SWITCH10_LabGuide

SWITCH

Lab Guide

Overview This guide presents the instructions and other information concerning the lab activities for the course. Hints are provided at the end of each lab. Ending configurations for each lab are

d of the lab guide.

OuThis g

La

Lab 2-1: Design and implement VLANs, trunks, and EtherChannel

2-2: Troubleshoot Common VLAN Configuration and Security Issues

La

Lab 5-1: Implementing High Availability and Reporting in a Network Design

Campus Network

provided at the en

tline uide includes these activities:

b 1-1: New Hire Test

Lab

Lab 2-3: Implement Private VLANs

b 3-1: Implement Multiple Spanning Tree

Lab 3-2: Implement PVRST+

Lab 3-3: Troubleshoot Spanning Tree Issues

Lab 4-1: Implement Inter-VLAN Routing

Lab 4-2: Troubleshooting Inter-VLAN Routing

Lab 6-1: Implement and Tune HSRP

Lab 6-2: Implementing VRRP

Lab 7-1: Secure Network Switches to Mitigate Security Attacks

Lab 8-1: Plan implementation and Verification of VoIP in a

Lab 9-1: Integrating Wireless in the Campus

2 Implementing Cisco Switched Networks (SWITCH) v1.0 © 2009 Cisco Systems, Inc.

Lr skills from ICND1 and ICND2.

Activity Objective ew. The hiring manager hands you a packet of information,

imply says, “Implement this”. Your task is to plan the impleverifyPackimpleconfiverifiAfter

P

E

D

ab 1-1: New Hire Test Complete this lab activity to confirm and refresh you

You are a CCNA at a job intervileads you to a terminal, and s

mentation, then effectively configure the lab devices as per the given specifications before ing that your configuration fulfills the requirements. Carefully read the Information

et section on the following pages, and proceed through the lab to establish an mentation requirement list, create an implementation and verification plan, and then gure the lab devices as per the specifications. Do not forget to verify and document your cations, as the job interview results will depend on your implementation of the solution. completing this activity, you will be able to meet these objectives:

repare basic configuration templates for your switches.

xplore the remote lab devices connections.

eploy configuration templates to your switches.

Verify your configurations according to the verification plan you created.

© 2009 Cisco Systems, Inc. Lab Guide 3

Intion needed to accomplish in this activity. Read it carefully.

The Inalong

Implementationtwork. It is clearly stated that some settings must be consistent from e next. The following list details the initial configuration

requirmust b

Alde

Te configured.

appearing on the console of

estamp.

time.

st be left to auto.

formation Packet This packet contains the informa

formation Packet describes the requirements common to all devices in the network, with information specific to each device.

Policy The company has a large neone networking device to th

ements for all switches to be connected to the company network. Your configuration e consistent with these requirements:

l switches must have a hostname. Hostnames are unique and must match the switch signation on the network diagram displayed in the following pages.

lnet is allowed to all possible vty interfaces and must be

Initial console access does not need to be protected by any password. Vty access and enable password must be protected by a password.

All passwords are cisco.

Terminal idle timeout must be set to 0 (unlimited).

Logging synchronous should be used so that logging messageseach switch do not disturb commands that are being entered.

Log messages should appear with a tim

Time should be configured on the switches to match your class current

Commands entered incorrectly should not cause the switches to attempt to resolve the entry as a DNS name.

Unless stated otherwise, all interfaces speed and duplex settings mu

All unused interfaces must be set to shutdown.

All devices must have an IP address so that they can be managed remotely.


Devinformation specific to each device in the network:

ices Information The table provides the

Device name Role IP address Gateway VLAN

ASW1 itch 10.1.1.1/24 51 1 Layer 2 access sw 10.1.1.2

ASW2 Layer 2 ac 52 1 cess switch 10.1.1.2/24 10.1.1.2

DSW1 Layer 3 sw 4 51 1 itch 10.1.1.11/2 10.1.1.2

DSW2 Layer 3 switch 10.1.1.22/24 10.1.1.252 1

CSW1 Layer 3 switch 10.1.1.111/24 10.1.1.251 1

CSW2 Layer 3 sw .1.1.222/24 252 1 itch 10 10.1.1.

R1 Router 0/0: 10.1.1.251/24 1 Fa

R2 Router 0/0: 10.1.1.252/24 1 Fa

During the implementation process, determine, for each switch, which port connects to which neighbo e ports represen h device connection i e gen ports. Each port can represent one or several physical interfaces. When implementing your solution sk 3, use the Ph p table, availabl de, todocument the physical interfaces used in your pod, and report this information on your lab large netwinfor

r. Th ted on eac n the Visual Objective ar eric

in ta ysical Ports Ma e at the end of the lab gui

ork diagram, which is also available at the end of this lab guide. You will use this mation throughout the labs.

Network Diagram

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—3

Visual Objective for Lab 1-1: New Hire Test

You write

can use the large version of the Network Diagram available at the end of the lab guide to notes on the diagram.


6 Implementing ITCH) v1.0 sco Systems, Inc. Cisco Switched Networks (SW © 2009 Ci

Ce commands that are used in this activity.

ommand List The table describes th

Command Description

confi al Enters global c , from privileged EXEC mode. gure termin onfiguration mode

clockyear

Manually sets the c set hh:mm [:ss] month day lock on the device.

copystart

n running-config up-config

Saves your e tries in the configuration file.

defau[addr

ptional) Spec T

he client. One IP address is required; however, you can specify up to eight IP addresses in one command line. These default

rs are listeeferrednd so

lt-router address ess2 ... address8]

(ODHCP client.t

ifies the IP address of the default router for a he IP address should be on the same subnet as

routemost prrouter, a

d in order of preference; that is, address is the router, address2 is the next most preferred on.

description description Adds a description (up to 240 characters) for an interface.

domain-name domain Specifies the domain name for the client.

duplex {auto | full | half} Sets the duple ace. x parameter for the interf

enabl e privilee password password Sets th ged EXEC mode command interpreter.

