Completed
FNC_Day_02_Supp1_PT_Ex2
═══════════════════════════════════════════════════════════════════ RESTRICTED DISTRIBUTION — DICDP PROGRAM PARTICIPANTS ONLY ═══════════════════════════════════════════════════════════════════
═══════════════════════════════════════════════════════════════════
RED IRISH GLOBAL SERVICES
Defense Information Capacity Development Program (DICDP)
Communications and Information Systems (CIS) Track — Foundation Level
Foundation Networking Course | Day 02 — Packet Tracer Exercise 3
Document ID: DICDP-CIS-FNC-D02-SUP1-EX3-v2
Issued: [date of determination]
Controlled by: Program Director, DICDP, Red Irish Global Services
Redirect requests: ops@redirish.global
Distribution: RESTRICTED — Program participants only
═══════════════════════════════════════════════════════════════════
Restricted Distribution Statement
This material is the intellectual property of Red Irish Global Services. Distribution is authorized only to participants enrolled in the Defense Information Capacity Development Program (DICDP). Reproduction, transmission, posting to public networks or social media, sharing with non-participants, or use as the basis for derivative training materials, in whole or in part, requires prior written authorization from Red Irish Global Services. Other requests shall be referred to: ops@redirish.global
Exercise 3 — The Wall: Why You Need a Switch
Document ID: DICDP-CIS-FNC-D02-SUP1-EX3-v2 Version: v2.0 Estimated time: 35–45 minutes
Document History
Version | Date | Changes |
|---|---|---|
v1.0 | Initial | First release. |
v2.0 | Current | Router model changed from 1941 to 2911 throughout (Exercise 3 preview text and Coming Up section). Reason: the Cisco 1941 in Packet Tracer has only two built-in GigabitEthernet interfaces. The 2911 has three GigabitEthernet interfaces built in by default, which is required for Exercise 4's assignment (three-switch topology). CLI commands are identical between the two models. No other content changes. |
Before You Start
Recovery check — what your workspace should look like right now:
[WS-NIPR-01]————————[WS-NIPR-02] IP: 10.10.10.10 / .11
[WS-NIPR-03]————————[WS-NIPR-04] IP: 10.10.20.10 / .11
Four PCs, two crossover cables, all four with IP addresses. Pings working between each pair.
If this is not what you see:
Missing a cable? Go back to Exercise 2 and redo the cabling step.
Ping not working? Check IP addresses are on the same subnet within each pair and cable type is Crossover.
What this exercise will do:
In Exercise 2 you connected two PCs directly and they talked. Now the question is: what happens when you have more than two PCs?
You are about to hit a wall — literally. You will try to add a third PC to the network, discover the problem, and then meet the device that exists specifically to solve it: the switch.
Part 1 — Walkthrough
Follow every step exactly as written. Read each step fully before clicking.
Step 1 — Try to add a third PC to the existing network
Look at WS-NIPR-01 and WS-NIPR-02. They are connected. They work.
Now imagine a third user — WS-NIPR-05 — joins the building and needs to communicate with both of them.
Do this:
Place a new PC in the workspace (End Devices → PC-PT)
Name it WS-NIPR-05
Now try to connect it to WS-NIPR-01 using a Crossover cable
Click on WS-NIPR-01 to start the cable connection. Look at the port list that appears.
What you will see: WS-NIPR-01 already has its FastEthernet0 port used — it is connected to WS-NIPR-02. The port list shows FastEthernet0 as the only option, and it is already occupied.
You cannot connect WS-NIPR-05 to WS-NIPR-01. The PC only has one network port. It is already in use.
Press Escape to cancel the cable placement.
This is the wall. A PC has one network port. You can connect it to one other device. The moment you have three users who all need to communicate with each other, the direct-connection model breaks down completely. You need a device that has many ports and can connect all of them simultaneously.
That device is a switch.
Step 2 — Understand what a switch is and why it exists
A switch is a network device with many ports — typically 24 or 48. Every device that needs to communicate connects to the switch. The switch then handles forwarding traffic between them.
How a switch works — Layer 2: A switch operates at OSI Layer 2 — Data Link. It reads the MAC address in each incoming Ethernet frame and uses a table (called the MAC address table) to decide which port to send the frame out. It does not read IP addresses. It does not know what network the devices are on. It only knows: "MAC address XX:XX:XX:XX:XX:XX is reachable through port FastEthernet0/3."
