Skip to content

Lab 2: Adding Devices to the Network

In this lab, you will work to restore a switch using your previous lab config file, you'll add additional endpoints to the network, test connections using the ping network utility, and test your VLAN tagging knowledge!

Prerequisites

  • Familiarity with VLAN concepts and switch port configurations.
  • GUI access to a managed switch (e.g., Cisco SG350X 24 Port Switch).
  • Two Endpoint devices - You may use your laptop as well as PC01 (bottom shelf of rack).

Key Concepts for Lab

VLAN tagging separates network traffic into logical segments, improving security and performance.
You'll be working with the following VLANs:

  • LAN: Main Office Data VLAN (192.168.10.0/24)

  • SECURITY: Security devices (Cameras, NVR, Building Access Controls) (192.168.20.0/24)

  • VOIP: IP phones and voice-related services (192.168.30.0/24)

  • GUEST: Isolated guest network (192.168.40.0/26)

Task 1: Restore the Switch Configuration from Backup

Why Restore Configuration?

Restoring a configuration ensures your switch has the desired settings without manually reconfiguring everything.

Aside from being much faster to restore this way, it also provides some peace of mind knowing that everything is restored exactly as it had been previously, and no wondering in the middle of the night if you remembered to tag the port for that one computer in that one office for that one user that always complains - what port what that plugged into again?

  1. Access the Switch GUI
    • Open your browser and navigate to the management IP: 192.168.1.254.
    • Use the credentials below:
      • Username: cisco
      • Password: cisco

Don't forget your NIC adapter settings. If your NIC is configured correctly and you still can't access it on the default IP, then you may need to factory reset it. Revisit the cisco setup guide if you need a refresher.

  1. Locate Backup/Restore Settings

    • Navigate to Administration → File Management → File Operations.
    • Select the Update File option.

  2. Upload Backup File

    • Choose the backup file from your local machine or your USB inserted into the switch.
    • Choose Running Configuration for the destination.
    • Click Apply and confirm the restore process.

  3. Reconnect to Switch

    • Update your NIC settings and reconnect to the switch with:
      • IP Address: 192.168.10.2
      • User: nie
      • Password: $ecureLab!

Save Your Work

After restoring the configuration, ensure you save it to the startup configuration or else a reboot will wipe your config!

Task 2: Connect More Endpoints

  1. Power on PC01 and Sign In

    • Plug Power into PC01.
    • Plug in the Display Cable between PC01 and the monitor.
    • Plug the Ethernet cable into PC01 and into GE13 (bottom-left) of SW01.
    • Sign into PC01 with the following credentials: LabUser / $ecureLab!.

  2. Update Network Settings

    • Update the NIC so that it can communicate with the switch.
    • Set the IP Address within the LAN subnet (192.168.10.0/24). This exercise will use 192.168.10.13 for this example, feel free to use the same and follow along.

Task 3: CMD and Conquer

  1. What's my IP?

    • Press Windows Key + X and select Terminal.
    • Type ipconfig and hit Enter.
    • Verify the Ethernet Adapter has the proper IPv4 and Subnet Mask configured.

  2. Ping the Switch

    Can you hear me now?

    The ping command is one of the most commonly used network utilities for troubleshooting. This command sends a series of network packets to a designated IP or host in order to check if they can "talk" to one another. It's mostly used to verify that another device is online, and that the devices can establish a connection between one another.

    💡Tip: By default ping only sends 4 packets then stops, but using ping -t creates a rolling ping that runs continuously until stopped with ctrl+c. This can be helpful when rebooting a server as it allows you to start a rolling ping against it to monitor the reboot progress and verify when it's back up.

    📚Read more about Ping

    • In the terminal, type ping 192.168.10.2 and hit Enter.

    If you were successful, then you should see 4 packets sent successfully to the switch. Each reply gives you the amount of time in milliseconds (ms) that it took to send a packet to the switch and receive an "alive" response.