exec- Sets erminal ttimeout 0 0 the idle t imeout interval.

exit Exits the current mode.

hostname hostname Manually configures a system name.

intergigab

erfacast Ethernet or Gigabit Ethernet interface installed.

face fastethernet | itethernet slot/port

Enters intwith a F

e configuration mode for a Cisco Catalyst switch

interfaste t | gigab rnet slot/endin

Specifies the raconfigured, and ration mode.

face range therneitethestarting_port - g_port

nge of interfaces (VLANs or physical ports) enters interface-range configu

inter terfacface vlan 1 Enters inwhich the IP in

e configuration mode, and enters the VLAN to formation is assigned.

ip adsubne

Sets the addresdress ip address t-mask

IP s and subnet mask.

ip de Defines a defafault-gateway ult gateway (router) when IP routing is disabled.

linebegin r [endi

difies console, aux, and virtual terminal settings. [aux | console | vty] ning-line-numbeng-line-number]

Mo

loggi Enables messang console ge logging.

loggi Enables synchronous logging of messages. ng synchronous

login bles passw Ena ord checking at login.

no ip Disables DNS-bswitch.

domain-lookup ased hostname-to-address translation on the

no sh inutdown Brings up an terface.

passw gns a password to a terminal or other device on a line. ord password Assi


ping ip ess Sends an ICMP ec-addr ho request to ip address.

service timestamps log datetitimezon

Enables time stampsoptions selected

onds relame [msec] [localtime][show-e]

millisecname.

on log messages. Depending on the , the time stamp can include the date, time in tive to the local time-zone, and the time zone

servic ps log uptime

e stathe system was reboo .

e timestam

Enables tim mps on log messages, showing the time since ted

show id] [det

s Cisco Dors, inclu d number,

holdtime settings, capabilities, platform, and port ID.

cdp neighbors [interface-ail]

Displayneighb

iscovery Protocol (CDP) information about ding device type, interface type an

show fastet ort switchport

ini(nonrouting) por

interfaces hernet mod/p

Displays adm strative and operational status of switching ts.

show i Displays interfacnterfaces status e status.

show s your entrunning-config Verifie ries.

shutdo interface. wn Shuts down an

speed auto nonego

e approp rface: Enter 0, 100, or 1000 the interface. The 000 keyword is 000 Mb/s ports.

Enter auto to en te speed with the connected d he 1000

ith the auto keyword, the port autonegotiates only at d spedule

an bedevice that does

{10 | 100 | 1000 | Sets th[10 | 100 | 1000] | tiate}

11

riate speed parameter for the inte to set a specific speed for available only for 10/100/1able the interface to autonegotiaevice. If you use the 10, 100, or t

keywords wthe specifiefor SFP moMb/s but c

eds. The nonegotiate keyword is available only ports. SFP module ports operate only at 1000 configured to not negotiate if connected to a not support autonegotiation.

telnet ip-address Telnets to an IP address.

Job Aids These are the job aids for this lab activity:

Value Location

Blank i t Task mplementation requirements lis 1

Blank implementation plan form Task 2

Blank verification plan form Task 3

Debri ef alternate solutions form End of this lab

Implem equirement hints Hint Section entation r

Impleme Hint Section ntation hints

Verifica ction tion hints Hint Se

Solution Configuration secti nd of the lab guide configuration answer key on at the e


T

confietc.).Deviimpleeach

ask 1: Establish an Implementation Requirements List The first step in your configuration deployment is to create a list of the items needed to

gure each device (for example, device names, password values, trunk encapsulation types, Use the following table, the initial lab visual objective, the Implementation Policy and ces Information to create an Implementation Requirement list. Include the high-level mentation tasks needed for each device and how to obtain the information required for task. If you are unsure, use the hints information provided at the end of this lab.

Device High Level Task Information Source

© 2009 Cisco Systems, In Lab Guide 9 c.

Ta

configimporthe codetermmove tPackeinform

sk 2: Create an Implementation and Verification Plan The second step in your configuration deployment is to create a task list of each item to

ure on each device and in what order. The Implementation and Verification Plan is very tant, because it enables you to ensure that all requirements are properly configured and in rrect order. The task will help you setup configuration checkpoints. Use the plan to ine how you will verify that each required item was effectively configured. You will o the actual implementation in the next task. Use the following table and the Information

t to create the Implementation and Verification Plan. If you are unsure, use the hints ation provided at the end of this lab.

Complete √

Device ImplementationOrder

Values and items to implement

Verification method and expected results

10 Implementing C sco Switched Ne orks (SWITC ) v1.0 © 2009 Cisco Sy ems, Inc. i tw H st

Complete √

Device Implementation Order




Talanned the implementation, you are ready

to conOnce yrequirenetwothe hir

sk 3: Implement and Verify Now that you have all of the requirements and have p

nect to the remote lab. You can then implement your solution. Do not forget to save! our solution is implemented, verify that your configuration is working and fulfills the ments specified by the hiring manager. Keep in mind that once you leave the company, a

rk specialist will verify your configuration. Your ability to implement the solution as per ing manager specifications will determine whether or not you get the job.


Sce to document the details that you think are important to remember.

___

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

tudent Notes Use the following spa

_______________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________


A

durinother

____ _________________________________________

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

lternate Resources and Solutions to the One You Used Other groups may use a solution different from yours. Possible solutions will be discussed

g the debrief period after the lab. For your reference, use the following space to document possible solutions.

_____________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________


L______________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

ab 1-1: Key Commands and Tools Used ____________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


Hiu are encouraged to complete the labs using your knowledge. If you need a tip, this section

contai

Lab 1-1 Hint Sheet:

ImTo facilitate the configuration of your network, the first task asks you to create an

list details the elements needed to develop an implemen

nts Yo

ns a series of hints to help you complete the lab.

