Skill Integration: Eterchannels, NTP, Port-Security

Packet Tracer Skill Integration

Share This Post

Share on linkedin
Share on facebook
Share on twitter
Share on email

As a network engineer, you are probably going to work with switches quite often. Switching is the master technology of the data center, and of the enterprise. Unless you work within a service provider, switching is what you are going to see every day. Therefore, you need to know very well the technologies related to this domain of networking. Most importantly, you need to integrate them together, as part of your job. In this skill integration lab, we test you for the CCNA with Etherchannels, NTP, and Port-Security.

Since this lab focuses on implementation, it comes with a lab. Using the link below, you can download for free a Packet Tracer lab.

Get this lab! Practice what you learn and gain experience with our networking labs and demos - download now

Download the lab and unzip it, then simply run it with Packet Tracer. Your goal is to complete the lab, respecting the requirements below. If you struggle doing so, don’t worry, we also have the solution (just scroll down).

Skill Integration Challenge: Etherchannels, NTP, Port-Security

This lab is a skill integration challenge. Like any challenge, you will need to put some effort into it: try to solve the lab on your own. You can do it by reading the requirements. However, you will need to understand the technologies of this lab (etherchannels, NTP, and Port-Security). In case you don’t, we won’t add any explanation here. Instead, just use these resources:

Lab Topology

The topology for this lab is fairly simple. As you can see in the picture, we can only count six devices in total.

Port-Security and NTP Skill Integration Lab Topology.
The topology for this lab.

We have a router, which acts as the default gateway (and it is named DG indeed). Then, we have a dummy core switch, which merely acts as a Layer 2 device, and two access switches connecting two servers. SRV1 is the device acting as the NTP server.

The Requirements

For this lab, our ultimate scope is the basics configuration of the network. To do that, we will need to clean the STP topology with two etherchannels, add NTP on the core and the Router, and configure port-security with the NTP server. Follow these guidelines to do that.

  1. Configure the Etherchannels so that they use a standard (non-proprietary) protocol, and so that the Core switch is always in control of the channel. Use always 1 as the ID of the port-channel on access switches. Instead, on the core switch, use the number of the access switch the etherchannel connects to identify the channel itself.
  2. Add an IP address to all switches in the default VLAN so that they can communicate with each other. Prepare them for communication on different subnets as well. Follow the table below.
  3. On Core and DG, point to SRV1 (192.168.1.101) for NTP. Do not use authentication.
  4. Secure the access port connecting SRV1 to the network. Ensure that only one Layer 2 address can be seen at a time on this port, and any violation will shut it down.
DeviceIP/Mask
CORE192.168.1.5/24
ACC-1192.168.1.10/24
ACC-2192.168.1.11/24

Now, good luck! Try to implement all of that on your own. If you don’t reach a 100% score, then just read the solution below and learn from your errors.

Integrating Etherchannels, NTP and Port-Security

#1 – Configure Etherchannels

To begin this lab, we need to configure Etherchannels (or PortChannels). The requirements tell us that we need to use a standard protocol, which of course is LACP (PAgP is Cisco proprietary). We also know that the Core switch must control the aggregation, which means it must be active, while the other switches must be passive. Furthermore, we need to respect the naming of the channels. On the Core switch, we need to use the number of the connected switch. This means that PortChannel 1 will connect ACC-1, and PortChannel 2 will connect ACC-2. Instead, on the access side, we always use 1 as ID. To implement all of that, we can start by adding these commands on ACC-1.

interface FastEthernet0/10
 channel-group 1 mode passive
 
interface FastEthernet0/20
 channel-group 1 mode passive

These commands on ACC-2

interface FastEthernet0/11
 channel-group 1 mode passive
 
interface FastEthernet0/21
 channel-group 1 mode passive

And, finally, these on CORE.

interface FastEthernet0/10
 channel-group 1 mode active
 
interface FastEthernet0/20
 channel-group 1 mode active

interface FastEthernet0/11
 channel-group 2 mode active
 
interface FastEthernet0/21
 channel-group 2 mode active

How did we get the Interface numbers? That’s fairly easy, with show cdp neighbors. In fact, this tells us which are the devices directly connected to our switches.

#2 – Basic Connectivity

The next step is to give basic connectivity to the three switches. We will need to configure an IP address on each of them in the default VLAN (which is VLAN 1). Following the table given in the requirements, we need to add these commands on ACC-1.

interface Vlan 1
 ip address 192.168.1.10 255.255.255.0
 no shutdown
ip default-gateway 192.168.1.1

These on ACC-2

interface Vlan 1
 ip address 192.168.1.11 255.255.255.0
 no shutdown
ip default-gateway 192.168.1.1

And these on CORE.

interface Vlan 1
 ip address 192.168.1.5 255.255.255.0
 no shutdown
ip default-gateway 192.168.1.1

Note that adding no shutdown is very important. The VLAN interface is shut down by default, and this means that the switch won’t use it to communicate. Furthermore, ip default-gateway is mandatory to communicate with remote subnets. However, in real-life, it won’t work on a Layer 3 device like the Core switch. If a device understands routing, as this switch does, it won’t care about that command, but instead, check for static routes.

To change that, we need to turn off the routing feature with the following command.

no ip routing

#3 – NTP Configuration

Configuring NTP is fairly easy, as the server is already in place. We simply need to connect to the Core switch and to the Default Gateway and give this configuration command.

ntp server 192.168.1.101

We could do that on the other devices as well, but the requirements don’t tell us to do so.

#4 – Port Security Configuration

Finally, we need to implement Port Security. This feature enables very basic access security: it is simple to enable and it protects you from some common attacks. As by requirements, we need to allow a single MAC address on the port connecting the server. Furthermore, if we see more than one (a violation happens), we want to shut down the port. These are the default actions, so we don’t need to specify them.

As a result, we will simply force the port in access mode and then enable port-security. On ACC-1, type:

interface FastEthernet0/1
 switchport mode access
 switchport port-security

Some thoughts

Congratulations! If you had the chance to review your lab with the solution, you should have a score of 100%. You now know how to create a basic campus network, and how to integrate etherchannels, NTP, and Port Security, three common features of any network.

Just note that, in real life, you don’t enable port-security toward servers. Servers are in a protected environment, and you generally trust them. Therefore, there’s no need to use port-security. On top of that, servers heavily rely on hardware virtualization, and each physical server is in reality a “box” containing many virtual servers. Those virtual servers are connected together with a software switch running on the physical server, which then connects to your switch. From a network perspective, a server looks a lot like another switch (hosts many MAC addresses, connects with Etherchannels & Trunks, etc.).

So, what are your thoughts about this lab? Do you feel confident in working on a campus network? What are the trickiest parts you encountered while solving this lab? Just let me know in the comments.

Alessandro Maggio

Alessandro Maggio

Project manager, critical-thinker, passionate about networking & coding. I believe that time is the most precious resource we have, and that technology can help us not to waste it. I founded ICTShore.com with the same principle: I share what I learn so that you get value from it faster than I did.
Alessandro Maggio

Alessandro Maggio

Project manager, critical-thinker, passionate about networking & coding. I believe that time is the most precious resource we have, and that technology can help us not to waste it. I founded ICTShore.com with the same principle: I share what I learn so that you get value from it faster than I did.

Join the Newsletter to Get Ahead

Revolutionary tips to get ahead with technology directly in your Inbox.

Alessandro Maggio

2018-01-18T16:30:58+00:00

Unspecified

Packet Tracer

Unspecified

Want Visibility from Tech Professionals?

If you feel like sharing your knowledge, we are open to guest posting - and it's free. Find out more now.