hardrock hallelujah3 v4.0

This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors in the CCNP 3: Multilayer Switching course as part of an official Cisco Networking Academy Program.

CCNP 3 Skills-Based Final Exam 1 – Instructor Version

Scenario

Yoshida Heavy Industries (YHI) requires a network setup for a new branch office. The network design calls for Layer 2 EtherChannels, trunk ports, access ports, and routed ports using Catalyst 2950 and 3550 switches and Cisco 2600 series routers. YHI also requires a fault tolerant Internet link. Therefore, a backup link to the ISP is required. The backup link will become active only if access to the Internet through the 3550 switch is lost due to failures.

The branch office staff consists of an accountant, a secretary, a manager, delivery drivers, and salespeople. Yoshida management expects staffing at this branch office to double in the first year of operation. The accountant, the secretary, and the manager will have their PCs connected to VLAN 10 on Access1. The delivery drivers and the salespeople will have their PCs connected to VLAN 20 on Access2. The branch office servers will be connected to VLAN 30 on Collapsed-Core. All Layer 2 control protocol traffic is sent and received on default management VLAN 1.

1 - 82 CCNP 3: Multilayer Switching v 4.0 – Skills-Based Assessment Version 1 - Solutions Copyright © 2004, Cisco Systems, Inc.

Multiple Instance Spanning Tree Protocol (MST) will be used in combination with PortFast and BPDU Guard. Multiple HSRP groups will be implemented so that exactly one router is active at any given time for all VLANs. Router-on-a-stick will be implemented to allow inter-VLAN routing when Backup is the active HSRP router.

Redundancy will be implemented by using Spanning Tree, HSRP, and independent connections to the ISP.

Generic Tasks • Physically connect the network devices according to the network diagram. Ensure that

the correct cables are connected to the appropriate ports.

• On all devices, configure the following:

− Telnet support with the password cisco

− The privileged EXEC mode password cisco

VLANs and VTP

YHI requires VLANs and VTP to be configured within the switched network.

1. Configure VTP on all switches:

− VTP domain should be CISCO.

− Collapsed-Core and Access1 should be VTP servers.

− Access2 should be a VTP client.

2. Configure Fast EtherChannel IEEE 802.1Q trunks as pictured in the network diagram, between the Collapsed-Core switch and the Access1 and Access2 switches.

3. Configure the VLAN 1 management VLAN on all the switches using the network 10.0.1.0/24.

− Ensure that the switches can ping each other using their management VLAN IP addresses and troubleshoot if necessary.

4. Create VLANs 10, 20, and 30 in the VTP domain:

− VLANs 10, 20, and 30 should be named ADMIN, DRIVERS, and SERVERS respectively.

5. Configure interfaces as access ports in VLANs as follows:

VLAN 10 VLAN 20 VLAN 30

Collapsed-Core Fa0/1 - 2 Fa0/3 - 4 Fa0/9 - 12, Fa0/14 – 24

Access1 Fa0/10 - 12 Fa0/1 – 2 Fa0/8 – 9

Access2 Fa0/1 - 2 Fa0/10 - 12 Fa0/7 – 9


Spanning-Tree

YHI requires Spanning-Tree protection to prevent switching loops. They also want PortFast configured on all access ports:

1. Configure Multiple Instance Spanning Tree Protocol (MST):

− Configure an instance of 1 for VLANs 1 through 30.

− All other VLANs are to share an instance of 0.

− Collapsed-Core should be the primary MST root bridge.

− Access1 should be the secondary MST root bridge.

2. Configure PortFast:

− Enable PortFast for all non-trunk access ports.

− Configure each PortFast enabled port in the network so that it will transition to error-disabled state if an unauthorized device generating BPDUs is attached.

Inter-VLAN Routing and HSRP

To enable inter-VLAN routing, YHI requires that the Collapsed-Core switch be configured to support SVIs and that the Backup router be configured as a router-on-a-stick. Finally, HSRP will be configured on Backup and Collapsed-Core:

1. Configure IP addressing as follows:

− VLAN 1 – 10.0.1.0/24

− VLAN 10 – 10.0.10.0/24

− VLAN 20 – 10.0.20.0/24

− VLAN 30 – 10.0.30.0/24

− Interface S0/0 on Backup – 192.168.0.2/24

− Interface Fa0/13 on Collapsed-Core – 192.168.1.2/24

2. Configure router-on-a stick between Access1 and Backup.

3. Configure Switched Virtual Interfaces (SVIs) on Collapsed-Core for each VLAN to enable inter-VLAN routing.

4. Configure a valid IP address for Host 1 in VLAN 10, Host 2 in VLAN 20, and Server in VLAN 30.

5. Configure HSRP on Backup and Collapsed-Core so that Collapsed-Core is the active router for all VLANs. Include the preempt option in the configuration.

6. Configure HSRP interface tracking so that Backup becomes the active router if the FastEthernet link between Collapsed-Core and ISP goes down.


Check List

1 Verify that MST is enabled.

2 Ensure that Host 1, Host 2, and Server can ping each other.

3

Verify HSRP with continuous pings to test that Host 1 and Host 2 can reach the loopback address 1.1.1.1/24 whenever any combination of cables is disconnected from the following ports on Collapsed-Core:

− Fa0/5 − Fa0/6 − Fa0/7 − Fa0/8 − Fa0/13


CCNP 3 Skills-Based Final Exam 1 – Sample Final Configurations

Sample Router Configurations The following is configuration output for each networking device. It includes a sample running configuration:

ISP#show running-config Building configuration... Current configuration : 797 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname ISP ! ! memory-size iomem 10 ip subnet-zero ! ! ! ! call rsvp-sync ! ! ! ! ! ! controller T1 1/0 framing sf linecode ami ! ! ! interface Loopback0 ip address 1.1.1.1 255.255.255.0 ! interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 speed 100 full-duplex ! interface Serial0/0 ip address 192.168.0.1 255.255.255.0 no fair-queue clockrate 64000 ! interface BRI0/0 no ip address encapsulation hdlc shutdown


! interface Serial0/1 no ip address shutdown ! ip classless ip route 10.0.0.0 255.0.0.0 192.168.1.2 10 ip route 10.0.0.0 255.0.0.0 192.168.0.2 20 ip http server ! ! ! dial-peer cor custom ! ! ! ! ! line con 0 line aux 0 line vty 0 4 login ! end ISP# ISP#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 1.0.0.0/24 is subnetted, 1 subnets C 1.1.1.0 is directly connected, Loopback0 S 10.0.0.0/8 [10/0] via 192.168.1.2 C 192.168.0.0/24 is directly connected, Serial0/0 C 192.168.1.0/24 is directly connected, FastEthernet0/0 ISP#


Backup#show running-config Building configuration... Current configuration : 1172 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Backup ! ! memory-size iomem 10 ip subnet-zero ! ! ! ! call rsvp-sync ! ! ! ! ! ! ! ! interface FastEthernet0/0 no ip address speed 100 full-duplex ! interface FastEthernet0/0.1 encapsulation dot1Q 1 native ip address 10.0.1.3 255.255.255.0 standby 1 ip 10.0.1.1 standby 1 preempt ! interface FastEthernet0/0.10 encapsulation dot1Q 10 ip address 10.0.10.3 255.255.255.0 standby 10 ip 10.0.10.1 standby 10 preempt ! interface FastEthernet0/0.20 encapsulation dot1Q 20 ip address 10.0.20.3 255.255.255.0 standby 20 ip 10.0.20.1 standby 20 preempt ! interface FastEthernet0/0.30 encapsulation dot1Q 30 ip address 10.0.30.3 255.255.255.0 standby 30 ip 10.0.30.1 standby 30 preempt !