This is why a switch is called a Layer 2 device. It makes decisions based entirely on Layer 2 (MAC address) information. It never looks at Layer 3 (IP) or higher.
What does "forwarding frames by MAC address" mean in practice? When WS-NIPR-01 sends a message to WS-NIPR-02, it wraps the data in an Ethernet frame with WS-NIPR-02's MAC address in the destination field. The switch receives this frame on its port, looks up the destination MAC in its table, finds the port WS-NIPR-02 is connected to, and sends the frame out only that port. Not to every port — just the right one. This is called unicast forwarding and it is far more efficient than an old hub, which sent every frame to every port regardless.
Step 3 — Find the switch in Packet Tracer
Do this:
In the category bar at the bottom left, click Network Devices
Network Devices vs End Devices: End Devices (from Exercise 1) are the computers and printers users interact with. Network Devices are the infrastructure devices — switches, routers — that move traffic between end devices. Users never sit at a network device.
A sub-category row appears — click Switches
In the device panel, find the 2960 switch (labeled 2960-24TT or similar) — click it
Click in the workspace between and below WS-NIPR-01 and WS-NIPR-02 to place it
Rename it: click the name label, delete the default, type SW-BAN-NIPR-01
Understanding the naming convention for the switch:
Part | Meaning |
|---|---|
SW | Switch |
BAN | Building Access Network — the role of this switch in DoD installation networking |
NIPR | NIPRNet — the network it belongs to |
01 | First switch of this type |
What is a Building Access Network (BAN)? In DoD installation networking, the Building Access Network is the layer of switches that connects user workstations inside a building to the rest of the network. Every building on an installation typically has at least one access switch. All user PCs plug into it. The BAN switch then connects upward to the installation router.
Step 4 — Delete the direct PC-to-PC cable
Before connecting the PCs through the switch, remove the direct cable between WS-NIPR-01 and WS-NIPR-02.
Do this:
Click the cable connecting WS-NIPR-01 and WS-NIPR-02 — it highlights
Press the Delete key on your keyboard
The cable disappears
The two PCs are now unconnected. A ping right now would fail — there is no path.
Step 5 — Connect both PCs to the switch
Now rebuild the connection through the switch. Use a Copper Straight-Through cable — because a PC and a switch are unlike devices.
Do this:
In the category bar, click Connections
Click Copper Straight-Through (solid black line)
Click WS-NIPR-01 → select FastEthernet0
Click SW-BAN-NIPR-01 → select FastEthernet0/1
Notice the switch port name: FastEthernet0/1 means slot 0, port 1. The 2960 has 24 FastEthernet access ports (FE0/1 through FE0/24) and two GigabitEthernet uplink ports (Gi0/1 and Gi0/2) at the bottom of the list. The GigabitEthernet ports are for connecting to routers or other switches. Do not use them yet — they are coming in Exercise 4.
Click Copper Straight-Through again
Click WS-NIPR-02 → select FastEthernet0
Click SW-BAN-NIPR-01 → select FastEthernet0/2
What you will see — the STP amber delay:
After cabling, link lights show amber/orange for 30–45 seconds before turning green. This is normal.
Why the amber delay — Spanning Tree Protocol (STP): When a new cable is connected, the switch port does not immediately forward traffic. It runs through the Spanning Tree Protocol process to verify no network loop is being created. STP moves through Blocking → Listening → Learning → Forwarding. This takes approximately 30 seconds on a default Cisco 2960. You will see amber, then green. Wait for green before testing.
In DoD production networks, ports connected to user workstations have PortFast enabled — which skips the STP delay and goes straight to Forwarding. This is covered in a later module.
Wait for both link lights to turn green.
Step 6 — Connect WS-NIPR-05 to the switch and configure its IP
Do this:
Click WS-NIPR-05 → Desktop → IP Configuration
IP Address: 10.10.10.12
Subnet Mask: 255.255.255.0
Default Gateway: leave blank
Close the window
Click Copper Straight-Through
Click WS-NIPR-05 → FastEthernet0
Click SW-BAN-NIPR-01 → FastEthernet0/3
Wait for the link light to turn green.
Step 7 — Test connectivity through the switch
Do this:
Click WS-NIPR-01 → Desktop → Command Prompt
Type each of these and press Enter, waiting for the result each time:
ping 10.10.10.11 ping 10.10.10.12
What you should see: Both pings return replies. The first ping of each will have one timeout — that is still ARP doing its job. Pings 2, 3, and 4 succeed.
