eswitching lab 7 5 2 brent v2.1

Lab 7.5.2: Challenge Wireless Configuration –Brent’s version 2.1

Topology Diagram

Addressing Table

Device Interface IP Address Subnet MaskDefault Gateway

R1

Fa0/0.10 172.17.10.1 255.255.255.0 N/A

Fa0/0.40 172.17.40.1 255.255.255.0 N/A

Fa0/0.88 172.17.88.1 255.255.255.0 N/A

Fa0/0.99 172.17.99.1 255.255.255.0 N/A

WRS2WAN 172.17.88.25 255.255.255.0 172.17.88.1

LAN/Wireless 172.17.20.1 255.255.255.0 N/A

WRS3WAN 172.17.88.35 255.255.255.0 172.17.88.1

LAN/Wireless 172.17.30.1 255.255.255.0 N/A

S1 VLAN 99 172.17.99.11 255.255.255.0 172.17.99.1

S2 VLAN 99 172.17.99.12 255.255.255.0 172.17.99.1

S3 VLAN 99 172.17.99.13 255.255.255.0 172.17.99.1

All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. of 11

CCNA ExplorationLAN Switching and Wireless: Wireless Concepts and Configuration Lab 7.5.2 Challenge Wireless Configuration

PC1 NIC 172.17.10.21 255.255.255.0 172.17.10.1

PC2 NICDHCP assigned

172.17.20.22255.255.255.0 172.17.20.1

PC3 NICDHCP assigned

172.17.30.23255.255.255.0 172.17.30.1

PC4 NIC 172.17.40.24 255.255.255.0 172.17.40.1

Learning Objectives

Upon completion of this lab, you will be able to:

Hard reset a Linksys WRT300N router

Connect and verify connectivity to a wireless router

Navigate to a Linksys WRT300N’s web utility page

Configure the IP settings of a Linksys WRT300N

Configure DHCP on a Linksys WRT300N

Configure static routes on both standard Cisco routers and on a WRT300N

Change the network mode and corresponding network channel on a WRT300N

Enable Wireless encryption

Configure a router management password on a WRT300N

Scenario

In this lab, you will configure a Linksys WRT300N, port security on a Cisco switch, and static routes on multiple devices. Make note of the procedures involved in connecting to a wireless network because some changes involve disconnecting clients, which may then have to reconnect after making changes to the configuration.

Task 1: Cable network and Perform Basic Router Configurations

Step 1: Cable the network for all devices, except PC2 and PC3 (connected later).

To avoid other people mistakenly connecting to the wireless, DO NOT apply power to the WRS routers until you start to configure them. When it is time in the instructions to connect the USB wireless NIC to the PC2 and PC3, use the driver CD before you plug the USB cable in.

Step 2: Perform Basic Router Configurations

Hostname R1!enable secret classno ip domain lookup!interface FastEthernet0/0 no shutdown!interface FastEthernet0/0.10 encapsulation dot1Q 10 ip address 172.17.10.1 255.255.255.0! interface FastEthernet0/0.40 encapsulation dot1Q 40



ip address 172.17.40.1 255.255.255.0!interface FastEthernet0/0.88 encapsulation dot1Q 88 ip address 172.17.88.1 255.255.255.0!interface FastEthernet0/0.99 encapsulation dot1Q 99 native ip address 172.17.99.1 255.255.255.0!line con 0 exec-timeout 0 0 logging synchronous password ciscoline aux 0line vty 0 4!

Task 2: Configure Switch Interfaces

Step 1: Configure switch vlans on S1, S2, and S3.

Set the switches to transparent, clear the VLAN information, create VLANs 10, 40, 88, and 99, and shutdown all ports. No names are needed for the VLANs.

<For all three switches>

!vtp mode transparentno vlan 2-1001vlan 10,40,88,99interface range fa0/1-24 shutdowninterface range gi0/1-2 shutdown!

Step 2: Configure switch port interfaces on S1, S2, and S3.

