CCNA LAB 65: Restricting Extended VLANs on Trunks and Changing the VTP Version

小乔

Lab Objective:
The objective of this lab exercise is for you to learn and understand how to restrict VLANs traversing trunks. By default, all VLANs are allowed to traverse trunks.


Lab Purpose:
VLAN trunk restriction is a fundamental skill. By default, all VLANs traverse trunks. However, in some cases, this may result in unnecessary VLANs being propagated, and this may pose a security risk. As a Cisco engineer, as well as in the Cisco CCNA exam, you will be expected to know how to restrict VLANs from traversing trunks.

Certification Level:
This lab is suitable for CCNA certification exam preparation.

Lab Difficulty:
This lab has a difficulty rating of 6/10.

Readiness Assessment:
When you are ready for your certification exam, you should complete this lab in no more than 15 minutes.

Lab Topology:
Please use the following topology to complete this lab exercise:




Tas$k 1:

In preparation for VLAN configuration, configure a hostname on Sw1 and Sw2 as illustrated in the topology.

Task 2:
Configure and verify Sw1 and Sw2 as VTP Transparent switches. Both switches should be in the VTP domain named CISCO. Configure the switches to use legacy VTP version 1. Configure FastEthernet0/1 as a trunk between Sw1 and Sw2.


Task 3:
Configure and verify your VLAN configuration switches Sw1 or Sw2 and ensure that they are identical.

Task 4:
Allow only VLAN2040 to traverse the trunk link on Sw1 and verify your configuration.

Configuration and Verification
Task 1:
For reference information on configuring hostnames, please refer to earlier labs.

Task 2:
Sw1#config t
Enter configuration commands, one per line.  End with CTRL/Z.
Sw1(config)#vtp mode transparent
Setting device to VTP TRANSPARENT mode.
Sw1(config)#vtp domain CISCO
Changing VTP domain name from Null to CISCO
Sw1(config)#vtp version 1
Sw1(config)#vlan2010
Sw1(config-vlan)#name SALES
Sw1(config-vlan)#exit
Sw1(config)#vlan2020
Sw1(config-vlan)#name MANAGERS
Sw1(config-vlan)#exit
Sw1(config)#vlan2030
Sw1(config-vlan)#name ENGINEERS
Sw1(config-vlan)#exit
Sw1(config)#vlan2040
Sw1(config-vlan)#name SUPPORT
Sw1(config-vlan)#exit
Sw1(config)#interface fastethernet0/1
Sw1(config-if)#switchport mode trunk

Sw2#config t
Enter configuration commands, one per line.  End with CTRL/Z.
Sw2(config)#vtp mode transparent
Setting device to VTP TRANSPARENT mode.
Sw2(config)#vtp domain CISCO
Changing VTP domain name from Null to CISCO
Sw2(config)#vtp version 1
Sw2(config)#vlan2010
Sw2(config-vlan)#name SALES
Sw2(config-vlan)#exit
Sw2(config)#vlan2020
Sw2(config-vlan)#name MANAGERS
Sw2(config-vlan)#exit
Sw2(config)#vlan2030
Sw2(config-vlan)#name ENGINEERS
Sw2(config-vlan)#exit
Sw2(config)#vlan2040
Sw2(config-vlan)#name SUPPORT
Sw2(config-vlan)#exit
Sw2(config)#interface fastethernet0/1
Sw2(config-if)#switchport mode trunk
Task 3:
For reference information on configuring and verifying VLANs, please refer to earlier labs.


Task 4:
Sw1#conf t
Enter configuration commands, one per line.  End with CTRL/Z.
Sw1(config)#interface fastethernet0/1
Sw1(config-if)#switchport trunk allowed vlan2040
Sw1(config-if)#^Z
Sw1# Sw1#show interfaces trunk

Port        Mode         Encapsulation  Status        Native Vlan
Fa0/1       on           802.1q         trunking      1

Port        Vlans allowed on trunk
Fa0/1       2040
NOTE: By default, ALL configured VLANs are allowed to traverse ALL configured trunk links. You can restrict certain VLANs to certain trunks by using the switchport trunk allowed vlan command. You can test this command, which can also add or remove ranges of VLANs, so please spend some time trying out all the options. Beware that it can remove VLANs you have currently allowed if you don’t enter the correct inputs.


来源: CCNA LAB 59: Configuring IOS Device Logging to a SYSLOG Server
来源: CCNA LAB 60: Performing an IOS Upgrade
来源: CCNA LAB  61: Performing an IOS Upgrade Using FTP
来源: CCNA LAB 62: Performing Password Recovery
来源: CCNA LAB 63: Configuring Extended VLANs on Cisco Catalyst Switches
来源: CCNA LAB 64: Changing the Native VLAN and Shutting Down Unused Ports

yang11

呀小亮

感谢楼主的分享

xlht

感谢分享！！

Zack94

感謝樓主的分享