fastethernet0/1 switchport mode trunk exit configure terminal interface fastethernet0/2 switchport mode trunk exit // Switch 2 enable configure terminal interface VLAN 1 ip address 172.16.1.3 255.255.255.0 exit configure terminal ip default-gateway 172.16.1.1 exit configure terminal vlan database vtp domain cisco vtp server vlan 1 name default vlan 10 name Faculty vlan 20 name Student exit configure terminal interface fastethernet0/5 switchport mode access switchport access vlan 10 port security max-mac-count 1 port security action shutdown exit configure terminal interface fastethernet0/6 switchport mode access switchport access vlan 10 port security max-mac-count 1 port security action shutdown exit configure terminal interface fastethernet0/7 switchport mode access switchport access vlan 20 port security max-mac-count 1 port security action shutdown exit configure terminal interface fastethernet0/8 switchport mode access switchport access vlan 20 port security max-mac-count 1 port security action shutdown exit configure terminal interface fastethernet0/1 switchport mode trunk exit configure terminal interface fastethernet0/2 switchport mode trunk exit Configure OSPF Use the following values to configure OSPF on the routers: • Configure Merida with the OSPF router ID of 10.10.10.1. • Configure Vargas with the OSPF router ID of 10.10.10.2. • Configure OSPF on Merida and Vargas. • Configure OSPF so only the following 172.16.0.0 subnets will be routed. In other words, if another 172.16.0.0 interface were enabled on Merida or Vargas, such as 172.16.3.0/24, those subnets would not be propagated with OSPF. The only 172.16.0.0 subnets to be routed are: - 172.16.1.0/24 - 172.16.10.0/24 - 172.16.20.0/24 - 172.16.100.0/30 • Apply OSPF cost values to reflect the actual 64k link between Merida and Vargas. Configure OSPF Authentication Authenticate OSPF packets between Merida and Vargas using MD5 encryption. Configure a Default Route Configure a default route to the Internet on the Merida router and propagate the default route to Vargas using OSPF. VLAN Configuration on Vargas Configure the Vargas Fa0/0 interface to trunk for VLAN 1, VLAN 10, and VLAN 20 with 802.1Q encapsulation. Basic Switch Configuration Use the following IP addresses to configure the switches: • Configure Switch 1 with the VLAN 1 IP address of 172.16.1.2/24. • Configure Switch 2 with the VLAN 1 IP address of 172.16.1.3/24. • Configure both switches with the default gateway address of 172.16.1.1. Configure VLANs on the Switches Use the following values to configure VLANs on Switch 1: - On Switch 1 configure the interfaces Fa0/5 and Fa0/6 on VLAN 10. - On Switch 1 configure the interfaces Fa0/7 and Fa0/8 on VLAN 20. - All other interfaces on Switch 1 are in VLAN1. Use the following values to configure VLANs on Switch 2: - On Switch 2 configure the interfaces Fa0/5 and Fa0/6 on VLAN 10. - On Switch 2 configure the interfaces Fa0/7 and Fa0/8 on VLAN 20. - All other interfaces on Switch 2 are in VLAN 1. Configure VLAN Trunking Use the following values to configure VLAN trunking on Switch 1 and 2: • Configure trunking between Switch 1 and Switch 2 with 802.1Q encapsulation using port Fa0/1 on both switches. • Configure Switch 1 for trunking between Switch 1 and Vargas with 802.1Q encapsulation using port Fa0/2. (I believe this is a misprint! If you examine the diagram, it is obvious that this relates to Switch 2, not Switch 1) Configure VTP Use the following values to configure VTP on Switch 1 and 2: • Configure both Switch 1 and Switch 2 as part of VTP domain Group1. • Configure Switch 1 as the VTP server and Switch 2 as the VTP client. - Create VLAN 10 with the name faculty. - Create VLAN 20 with the name student. Configure Switch Port Security Configure port security on ports Fa0/5 through Fa0/8 to allow only one host, if the port security is violated then shutdown the port. Verify Port Security Use the proper show command to verify the following port security settings: • Port security is enabled • Port status • Maximum MAC addresses Verify Connectivity All routers and switches should be able to ping the interfaces of the other devices. Merida Router Configure consoles and serial / Ethernet interfaces: config t hostname Merida enable secret cisco line con 0 password cisco login exec-timeout 0 0 line vty 0 4 password cisco login exit interface fa0/0 ip address 192.168.1.1 255.255.255.0 no shutdown interface s0 ip