You are on page 1of 33

EIGRP OSPF Redistribution Sim configuration On GNS3:

EIGRP OSPF Redistribution CCNP Route Sim

In following topology there are four router, R1, R2 and R3 are running in EIGRP AS 100. While R2s
s1/2 is running in OSPF area 24, R3s f2/0 interface is running in OSPF area 34. In this Sim you need
to redistribute OSPF into EIGRP so that they can communicate with each other. At the end of your
configuration ping from R1 to Test IP must be successful.

You can practice this simulation in GNS3 very easily; first you need to create above topology in
GNS3 with following configurations. I have run EIGRP on R1, R2 and R3 and OSPF on R2 and R3
according to above diagram. In real Exam you don't have any concerned regarding routing protocols
configuration you just need to redistribute OSPF and EIGPR

GNS3 Configuration:
R1 Configuration:

R1(config)#int s1/0
R1 (config-if)#ip address
R1(config-if)#no shut
R1(config)#router eigrp 100
R2 Configuration:
Router(config)#hostname R2
R2(config)#interface s1/0
R2(config-if)#ip address
R2(config-if)#interface s1/1
R2(config-if)#ip address
R2(config-if)#no sh
R2(config-if)#interface s1/2
R2(config-if)#ip address
R2(config-if)#ip ospf 1 area 24
R2(config-if)#no shut
R2(config)#router EIGRP 100
R3 Configuration:
Router(config)#hostname R3
R3(config)#interface s1/0
R3(config-if)#ip address
R3(config-if)#interface f2/0
R3(config-if)#ip address
R3(config-if)#ip ospf 1 area 34
R3(config)#router EIGRP 100
R4 Configuration:
Router(config)#hostname R4
R4(config)#interface s1/0
R4(config-if)#ip address
R4(config-if)#ip ospf 1 area 24
R4(config-if)#interface f2/0
R4(config-if)#ip address
R4(config-if)#ip ospf 1 area 34
After complete the above configuration you are at same stage where you need to configure this lab
in exam.
We have done so much as given in exam and from now on word you have to handle this complete
the configuration.

Step for configuration in Exam:First we need 5 parameters of the s1/2 interface

i.e. (Bandwidth, Delay, Reliability, Load, MTU) for this use command.
R2#config terminal
R2(config)# router ospf 1
R2(config-router)# redistribute eigrp 100 metric-type 1 subnets
R2(config-router)#router eigrp 100
R2(config-router)#redistribute ospf 1 metric 1544 2000 255 1 1500

For R3 we use the show interface fa2/0 to get these 5 parameters.

R3#show interface f2/0

R3#config terminal
R3(config)#router ospf 1
R3(config-router)#redistribute eigrp 100 metric-type 1 subnets
R3(config-router)#router eigrp 100
R3(config-router)#redistribute ospf 1 metric 100000 100 255 1 1500

Verification & testing:

Show ip route on R1: You will see the all other routes if you done the correct configuration also ping
from R1 to should be successful.

IPv6 OSPF Virtual Link CCNP Route Sim

Question is a small export company that has an existing enterprise network that is running IPv6
OSPFv3 for process 1. Currently OSPF is configured on all routers. However, R4s loopback address
(FEC0:44:4) cannot be seen in R1s IPv6 routing table. You are tasked with identifying the cause of
this fault and implementing the needed corrective actions that uses OSPF features and does no change
the current area assignments. You will know that you have corrected the fault when R4s loopback
address (FEC0:44:4) can be seen in the routing table of R1.
Note: To gain the maximum number of points you must remove all incorrect or unneeded
configuration statements related to this issue.
Step for Configuration:
This lab is for testing your OSPF virtual-link concepts. And need to configure all routers with correct
virtual-link commands.

1. you need to short out the wrong virtual-link configurations that you will find on R3 & R4 i.e.

area 54 virtual-link

area 54 virtual-link
First remove these command and add the correct one.
since i have simulate this lab in GNS3 for exam's practice that way first i have configured lab with wrong
configuration as you will find in real exam in GSN3 configuration section and in Real exam section i correct all
incorrect configurations and add with right configuration.

GNS3 configuration:
Create this lab in GNS3 with following configuration, after these configurations you can start real
lab configuration as you need to complete in exam.

