Documente Academic
Documente Profesional
Documente Cultură
Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors in the CCNP 3: Multilayer Switching course as part of an official Cisco Networking Academy Program.
Scenario
Yoshida Heavy Industries (YHI) requires a network setup for a new branch office. The network design calls for Layer 2 EtherChannels, trunk ports, access ports, and routed ports using Catalyst 2950 and 3550 switches and Cisco 2600 series routers. YHI also requires a fault tolerant Internet link. Therefore, a backup link to the ISP is required. The backup link will become active only if access to the Internet through the 3550 switch is lost due to failures. The branch office staff consists of an accountant, a secretary, a manager, delivery drivers, and salespeople. Yoshida management expects staffing at this branch office to double in the first year of operation. The accountant, the secretary, and the manager will have their PCs connected to VLAN 10 on Access1. The delivery drivers and the salespeople will have their PCs connected to VLAN 20 on Access2. The branch office servers will be connected to VLAN 30 on Collapsed-Core. All Layer 2 control protocol traffic is sent and received on default management VLAN 1.
Copyright 2004, Cisco Systems, Inc.
1 - 82
Multiple Instance Spanning Tree Protocol (MST) will be used in combination with PortFast and BPDU Guard. Multiple HSRP groups will be implemented so that exactly one router is active at any given time for all VLANs. Router-on-a-stick will be implemented to allow interVLAN routing when Backup is the active HSRP router. Redundancy will be implemented by using Spanning Tree, HSRP, and independent connections to the ISP.
Generic Tasks
Physically connect the network devices according to the network diagram. Ensure that the correct cables are connected to the appropriate ports. On all devices, configure the following: Telnet support with the password cisco The privileged EXEC mode password cisco
2. Configure Fast EtherChannel IEEE 802.1Q trunks as pictured in the network diagram, between the Collapsed-Core switch and the Access1 and Access2 switches. 3. Configure the VLAN 1 management VLAN on all the switches using the network 10.0.1.0/24. Ensure that the switches can ping each other using their management VLAN IP addresses and troubleshoot if necessary.
4. Create VLANs 10, 20, and 30 in the VTP domain: VLANs 10, 20, and 30 should be named ADMIN, DRIVERS, and SERVERS respectively.
5. Configure interfaces as access ports in VLANs as follows: VLAN 10 Collapsed-Core Access1 Access2
Fa0/1 - 2 Fa0/10 - 12 Fa0/1 - 2
VLAN 20
Fa0/3 - 4 Fa0/1 2 Fa0/10 - 12
VLAN 30
Fa0/9 - 12, Fa0/14 24 Fa0/8 9 Fa0/7 9
2 - 82
Spanning-Tree
YHI requires Spanning-Tree protection to prevent switching loops. They also want PortFast configured on all access ports: 1. Configure Multiple Instance Spanning Tree Protocol (MST): Configure an instance of 1 for VLANs 1 through 30. All other VLANs are to share an instance of 0. Collapsed-Core should be the primary MST root bridge. Access1 should be the secondary MST root bridge.
2. Configure PortFast: Enable PortFast for all non-trunk access ports. error-disabled state if an unauthorized device generating BPDUs is attached.
Configure each PortFast enabled port in the network so that it will transition to
2. Configure router-on-a stick between Access1 and Backup. 3. Configure Switched Virtual Interfaces (SVIs) on Collapsed-Core for each VLAN to enable inter-VLAN routing. 4. Configure a valid IP address for Host 1 in VLAN 10, Host 2 in VLAN 20, and Server in VLAN 30. 5. Configure HSRP on Backup and Collapsed-Core so that Collapsed-Core is the active router for all VLANs. Include the preempt option in the configuration. 6. Configure HSRP interface tracking so that Backup becomes the active router if the FastEthernet link between Collapsed-Core and ISP goes down.
3 - 82 CCNP 3: Multilayer Switching v 4.0 Skills-Based Assessment Version 1 - Solutions Copyright 2004, Cisco Systems, Inc.
Check List
1 2
Verify that MST is enabled. Ensure that Host 1, Host 2, and Server can ping each other. Verify HSRP with continuous pings to test that Host 1 and Host 2 can reach the loopback address 1.1.1.1/24 whenever any combination of cables is disconnected from the following ports on Collapsed-Core: Fa0/5 Fa0/6 Fa0/7 Fa0/8 Fa0/13
4 - 82
ISP#show running-config
Building configuration... Current configuration : 797 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname ISP ! ! memory-size iomem 10 ip subnet-zero ! ! ! ! call rsvp-sync ! ! ! ! ! ! controller T1 1/0 framing sf linecode ami ! ! ! interface Loopback0 ip address 1.1.1.1 255.255.255.0 ! interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 speed 100 full-duplex ! interface Serial0/0 ip address 192.168.0.1 255.255.255.0 no fair-queue clockrate 64000 ! interface BRI0/0 no ip address encapsulation hdlc shutdown
5 - 82 CCNP 3: Multilayer Switching v 4.0 Skills-Based Assessment Version 1 - Solutions Copyright 2004, Cisco Systems, Inc.
! interface Serial0/1 no ip address shutdown ! ip classless ip route 10.0.0.0 255.0.0.0 192.168.1.2 10 ip route 10.0.0.0 255.0.0.0 192.168.0.2 20 ip http server ! ! ! dial-peer cor custom ! ! ! ! ! line con 0 line aux 0 line vty 0 4 login ! end ISP#
ISP#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 1.0.0.0/24 is subnetted, 1 subnets C 1.1.1.0 is directly connected, Loopback0 S 10.0.0.0/8 [10/0] via 192.168.1.2 C 192.168.0.0/24 is directly connected, Serial0/0 C 192.168.1.0/24 is directly connected, FastEthernet0/0 ISP#
6 - 82
Backup#show running-config
Building configuration... Current configuration : 1172 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Backup ! ! memory-size iomem 10 ip subnet-zero ! ! ! ! call rsvp-sync ! ! ! ! ! ! ! ! interface FastEthernet0/0 no ip address speed 100 full-duplex ! interface FastEthernet0/0.1 encapsulation dot1Q 1 native ip address 10.0.1.3 255.255.255.0 standby 1 ip 10.0.1.1 standby 1 preempt ! interface FastEthernet0/0.10 encapsulation dot1Q 10 ip address 10.0.10.3 255.255.255.0 standby 10 ip 10.0.10.1 standby 10 preempt ! interface FastEthernet0/0.20 encapsulation dot1Q 20 ip address 10.0.20.3 255.255.255.0 standby 20 ip 10.0.20.1 standby 20 preempt ! interface FastEthernet0/0.30 encapsulation dot1Q 30 ip address 10.0.30.3 255.255.255.0 standby 30 ip 10.0.30.1 standby 30 preempt !
