 成长值: 63730
|
本帖最后由 小乔 于 2022-11-10 09:27 编辑
Lab Objective:
The objective of this lab exercise is for you to learn and understand how to secure VTP domains using Cisco Catalyst Switches. By default, VTP domains are not password-protected.
Lab Purpose:
Securing the VTP domain is a fundamental skill. When VTP domains are not configured with a password, rogue switches can be added to the network and disrupt service. As a Cisco engineer, as well as in the Cisco CCNA exam, you will be expected to know how to configure VTP passwords.
Certification Level:
This lab is suitable for both CCENT and CCNA certification exam preparation.
Lab Difficulty:
This lab has a difficulty rating of 4/10.
Readiness Assessment:
When you are ready for your certification exam, you should complete this lab in no more than 5 minutes.
Lab Topology:
Please use the following topology to complete this lab exercise:
Task 1:
In preparation for VLAN configuration, configure a hostname on Sw1 and Sw2 as depicted in the topology.
Task 2:
Configure and verify Sw1 as a VTP server switch and configure Sw2 as a VTP client switch. Both switches should be in the VTP domain named CISCO. Secure VTP messages with the VTP password CISCO.
Task 3:
Configure and verify FastEthernet0/1 between Sw1 and Sw2 as an 802.1q trunk.
Task 4:
Configure and verify VLANs 10 to 40 on Sw1 with the names provided above. Validate that these VLANs are still propagated to Sw2 after VTP has been secured.
Configuration and Verification
Task 1:
For reference information on configuring hostnames, please refer to the previous labs.
Task 2:
NOTE: By default, Cisco switches are VTP servers so no configuration is necessary for server mode on Sw1. This can be verified using the show vtp status command. However, you do need to configure the domain.
Sw1#config t
Enter configuration commands, one per line. End with CTRL/Z.
Sw1(config)#vtp domain CISCO
Changing VTP domain name from Null to CISCO
Sw1(config)#vtp password CISCO
Setting device VLAN database password to CISCO
Sw1#show vtp status
VTP Version : 2
Configuration Revision : 2
Maximum VLANs supported locally : 250
Number of existing VLANs : 5
VTP Operating Mode : Server
VTP Domain Name : CISCO
VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x00 0x7A 0x5E 0x47 0xF1 0xDD 0xB5 0x30
Sw2#config t
Enter configuration commands, one per line. End with CTRL/Z.
Sw2(config)#vtp mode client
Setting device to VTP CLIENT mode.
Sw2(config)#vtp domain CISCO
Changing VTP domain name from Null to CISCO
Sw1(config)#vtp password CISCO
Setting device VLAN database password to CISCO
Sw2(config)#end
Sw2#show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 250
Number of existing VLANs : 5
VTP Operating Mode : Client
VTP Domain Name : CISCO
VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x9D 0x1A 0x9D 0x16 0x9E 0xD1 0x38 0x59
Task 3:
For reference information on configuring and verifying trunks, please refer to earlier labs.
Task 4:
For reference information on configuring and verifying VLANs, please refer to previous labs.
Sw2#show vlan brief
VLAN Name Status Ports
---- ---------------------- --------- -------------------------------
1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
10 SALES active
20 MANAGERS active
30 ENGINEERS active
40 SUPPORT active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
NOTE: Make sure that the MD5 digest at the end of the output of the show vtp status command is the same when VTP passwords have been configured on switches within the same VTP domain.
|
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2022-11-10 09:24:13
置顶卡
喧嚣卡
变色卡
千斤顶