R1 Configuration:
R1(config)#ipv6 unicast-routing
R1(config)#interface Loopback1
R1(config-if)# ipv6 address FEC0:11::1/64
R1(config-if)#ipv6 ospf 1 area 0
R1(config-if)#interface FastEthernet1/0
R1(config-if)#ipv6 address FEC0:1::1/64
R1(config-if)#no shut
R1(config-if)#ipv6 ospf 1 area 0
R1(config)#ipv6 router ospf 1
R2 Configuration:
R2(config)#ipv6 unicast-routing
R2(config)#int loopback 1
R2(config-if)#ipv6 address fec0:22::2/64
R2(config-if)#ipv6 ospf 1 area 0
R2(config-if)#interface FastEthernet1/0
R2(config-if)#ipv6 address FEC0:1::2/64
R2(config-if)#no shut
R2(config-if)#ipv6 ospf 1 area 0
R2(config-if)#interface serial2/0
R2(config-if)#ipv6 address FEC0:2::1/64
R2(config-if)#no shut
R2(config-if)#ipv6 ospf 1 area 11
R2(config)#ipv6 router ospf 1
R3 Configuration:
R3(config)#ipv6 unicast-routing
R3(config)#int loopback 1
R3(config-if)#ipv6 address fec0:33::3/64
R3(config-if)#ipv6 ospf 1 area 11
R3(config-if)#interface FastEthernet1/0
R3(config-if)#ipv6 address FEC0:3::1/64
R3(config-if)#no shut
R3(config-if)#ipv6 ospf 1 area 54
R3(config-if)#interface serial2/0
R3(config-if)#ipv6 address FEC0:2::2/64
R3(config-if)#no shut
R3(config-if)#ipv6 ospf 1 area 11
R3(config)#ipv6 router ospf 1

Follow virtual-link configuration are wrong i have added these because in real exam you will find
such wrong configuration and you need to removes these and need to configure R2 & R3 for virtual-
link. Also in exam configuration i shall removes this area 54 virtual-link command from R3 so
that all routers can communicate with each other.
R3(config-rtr)# area 54 virtual-link
R4 Configuration:
R4(config)#ipv6 unicast-routing
R4(config)#int loopback 1
R4(config-if)#ipv6 address fec0:44::4/64
R4(config-if)#ipv6 ospf 1 area 54
R4(config-if)#interface FastEthernet1/0
R4(config-if)#ipv6 address FEC0:3::2/64
R4(config-if)#no shut
R4(config-if)#ipv6 ospf 1 area 54
R4(config)#ipv6 router ospf 1

Configuration required in Exam:

In this lab you need to configure virtual link for area 11 so that end to end communication can be
Show Run on R1, R2 ans R3, and check the virtual links commands, if you found any of router please
remove these first. Also note the router-ids and ospf process ID. In real exam IP addresses, OSPF
process ids and area ids may be change, so you need to figure out the exact values by using show
For example in R3 configuration you found area 54 virtual-link which is unnecessary.

So please remove this. You need to make the virtual link on R2 & R3. We create virtual links when
some OSPF area is not physically connected with backbone area (Area 0). The area through which you
configure the virtual link is known as a transit area. Routers R2 and R3 are belonging to transit area
that way need to add commands on these routers.

R4#configure terminal
R4(config)#ipv6 router ospf 1
R4(config-rtr)#no area 54 virtual-link
Complete the virtual links configurations on R2 & R3.

R3#configure terminal
R3(config)#ipv6 router ospf 1
R3(config-rtr)#no area 54 virtual-link
R3(config-rtr)#area 11 virtual-link
R2#configure terminal
R2(config)#ipv6 router ospf 1
R2(config-rtr)#area 11 virtual-link
R4>enableR4#show running-config
You will see a wrongly configured virtual-link command. To get full mark we have to disable this
After configuration use command Show IPv6 route on R1, if you found the R4 route in routing table
its mean you have done this lab successfully. And ping from R1 to R4 should be successful.
Important Tip: Please dont forget to use IPV6 in every command e.g.
Show IPV6 route, IPv6 router ospf 54 etc.

EIGRP Stub CCNP Route Sim

By increasing the first distant office, PNG manufactures has extended their business. They configured
the remote office router (R3) from which they can reach all corporate subnets. In order to raise
network stableness and lower the memory usage and broadband utilization to R3, RB manufactures
makes use of route summarization together with the EIGRP Stub Routing feature. Another network
engineer is responsible for the implementing of this solution. However, in the process of configuring
EIGRP stub routing connectivity with the remote network devices off of R3 has been missing.