7 - 82 CCNP 3: Multilayer Switching v 4.0 Skills-Based Assessment Version 1 - Solutions Copyright 2004, Cisco Systems, Inc.
interface Serial0/0 ip address 192.168.0.2 255.255.255.0 no fair-queue ! interface BRI0/0 no ip address encapsulation hdlc shutdown ! interface Serial0/1 no ip address shutdown ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.0.1 ip http server ! ! ! dial-peer cor custom ! ! ! ! ! line con 0 exec-timeout 0 0 line aux 0 line vty 0 4 login ! end
Backup#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 192.168.0.1 to network 0.0.0.0 10.0.0.0/24 is subnetted, 4 subnets 10.0.10.0 is directly connected, FastEthernet0/0.10 10.0.1.0 is directly connected, FastEthernet0/0.1 10.0.30.0 is directly connected, FastEthernet0/0.30 10.0.20.0 is directly connected, FastEthernet0/0.20 192.168.0.0/24 is directly connected, Serial0/0 0.0.0.0/0 [1/0] via 192.168.0.1
C C C C C S*
Backup#
8 - 82
Collapsed-Core#show running-config
Building configuration... Current configuration : 5153 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Collapsed-Core ! ! ip subnet-zero ip routing ! ! ! spanning-tree mode mst spanning-tree extend system-id ! spanning-tree mst configuration instance 1 vlan 1-30 ! spanning-tree mst 0 priority 24576 spanning-tree mst 1 priority 24576 ! ! ! interface Port-channel1 switchport trunk encapsulation dot1q switchport mode trunk no ip address ! interface Port-channel2 switchport trunk encapsulation dot1q switchport mode trunk no ip address ! interface FastEthernet0/1 switchport access vlan 10 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/2 switchport access vlan 10 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/3
9 - 82 CCNP 3: Multilayer Switching v 4.0 Skills-Based Assessment Version 1 - Solutions Copyright 2004, Cisco Systems, Inc.
switchport access vlan 20 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/4 switchport access vlan 20 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/5 switchport trunk encapsulation switchport mode trunk no ip address duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/6 switchport trunk encapsulation switchport mode trunk no ip address duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/7 switchport trunk encapsulation switchport mode trunk no ip address duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/8 switchport trunk encapsulation switchport mode trunk no ip address duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/9 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/10 switchport access vlan 30 no ip address duplex full speed 100
10 - 82
dot1q
dot1q
dot1q
dot1q
spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/11 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/12 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/13 no switchport ip address 192.168.1.2 255.255.255.0 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/14 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/15 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/16 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/17 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/18
11 - 82 CCNP 3: Multilayer Switching v 4.0 Skills-Based Assessment Version 1 - Solutions Copyright 2004, Cisco Systems, Inc.
switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/19 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/20 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/21 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/22 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/23 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/24 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet0/1 no ip address ! interface GigabitEthernet0/2 no ip address
12 - 82 CCNP 3: Multilayer Switching v 4.0 Skills-Based Assessment Version 1 - Solutions Copyright 2004, Cisco Systems, Inc.
! interface Vlan1 ip address 10.0.1.2 255.255.255.0 no ip redirects standby 1 ip 10.0.1.1 standby 1 priority 200 standby 1 preempt standby 1 track FastEthernet0/13 150 ! interface Vlan10 ip address 10.0.10.2 255.255.255.0 no ip redirects standby 10 ip 10.0.10.1 standby 10 priority 200 standby 10 preempt standby 10 track FastEthernet0/13 150 ! interface Vlan20 ip address 10.0.20.2 255.255.255.0 no ip redirects standby 20 ip 10.0.20.1 standby 20 priority 200 standby 20 preempt standby 20 track FastEthernet0/13 150 ! interface Vlan30 ip address 10.0.30.2 255.255.255.0 no ip redirects standby 30 ip 10.0.30.1 standby 30 priority 200 standby 30 preempt standby 30 track FastEthernet0/13 150 ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.1.1 ip http server ! ! ! line con 0 line vty 0 4 login line vty 5 15 login ! end Collapsed-Core# Collapsed-Core#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 192.168.1.1 to network 0.0.0.0 10.0.0.0/24 is subnetted, 4 subnets
13 - 82 CCNP 3: Multilayer Switching v 4.0 Skills-Based Assessment Version 1 - Solutions Copyright 2004, Cisco Systems, Inc.
C C C C C S*
10.0.10.0 is directly connected, Vlan10 10.0.1.0 is directly connected, Vlan1 10.0.30.0 is directly connected, Vlan30 10.0.20.0 is directly connected, Vlan20 192.168.1.0/24 is directly connected, FastEthernet0/13 0.0.0.0/0 [1/0] via 192.168.1.1
Collapsed-Core#
14 - 82
Access1#show running-config
Building configuration... Access1#show run Building configuration... 02:14:26: %SYS-5-CONFIG_I: Configured from console by console Current configuration : 3539 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Access1 ! ! ip subnet-zero ! ! ! spanning-tree mode mst no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! spanning-tree mst configuration instance 1 vlan 1-30 ! spanning-tree mst 0 priority 28672 spanning-tree mst 1 priority 28672 ! ! interface Port-channel1 switchport mode trunk flowcontrol send off ! interface Port-channel2 switchport mode trunk flowcontrol send off ! interface FastEthernet0/1 switchport access vlan 20 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/2 switchport access vlan 20 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/3 switchport mode trunk duplex full speed 100
15 - 82 CCNP 3: Multilayer Switching v 4.0 Skills-Based Assessment Version 1 - Solutions Copyright 2004, Cisco Systems, Inc.
channel-group 1 mode on ! interface FastEthernet0/4 switchport mode trunk duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/5 switchport mode trunk duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/6 switchport mode trunk duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/7 switchport mode trunk duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/8 switchport access vlan 30 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/9 switchport access vlan 30 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/10 switchport access vlan 10 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/11 switchport access vlan 10 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/12 switchport access vlan 10 duplex full speed 100 spanning-tree portfast
16 - 82 CCNP 3: Multilayer Switching v 4.0 Skills-Based Assessment Version 1 - Solutions Copyright 2004, Cisco Systems, Inc.
spanning-tree bpduguard enable ! interface FastEthernet0/13 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/14 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/15 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/16 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/17 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/18 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/19 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/20 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/21 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/22 duplex full speed 100 spanning-tree portfast
17 - 82 CCNP 3: Multilayer Switching v 4.0 Skills-Based Assessment Version 1 - Solutions Copyright 2004, Cisco Systems, Inc.
spanning-tree bpduguard enable ! interface FastEthernet0/23 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/24 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip address 10.0.1.11 255.255.255.0 no ip route-cache ! ip http server ! ! line con 0 line vty 0 4 login line vty 5 15 login ! end Access1#
18 - 82
Access2#show running-config
Building configuration... Current configuration : 3473 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Access2 ! ! ip subnet-zero ! ! ! spanning-tree mode mst no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! spanning-tree mst configuration instance 1 vlan 1-30 ! ! ! interface Port-channel1 switchport mode trunk flowcontrol send off ! interface Port-channel2 switchport mode trunk flowcontrol send off ! interface FastEthernet0/1 switchport access vlan 10 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/2 switchport access vlan 10 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/3 switchport mode trunk duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/4 switchport mode trunk
19 - 82 CCNP 3: Multilayer Switching v 4.0 Skills-Based Assessment Version 1 - Solutions Copyright 2004, Cisco Systems, Inc.
duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/5 switchport mode trunk duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/6 switchport mode trunk duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/7 switchport access vlan 30 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/8 switchport access vlan 30 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/9 switchport access vlan 30 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/10 switchport access vlan 20 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/11 switchport access vlan 20 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/12 switchport access vlan 20 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/13 duplex full
20 - 82 CCNP 3: Multilayer Switching v 4.0 Skills-Based Assessment Version 1 - Solutions Copyright 2004, Cisco Systems, Inc.
speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/14 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/15 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/16 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/17 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/18 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/19 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/20 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/21 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/22 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/23 duplex full
21 - 82 CCNP 3: Multilayer Switching v 4.0 Skills-Based Assessment Version 1 - Solutions Copyright 2004, Cisco Systems, Inc.
speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/24 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip address 10.0.1.12 255.255.255.0 no ip route-cache ! ip http server ! ! line con 0 line vty 0 4 login line vty 5 15 login ! end Access2#
22 - 82
Collapsed-Core#show spanning-tree
MST00 Spanning tree enabled protocol mstp Root ID Priority 24576 Address 000d.ed5f.8e00 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Role ---Desg Desg
24576 (priority 24576 sys-id-ext 0) 000d.ed5f.8e00 2 sec Max Age 20 sec Forward Delay 15 sec Cost --------100000 100000 Prio.Nbr -------128.65 128.66 Type -------------------------------P2p P2p
MST01 Spanning tree enabled protocol mstp Root ID Priority 24577 Address 000d.ed5f.8e00 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Role ---Desg Desg
24577 (priority 24576 sys-id-ext 1) 000d.ed5f.8e00 2 sec Max Age 20 sec Forward Delay 15 sec Cost --------100000 100000 Prio.Nbr -------128.65 128.66 Type -------------------------------P2p P2p
Access1#show spanning-tree
MST00 Spanning tree enabled protocol mstp Root ID Priority 24576 Address 000d.ed5f.8e00 Cost 0 Port 65 (Port-channel1) Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Role ---Desg Desg Root Desg
28672 (priority 28672 sys-id-ext 0) 000e.838c.5800 2 sec Max Age 20 sec Forward Delay 15 sec Cost --------200000 200000 100000 100000 Prio.Nbr -------128.7 128.12 128.65 128.66 Type -------------------------------P2p Edge P2p P2p P2p
23 - 82
MST01 Spanning tree enabled protocol mstp Root ID Priority 24577 Address 000d.ed5f.8e00 Cost 100000 Port 65 (Port-channel1) Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Role ---Desg Desg Root Desg
28673 (priority 28672 sys-id-ext 1) 000e.838c.5800 2 sec Max Age 20 sec Forward Delay 15 sec Cost --------200000 200000 100000 100000 Prio.Nbr -------128.7 128.12 128.65 128.66 Type -------------------------------P2p Edge P2p P2p P2p
Access1#
Access2#show spanning-tree
MST00 Spanning tree enabled protocol mstp Root ID Priority 24576 Address 000d.ed5f.8e00 Cost 0 Port 65 (Port-channel1) Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Role ---Desg Root Altn
32768 (priority 32768 sys-id-ext 0) 000e.838c.57c0 2 sec Max Age 20 sec Forward Delay 15 sec Cost --------200000 100000 100000 Prio.Nbr -------128.12 128.65 128.66 Type -------------------------------Edge P2p P2p P2p
MST01 Spanning tree enabled protocol mstp Root ID Priority 24577 Address 000d.ed5f.8e00 Cost 100000 Port 65 (Port-channel1) Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Role ---Desg Root Altn
32769 (priority 32768 sys-id-ext 1) 000e.838c.57c0 2 sec Max Age 20 sec Forward Delay 15 sec Cost --------200000 100000 100000 Prio.Nbr -------128.12 128.65 128.66 Type -------------------------------Edge P2p P2p P2p
24 - 82
Verifying VTP
Verify the status of VTP on all switches with the show vlan brief and the show vtp status command:
Collapsed-Core#show vlan brief
VLAN ---1 10 20 30 Name -------------------------------default ADMIN DRIVERS SERVERS Status --------active active active active Ports ------------------------------Gi0/1, Gi0/2 Fa0/1, Fa0/2 Fa0/3, Fa0/4 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/14, Fa0/15, Fa0/16, Fa0/17 Fa0/18, Fa0/19, Fa0/20, Fa0/21 Fa0/22, Fa0/23, Fa0/24
: 2 : 9
Copyright 2004, Cisco Systems, Inc.
Maximum VLANs supported locally : 250 Number of existing VLANs : 8 VTP Operating Mode : Server VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xE5 0xB2 0x0A 0x3B 0x8D 0x58 0xFB 0xC5 Configuration last modified by 10.0.1.2 at 3-1-93 02:19:47 Local updater ID is 10.0.1.11 on interface Vl1 (lowest numbered VLAN interface found) Access1#
Access2# show vtp status VTP Version : 2 Configuration Revision : 8 Maximum VLANs supported locally : 250 Number of existing VLANs : 8 VTP Operating Mode : Client VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x82 0x79 0xEF 0x80 0x2C 0x2A 0x3E 0x28 Configuration last modified by 10.0.1.2 at 3-1-93 00:11:43 Access2#
26 - 82
Verifying HSRP
Verify the status of HSRP on both Backup and Collapsed-Core with either the show standby or the show standby brief command:
Collapsed-Core#show standby Vlan1 - Group 1 Local state is Active, priority 200, may preempt Hellotime 3 sec, holdtime 10 sec Next hello sent in 1.256 Virtual IP address is 10.0.1.1 configured Active router is local Standby router is 10.0.1.3 expires in 9.240 Virtual mac address is 0000.0c07.ac01 5 state changes, last state change 00:08:16 IP redundancy name is "hsrp-Vl1-1" (default) Priority tracking 1 interface or object, 1 up: Interface or object Decrement State FastEthernet0/13 150 Up Vlan10 - Group 10 Local state is Active, priority 200, may preempt Hellotime 3 sec, holdtime 10 sec Next hello sent in 0.198 Virtual IP address is 10.0.10.1 configured Active router is local Standby router is 10.0.10.3 expires in 7.628 Virtual mac address is 0000.0c07.ac0a 5 state changes, last state change 00:08:17 IP redundancy name is "hsrp-Vl10-10" (default) Priority tracking 1 interface or object, 1 up: Interface or object Decrement State FastEthernet0/13 150 Up Vlan20 - Group 20 Local state is Active, priority 200, may preempt Hellotime 3 sec, holdtime 10 sec Next hello sent in 2.208 Virtual IP address is 10.0.20.1 configured Active router is local Standby router is 10.0.20.3 expires in 7.544 Virtual mac address is 0000.0c07.ac14 5 state changes, last state change 00:08:20 IP redundancy name is "hsrp-Vl20-20" (default) Priority tracking 1 interface or object, 1 up: Interface or object Decrement State FastEthernet0/13 150 Up Vlan30 - Group 30 Local state is Active, priority 200, may preempt Hellotime 3 sec, holdtime 10 sec Next hello sent in 2.214 Virtual IP address is 10.0.30.1 configured Active router is local Standby router is 10.0.30.3 expires in 7.548 Virtual mac address is 0000.0c07.ac1e 5 state changes, last state change 00:08:22 IP redundancy name is "hsrp-Vl30-30" (default) Priority tracking 1 interface or object, 1 up: Interface or object Decrement State
27 - 82 CCNP 3: Multilayer Switching v 4.0 Skills-Based Assessment Version 1 - Solutions Copyright 2004, Cisco Systems, Inc.
FastEthernet0/13 Collapsed-Core#
150
Up
Backup#show standby brief P indicates configured to preempt. | Interface Grp Prio P State Active addr Standby addr Fa0/0.1 1 100 P Standby 10.0.1.2 local Fa0/0.10 10 100 P Standby 10.0.10.2 local Fa0/0.20 20 100 P Standby 10.0.20.2 local Fa0/0.30 30 100 P Standby 10.0.30.2 local Backup#
From a host, initiate a continuous ping to loopback interface 1.1.1.1. While the pings are active, unplug the Fa0/13 cable. The pings should become unsuccessful while HSRP is activating the Standby router. When the pings are successful again, re-connect the cable to Fa0/13 and the Active router should again go into standby mode. Here is a sample scenario:
28 - 82
Scenario
DropBear Industries (DBI) requires a network setup for a new branch office. The network design calls for VLANs, SVIs, Layer 2 EtherChannels, trunk ports, access ports, and routed ports using Catalyst 2950 and 3550 switches and a Cisco 2600 series router. DropBear has a low-bandwidth, 64-Kbps link to its ISP. Voice over IP will also be demonstrated for sales staff, to test the viability of integrating voice and data traffic in a single topology. Voice channels totaling 16 Kbps must have priority over non-voice traffic. For this reason, low-latency queuing needs to be configured on the link to the ISP. Host 2 will be used to simulate Voice over IP traffic that needs to be classified as time sensitive based on the source IP address. The branch office staff consists of an accountant, a secretary, a manager, delivery drivers, and salespeople. DropBear management expects staffing at this branch office to double in the first year of operation. The accountant, the secretary, and the manager will have their PCs connected to VLAN 10 on Access1. The salespeople will have their IP phones connected to VLAN 20 on Access2. The branch office servers will be connected to VLAN 30 on Collapsed-Core. All Layer 2 control protocol traffic is sent and received on VLAN 1.