interface Serial0/0 ip address 192.168.0.2 255.255.255.0 no fair-queue ! interface BRI0/0 no ip address encapsulation hdlc shutdown ! interface Serial0/1 no ip address shutdown ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.0.1 ip http server ! ! ! dial-peer cor custom ! ! ! ! ! line con 0 exec-timeout 0 0 line aux 0 line vty 0 4 login ! end Backup#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 192.168.0.1 to network 0.0.0.0 10.0.0.0/24 is subnetted, 4 subnets C 10.0.10.0 is directly connected, FastEthernet0/0.10 C 10.0.1.0 is directly connected, FastEthernet0/0.1 C 10.0.30.0 is directly connected, FastEthernet0/0.30 C 10.0.20.0 is directly connected, FastEthernet0/0.20 C 192.168.0.0/24 is directly connected, Serial0/0 S* 0.0.0.0/0 [1/0] via 192.168.0.1 Backup#


Collapsed-Core#show running-config Building configuration... Current configuration : 5153 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Collapsed-Core ! ! ip subnet-zero ip routing ! ! ! spanning-tree mode mst spanning-tree extend system-id ! spanning-tree mst configuration instance 1 vlan 1-30 ! spanning-tree mst 0 priority 24576 spanning-tree mst 1 priority 24576 ! ! ! interface Port-channel1 switchport trunk encapsulation dot1q switchport mode trunk no ip address ! interface Port-channel2 switchport trunk encapsulation dot1q switchport mode trunk no ip address ! interface FastEthernet0/1 switchport access vlan 10 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/2 switchport access vlan 10 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/3


switchport access vlan 20 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/4 switchport access vlan 20 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/5 switchport trunk encapsulation dot1q switchport mode trunk no ip address duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/6 switchport trunk encapsulation dot1q switchport mode trunk no ip address duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/7 switchport trunk encapsulation dot1q switchport mode trunk no ip address duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/8 switchport trunk encapsulation dot1q switchport mode trunk no ip address duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/9 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/10 switchport access vlan 30 no ip address duplex full speed 100


spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/11 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/12 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/13 no switchport ip address 192.168.1.2 255.255.255.0 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/14 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/15 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/16 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/17 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/18


switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/19 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/20 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/21 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/22 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/23 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/24 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet0/1 no ip address ! interface GigabitEthernet0/2 no ip address


! interface Vlan1 ip address 10.0.1.2 255.255.255.0 no ip redirects standby 1 ip 10.0.1.1 standby 1 priority 200 standby 1 preempt standby 1 track FastEthernet0/13 150 ! interface Vlan10 ip address 10.0.10.2 255.255.255.0 no ip redirects standby 10 ip 10.0.10.1 standby 10 priority 200 standby 10 preempt standby 10 track FastEthernet0/13 150 ! interface Vlan20 ip address 10.0.20.2 255.255.255.0 no ip redirects standby 20 ip 10.0.20.1 standby 20 priority 200 standby 20 preempt standby 20 track FastEthernet0/13 150 ! interface Vlan30 ip address 10.0.30.2 255.255.255.0 no ip redirects standby 30 ip 10.0.30.1 standby 30 priority 200 standby 30 preempt standby 30 track FastEthernet0/13 150 ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.1.1 ip http server ! ! ! line con 0 line vty 0 4 login line vty 5 15 login ! end Collapsed-Core# Collapsed-Core#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 192.168.1.1 to network 0.0.0.0 10.0.0.0/24 is subnetted, 4 subnets


C 10.0.10.0 is directly connected, Vlan10 C 10.0.1.0 is directly connected, Vlan1 C 10.0.30.0 is directly connected, Vlan30 C 10.0.20.0 is directly connected, Vlan20 C 192.168.1.0/24 is directly connected, FastEthernet0/13 S* 0.0.0.0/0 [1/0] via 192.168.1.1 Collapsed-Core#


Access1#show running-config

Building configuration... Access1#show run Building configuration... 02:14:26: %SYS-5-CONFIG_I: Configured from console by console Current configuration : 3539 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Access1 ! ! ip subnet-zero ! ! ! spanning-tree mode mst no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! spanning-tree mst configuration instance 1 vlan 1-30 ! spanning-tree mst 0 priority 28672 spanning-tree mst 1 priority 28672 ! ! interface Port-channel1 switchport mode trunk flowcontrol send off ! interface Port-channel2 switchport mode trunk flowcontrol send off ! interface FastEthernet0/1 switchport access vlan 20 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/2 switchport access vlan 20 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/3 switchport mode trunk duplex full speed 100


channel-group 1 mode on ! interface FastEthernet0/4 switchport mode trunk duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/5 switchport mode trunk duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/6 switchport mode trunk duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/7 switchport mode trunk duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/8 switchport access vlan 30 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/9 switchport access vlan 30 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/10 switchport access vlan 10 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/11 switchport access vlan 10 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/12 switchport access vlan 10 duplex full speed 100 spanning-tree portfast


spanning-tree bpduguard enable ! interface FastEthernet0/13 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/14 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/15 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/16 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/17 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/18 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/19 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/20 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/21 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/22 duplex full speed 100 spanning-tree portfast


spanning-tree bpduguard enable ! interface FastEthernet0/23 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/24 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip address 10.0.1.11 255.255.255.0 no ip route-cache ! ip http server ! ! line con 0 line vty 0 4 login line vty 5 15 login ! end Access1#


Access2#show running-config Building configuration... Current configuration : 3473 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Access2 ! ! ip subnet-zero ! ! ! spanning-tree mode mst no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! spanning-tree mst configuration instance 1 vlan 1-30 ! ! ! interface Port-channel1 switchport mode trunk flowcontrol send off ! interface Port-channel2 switchport mode trunk flowcontrol send off ! interface FastEthernet0/1 switchport access vlan 10 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/2 switchport access vlan 10 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/3 switchport mode trunk duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/4 switchport mode trunk


duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/5 switchport mode trunk duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/6 switchport mode trunk duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/7 switchport access vlan 30 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/8 switchport access vlan 30 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/9 switchport access vlan 30 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/10 switchport access vlan 20 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/11 switchport access vlan 20 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/12 switchport access vlan 20 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/13 duplex full


speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/14 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/15 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/16 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/17 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/18 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/19 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/20 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/21 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/22 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/23 duplex full


speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/24 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip address 10.0.1.12 255.255.255.0 no ip route-cache ! ip http server ! ! line con 0 line vty 0 4 login line vty 5 15 login ! end Access2#


Verifying Spanning Tree Verify the status of STP with the show spanning-tree command:

Collapsed-Core#show spanning-tree MST00 Spanning tree enabled protocol mstp Root ID Priority 24576 Address 000d.ed5f.8e00 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 24576 (priority 24576 sys-id-ext 0) Address 000d.ed5f.8e00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Po1 Desg FWD 100000 128.65 P2p Po2 Desg FWD 100000 128.66 P2p MST01 Spanning tree enabled protocol mstp Root ID Priority 24577 Address 000d.ed5f.8e00 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 24577 (priority 24576 sys-id-ext 1) Address 000d.ed5f.8e00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Po1 Desg FWD 100000 128.65 P2p Po2 Desg FWD 100000 128.66 P2p Collapsed-Core# Access1#show spanning-tree MST00 Spanning tree enabled protocol mstp Root ID Priority 24576 Address 000d.ed5f.8e00 Cost 0 Port 65 (Port-channel1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 28672 (priority 28672 sys-id-ext 0) Address 000e.838c.5800 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Fa0/7 Desg FWD 200000 128.7 P2p Fa0/12 Desg FWD 200000 128.12 Edge P2p Po1 Root FWD 100000 128.65 P2p Po2 Desg FWD 100000 128.66 P2p


MST01 Spanning tree enabled protocol mstp Root ID Priority 24577 Address 000d.ed5f.8e00 Cost 100000 Port 65 (Port-channel1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 28673 (priority 28672 sys-id-ext 1) Address 000e.838c.5800 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Fa0/7 Desg FWD 200000 128.7 P2p Fa0/12 Desg FWD 200000 128.12 Edge P2p Po1 Root FWD 100000 128.65 P2p Po2 Desg FWD 100000 128.66 P2p Access1# Access2#show spanning-tree MST00 Spanning tree enabled protocol mstp Root ID Priority 24576 Address 000d.ed5f.8e00 Cost 0 Port 65 (Port-channel1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32768 (priority 32768 sys-id-ext 0) Address 000e.838c.57c0 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Fa0/12 Desg FWD 200000 128.12 Edge P2p Po1 Root FWD 100000 128.65 P2p Po2 Altn BLK 100000 128.66 P2p MST01 Spanning tree enabled protocol mstp Root ID Priority 24577 Address 000d.ed5f.8e00 Cost 100000 Port 65 (Port-channel1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 000e.838c.57c0 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Fa0/12 Desg FWD 200000 128.12 Edge P2p Po1 Root FWD 100000 128.65 P2p Po2 Altn BLK 100000 128.66 P2p Access2#


Verifying VTP Verify the status of VTP on all switches with the show vlan brief and the show vtp status command: Collapsed-Core#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Gi0/1, Gi0/2 10 ADMIN active Fa0/1, Fa0/2 20 DRIVERS active Fa0/3, Fa0/4 30 SERVERS active Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/14, Fa0/15, Fa0/16, Fa0/17 Fa0/18, Fa0/19, Fa0/20, Fa0/21 Fa0/22, Fa0/23, Fa0/24 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active Collapsed-Core# Collapsed-Core#show vtp stat VTP Version : 2 Configuration Revision : 8 Maximum VLANs supported locally : 1005 Number of existing VLANs : 8 VTP Operating Mode : Server VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x82 0x79 0xEF 0x80 0x2C 0x2A 0x3E 0x28 Configuration last modified by 10.0.1.2 at 3-1-93 00:11:43 Local updater ID is 10.0.1.2 on interface Vl1 (lowest numbered VLAN interface found) CollapsedCore# Access1#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gi0/1, Gi0/2 10 ADMIN active Fa0/10, Fa0/11, Fa0/12 20 DRIVERS active Fa0/1, Fa0/2 30 SERVERS active Fa0/8, Fa0/9 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup Access1# Access1#show vtp stat VTP Version : 2 Configuration Revision : 9


Maximum VLANs supported locally : 250 Number of existing VLANs : 8 VTP Operating Mode : Server VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xE5 0xB2 0x0A 0x3B 0x8D 0x58 0xFB 0xC5 Configuration last modified by 10.0.1.2 at 3-1-93 02:19:47 Local updater ID is 10.0.1.11 on interface Vl1 (lowest numbered VLAN interface found) Access1# Access2#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gi0/1, Gi0/2 10 ADMIN active Fa0/1, Fa0/2 20 DRIVERS active Fa0/10, Fa0/11, Fa0/12 30 SERVERS active Fa0/7, Fa0/8, Fa0/9 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup Access2# Access2# show vtp status VTP Version : 2 Configuration Revision : 8 Maximum VLANs supported locally : 250 Number of existing VLANs : 8 VTP Operating Mode : Client VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x82 0x79 0xEF 0x80 0x2C 0x2A 0x3E 0x28 Configuration last modified by 10.0.1.2 at 3-1-93 00:11:43 Access2#


Verifying HSRP Verify the status of HSRP on both Backup and Collapsed-Core with either the show standby or the show standby brief command:

Collapsed-Core#show standby Vlan1 - Group 1 Local state is Active, priority 200, may preempt Hellotime 3 sec, holdtime 10 sec Next hello sent in 1.256 Virtual IP address is 10.0.1.1 configured Active router is local Standby router is 10.0.1.3 expires in 9.240 Virtual mac address is 0000.0c07.ac01 5 state changes, last state change 00:08:16 IP redundancy name is "hsrp-Vl1-1" (default) Priority tracking 1 interface or object, 1 up: Interface or object Decrement State FastEthernet0/13 150 Up Vlan10 - Group 10 Local state is Active, priority 200, may preempt Hellotime 3 sec, holdtime 10 sec Next hello sent in 0.198 Virtual IP address is 10.0.10.1 configured Active router is local Standby router is 10.0.10.3 expires in 7.628 Virtual mac address is 0000.0c07.ac0a 5 state changes, last state change 00:08:17 IP redundancy name is "hsrp-Vl10-10" (default) Priority tracking 1 interface or object, 1 up: Interface or object Decrement State FastEthernet0/13 150 Up Vlan20 - Group 20 Local state is Active, priority 200, may preempt Hellotime 3 sec, holdtime 10 sec Next hello sent in 2.208 Virtual IP address is 10.0.20.1 configured Active router is local Standby router is 10.0.20.3 expires in 7.544 Virtual mac address is 0000.0c07.ac14 5 state changes, last state change 00:08:20 IP redundancy name is "hsrp-Vl20-20" (default) Priority tracking 1 interface or object, 1 up: Interface or object Decrement State FastEthernet0/13 150 Up Vlan30 - Group 30 Local state is Active, priority 200, may preempt Hellotime 3 sec, holdtime 10 sec Next hello sent in 2.214 Virtual IP address is 10.0.30.1 configured Active router is local Standby router is 10.0.30.3 expires in 7.548 Virtual mac address is 0000.0c07.ac1e 5 state changes, last state change 00:08:22 IP redundancy name is "hsrp-Vl30-30" (default) Priority tracking 1 interface or object, 1 up: Interface or object Decrement State


FastEthernet0/13 150 Up Collapsed-Core#

Backup#show standby brief P indicates configured to preempt. | Interface Grp Prio P State Active addr Standby addr Group addr Fa0/0.1 1 100 P Standby 10.0.1.2 local 10.0.1.1 Fa0/0.10 10 100 P Standby 10.0.10.2 local 10.0.10.1 Fa0/0.20 20 100 P Standby 10.0.20.2 local 10.0.20.1 Fa0/0.30 30 100 P Standby 10.0.30.2 local 10.0.30.1 Backup#

From a host, initiate a continuous ping to loopback interface 1.1.1.1. While the pings are active, unplug the Fa0/13 cable. The pings should become unsuccessful while HSRP is activating the Standby router. When the pings are successful again, re-connect the cable to Fa0/13 and the Active router should again go into standby mode.