New Hire Test

plementation Requirements

Implementation Requirements list. Thetation plan. The following is an example of such a list:

Device Implementation Requirement Hint

All switches

t the end of lab guide

Neighbor list and connected ports Show cdp neighbor in command list, port table a

me ram Hostna Network Diag

le, lin oEnabcisco

e vty 0 15 password Implementation p licy section

Login on line vty 0 4 Implementation policy section

VLAN 1 IP Devices Informatio address n section

Gateway matioDevices Infor n section

Idle timeou 0 Implementation policy section t set to

Log messwith a tim

Implementation poages on the console, estamp

licy section

Current time in the class Implementation policy section

No DNS l Implementation poookup licy section

Unused in Show cdp neighbo terfaces shutdown r in command list, port table at the endof lab guide


Imeate an implementation plan. There are several possible correct solutions.

One appliuniqu“Comfollo

e

n

time

An example of the implementation plan follows.

plementation Plan In task 2, you will cr

possible approach groups items that are common to all switches in a template and then es the template to all switches. You can then configure each switch with items that are e to each device, such as IP addresses or gateway. The common template could be named mon_Template” created in a text editor, copied and pasted as appropriate, and contain the

wing items:

nable password cisco

o ip domain-lookup

line con 0

exec-timeout 0 0

line vty 0 4

password cisco

logging synchronous

login

service timestamp log date

Complete

√


Values and items to implement Step-by-step section No

√ All 2 1 Paste Common_Template.

√ pe 3 r sw 2 Configure hostname.

√ ANper sw 3 Configure VL 1 IP address. 3

√ per sw 4 onfigure switch gateway. 3 C

√ per sw 5 Configure current time and date. 4

√ per sw Verify neighbors6 ports. 5

√ per sw Shutdown unuse 6 7 d ports.

√ per sw Verify connectivit8 y to the gateway. 7

√ per sw 9 Verify configuration. 8


Verification Plan Complete

√

Device Values and items to implement


Step-by-step section No

√ All Paste Common_Template

Verify enable password. As this is the first line of the template, its correc

the fi past

properly.

8

t value rst part of ed

indicates that the script was

√ Paste Common_Template

Verify while pastingtemplate that no erreported.

the ror is

2

√ aste Common_Te

Verify the implemeooku of th

template, its succethat the template w

plemlooku

verified using show config or by enterincommand and verifthe switch does noDNS resolution.

Pmplate no ip domain-l

is the last line

ntation of p. As this e ss shows

9

as ented.

p can be running-g a bogus ying that t attempt

successfully imNo ip domain

√ Configure Hostname Prompt should dispswitch name.

lay the 8

√ Configure VLAN 1 IP address

Show ip interface bshould display the address.

rief right

10

√ Configure defaateway

config say

information.

ult Show running-show the gatewg

hould 11

√ onfigure timCdate

e and Show clock. 12

√ Shut unused ports Show cdp neighbodisplay neighbors a

g-confier ports

6 rs to nd ports,

show runninthat the oth

g to verify are shut.

√ Verify connectivity Ping the default gaping should be succ

rificaitches.

should be successful.

teway, essful.

7

As an extra vethe other sw

tion, ping Pings


StSt e in configuration mode

.

Step 2

Create a notepad text file named Common_template and containing the lines:

n

line con 0

datetime

Paste the Common_Template file content to the console.

e that no error message is reported.

Step 3 Configure the switch hostname and IP information. Use the commands, for example in ASW1:

interface VLAN 1

ip default-gateway 10.1.1.251 end

The information in italics is specific to ASW1. Use the Device Information table in the

Step 4 Configur date on the switch. Use the command clock set, for example:

cloc

ep-by-Step Procedure ep 1 Connect to the switch interfac

Connect to the remote lab.

Access the Switch console.

Enter privilege mode, using enable.

Enter configuration mode, using configure terminal

Paste the Common_Template file

enable password cisco

o ip domain-lookup

exec-timeout 0 0

line vty 0 4

password cisco

logging synchronous

login

service timestamp log

Verify as you past

hostname ASW1

ip address 10.1.1.1 255.255.255.0 exit

Information Packet to find the relevant name and IP information for each switch.

e the current time and

k set 10:06:39 08 Aug 2009

© 2009 Cisco Systems, I Lab Guide 21 nc.

Step 5 Verify neighbor and connecting ports using cdp. For example:

show cdp neighbors Capab T - Trans Bridge, B - Source Route Bridge DevicDSW2 DSW1

In thisconnelocal sinterfa

Step 6 Shutdown

confiinterfa 24

no shinterno shend

This e 1. On each switch, use the show cdp neighbor information to determ es are to be kept enabled.

Step 7 Verify con y:

ping .251 type Sendi!!!!!Success 8 ms

t):

ASW1#ASW1>PasswASW1#

Step 9 Verify no i

getme

ter address

Step 10 Verify IP a

sh ipInter Address OK? Method Status Proto

up

sh ruip de

Step 12 Verify tim

16:26 09

ility Codes: R - Router, S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

e ID Local Intrfce Holdtme Capability Platform Port ID Fas 0/2 129 R S I WS-C3560- Fas 0/7

Fas 0/1 129 R S I WS-C3560- Fas 0/6

example, the local switch has 2 neighbors, switches DSW2 and DSW1. The local switch cts to switch DSW2 from interface F0/2, which links to switch DSW2 interface f0/7. The witch connects to switch DSW1 from interface f0/1, which links to switch DSW1 ce f0/6.

all ports except links to neighbors:

gure terminal ce rang f0/1 –

shutdown interface f0/2

utdown face f0/1 utdown

xample applies to ASWine which local interfac

wanectivity to the gate

10.1.1escape sequence to abort. ng 5, 100-byte ICMP Echos to 10.1.1.251, timeout is 2 seconds: rate is 100 percent (5/5), round-trip min/avg/max = 1/3/

Step 8 Verify enable password and hostname (using promp

disable enable ord: cisco

-lookup, last line of the template: p domain

there Translating "getmethere" % Unknown command or computer name, or unable to find compu

ddress:

interface brie IP-face

col Vlan1 10.1.1.1 YES manual up

Step 11 Verify gateway:

n | beg ip default fault-gateway 10.1.1.251

e:

show clock :43.545 eastern Sat Jun 6 20


La

at you learned in the related module.