Presently PNG has configured EIGRP on all routers in the network R2, R3, and R4. Your duty is to find
and solve the connectivity failure problem with the remote office router R3. You should then configure
route summarization only to the distant office router R3 to complete the task after the problem has
been solved.
The success of pings from R4 to the R3 LAN interface proves that the fault has been corrected and the
R3 IP routing table only contains two subnets.
GNS3 Configuration:
Create the above lab with following configurations in GNS3 and then practice this SIm with Real Exam
configuration for your Route Exam.
R3 Configuration: R3(config)# interface Loopback1 R3(config-if)#ip address
R3(config-if)#interface Serial1/0 R3(config-if)#ip address R3(config-if)# No
R3(config)#router eigrp 123 R3(config-rtr)#network
R3(config-rtr)#no auto-summary
R3(config-rtr)#eigrp stub receive-only
R4 Configuration: R4(config)# interface Serial1/0 R4(config-if)#ip address
R4(config-if)# No shut
R4(config-if)#interface FastEthernet2/0
R4(config-if)#ip address
R4(config-if)# No shut
R4(config -rtr)#router eigrp 123
R4(config -rtr)#network
R4(config -rtr)#network
R4(config -rtr)#no auto-summary
R2 Configuration:
R2(config)#interface Loopback2
R2(config-if)#ip address
R2(config-if)# interface Loopback3
R2(config-if)#ip address
R2(config-if)#interface Loopback5
R2(config-if)#ip address
R2(config-if)#interface Loopback6
R2(config-if)#ip address
R2(config-if)#interface Loopback7
R2(config-if)#ip address
R2(config-if)#interface Loopback8
R2(config-if)#ip address
R2(config-if)#interface FastEthernet1/0
R2(config-if)#ip address
R2(config-if)# No shut R2(config-if)# end
R2(config)# router eigrp 123
R2(config -rtr)#network
R2(config -rtr)#network
R2(config -rtr)#network
R2(config -rtr)#network
R2(config -rtr)#network
R2(config -rtr)#network
R2(config -rtr)#network
R2(config -rtr)#no auto-summary

Real exam Configuration:

R4 & R3 are not communicating because of eigrp stub receive-only command in EIGRP Process 123. Due
to this command router R3 is not sharing any of its routes with any other router in that EIGRP 123.
To make the communication possible we need to replace this with eigrp stub command. R3#configure
R3(config)#router eigrp 123
R3(config-router)#no eigrp stub receive-only
R3(config-router)#eigrp stubR3(config-router)#end
You need to configure route summarization on R4 so that R3 has only 2 subnets of network.
Use the show ip route command on R3 to view its routing table

For R3 only have 2 subnets we need Summarization at the R4's serial 1/0 interface which is connected
with R3.
To fulfill this requirement we configure R4 as follow, R4>enable
R4#configure terminal
R4(config)#interface s1/0
R4(config-if)#ip summary-address eigrp 123
Now show ip route command to verify the effect, the output is shown below:

In your real exam IPs might be different so you need configure R4 according to requirements.
GNS3 Labs | CCNP |
Blog is related to most famous network simulator i.e. "GNS3", here you can find
different Labs, typologies and configuration regarding ICND, CCENT, CCNA, CCNP
on GNS3.
ICND1 and ICND2 Labs | CCENT Sim
CCNP Route (300-101 Exam) Labs
CCNP Switch (300-115) Practice Labs
CCNA 200-120 Labs

OSPF Stub Area Sim configuration on GNS3:


A company has three routers Protland, Amsni and Lynaic. OSPF is configured on routers Amani and
Lynaic. Amanis S0/0 interface and Lynaics S0/1 interface are in Area 0. Lynaics Loopback0 interface
is in Area 2. Details of configuration are as follow:

Portlands S1/0 interface in Area 1

Amanis S1/0 interface in Area 1
Use the appropriate mask such that ONLY Portlands S0/0 and Amnanis S0/1 could be in Area 1.
Area 1 should not receive any external or inter-area routes (except the default route).
GNS3 Configurations:

First you need to create this topology in GNS3 as show above with following configurations.

Portland Router:

R1#config t

R1 (config)# hostname Portland

Portland (config)# enable secret cisco

Portland (config)#interface Serial1/0

Portland (config-if)# ip address

Portland (config-if)#no shutdown

Anami Router:

R2#config t

R2 (config)# hostname Anami

Anami (config)# enable secret cisco

Anami (config)#interface Serial1/0

Anami (config-if)# ip address

Anami (config-if)# no shutdown

Anami (config)#interface Serial1/1

Anami (config-if)# ip address

Anami (config-if)#no shutdown

Anami (config)#exit

Anami (config)#router ospf 1

Anami (config-router)# network area 1

Anami (config-router)# network area 0

Lynaic Router:

R3#config t

R3 (config)# hostname Lynaic

Lynaic (config)# enable secret cisco

Lynaic (config)#interface loopback 1

Lynaic (config-if)# ip address

Lynaic (config-if)# ex

Lynaic (config)#interface Serial1/0

Lynaic (config-if)# ip address

Lynaic (config-if)#no shutdown

Lynaic (config)#exit

Lynaic (config)#router ospf 1

Lynaic (config-router)# network area 2

Lynaic (config-router)# network area 0

Configuratio that you need in real exam:

From above configuration you have notice that Portland router and Anamis S1/0 interface is not
running OSPF that way they are not able to communicate with other. In order to complete the
configuration you need to run OSPF on these. For appropriate mask for\30 you need to find
out the network ID for this subnet.