29 - 82 CCNP 3: Multilayer Switching v 3.0 Skills-Based Assessment Version 2 - Solutions Copyright 2004, Cisco Systems, Inc.
Multiple Instance Spanning Tree Protocol (MST) will be used in combination with PortFast, and BPDU Guard. In the event of a trunk failure for either Access1 or Access2 to the Collapsed-Core switch, VLAN 20 phone traffic must have uninterrupted access to the Border router.
Generic Tasks
Physically connect the network devices according to the network diagram. Ensure that the correct cables are connected to the appropriate ports as labeled in the diagram. On all devices, configure the following: Telnet support The privileged EXEC mode password cisco
5. Create VLANs 10, 20, and 30 in the VTP domain: Name VLAN 10 ADMIN. Name VLAN 20 PHONE. Name VLAN 30 SERVERS.
VLAN 20
Fa0/3 - 4 Fa0/1 2 Fa0/10 - 12
VLAN 30
Fa0/9 - 12, Fa0/14 24 Fa0/7 9 Fa0/7 9
30 - 82
Spanning-Tree
DBI requires Spanning-Tree protection to ensure against switching loops. They also want PortFast configured on all access ports. 1. Configure MST: Configure an instance of 1 for VLANs 1 through 30. All other VLANs are to share instance 0 of Spanning Tree. Collapsed-Core should be the primary MST root bridge Access1 should be the secondary MST root bridge.
2. Configure PortFast: Enable PortFast for all non-trunk access ports. error-disabled state if an unauthorized device generating BPDUs is attached.
Configure each PortFast enabled port in the network so that it will transition to
Inter-VLAN Routing
To enable inter-VLAN routing, DBI requires the Collapsed-Core switch to be configured to support SVIs: 1. Configure IP addressing as follows: VLAN 1 10.0.1.0/24 VLAN 10 10.0.10.0/24 VLAN 20 10.0.20.0/24 VLAN 30 10.0.30.0/24 Interface S0/0 on Backup 192.168.0.2/24 Interface Fa0/13 on Collapsed-Core 192.168.1.2/24
2. Configure Switched Virtual Interfaces (SVIs) on the Collapsed-Core switch for each VLAN to enable inter-VLAN routing. 3. Configure a valid IP address for Host 1 in VLAN 10, Host 2 in VLAN 20, and the Server in VLAN 30.
31 - 82
Check List
1 2
Verify that MST is enabled. Verify that the Border router is applying the QoS policy for voice traffic with the show policy-map interface s0/0 command. Ensure that Host 1 and Host 2 can ping each other and the ISP loopback interface 1.1.1.1.
32 - 82
ISP#show running-config
ISP#show run Building configuration... Current configuration : 767 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname ISP ! ! memory-size iomem 10 ip subnet-zero ! ! ! ! call rsvp-sync ! ! ! ! ! ! controller T1 1/0 framing sf linecode ami ! ! ! interface Loopback0 ip address 1.1.1.1 255.255.255.0 ! interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 speed 100 full-duplex ! interface Serial0/0 ip address 192.168.0.1 255.255.255.0 no fair-queue clockrate 64000 ! interface BRI0/0 no ip address
33 - 82 CCNP 3: Multilayer Switching v 3.0 Skills-Based Assessment Version 2 - Solutions Copyright 2004, Cisco Systems, Inc.
encapsulation hdlc shutdown ! interface Serial0/1 no ip address shutdown ! ip classless ip route 10.0.0.0 255.0.0.0 192.168.0.2 ip http server ! ! ! dial-peer cor custom ! ! ! ! ! line con 0 line aux 0 line vty 0 4 password cisco login ! end
ISP#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 1.0.0.0/24 is subnetted, 1 subnets C 1.1.1.0 is directly connected, Loopback0 S 10.0.0.0/8 [1/0] via 192.168.0.2 C 192.168.0.0/24 is directly connected, Serial0/0 ISP#
34 - 82
Backup#show running-config
Building configuration... Current configuration : 1112 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Border ! ! memory-size iomem 10 ip subnet-zero ! ! ! ! class-map match-all VOICE-TRAFFIC match access-group name PHONE-TRAFFIC ! ! policy-map VOICE class VOICE-TRAFFIC priority 16 class class-default fair-queue ! ! call rsvp-sync ! ! ! ! ! ! ! ! interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 speed 100 full-duplex ! interface Serial0/0 ip address 192.168.0.2 255.255.255.0 service-policy output VOICE ! interface BRI0/0 no ip address encapsulation hdlc shutdown ! interface Serial0/1 no ip address shutdown
35 - 82 CCNP 3: Multilayer Switching v 3.0 Skills-Based Assessment Version 2 - Solutions Copyright 2004, Cisco Systems, Inc.
! router eigrp 100 redistribute static network 192.168.0.0 network 192.168.1.0 auto-summary no eigrp log-neighbor-changes ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.0.1 ip http server ! ! ip access-list standard PHONE-TRAFFIC remark - ACL identifies telephone traffic traveling on VLAN 20 permit 10.0.20.0 0.0.0.255 ! ! dial-peer cor custom ! ! ! ! ! line con 0 exec-timeout 0 0 line aux 0 line vty 0 4 password cisco login ! end Border#
Backup#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 192.168.0.1 to network 0.0.0.0 D 10.0.0.0/8 [90/28416] via 192.168.1.2, 01:17:49, FastEthernet0/0 C 192.168.0.0/24 is directly connected, Serial0/0 C 192.168.1.0/24 is directly connected, FastEthernet0/0 S* 0.0.0.0/0 [1/0] via 192.168.0.1 Border#
36 - 82
Collapsed-Core#show running-config
Building configuration... Current configuration : 4114 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Collapsed-Core ! ! ip subnet-zero ip routing ! ! ! spanning-tree mode mst spanning-tree extend system-id ! spanning-tree mst configuration instance 1 vlan 1-30 ! spanning-tree mst 0 priority 24576 spanning-tree mst 1 priority 24576 ! ! ! interface Port-channel1 switchport trunk encapsulation dot1q switchport mode trunk no ip address ! interface Port-channel2 switchport trunk encapsulation dot1q switchport mode trunk no ip address ! interface FastEthernet0/1 switchport access vlan 10 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/2 switchport access vlan 10 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable !
37 - 82 CCNP 3: Multilayer Switching v 3.0 Skills-Based Assessment Version 2 - Solutions Copyright 2004, Cisco Systems, Inc.
interface FastEthernet0/3 switchport access vlan 20 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/4 switchport access vlan 20 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/5 switchport trunk encapsulation switchport mode trunk no ip address duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/6 switchport trunk encapsulation switchport mode trunk no ip address duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/7 switchport trunk encapsulation switchport mode trunk no ip address duplex full speed 100 udld port channel-group 2 mode on ! interface FastEthernet0/8 switchport trunk encapsulation switchport mode trunk no ip address duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/9 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/10 switchport access vlan 30 no ip address
38 - 82
dot1q
dot1q
dot1q
dot1q
duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/11 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/12 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/13 description - Switch port connecting to the Border router no switchport ip address 192.168.1.2 255.255.255.0 duplex full speed 100 ! interface FastEthernet0/14 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/15 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree bpduguard enable ! interface FastEthernet0/16 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/17 no ip address duplex full speed 100 ! interface FastEthernet0/18 no ip address duplex full speed 100
39 - 82 CCNP 3: Multilayer Switching v 3.0 Skills-Based Assessment Version 2 - Solutions Copyright 2004, Cisco Systems, Inc.
