Cisco-achtige basisconfiguraties voor kleine lab- en praktijknetwerken
Deze blokken gebruik je 90% van de tijd in je lab/praktijkopdracht.
SWITCH (basis) enable configure terminal hostname SW1 no ip domain-lookup enable secret klas123 banner motd #GEEN TOEGANG# ROUTER (basis) enable configure terminal hostname R1 no ip domain-lookup enable secret klas123 L3-SWITCH routing enable configure terminal ip routing PC (Command Prompt) ipconfig ping 192.168.x.x
These blocks cover about 90% of what you’ll type in small lab/practical setups.
SWITCH (basic) enable configure terminal hostname SW1 no ip domain-lookup enable secret klas123 banner motd #NO UNAUTHORISED ACCESS# ROUTER (basic) enable configure terminal hostname R1 no ip domain-lookup enable secret klas123 L3-SWITCH routing enable configure terminal ip routing PC (Command Prompt) ipconfig ping 192.168.x.x
Maak VLAN’s aan en zet de juiste poorten in de juiste VLAN.
vlan 10 name Studenten vlan 20 name Studentzaken vlan 30 name Gasten interface range fa0/1-8 switchport mode access switchport access vlan 10 interface range fa0/9-17 switchport mode access switchport access vlan 20 interface fa0/18 switchport mode access switchport access vlan 30 show vlan brief
Create VLANs and assign the correct ports to the correct VLAN.
vlan 10 name Students vlan 20 name StudentAffairs vlan 30 name Guests interface range fa0/1-8 switchport mode access switchport access vlan 10 interface range fa0/9-17 switchport mode access switchport access vlan 20 interface fa0/18 switchport mode access switchport access vlan 30 show vlan brief
Gebruik VTP om VLAN’s vanaf een centrale switch (server) te verspreiden naar andere switches (clients).
! Op alle switches: vtp domain SCHOOL vtp password geheim vtp version 2 ! Server (bijv. Switch0): vtp mode server ! Clients (bijv. Switch1, Switch2): vtp mode client show vtp status
Use VTP to distribute VLANs from a central switch (server) to the other switches (clients).
! On all switches: vtp domain SCHOOL vtp password secret vtp version 2 ! Server (e.g. Switch0): vtp mode server ! Clients (e.g. Switch1, Switch2): vtp mode client show vtp status
Trunk-poorten sturen meerdere VLAN’s tegelijk over 1 kabel. Deze poorten zijn tussen jouw switches.
interface gi0/1 switchport mode trunk switchport trunk allowed vlan 10,20,30 interface gi0/2 switchport mode trunk switchport trunk allowed vlan 10,20,30
Voorbeeld-topologie:
Switch0 (SERVER) Gi0/1 ───── Gi0/1 Switch2 (CLIENT) Switch2 (CLIENT) Gi0/2 ───── Gi0/2 Switch1 (CLIENT) Alleen VLAN 10, 20 en 30 mogen over deze links.
Trunk ports carry multiple VLANs over a single cable. These are the links between your switches.
interface gi0/1 switchport mode trunk switchport trunk allowed vlan 10,20,30 interface gi0/2 switchport mode trunk switchport trunk allowed vlan 10,20,30
Example topology:
Switch0 (SERVER) Gi0/1 ───── Gi0/1 Switch2 (CLIENT) Switch2 (CLIENT) Gi0/2 ───── Gi0/2 Switch1 (CLIENT) Only VLAN 10, 20 and 30 are allowed over these links.
SVI = Switch Virtual Interface. Dit is het IP-adres van de switch zelf (voor ping/SSH).
interface vlan 1 ip address 192.168.10.2 255.255.255.0 no shutdown ip default-gateway 192.168.10.1 ! Andere switches: interface vlan 1 ip address 192.168.10.3 255.255.255.0 no shutdown
SVI = Switch Virtual Interface. This is the IP address of the switch itself (for ping/SSH).
interface vlan 1 ip address 192.168.10.2 255.255.255.0 no shutdown ip default-gateway 192.168.10.1 ! Other switches: interface vlan 1 ip address 192.168.10.3 255.255.255.0 no shutdown
Gebruik subinterfaces op de router als je één kabel gebruikt voor meerdere VLAN’s.
interface g0/0.10 encapsulation dot1Q 10 ip address 192.168.10.1 255.255.255.0 interface g0/0.20 encapsulation dot1Q 20 ip address 192.168.20.1 255.255.255.0 interface g0/0.30 encapsulation dot1Q 30 ip address 192.168.30.1 255.255.255.0 ! Default route: ip route 0.0.0.0 0.0.0.0 192.168.10.2 show ip interface brief show ip route
Use subinterfaces on the router when you carry multiple VLANs over a single physical interface.
interface g0/0.10 encapsulation dot1Q 10 ip address 192.168.10.1 255.255.255.0 interface g0/0.20 encapsulation dot1Q 20 ip address 192.168.20.1 255.255.255.0 interface g0/0.30 encapsulation dot1Q 30 ip address 192.168.30.1 255.255.255.0 ! Default route: ip route 0.0.0.0 0.0.0.0 192.168.10.2 show ip interface brief show ip route
Maak per VLAN een DHCP-pool. Gebruik dezelfde structuur als in de opdracht.