1 2 3 4 5 6 7 8

128 64 32 16 8 4 2 0
As we know that \30 is 6th bit of 4th octet that way from above table these subnets are divided into four
number differences as follow.

Subet IDs for \30 Broadcast


0 3

4 7

8 11

12 15

And so on. ..

And from above we can see that lie in 4-7 range therefore

Subnet ID=

Portland#configure terminal
Portland(config)#router ospf 1

Portland(config-router)#network area 1

Area 1 should not receive any external or inter-area routes configure area 1 as totally stubby area.

Portland(config-router)#area 1 stub

Portland#copy running-config startup-config

Amani#configure terminal
Amani(config)#router ospf 1
Amani(config-router)#network area 1

Amani(config-router)#area 1 stub no-summary


Ping from Lynaic to Portland should be successful and Lynaic have all route in its routing table.

more CCNP Route Labs

Policy Based Routing CCNP Route Sim

Company has two links which can take it to the Internet. The company policy demands that
you use web traffic to be forwarded only to Frame Relay link if available and other traffic can go
through any links. No static or default routing is allowed.

I have created above lab in GNS3. BorderRouter and R1 are configured with EIGRP 11. I have used a
cloud for generating HTTP Traffic. I connect the e3/0 interface with PCs NIC using cloud and assigned
the following IP.
And also add a manual route for so that my PC can access internal R1 Router.
For this go to Run\cmd (make sure you have admin rights) and use the following command.
Route add mask p

You can use Route print command to verify. In testing part I will show you how I generate HTTP
traffic from using GNS3 cloud.
GNS3 Configurations:
To made communication between R1 and Borderrouter I use the EIGRP, in real exam lab you dont have
any concerned with routing protocol for this Sim you just need to create ACL and Route map in real
BorderRouter Configurations:
R3#config t
R3(config)#hostname Borderrouter
Borderrouter(config)#interface e3/0
Borderrouter(config-if)# ip address
Borderrouter(config-if)#no shut
Borderrouter(config)#interface s1/0
Borderrouter(config-if)# ip address
Borderrouter(config-if)#no shut
Borderrouter(config)#router eigrp 11
Borderrouter(config)#ip default-gateway

R1 Configurations:
R1#config t
R1(config)#interface s1/0
R1(config-if)# ip address
R1(config-if)#no shut
R1(config)#router eigrp 11
R1(config-router)# network

Configurations that you needs in real Exam:

First you need to create an access-list, which allows all HTTP traffic.

BorderRouter#access-list 111 permit tcp any any eq www

Secondly you need to create route-map to send the traffic through Frame-relay interface.

BorderRouter(config)#route-map blockftp permit 10

BorderRouter(config-route-map)#match ip address 111
BorderRouter(config-route-map)#set ip next-hop
BorderRouter(config)#route-map blockftp permit 20
(Notice: blockftp is just name of route-map, u can use any name. The route-map blockftp permit
20 line allows other traffic than HTTP to be routed. Otherwise, other traffic will be dropped)
3) Apply the route-map on the interface to the server in the EIGRP Network:
BorderRouter(config)#int e3/0
BorderRouter(config-if)#ip policy route-map blockftp

Testing and Verification:

In Real Examthere is a Host for Testing, click on that. Then click on this Generate HTTP traffic
button to generate some packets for HTTP traffic. Jump back to the BorderRouter and type the
command show route-map.
BorderRouter#show route-map

You will see that 9 packets matches which verify that your configurations is correct.

Testing in GNS3:
To test your configurations in GNS3 you just type in web browser. Result will be
cannot fine this page but this will pass some http packets to frame-relay ISP.
Now type the command show route-map.
BorderRouter#show route-map

You will see packets matches.