C:\Users\LabUser>ping 192.168.10.2

Pinging 192.168.10.2 with 32 bytes of data:
Reply from 192.168.10.2: bytes=32 time=2ms TTL=64
Reply from 192.168.10.2: bytes=32 time=4ms TTL=64
Reply from 192.168.10.2: bytes=32 time=3ms TTL=64
Reply from 192.168.10.2: bytes=32 time=5ms TTL=64

Ping statistics for 192.168.10.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 5ms, Average = 3ms

Warning

ping, also known as ICMP traffic, may sometimes be blocked on purpose. Administrators may not want you to know if their infrastructure responds to pings. As useful as ping is, it can also be equally destructive when used maliciously. So while generally you can use it to test connectivity, please know that it's not 100% accurate as the other device may have ICMP disabled or a device's built-in firewall may block it.

Task 4: Verify Configuration and Test

  1. Access the VLAN Configuration Menu

    • On the switch GUI, navigate to VLAN Management → VLAN Settings.
    • Review the current VLAN configuration to ensure the necessary VLANs have been created. You should already have the following VLANs configured:

    VLAN 1 - LAN (192.168.10.0/24)

    VLAN 20 - SECURITY (192.168.20.0/24)

    VLAN 30 - VOIP (192.168.30.0/24)

    VLAN 40 - GUEST (192.168.40.0/26)

  2. Test Connectivity through Switch

    • VLAN Management → Port VLAN Membership
    • Your laptop (GE12) should be assigned to the LAN VLAN with an access port.
    • PC01 (GE13) should be assigned to the LAN VLAN with an access port.

Port Configuration

  1. Ping away

    • Both of our devices should be able to communicate with one another, so let's ping from your laptop to PC01.
    • Now the reverse: ping from your PC01 to your laptop.

    Hopefully your ping was successful like the ones below! Some common issues may be switch configuration, Windows firewall blocking ICMP, and never forget to double check your cables even if you think you plugged everything in correctly!

C:\Users\YourName>ping 192.168.10.13

Pinging 192.168.10.13 with 32 bytes of data:
Reply from 192.168.10.13: bytes=32 time=1ms TTL=128
Reply from 192.168.10.13: bytes=32 time=1ms TTL=128
Reply from 192.168.10.13: bytes=32 time=1ms TTL=128
Reply from 192.168.10.13: bytes=32 time=1ms TTL=128

Ping statistics for 192.168.10.13:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 1ms, Average = 1ms

Task 5. Break the Connection

We know we have a connection established, but let's try to test our VLAN knowledge and break the connection. Let's pretend PC01 is a security camera server and needs to be isolated to the SECURITY VLAN so that other network traffic can't communicate with it.

  • Navigate back to SW01 and update GE13 so that the access VLAN is 20 and apply your changes.

Think about it...

What did we just do?

Currently PC01 is plugged into GE13 as an access port so it can only communicate on one VLAN, which we've now updated to VLAN 20. So in theory, PC01 can only communicate on the 192.168.20.0/24 network now.

What's going to happen when we ping the switch? Will it still work?

  • From PC01 try to ping SW01 on 192.168.10.2

Did you guess it right?!

  • PC01 can only communicate on the 192.168.20.0/24 network, but SW01 is not in that subnet, and therefore they can't communicate. Even if we could communicate, we never updated our NIC settings on PC01 to reflect the new subnet, so PC01 likely can't connect to any network currently 😉.

You could go update the NIC on PC01 to be in the correct subnet, but it would be no help in this current lab. To communicate between VLANs we need something to route those requests on the Layer 3 network. Something like a WatchGuard T45 Firewall! We'll come back to more advanced VLAN configurations once we get our firewall configured in the next lab.

Task 5: Cleanup The Lab

  1. Reset Equipment to Factory Defaults

    • Ensure SW01 has been factory reset and is ready for the next lab user. No need to save our config from this lab!

  2. Power Off Devices

    • Take a moment to power down PC01 gracefully. The remaining hardware can be turned off via the single Red power toggle on the PDU.

  3. Clean Up and Organize

    • Please take a moment to organize the cables and equipment you used for this lab. Ensure it's ready for the next user!