Activity Obte Inc. to design and configure their branch office Layer 2 network. ady yet, but later on they intend to implement several servers and

addititrunkaskedYou installadditinfrasand Eoptiodocuwill b

P

C

IP

ab 2-1: Design and Implement VLANs, Trunks, nd EtherChannel

Complete this lab activity to practice wh

jective You were hired by NotaRouTheir network is not fully re

onal routers. They know that some devices are supposed to be in VLANs and others in s, but this is where their knowledge ends. They provided you with a cabling plan and you to help them design and configure a typical solution for their network on a test lab.

need to configure the existing network equipment to use the devices once they are ed. Your configuration will be used by the customer as a configuration template as

ional network equipment is purchased. When collecting information about their network tructure, you found that their requirements were all about link types, trunk encapsulation, therChannels. You realize that they have little understanding about more advanced ns such as allowed VLANs, but that they expect you to guide them to provide a mented, functional, and reasonably secured network. After completing this activity, you e able to meet these objectives:

lan a segmented Layer 2 network implementation.

reate a Layer 2 implementation and verification plan.

mplement a full Layer 2 solution including VLANs, trunks, pruning, VLAN Trunking rotocol (VTP), and EtherChannel.



The Inalong

Implementationer words, keep the configuration from lab 1-1, and

ents.

Not aladditio configuration should include the configuration for the switch ports to these devices. A quick call to the local administrator brings the following eleme

FTcose ext available port for the file server. For example, if the first 4 ports are alr er lab 1-1, configure port 5 for the FTP server and port 6 for the Web

its modes. The local administrator would

runing feature of VTP enabled, and asks you



Policy This deployment builds on lab 1-1. In othadd the following requirem

l network equipment is installed. The network infrastructure has been installed but not the nal servers or the additional routers. Your

nts:

P, Web servers and additional routers are to be connected later. You are asked to nfigure, as an example, the first available port on switches ASW1 and ASW2 for the FTP rver, and the neady used aft

server. Apply the same logic for the File servers and the additional routers on DSW1 and DSW2. On each switch, the File Server will be on the first available port and the additional router on the next available port.

Several IP addresses are already configured on each router Ethernet interfaces (routers R1 and R2) to your pod, as they need to send traffic to several of your VLAN subnets. You do not need to configure the routers. The switches need to be configured completely, from VLAN database to link type.

During the conversation, you mentioned VTP andlike to try VTP, with the following restrictions:

— All switches should be in transparent mode.

— You should name the domain cisco.

— The administrator does not want the pto prune all unnecessary VLANs from the inter-switch links manually.


Using this information, your task is to design the VLAN topology with some additional speci

A k topology allows for large redundancy, redundancy is not to be used

Devices In

fications:

lthough the networat this stage. Make sure to disable the links between switches ASW1 and DSW2, ASW2 and DSW1, DSW1 and CSW2, CSW1 and DSW2, CSW1 and router R2, CSW2 and router R1. In other words, the only connection between the upper part of the network (switches ASW1, DSW1 and CSW1) and the lower part of the network (switches ASW2, DSW2 and CSW2) transits through the link between switches CSW1 and CSW2. Use Cisco Discovery Protocol to learn the links between switches and shutdown the ones that are not needed.

For efficiency, several physical connections exist between some of the switches. To simplify the network administration, group these physical links into logical links wherever possible. Where two 100 Mbps links are grouped, use an IEEE grouping protocol, and make sure that one end actively tries to negotiate the virtual link creation, while the other only responds to solicitations and does not actively try to create the link. Where four 100 Mbps are to be grouped, create the virtual link unconditionally without using any negotiation protocol. Use the description feature on each virtual links to reflect which devices they connect. Also use the table in devices information.

Client PC in VLAN 3 and client PC in VLAN 4 need to receive their IP address from routers R1 and R2. R1 and R2 are preconfigured.

formation The table provides the information specific to each switch in the network. This information is the same as in lab 1-1:


ASW1 Layer 2 access switch 10.1.1.1/24 10.1.1.251 1


DSW1 Layer 3 switch 10.1.1.11/24 10.1.1.251 1

DSW2 Layer 3 switch 10.1.1.22/24 10.1.1.252 1

CSW1 Layer 3 switch 10.1.1.111/24 10.1.1.251 1

CSW2 Layer 3 switch 10.1.1.222/24 10.1.1.252 1

R1 Router Fa0/0: 10.1.1.251/24 1

R2 Router Fa0/0: 10.1.1.252/24 1


The table below provides information about the devices connected or to be connected to the netwoabove

rk. Use the space to document which port in your pod each device should connect per the policy and the previous lab information:

Device Role Network location

VLAN Physical port in your lab

CLT1 Client station ASW1 P3 3

CLT2 Client station ASW2 P3 4

NR1 Router DSW1 P7 trunk

NR2 Router DSW2 P7 trunk

WEB1 Web Server ASW1 P5 11

WEB2 Web Server ASW2 P5 12

FTP1 FTP Server ASW1 P4 63

FTP2 FTP Server ASW2 P4 64

FILE1 File Server DSW1 P6 65

FILE2 File Server DSW2 P6 66


Some lpossineedeyou hbund

inks between switches should be bundled together. The following table shows all ble numbering convention for these link bundles. Note that NOT all of these numbers are d. You should use cdp to determine which links between switches can be bundled. Once ave determined which links has to bundle, use the following table to apply the right le number:

Device Link to If used, bundle number should be:

ASW1 W2 10 AS

ASW1 DSW1 11

ASW1 SW2 12 D

ASW2 ASW1 10

ASW2 DSW1 11

ASW2 SW2 12 D

DSW1 1 11 ASW

DSW1 2 12 ASW

DSW SW2 21 1 D

DSW SW1 31 1 C

DSW SW2 32 1 C

DSW2 ASW1 11

DSW2 ASW2 12

DSW2 DSW1 21

DSW2 CSW1 31

DSW2 CSW2 32

CSW SW1 31 1 D

CSW1 DSW2 32

CSW SW2 33 1 C

CSW2 DSW1 31

CSW2 DSW2 32

CSW2 CSW1 33

Network Diagram


Visual Objective for Lab 2-1: Design and Implement VLANs, Trunk and EtherChannel


28 Implementing C orks (SWITCH) v1.0 isco Switched Netw © 2009 Cisco Systems, Inc.


Configuration Commands


Command Description

inter ernet | gigab slot/port

Enters interfac ode for a Cisco Catalyst switch with a Fast Eth interface installed.

face fastethitethernet

e configuration mernet or Gigabit Ethernet

interfastegigabslot/endin

ngface range thernet | itethernet

Selects a ra

starting_port - g_port

e of interfaces to configure.

name Specifies a name for a VLAN for either VLAN database or VLAN uration mode.

vlan-name config

no in n-id type

Disables a VLAN interface. terface vlan vla

show -id switchport

Displays the sinterface interface witch port configuration of the interface.

show rinterface trunk Displays the t unk configuration of the interface.

show Displays VLAN information. vlan

show Tvtp status Shows the V P configuration.

shutd Shuts down or enables an interface. own/no shutdown

switcvlan-

ifies the ding.

hport access vlan Spectrunkid

efault VLAN, which is used if the interface stops

switc cess Puts the interfa nd negotiates to c

hport mode ac ce into permanent nontrunking mode aonvert the link into a nontrunk link.

switc the interfa tes to rt the lin

hport mode trunk Puts conve

ce into permanent trunking mode and negotiak into a trunk link.

switc TPhport nonegotiate Turns off D negotiation.

switc allowed vlan

Configures the s allowed on the trunk. hport trunk remove vlan-list

list of VLAN

switcencapsulation dot1q

802.hport trunk Specifies 1Q encapsulation on the trunk link.

switcencapsulation isl

s ISL ehport trunk Specifie ncapsulation on the trunk link.

inter changroupdesir

ionall ol (PAgP). mod ating state in

ter

n either the desirable or auto mode. When desirable is enab d, silent

face interface-id nel-group channel-

UnconditDesirable

-number mode able

which the insending PAgP group i

le

y enables Port Aggregation Protoce places an interface into a negotiface initiates negotiations with other interfaces by packets. A channel is formed with another port

operation is the default.

show inter

lays interfacrunning-config face interface-id

Disp e-specific configuration information.

vtp d Sets the VTP omain domain-name domain name.

vtp mserve

s the VTP mode. ode [ client | Setr | transparent ]


Johe job aids for this lab activity:

b Aids These are t

Value Location

Blank im ation requirements list Task 1 plement

Blank im plementation plan form Task 2

Blank verific Task 3 ation plan form

Debrief altern End of this lab ate solutions form

Implem Hint Section entation requirement hints

Implem Hint Section entation hints

Verifica int Section tion hints H

Solution c Configuration sectio b guide onfiguration answer key n at the end of the la


T

confiUse tInforimpleeach


gure each device (for example allowed VLANs, VTP role, trunk encapsulation types, etc.). he following table, the initial lab visual objective, the Implementation Policy and Devices mation to create an Implementation Requirement list. Include the high-level mentation tasks needed for each device and how to obtain the information required for task. If you are unsure, use the hints information provided at the end of this lab.




32 Implementing C o Switched Networks (SWITC © 2009 Cisco Syisc H) v1.0 stems, Inc.

To heyou w

lp you decide on the VLAN implementation, use the following table to list the VLANs ill need and decide on which devices they should be configured:

VLAN Number

VLAN Name Configure on switches:

Task 2: Create an Implementation and Verification Plan The second step in your configuration deployment is to create a task list of each item to config e on each device and in what order. The Implementa on and Verification Plan is very important, because it enables you to ensure that all requirements are properly configured and in the correct order. The task will help you setup configuration checkpoints. Use the plan to determine how you will verify that each required item was effectively configured. You will

ur ti

move to the actual implementation in the next task. Use the following table and the Information Packet to create the Implementation and Verification Plan. If you are unsure, use the hints information provided at the end of this lab.

Complete √





Complete √





Complete √





Complete √





Complete √






to conOnce yrequirewill usapply one yoconduyou ar


nect to the remote lab. You can then implement your solution. Do not forget to save! our solution is implemented, verify your configuration is working and fulfills the ments specified by the company. Keep in mind that once you leave the company, they e your configuration as a whitepaper to implement their network. The company will your configuration, without modification, to connect any device of the same type as the u configured for each port. Use the previous table to document the verifications you cted to ensure that your solution is complete. Hints are available at the end of this lab if e unsure about the verification steps.



___

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____


_______________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________


A

durinother

____ _________________________________________

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____



_____________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________


L______________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____


_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________



contai

Lab 2-1 Hint Sheet: hannel

Imork, the first task asks you to create an

list details the elements needed to develop an implem

nts Yo


Design and Implement VLANs, Trunks, and EtherC

plementation Requirements To facilitate the configuration of your netwImplementation Requirements list. The

entation plan. The following is an example of such a list:


ASW1 Port to CLT1 in VLAN 3. Implementation Policy

il Implementation Policy First ava able port in VLAN 63.

