Hardrock Hallelujah3 v4.0

This document is exclusive property of Cisco Systems, Inc.
Permission is granted to print and copy

this document for non-commercial distribution and exclusive use by instructors in the CCNP 3:
Multilayer Switching course as part of an official Cisco Networking Academy Program.
CCNP 3 Skills-Based Final Exam 1 – Instructor Version
Scenario
Yoshida Heavy Industries (YHI) requires a network setup for a new branch office. The
network design calls for Layer 2 EtherChannels, trunk ports, access ports, and routed ports
using Catalyst 2950 and 3550 switches and Cisco 2600 series routers. YHI also requires a
fault tolerant Internet link. Therefore, a backup link to the ISP is required. The backup link
will become active only if access to the Internet through the 3550 switch is lost due to
failures.
The branch office staff consists of an accountant, a secretary, a manager, delivery drivers,
and salespeople. Yoshida management expects staffing at this branch office to double in
the first year of operation. The accountant, the secretary, and the manager will have their
PCs connected to VLAN 10 on Access1. The delivery drivers and the salespeople will have
their PCs connected to VLAN 20 on Access2. The branch office servers will be connected
to VLAN 30 on Collapsed-Core. All Layer 2 control protocol traffic is sent and received on
default management VLAN 1.
1 - 82 CCNP 3: Multilayer Switching v 4.0 – Skills-Based Assessment Version 1 - Solutions Copyright © 2004, Cisco Systems, Inc.
Multiple Instance Spanning Tree Protocol (MST) will be used in combination with PortFast
and BPDU Guard. Multiple HSRP groups will be implemented so that exactly one router is
active at any given time for all VLANs. Router-on-a-stick will be implemented to allow inter-
VLAN routing when Backup is the active HSRP router.
Redundancy will be implemented by using Spanning Tree, HSRP, and independent
connections to the ISP.
Generic Tasks
• Physically connect the network devices according to the network diagram. Ensure that
the correct cables are connected to the appropriate ports.
• On all devices, configure the following:
− Telnet support with the password cisco
− The privileged EXEC mode password cisco
VLANs and VTP
YHI requires VLANs and VTP to be configured within the switched network.
1. Configure VTP on all switches:

− VTP domain should be CISCO.
− Collapsed-Core and Access1 should be VTP servers.
− Access2 should be a VTP client.
2. Configure Fast EtherChannel IEEE 802.1Q trunks as pictured in the network

diagram, between the Collapsed-Core switch and the Access1 and Access2
switches.
3. Configure the VLAN 1 management VLAN on all the switches using the network
10.0.1.0/24.
− Ensure that the switches can ping each other using their management VLAN IP
addresses and troubleshoot if necessary.
4. Create VLANs 10, 20, and 30 in the VTP domain:

− VLANs 10, 20, and 30 should be named ADMIN, DRIVERS, and SERVERS
respectively.
5. Configure interfaces as access ports in VLANs as follows:
VLAN 10 VLAN 20 VLAN 30
Fa0/9 - 12,
Collapsed-Core Fa0/1 - 2 Fa0/3 - 4
Fa0/14 – 24
Access1 Fa0/10 - 12 Fa0/1 – 2 Fa0/8 – 9
Access2 Fa0/1 - 2 Fa0/10 - 12 Fa0/7 – 9
Spanning-Tree
YHI requires Spanning-Tree protection to prevent switching loops. They also want PortFast
configured on all access ports:
1. Configure Multiple Instance Spanning Tree Protocol (MST):

− Configure an instance of 1 for VLANs 1 through 30.
− All other VLANs are to share an instance of 0.
− Collapsed-Core should be the primary MST root bridge.
− Access1 should be the secondary MST root bridge.
2. Configure PortFast:
− Enable PortFast for all non-trunk access ports.
− Configure each PortFast enabled port in the network so that it will transition to
error-disabled state if an unauthorized device generating BPDUs is attached.
Inter-VLAN Routing and HSRP
To enable inter-VLAN routing, YHI requires that the Collapsed-Core switch be configured to
support SVIs and that the Backup router be configured as a router-on-a-stick. Finally, HSRP
will be configured on Backup and Collapsed-Core:
1. Configure IP addressing as follows:

− VLAN 1 – 10.0.1.0/24
− VLAN 10 – 10.0.10.0/24
− VLAN 20 – 10.0.20.0/24
− VLAN 30 – 10.0.30.0/24
− Interface S0/0 on Backup – 192.168.0.2/24
− Interface Fa0/13 on Collapsed-Core – 192.168.1.2/24
2. Configure router-on-a stick between Access1 and Backup.
3. Configure Switched Virtual Interfaces (SVIs) on Collapsed-Core for each VLAN to

enable inter-VLAN routing.
4. Configure a valid IP address for Host 1 in VLAN 10, Host 2 in VLAN 20, and Server
in VLAN 30.
5. Configure HSRP on Backup and Collapsed-Core so that Collapsed-Core is the

active router for all VLANs. Include the preempt option in the configuration.
6. Configure HSRP interface tracking so that Backup becomes the active router if the
FastEthernet link between Collapsed-Core and ISP goes down.
Check List
1 Verify that MST is enabled.
2 Ensure that Host 1, Host 2, and Server can ping each other.
Verify HSRP with continuous pings to test that Host 1 and Host 2 can reach the
loopback address 1.1.1.1/24 whenever any combination of cables is
disconnected from the following ports on Collapsed-Core:
− Fa0/5
3
− Fa0/6
− Fa0/7
− Fa0/8
− Fa0/13
CCNP 3 Skills-Based Final Exam 1 – Sample Final
Configurations
Sample Router Configurations
The following is configuration output for each networking device. It includes a sample
running configuration:
ISP#show running-config
Building configuration...
Current configuration : 797 bytes