! interface FastEthernet0/19 no ip address duplex full speed 100 ! interface FastEthernet0/20 no ip address duplex full speed 100 ! interface FastEthernet0/21 no ip address duplex full speed 100 ! interface FastEthernet0/22 no ip address duplex full speed 100 ! interface FastEthernet0/23 no ip address duplex full speed 100 ! interface FastEthernet0/24 switchport access vlan 30 no ip address duplex full speed 100 spanning-tree portfast ! interface GigabitEthernet0/1 no ip address ! interface GigabitEthernet0/2 no ip address ! interface Vlan1 ip address 10.0.1.1 255.255.255.0 ! interface Vlan10 ip address 10.0.10.1 255.255.255.0 ! interface Vlan20 ip address 10.0.20.1 255.255.255.0 ! interface Vlan30 ip address 10.0.30.1 255.255.255.0 ! router eigrp 100 network 10.0.0.0 network 192.168.1.0 auto-summary no eigrp log-neighbor-changes ! ip classless ip http server !
40 - 82 CCNP 3: Multilayer Switching v 3.0 Skills-Based Assessment Version 2 - Solutions Copyright 2004, Cisco Systems, Inc.
! ! line con 0 line vty 0 4 login line vty 5 15 password cisco login ! end Collapsed-Core#
Collapsed-Core#show ip route
Collapsed-Core#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 192.168.1.1 to network 0.0.0.0 10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks C 10.0.10.0/24 is directly connected, Vlan10 D 10.0.0.0/8 is a summary, 01:16:16, Null0 C 10.0.1.0/24 is directly connected, Vlan1 C 10.0.30.0/24 is directly connected, Vlan30 C 10.0.20.0/24 is directly connected, Vlan20 D 192.168.0.0/24 [90/20514560] via 192.168.1.1, 01:16:37, FastEthernet0/13 C 192.168.1.0/24 is directly connected, FastEthernet0/13 D*EX 0.0.0.0/0 [170/20514560] via 192.168.1.1, 01:16:37, FastEthernet0/13 Collapsed-Core#
41 - 82
Access1#show running-config
Access1#show run Building configuration... Current configuration : 3625 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Access1 ! ! ip subnet-zero ! ! ! spanning-tree mode mst no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! spanning-tree mst configuration instance 1 vlan 1-30 ! spanning-tree mst 0 priority 28672 spanning-tree mst 1 priority 28672 ! ! interface Port-channel1 switchport mode trunk flowcontrol send off ! interface Port-channel2 switchport mode trunk flowcontrol send off ! interface FastEthernet0/1 switchport access vlan 20 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/2 switchport access vlan 20 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/3 switchport mode trunk duplex full speed 100 channel-group 1 mode on !
42 - 82 CCNP 3: Multilayer Switching v 3.0 Skills-Based Assessment Version 2 - Solutions Copyright 2004, Cisco Systems, Inc.
interface FastEthernet0/4 switchport mode trunk duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/5 switchport mode trunk duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/6 switchport mode trunk duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/7 switchport access vlan 30 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/8 switchport access vlan 30 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/9 switchport access vlan 30 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/10 switchport access vlan 10 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/11 switchport access vlan 10 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/12 switchport access vlan 10 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable !
43 - 82 CCNP 3: Multilayer Switching v 3.0 Skills-Based Assessment Version 2 - Solutions Copyright 2004, Cisco Systems, Inc.
interface FastEthernet0/13 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/14 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/15 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/16 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/17 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/18 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/19 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/20 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/21 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/22 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable !
44 - 82 CCNP 3: Multilayer Switching v 3.0 Skills-Based Assessment Version 2 - Solutions Copyright 2004, Cisco Systems, Inc.
interface FastEthernet0/23 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/24 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip address 10.0.1.11 255.255.255.0 no ip route-cache ! ip default-gateway 10.0.1.1 ip http server ! ! line con 0 line vty 0 4 password cisco login line vty 5 15 password cisco login ! end Access1#
45 - 82
Access2#show running-config
Building configuration... Current configuration : 3535 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Access2 ! ! ip subnet-zero ! ! ! spanning-tree mode mst no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! spanning-tree mst configuration instance 1 vlan 1-30 ! ! ! interface Port-channel1 switchport mode trunk flowcontrol send off ! interface Port-channel2 switchport mode trunk flowcontrol send off ! interface FastEthernet0/1 switchport access vlan 10 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/2 switchport access vlan 10 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/3 switchport mode trunk duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/4
46 - 82 CCNP 3: Multilayer Switching v 3.0 Skills-Based Assessment Version 2 - Solutions Copyright 2004, Cisco Systems, Inc.
switchport mode trunk duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/5 switchport mode trunk duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/6 switchport mode trunk duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/7 switchport access vlan 30 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/8 switchport access vlan 30 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/9 switchport access vlan 30 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/10 switchport access vlan 20 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/11 switchport access vlan 20 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/12 switchport access vlan 20 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/13
47 - 82 CCNP 3: Multilayer Switching v 3.0 Skills-Based Assessment Version 2 - Solutions Copyright 2004, Cisco Systems, Inc.
duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/14 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/15 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/16 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/17 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/18 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/19 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/20 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/21 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/22 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/23
48 - 82 CCNP 3: Multilayer Switching v 3.0 Skills-Based Assessment Version 2 - Solutions Copyright 2004, Cisco Systems, Inc.
duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/24 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip address 10.0.1.12 255.255.255.0 no ip route-cache ! ip default-gateway 10.0.1.1 ip http server ! ! line con 0 line vty 0 4 password cisco login line vty 5 15 password cisco login ! end Access2#
49 - 82
Collapsed-Core#show spanning-tree
MST00 Spanning tree enabled protocol mstp Root ID Priority 24576 Address 000d.ed5f.8e00 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Role ---Desg Desg
24576 (priority 24576 sys-id-ext 0) 000d.ed5f.8e00 2 sec Max Age 20 sec Forward Delay 15 sec Cost --------100000 100000 Prio.Nbr -------128.65 128.66 Type -------------------------------P2p P2p Bound(RSTP)
MST01 Spanning tree enabled protocol mstp Root ID Priority 24577 Address 000d.ed5f.8e00 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Role ---Desg Boun
24577 (priority 24576 sys-id-ext 1) 000d.ed5f.8e00 2 sec Max Age 20 sec Forward Delay 15 sec Cost --------100000 100000 Prio.Nbr -------128.65 128.66 Type -------------------------------P2p P2p Bound(RSTP)
Collapsed-Core#
Access1#show spanning-tree
MST00 Spanning tree enabled protocol mstp Root ID Priority 24576 Address 000d.ed5f.8e00 Cost 0 Port 65 (Port-channel1) Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Role ---Desg Root
28672 (priority 28672 sys-id-ext 0) 000e.838c.5800 2 sec Max Age 20 sec Forward Delay 15 sec Cost --------200000 100000 Prio.Nbr -------128.12 128.65 Type -------------------------------Edge P2p P2p
50 - 82
MST01 Spanning tree enabled protocol mstp Root ID Priority 24577 Address 000d.ed5f.8e00 Cost 100000 Port 65 (Port-channel1) Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Role ---Desg Root
28673 (priority 28672 sys-id-ext 1) 000e.838c.5800 2 sec Max Age 20 sec Forward Delay 15 sec Cost --------200000 100000 Prio.Nbr -------128.12 128.65 Type -------------------------------Edge P2p P2p
Access2#show spanning-tree
MST00 Spanning tree enabled protocol mstp Root ID Priority 24576 Address 000d.ed5f.8e00 Cost 100000 Port 65 (Port-channel1) Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Role ---Desg Root
32768 (priority 32768 sys-id-ext 0) 000e.838c.57c0 2 sec Max Age 20 sec Forward Delay 15 sec Cost --------200000 100000 Prio.Nbr -------128.12 128.65 Type -------------------------------Edge P2p P2p Bound(RSTP)
MST01 Spanning tree enabled protocol mstp Root ID Priority 32769 Address 000e.838c.57c0 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Role ---Desg Boun
32769 (priority 32768 sys-id-ext 1) 000e.838c.57c0 2 sec Max Age 20 sec Forward Delay 15 sec Cost --------200000 100000 Prio.Nbr -------128.12 128.65 Type -------------------------------Edge P2p P2p Bound(RSTP)
51 - 82
Verifying VTP
Verify the status of VTP on all switches with the show vlan brief and the show vtp status command:
Collapsed-Core#show vlan brief
VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Gi0/1 Gi0/2 10 ADMIN active Fa0/1, Fa0/2 20 PHONE active Fa0/3, Fa0/4 30 SERVERS active Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/14, Fa0/15, Fa0/16, Fa0/24 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active
Access1#show vtp status VTP Version : 2 Configuration Revision : 2 Maximum VLANs supported locally : 250
52 - 82 CCNP 3: Multilayer Switching v 3.0 Skills-Based Assessment Version 2 - Solutions Copyright 2004, Cisco Systems, Inc.