Second available port in VLAN 11. Implementation Policy

DS hannel). Implementation PolicyInformation

Link to W1 in trunk mode (verify Etherc , Devices

Allow VLAN Implementation Policys 1, 3, 11 and 63 on trunk. Information

, Devices

Link to DS yW2 in trunk mode (verify Etherchannel). Implementation PolicInformation

, Devices

Allow VLANs 1, 3, 11 and 63 on trunk. Implementation Policy, Devices ation Inform

VTP transparent domain cisco password cisco. Implementation Policy

Configure y and shut port(s) to ASW2. Implementation Polic

ASW2 Port to CLT2 in VLAN 4. Implementation Policy

First available port in VLAN 64. Implementation Policy

Second available port in VLAN 12. Implementation Policy

Link to DSW2 in trunk mode (verify Etherchannel). Implementation Policy, Devices Information

Allow VLANs 1, 4, 12 and 64 on trunk. Implementation Policy, Devices Information

Link to DS . W1 in trunk mode (verify Etherchannel) Implementation Policy, Devices Information

Allow VLANs 1, 4, 12 and 64 on trunk. Implementation Policy, Devices Information

VTP transparent domain cisco, with password cisco.

Implementation Policy

Configure and shut port(s) to ASW1. Implementation Policy

DSW1 VTP transparent, domain cisco password cisco. Implementation Policy

First avail yable port in VLAN 65. Implementation Polic

Second available port in trunk. Implementation Policy

44 Implementing Cisco Switched Networks (SWITCH) v1.0 © 2 s, Inc. 009 Cisco System


VLANs 1, 3, 4, 11, 12, 63, 64, 65 and 66 allowed on trunk

Implementation Policy, Devices . Information

Link to D mode (verify Etherchannel). Implementation PolicInformation

SW2 in trunk y, Devices

VLANs 1on trunk.

liInformation

, 3, 4, 11, 12, 63, 64, 65 and 66 allowed Implementation Po cy, Devices

Configur olie and shut port(s) to DSW2. Implementation P cy

Link to A mode (verify Etherchannel). Implementation Policformation

SW1 in trunk y, Devices In

VLANs 1, 3, 11 and 63 allowed on trunk. Implementation PolicInformation

y, Devices

Link to ASW2 in trunk mode (verify Etherchannel). Implementation Poliction

y, Devices Informa

VLANs 1, 4, 12 and 64 allowed on trunk. Implementation PolicInformation

y, Devices

Configur lie and shut port(s) to ASW2. Implementation Po cy

Link to CSW1 in trunk mode (verify Etherchannel). Implementation Policy, Devices tion Informa


Implementation Policformation . In

y, Devices

Link to CSW2 in trunk mode (verify Etherchannel). Implementation Policy, Devices Information


Implementation Polic. Information

y, Devices

Configur rt(s) to CSW2. Implementation Police and shut po y

Link to D liSW2 in trunk mode (verify Etherchannel). Implementation PoInformation

cy, Devices


Implementation Policy, Devices . Information

Configur rt(s) to DSW2. Implementation Police and shut po y

DSW2 VTP transparent, domain cisco pass cisco. Implementation Policy

First available port in VLAN 66. Implementation Policy

Second available port in trunk. Implementation Policy

VLANs 1, 3, 4, 11, 12, 63, 64, 65 and 66 allowed on trunk.

Implementation Policy, Devices Information




Configure and shut port(s) to DSW1. Implementation Policy

Link to A l). SW1 in trunk mode (verify Etherchanne Implementation Policy, Devices Information

VLANs 3, 11 and 63 allowed on trunk. Implementation Policy, Devices Information

© 2009 Cisco Systems, Inc. 45 Lab Guide


Link to ASW2 in trunk mode (verify Etherchannel). Implementation Policy, Devices Information

VLANs 1, 4, 12 and 64 allowed on trunk. Implementation Policy, Devices Information

Configure and shut port(s) to ASW2. Implementation Policy





VLANs 1, 63, 64, 65 and 66 allowed 3, 4, 11, 12,on trunk.


Configure and shut port(s) to CSW2. Implementation Policy





CSW1 VTP transparent, domain cisco password cisco. Implementation Policy

Link to R1 in trunk. Network Diagram

VLANs 1, d 65 allowed on trunk. Implementation Policy 3, 11, 63 an , Devices Information

Link to R2 work Diagram in trunk. Net

1, licyInformation

VLANs 4, 12, 64 and 66 allowed on trunk. Implementation Po , Devices



Implementation PolicyInformation

, Devices


Link to DS on PolicyInformation

W1 in trunk mode (verify Etherchannel). Implementati , Devices

VLANs 1,on trunk.

yInformation

3, 4, 11, 12, 63, 64, 65 and 66 allowed Implementation Polic , Devices

Link to CS licyW2 in trunk mode (verify Etherchannel). Implementation PoInformation

, Devices

VLANs 1, 3, 64, 65 and 66 allowed on trunk.

Implementation Policyrmation

4, 11, 12, 63, , Devices Info

CSW2 VTP transparent, domain cisco password cisco. Implementation Policy


VLANs 1, 3, 11, 63 and 65 allowed on trunk. Implementation Policy, Devices Information




VLANs 1, 4, 12, 64 and 66 allowed on trunk. Implementation Policy, Devices Information





Link to D mode (verify Etherchannel). SW2 in trunk Implementation Policy, Devices Information




VLANs 1 , 63, 64, 65 and 66 allowed , 3, 4, 11, 12on trunk.



Implan. There are several possible correct solutions.

One papplieuniquenamed contai

Vt

vt

CSW1, CSW2, DSW1 and DSW2. ASW1 and ASW2 req ou may want to configure them manually. An

ification Plan follows.

lementation and Verification Plan In task 2, you will create an implementation p

ossible approach groups items that are common to all switches in a template and then s the template to all switches. You can then configure each switch with items that are to each device, interface mode or EtherChannel links. The common template could be “Common_Template” just like in the previous lab: For this lab, the template could

n the following items:

p mode transparent

p domain cisco

vtp password cisco

vlan 3,4,11,12,63-66

You can implement this template to uire specific VLAN configuration, so y

example of the Implementation and Ver

Complete √

Device Imple-menta-tion Order



Step-by-step No

PC Tem

us (shoomain c

sword cisco).