Here is a sample scenario:



Scenario

DropBear Industries (DBI) requires a network setup for a new branch office. The network design calls for VLANs, SVIs, Layer 2 EtherChannels, trunk ports, access ports, and routed ports using Catalyst 2950 and 3550 switches and a Cisco 2600 series router. DropBear has a low-bandwidth, 64-Kbps link to its ISP.

Voice over IP will also be demonstrated for sales staff, to test the viability of integrating voice and data traffic in a single topology. Voice channels totaling 16 Kbps must have priority over non-voice traffic. For this reason, low-latency queuing needs to be configured on the link to the ISP. Host 2 will be used to simulate Voice over IP traffic that needs to be classified as time sensitive based on the source IP address.

The branch office staff consists of an accountant, a secretary, a manager, delivery drivers, and salespeople. DropBear management expects staffing at this branch office to double in the first year of operation. The accountant, the secretary, and the manager will have their PCs connected to VLAN 10 on Access1. The salespeople will have their IP phones connected to VLAN 20 on Access2. The branch office servers will be connected to VLAN 30 on Collapsed-Core. All Layer 2 control protocol traffic is sent and received on VLAN 1.


Multiple Instance Spanning Tree Protocol (MST) will be used in combination with PortFast, and BPDU Guard. In the event of a trunk failure for either Access1 or Access2 to the Collapsed-Core switch, VLAN 20 phone traffic must have uninterrupted access to the Border router.


the correct cables are connected to the appropriate ports as labeled in the diagram.


− Telnet support

− The privileged EXEC mode password cisco

VLANs and VTP

DBI requires VLANs and VTP to be configured within their switched network:

1. Configure all switches in the VTP domain DROPBEAR.

2. Configure Collapsed-Core and Access1 to be VTP servers and Access2 to be a VTP client.


4. Configure the VLAN 1 management VLAN on all the switches using the network 10.0.1.0/24:


5. Create VLANs 10, 20, and 30 in the VTP domain:

− Name VLAN 10 ADMIN.

− Name VLAN 20 PHONE.

− Name VLAN 30 SERVERS.




Access1 Fa0/10 - 12 Fa0/1 – 2 Fa0/7 – 9

Access2 Fa0/1 - 2 Fa0/10 - 12 Fa0/7 – 9


Spanning-Tree

DBI requires Spanning-Tree protection to ensure against switching loops. They also want PortFast configured on all access ports.

1. Configure MST:


− All other VLANs are to share instance 0 of Spanning Tree.

− Collapsed-Core should be the primary MST root bridge





Inter-VLAN Routing

To enable inter-VLAN routing, DBI requires the Collapsed-Core switch to be configured to support SVIs:


− VLAN 1 – 10.0.1.0/24

− VLAN 10 – 10.0.10.0/24

− VLAN 20 – 10.0.20.0/24

− VLAN 30 – 10.0.30.0/24



2. Configure Switched Virtual Interfaces (SVIs) on the Collapsed-Core switch for each VLAN to enable inter-VLAN routing.

3. Configure a valid IP address for Host 1 in VLAN 10, Host 2 in VLAN 20, and the Server in VLAN 30.


QoS – Low-Latency Queuing

To ensure that voice traffic will have priority over non-voice traffic, BDI requires low-latency queuing (LLQ) to be configured on the link to the ISP. LLQ should guarantee 16 Kbps to VLAN 20 and WFQ for all other traffic:

1. Use EIGRP with an AS of 100 as the routing protocol on the Collapsed-Core switch and Border router:

− Initially the switches can be left with their default configurations.

− Use a PC to simulate an IP phone connected to interface Fa0/12 of the Access2 switch.

2. Create a policy for the treatment of voice traffic within the LAN on the border router:

− Configure a named standard ACL called PHONE-TRAFFIC to identify the source network address of VLAN 20.

− Configure a class-map called VOICE-TRAFFIC to classify traffic originating from VLAN 20 in the 10.0.20.0 network as voice traffic.

− Apply the appropriate commands to a policy-map called VOICE to enable LLQ.

− The policy-map will implement a strict priority 16-Kbps queuing strategy for voice traffic.

− The policy-map will also implement WFQ for the remaining traffic.

3. Apply the policy to the appropriate interface on the Border router.

Check List


2 Verify that the Border router is applying the QoS policy for voice traffic with the show policy-map interface s0/0 command.

3 Ensure that Host 1 and Host 2 can ping each other and the ISP loopback interface 1.1.1.1.




ISP#show running-config ISP#show run Building configuration... Current configuration : 767 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname ISP ! ! memory-size iomem 10 ip subnet-zero ! ! ! ! call rsvp-sync ! ! ! ! ! ! controller T1 1/0 framing sf linecode ami ! ! ! interface Loopback0 ip address 1.1.1.1 255.255.255.0 ! interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 speed 100 full-duplex ! interface Serial0/0 ip address 192.168.0.1 255.255.255.0 no fair-queue clockrate 64000 ! interface BRI0/0 no ip address


encapsulation hdlc shutdown ! interface Serial0/1 no ip address shutdown ! ip classless ip route 10.0.0.0 255.0.0.0 192.168.0.2 ip http server ! ! ! dial-peer cor custom ! ! ! ! ! line con 0 line aux 0 line vty 0 4 password cisco login ! end ISP#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 1.0.0.0/24 is subnetted, 1 subnets C 1.1.1.0 is directly connected, Loopback0 S 10.0.0.0/8 [1/0] via 192.168.0.2 C 192.168.0.0/24 is directly connected, Serial0/0 ISP#


Backup#show running-config Building configuration... Current configuration : 1112 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Border ! ! memory-size iomem 10 ip subnet-zero ! ! ! ! class-map match-all VOICE-TRAFFIC match access-group name PHONE-TRAFFIC ! ! policy-map VOICE class VOICE-TRAFFIC priority 16 class class-default fair-queue ! ! call rsvp-sync ! ! ! ! ! ! ! ! interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 speed 100 full-duplex ! interface Serial0/0 ip address 192.168.0.2 255.255.255.0 service-policy output VOICE ! interface BRI0/0 no ip address encapsulation hdlc shutdown ! interface Serial0/1 no ip address shutdown


! router eigrp 100 redistribute static network 192.168.0.0 network 192.168.1.0 auto-summary no eigrp log-neighbor-changes ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.0.1 ip http server ! ! ip access-list standard PHONE-TRAFFIC remark - ACL identifies telephone traffic traveling on VLAN 20 permit 10.0.20.0 0.0.0.255 ! ! dial-peer cor custom ! ! ! ! ! line con 0 exec-timeout 0 0 line aux 0 line vty 0 4 password cisco login ! end Border# Backup#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 192.168.0.1 to network 0.0.0.0 D 10.0.0.0/8 [90/28416] via 192.168.1.2, 01:17:49, FastEthernet0/0 C 192.168.0.0/24 is directly connected, Serial0/0 C 192.168.1.0/24 is directly connected, FastEthernet0/0 S* 0.0.0.0/0 [1/0] via 192.168.0.1 Border#