S1

hostname S1!interface range FastEthernet 0/1 - 5 switchport mode trunk switchport trunk native vlan 99 no shutdown!interface vlan 99 ip address 172.17.99.11 255.255.255.0 no shutdown!ip default-gateway 172.17.99.1

S2

hostname S2!



interface range FastEthernet 0/1 - 5 switchport mode trunk switchport trunk native vlan 99 no shutdown!interface FastEthernet0/7 switchport mode access switchport access vlan 88 no shutdown!interface FastEthernet 0/11 switchport mode access switchport access vlan 10 no shutdown!interface FastEthernet 0/18 switchport mode access switchport access vlan 40 no shutdown!interface vlan 99 ip address 172.17.99.12 255.255.255.0 no shutdown!ip default-gateway 172.17.99.1

S3

hostname S3!interface range FastEthernet 0/1 - 5 switchport mode trunk switchport trunk native vlan 99 no shutdown!interface FastEthernet 0/7 switchport mode access switchport access vlan 88 no shutdown!interface vlan 99 ip address 172.17.99.13 255.255.255.0 no shutdown!ip default-gateway 172.17.99.1

Step 3: Verify VLANs and trunking.

Use the show interfaces trunk command on S1 and the show vlan brief command on S2 to verify that the switches are trunking correctly and the proper VLANs exist.

S1#show interfaces trunk

Port Mode Encapsulation Status Native vlanFa0/1 on 802.1q trunking 99Fa0/2 on 802.1q trunking 99Fa0/3 on 802.1q trunking 99



Fa0/4 on 802.1q trunking 99Fa0/5 on 802.1q trunking 99

<output omitted>

S2#show vlan brief

VLAN Name Status Ports---- ------------------------------- --------- ------------------------------1 default active Fa0/5, Fa0/6, Fa0/8, Fa0/9 Fa0/10, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gi0/1, Gi0/210 VLAN0010 active Fa0/1140 VLAN0040 active Fa0/1888 VLAN0088 active Fa0/799 VLAN0099 active1002 fddi-default act/unsup1003 token-ring-default act/unsup1004 fddinet-default act/unsup1005 trnet-default act/unsup

When you have finished, be sure to save the running configuration to the NVRAM of the router and switches.

Step 4: Configure the Ethernet interfaces of PC1 and PC4.

Configure the Ethernet interfaces of PC1 and PC4 with the IP addresses and default gateways according to the addressing table at the beginning of the lab.

Step 5: Test the PC configuration.

PC1 and PC4 should be able to ping each other, and all of the switch management addresses.

Task 3: Connect to WRS2 from PC2

Step 1: Reset the WRS router and establish physically connectivity.

Apply power to WRS2 (leave WRS3 unplugged for now), and wait until it the green power LED stops blinking. To clear any previous configurations, do a hard reset.

Connect the WRS2 WAN port (blue) to S2, port 0/7.

For right now, connect PC2 to a LAN port on WRS2 using a straight-through cable.

Step 2: Install drivers for the wireless NIC on PC2, but do not connect to the access point.

If your PC already has the Wireless card installed, go to step 3. If Windows XP doesn’t have the drivers needed for the USB Wireless N NIC, you need to install the driver. Use the driver CD before you connect the USB NIC in this step. Insert the driver CD, and auto-install will launch the program. Install the NIC when prompted. Do not connect at this point! Note the wireless network names and the channels in use. Eject the CD now, before you forget!

Step 3: Go to the default URL and login in.

Note: In your favorite web browser, navigate to http://192.168.1.1 which is the default URL for the WRT300N. You are prompted for a username and password. Leave the username field blank, and enter the WRT300N factory default password of admin.


http://192.168.1.1/


Step 4: Basic Wireless Settings.

The Linksys WRT300N allows you to choose which network mode to operate in. For this lab, pick the fastest speed your clients can support.

Navigate to the Wireless page (the Basic Wireless Settings tab is the default).

Network Mode – If your clients support 802.11n, select Wireless-N Only, otherwise, choose BG-Mixed.

Network Name (SSID) – Change to WRS2_number. Where number is a unique id assigned by your instructor, such as your pod number, to avoid conflicts with other students doing the lab at the same time

Wireless-N Only – Radio Band – Change to: Standard – 20MHz Channel

Standard Channel – To avoid interference, change the Standard Channel to a number that is not already in use. Ideally, this would be at least 3 channels away from other wireless networks to reduce interference. For Wireless-N, if you selected Wide for the Radio Band, then this will be your secondary channel, and you can only select one that is 2 channels above or below your Wide Channel.

