Case Study 2 Voice and Security in a Switched Network

Disable the links between the access layer switches. DS1(config)#interface range fa 0/7 - 10 DS1(config-if-range)#sh DS2(config)#interface range fa 0/7 - 10 DS2(config-if-range)#sh AS1(config)#interface range fa 0/7 - 10 AS1(config-if-range)#sh AS2(config)#interface range fa 0/7 - 10 AS2(config-if-range)#sh Place all switches in the VTP domain CISCO and set them all to VTP mode transparent. DS1(config)#vtp domain CISCO DS1(config)#vtp mode transparent DS2(config)#vtp domain CISCO DS2(config)#vtp mode transparent AS1(config)#vtp domain CISCO AS1(config)#vtp mode transparent AS2(config)#vtp domain CISCO
Network Engineer B.Sc. CE, M.Sc. Computer Networks

AS2(config)#vtp mode transparent

Make sure that all inter-switch links are statically set as 802.1q links. Check it by SHOW RUN command; otherwise configure it by using the commands provided in case study 1 Create VLANs 10 and 200 on all switche s. Give DLS1 and DLS2 SVIs in VLAN 10 and assign addresses in the 172.16.10.0/24 subnet. DS1(config)#vlan 10 DS1(config-vlan)#exit DS1(config)#vlan 200 DS1(config-vlan)#exit DS1(config)#interface vlan 10 DS1(config-if)#ip add 172.16.10.1 255.255.255.0 DS1(config-if)#no sh DS1(config-if)#exit DS2(config)#vlan 10 DS2(config-vlan)#exit DS2(config)#vlan 200 DS2(config-vlan)#exit DS2(config)#interface vlan 10 DS2(config-if)#ip add 172.16.10.2 255.255.255.0 DS2(config-if)#no sh DS2(config-if)#exit AS1(config)#vlan 10 AS1(config-vlan)#exit AS1(config)#vlan 200 AS1(config-vlan)#exit AS2(config)#vlan 10 AS2(config-vlan)#exit AS2(config)#vlan 200 AS2(config-vlan)#exit Configure DLS1 and DLS2 to use HSRP on the 172.16.10.0/24 subnet. Make DLS1 the primary gateway, and enable preemption on both switches. DS1(config)#interface vlan 10 DS1(config-if)#standby 10 ip 172.16.10.3
Network Engineer B.Sc. CE, M.Sc. Computer Networks

DS1(config-if)#standby 10 priority 150 DS1(config-if)#standby 10 preempt

DS2(config)#interface vlan 10 DS2(config-if)# standby 10 ip 172.16.10.3 DS2(config-if)# standby 10 preempt Place ports Fa0/15 through Fa0/20 in VLAN 10 on both access layer switches. AS1(config)#interface range fa 0/15 - 20 AS1(config-if-range)#switchport mode access AS1(config-if-range)#switchport access vlan 10 AS1(config-if-range)#no sh AS1(config-if-range)#exit AS2(config)#interface range fa 0/15 - 20 AS2(config-if-range)#switchport mode access AS2(config-if-range)#switchport access vlan 10 AS2(config-if-range)#no sh AS2(config-if-range)#exit Enable PortFast on all access ports. AS1(config)#spanning -tree portfast default AS2(config)#spanning -tree portfast default DS1(config)#spanning -tree portfast default DS2(config)#spanning -tree portfast default Enable QoS on all switches involved in the scenario. AS1(config)#mls qos AS2(config)#mls qos DS1(config)#mls qos DS2(config)#mls qos

Network Engineer B.Sc. CE, M.Sc. Computer Networks

Configure ALS1 F0/15 and F0/16 for using Cisco IP phones with a voice VLAN of 200 and trust the IP phone CoSe s. AS1(config)#interface range fa0/15 -16 AS1(config-if-range)#switchport voice vlan 200 AS1(config-if-range)#auto qos voip cisco -phone AS1(config-if-range)#exit

DS1(config)#interface range fa0/7 - 8 DS1(config-if-range)#auto qos voip trust DS1(config-if-range)#exit DS2(config)#interface range fa 0/9 -10 DS2(config-if-range)#auto qos voip trust DS2(config-if-range)#exit Configure ALS1 F0/18 through F0/20 for port security. Allow only up to three MAC addresses to be learned on each port and then drop any traffic from other MAC addresses. AS1(config)#interface range fa0/18 - 20 AS1(config-if-range)#switchport port -security AS1(config-if-range)#switchport port -security maximum 3 AS1(config-if-range)#switchport port -security mac-address sticky AS1(config-if-range)#switchport port -security violation restrict AS1(config-if-range)#exit Configure ALS2 F0/18 to only allows the MAC address 1234.1234 .1234 and to shut down if a violation occurs. AS2(config)#int fa0/18 AS2(config-if)#switchport port-security AS2(config-if)#switchport port-security maximum 1 AS2(config-if)#switchport port-security mac-address 1234.1234.1234 AS2(config-if)#switchport port-security violation shutdown AS2(config-if)#exit

Network Engineer B.Sc. CE, M.Sc. Computer Networks

Sign up to vote on this title
UsefulNot useful

Master Your Semester with Scribd & The New York Times

Special offer: Get 4 months of Scribd and The New York Times for just $1.87 per week!

Master Your Semester with a Special Offer from Scribd & The New York Times