address 172.16.100.1 255.255.255.252 clock rate 56000 no shutdown exit Configure loopback address: interface loopback 0 ip address 10.10.10.1 255.255.255.255 exit copy running-config startup-config Configure OSPF: router ospf 50 network 172.16.100.0 0.0.0.3 area 0 log-adjacency-changes exit exit ping 192.168.1.1 Configure bandwidth: interface s0 bandwidth 64 Configure authentication: config t int s0 ip ospf message-digest-key 1 md5 fred router ospf 50 area 0 authentication message-digest Configure default route: ip route 0.0.0.0 0.0.0.0 fa0/0 router ospf 50 default-information originate exit exit Vargas Router Configure consoles and serial interface: config t hostname Vargas enable secret cisco line con 0 password cisco login exec-timeout 0 0 line vty 0 4 password cisco login exit interface s0 ip address 172.16.100.2 255.255.255.252 no shutdown copy running-config startup-config Configure loopback address: interface Loopback 0 ip address 10.10.10.2 255.255.255.255 exit Configure OSPF: router ospf 50 network 172.16.1.0 0.0.0.255 area 0 network 172.16.10.0 0.0.0.255 area 0 network 172.16.20.0 0.0.0.255 area 0 network 172.16.100.0 0.0.0.3 area 0 log-adjacency-changes exit exit Configure bandwidth: interface s0 bandwidth 64 Configure authentication: config t int s0 ip ospf message-digest-key 1 md5 fred router ospf 50 area 0 authentication message-digest Configure VLAN trunk: interface fa0/0 no ip address no shutdown interface fa0/0.1 encapsulation dot1q 1 ip address 172.16.1.1 255.255.255.0 interface fa0/0.10 encapsulation dot1q 10 ip address 172.16.10.1 255.255.255.0 interface fa0/0.20 encapsulation dot1q 20 ip address 172.16.20.1 255.255.255.0 Switch 1 Configure consoles: config t hostname Switch1 enable secret cisco line con 0 password cisco login exec-timeout 0 0 line vty 0 15 password cisco login Configure layer 3 access to switch: interface vlan 1 ip address 172.16.1.2 255.255.255.0 no shutdown exit ip default-gateway 172.16.1.1 Set switch as server and create / name VLANs: vlan database vtp domain group1 vtp server vlan 10 name Faculty vlan 20 name Student exit Configure trunking on fa0/1 (2950 series switch): interface fa0/1 switchport mode trunk (add - switchport trunk encapsulation dot1q - for 2900 series switches) exit Assign ports to VLANs: interface fa0/5 switchport mode access switchport access vlan 10 switchport port-security switchport port-security maximum 1 switchport port-security violation shutdown interface fa0/6 switchport mode access switchport access vlan 10 switchport port-security switchport port-security maximum 1 switchport port-security violation shutdown interface fa0/7 switchport mode access switchport access vlan 20 switchport port-security switchport port-security maximum 1 switchport port-security violation shutdown interface fa0/8 switchport mode access switchport access vlan 20 switchport port-security switchport port-security maximum 1 switchport port-security violation shutdown Verify port security: show port-security Switch2 Configure consoles: config t hostname Switch2 enable secret cisco line con 0 password cisco login exec-timeout 0 0 line vty 0 15 password cisco login Configure layer 3 access to switch: interface vlan 1 ip address 172.16.1.3 255.255.255.0 no shutdown exit ip default-gateway 172.16.1.1 Set switch as client and create / name VLANs: vlan database vtp domain group1 vtp client vlan 10 name Faculty vlan 20 name Student exit Configure trunking on fa0/1 and fa0/2 (2950 series switch): interface fa0/1 switchport mode trunk (add - switchport trunk encapsulation dot1q - for 2900 series switches) interface fa0/2 switchport mode trunk (add - switchport trunk encapsulation dot1q - for 2900 series switches) exit Assign ports to VLANs: interface fa0/5 switchport mode access switchport access vlan 10 switchport port-security switchport port-security maximum 1 switchport port-security violation shutdown interface fa0/6 switchport mode access switchport access vlan 10 switchport port-security switchport port-security maximum 1 switchport port-security violation shutdown interface fa0/7 switchport mode access switchport access vlan 20 switchport port-security switchport port-security maximum 1 switchport port-security violation shutdown interface fa0/8 switchport mode access switchport access vlan 20 switchport port-security switchport port-security maximum 1 switchport port-security violation shutdown Verify port security: show port-security