!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ISP
!
!
memory-size iomem 10
ip subnet-zero
!
!
!
!
call rsvp-sync
!
!
!
!
!
!
controller T1 1/0
framing sf
linecode ami
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
speed 100
full-duplex
!
interface Serial0/0
ip address 192.168.0.1 255.255.255.0
no fair-queue
clockrate 64000
!
interface BRI0/0
no ip address
encapsulation hdlc
shutdown
!
interface Serial0/1
no ip address
shutdown
!
ip classless
ip route 10.0.0.0 255.0.0.0 192.168.1.2 10
ip route 10.0.0.0 255.0.0.0 192.168.0.2 20
ip http server
!
!
!
dial-peer cor custom
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
end
ISP#
ISP#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter
area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets

C 1.1.1.0 is directly connected, Loopback0
S 10.0.0.0/8 [10/0] via 192.168.1.2
C 192.168.0.0/24 is directly connected, Serial0/0
C 192.168.1.0/24 is directly connected, FastEthernet0/0
ISP#
Backup#show running-config

!
version 12.2
!
hostname Backup
!
!
ip subnet-zero
!
!
!
!
call rsvp-sync
!
!
!
!
!
!
!
!
no ip address
speed 100
full-duplex
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 10.0.1.3 255.255.255.0
standby 1 ip 10.0.1.1
standby 1 preempt
!
encapsulation dot1Q 10
ip address 10.0.10.3 255.255.255.0
standby 10 ip 10.0.10.1
standby 10 preempt
!
ip address 10.0.20.3 255.255.255.0
standby 20 ip 10.0.20.1
standby 20 preempt
!
ip address 10.0.30.3 255.255.255.0
standby 30 ip 10.0.30.1
standby 30 preempt
!
interface Serial0/0
ip address 192.168.0.2 255.255.255.0
no fair-queue
!
interface BRI0/0
no ip address
encapsulation hdlc
shutdown
!
interface Serial0/1
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip http server
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
end
Backup#show ip route
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter
area
Gateway of last resort is 192.168.0.1 to network 0.0.0.0

C 10.0.10.0 is directly connected, FastEthernet0/0.10
S* 0.0.0.0/0 [1/0] via 192.168.0.1
Backup#
Collapsed-Core#show running-config

!
version 12.1
no service pad
!
hostname Collapsed-Core
!
!
ip subnet-zero
ip routing
!
!
!
spanning-tree mode mst
spanning-tree extend system-id
!
spanning-tree mst configuration
instance 1 vlan 1-30
!
spanning-tree mst 0 priority 24576
!
!
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
no ip address
!
switchport access vlan 10
no ip address
duplex full
speed 100
spanning-tree portfast
spanning-tree bpduguard enable
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
channel-group 1 mode on
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no switchport
ip address 192.168.1.2 255.255.255.0
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
interface GigabitEthernet0/1
no ip address
!
no ip address
!
interface Vlan1
ip address 10.0.1.2 255.255.255.0
no ip redirects
standby 1 ip 10.0.1.1
standby 1 priority 200
standby 1 preempt
standby 1 track FastEthernet0/13 150
!
interface Vlan10
ip address 10.0.10.2 255.255.255.0
no ip redirects
standby 10 ip 10.0.10.1
standby 10 preempt
!
interface Vlan20
ip address 10.0.20.2 255.255.255.0
no ip redirects
standby 20 ip 10.0.20.1
standby 20 preempt
!
interface Vlan30
ip address 10.0.30.2 255.255.255.0
no ip redirects
standby 30 ip 10.0.30.1
standby 30 preempt
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
!
!
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
end
Collapsed-Core#
Collapsed-Core#show ip route
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
C 10.0.10.0 is directly connected, Vlan10
S* 0.0.0.0/0 [1/0] via 192.168.1.1
Collapsed-Core#
Access1#show running-config
Access1#show run
02:14:26: %SYS-5-CONFIG_I: Configured from console by console

!
version 12.1
no service pad
!
hostname Access1
!
!
ip subnet-zero
!
!
!
no spanning-tree optimize bpdu transmission
!
!
!
!
flowcontrol send off
!
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
!
!
interface Vlan1
ip address 10.0.1.11 255.255.255.0
no ip route-cache
!
ip http server
!
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
end
Access1#