SSID Broadcast – Leave Enabled for now.

Click Save Settings, and then Continue.

Step 5: Configure the WAN port to have a static IP address

Navigate back to the Setup page (the Basic Setup is the default tab).

From the Internet Connection Type pull-down menu, select Static IP.

Internet IP Address – set to: 172.17.88.25.

Subnet Mask – set to: 255.255.255.0.

Default Gateway – set to the ISP address: 172.17.88.1.

Step 6: Set the Network Setup Address.

Under Network Setup, enter the Router IP of 172.17.20.1

Step 7: Save the settings.

Click Save Settings, and then Continue. At this point you will be disconnected from the web page, as you just changed the IP address you are connected to. It will take a minute or two, and you will need to refresh your browser, but you should be redirected to the new URL of the web utility (http://172.17.20.1). If not, you might need to release your IP address and request a new one, before your navigate your browser there. You will be asked to login again.

Task 4: Wireless Connectivity

Step 1: Connect using wireless to the WRS2 from PC2.

Disconnect the cable from PC2 to the WRS.

Make sure you are connecting to the correct wireless network.

Create a wireless profile to connect to WRS2.

Step 2: Verify connectivity settings.

Verify the connectivity settings by pinging the LAN address of WRS2 (your default gateway). You should also be able to ping PC1 and PC4. Note: PC1 and PC4 will not be able to ping PC2 at this point due to security and NAT.


http://172.17.20.1/


Task 5: Configure DHCP Settings and Router Time Zone Settings

Step 1: Assign PC2 the 172.17.20.22 address.

In the middle of the Basic Setup Page, click DHCP Reservations.

Using Manually Adding Client set PC2 to always receive 172.17.20.22.

Click Save Settings and Continue. Click Close to exit the DHCP Reservation window and return to Basic Setup.

Step 2: Configure the DHCP server.

Start IP Address – Change to: 172.17.20.50.

Maximum Number of Users – Change to: 25

Client Lease Time – Change to 120 minutes (2 hours).

Step 3: Configure the router for the appropriate time zone.

At the bottom of the Basic Setup page, change the Time Zone of the router to reflect your location.

Step 4: Save your settings

Click Save Settings and Continue.

Task 6: Wireless Security

Step 1: Implement Wireless Security

Implement the strongest security your clients will support – hopefully WPA2. If you are using WEP, you also need to disable the SSID Broadcast and implement Wireless MAC Filters. Do not implement Wireless MAC Filters if you are using WPA. If you need to, refer back to Lab 7.5.1 Tasks 6 and 7 for how to configure wireless security on the Linksys.

Passphrase (WPA2) or Key 1 (WEP) – enter 1234567890

Step 2: Click Save Settings. You will lose your connection.

Step 3: Reconnect to the wireless network.

If you need to, refer back to Lab 7.5.1 Tasks 6 and 7 for how to configure the wireless client for security.

Task 7: Managing and Securing the Web Utility of the Router

Step 1: Configure web access.

Navigate to the Administration section.

Router Access – Change the router password to cisco. Re-enter the same password to confirm.

Web Utility Access – Select both HTTP and HTTPS.

Web Utility Access via Wireless – Leave Enabled. (Since you are configuring the router via wireless access, disabling access would not be a good idea!)

Click Save Settings. You will be prompted for a login. Leave the User Name blank, but use cisco for the password, and click OK. Click Continue.



Task 8: Creating and Verifying Full Connectivity

By default, ping requests to the WRS’s WAN interface from sources on its WAN interface (the internet for example) will be blocked for security reasons. For the purpose of verifying connectivity in this lab you would like to allow them.

Step 1: Allow anonymous internet requests.

Click the Security page.

Under Internet Filter, uncheck Filter Anonymous Internet Requests.


Step 2: Disable NAT.

NAT translates the internal LAN (wired and wireless) to the single IP address assigned to the WAN port. Usually the LAN is using the private 192.168.1.0 network, so it needs to be translated to the public address assigned by the ISP. In this lab however, you are using addresses (while they are also private) that are routable on the WAN side. Because of the dynamic nature of NAT, you are not able to contact PC2 from outside the LAN, only respond to requests initiated from within the LAN side. By disabling NAT, you are making the users on the LAN reachable by other networks connected to the WAN port.