VLAN Trunking Protocol (VTP) Switch Lab

A company has added two new layer3 switches, one will act as distribution-layer switch while other
will play the role of access-layer switch as shown in figure. You task is configure VTP (vlan trunking
protocol) to distributing the VLAN information distribution-layer switch to the access-layer switch. Also
configure interVLAN routing on the distribution layer switch to route traffic between the different
VLANs that are configured on the access-layer switches; however, it is not compulsory for you to make
the specific VLAN port assignments on the access-layer switches.
Please reference the following table for the VTP and VLAN information to be configured:

Tasks and requirements:

VTP Domain name Cisco

VLAN Ids 40 41

IP Addresses

These are your specific tasks:

1. Configure the above VTP information with the distribution layer switch (Dswitch) as the VTP server
2. Configure the VTP information with the access layer switch (Aswitch) as a VTP client
3. Configure VLANs on the Dswitch
4. Configure inter-VLAN routing on the Dswitch
5. Specific VLAN port assignments will be made as users are added to the access layer switches in the
Note: All VLANs and VTP configurations are to completed in the global configuration of Switch.


Solution and Explanation:

1) Configure the VTP information Dswitch:
Open the console of distribution layer switch (Dswitch) and configure it with following configuration
for above task:


DSwitch#configure terminal
Dswitch(config)#vtp mode server
Dswitch(config)#vtp domain Cisco

2) Configure the VTP information with the access layer switch as a VTP client

Access the console of Access layer switch Aswitch for performing the following configurations:


Aswitch#configure terminal
Aswitch(config)#vtp mode client
Aswitch(config)#vtp domain Cisco

3) Configure VLANs on the distribution layer switch

According to lab requirement create VLANs on a Dswitch by using the vlan vlanID# command in
global configuration mode instead of database vlan command:
Dswitch(config)#vlan 40
Dswitch(config)#vlan 41

Assign the IP addresses for Vlans:

Dswitch(config)#interface vlan 40
Dswitch(if-config)#ip address
Dswitch(if-config)#no shutdown
Dswitch(if-config)#interface vlan 41
Dswitch(if-config)#ip address
Dswitch(if-config)#no shutdown

4) Configure inter-VLAN routing on the Dswitch

Dswitch(config)#ip routing
Dswitch#Write (save configurations)

5) Configure the VTP information with the access layer switch as a VTP client

Aswitch#configure terminal
Aswitch(config)#vtp mode client
Aswitch(config)#vtp domain cisco

Aswitch#copy run start

Interface VLAN Configuration on multilayer Switch (SIM)
Lab Tasks:

You need to configure multilayer Switch according to topology diagram and such that both hosts i.e.
Host-A and Host-B are able to successfully ping the Internet server Server_S1.

You are not allowed to add/delete VLANs, changes VLAN port assignments or create trunk links. Also you
cant use a static or default routing. All routes must be learned via EIGRP 300 routing protocol. RouterC
is correctly configured and no trunking has been configured on RouterC.
Routed interfaces should use the lowest host on a subnet when possible. The following subnets are
available to implement this solution:
Hosts H1 and H2 are configured with the correct IP address and default gateway. The enable password
for Multi-Switch is Cisco. Routing must only be enabled for the specific subnets shown in the diagram.

Step to perform:

-Find gateways of PCs with ipconfig command in Exam simulator, these gateways are use to
configured as the virtual interface on multilayer switch for given VLANs and in our case we have the
IP Address:

Default gateway:

IP Address:

Default gateway:

-Note down the EIGRP AS number and VLANs information

You can find it from topology diagram and it is EIGRP 300.

VLAN 22 and 33 are created on multilayer switch and interfaces (connected to hosts) were configured
as access ports so we dont need to configure them in this sim, you also use the show vlan command
for checking VLANs .

-Configure the Virtual interfaces on switch

According to SIM requirement we are not allow to use trunking therefore we will configure the Multi-
Switch as a Layer 3 switch with SVIs for interVLAN routing and will configure these VLAN interfaces with
gateways of PCs for respective VLANs.

Multi-Switch# configure terminal

Multi-Switch(config)# int f0/0
Multi-Switch(config-if)#no switchport (without using this command, the simulator does not let you
assign IP address on f0/0 interface.)
Multi-Switch(config-if)# ip address (Router has IP address of
therefore we have to assign this interface with same IP-Range)

Multi-Switch(config-if)# no shutdown
Multi-Switch(config-if)# exit
Multi-Switch(config)# int vlan 22
Multi-Switch(config-if)# ip address
Multi-Switch(config-if)# no shutdown
Multi-Switch(config-if)# int vlan 33
Multi-Switch(config-if)# ip address
Multi-Switch(config-if)# no shutdown