Number of existing VLANs : 8 VTP Operating Mode : Server VTP Domain Name : DROPBEAR VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x95 0xF7 0xEC 0x0B 0xA0 0x7F 0xA3 0xB0 Configuration last modified by 10.0.1.1 at 3-1-93 00:31:54 Local updater ID is 10.0.1.11 on interface Vl1 (lowest numbered VLAN interface found) Access1#
Access2# show vtp status Access2#show vtp status VTP Version : 2 Configuration Revision : 2 Maximum VLANs supported locally : 250 Number of existing VLANs : 8 VTP Operating Mode : Client VTP Domain Name : DROPBEAR VTP Pruning Mode : Enabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x95 0xF7 0xEC 0x0B 0xA0 0x7F 0xA3 0xB0 Configuration last modified by 10.0.1.1 at 3-1-93 00:31:54 Access2#
53 - 82
Verifying QoS
Verify the status of QoS on the Border router with the show policy-map interface s0/0 command:
Border#show policy-map interface s0/0 Serial0/0 Service-policy output: VOICE Class-map: VOICE-TRAFFIC (match-all) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: access-group name PHONE-TRAFFIC Queueing Strict Priority Output Queue: Conversation 40 Bandwidth 16 (kbps) Burst 400 (Bytes) (pkts matched/bytes matched) 0/0 (total drops/bytes drops) 0/0 Class-map: class-default (match-any) 1384 packets, 87741 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any Queueing Flow Based Fair Queueing Maximum Number of Hashed Queues 32 (total queued/total drops/no-buffer drops) 0/0/0 Border#
54 - 82
Scenario
GeoTech Distributors (GTD) requires a network setup for a new branch office. The network design calls for VLANs, SVIs, Layer 2 EtherChannels, trunk ports, access ports, and routed ports using Catalyst 2950 and 3550 switches and a Cisco 2600 series router. The branch office staff consists of an accountant, a secretary, a manager, delivery drivers, and salespeople. GTD management expects staffing at this branch office to double in the first year of operation. The accountant, the secretary, and the manager will have their PCs connected to VLAN 10 on Access1. The delivery drivers and the salespeople will have their PCs connected to VLAN 20 on Access2. The branch office servers will be connected to VLAN 30 on Collapsed-Core. All Layer 2 control protocol traffic is sent and received on VLAN 1. Multiple Instance Spanning Tree Protocol (MST) will be used in combination with PortFast, and BPDU Guard. Due to increasing network usage and reports of performance problems, the sales traffic on Access2 is being monitored on a port-membership basis by a remote monitor host attached to the Collapsed-Core switch.
55 - 82
Security measures are to be implemented on all switches to give Help Desk staff on VLAN 20 low levels of access to console and Telnet sessions using simple passwords. Network administrators on VLAN 10 will automatically have the highest level of access when connecting to the switches using either the console or a Telnet session, and will need to have their passwords well protected.
Generic Tasks
Physically connect the network devices according to the network diagram. Ensure that the correct cables are connected to the appropriate ports as labeled in the diagram. On all devices, configure the following: Telnet support The privilege EXEC mode password cisco
5. Create VLANs 10, 20, 30, and 99 in the VTP domain: VLAN 10 should be named ADMIN. VLAN 20 should be named USER. VLAN 30 should be named SERVERS. VLAN 99 should be named REMOTE.
VLAN 20
Fa0/3 - 4 Fa0/1 2
VLAN 30
Fa0/9 - 12, Fa0/14 24 Fa0/7 9
56 - 82
Access2
Fa0/1 - 2
Fa0/10 - 12
Fa0/7 9
Spanning-Tree
GTD requires Spanning-Tree protection to prevent switching loops. They also want PortFast configured on all access ports: 1. Configure MST: Configure an instance of 1 for VLANs 1 through 99. All other VLANs are to share an instance of 0. Collapsed-Core should be the primary MST root bridge. Access1 should be the secondary MST root bridge.
2. Configure PortFast: Enable PortFast for all non-trunk access ports. error-disabled state if an unauthorized device generating BPDUs is attached.
Configure each PortFast enabled port in the network so that it will transition to
Inter-VLAN Routing
To enable inter-VLAN routing, GTD requires the Collapsed-Core switch to be configured to support SVIs: 1. Configure IP addressing as follows: VLAN 1 10.0.1.0/24 VLAN 10 10.0.10.0/24 VLAN 20 10.0.20.0/24 VLAN 30 10.0.30.0/24 Interface S0/0 on Backup 192.168.0.2/24 Interface Fa0/13 on Collapsed-Core 192.168.1.2/24
2. Configure Switched Virtual Interfaces (SVIs) on the Collapsed-Core switch for each VLAN to enable inter-VLAN routing. 3. Configure a valid IP address for Host 1 in VLAN 10, Host 2 in VLAN 20, and the Server in VLAN 30.
57 - 82
RSPAN Monitoring
GTD requires remote monitoring of multiple switches across a network using RSPAN: 1. Protocol analysis software such as the Fluke Protocol Inspector should be loaded and running on a host that will act as the Remote Monitor (RMON). 2. Create an RSPAN session using a source port of Fa0/12 on Access2 to monitor traffic in both directions. 3. The destination for the monitoring session will be port Fa0/14 on the CollapsedCore switch. 4. Generate pings between Host 1 and Host 2:
Security
GTD requires secure access to the network resources: 1. Create a logon username and clear text password on each switch for Help Desk users:
Use the MAC address of the currently connected workstation. If another workstation connects to the secured port, the port must shut down.
58 - 82
Check List
1 2 3
Verify that MST is enabled. Verify the operation of the RSPAN session. Verify that all passwords are encrypted. Verify that the redundant links are operational by disconnecting each of the EtherChannels between Access1, Access2, and Collapsed-Core in turn and ensuring that connectivity is maintained. Make sure that the host attached to Port 0/12 on Access1 has connectivity only if the workstation has the appropriate MAC address. Ensure that Host 1 and Host 2 can ping each other and the ISP loopback interface 1.1.1.1.