Collapsed-Core#show running-config Building configuration... Current configuration : 4114 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Collapsed-Core ! ! ip subnet-zero ip routing ! ! ! spanning-tree mode mst spanning-tree extend system-id ! spanning-tree mst configuration instance 1 vlan 1-30 ! spanning-tree mst 0 priority 24576 spanning-tree mst 1 priority 24576 ! ! ! interface Port-channel1 switchport trunk encapsulation dot1q switchport mode trunk no ip address ! interface Port-channel2 switchport trunk encapsulation dot1q switchport mode trunk no ip address ! interface FastEthernet0/1 switchport access vlan 10 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/2 switchport access vlan 10 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable !


interface FastEthernet0/3 switchport access vlan 20 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/4 switchport access vlan 20 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/5 switchport trunk encapsulation dot1q switchport mode trunk no ip address duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/6 switchport trunk encapsulation dot1q switchport mode trunk no ip address duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/7 switchport trunk encapsulation dot1q switchport mode trunk no ip address duplex full speed 100 udld port channel-group 2 mode on ! interface FastEthernet0/8 switchport trunk encapsulation dot1q switchport mode trunk no ip address duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/9 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/10 switchport access vlan 30 no ip address


duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/11 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/12 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/13 description - Switch port connecting to the Border router no switchport ip address 192.168.1.2 255.255.255.0 duplex full speed 100 ! interface FastEthernet0/14 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/15 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree bpduguard enable ! interface FastEthernet0/16 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/17 no ip address duplex full speed 100 ! interface FastEthernet0/18 no ip address duplex full speed 100


! interface FastEthernet0/19 no ip address duplex full speed 100 ! interface FastEthernet0/20 no ip address duplex full speed 100 ! interface FastEthernet0/21 no ip address duplex full speed 100 ! interface FastEthernet0/22 no ip address duplex full speed 100 ! interface FastEthernet0/23 no ip address duplex full speed 100 ! interface FastEthernet0/24 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast ! interface GigabitEthernet0/1 no ip address ! interface GigabitEthernet0/2 no ip address ! interface Vlan1 ip address 10.0.1.1 255.255.255.0 ! interface Vlan10 ip address 10.0.10.1 255.255.255.0 ! interface Vlan20 ip address 10.0.20.1 255.255.255.0 ! interface Vlan30 ip address 10.0.30.1 255.255.255.0 ! router eigrp 100 network 10.0.0.0 network 192.168.1.0 auto-summary no eigrp log-neighbor-changes ! ip classless ip http server !


! ! line con 0 line vty 0 4 login line vty 5 15 password cisco login ! end Collapsed-Core# Collapsed-Core#show ip route Collapsed-Core#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 192.168.1.1 to network 0.0.0.0 10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks C 10.0.10.0/24 is directly connected, Vlan10 D 10.0.0.0/8 is a summary, 01:16:16, Null0 C 10.0.1.0/24 is directly connected, Vlan1 C 10.0.30.0/24 is directly connected, Vlan30 C 10.0.20.0/24 is directly connected, Vlan20 D 192.168.0.0/24 [90/20514560] via 192.168.1.1, 01:16:37, FastEthernet0/13 C 192.168.1.0/24 is directly connected, FastEthernet0/13 D*EX 0.0.0.0/0 [170/20514560] via 192.168.1.1, 01:16:37, FastEthernet0/13 Collapsed-Core#



Access1#show run Building configuration... Current configuration : 3625 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Access1 ! ! ip subnet-zero ! ! ! spanning-tree mode mst no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! spanning-tree mst configuration instance 1 vlan 1-30 ! spanning-tree mst 0 priority 28672 spanning-tree mst 1 priority 28672 ! ! interface Port-channel1 switchport mode trunk flowcontrol send off ! interface Port-channel2 switchport mode trunk flowcontrol send off ! interface FastEthernet0/1 switchport access vlan 20 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/2 switchport access vlan 20 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/3 switchport mode trunk duplex full speed 100 channel-group 1 mode on !


interface FastEthernet0/4 switchport mode trunk duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/5 switchport mode trunk duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/6 switchport mode trunk duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/7 switchport access vlan 30 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/8 switchport access vlan 30 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/9 switchport access vlan 30 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/10 switchport access vlan 10 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/11 switchport access vlan 10 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/12 switchport access vlan 10 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable !


interface FastEthernet0/13 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/14 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/15 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/16 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/17 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/18 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/19 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/20 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/21 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/22 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable !


interface FastEthernet0/23 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/24 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip address 10.0.1.11 255.255.255.0 no ip route-cache ! ip default-gateway 10.0.1.1 ip http server ! ! line con 0 line vty 0 4 password cisco login line vty 5 15 password cisco login ! end Access1#


Access2#show running-config Building configuration... Current configuration : 3535 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Access2 ! ! ip subnet-zero ! ! ! spanning-tree mode mst no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! spanning-tree mst configuration instance 1 vlan 1-30 ! ! ! interface Port-channel1 switchport mode trunk flowcontrol send off ! interface Port-channel2 switchport mode trunk flowcontrol send off ! interface FastEthernet0/1 switchport access vlan 10 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/2 switchport access vlan 10 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/3 switchport mode trunk duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/4


switchport mode trunk duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/5 switchport mode trunk duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/6 switchport mode trunk duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/7 switchport access vlan 30 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/8 switchport access vlan 30 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/9 switchport access vlan 30 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/10 switchport access vlan 20 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/11 switchport access vlan 20 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/12 switchport access vlan 20 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/13


duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/14 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/15 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/16 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/17 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/18 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/19 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/20 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/21 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/22 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/23


duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/24 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip address 10.0.1.12 255.255.255.0 no ip route-cache ! ip default-gateway 10.0.1.1 ip http server ! ! line con 0 line vty 0 4 password cisco login line vty 5 15 password cisco login ! end Access2#



Collapsed-Core#show spanning-tree MST00 Spanning tree enabled protocol mstp Root ID Priority 24576 Address 000d.ed5f.8e00 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 24576 (priority 24576 sys-id-ext 0) Address 000d.ed5f.8e00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Po1 Desg FWD 100000 128.65 P2p Po2 Desg FWD 100000 128.66 P2p Bound(RSTP) MST01 Spanning tree enabled protocol mstp Root ID Priority 24577 Address 000d.ed5f.8e00 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 24577 (priority 24576 sys-id-ext 1) Address 000d.ed5f.8e00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Po1 Desg FWD 100000 128.65 P2p Po2 Boun FWD 100000 128.66 P2p Bound(RSTP) Collapsed-Core# Access1#show spanning-tree MST00 Spanning tree enabled protocol mstp Root ID Priority 24576 Address 000d.ed5f.8e00 Cost 0 Port 65 (Port-channel1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 28672 (priority 28672 sys-id-ext 0) Address 000e.838c.5800 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Fa0/12 Desg FWD 200000 128.12 Edge P2p Po1 Root FWD 100000 128.65 P2p


MST01 Spanning tree enabled protocol mstp Root ID Priority 24577 Address 000d.ed5f.8e00 Cost 100000 Port 65 (Port-channel1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 28673 (priority 28672 sys-id-ext 1) Address 000e.838c.5800 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Fa0/12 Desg FWD 200000 128.12 Edge P2p Po1 Root FWD 100000 128.65 P2p Access1#