CSW1 1 aste ommon_ plate.

Show vtp stattransparent, dpas

ws isco,

2

2 C e trunk link to R1, a ANs 1, 3, 11, 6

Show run interface to R1, trunk, allowed VLANs 1, 3, 4, 11, 12, 63, 64, 65 and 66, show interface trunk.

4 onfigurllowed VL3, 65.

3 C kallowed VLANs64, 66.

erface tod VLANs

11, 12, 63, 64, 65 and.

onfigure trun link to R2, 1, 4, 12,

Show run inttrunk, allowe

R2, 1, 3, 4, 66,

4

show interface trunk

4 (Verify if needeconfigure EtheCSW2, on if 4 l if 2 links.

el sd and) rChannel to inks, LACP

Show etherchannactive or on.

tatus 5

C igure trunallo d VLANs12, 63, 64, 65

toNs

5 andshow interface trunk.

5 onfwe

k to CSW2, 1, 3, 4, 11,

and 66.

Show run interface trunk, allowed VLA11, 12, 63, 64, 6

CSW2, 1, 3, 4, 66,

6

6 (Verify if needed and) c gure EtheD 2, on if 4 lif 2 links.

Show etherchannel status 5 onfiSW

rChannel to inks, LACP

active or on.

7 Configure trunallowed VLANs 1, 3, 4, 11, 12, 63, 64, 65 Shut link down

Show run interface to DSW2, trunk allowed VLANs 1, 3, 4,

nd

8 k to DSW2,

and 66. .

11, 12, 63, 64, 65 ashut.

66, link

8 (Verify if needeconfigure EtherChannel to DSW1, on if 4 links, LACP i s.

nnel sactive or on.

d and) Show ethercha

f 2 link

tatus 5

48 Implementing Cisco Switched Networks (SWIT ) v1.0 © 200CH 9 Cisco Systems, Inc.

Complete √




Step-by-step No

9 Configure trunk to DSW1, allowed VLANs 1, 3, 4, 11,

63, 64, 65

Show run interface to CSW2, trunk, allowed 1, 3, 4, 11, 12,

, s

7

12, and 66. 63, 64, 65 and 66interface trunk.

how

CSW2 1 Paste Common_Template.

Show vtp status (shows transparent, domain cisco, password cisco).

9

2 Configure trunk link to R1, allowed VLANs 1, 3, 11, 63, 65.


9

3 Configure trunk link to R2, allowed VLANs 1, 4, 12, 64, 66.


9

4 (Verify if needed and) configure EtherChannel to CSW1, on if 4 links, LACP if 2 links.

Show etherchannel status active or on.

9

5 Configure trunk to CSW1, allowed VLANs 1, 3, 4, 11, 12, 63, 64, 65 and 66.

Show run interface to CSW1, trunk, allowed VLANs 1, 3, 4, 11, 12, 63, 64, 65 and 66, show interface trunk.

9

6 (Verify if needed and) configure Eth erChannel toDSW1, on if 4 links, LACP if 2 links.


9

7 Configure trunk to DSW1, allowed VLANs 1, 3, 4, 11, 12, 63, 64, 65 and 66. Shut link down.

Show run interface to DSW2, trunk allowed VLANs 1, 3, 4, 11, 12, 63, 64, 65 and 66.

9

8 (Verify if needed and) configure EtherChannel to DSW2, on if 4 links, LACP if 2 links.


9

9 Configure trunk to DSW2, allowed VLANs 1, 3, 4, 11, 12, 63, 64, 65 and 66.

Show run interface to CSW2, trunk, allowed 1, 3, 4, 11, 12, 63, 64, 65 and 66, link shut.

9

DSW1 1 Paste Common_Template,

nge VTP er.

vtp status (shows transparent, domain cisco,

co).

10

chaserv

mode to password cis

Show

2 (Verify if needconfigure Eth CSW1, on if 4 links, LACP

links.

l status active or on.

11/12 ed and) erChannel to

Show etherchanne

if 2

3 Configure truallowed VLAN12, 63, 64, 65 and 66.

t

11, 12, 63, 64, 65 and 66, show interface trunk

nk to CSW1, s 1, 3, 4, 11,

Show run interfacetrunk, allowed VLAN

o CSW1, s 1, 3, 4,

14

.


Complete √




Step-by-step No

4 (Verify if needed and) configure EtherChannel to C 2, on if 4 li s.


11/12

SWf 2 link

inks, LACP

5 Configure trunallowed VLANs12, 63, 64, 65 and 6Shut link down

to CSW2, trunk, allowed VLANs 1, 3, 4, 11, 12, 63, 64, 65 and 66. Link

15 k to CSW2, 1, 3, 4, 11,

6.

Show run interface

. shut.

6 (Verify if needeconfigure EtheDSW2, on if 4 lif 2 links.

d and) rChannel to inks, LACP

Show etherchannel sactive or on.

tatus 11/12

C igure trunallowed VLANs12, 63, 64, 65 Shut link down

os

nd 66. Link

7 onf k to DSW2, 1, 3, 4, 11,

and 66. .

Show run interface ttrunk, allowed VLAN11, 12, 63, 64, 65 ashut.

DSW2, 1, 3, 4,

13

8 (Verify if needec gure EtheASW1, on if 4 lif 2 links.

l std and) rChannel to inks, LACP

Show etherchanneactive or on. onfi

atus 11/12

9 Configure trunkallo d VLANs 1, 63 and 65.

run interface toVLANsw inter

16 to ASW1, Show we 3, 11, trunk, allowed

63 and 65, shotrunk.

ASW1, 1, 3, 11, face

10 (Verify if needeconfigure EtheASW2, on if 4 linki s.

status active or on.