59 - 82
ISP#show running-config
Building configuration... Current configuration : 740 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname ISP ! ! memory-size iomem 10 ip subnet-zero ! ! ! ! call rsvp-sync ! ! ! ! ! ! controller T1 1/0 framing sf linecode ami ! ! ! interface Loopback0 ip address 1.1.1.1 255.255.255.0 ! interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 speed 100 full-duplex ! interface Serial0/0 no ip address shutdown no fair-queue ! interface BRI0/0
60 - 82 CCNP 3: Multilayer Switching v 3.0 Skills-Based Assessment Version 3 - Solutions Copyright 2004, Cisco Systems, Inc.
no ip address encapsulation hdlc shutdown ! interface Serial0/1 no ip address shutdown ! ip classless ip route 10.0.0.0 255.0.0.0 192.168.1.2 no ip http server ! ! ! dial-peer cor custom ! ! ! ! ! line con 0 line aux 0 line vty 0 4 password cisco login ! end
ISP#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 1.0.0.0/24 is subnetted, 1 subnets 1.1.1.0 is directly connected, Loopback0 10.0.0.0/8 [1/0] via 192.168.1.2 192.168.1.0/24 is directly connected, FastEthernet0/0
C S C
ISP#
61 - 82
Collapsed-Core#show running-config
Building configuration... Current configuration : 5506 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname Collapsed-Core ! enable secret 5 $1$N2K7$65K06nMtvIXTbiAE2OEEA. ! username helpdesk password 7 121A0C041104 username admin privilege 15 password 7 121A0C041104 ip subnet-zero ip routing ! ! ! spanning-tree mode mst spanning-tree extend system-id ! spanning-tree mst configuration instance 1 vlan 1-99 ! spanning-tree mst 0 priority 24576 spanning-tree mst 1 priority 24576 ! ! ! interface Port-channel1 switchport trunk encapsulation dot1q switchport mode trunk no ip address ! interface Port-channel2 switchport trunk encapsulation dot1q switchport mode trunk no ip address ! interface FastEthernet0/1 switchport access vlan 10 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/2 switchport access vlan 10 switchport mode access no ip address duplex full speed 100 spanning-tree portfast
62 - 82 CCNP 3: Multilayer Switching v 3.0 Skills-Based Assessment Version 3 - Solutions Copyright 2004, Cisco Systems, Inc.
spanning-tree bpduguard enable ! interface FastEthernet0/3 switchport access vlan 20 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/4 switchport access vlan 20 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/5 switchport trunk encapsulation switchport mode trunk no ip address duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/6 switchport trunk encapsulation switchport mode trunk no ip address duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/7 switchport trunk encapsulation switchport mode trunk no ip address duplex full speed 100 udld port channel-group 2 mode on ! interface FastEthernet0/8 switchport trunk encapsulation switchport mode trunk no ip address duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/9 switchport access vlan 30 switchport mode access no ip address duplex full speed 100 spanning-tree portfast
63 - 82
dot1q
dot1q
dot1q
dot1q
spanning-tree bpduguard enable ! interface FastEthernet0/10 switchport access vlan 30 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/11 switchport access vlan 30 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/12 switchport access vlan 30 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/13 description - Switch port connecting to the Border router no switchport ip address 192.168.1.2 255.255.255.0 duplex full speed 100 ! interface FastEthernet0/14 switchport access vlan 30 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/15 switchport access vlan 30 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/16 switchport access vlan 30 switchport mode access no ip address duplex full speed 100
64 - 82 CCNP 3: Multilayer Switching v 3.0 Skills-Based Assessment Version 3 - Solutions Copyright 2004, Cisco Systems, Inc.
spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/17 switchport access vlan 30 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/18 switchport access vlan 30 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/19 switchport access vlan 30 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/20 switchport access vlan 30 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/21 switchport access vlan 30 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/22 switchport access vlan 30 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/23 switchport access vlan 30 switchport mode access
65 - 82 CCNP 3: Multilayer Switching v 3.0 Skills-Based Assessment Version 3 - Solutions Copyright 2004, Cisco Systems, Inc.
no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/24 switchport access vlan 30 switchport mode access no ip address duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet0/1 no ip address ! interface GigabitEthernet0/2 no ip address ! interface Vlan1 ip address 10.0.1.1 255.255.255.0 ! interface Vlan10 ip address 10.0.10.1 255.255.255.0 ! interface Vlan20 ip address 10.0.20.1 255.255.255.0 ! interface Vlan30 ip address 10.0.30.1 255.255.255.0 ! router eigrp 100 network 10.0.0.0 network 192.168.1.0 auto-summary no eigrp log-neighbor-changes ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.1.1 ip http server ! ! ! line con 0 login local line vty 0 4 login local line vty 5 15 password 7 00071A150754 login local ! ! monitor session 1 destination interface Fa0/14 monitor session 1 source remote vlan 99 end Collapsed-Core#
Copyright 2004, Cisco Systems, Inc.
66 - 82
Collapsed-Core#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 192.168.1.1 to network 0.0.0.0 10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks C 10.0.10.0/24 is directly connected, Vlan10 D 10.0.0.0/8 is a summary, 01:18:43, Null0 C 10.0.1.0/24 is directly connected, Vlan1 C 10.0.30.0/24 is directly connected, Vlan30 C 10.0.20.0/24 is directly connected, Vlan20 C 192.168.1.0/24 is directly connected, FastEthernet0/13 S* 0.0.0.0/0 [1/0] via 192.168.1.1 Collapsed-Core#
67 - 82
Access1#show running-config
Building configuration... Current configuration : 4293 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname Access1 ! enable secret 5 $1$74L3$J/lcu97P0VuzC7q5AEVQO/ ! username helpdesk password 7 1511021F0725 username admin privilege 15 password 7 060506324F41 ip subnet-zero ! ! ! spanning-tree mode mst no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! spanning-tree mst configuration instance 1 vlan 1-30 ! spanning-tree mst 0 priority 28672 spanning-tree mst 1 priority 28672 ! ! interface Port-channel1 switchport mode trunk flowcontrol send off ! interface Port-channel2 switchport mode trunk flowcontrol send off ! interface FastEthernet0/1 switchport access vlan 20 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/2 switchport access vlan 20 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/3 switchport mode trunk
68 - 82 CCNP 3: Multilayer Switching v 3.0 Skills-Based Assessment Version 3 - Solutions Copyright 2004, Cisco Systems, Inc.
duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/4 switchport mode trunk duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/5 switchport mode trunk duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/6 switchport mode trunk duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/7 switchport access vlan 30 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/8 switchport access vlan 30 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/9 switchport access vlan 30 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/10 switchport access vlan 10 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/11 switchport access vlan 10 switchport mode access duplex full speed 100 spanning-tree portfast
69 - 82 CCNP 3: Multilayer Switching v 3.0 Skills-Based Assessment Version 3 - Solutions Copyright 2004, Cisco Systems, Inc.
spanning-tree bpduguard enable ! interface FastEthernet0/12 switchport access vlan 10 switchport mode access switchport port-security switchport port-security mac-address 0008.74e2.1a28 duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/13 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/14 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/15 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/16 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/17 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/18 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/19 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable
70 - 82 CCNP 3: Multilayer Switching v 3.0 Skills-Based Assessment Version 3 - Solutions Copyright 2004, Cisco Systems, Inc.
