The latest lab requirements gave you some details about what to configure for IPv4 addresses on some switches. Check out the problem statement post for the rules; this post just lists the answers.

This lab did not give you the specific IP addresses to configure, but it gave enough info for you to derive the IP addresses for both switches, and to derive the IP address of the router. This first section of the post details that bit of math.

First, as a reminder, here’s the LAN topology:

Figure 1 – Lab Topology

For the one subnet/VLAN in this lab, you were to use the highest three IP addresses for the network devices: the highest for R1, the next highest for SW1, and the next highest for SW2. The problem statement also listed the subnet ID (192.168.1.0/27), so all you have to do is a normal problem of finding all the addresses in the subnet, find the 3 numerically highest numbers, and use those.

In this case, subnet 192.168.1.0/27 includes these numbers:

The configuration steps will also require that you configure the subnet mask as a dotted decimal number, so you would also need to convert /27 to its DDN equivalent of 255.255.255.224.

## Switch Configurations

The switch configurations require some basic steps, at least as long as you know the steps.

First, to send IP packets at all, generally speaking, the switch needs an IP address assigned to one VLAN interface, that VLAN needs to be active, and that VLAN interface needs to be enabled. With this specific lab, the requirements state that only VLAN 1 exists, so the IP address must be configured on the VLAN 1 interface. With this its VLAN 1 interface, and the interface needs to be enabled (no shutdown).

Note that the IP address is configured under the command interface vlan 1. Many people who have not yet used the CLI much yet get confused about the idea of VLAN 1 versus the VLAN 1 interface. The VLAN 1 interface, configured with interface vlan 1, is the switch’s layer 3 interface into VLAN 1. Cisco also calls this a “switch virtual interface”, or SVI. So SW1 can create VLAN1, forward frames in VLAN 1, but to connect itself to VLAN 1 to support telnet etc., the switch configures its SVI, with command interface vlan 1.

Additionally, the requirements state a fact that means that the switches also must have a default gateway setting. The requirements tell us that both switches need to be managed by hosts sitting on the other side of a router. To send packets out to a different subnet, the switches, acting as hosts, have to know a default router (default gateway) to which to send the packets. The only candidate in this case is router R1 in the figure.

The configuration is below. Ask questions if you have them!

#### Example 2: SW2 Config

Write a comment

1. Chris November 22, 18:01

The first part was a bit confusing for me since the book has not gone over how to actually subnet at this point (chapter 8).

• CCENTSkills November 22, 18:33

Hey Chris,
Good point. I’ll look at either changing the lab a bit, or moving it to a later chapter so that it reviews switch IP config but still lets you do the rest of the interesting part of the lab. Thanks for the input.
Wendell

2. Mit March 2, 06:24

Hi Mr. Wendell,

I have recently started learning Networking. Also, I have just begun going through these posts. Most of these posts have been posted years ago. Don’t know if I am going to get a response. Anyway, I am at least happy that I am able to ‘see’ them.

Before writing a query, please let me thank you for being such a great person in every aspect. Looking at your replies, I must easily say that along with being knowledgeable, you are so humble too. Thanks.

Just a little small query that I want to get clear with. Are the commands ‘transport input telnet’, etc applicable in the context of VLAN interface too? If yes, should they not be configured here too, as per the demand of the question?

• CCENTSkills March 2, 06:56

Hi Mit,
Yep, I still try to answer blog queries! So far, it’s not been too many to keep up with. And thanks for the kind words!

The “transport input…” command applies to the vty lines only, and not to the VLAN interface. For example, to allow telnet into a switch, it needs a working VLAN interface with IP address/mask configured, plus the config on the VTY lines that enable inbound telnet (e.g., transport input telnet or transport input all), plus a working combination of password security.
Hope this helps!

• Mit March 2, 06:59

Hi,

After giving a conceptual thought, I have got my query clear!! Also realized that this was a bad question. Sorry.

PS : These kind of pragmatic things are likely to be missed by beginners like me. Apparently, this has given clarity when it comes to concepts. Thanks. Will be approaching all your posts eventually.

• Mit March 2, 07:17

Dear Mr. Wendell,

I feel to be in the ‘Privileged’ mode after having your response, honestly!! I will just… sleep… happily today. Nothing else.

Really glad and lucky that you still answer blog queries. Cheers!!! 🙂

3. Abdoul July 8, 16:59

Hello Mit –

I’m trying to understand why didn’t you begin the IP address assignment with 192.168.1.254 for R1 and work your way down. Aren’t all the address space before 224 taken up as indicated by the mask?

• Cristhopher February 11, 11:50

Hi Abdoul. A /27 subnet has a total of 32 addresses, with the first and Last ones always unusable because they are always assigned to the Subnet ID and subnet broadcast. So the highest usable address is the 192.168.1.30. If you had 192.168.1.0/24 subnet (with a /24 subnet mask instead a /27) then you would have a total of 256 addresses with the first and last ones unusable and the 192.168.1.254 being the highest available.

4. Mike April 15, 16:19

Hi Wendell,

I recently bought the 200-301 book and am working towards my CCNA, thanks for all the great content!

I’m a bit confused by this one, in most of chapter 6 “Configuring Basic Switch Management,” we learn about how you have to do vty line 0 15, then enable the interface for telnet/ssh/all/none, and for ssh you must have a key generated with the crypto command.

In the original post of this config lab one of the steps is to “Configure SW1 and SW2 to allow hosts to the right of router R1 to be able to Telnet to SW1 or Telnet/SSH to SW2.” but it seems like the answer omits the commands needed to meet this requirement?

In my solution I had ‘crypto key generate rsa’ in global mode and and ‘login local’ on all vty interfaces, is that wrong?

• certskills Author April 16, 08:52

Hi Mike,
I think you’re correct in substance, maybe not in this lab. The lab post shows those commands already configured, so the answer post doesn’t require you to add them again. Just check back in the SW2 config in the lab post. But yes, you need those commands to make SSH work.
Wendell

5. Elías May 8, 16:48

So I did the subnetting but didn’t use subnet 0
Do you recommend using it?

192.168.1.0
192.168.1.1 – First
192.198.1.30 – Last
192.168.1.32
192.168.1.33 – First
192.168.1.62 – Last
192.168.1.64

• certskills Author May 11, 09:59

Elias,
It’s ok to use subnet 0. A long time ago, when RIP Version 1 might have been used, or IGRP, it was a potential problem. But no more. Go for it!
Wendell

6. Favian Claro June 3, 21:12

“use the highest three IP addresses for the network devices”

I thought that meant the IP range of the .224 – .255 network because in my mind highest three meant highest numbers. .DOH!

## Write a comment

#### Subscribe

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.