ip dhcp excluded-address 192.168.10.1 192.168.10.20 ip dhcp pool VLAN10 network 192.168.10.0 255.255.255.0 default-router 192.168.10.1 dns-server 8.8.8.8 ip dhcp pool VLAN20 network 192.168.20.0 255.255.255.0 default-router 192.168.20.1 dns-server 8.8.8.8 ip dhcp pool VLAN30 network 192.168.30.0 255.255.255.0 default-router 192.168.30.1 dns-server 8.8.8.8 show ip dhcp binding show ip dhcp pool
Create one DHCP pool per VLAN. Follow the same pattern as in the assignment.
ip dhcp excluded-address 192.168.10.1 192.168.10.20 ip dhcp pool VLAN10 network 192.168.10.0 255.255.255.0 default-router 192.168.10.1 dns-server 8.8.8.8 ip dhcp pool VLAN20 network 192.168.20.0 255.255.255.0 default-router 192.168.20.1 dns-server 8.8.8.8 ip dhcp pool VLAN30 network 192.168.30.0 255.255.255.0 default-router 192.168.30.1 dns-server 8.8.8.8 show ip dhcp binding show ip dhcp pool
Stappen om een laptop draadloos te verbinden met een access point in Packet Tracer.
1. Laptop: - Physical tab → power uit - Voeg WPC300N wireless module toe - Power aan 2. Access Point / Wireless router: - SSID: bijv. GASTEN - Security: WPA2-PSK - Wachtwoord: Welkom01! 3. Laptop: - Desktop → PC Wireless - Kies SSID (GASTEN) - Voer wachtwoord in - Wacht tot status = Connected/Associated
Steps to connect a laptop wirelessly to an access point in Packet Tracer.
1. Laptop: - Physical tab → power off - Add WPC300N wireless module - Power on 2. Access Point / Wireless router: - SSID: e.g. GUESTS - Security: WPA2-PSK - Password: Welcome01! 3. Laptop: - Desktop → PC Wireless - Select SSID (GUESTS) - Enter password - Wait until status = Connected/Associated
Beveilig de switch/router met SSH en gebruikerslogins.
hostname SW1 ip domain-name local crypto key generate rsa username admin secret sterkW8woord line vty 0 4 login local transport input ssh line console 0 password console123 login show ip ssh
Secure the switch/router with SSH and user logins.
hostname SW1 ip domain-name local crypto key generate rsa username admin secret strongP4ssword line vty 0 4 login local transport input ssh line console 0 password console123 login show ip ssh
Volg deze volgorde als er geen verbinding is.
Stap 1: Kabels & interfaces - Zijn alle kabels goed aangesloten? - Zijn interfaces UP? (no shutdown) Stap 2: VLAN & trunk - show vlan brief - show interfaces trunk Stap 3: IP & gateway - show ip interface brief - Is IP / mask / gateway correct op pc's? Stap 4: DHCP - show ip dhcp binding - show ip dhcp pool Stap 5: Routing - show ip route Test altijd met: - ping 192.168.x.x - traceroute 192.168.x.x
Follow this order when there is no connectivity.
Step 1: Cables & interfaces - Are all cables connected correctly? - Are interfaces UP? (no shutdown) Step 2: VLAN & trunk - show vlan brief - show interfaces trunk Step 3: IP & gateway - show ip interface brief - Is IP / mask / gateway correct on PCs? Step 4: DHCP - show ip dhcp binding - show ip dhcp pool Step 5: Routing - show ip route Always test with: - ping 192.168.x.x - traceroute 192.168.x.x
Handige vaste volgorde om een klein netwerk van niets naar werkend te krijgen.
1. Lees de opdracht of het netwerkdiagram en noteer: - VLAN-nummers - IP-subnetten per VLAN - Welke switch is VTP-server / client - Welke poorten zijn uplinks 2. Configureer alle switches: - hostname, no ip domain-lookup, wachtwoorden - VLAN's aanmaken op VTP-server - VTP domain / password / mode - Access-poorten in juiste VLAN - Trunk-poorten tussen switches - SVI + ip default-gateway 3. Configureer router / L3-switch: - interfaces of subinterfaces (router-on-a-stick) - ip routing (op L3-switch) - static of default routes 4. DHCP instellen: - excluded-addresses - DHCP-pool per VLAN 5. WiFi & clients: - SSID + WPA2 op AP - Laptop verbinden via PC Wireless 6. SSH & security: - crypto key generate rsa - username admin secret ... - line vty 0 4 → login local - transport input ssh 7. Test & fix: - ping binnen VLAN - ping tussen VLANs - show-commando's gebruiken om fouten te zoeken 8. Config opslaan: copy running-config startup-config
A fixed order to bring a small lab network from zero to fully working.
1. Read the task or network diagram and write down: - VLAN numbers - IP subnets per VLAN - Which switch is VTP server / client - Which ports are uplinks 2. Configure all switches: - hostname, no ip domain-lookup, passwords - Create VLANs on the VTP server - VTP domain / password / mode - Access ports in correct VLAN - Trunk ports between switches - SVI + ip default-gateway 3. Configure router / L3-switch: - interfaces or subinterfaces (router-on-a-stick) - ip routing (on L3-switch) - static or default routes 4. Configure DHCP: - excluded addresses - DHCP pool per VLAN 5. WiFi & clients: - SSID + WPA2 on AP - Connect laptop via PC Wireless 6. SSH & security: - crypto key generate rsa - username admin secret ... - line vty 0 4 → login local - transport input ssh 7. Test & fix: - ping within VLAN - ping between VLANs - use show-commands to find issues 8. Save configuration: copy running-config startup-config