Config Lab: Switch IP Config

 In 200-301 V1 Ch06: Switch Management, 200-301 V1 Part 2: Ethernet, 200-301 V1 Parts, Config Lab, Config Lab CCNA Vol 1 Part 2, Hands-on

This next lab begins with a switch that has been configured to allow Telnet + SSH, including password protection – except the fact that neither switch yet has an IP address. This lab asks you to add the IP configuration to the switches. Details below the fold. Enjoy!

All about Config Labs

The blog has a series of lab exercises called “Config Labs.” Each lab presents a topology with the relevant initial configuration for each device. The lab also lists new requirements, after which you should create the additional configuration to meet those requirements. You can do the lab on paper, in a text editor, or use software tools like Cisco Packet Tracer or Cisco Modeling Labs.

Once you have created your answer, you can click various tabs at the bottom of this post to see the lab answers, comments about the lab, and other helpful information.

The Lab Exercise

Lab Requirements

This lab uses the simple LAN shown in Figure 1. It shows two switches connected by a link, with a router on the side.

Figure 1 – Lab Topology

 

For this lab, you should configure the IP settings for the two LAN switches. You need to decide what IP settings need to be configured and then plan the specific configuration commands. The list of requirements includes the subnet ID to use. Specifically:

  1. Both switches use VLAN 1 as the management VLAN.
  2. Use subnet 192.168.1.0/27.
  3. Use the numerically highest IP addresses: the highest for the router’s G0/0 interface into the LAN, the next highest for SW1’s management address, and the next highest for SW2’s management address. Note that R1’s IP address has been pre-configured for the purposes of this lab.
  4. Configure SW1 and SW2 to allow communication off-subnet as well as on-subnet.
  5. Neither switch uses VLAN trunking, and all ports are in the default VLAN (1).

 

Initial Configuration

You can do this lab with the assumption that neither switch has any initial configuration. However, to make the lab more interesting, instead assume the following initial configuration. The configuration on the two switches includes the commands which, once you add the correct IP configuration, allow Telnet (both switches) and SSH (SW2 only) into the switches. The router R1 configuration includes a minimal configuration to act as the default gateway in the subnet.

 

hostname SW1
!
enable password sw1bad
!
interface GigabitEthernet1/0/1  
 description connected to PC1 
! 
interface GigabitEthernet1/0/2
 description connected to PC2
! 
interface GigabitEthernet1/0/3  
 description connected to PC3 
! 
interface GigabitEthernet1/0/11 
 description connected to SW2 
! 
line con 0 
 login 
 password fred 
line vty 0 15 
 login 
 password sw1 
 transport input telnet

Example 1: SW1 Config

 

hostname SW2
!
ip domain-name example.com
crypto key generate rsa modulus 768
username fred password barney
!
enable secret sw2good
!
interface GigabitEthernet1/0/4
 description connected to PC4
!
interface GigabitEthernet1/0/5
 description connected to PC5
!
interface GigabitEthernet1/0/6
 description connected to PC6
!
interface GigabitEthernet1/0/12
 description connected to SW1
! 
interface GigabitEthernet1/0/7
 description connected to R1
!
line con 0
 login
 password fred
!
line vty 0 15
 login local
 transport input all

Example 2: SW2 Config

 

hostname R1
!
interface GigabitEthernet0/0
 ip address 192.168.1.30 255.255.255.224

Example 3: R1 Config

Answer Options - Click Tabs to Reveal

You can learn a lot and strengthen real learning of the topics by creating the configuration – even without a router or switch CLI. In fact, these labs were originally built to be used solely as a paper exercise!

To answer, just think about the lab. Refer to your primary learning material for CCNA, your notes, and create the configuration on paper or in a text editor. Then check your answer versus the answer post, which is linked at the bottom of the lab, just above the comments section.

You can also implement the lab using the Cisco Packet Tracer network simulator. With this option, you use Cisco’s free Packet Tracer simulator. You open a file that begins with the initial configuration already loaded. Then you implement your configuration and test to determine if it met the requirements of the lab.

(Use this link for more information about Cisco Packet Tracer.)

Use this workflow to do the labs in Cisco Packet Tracer:

  1. Download the .pkt file linked below.
  2. Open the .pkt file, creating a working lab with the same topology and interfaces as the lab exercise.
  3. Add your planned configuration to the lab.
  4. Test the configuration using some of the suggestions below.

Download this lab’s Packet Tracer File

You can also implement the lab using Cisco Modeling Labs – Personal (CML-P). CML-P (or simply CML) replaced Cisco Virtual Internet Routing Lab (VIRL) software in 2020, in effect serving as VIRL Version 2.