Access2#show spanning-tree MST00 Spanning tree enabled protocol mstp Root ID Priority 24576 Address 000d.ed5f.8e00 Cost 100000 Port 65 (Port-channel1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32768 (priority 32768 sys-id-ext 0) Address 000e.838c.57c0 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Fa0/12 Desg FWD 200000 128.12 Edge P2p Po1 Root FWD 100000 128.65 P2p Bound(RSTP) MST01 Spanning tree enabled protocol mstp Root ID Priority 32769 Address 000e.838c.57c0 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 000e.838c.57c0 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Fa0/12 Desg FWD 200000 128.12 Edge P2p Po1 Boun FWD 100000 128.65 P2p Bound(RSTP) Access2#


Verifying VTP Verify the status of VTP on all switches with the show vlan brief and the show vtp status command: Collapsed-Core#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Gi0/1 Gi0/2 10 ADMIN active Fa0/1, Fa0/2 20 PHONE active Fa0/3, Fa0/4 30 SERVERS active Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/14, Fa0/15, Fa0/16, Fa0/24 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active Collapsed-Core# Collapsed-Core#show vtp status VTP Version : 2 Configuration Revision : 2 Maximum VLANs supported locally : 1005 Number of existing VLANs : 8 VTP Operating Mode : Server VTP Domain Name : DROPBEAR VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x95 0xF7 0xEC 0x0B 0xA0 0x7F 0xA3 0xB0 Configuration last modified by 10.0.1.1 at 3-1-93 00:31:54 Local updater ID is 10.0.1.1 on interface Vl1 (lowest numbered VLAN interface found) Collapsed-Core# Access1#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/5, Fa0/6, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/2 10 ADMIN active Fa0/10, Fa0/11, Fa0/12 20 PHONE active Fa0/1, Fa0/2 30 SERVERS active Fa0/7, Fa0/8, Fa0/9 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup Access1# Access1#show vtp status VTP Version : 2 Configuration Revision : 2 Maximum VLANs supported locally : 250


Number of existing VLANs : 8 VTP Operating Mode : Server VTP Domain Name : DROPBEAR VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x95 0xF7 0xEC 0x0B 0xA0 0x7F 0xA3 0xB0 Configuration last modified by 10.0.1.1 at 3-1-93 00:31:54 Local updater ID is 10.0.1.11 on interface Vl1 (lowest numbered VLAN interface found) Access1# Access2#show vlan brief

VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/5, Fa0/6, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/2 10 ADMIN active Fa0/1, Fa0/2 20 PHONE active Fa0/10, Fa0/11, Fa0/12 30 SERVERS active Fa0/7, Fa0/8, Fa0/9 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup Access2# Access2# show vtp status Access2#show vtp status VTP Version : 2 Configuration Revision : 2 Maximum VLANs supported locally : 250 Number of existing VLANs : 8 VTP Operating Mode : Client VTP Domain Name : DROPBEAR VTP Pruning Mode : Enabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x95 0xF7 0xEC 0x0B 0xA0 0x7F 0xA3 0xB0 Configuration last modified by 10.0.1.1 at 3-1-93 00:31:54 Access2#


Verifying QoS Verify the status of QoS on the Border router with the show policy-map interface s0/0 command:

Border#show policy-map interface s0/0 Serial0/0 Service-policy output: VOICE Class-map: VOICE-TRAFFIC (match-all) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: access-group name PHONE-TRAFFIC Queueing Strict Priority Output Queue: Conversation 40 Bandwidth 16 (kbps) Burst 400 (Bytes) (pkts matched/bytes matched) 0/0 (total drops/bytes drops) 0/0 Class-map: class-default (match-any) 1384 packets, 87741 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any Queueing Flow Based Fair Queueing Maximum Number of Hashed Queues 32 (total queued/total drops/no-buffer drops) 0/0/0 Border#



Scenario

GeoTech Distributors (GTD) requires a network setup for a new branch office. The network design calls for VLANs, SVIs, Layer 2 EtherChannels, trunk ports, access ports, and routed ports using Catalyst 2950 and 3550 switches and a Cisco 2600 series router.

The branch office staff consists of an accountant, a secretary, a manager, delivery drivers, and salespeople. GTD management expects staffing at this branch office to double in the first year of operation. The accountant, the secretary, and the manager will have their PCs connected to VLAN 10 on Access1. The delivery drivers and the salespeople will have their PCs connected to VLAN 20 on Access2. The branch office servers will be connected to VLAN 30 on Collapsed-Core. All Layer 2 control protocol traffic is sent and received on VLAN 1.

Multiple Instance Spanning Tree Protocol (MST) will be used in combination with PortFast, and BPDU Guard.

Due to increasing network usage and reports of performance problems, the sales traffic on Access2 is being monitored on a port-membership basis by a remote monitor host attached to the Collapsed-Core switch.


Security measures are to be implemented on all switches to give Help Desk staff on VLAN 20 low levels of access to console and Telnet sessions using simple passwords. Network administrators on VLAN 10 will automatically have the highest level of access when connecting to the switches using either the console or a Telnet session, and will need to have their passwords well protected.


the correct cables are connected to the appropriate ports as labeled in the diagram.


− Telnet support

− The privilege EXEC mode password cisco

VLANs and VTP

GTD requires VLANs and VTP to be configured within their switched network:

1. Configure all switches in the VTP domain GEOTECH.

2. Configure Collapsed-Core and Access1 to be VTP servers and Access2 to be a VTP client.


4. Configure the VLAN 1 management VLAN on all the switches using the network 10.0.1.0/24:


5. Create VLANs 10, 20, 30, and 99 in the VTP domain:

− VLAN 10 should be named ADMIN.

− VLAN 20 should be named USER.

− VLAN 30 should be named SERVERS.

− VLAN 99 should be named REMOTE.




Access1 Fa0/10 - 12 Fa0/1 – 2 Fa0/7 – 9


Access2 Fa0/1 - 2 Fa0/10 - 12 Fa0/7 – 9

Spanning-Tree

GTD requires Spanning-Tree protection to prevent switching loops. They also want PortFast configured on all access ports:

1. Configure MST:


− All other VLANs are to share an instance of 0.

− Collapsed-Core should be the primary MST root bridge.





Inter-VLAN Routing

To enable inter-VLAN routing, GTD requires the Collapsed-Core switch to be configured to support SVIs:


− VLAN 1 – 10.0.1.0/24

− VLAN 10 – 10.0.10.0/24

− VLAN 20 – 10.0.20.0/24

− VLAN 30 – 10.0.30.0/24



2. Configure Switched Virtual Interfaces (SVIs) on the Collapsed-Core switch for each VLAN to enable inter-VLAN routing.

3. Configure a valid IP address for Host 1 in VLAN 10, Host 2 in VLAN 20, and the Server in VLAN 30.


RSPAN Monitoring

GTD requires remote monitoring of multiple switches across a network using RSPAN:

1. Protocol analysis software such as the Fluke Protocol Inspector should be loaded and running on a host that will act as the Remote Monitor (RMON).

2. Create an RSPAN session using a source port of Fa0/12 on Access2 to monitor traffic in both directions.

3. The destination for the monitoring session will be port Fa0/14 on the Collapsed-Core switch.

4. Generate pings between Host 1 and Host 2:

− The Layer 3 traffic generated by Host 1 should be forwarded to the remote monitor.

Security

GTD requires secure access to the network resources:

1. Create a logon username and clear text password on each switch for Help Desk users:

− The Help Desk staff is given user-level access.

2. Create a logon username and clear text password on each switch for administrators:

− Network administrators must be automatically granted the highest privilege of access once logged into a switch.