!
version 12.1
no service pad
!
hostname Access2
!
!
ip subnet-zero
!
!
!
!
!
!
!
!
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
!
!
interface Vlan1
ip address 10.0.1.12 255.255.255.0
no ip route-cache
!
ip http server
!
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
end
Access2#
Verifying Spanning Tree
Verify the status of STP with the show spanning-tree command:
Collapsed-Core#show spanning-tree
MST00
Spanning tree enabled protocol mstp
Root ID Priority 24576
Address 000d.ed5f.8e00
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 24576 (priority 24576 sys-id-ext 0)

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Po1 Desg FWD 100000 128.65 P2p
Po2 Desg FWD 100000 128.66 P2p
MST01


---------------- ---- --- --------- -------- --------------------------------
Po1 Desg FWD 100000 128.65 P2p
Po2 Desg FWD 100000 128.66 P2p
Collapsed-Core#
Access1#show spanning-tree
MST00
Cost 0
Port 65 (Port-channel1)

Address 000e.838c.5800

---------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg FWD 200000 128.7 P2p
Fa0/12 Desg FWD 200000 128.12 Edge P2p
Po1 Root FWD 100000 128.65 P2p
Po2 Desg FWD 100000 128.66 P2p
MST01
Cost 100000


---------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg FWD 200000 128.7 P2p
Po1 Root FWD 100000 128.65 P2p
Po2 Desg FWD 100000 128.66 P2p
Access1#
MST00
Cost 0

Address 000e.838c.57c0

---------------- ---- --- --------- -------- --------------------------------
Po1 Root FWD 100000 128.65 P2p
Po2 Altn BLK 100000 128.66 P2p
MST01
Cost 100000


---------------- ---- --- --------- -------- --------------------------------
Po1 Root FWD 100000 128.65 P2p
Po2 Altn BLK 100000 128.66 P2p
Access2#
Verifying VTP
Verify the status of VTP on all switches with the show vlan brief and the show vtp
status command:
Collapsed-Core#show vlan brief
VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Gi0/1, Gi0/2
10 ADMIN active Fa0/1, Fa0/2
20 DRIVERS active Fa0/3, Fa0/4
30 SERVERS active Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
Collapsed-Core#
Collapsed-Core#show vtp stat

VTP Version : 2
Configuration Revision : 8
Maximum VLANs supported locally : 1005
Number of existing VLANs : 8
VTP Operating Mode : Server
VTP Domain Name : CISCO
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x82 0x79 0xEF 0x80 0x2C 0x2A 0x3E 0x28
Configuration last modified by 10.0.1.2 at 3-1-93 00:11:43
Local updater ID is 10.0.1.2 on interface Vl1 (lowest numbered VLAN interface
found)
CollapsedCore#
Access1#show vlan brief

---- -------------------------------- --------- -------------------------------
1 default active Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
10 ADMIN active Fa0/10, Fa0/11, Fa0/12
20 DRIVERS active Fa0/1, Fa0/2
30 SERVERS active Fa0/8, Fa0/9
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
Access1#
Access1#show vtp stat

VTP Version : 2
MD5 digest : 0xE5 0xB2 0x0A 0x3B 0x8D 0x58 0xFB 0xC5
Local updater ID is 10.0.1.11 on interface Vl1 (lowest numbered VLAN
interface found)
Access1#

---- -------------------------------- --------- -------------------------------
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
20 DRIVERS active Fa0/10, Fa0/11, Fa0/12
30 SERVERS active Fa0/7, Fa0/8, Fa0/9
Access2#
Access2# show vtp status

VTP Version : 2
VTP Operating Mode : Client
MD5 digest : 0x82 0x79 0xEF 0x80 0x2C 0x2A 0x3E 0x28
Access2#
Verifying HSRP
Verify the status of HSRP on both Backup and Collapsed-Core with either the show
standby or the show standby brief command:
Collapsed-Core#show standby
Vlan1 - Group 1
Local state is Active, priority 200, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 1.256
Virtual IP address is 10.0.1.1 configured
Active router is local
Standby router is 10.0.1.3 expires in 9.240
Virtual mac address is 0000.0c07.ac01
5 state changes, last state change 00:08:16
IP redundancy name is "hsrp-Vl1-1" (default)
Priority tracking 1 interface or object, 1 up:
Interface or object Decrement State
FastEthernet0/13 150 Up
Vlan10 - Group 10
Virtual mac address is 0000.0c07.ac0a
Vlan20 - Group 20
Virtual mac address is 0000.0c07.ac14
Vlan30 - Group 30
Virtual mac address is 0000.0c07.ac1e
Collapsed-Core#
Backup#show standby brief

