This article will give you the ability to configure different features of a Cisco switch. Before you try doing this, I advise you to go over this article from the Intenseschool website: “Configuring LAN Switches“.

This simulation will allow you to experiment with the commands and features explained in the above-mentioned article.

I created two Packet Tracer files:

  • configuring-lan-switches-init.pkt—This file will have all four Cisco switches with the default configuration.
  • configuring-lan-switches-final-config.pkt—This file contains the full configuration and can be used as verification against your configuration.

Regarding the topology, on each switch there is one PC connected. The PCs are already configured. The IP address of a PC is in the format VLAN_ID.VLAN_ID.VLAN_ID.PC_NUMBER/24. For instance, PC_1 is in vlan 100 and its IP address is 100.100.100.1/24. The default gateway of each PC is in the format VLAN_ID.VLAN_ID.VLAN_ID.VLAN_ID/24. For instance, the default gateway for PC_1 is 100.100.100.100/24. Anyway, you have the IP addressing written on the topology.

All the PCs are connected to FastEthernet0/4 on the switch.

Task 1 requirements:

  1. Configure the ports of the switches where PCs are connected using the VLANs specified on the topology. Make sure that the switches accept only tagged frames on those ports.

Task 1 verification:

  1. Use the “show vlan” command to confirm that the vlan was created on the switch.
  2. Use “show interface f0/4 switchport” to confirm the administrative and operational modes of the interface.

Task 1 hints:

  1. Use the command “vlan X” to configure the VLAN on the switch.
  2. Use the commands “switchport mode access” and “switchport access vlan X” on interface FastEthernet0/4 to configure the required VLAN.

Task 2 requirements:

  1. Configure the two links between SW1 and SW2 to act as a single logical link using a Cisco proprietary aggregation protocol.

    Task 2 verification:

  2. Use the command “show etherchannel summary” to check the portchannel status.

    You should see something similar to:

    Group Port-channel Protocol Ports

    ——+————-+———–+———————————————-

    1 Po1(SU) PAgP Fa0/1(P) Fa0/2(P)

    SW1#

Task 2 hints:

  1. Use the commands “channel-protocol pagp” and “channel-group 1 mode desirable” on FastEthernet0/1 and FastEthernet0/2 to configure PAGP.

Task 3 requirements:

  1. Configure the two links between SW3 and SW4 to act as a single logical link using an open standard aggregation protocol.

Task 3 verification:

  1. Use the command “show etherchannel summary” to check the portchannel status.

    You should see something similar to:

    Group Port-channel Protocol Ports

    ——+————-+———–+———————————————-

    1 Po1(SU) LACP Fa0/1(P) Fa0/2(P)

    SW3#

Task 3 hints:

  1. Use the commands “channel-protocol lacp” and “channel-group 1 mode active” on FastEthernet0/1 and FastEthernet0/2 to configure LACP.

Task 4 requirements:

  1. Configure the link between SW1 and SW3 to carry all possible VLANs by negotiating the link using DTP packets.
  2. Configure the link between SW2 and SW4 to carry all possible VLANs by not negotiating all the links.
  3. Configure the links between SW1 and SW2 and between SW3 and SW4 as trunk links.
  4. Use the open standard to configure the trunk encapsulation.
  5. Configure all VLANs used in the topology on all switches even though there are no hosts in all configured VLANs.
  6. Configure VLAN 500 as a native VLAN.

Task 4 verification:

  1. Use the command “show interface X switchport” to check the administrative mode, administrative trunking encapsulation, and operational trunking encapsulation.
  2. Use the command “show interfaces trunk” to check what VLANs are allowed on all trunk links and the encapsulation used.
  3. Use the command “show interface X switchport” to confirm that the native VLAN has changed from 1 to 500.

Task 4 hints:

  1. Use the command “switchport trunk encapsulation dot1q” to set the encapsulation to dot1q.
  2. Use the command “switchport mode dynamic desirable” to negotiate the trunk link using DTP packets.
  3. Use the command “switchport nonegotiate” not to negotiate the link, but to form a trunk link.
  4. Use the command “switchport trunk native vlan 500” to configure VLAN 500 as a native VLAN.

Task 5 requirements:

  1. Configure SW1 as VTP server, SW2 and SW4 as VTP clients, and SW3 in transparent mode.
  2. Configure all this under domain VTP_DOMAIN and the password must be VTP_PASSWORD.

Task 5 verification:

  1. Use the command “show vtp status” to check the mode and the domain name.
  2. Use the command “show vtp password” to check the password.

Task 5 hints:

  1. Use the command “vtp mode server/client/transparent” to set the mode to server, client, or transparent.
  2. Use the command “vtp domain VTP_DOMAIN” to set the domain.
  3. Use the command “vtp password VTP_PASSWORD” to set the password.

Task 6 requirements:

  1. Configure SW1 so that hosts in VLAN 100 can reach the hosts in VLAN 200. Use switched virtual Interfaces to do this. The format of the IP addresses of the SVIs should follow this scheme: VLAN_ID.VLAN_ID.VLAN_ID.VLAN_ID/24. The SVI for VLAN 100 should be 100.100.100.100/24.

Task 6 verification:

  1. Ping PC_4 and PC_2 from SW1.

Task 6 hints:

  1. Use the command “interface vlan X” to configure SVI for the two VLANs, 100 and 200.
  2. Use the command “ip routing” on SW1 to enable IP routing on SW1.

Task 7 requirements:

  1. Configure SW1 and SW2 so that, on the ports where the hosts are connected, a maximum of one MAC will be learned. In case more than one MAC will be learned, drop the traffic from the additional hosts, but do not increment any violation counters.
  2. Configure SW3 and SW4 so that on the ports where the hosts are connected, a maximum of two MACs will be learned. In case more than two MACs will be learned, drop the traffic from the additional hosts and increment the violation counters.

Task 7 verification:

  1. To check the port security, the command “show port-security interface X” should be used, but Packet Tracer doesn’t support this command.

Task 7 hints:

  1. Use the command “switchport port-security” to activate port security on the port.
  2. Use the command “switchport port-security maximum” to specify how many MACs can be learned on the port. the default is one and it doesn’t show up in the configuration.
  3. Use the command “switchport port-security violation” to specify if the violation counter should increase or not.

I hope this tutorial will give you a feeling of what is to configure a Cisco switch and how you can configure few of the basic functions of a switch.

As always, do not stop with what the tutorial covers. Explore on your own what else you can configure and how those features can help you achieve your requirements.