-Run the routing protocol on Multi layered switch

Multi-Switch(config)# ip routing (Notice: MLS will not work without this command)
Multi-Switch(config)# router eigrp 300
Multi-Switch(config-router)# network
Multi-Switch(config-router)# network
Multi-Switch(config-router)# network

Pre-Radius Server configuration

Buraqtech is a small cargo company that has an existing network consist of 2 switches, DSW1 and
ASW1. The network diagram shows their layer 2 mapping. VLAN 10 is a new VLAN that will be used to
provide the cargo personnel access to the server. For security reasons, it is necessary to restrict access
to VLAN 20 in the following manner:
Users connecting to ASW1s port must be authenticate via a Radius server before they are given
access to the network. The radius server address is and Radius key is ciscoradius.
Authentication should be implemented as close to the host device possible.
Devices on VLAN 20 are restricted to in the address range of and packets from
devices in the address range of should be passed on VLAN 20.
Packets from devices in any other address range should be dropped on VLAN 20. And this filtering
should be configured as close to the server farm as possible.
The Radius server and application servers will be installed at a future date. You have been tasked with
implementing the above access control as a pre-condition to installing the servers. You must use the
available IOS switch features.

Answer and Explanation:

1) Configure authenticate via a Radius server on ASW1

ASW1(config)#aaa new-model
Set the server address and password for radius server:
ASW1(config)#radius-server host key ciscoradius

ASW1(config)#aaa authentication dot1x default group radius

Enable 802.1x on the switch:

ASW1(config)#dot1x system-auth-control

Congure Fa0/1 to use 802.1x:

ASW1(config)#interface fastEthernet 0/1

ASW1(config-if)#switchport mode access
ASW1(config-if)#dot1x port-control auto
Notice that the word auto will force connected PC to authenticate through the 802.1x exchange.


Packets from devices in the address range of should be passed on VLAN 20.
Define an access-list:
DSW1(config)#ip access-list standard 10

Define an access-map which uses the access-list above:

DSW1(config)#vlan access-map MYMAPIP 10
DSW1(config-access-map)#match ip address 10
DSW1(config-access-map)#action forward
Packets from devices in any other address range should be dropped on VLAN 20.

DSW1(config)#vlan access-map MYMAPIP 20

DSW1(config-access-map)#action drop

Apply a vlan-map into a vlan close to the server farm as possible:

DSW1(config)#vlan filter MYMAPIP vlan-list 20

PortFast spanning tree configuration:

Lab Tasks:

Suppose your company has installed a new Switch in your existing network to connect 24 additional
users. You need to configure the switch correctly so that it will not disturb your existing configuration of
your network. You also have to ensure that the switch does not participate in VTP (VLAN trunking
protocols) but forwards VTP updates and advertisements that are received on trunk ports.
Because of errors that have been experienced on office computers, all nontrunking interfaces (all Fast
Ethernet ports) should transition immediately to the forwarding state of Spanning tree.
Ensure the following configurations on Switch:

Configure all port of Switch as access-ports and assign the VLAN 20 to Fast Ethernet ports 1/12 to 1/24
in global configuration mode.

Switch does not participate in VTP but forwards VTP advertisements received on trunk ports.

Ensure all access interfaces (1-24) of switch transition immediately to the forwarding state of

Ensure all FastEthernet interfaces are in a permanent non-trunking mode.

Solution for STP Switch Lab:

Configure all port of Switch as access-ports or non-trunking ports

Switch#configure terminal
Switch(config)#interface range fa1/1 24
Switch(config-if-range)#switchport mode access

Assign the VLAN 20 to Fast Ethernet ports 1/12 to 1/24 in global configuration mode.

By default, all ports on the switch are in VLAN 1. To change the VLAN associated with a port, you need to
go to each interface (or a range of interfaces) and tell it which VLAN to be a part of.
Switch(config-if-range)#interface range fa1/12 24
Switch(config-if-range)#switchport access vlan 20

Ensure all access interfaces (1-24) of switch transition immediately to the forwarding state of

Switch(config)#interface range fa1/1 24

Switch(config-if-range)#spanning-tree portfast

Switch does not participate in VTP but forwards VTP advertisements received on trunk ports.

Switch(config)#vtp mode transparent


And finally you can save the configuration with one of following command.

Switch#copy running-config startup-config



Link Aggregation Control Protocol Configuration:

Suppose you have just added a new switch (SwitchB) to the existing network
as shown in the topology.
RouterA is currently configured correctly for providing the routing function
for devices on SwitchA and SwitchB. You need to be modified SwitchA to
support the addition of SwitchB. You have been tasked with competing the
needed configuring of SwitchA and SwitchB. SwitchA and SwitchB use Cisco
as the enable password.
Configuration Requirements for SwitchA
The VTP and STP configuration modes on SwitchA is correct and should
not be modified.
You need to configure SwitchA as root switch for vlans 11, 12, 13, 21,
22 and 23. All other vlans should be left are their default values.