If you prefer to use CML, use a similar workflow as you would use if using Cisco Packet Tracer, as follows:

  1. Download the CML file (filetype .yaml) linked below.
  2. Import the lab’s CML file into CML and then start the lab.
  3. Compare the lab topology and interface IDs to this lab, as they may differ (more detail below).
  4. Add your planned configuration to the lab.
  5. Test the configuration using some of the suggestions below.

Download this lab’s CML file!

 

Network Device Info:

This table lists the interfaces listed in the lab exercise documentation versus those used in the sample CML file.

Device Lab Port  CML Port
SW1 G1/0/1 G2/1
SW1 G1/0/2 G2/2
SW1 G1/0/3 G2/3
SW1 G1/0/11 G1/1
SW2 G1/0/4 G3/1
SW2 G1/0/5 G3/2
SW2 G1/0/6 G3/3
SW2 G1/0/7 G0/1
SW2 G1/0/12 G1/2

Lab Answers Below: Spoiler Alert

Lab Answers: Configuration (Click Tab to Reveal)

Figure 1 – Lab Topology

 

ip default-gateway 192.168.1.30
interface vlan 1
 ip address 192.168.1.29 255.255.255.224
 no shutdown

Example 1: SW1 New Config

 

ip default-gateway 192.168.1.30
interface vlan 1
 ip address 192.168.1.28 255.255.255.224
 no shutdown

Example 2: SW2 Config

Commentary, Issues, and Verification Tips (Click Tabs to Reveal)

Picking the IP Addresses

This lab did not give you the specific IP addresses to configure, but it gave enough info for you to derive the IP addresses for both switches and derive the router’s IP address. This first section of the post details that bit of math.

First, as a reminder, here’s the LAN topology:

Figure 1 – Lab Topology

For the one subnet/VLAN in this lab, you used the highest three IP addresses for the network devices: the highest for R1, the next highest for SW1, and the next highest for SW2. The problem statement also listed the subnet ID (192.168.1.0/27), so all you have to do is a normal problem of finding all the addresses in the subnet, find the 3 numerically highest numbers, and use those.

In this case, subnet 192.168.1.0/27 includes these numbers:

192.168.1.0 (Subnet ID)
192.168.1.1
192.168.1.2
.
.
.
192.168.1.27
192.168.1.28 (Reserved for SW2)
192.168.1.29 (Reserved for SW1)
192.168.1.30 (Reserved for R1)
192.168.1.31 (subnet broadcast address)

The configuration steps will also require that you configure the subnet mask as a dotted-decimal number, so you would also need to convert /27 to its DDN equivalent of 255.255.255.224.

 

Switch Configurations

The switch configurations require some basic steps, at least as long as you know the steps.

First, to send IP packets at all, generally speaking, the switch needs:

  • An IP address assigned to one VLAN interface.
  • The VLAN needs to be active.
  • The VLAN interface needs to be enabled.

The requirements state that only VLAN 1 exists with this specific lab, so the IP address must be configured on the VLAN 1 interface. As a result, both switches need a VLAN 1 interface, with the interface vlan 1 command used to enter interface configuration mode for that interface. The interface also needs to be enabled (no shutdown).

While in interface VLAN 1 config mode, you also need to configure the IP address and mask per your earlier calculations. Many people who have not yet used the CLI much get confused about the idea of VLAN 1 versus the VLAN 1 interface. The VLAN 1 interface, configured with interface vlan 1, is the switch’s layer 3 interface into VLAN 1. Cisco also calls this a “switch virtual interface,” or SVI. So:

  • To switch Ethernet frames in VLAN 1, switch SW1 needs to be aware of VLAN 1
  • To have an interface that supports layer 3 functions within the switch that connects to VLAN 1, the switch needs to use interface VLAN 1, whose config mode is reached with command interface vlan 1.

Additionally, the requirements state that the switches must be configured to communicate off-subnet, which means they also must have a default gateway setting. A switch acts much like an IP host in regards to how its IP logic works. Like an IP host, when a switch needs to send an IP packet off-subnet, the switch sends the packet to its default gateway. R1 happens to be the only possible default gateway for SW1 and SW2 to use.

Known Issues in this Lab

This section of each Config Lab Answers post hopes to help with those issues by listing any known issues with Packet Tracer related to this lab. In this case, the issues are:

# Summary Detail
1 None No known issues related to this lab.

 

Why Would Cisco Packet Tracer Have Issues?

(Note: The below text is the same in every Config Lab.)

Cisco Packet Tracer (CPT) simulates Cisco routers and switches. However, CPT does not run the same software that runs in real Cisco routers and switches. Instead, developers wrote CPT to predict the output a real router or switch would display given the same topology and configuration – but without performing all the same tasks, an actual device has to do. On a positive note, CPT requires far less CPU and RAM than a lab full of devices so that you can run CPT on your computer as an app. In addition, simulators like CPT help you learn about the Cisco router/switch user interface – the Command Line Interface (CLI) – without having to own real devices.

