Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • CCNP3 (BCMSN) Case Study 2

    Încărcat de

    arbabnazar786
    1K vizualizări4 pagini

    Titlu original

    CCNP3 (BCMSN) case study 2

    Drepturi de autor

    © Attribution Non-Commercial (BY-NC)

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    1K vizualizări4 pagini

    CCNP3 (BCMSN) Case Study 2

    Încărcat de

    arbabnazar786

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 4

    Case Study 2 Voice and Security in a Switched Network

     Disable the links between the access layer switches.

    DS1(config)#interface range fa 0/7 - 10


    DS1(config-if-range)#sh

    DS2(config)#interface range fa 0/7 - 10


    DS2(config-if-range)#sh

    AS1(config)#interface range fa 0/7 - 10


    AS1(config-if-range)#sh

    AS2(config)#interface range fa 0/7 - 10


    AS2(config-if-range)#sh

     Place all switches in the VTP domain CISCO and set them all to VTP mode
    transparent.

    DS1(config)#vtp domain CISCO


    DS1(config)#vtp mode transparent

    DS2(config)#vtp domain CISCO


    DS2(config)#vtp mode transparent

    AS1(config)#vtp domain CISCO


    AS1(config)#vtp mode transparent

    AS2(config)#vtp domain CISCO

    Arbab Nazar
    Network Engineer
    B.Sc. CE, M.Sc. Computer Networks
    AS2(config)#vtp mode transparent

     Make sure that all inter-switch links are statically set as 802.1q links.

    Check it by SHOW RUN command; otherwise configure it by using the


    commands provided in case study 1

     Create VLANs 10 and 200 on all switche s. Give DLS1 and DLS2 SVIs in VLAN
    10 and assign addresses in the 172.16.10.0/24 subnet.

    DS1(config)#vlan 10
    DS1(config-vlan)#exit
    DS1(config)#vlan 200
    DS1(config-vlan)#exit

    DS1(config)#interface vlan 10
    DS1(config-if)#ip add 172.16.10.1 255.255.255.0
    DS1(config-if)#no sh
    DS1(config-if)#exit

    DS2(config)#vlan 10
    DS2(config-vlan)#exit
    DS2(config)#vlan 200
    DS2(config-vlan)#exit

    DS2(config)#interface vlan 10
    DS2(config-if)#ip add 172.16.10.2 255.255.255.0
    DS2(config-if)#no sh
    DS2(config-if)#exit

    AS1(config)#vlan 10
    AS1(config-vlan)#exit
    AS1(config)#vlan 200
    AS1(config-vlan)#exit

    AS2(config)#vlan 10
    AS2(config-vlan)#exit
    AS2(config)#vlan 200
    AS2(config-vlan)#exit

     Configure DLS1 and DLS2 to use HSRP on the 172.16.10.0/24 subnet. Make
    DLS1 the primary gateway, and enable preemption on both switches.
    DS1(config)#interface vlan 10
    DS1(config-if)#standby 10 ip 172.16.10.3
    Arbab Nazar
    Network Engineer
    B.Sc. CE, M.Sc. Computer Networks
    DS1(config-if)#standby 10 priority 150
    DS1(config-if)#standby 10 preempt

    DS2(config)#interface vlan 10
    DS2(config-if)# standby 10 ip 172.16.10.3
    DS2(config-if)# standby 10 preempt

     Place ports Fa0/15 through Fa0/20 in VLAN 10 on both access layer switches.

    AS1(config)#interface range fa 0/15 - 20


    AS1(config-if-range)#switchport mode access
    AS1(config-if-range)#switchport access vlan 10
    AS1(config-if-range)#no sh
    AS1(config-if-range)#exit

    AS2(config)#interface range fa 0/15 - 20


    AS2(config-if-range)#switchport mode access
    AS2(config-if-range)#switchport access vlan 10
    AS2(config-if-range)#no sh
    AS2(config-if-range)#exit

     Enable PortFast on all access ports.

    AS1(config)#spanning -tree portfast default

    AS2(config)#spanning -tree portfast default

    DS1(config)#spanning -tree portfast default

    DS2(config)#spanning -tree portfast default

     Enable QoS on all switches involved in the scenario.

    AS1(config)#mls qos

    AS2(config)#mls qos

    DS1(config)#mls qos

    DS2(config)#mls qos


    Arbab Nazar
    Network Engineer
    B.Sc. CE, M.Sc. Computer Networks
     Configure ALS1 F0/15 and F0/16 for using Cisco IP phones with a voice VLAN of
    200 and trust the IP phone CoSe s.

    AS1(config)#interface range fa0/15 -16


    AS1(config-if-range)#switchport voice vlan 200
    AS1(config-if-range)#auto qos voip cisco -phone
    AS1(config-if-range)#exit

    DS1(config)#interface range fa0/7 - 8


    DS1(config-if-range)#auto qos voip trust
    DS1(config-if-range)#exit

    DS2(config)#interface range fa 0/9 -10


    DS2(config-if-range)#auto qos voip trust
    DS2(config-if-range)#exit

     Configure ALS1 F0/18 through F0/20 for port security. Allow only up to three
    MAC addresses to be learned on each port and then drop any traffic from other
    MAC addresses.

    AS1(config)#interface range fa0/18 - 20


    AS1(config-if-range)#switchport port -security
    AS1(config-if-range)#switchport port -security maximum 3
    AS1(config-if-range)#switchport port -security mac-address sticky
    AS1(config-if-range)#switchport port -security violation restrict
    AS1(config-if-range)#exit

     Configure ALS2 F0/18 to only allows the MAC address 1234.1234 .1234 and to
    shut down if a violation occurs.

    AS2(config)#int fa0/18
    AS2(config-if)#switchport port-security
    AS2(config-if)#switchport port-security maximum 1
    AS2(config-if)#switchport port-security mac-address 1234.1234.1234
    AS2(config-if)#switchport port-security violation shutdown
    AS2(config-if)#exit

    Arbab Nazar
    Network Engineer
    B.Sc. CE, M.Sc. Computer Networks

    S-ar putea să vă placă și