Configuration Requirements for SwitchB

You need to configure the VLANs according to following information:
21 HR Fa1/9 and fa1/10
22 Finance Fa1/5 and fa1/6
23 Marketing Fa1/15 and fa1/14

Access ports that assigned to VLANs should transition immediately to

forwarding state upon detecting the connection of a device.
SwitchB VTP mode needs to be the same as SwitchA.
SwitchB must operate in the same spanning tree mode as SwitchA. And no
routing is required on this Switch
SVI vlan 1 is to be configured with IP address
Inter-switch Connectivity Configuration Requirements:
- For operational and security reasons trunking should be unconditional and
Vlans 1, 21, 22 and 23 should tagged when traversing the trunk link.
The two trunks between SwitchA and SwitchB need to be configured in a
mode that allows for the maximum use of their bandwidth for all vlans. This
mode should be done with a non-proprietary protocol, with SwitchA
controlling activation.
Propagation of unnecessary broadcasts should be limited using manual
pruning on this trunk link.

Answer and Explanation:

Some useful commands that may help you to find out the necessary
information on SwitchA are as following: (Cisco basic router Commands)
show vtp status (you can get the information about VTP status on SwitchA i.e.
SwitchA is in transparent mode)
show spanning-tree (rapid-pvst mode on SwitchA)
show vlan (check the native vlan and the existence of vlan100)
show etherchannel 1 port-channel and show ip int brief (check if Port-channel 1 has
been created and make sure it is up)
show run (for complete configuration of Switch)

Configure the SwitchA as root switch for vlans 11, 12, 13, 21, 22 and 23
and need to have the same configuration as the SwitchB for successful
SwitchA #configure terminal
SwitchA (config)#spanning-tree vlan 11,12,13,21,22,23 root primary
SwitchA (config)#vlan 21
SwitchA (config-vlan)#name HR
SwitchA (config-vlan)#exit
SwitchA (config)#vlan 22
SwitchA (config-vlan)#name Finance
SwitchA (config-vlan)#exit
SwitchA (config)#vlan 23
SwitchA (config-vlan)#name Marketing
SwitchA (config-vlan)#exit
SwitchA (config)#interface range Fa1/3 4
SwitchA (config-if-range)#switchport mode trunk
SwitchA (config-if-range)#switchport trunk native vlan 100
SwitchA (config-if-range)#switchport trunk allowed vlan 1,21,23
SwitchA (config-if-range)#channel-group 1 mode active
SwitchA (config-if-range)#channel-protocol lacp
SwitchA (config-if-range)#no shutdown
SwitchA (config-if-range)#end

Configuration VLANs according to given table:

SWITCHB#configure terminal
SWITCHB(config)#vlan 21
SWITCHB(config-vlan)#name HR
SWITCHB(config)#vlan 22
SWITCHB(config-vlan)#name Finance
SWITCHB(config)#vlan 23
SWITCHB(config-vlan)#name Marketing
SWITCHB(config)#vlan 100
SWITCHB(config-vlan)#name TrunkNativeVlan
SWITCHB(config)#interface range Fa1/9 10
SWITCHB(config-if-range)#switchport mode access
SWITCHB(config-if-range)#switchport access vlan 21
SWITCHB(config-if-range)#spanning-tree portfast (Access ports that assigned to
VLANs should transition immediately to forwarding state upon detecting the
connection of a device.)
SWITCHB(config-if-range)#no shutdown
SWITCHB(config)#interface range Fa1/5 6
SWITCHB(config-if-range)#switchport mode access
SWITCHB(config-if-range)#switchport access vlan 22
SWITCHB(config-if-range)#spanning-tree portfast
SWITCHB(config-if-range)#no shutdown
SWITCHB(config)#interface range Fa1/14 15
SWITCHB(config-if-range)#switchport mode access
SWITCHB(config-if-range)#switchport access vlan 23
SWITCHB(config-if-range)#spanning-tree portfast
SWITCHB(config-if-range)#no shutdown
SwitchB VTP mode needs to be the same as SwitchA:
SWITCHB(config)#vtp mode transparent
SWITCHB(config)#spanning-tree mode rapid-pvst
Configure VLAN-1 with IP address
SWITCHB(config)#interface vlan 1
SWITCHB(config-if)#ip address
SWITCHB(config-if)#no shutdown