CPT can have issues compared to real devices because CPT does not run the same software as Cisco devices. CPT does not support all commands or parameters of a command. CPT may supply output from a command that differs in some ways from what an actual device would give. Those differences can be a problem for anyone learning networking technology because you may not have experience with that technology on real gear – so you may not notice the differences. So this section lists differences and issues that we have seen when using CPT to do this lab.

Beyond comparing your answers to this lab’s Answers post, you can test in Cisco Packet Tracer (CPT) or Cisco Modeling Labs (CML). In fact, you can and should explore the lab once configured. For this lab, once you have completed the configuration, try these verification steps. 

  1. To test IP connectivity:
    1. Login to SW1 and SW2.
    2. Ping R1’s G0/0 IP address.
  2. To test the default gateway settings on the switches, you can create/configure a 2nd interface on the router. For instance:
    1. Login to router R1 and configure the interface loopback 1 and ip address 192.168.1.60 255.255.255.224 commands.
    2.  Return to the CLI of router SW1 and SW2 in succession, and now ping R1’s loopback address (192.168.1.60.) The ping will not work if the respective switch does not have a correct ip default-gateway setting.
  3. If using the pre-supplied files, note that the PCs should have IP addresses on the low-end of the address range in subnet 192.168.1.0/27. So, you could test IP settings on the switches by pinging those IP addresses or by using Telnet/SSH on the PCs to attempt to login to the switches.

More Labs with Related Content!

Config Lab: Switch Admin Config
Config Lab: VLAN Basics 3
Subscribe
Notify of
guest

16 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Emil

Great lab Mr. Odom! I had a quick question about SW2 SSH: in a real world scenario, would you also add this command?
ip ssh version 2

certskills

Hi Emil,
Glad you like it! Yeah, I probably would. In reality, SSHv2 has been out so long that you’d be hard pressed to find an SSHv1 client, but making the device V2 only (by using ip ssh version 2) improves security by avoiding V1.

Calvin

Hi Mr. Odom. I’m confused as to where the Config Labs for Chatper 5 are? Is this one of them? I can only filter by part, not by chapters (for config labs)

certskills

Hi Calvin,
Thanks for the note. Two answers:
1) I didn’t create any Config Labs for Chapter 5 just because the types of CLI topics in that chapter don’t really match the Config Lab style. Chapter 6 is the first chapter in sequence with Config Labs.
2) You can search for Config Labs by chapter with a little more effort by using the “Advanced search” tool that’s listed at the top of the blog home page (www.certskills.com). Click the button to “Go to Advanced Search”. On the right, you can choose “Config Lab 200-301”. On the left, you can click the plus signs (+) to expand an pick a book part or book chapter. EG, click “Config Lab 200-301” first, then click to expand Volume 1, click to expand part 2, and you’ll see chapter 6 and 7 listed (but not 5), implying there are some Config Labs for chapters 6 and 7. Choose either to filter to see only those for a given chapter.
Hope this helps,
Wendell

brahooke

How come the labs are not organized by chapter as well as part? It would save time on my planner if I knew which of these labs were meant for Chapter 5.

certskills

Look at the top of every page, for the “advanced search” option. From there, on the left, you can drill down on the specific chapter. Then on the right, select “Config Labs”. That lists all config labs, by chapter.

Justin Travis

the password cisco isn’t working in this lab

certskills

Read the initial configurations and interpret them to figure out what the passwords should be for each step.

Stephen Dybas

Using 192.168.1.30 as a default gateway on both SW2 and PC4, I can only connect SSL to SW2 using its VLAN1 ip address, 192.168.1.28 with users name fred. When I try to SSL to SW2.example.com with usename fred, PC4’s command prompt reports C:\>Could not open connection to the host, on port 22: Connect failed

There is not a DNS server available in the exercise.

Am I missing something?

certskills

Hi Stephen,
You’re not missing anything. The lab doesn’t include a DNS server. I looked and the Packet Tracer server device, which you could add to the network, does support DNS, and the PCs have a setting in which you could point to the DNS, if you’re interested in investigating more. But it’s not part of the lab.
Wendell

Stephen Dybas

Thank you for your clarification.

Nigel

Fantastic LAB for a quick re-cap. It had been a while, messed it up a little but I managed to ping end to end.

Last edited 5 months ago by Nigel
Augustus Geleplay

When I attempt to do the lab, I am prompted for a password which I do not have.

rahim

i didn’t understand your plan in book can you tell me here because i almost study 8 chapters.

Last edited 1 month ago by rahim
16
0
Would love your thoughts, please comment.x
()
x