P indicates configured to preempt.
|
Interface Grp Prio P State Active addr Standby addr Group addr
Fa0/0.1 1 100 P Standby 10.0.1.2 local 10.0.1.1
Backup#
From a host, initiate a continuous ping to loopback interface 1.1.1.1. While the pings are
active, unplug the Fa0/13 cable. The pings should become unsuccessful while HSRP is
activating the Standby router. When the pings are successful again, re-connect the cable to
Fa0/13 and the Active router should again go into standby mode.
Here is a sample scenario:
Scenario
DropBear Industries (DBI) requires a network setup for a new branch office. The network
design calls for VLANs, SVIs, Layer 2 EtherChannels, trunk ports, access ports, and routed
ports using Catalyst 2950 and 3550 switches and a Cisco 2600 series router. DropBear has
a low-bandwidth, 64-Kbps link to its ISP.
Voice over IP will also be demonstrated for sales staff, to test the viability of integrating
voice and data traffic in a single topology. Voice channels totaling 16 Kbps must have
priority over non-voice traffic. For this reason, low-latency queuing needs to be configured
on the link to the ISP. Host 2 will be used to simulate Voice over IP traffic that needs to be
classified as time sensitive based on the source IP address.
and salespeople. DropBear management expects staffing at this branch office to double in
the first year of operation. The accountant, the secretary, and the manager will have their
PCs connected to VLAN 10 on Access1. The salespeople will have their IP phones
connected to VLAN 20 on Access2. The branch office servers will be connected to VLAN
30 on Collapsed-Core. All Layer 2 control protocol traffic is sent and received on VLAN 1.
Multiple Instance Spanning Tree Protocol (MST) will be used in combination with PortFast,
and BPDU Guard. In the event of a trunk failure for either Access1 or Access2 to the
Collapsed-Core switch, VLAN 20 phone traffic must have uninterrupted access to the
Border router.
Generic Tasks
the correct cables are connected to the appropriate ports as labeled in the diagram.
− Telnet support
− The privileged EXEC mode password cisco
VLANs and VTP
DBI requires VLANs and VTP to be configured within their switched network:
1. Configure all switches in the VTP domain DROPBEAR.
2. Configure Collapsed-Core and Access1 to be VTP servers and Access2 to be a

VTP client.

switches.
10.0.1.0/24:
5. Create VLANs 10, 20, and 30 in the VTP domain:

− Name VLAN 10 ADMIN.
− Name VLAN 20 PHONE.
− Name VLAN 30 SERVERS.
Fa0/9 - 12,
Fa0/14 – 24
Access1 Fa0/10 - 12 Fa0/1 – 2 Fa0/7 – 9
Access2 Fa0/1 - 2 Fa0/10 - 12 Fa0/7 – 9
Spanning-Tree
DBI requires Spanning-Tree protection to ensure against switching loops. They also want
PortFast configured on all access ports.
1. Configure MST:
− All other VLANs are to share instance 0 of Spanning Tree.
− Collapsed-Core should be the primary MST root bridge
Inter-VLAN Routing
To enable inter-VLAN routing, DBI requires the Collapsed-Core switch to be configured to

support SVIs:

− VLAN 1 – 10.0.1.0/24
− VLAN 10 – 10.0.10.0/24
− VLAN 20 – 10.0.20.0/24
− VLAN 30 – 10.0.30.0/24
2. Configure Switched Virtual Interfaces (SVIs) on the Collapsed-Core switch for each
VLAN to enable inter-VLAN routing.
3. Configure a valid IP address for Host 1 in VLAN 10, Host 2 in VLAN 20, and the
Server in VLAN 30.
QoS – Low-Latency Queuing
To ensure that voice traffic will have priority over non-voice traffic, BDI requires low-latency
queuing (LLQ) to be configured on the link to the ISP. LLQ should guarantee 16 Kbps to VLAN
20 and WFQ for all other traffic:
1. Use EIGRP with an AS of 100 as the routing protocol on the Collapsed-Core switch
and Border router:
− Initially the switches can be left with their default configurations.
− Use a PC to simulate an IP phone connected to interface Fa0/12 of the Access2
switch.
2. Create a policy for the treatment of voice traffic within the LAN on the border router:
− Configure a named standard ACL called PHONE-TRAFFIC to identify the
source network address of VLAN 20.
− Configure a class-map called VOICE-TRAFFIC to classify traffic originating from
VLAN 20 in the 10.0.20.0 network as voice traffic.
− Apply the appropriate commands to a policy-map called VOICE to enable LLQ.
− The policy-map will implement a strict priority 16-Kbps queuing strategy for voice
traffic.
− The policy-map will also implement WFQ for the remaining traffic.
3. Apply the policy to the appropriate interface on the Border router.
Check List
Verify that the Border router is applying the QoS policy for voice traffic with the
2
show policy-map interface s0/0 command.
Ensure that Host 1 and Host 2 can ping each other and the ISP loopback
3
interface 1.1.1.1.
Configurations
ISP#show run

!
version 12.2
!
hostname ISP
!
!
ip subnet-zero
!
!
!
!
call rsvp-sync
!
!
!
!
!
!
controller T1 1/0
framing sf
linecode ami
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
ip address 192.168.1.1 255.255.255.0
speed 100
full-duplex
!
interface Serial0/0
ip address 192.168.0.1 255.255.255.0
no fair-queue
clockrate 64000
!
interface BRI0/0
no ip address
encapsulation hdlc
shutdown
!
interface Serial0/1
no ip address
shutdown
!
ip classless
ip route 10.0.0.0 255.0.0.0 192.168.0.2
ip http server
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end
ISP#show ip route