3. Ensure these security measures are applied to all console and virtual terminal sessions.

4. To prevent bystanders from reading passwords, configure all network devices to encrypt the clear text passwords.

5. Configure port-security on Access1 port Fa 0/12 so that only the connected workstation can access the network:

− Use the MAC address of the currently connected workstation.

− If another workstation connects to the secured port, the port must shut down.


Check List


2 Verify the operation of the RSPAN session.

3 Verify that all passwords are encrypted.

4 Verify that the redundant links are operational by disconnecting each of the EtherChannels between Access1, Access2, and Collapsed-Core in turn and ensuring that connectivity is maintained.

5 Make sure that the host attached to Port 0/12 on Access1 has connectivity only if the workstation has the appropriate MAC address.

6 Ensure that Host 1 and Host 2 can ping each other and the ISP loopback interface 1.1.1.1.




ISP#show running-config Building configuration... Current configuration : 740 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname ISP ! ! memory-size iomem 10 ip subnet-zero ! ! ! ! call rsvp-sync ! ! ! ! ! ! controller T1 1/0 framing sf linecode ami ! ! ! interface Loopback0 ip address 1.1.1.1 255.255.255.0 ! interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 speed 100 full-duplex ! interface Serial0/0 no ip address shutdown no fair-queue ! interface BRI0/0


no ip address encapsulation hdlc shutdown ! interface Serial0/1 no ip address shutdown ! ip classless ip route 10.0.0.0 255.0.0.0 192.168.1.2 no ip http server ! ! ! dial-peer cor custom ! ! ! ! ! line con 0 line aux 0 line vty 0 4 password cisco login ! end ISP#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 1.0.0.0/24 is subnetted, 1 subnets C 1.1.1.0 is directly connected, Loopback0 S 10.0.0.0/8 [1/0] via 192.168.1.2 C 192.168.1.0/24 is directly connected, FastEthernet0/0 ISP#


Collapsed-Core#show running-config Building configuration... Current configuration : 5506 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname Collapsed-Core ! enable secret 5 $1$N2K7$65K06nMtvIXTbiAE2OEEA. ! username helpdesk password 7 121A0C041104 username admin privilege 15 password 7 121A0C041104 ip subnet-zero ip routing ! ! ! spanning-tree mode mst spanning-tree extend system-id ! spanning-tree mst configuration instance 1 vlan 1-99 ! spanning-tree mst 0 priority 24576 spanning-tree mst 1 priority 24576 ! ! ! interface Port-channel1 switchport trunk encapsulation dot1q switchport mode trunk no ip address ! interface Port-channel2 switchport trunk encapsulation dot1q switchport mode trunk no ip address ! interface FastEthernet0/1 switchport access vlan 10 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/2 switchport access vlan 10 switchport mode access no ip address duplex full speed 100 spanning-tree portfast


spanning-tree bpduguard enable ! interface FastEthernet0/3 switchport access vlan 20 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/4 switchport access vlan 20 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/5 switchport trunk encapsulation dot1q switchport mode trunk no ip address duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/6 switchport trunk encapsulation dot1q switchport mode trunk no ip address duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/7 switchport trunk encapsulation dot1q switchport mode trunk no ip address duplex full speed 100 udld port channel-group 2 mode on ! interface FastEthernet0/8 switchport trunk encapsulation dot1q switchport mode trunk no ip address duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/9 switchport access vlan 30 switchport mode access no ip address duplex full speed 100 spanning-tree portfast


spanning-tree bpduguard enable ! interface FastEthernet0/10 switchport access vlan 30 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/11 switchport access vlan 30 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/12 switchport access vlan 30 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/13 description - Switch port connecting to the Border router no switchport ip address 192.168.1.2 255.255.255.0 duplex full speed 100 ! interface FastEthernet0/14 switchport access vlan 30 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/15 switchport access vlan 30 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/16 switchport access vlan 30 switchport mode access no ip address duplex full speed 100


spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/17 switchport access vlan 30 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/18 switchport access vlan 30 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/19 switchport access vlan 30 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/20 switchport access vlan 30 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/21 switchport access vlan 30 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/22 switchport access vlan 30 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/23 switchport access vlan 30 switchport mode access


no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/24 switchport access vlan 30 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet0/1 no ip address ! interface GigabitEthernet0/2 no ip address ! interface Vlan1 ip address 10.0.1.1 255.255.255.0 ! interface Vlan10 ip address 10.0.10.1 255.255.255.0 ! interface Vlan20 ip address 10.0.20.1 255.255.255.0 ! interface Vlan30 ip address 10.0.30.1 255.255.255.0 ! router eigrp 100 network 10.0.0.0 network 192.168.1.0 auto-summary no eigrp log-neighbor-changes ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.1.1 ip http server ! ! ! line con 0 login local line vty 0 4 login local line vty 5 15 password 7 00071A150754 login local ! ! monitor session 1 destination interface Fa0/14 monitor session 1 source remote vlan 99 end Collapsed-Core#


Collapsed-Core#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 192.168.1.1 to network 0.0.0.0 10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks C 10.0.10.0/24 is directly connected, Vlan10 D 10.0.0.0/8 is a summary, 01:18:43, Null0 C 10.0.1.0/24 is directly connected, Vlan1 C 10.0.30.0/24 is directly connected, Vlan30 C 10.0.20.0/24 is directly connected, Vlan20 C 192.168.1.0/24 is directly connected, FastEthernet0/13 S* 0.0.0.0/0 [1/0] via 192.168.1.1 Collapsed-Core#



Building configuration... Current configuration : 4293 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname Access1 ! enable secret 5 $1$74L3$J/lcu97P0VuzC7q5AEVQO/ ! username helpdesk password 7 1511021F0725 username admin privilege 15 password 7 060506324F41 ip subnet-zero ! ! ! spanning-tree mode mst no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! spanning-tree mst configuration instance 1 vlan 1-30 ! spanning-tree mst 0 priority 28672 spanning-tree mst 1 priority 28672 ! ! interface Port-channel1 switchport mode trunk flowcontrol send off ! interface Port-channel2 switchport mode trunk flowcontrol send off ! interface FastEthernet0/1 switchport access vlan 20 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/2 switchport access vlan 20 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/3 switchport mode trunk


duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/4 switchport mode trunk duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/5 switchport mode trunk duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/6 switchport mode trunk duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/7 switchport access vlan 30 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/8 switchport access vlan 30 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/9 switchport access vlan 30 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/10 switchport access vlan 10 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/11 switchport access vlan 10 switchport mode access duplex full speed 100 spanning-tree portfast


spanning-tree bpduguard enable ! interface FastEthernet0/12 switchport access vlan 10 switchport mode access switchport port-security switchport port-security mac-address 0008.74e2.1a28 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/13 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/14 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/15 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/16 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/17 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/18 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/19 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable


! interface FastEthernet0/20 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/21 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/22 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/23 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/24 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip address 10.0.1.11 255.255.255.0 no ip route-cache ! ip default-gateway 10.0.1.1 ip http server ! ! line con 0 login local line vty 0 4 login local line vty 5 15 login local ! end Access1#