What happened behind the scenes — the MAC address table: The first time WS-NIPR-01 sent a frame to an unknown MAC address, the switch did not know which port it was on. It flooded the frame out all ports except the one it arrived on. When the destination replied, the switch saw the reply come in on a specific port and recorded: "that MAC address lives on this port." Every frame after that went directly to the right port — no flooding needed. This is how the switch's MAC address table builds itself dynamically.
Your workspace should now look like this:
[WS-NIPR-01] [WS-NIPR-02] [WS-NIPR-05]
| | |
FE0/1 FE0/2 FE0/3
└───────[SW-BAN-NIPR-01]───────┘
Network: 10.10.10.0/24
Three PCs, one switch, all able to talk to each other. The switch solved the wall.
OSI check — Walkthrough
What happened | OSI Layer | Why |
|---|---|---|
Copper cable carries electrical signals | Layer 1 — Physical | Raw bits on wire — no addressing |
Switch reads MAC address to forward the frame | Layer 2 — Data Link | MAC addresses are a Layer 2 concept |
Switch builds MAC address table by watching frames | Layer 2 — Data Link | MAC-to-port mappings stored at Layer 2 |
IP addresses on the PCs | Layer 3 — Network | The switch never reads these |
Ping (ICMP) between PCs | Layer 3 — Network | ICMP is a Layer 3 protocol |
The critical observation: The switch never looked at the IP addresses. MAC addresses were enough. IP addresses are only needed when traffic has to cross between different networks — which is when the router gets involved.
Part 2 — Assignment
Apply what you learned. No step-by-step instructions.
Your task
The administrative staff area (from Exercise 2) has grown. A third user is joining: WS-NIPR-06.
Currently WS-NIPR-03 and WS-NIPR-04 are connected directly to each other with a crossover cable. That has to change — you need to add a switch for the admin area so it can support three users.
Do this:
Place a second switch for the administrative area — apply the correct DoD name
Remove the direct crossover cable between WS-NIPR-03 and WS-NIPR-04
Connect WS-NIPR-03 and WS-NIPR-04 through the new switch using the correct cable type
Place a new PC named WS-NIPR-06, configure it with IP 10.10.20.12 / mask 255.255.255.0, and connect it to the same switch
Verify: ping from WS-NIPR-03 to WS-NIPR-04 works, and from WS-NIPR-03 to WS-NIPR-06 works
Before placing the switch — think about the name. The first building access switch on NIPRNet is SW-BAN-NIPR-01. What should the second one be?
OSI question — Assignment
Question 1: "The switch operates at which OSI layer? What address does it read? What is the PDU name at that layer?"
Your answer:
_______________________________________________
_______________________________________________
Question 2: "When WS-NIPR-05 sent its very first ping through SW-BAN-NIPR-01, the switch did not know which port WS-NIPR-02 was on. What did it do, and what did it learn when the reply came back?"
Your answer:
_______________________________________________
_______________________________________________
Checkpoint — End of Exercise 3
╔══════════════════════════════════════════════════════════════╗
║ STOP — END OF EXERCISE 3 ║
║ ║
║ Before moving to Exercise 4, verify: ║
║ ║
║ ✓ SW-BAN-NIPR-01 connects WS-NIPR-01, -02, -05 ║
║ ✓ SW-BAN-NIPR-02 connects WS-NIPR-03, -04, -06 ║
║ ✓ All link lights green (wait 30–45 sec if still amber) ║
║ ✓ Ping WS-NIPR-01 → WS-NIPR-02: replies ✓ ║
║ ✓ Ping WS-NIPR-01 → WS-NIPR-05: replies ✓ ║
║ ✓ Ping WS-NIPR-03 → WS-NIPR-06: replies ✓ ║
║ ✓ Both OSI questions answered in writing ║
║ ║
║ If a ping is failing after green lights: ║
║ 1. Check all IPs on the same switch share the ║
║ same subnet (10.10.10.x or 10.10.20.x) ║
║ 2. Check you used Straight-Through cables ║
