Professional Documents
Culture Documents
CCNP Switch LAB 7 3 Results Case Study
CCNP Switch LAB 7 3 Results Case Study
The International Travel Agency has two distribution switches, DLS1 and DLS2, and two access layer
switches, ALS1 and ALS2. Configure the switches as follows:
2. Place all switches in the VTP domain CISCO and set them all to VTP mode transparent.
DLS1#sh vtp sta
VTP Version capable
: 1 to 3
VTP version running
:1
VTP Domain Name
: CISCO
VTP Pruning Mode
: Disabled
VTP Traps Generation
: Disabled
Device ID
: 0021.a15c.1880
Configuration last modified by 0.0.0.0 at 3-1-93 00:06:30
Feature VLAN:
-------------VTP Operating Mode
: Transparent
Maximum VLANs supported locally : 1005
Number of existing VLANs
:7
Configuration Revision
:0
MD5 digest
: 0x87 0x9E 0x1D 0x83 0x25 0x06 0x09 0x40
0x83 0x97 0xF8 0x7D 0x6D 0x3E 0x5E 0xC2
Encapsulation Status
802.1q
trunking
802.1q
trunking
802.1q
trunking
802.1q
trunking
802.1q
trunking
802.1q
trunking
Native vlan
1
1
1
1
1
1
4. Create VLANs 10 and 200 on all switches. Configure DLS1 and DLS2 SVIs in VLAN 10 and assign
addresses in the 172.16.10.0/24 subnet.
DLS1#sh vlan br
VLAN Name
Status Ports
---- -------------------------------- --------- ------------------------------1 default
active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gi0/1, Gi0/2
10 VLAN0010
active
200 VLAN0200
active
1002 fddi-default
act/unsup
1003 token-ring-default
act/unsup
1004 fddinet-default
act/unsup
1005 trnet-default
act/unsup
5. Configure DLS1 and DLS2 to use HSRP on the 172.16.10.0/24 subnet. Make DLS1 the primary
gateway, and enable preemption on both switches.
DLS1#sh standby br
P indicates configured to preempt.
|
Interface Grp Pri P State Active
Standby
Vl10
1 150 P Active local
172.16.10.3
DLS2#sh standby br
P indicates configured to preempt.
|
Interface Grp Pri P State Active
Standby
Vl10
1 100 P Standby 172.16.10.2 local
Virtual IP
172.16.10.1
Virtual IP
172.16.10.1
6. Place ports Fa0/15 through Fa0/20 in VLAN 10 on both access layer switches.
ALS1#sh vlan br
VLAN Name
Status Ports
---- -------------------------------- --------- ------------------------------1 default
active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gi0/1, Gi0/2
10 VLAN0010
active Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20
200 VLAN0200
active Fa0/15, Fa0/16
1002 fddi-default
act/unsup
1003 token-ring-default
act/unsup
1004 fddinet-default
act/unsup
1005 trnet-default
act/unsup
7. Enable PortFast on all access ports.
ALS2#sh run int fa 0/24
Building configuration...
Current configuration : 58 bytes
!
interface FastEthernet0/24
spanning-tree portfast
end
9. Configure ALS1 Fa0/15 and F0/16 for use with Cisco IP phones with a voice VLAN of 200 and trust
the IP phone CoS markings using AutoQoS.
ALS1#sh run interface fastEthernet 0/15
Building configuration...
Current configuration : 301 bytes
!
interface FastEthernet0/15
switchport access vlan 10
switchport voice vlan 200
srr-queue bandwidth share 10 10 60 20
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AutoQoS-Police-CiscoPhone
end
10. Configure ALS1 Fa0/18 through Fa0/20 for port security. Allow only up to three MAC addresses to
be learned on each port and then drop any traffic from other MAC addresses and set the violate mode
to protect.
ALS1#sh run interface fastEthernet 0/18
Building configuration...
Current configuration : 191 bytes
!
interface FastEthernet0/18
switchport access vlan 10
switchport mode access
switchport port-security maximum 3
switchport port-security mac-address sticky
switchport port-security
switchport port-security violation protect
end
11. Configure ALS2 Fa0/18 to only allow the MAC address 1234.1234.1234 and to shut down if a
violation occurs.
ALS2#sh run int fa 0/18
Building configuration...
Current configuration : 162 bytes
!
interface FastEthernet0/18
switchport access vlan 10
switchport mode access
switchport port-security mac-address 1234.1234.1234
switchport port-security violation shutdown
spanning-tree portfast
end