! interface FastEthernet0/20 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/21 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/22 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/23 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/24 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip address 10.0.1.11 255.255.255.0 no ip route-cache ! ip default-gateway 10.0.1.1 ip http server ! ! line con 0 login local line vty 0 4 login local line vty 5 15 login local ! end Access1#
71 - 82
Access2#show running-config
Building configuration... Current configuration : 4234 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname Access2 ! enable secret 5 $1$zBbJ$vp53ypV7w7jbrQg6xLb2Z/ ! username helpdesk password 7 121A0C041104 username admin privilege 15 password 7 05080F1C2243 ip subnet-zero ! ! ! spanning-tree mode mst no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! spanning-tree mst configuration instance 1 vlan 1-99 ! ! ! interface Port-channel1 switchport mode trunk flowcontrol send off ! interface Port-channel2 switchport mode trunk flowcontrol send off ! interface FastEthernet0/1 switchport access vlan 10 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/2 switchport access vlan 10 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/3 switchport mode trunk
72 - 82 CCNP 3: Multilayer Switching v 3.0 Skills-Based Assessment Version 3 - Solutions Copyright 2004, Cisco Systems, Inc.
duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/4 switchport mode trunk duplex full speed 100 channel-group 1 mode on ! interface FastEthernet0/5 switchport mode trunk duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/6 switchport mode trunk duplex full speed 100 channel-group 2 mode on ! interface FastEthernet0/7 switchport access vlan 30 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/8 switchport access vlan 30 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/9 switchport access vlan 30 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/10 switchport access vlan 20 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/11 switchport access vlan 20 switchport mode access duplex full speed 100 spanning-tree portfast
73 - 82 CCNP 3: Multilayer Switching v 3.0 Skills-Based Assessment Version 3 - Solutions Copyright 2004, Cisco Systems, Inc.
spanning-tree bpduguard enable ! interface FastEthernet0/12 switchport access vlan 20 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/13 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/14 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/15 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/16 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/17 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/18 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/19 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/20
74 - 82 CCNP 3: Multilayer Switching v 3.0 Skills-Based Assessment Version 3 - Solutions Copyright 2004, Cisco Systems, Inc.
switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/21 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/22 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/23 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface FastEthernet0/24 switchport mode access duplex full speed 100 spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 no ip address no ip route-cache ! ip default-gateway 10.0.1.1 ip http server ! ! line con 0 login local line vty 0 4 login local line vty 5 15 login local ! ! monitor session 1 source interface Fa0/12 monitor session 1 destination remote vlan 99 reflector-port Fa0/24 end Access2#
Copyright 2004, Cisco Systems, Inc.
75 - 82
Collapsed-Core#show spanning-tree
Collapsed-Core#show spanning-tree MST00 Spanning tree enabled protocol mstp Root ID Priority 24576 Address 000d.ed5f.8e00 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time
24576 (priority 24576 sys-id-ext 0) 000d.ed5f.8e00 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------Po1 Desg FWD 100000 128.65 P2p Bound(RSTP)
MST01 Spanning tree enabled protocol mstp Root ID Priority 24577 Address 000d.ed5f.8e00 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time
24577 (priority 24576 sys-id-ext 1) 000d.ed5f.8e00 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------Po1 Boun FWD 100000 128.65 P2p Bound(RSTP) Collapsed-Core#
Access1#show spanning-tree
MST00 Spanning tree enabled protocol mstp Root ID Priority 24576 Address 000d.ed5f.8e00 Cost 100000 Port 65 (Port-channel1) Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Role ---Desg Root
28672 (priority 28672 sys-id-ext 0) 000e.838c.5800 2 sec Max Age 20 sec Forward Delay 15 sec Cost --------200000 100000 Prio.Nbr -------128.12 128.65 Type -------------------------------Edge P2p P2p Bound(RSTP)
76 - 82
MST01 Spanning tree enabled protocol mstp Root ID Priority 28673 Address 000e.838c.5800 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Role ---Desg Boun
28673 (priority 28672 sys-id-ext 1) 000e.838c.5800 2 sec Max Age 20 sec Forward Delay 15 sec Cost --------200000 100000 Prio.Nbr -------128.12 128.65 Type -------------------------------Edge P2p P2p Bound(RSTP)
Access2#show spanning-tree
MST00 Spanning tree enabled protocol mstp Root ID Priority 32768 Address 000e.838c.57c0 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time
32768 (priority 32768 sys-id-ext 0) 000e.838c.57c0 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------Fa0/12 Desg FWD 200000 128.12 Edge P2p
MST01 Spanning tree enabled protocol mstp Root ID Priority 32769 Address 000e.838c.57c0 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time
32769 (priority 32768 sys-id-ext 1) 000e.838c.57c0 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------Fa0/12 Desg FWD 200000 128.12 Edge P2p Access2#
77 - 82
Verifying VTP
Verify the status of VTP on all switches with the show vlan brief and the show vtp status command:
Collapsed-Core#show vlan brief
VLAN ---1 10 20 30 Name -------------------------------default ADMIN SALES SERVERS Status --------active active active active Ports ------------------------------Fa0/7, Fa0/8, Gi0/1, Gi0/2 Fa0/1, Fa0/2 Fa0/3, Fa0/4 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/14, Fa0/15, Fa0/16, Fa0/17 Fa0/18, Fa0/19, Fa0/20, Fa0/21 Fa0/22, Fa0/23, Fa0/24
VTP Version : 2 Configuration Revision : 1 Maximum VLANs supported locally : 250 Number of existing VLANs : 8 VTP Operating Mode : Server VTP Domain Name : GEOTECH VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x76 0xAA 0xA2 0xCD 0x7D 0x53 0x21 0xDC Configuration last modified by 10.0.1.1 at 3-1-93 02:20:06 Local updater ID is 10.0.1.11 on interface Vl1 (lowest numbered VLAN interface found) Access1#
Access2# show vtp status Access2#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 250 Number of existing VLANs : 8 VTP Operating Mode : Client VTP Domain Name : GEOTECH VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xDA 0x1D 0xFB 0x99 0x30 0x92 0xF2 0xB5 Configuration last modified by 10.0.1.1 at 3-1-93 00:31:54 Access2#
79 - 82
Access1#show port-security Port Security Port Status Violation Mode Aging Time Aging Type SecureStatic Address Aging Maximum MAC Addresses Total MAC Addresses Configured MAC Addresses Sticky MAC Addresses Last Source Address Security Violation Count Access1#
Connect a different host to the Fa0/12 port on Access1. Within a minute, the port should disable itself since the MAC address of the host has changed. Informational messages generated should be similar to the following:
Access1# 03:50:21: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/12, putting Fa0/12 in err-disable state 03:50:21: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0050.bab2.1f68 on port FastEthernet0/12. 03:50:22: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/12, changed state to down 03:50:23: %LINK-3-UPDOWN: Interface FastEthernet0/12, changed state to down
80 - 82
Issue the show port-security interface fa0/12 command again. Notice that the security violation count is now one:
Access1#show port-security Port Security Port Status Violation Mode Aging Time Aging Type SecureStatic Address Aging Maximum MAC Addresses Total MAC Addresses Configured MAC Addresses Sticky MAC Addresses Last Source Address Security Violation Count Access1# interface fa 0/12 : Enabled : Secure-shutdown : Shutdown : 0 mins : Absolute : Disabled : 1 : 1 : 1 : 0 : 0050.bab2.1f68 : 1
81 - 82
Collapsed-Core#show monitor session all Session 1 --------Type : Remote Destination Session Source RSPAN VLAN : 99 Destination Ports : Fa0/14 Encapsulation: Native Ingress: Disabled
Collapsed-Core#
Access2#show monitor session all Session 1 --------Type : Remote Source Session Source Ports : Both : Fa0/12 Reflector Port : Fa0/24 Dest RSPAN VLAN: 99
Access2#
82 - 82