║ (PC to switch = unlike = straight-through) ║
║ 3. Still amber? Wait 10 more seconds and retry ║
║ ║
║ NOTE: Ping between the two switch groups will FAIL. ║
║ WS-NIPR-01 cannot reach WS-NIPR-03. This is correct ║
║ and expected — it is the problem Exercise 4 solves. ║
║ ║
║ Raise your hand if any green-light ping is failing. ║
╚══════════════════════════════════════════════════════════════╝
Save your file:
File → Save
Trainer Answer Key
╔══════════════════════════════════════════════════════════════╗
║ 🔑 TRAINER ANSWER KEY — Exercise 3 v2 ║
╠══════════════════════════════════════════════════════════════╣
║ ║
║ ASSIGNMENT — Expected topology: ║
║ • Switch name: SW-BAN-NIPR-02 ║
║ • WS-NIPR-03 FE0 → SW-BAN-NIPR-02 FE0/1 (Straight) ║
║ • WS-NIPR-04 FE0 → SW-BAN-NIPR-02 FE0/2 (Straight) ║
║ • WS-NIPR-06 FE0 → SW-BAN-NIPR-02 FE0/3 (Straight) ║
║ • WS-NIPR-06: IP 10.10.20.12 / 255.255.255.0 ║
║ • Direct crossover between WS-NIPR-03/-04 deleted ║
║ ║
║ Pings that must work: ║
║ WS-NIPR-03 → WS-NIPR-04 ✓ ║
║ WS-NIPR-03 → WS-NIPR-06 ✓ ║
║ WS-NIPR-04 → WS-NIPR-06 ✓ ║
║ ║
║ Ping that must FAIL (expected, sets up Ex 4): ║
║ WS-NIPR-01 → WS-NIPR-03 ✗ (different subnets, no router) ║
║ ║
║ OSI Q1 — Expected answer: ║
║ Layer 2 — Data Link. ║
║ Reads the MAC address in the Ethernet frame header. ║
║ PDU name at Layer 2: Frame. ║
║ ║
║ OSI Q2 — Expected answer: ║
║ The switch flooded the frame out all ports except ║
║ the one it arrived on (broadcast flood). ║
║ When WS-NIPR-02 replied, the switch recorded: ║
║ "WS-NIPR-02's MAC = FastEthernet0/2." ║
║ All subsequent frames to that MAC go directly to FE0/2. ║
║ ║
║ COMMON MISTAKES TO WATCH FOR: ║
║ ║
║ 1. Student names new switch SW-BAN-NIPR-01 (collision). ║
║ Ask: "That name is taken. What comes next in sequence?" ║
║ ║
║ 2. Student uses Crossover from PC to switch. ║
║ Result: red or permanent amber lights. ║
║ Fix: delete, reselect Straight-Through. ║
║ ║
║ 3. Student forgets to delete the direct PC-to-PC cable ║
║ before re-cabling through the switch. A loop forms. ║
║ STP will block one port — connectivity unpredictable. ║
║ Fix: delete the crossover cable between WS-NIPR-03/-04. ║
║ ║
║ 4. Student panics at amber. Reinforce: "Amber = STP ║
║ convergence. Normal. Wait 30 seconds." ║
║ ║
║ 5. Student tries to ping WS-NIPR-01 → WS-NIPR-03. ║
║ It fails. Do NOT fix it. Say: "Good — why do you think ║
║ it fails? Exercise 4 will answer exactly that." ║
║ ║
║ WHAT TO CHECK WHEN WALKING THE ROOM: ║
║ • Two switch icons, both correctly named ║
║ • Three PCs connected to each switch ║
║ • All link lights green ║
║ • Pings work within each switch group ║
║ • Cross-group pings failing — this is EXPECTED ║
║ ║
║ ONE CONCEPT THAT MUST LAND BEFORE EXERCISE 4: ║
║ A switch connects many devices within ONE network. ║
║ It cannot connect two DIFFERENT networks. ║
║ WS-NIPR-01 (10.10.10.x) cannot reach ║
║ WS-NIPR-03 (10.10.20.x). ║
║ The student should now be asking: ║
║ "How do I connect two different networks?" ║
║ That is exactly what Exercise 4 answers. ║
╚══════════════════════════════════════════════════════════════╝
Coming up in Exercise 4: You will confirm that pinging between the two switch groups fails, then meet the 2911 router — the device that operates at Layer 3 and connects different networks together. You will use the CLI for the first time.
═══════════════════════════════════════════════════════════════════ Red Irish Global Services | DICDP | CIS Track | FNC DICDP-CIS-FNC-D02-SUP1-EX3-v2 | Issued: [date] ═══════════════════════════════════════════════════════════════════
═══════════════════════════════════════════════════════════════════ RESTRICTED DISTRIBUTION — DICDP PROGRAM PARTICIPANTS ONLY ═══════════════════════════════════════════════════════════════════
There are no comments for now.