S 10.0.0.0/8 [1/0] via 192.168.0.2
ISP#
Backup#show running-config

!
version 12.2
!
hostname Border
!
!
ip subnet-zero
!
!
!
!
class-map match-all VOICE-TRAFFIC
match access-group name PHONE-TRAFFIC
!
!
policy-map VOICE
class VOICE-TRAFFIC
priority 16
class class-default
fair-queue
!
!
call rsvp-sync
!
!
!
!
!
!
!
!
ip address 192.168.1.1 255.255.255.0
speed 100
full-duplex
!
interface Serial0/0
ip address 192.168.0.2 255.255.255.0
service-policy output VOICE
!
interface BRI0/0
no ip address
encapsulation hdlc
shutdown
!
interface Serial0/1
no ip address
shutdown
!
router eigrp 100
redistribute static
network 192.168.0.0
network 192.168.1.0
auto-summary
no eigrp log-neighbor-changes
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip http server
!
!
ip access-list standard PHONE-TRAFFIC
remark - ACL identifies telephone traffic traveling on VLAN 20
permit 10.0.20.0 0.0.0.255
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password cisco
login
!
end
Border#
Backup#show ip route
D 10.0.0.0/8 [90/28416] via 192.168.1.2, 01:17:49, FastEthernet0/0

S* 0.0.0.0/0 [1/0] via 192.168.0.1
Border#

!
version 12.1
no service pad
!
!
!
ip subnet-zero
ip routing
!
!
!
!
!
!
!
!
no ip address
!
no ip address
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
udld port
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
description - Switch port connecting to the Border router
no switchport
ip address 192.168.1.2 255.255.255.0
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
!
no ip address
!
interface Vlan1
ip address 10.0.1.1 255.255.255.0
!
interface Vlan10
ip address 10.0.10.1 255.255.255.0
!
interface Vlan20
ip address 10.0.20.1 255.255.255.0
!
interface Vlan30
ip address 10.0.30.1 255.255.255.0
!
router eigrp 100
network 10.0.0.0
network 192.168.1.0
auto-summary
!
ip classless
ip http server
!
!
!
line con 0
line vty 0 4
login
line vty 5 15
password cisco
login
!
end
Collapsed-Core#
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks

C 10.0.10.0/24 is directly connected, Vlan10
D 10.0.0.0/8 is a summary, 01:16:16, Null0
D 192.168.0.0/24 [90/20514560] via 192.168.1.1, 01:16:37, FastEthernet0/13
D*EX 0.0.0.0/0 [170/20514560] via 192.168.1.1, 01:16:37, FastEthernet0/13
Collapsed-Core#
Access1#show run

!
version 12.1
no service pad
!
hostname Access1
!
!
ip subnet-zero
!
!
!
!
!
!
!
!
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
!
!
interface Vlan1
ip address 10.0.1.11 255.255.255.0
no ip route-cache
!
ip default-gateway 10.0.1.1
ip http server
!
!
line con 0
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
end
Access1#

!
version 12.1
no service pad
!
hostname Access2
!
!
ip subnet-zero
!
!
!
!
!
!
!
!
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
!
!
interface Vlan1
ip address 10.0.1.12 255.255.255.0
no ip route-cache
!
ip http server
!
!
line con 0
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
end
Access2#
MST00


---------------- ---- --- --------- -------- --------------------------------
Po1 Desg FWD 100000 128.65 P2p
Po2 Desg FWD 100000 128.66 P2p Bound(RSTP)
MST01


---------------- ---- --- --------- -------- --------------------------------
Po1 Desg FWD 100000 128.65 P2p
Po2 Boun FWD 100000 128.66 P2p Bound(RSTP)
Collapsed-Core#
MST00
Cost 0


---------------- ---- --- --------- -------- --------------------------------
Po1 Root FWD 100000 128.65 P2p
MST01
Cost 100000


---------------- ---- --- --------- -------- --------------------------------
Po1 Root FWD 100000 128.65 P2p
Access1#
MST00
Cost 100000


---------------- ---- --- --------- -------- --------------------------------
Po1 Root FWD 100000 128.65 P2p Bound(RSTP)
MST01


---------------- ---- --- --------- -------- --------------------------------
Access2#
Verifying VTP
status command:

---- -------------------------------- --------- -------------------------------
Fa0/21, Fa0/22, Fa0/23, Gi0/1
Gi0/2
20 PHONE active Fa0/3, Fa0/4
Fa0/14, Fa0/15, Fa0/16, Fa0/24
Collapsed-Core#
Collapsed-Core#show vtp status

VTP Version : 2
VTP Domain Name : DROPBEAR
MD5 digest : 0x95 0xF7 0xEC 0x0B 0xA0 0x7F 0xA3 0xB0
found)
Collapsed-Core#

---- -------------------------------- --------- -------------------------------
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gi0/1, Gi0/2
20 PHONE active Fa0/1, Fa0/2
Access1#
Access1#show vtp status

VTP Version : 2
interface found)
Access1#

---- -------------------------------- --------- -------------------------------
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gi0/1, Gi0/2
20 PHONE active Fa0/10, Fa0/11, Fa0/12
Access2#

VTP Version : 2
VTP Pruning Mode : Enabled
Access2#
Verifying QoS
Verify the status of QoS on the Border router with the show policy-map interface
s0/0 command:
Border#show policy-map interface s0/0

Serial0/0
Service-policy output: VOICE
Class-map: VOICE-TRAFFIC (match-all)