In the Setup page, click the Advanced Routing tab.

Click Disable NAT.


Task 9: Connect to WRS3 from PC3

Step 1: Repeat Tasks 3 to 8 to configure WRS3, but use these settings:

Network Name (SSID) – Change to WRS3_number. Where number is a unique id assigned by your instructor, such as your pod number, to avoid conflicts with other students doing the lab at the same time

Wireless-N Only – Radio Band – Change to: Standard – 20MHz Channel

Standard Channel – To avoid interference, change the Standard Channel to a number that is not already in use. Ideally, this would be at least 3 channels away from other wireless networks to reduce interference. For Wireless-N, if you selected Wide for the Radio Band, then this will be your secondary channel, and you can only select one that is 2 channels above or below your Wide Channel.

Internet IP Address – set to: 172.17.88.35.

Under Network Setup, enter the Router IP of 172.17.30.1

Using Manually Adding Client, set PC3 to always receive 172.17.30.23.

Task 10: Verifying Full Connectivity

Step 1: Give R1 static routes to the 172.17.20.0 and 172.17.30.0 networks.

R1(config)#ip route 172.17.20.0 255.255.255.0 172.17.88.25R1(config)#ip route 172.17.30.0 255.255.255.0 172.17.88.35



Step 2: Verify connectivity.

Verify that R1 has routes to PC2 and PC3 and that it can successfully ping them.

R1#sh ip route <output deleted>

Gateway of last resort is not set

172.17.0.0/24 is subnetted, 6 subnetsC 172.17.40.0 is directly connected, FastEthernet0/0.40S 172.17.30.0 [1/0] via 172.17.88.35S 172.17.20.0 [1/0] via 172.17.88.25C 172.17.10.0 is directly connected, FastEthernet0/0.10C 172.17.99.0 is directly connected, FastEthernet0/0.99C 172.17.88.0 is directly connected, FastEthernet0/0.88

R1#ping 172.17.20.22

Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.17.20.22, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

R1#ping 172.17.30.23

Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.17.30.23, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

Verify that PC2 and PC3 can ping each other.

Verify that PC2 and PC3 can ping PC1 and PC4.

Task 11: Configuring Routing Efficiency

Step 1: Use Traceroute to view the network connection.

Because R1 is the default gateway, the Linksys router goes to R1 to get to a network it does not know about, including the clients of the other Linksys routers.

A packet from PC2 to PC3 first reaches its default gateway of 172.17.20.1, and then it is sent out the WRS2 WAN interface of 172.17.88.25 toward the WRS2 default gateway (172.17.88.1). From there, R1 sends the packet to the WRS3 WAN interface, 172.17.88.35, where WRS3 handles it.

To verify this, on PC2, navigate to the Administration page, and then the Diagnostics tab. In the Traceroute Test field, enter the IP address of PC3, 172.17.30.23

Click Start to Traceroute and a pop-up will appear with the results.



If WRS2 knew that it could get to the 172.17.30.0 network from 172.17.88.35 it would just send it directly to that IP address. So let’s tell it!

Step 2: Configure a new static route.

On WRS2, navigate to the Setup page, and then click the Advanced Routing tab. Under Static Routing:

Route Name – Enter To WRS3 Clients.

Destination LAN IP – Enter the network behind WRS3: 172.17.30.0

Subnet Mask – Enter 255.255.255.0

Gateway – Enter 172.17.88.35

Interface – Set to Internet (WAN)


Step 3: Verify the new route.

In the Administration page, click the Diagnostics tab, re-enter the IP address of PC2 in the Traceroute Test field. Click Start to Traceroute to see the route.

Notice WRS2 goes straight to WRS3 and saves us the extra hop to R1!

Do the same thing on WRS3 for the 172.17.20.0/24 network, pointing towards WRS2’s WAN interface, 172.17.88.25.



Task 12: Clearing the Linksys Configuration

Step 1: Resetting the router without a hard reset.

On both Linksys routers, navigate to the Administration page and then to the Factory Defaults tab

Click the Restore All Settings button.


eswitching lab 7 5 2 brent v2.1

Documents