Access2#show running-config Building configuration... Current configuration : 4234 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname Access2 ! enable secret 5 $1$zBbJ$vp53ypV7w7jbrQg6xLb2Z/ ! username helpdesk password 7 121A0C041104 username admin privilege 15 password 7 05080F1C2243 ip subnet-zero ! ! ! spanning-tree mode mst no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! spanning-tree mst configuration instance 1 vlan 1-99 ! ! ! interface Port-channel1 switchport mode trunk flowcontrol send off ! interface Port-channel2 switchport mode trunk flowcontrol send off ! interface FastEthernet0/1 switchport access vlan 10 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/2 switchport access vlan 10 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/3 switchport mode trunk


duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/4 switchport mode trunk duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/5 switchport mode trunk duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/6 switchport mode trunk duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/7 switchport access vlan 30 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/8 switchport access vlan 30 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/9 switchport access vlan 30 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/10 switchport access vlan 20 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/11 switchport access vlan 20 switchport mode access duplex full speed 100 spanning-tree portfast


spanning-tree bpduguard enable ! interface FastEthernet0/12 switchport access vlan 20 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/13 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/14 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/15 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/16 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/17 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/18 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/19 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/20


switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/21 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/22 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/23 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/24 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 no ip address no ip route-cache ! ip default-gateway 10.0.1.1 ip http server ! ! line con 0 login local line vty 0 4 login local line vty 5 15 login local ! ! monitor session 1 source interface Fa0/12 monitor session 1 destination remote vlan 99 reflector-port Fa0/24 end Access2#



Collapsed-Core#show spanning-tree Collapsed-Core#show spanning-tree MST00 Spanning tree enabled protocol mstp Root ID Priority 24576 Address 000d.ed5f.8e00 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 24576 (priority 24576 sys-id-ext 0) Address 000d.ed5f.8e00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Po1 Desg FWD 100000 128.65 P2p Bound(RSTP) MST01 Spanning tree enabled protocol mstp Root ID Priority 24577 Address 000d.ed5f.8e00 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 24577 (priority 24576 sys-id-ext 1) Address 000d.ed5f.8e00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Po1 Boun FWD 100000 128.65 P2p Bound(RSTP) Collapsed-Core# Access1#show spanning-tree MST00 Spanning tree enabled protocol mstp Root ID Priority 24576 Address 000d.ed5f.8e00 Cost 100000 Port 65 (Port-channel1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 28672 (priority 28672 sys-id-ext 0) Address 000e.838c.5800 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Fa0/12 Desg FWD 200000 128.12 Edge P2p Po1 Root FWD 100000 128.65 P2p Bound(RSTP)


MST01 Spanning tree enabled protocol mstp Root ID Priority 28673 Address 000e.838c.5800 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 28673 (priority 28672 sys-id-ext 1) Address 000e.838c.5800 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Fa0/12 Desg FWD 200000 128.12 Edge P2p Po1 Boun FWD 100000 128.65 P2p Bound(RSTP) Access1#

Access2#show spanning-tree MST00 Spanning tree enabled protocol mstp Root ID Priority 32768 Address 000e.838c.57c0 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32768 (priority 32768 sys-id-ext 0) Address 000e.838c.57c0 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Fa0/12 Desg FWD 200000 128.12 Edge P2p MST01 Spanning tree enabled protocol mstp Root ID Priority 32769 Address 000e.838c.57c0 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 000e.838c.57c0 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Fa0/12 Desg FWD 200000 128.12 Edge P2p Access2#


Verifying VTP Verify the status of VTP on all switches with the show vlan brief and the show vtp status command: Collapsed-Core#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/7, Fa0/8, Gi0/1, Gi0/2 10 ADMIN active Fa0/1, Fa0/2 20 SALES active Fa0/3, Fa0/4 30 SERVERS active Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/14, Fa0/15, Fa0/16, Fa0/17 Fa0/18, Fa0/19, Fa0/20, Fa0/21 Fa0/22, Fa0/23, Fa0/24 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active Collapsed-Core# Collapsed-Core#show vtp status Collapsed-Core#show vtp status VTP Version : 2 Configuration Revision : 1 Maximum VLANs supported locally : 1005 Number of existing VLANs : 8 VTP Operating Mode : Server VTP Domain Name : GEOTECH VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x76 0xAA 0xA2 0xCD 0x7D 0x53 0x21 0xDC Configuration last modified by 10.0.1.1 at 3-1-93 02:20:06 Local updater ID is 10.0.1.1 on interface Vl1 (lowest numbered VLAN interface found) Collapsed-Core# Access1#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/5, Fa0/6, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/2 10 ADMIN active Fa0/10, Fa0/11, Fa0/12 20 SALES active Fa0/1, Fa0/2 30 SERVERS active Fa0/7, Fa0/8, Fa0/9 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup Access1# Access1#show vtp stat


VTP Version : 2 Configuration Revision : 1 Maximum VLANs supported locally : 250 Number of existing VLANs : 8 VTP Operating Mode : Server VTP Domain Name : GEOTECH VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x76 0xAA 0xA2 0xCD 0x7D 0x53 0x21 0xDC Configuration last modified by 10.0.1.1 at 3-1-93 02:20:06 Local updater ID is 10.0.1.11 on interface Vl1 (lowest numbered VLAN interface found) Access1# Access2#show vlan brief

Access2#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gi0/1, Gi0/2 10 ADMIN active Fa0/1, Fa0/2 20 SALES active Fa0/10, Fa0/11, Fa0/12 30 SERVERS active Fa0/7, Fa0/8, Fa0/9 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup Access2# Access2# show vtp status Access2#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 250 Number of existing VLANs : 8 VTP Operating Mode : Client VTP Domain Name : GEOTECH VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xDA 0x1D 0xFB 0x99 0x30 0x92 0xF2 0xB5 Configuration last modified by 10.0.1.1 at 3-1-93 00:31:54 Access2#


Verifying Port Security Verify that the host attached to Port 0/12 on Access1 has connectivity only if the workstation has the appropriate MAC address with the show port-security interface Fa 0/12 command:

Access1#show port-security interface fa 0/12 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 1 Sticky MAC Addresses : 0 Last Source Address : 0000.0000.0000 Security Violation Count : 0 Access1#

From the host, ping the loopback address:

Connect a different host to the Fa0/12 port on Access1. Within a minute, the port should disable itself since the MAC address of the host has changed. Informational messages generated should be similar to the following:

Access1# 03:50:21: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/12, putting Fa0/12 in err-disable state 03:50:21: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0050.bab2.1f68 on port FastEthernet0/12. 03:50:22: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/12, changed state to down 03:50:23: %LINK-3-UPDOWN: Interface FastEthernet0/12, changed state to down


Issue the show port-security interface fa0/12 command again. Notice that the security violation count is now one: Access1#show port-security interface fa 0/12 Port Security : Enabled Port Status : Secure-shutdown Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 1 Sticky MAC Addresses : 0 Last Source Address : 0050.bab2.1f68 Security Violation Count : 1 Access1#


Verifying RSPAN Configuration Verify the RSPAN configuration with the show monitor session all command:

Collapsed-Core#show monitor session all Session 1 --------- Type : Remote Destination Session Source RSPAN VLAN : 99 Destination Ports : Fa0/14 Encapsulation: Native Ingress: Disabled Collapsed-Core# Access2#show monitor session all Session 1 --------- Type : Remote Source Session Source Ports : Both : Fa0/12 Reflector Port : Fa0/24 Dest RSPAN VLAN: 99 Access2#


hardrock hallelujah3 v4.0

Documents