0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name PHONE-TRAFFIC
Queueing
Strict Priority
Output Queue: Conversation 40
Bandwidth 16 (kbps) Burst 400 (Bytes)
(pkts matched/bytes matched) 0/0
(total drops/bytes drops) 0/0
Class-map: class-default (match-any)

1384 packets, 87741 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Queueing
Flow Based Fair Queueing
Maximum Number of Hashed Queues 32
(total queued/total drops/no-buffer drops) 0/0/0
Border#
Scenario
GeoTech Distributors (GTD) requires a network setup for a new branch office. The network
design calls for VLANs, SVIs, Layer 2 EtherChannels, trunk ports, access ports, and routed
ports using Catalyst 2950 and 3550 switches and a Cisco 2600 series router.
and salespeople. GTD management expects staffing at this branch office to double in the
first year of operation. The accountant, the secretary, and the manager will have their PCs
connected to VLAN 10 on Access1. The delivery drivers and the salespeople will have their
PCs connected to VLAN 20 on Access2. The branch office servers will be connected to
VLAN 30 on Collapsed-Core. All Layer 2 control protocol traffic is sent and received on
VLAN 1.
Multiple Instance Spanning Tree Protocol (MST) will be used in combination with PortFast,
and BPDU Guard.
Due to increasing network usage and reports of performance problems, the sales traffic on
Access2 is being monitored on a port-membership basis by a remote monitor host attached
to the Collapsed-Core switch.
Security measures are to be implemented on all switches to give Help Desk staff on VLAN
20 low levels of access to console and Telnet sessions using simple passwords. Network
administrators on VLAN 10 will automatically have the highest level of access when
connecting to the switches using either the console or a Telnet session, and will need to
have their passwords well protected.
Generic Tasks
the correct cables are connected to the appropriate ports as labeled in the diagram.
− Telnet support
− The privilege EXEC mode password cisco
VLANs and VTP
GTD requires VLANs and VTP to be configured within their switched network:
1. Configure all switches in the VTP domain GEOTECH.
2. Configure Collapsed-Core and Access1 to be VTP servers and Access2 to be a

VTP client.

switches.
10.0.1.0/24:
5. Create VLANs 10, 20, 30, and 99 in the VTP domain:

− VLAN 10 should be named ADMIN.
− VLAN 20 should be named USER.
− VLAN 30 should be named SERVERS.
− VLAN 99 should be named REMOTE.
Fa0/9 - 12,
Fa0/14 – 24
Access1 Fa0/10 - 12 Fa0/1 – 2 Fa0/7 – 9
Access2 Fa0/1 - 2 Fa0/10 - 12 Fa0/7 – 9
Spanning-Tree
GTD requires Spanning-Tree protection to prevent switching loops. They also want PortFast
configured on all access ports:
1. Configure MST:
− All other VLANs are to share an instance of 0.
− Collapsed-Core should be the primary MST root bridge.
Inter-VLAN Routing
To enable inter-VLAN routing, GTD requires the Collapsed-Core switch to be configured to

support SVIs:

− VLAN 1 – 10.0.1.0/24
− VLAN 10 – 10.0.10.0/24
− VLAN 20 – 10.0.20.0/24
− VLAN 30 – 10.0.30.0/24
2. Configure Switched Virtual Interfaces (SVIs) on the Collapsed-Core switch for each
VLAN to enable inter-VLAN routing.
3. Configure a valid IP address for Host 1 in VLAN 10, Host 2 in VLAN 20, and the
Server in VLAN 30.
RSPAN Monitoring
GTD requires remote monitoring of multiple switches across a network using RSPAN:
1. Protocol analysis software such as the Fluke Protocol Inspector should be loaded
and running on a host that will act as the Remote Monitor (RMON).
2. Create an RSPAN session using a source port of Fa0/12 on Access2 to monitor

traffic in both directions.
3. The destination for the monitoring session will be port Fa0/14 on the Collapsed-
Core switch.
4. Generate pings between Host 1 and Host 2:

− The Layer 3 traffic generated by Host 1 should be forwarded to the remote
monitor.
Security
GTD requires secure access to the network resources:
1. Create a logon username and clear text password on each switch for Help Desk
users:
− The Help Desk staff is given user-level access.
2. Create a logon username and clear text password on each switch for
administrators:
− Network administrators must be automatically granted the highest privilege of
access once logged into a switch.
3. Ensure these security measures are applied to all console and virtual terminal
sessions.
4. To prevent bystanders from reading passwords, configure all network devices to

encrypt the clear text passwords.
5. Configure port-security on Access1 port Fa 0/12 so that only the connected

workstation can access the network:
− Use the MAC address of the currently connected workstation.
− If another workstation connects to the secured port, the port must shut down.
Check List
2 Verify the operation of the RSPAN session.
3 Verify that all passwords are encrypted.
Verify that the redundant links are operational by disconnecting each of the
4 EtherChannels between Access1, Access2, and Collapsed-Core in turn and
ensuring that connectivity is maintained.
Make sure that the host attached to Port 0/12 on Access1 has connectivity only if
5
the workstation has the appropriate MAC address.
Ensure that Host 1 and Host 2 can ping each other and the ISP loopback
6
interface 1.1.1.1.
Configurations