Vlans 1, 21, 22 and 23 should tagged when traversing the trunk link:

SWITCHB(config)#interface range Fa1/3 4

SWITCHB(config-if-range)#switchport trunk encapsulation dot1q
SWITCHB(config-if-range)#switchport mode trunk
SWITCHB(config-if-range)#switchport trunk native vlan 100
SWITCHB(config-if-range)#switchport trunk allowed vlan 1,21-23

Maximum use of bandwidth for all vlans with SwitchA controlling

SWITCHB(config-if-range)#channel-group 1 mode passive //mode passive because
SwitchA controlling activation
SWITCHB(config-if-range)#channel-protocol lacp
SWITCHB(config-if-range)#no shutdown

A company has an existing network comprised of 5 switches;
This switch network has pre-VLAN spanning tree mapping. You has the following tasks to complete this

CoreSwitch should be the root bridge for VLAN 20, but currently DSW1 is the root bridge for VLAN
Traffic for VLAN 30 should be forwarding over the gig 1/0/6 trunk port between DSW1 and
DSW2. However VLAN 30 is currently using gig 1/0/5.
Traffic for VLAN 40 should be forwarding over the gig 1/0/5 trunk port between DSW1 and
DSW2. However VLAN 40 is currently using gig 1/0/6.
You task is complicated by the fact that you only have full access to DSW1, with the enable password
cisco. You are allowed and provided only limited show commands access is provided on CoreSwitch,
and DSW2 using the enable 2 level with a password of Cisco. You are not allowed to made configuration
changes on these Switches. Also you dont have access to ASW1 or ASW2. So you are only limited to
make configuration on DSW1.

Required Configurations and Explanation:

1. CoreSwitch should be the root bridge for VLAN 20.

DSW1 is currently the root bridge for VLAN 20 our task to make CoreSwitch the root bridge for VLAN
20. For making the CoreSwitch as a root bridge we need to assign the lowest priority value for VLAN 20
on CoreSwitch, but we are not allowed to make changes on this Switch we have only access to DSW1
therefore we can increase the priority of DSW1 so that it become higher than CoreSwitch. For this use
the show spanning-tree on CoreSwitch and on DSW1 for checking the priority of both switches for
VLAN 20. Currently DSW1 is the root bridge for VLAN 20 (notice the line This bridge is the root on
below figure).

DSW1#show spanning-tree

To make the CoreSwitch the root bridge we need to increase the DSW1s priority value, the best value
should be you can use another value but make sure it is higher than the CoreSwitch priority value by
checking if the CoreSwitch becomes the root bridge or not; and that value must be in increments of

DSW1#configure terminal
DSW1(config)#spanning-tree vlan 20 priority 61440
2.Traffic for VLAN 30 should be forwarding over the gig 1/0/6 trunk port
between DSW1 and DSW2.
VLAN 30 is currently using gig 1/0/5 and gig 1/0/6 is in blocking state, you can find these information
by using command show spanning-tree. We know that spaning tree protocol make the forwarding
port base on

Since both ports have same bridge-ID and both interfaces are fastethernet therefore they will have the
same port-cost. When the both ports have same port-cost and bridge-ID then the port with the lower
interface will be in forwarding state while other will be in blocking state. Same happen in this case
that both switches DSW1 and DSW2 have same bridge-ID and Cost therefore gig 1/0/5 is forwarding port
for VLAN 30. Now you can make the gig 1/0/6 as forwarding port by lowering the Priority Number of
the port gig 1/0/6 you can see the currently priority numbers of ports by show show spanning-

Notice that we only need to change this value for VLAN 30, not for all VLANs.
DSW1(config)#interface g1/0/6
DSW1(config-if)#spanning-tree vlan 30 port-priority 64

3. Traffic for VLAN 40 should be forwarding over the gig 1/0/5 trunk port between
DSW1 and DSW2.
However VLAN 40 is currently using gig 1/0/6 and our task is to make the forwarding of VLAN 40
through gig 1/0/5. It is a similar job, but we are not allowed to make any configurations on DSW2, and
in this case we cant change the port-priority for VLAN 40. There is another solution for this you can
change the cost (set the lower value) on an interface of DSW1 then only DSW1 will learn the change.
By default, the cost of a 100Mbps link is 19 but we can change this value to make sure that VLAN 40
will use interface Gig1/0/5.
DSW1(config)#interface g1/0/5
DSW1(config-if)#spanning-tree vlan 40 cost 1

You should re-check to see if everything was configured correctly:

DSW1#show spanning-tree

DSW1#copy running-config startup-config

////GNS3 with Mobaxterm