!
version 12.2
!
hostname ISP
!
!
ip subnet-zero
!
!
!
!
call rsvp-sync
!
!
!
!
!
!
controller T1 1/0
framing sf
linecode ami
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
ip address 192.168.1.1 255.255.255.0
speed 100
full-duplex
!
interface Serial0/0
no ip address
shutdown
no fair-queue
!
interface BRI0/0
no ip address
encapsulation hdlc
shutdown
!
interface Serial0/1
no ip address
shutdown
!
ip classless
ip route 10.0.0.0 255.0.0.0 192.168.1.2
no ip http server
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end
ISP#show ip route

S 10.0.0.0/8 [1/0] via 192.168.1.2
ISP#
!
version 12.1
no service pad
service password-encryption
!
!
enable secret 5 $1$N2K7$65K06nMtvIXTbiAE2OEEA.
!
username helpdesk password 7 121A0C041104
username admin privilege 15 password 7 121A0C041104
ip subnet-zero
ip routing
!
!
!
!
!
!
!
!
no ip address
!
no ip address
!
switchport mode access
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
udld port
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
description - Switch port connecting to the Border router
no switchport
ip address 192.168.1.2 255.255.255.0
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
duplex full
speed 100
!
no ip address
!
no ip address
!
interface Vlan1
ip address 10.0.1.1 255.255.255.0
!
interface Vlan10
ip address 10.0.10.1 255.255.255.0
!
interface Vlan20
ip address 10.0.20.1 255.255.255.0
!
interface Vlan30
ip address 10.0.30.1 255.255.255.0
!
router eigrp 100
network 10.0.0.0
network 192.168.1.0
auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
!
!
!
line con 0
login local
line vty 0 4
login local
line vty 5 15
password 7 00071A150754
login local
!
!
monitor session 1 destination interface Fa0/14
monitor session 1 source remote vlan 99
end
Collapsed-Core#

10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks

D 10.0.0.0/8 is a summary, 01:18:43, Null0
S* 0.0.0.0/0 [1/0] via 192.168.1.1
Collapsed-Core#

!
version 12.1
no service pad
!
hostname Access1
!
enable secret 5 $1$74L3$J/lcu97P0VuzC7q5AEVQO/
!
username helpdesk password 7 1511021F0725
username admin privilege 15 password 7 060506324F41
ip subnet-zero
!
!
!
!
!
!
!
!
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
switchport port-security
switchport port-security mac-address 0008.74e2.1a28
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
!
!
interface Vlan1
ip address 10.0.1.11 255.255.255.0
no ip route-cache
!
ip http server
!
!
line con 0
login local
line vty 0 4
login local
line vty 5 15
login local
!
end
Access1#

!
version 12.1
no service pad
!
hostname Access2
!
enable secret 5 $1$zBbJ$vp53ypV7w7jbrQg6xLb2Z/
!
username helpdesk password 7 121A0C041104
username admin privilege 15 password 7 05080F1C2243
ip subnet-zero
!
!
!
!
!
!
!
!
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
duplex full
speed 100
!
!
!
interface Vlan1
no ip address
no ip route-cache
!
ip http server
!
!
line con 0
login local
line vty 0 4
login local
line vty 5 15
login local
!
!
monitor session 1 source interface Fa0/12
monitor session 1 destination remote vlan 99 reflector-port Fa0/24
end
Access2#
MST00


---------------- ---- --- --------- -------- --------------------------------
Po1 Desg FWD 100000 128.65 P2p Bound(RSTP)
MST01


---------------- ---- --- --------- -------- --------------------------------
Collapsed-Core#
MST00
Cost 100000


---------------- ---- --- --------- -------- --------------------------------
Po1 Root FWD 100000 128.65 P2p Bound(RSTP)
MST01


---------------- ---- --- --------- -------- --------------------------------
Access1#
MST00


---------------- ---- --- --------- -------- --------------------------------
MST01


---------------- ---- --- --------- -------- --------------------------------
Access2#
Verifying VTP
status command:

---- -------------------------------- --------- -------------------------------
1 default active Fa0/7, Fa0/8, Gi0/1, Gi0/2
20 SALES active Fa0/3, Fa0/4
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24
Collapsed-Core#

VTP Version : 2
VTP Domain Name : GEOTECH
MD5 digest : 0x76 0xAA 0xA2 0xCD 0x7D 0x53 0x21 0xDC
found)
Collapsed-Core#

---- -------------------------------- --------- -------------------------------
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gi0/1, Gi0/2
20 SALES active Fa0/1, Fa0/2
Access1#
Access1#show vtp stat
VTP Version : 2
MD5 digest : 0x76 0xAA 0xA2 0xCD 0x7D 0x53 0x21 0xDC
interface found)
Access1#

---- -------------------------------- --------- -------------------------------
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
20 SALES active Fa0/10, Fa0/11, Fa0/12
Access2#

VTP Version : 2
MD5 digest : 0xDA 0x1D 0xFB 0x99 0x30 0x92 0xF2 0xB5
Access2#
Verifying Port Security
Verify that the host attached to Port 0/12 on Access1 has connectivity only if the
workstation has the appropriate MAC address with the show port-security
interface Fa 0/12 command:
Access1#show port-security interface fa 0/12

Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 1
Sticky MAC Addresses : 0
Last Source Address : 0000.0000.0000
Security Violation Count : 0
Access1#
From the host, ping the loopback address:
Connect a different host to the Fa0/12 port on Access1. Within a minute, the port should
disable itself since the MAC address of the host has changed. Informational messages
generated should be similar to the following:
Access1#
03:50:21: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/12,
putting Fa0/12 in err-disable state
03:50:21: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred,
caused by MAC address 0050.bab2.1f68 on port FastEthernet0/12.
03:50:22: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/12, changed state to down
03:50:23: %LINK-3-UPDOWN: Interface FastEthernet0/12, changed state to
down
Issue the show port-security interface fa0/12 command again. Notice that the
security violation count is now one:
Access1#show port-security interface fa 0/12

Port Security : Enabled
Port Status : Secure-shutdown
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 1
Sticky MAC Addresses : 0
Last Source Address : 0050.bab2.1f68
Security Violation Count : 1
Access1#
Verifying RSPAN Configuration
Verify the RSPAN configuration with the show monitor session all command:
Collapsed-Core#show monitor session all

Session 1
---------
Type : Remote Destination Session
Source RSPAN VLAN : 99
Destination Ports : Fa0/14
Encapsulation: Native
Ingress: Disabled
Collapsed-Core#
Access2#show monitor session all

Session 1
---------
Type : Remote Source Session
Source Ports :
Both : Fa0/12
Reflector Port : Fa0/24
Dest RSPAN VLAN: 99
Access2#

Hardrock Hallelujah3 v4.0

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Hardrock Hallelujah3 v4.0

Uploaded by

Copyright:

Available Formats

This document is exclusive property of Cisco Systems, Inc.

Permission is granted to print and copy

VLANs and VTP

1. Configure VTP on all switches:

2. Configure Fast EtherChannel IEEE 802.1Q trunks as pictured in the network

4. Create VLANs 10, 20, and 30 in the VTP domain:

5. Configure interfaces as access ports in VLANs as follows:

VLAN 10 VLAN 20 VLAN 30

Access1 Fa0/10 - 12 Fa0/1 – 2 Fa0/8 – 9

Access2 Fa0/1 - 2 Fa0/10 - 12 Fa0/7 – 9

1. Configure Multiple Instance Spanning Tree Protocol (MST):

Inter-VLAN Routing and HSRP

1. Configure IP addressing as follows:

2. Configure router-on-a stick between Access1 and Backup.

3. Configure Switched Virtual Interfaces (SVIs) on Collapsed-Core for each VLAN to

5. Configure HSRP on Backup and Collapsed-Core so that Collapsed-Core is the

1 Verify that MST is enabled.

Current configuration : 797 bytes

Gateway of last resort is not set

1.0.0.0/24 is subnetted, 1 subnets

Current configuration : 1172 bytes

Gateway of last resort is 192.168.0.1 to network 0.0.0.0

10.0.0.0/24 is subnetted, 4 subnets

Current configuration : 5153 bytes

Gateway of last resort is 192.168.1.1 to network 0.0.0.0

10.0.0.0/24 is subnetted, 4 subnets

02:14:26: %SYS-5-CONFIG_I: Configured from console by console

Current configuration : 3473 bytes

Bridge ID Priority 24576 (priority 24576 sys-id-ext 0)

Interface Role Sts Cost Prio.Nbr Type

Bridge ID Priority 24577 (priority 24576 sys-id-ext 1)

Interface Role Sts Cost Prio.Nbr Type

Bridge ID Priority 28672 (priority 28672 sys-id-ext 0)

Interface Role Sts Cost Prio.Nbr Type

Bridge ID Priority 28673 (priority 28672 sys-id-ext 1)

Interface Role Sts Cost Prio.Nbr Type

Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)

Interface Role Sts Cost Prio.Nbr Type

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Interface Role Sts Cost Prio.Nbr Type

Collapsed-Core#show vlan brief

VLAN Name Status Ports

Collapsed-Core#show vtp stat

Access1#show vlan brief

VLAN Name Status Ports

Access1#show vtp stat

Access2#show vlan brief

VLAN Name Status Ports

Access2# show vtp status

Backup#show standby brief

Here is a sample scenario:

VLANs and VTP

1. Configure all switches in the VTP domain DROPBEAR.

2. Configure Collapsed-Core and Access1 to be VTP servers and Access2 to be a

3. Configure Fast EtherChannel IEEE 802.1Q trunks as pictured in the network

5. Create VLANs 10, 20, and 30 in the VTP domain:

6. Configure interfaces as access ports in VLANs as follows:

VLAN 10 VLAN 20 VLAN 30

Access1 Fa0/10 - 12 Fa0/1 – 2 Fa0/7 – 9

Access2 Fa0/1 - 2 Fa0/10 - 12 Fa0/7 – 9

To enable inter-VLAN routing, DBI requires the Collapsed-Core switch to be configured to

1. Configure IP addressing as follows:

3. Apply the policy to the appropriate interface on the Border router.

1 Verify that MST is enabled.