11/12 d and) rChannel to

Show etherchannel

s, LACP f 2 link

11 Configure trunkallowed VLANs64 and 66.

e torunk, allowed VLANs

64 and 66, show inter

to ASW2, 1, 2, 12,

Show run interfact

ASW1, 1, 2, 12, face

16

trunk.

12 C gure first port in access VLAN 65.

n onfi available mode,

First available port imode, VLAN 65.

access 18

13 Configure second a ble port ia d VLANs12, 63, 64, 65

Second available port in trunk, , h

19 vailallowe

n trunk, 1, 3, 4, 11,

and 66.

allowed VLANs 1, 363, 64, 65 and 66, sinterface trunk.

4, 11, 12, ow

DSW2 1 Paste Common_Template.

Show vtp status (shows transparent, domain cisco, password cisco).

21

2 (Verify if needed and) configure EtherChannel to CSW2, on if 4 links, LACP i ks. f 2 lin


21

3 Configure trunk to CSW2, allowed VLANs 1, 3, 4, 11, 12, 63, 64, 65 and 66.

Show run interface to CSW2, trunk, allowed VLANs 1, 3, 4, 11, 12, 63, 64, 65 and 66, show interface trunk.

21

50 Implementing Cisco Switched Networks (SWIT ) v1.0 © 200CH 9 Cisco Systems, Inc.

Complete √




Step-by-step No

4 (Verify if needed and) configure EtherChannel to CSW1, on if 4 links, LACP if 2 links.


21

5 Configure trunk to CSW1, allowed VLAN s 1, 3, 4, 11,12, 63, 64, 65 and 66. Shut link down.

Show run interface to CSW1, trunk, allowed VLANs 1, 3, 4, 11, 12, 63, 64, 65 and 66. Link shut.

21



21

7 Configure trunk to DSW1, allowed VLANs 1, 3, 4, 11, 12, 63, 64, 65 and 66. Shut link down.

Show run interface to DSW1, trunk, allowed VLANs 1, 3, 4, 11, 12, 63, 64, 65 and 66. Link shut.

21

8 (Verify if needed and) configure EtherChannel to ASW2, on if 4 links, LACP if 2 links.


21

9 Configure trunk to ASW2, allowed VLANs 1, 2, 12, 64 and 66.

Show run interface t , o ASW1trunk, allowed VLANs 1, 3, 11, 63 and 65, show interface trunk.

21

10 (Verify if needed and) configure Eth erChannel toASW1, on if 4 links, LACP if 2 links.


21

11 Configure trunk to ASW1, allowed VLANs 1, 3, 11, 63 and 65.

Show run interface to ASW1, trunk, allowed VLANs 1, 2, 12, 64 and 66, show interface trunk.

21

12 Configure first available port in access mode, VLAN 66.

First available port in access mode, VLAN 66.

21

13 Configure second available port in trunk, allowed VLANs 1, 3, 4, 11, 12, 63, 64, 65 and 66.

Second available port in trunk, allowed VLANs 1, 3, 4, 11, 12, 63, 64, 65 and 66, show interface trunk.

21

ASW1 1 VTP mode transparent, domain and password

.

Show vtp status, tra domain and password .

22

cisco

nsparent, cisco

2 (Verify if needconfigure EthDSW1, on if 4 links, LACP

ks.

hannel active or on.

ed and) erChannel to

Show etherc

if 2 lin

status 23

3 Configure truallowed VLAN63 and 65.

tN

int

nk to DSW1, s 1, 3, 11,

Show run interfacetrunk, allowed VLA63 and 65, showtrunk.

o DSW1, s 1, 3, 11,

erface

24


Complete √




Step-by-step No

4 (Verify if needed and) configure EtherChannel to D 2, on if 4 li s.


23

SWf 2 link

inks, LACP

5 Configure trunallowed VLANs63 and 65.

to DSW2, trunk, allowed VLANs 1, 3, 11, 63 and 65, show interface

24 k to DSW2, 1, 3, 11,

Show run interface

trunk.

6 Port to CLT1 in e toess VLAN 3.

VLAN 3. Show run interfacacc

CLT1, 25

7 First available port in VLAN 63.

Show run interface tocess

26 first available port, ac63.

VLAN

8 Second available port in VLAN 11.

Show run interface to s, access

econd 27 available port11.

VLAN

ASW2 1 VTP mode transparent, domain and password ci . sco

Show vtp status, trans t, parendomain and password cisco.

28

2 (Verify if needed and) configure EtherChannel to DSW1, on if 4 links, LACP i s. f 2 link


29

3 Configure trunk to DSW1, allowed VLANs 1, 2, 12,64 and 66.

Show run interface to DSW1, trunk, allowed VLANs 1, 2, 12, 64 and 66, show interface trunk.

30



29

5 Configure trunk to DSW2, allowed VLANs 1, 2, 12, 64 and 66.

Show run interface to DSW2, trunk, allowed VLANs 1, 2, 12, 64 and 66, show interface trunk.

30

6 Port to CLT2 in VLAN 4. Show run interface to CLT2, access VLAN 4.

31

7 First available port in VLAN 66.

Show run interface to first available port, access VLAN 64, show interface trunk.

32

8 S availabecond le port in VLAN 12.

Show run interface to second available port, access VLAN 12.

33


StSt e

.

Step 2 Inject

nes:

— l n 3,4,11,12,63-66

nt to the console.

e is reported.

Step 3 Us port to each neighbors:

idge P - Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID

DSW1 144 S I WS-C3560- Fas 0/2 DSW1DSW2DSW2CSW2CSW2CSW2CSW2

Step 4 For each

inteswit swi swi

Step 5 Using theswitches

S

m d. Switch CSW1 will be the active side, switches DSW1 and D

ep-by-Step Procedure ep 1 Connect to the switch CSW1 in configuration mod





the Common_Template file

Create a notepad text file named Common_template and containing the li

— Vtp mode transparent

— vtp domain cisco

— vtp password cisco

v a

Paste the Common_Template file conte

Verify as you paste that no error messag

e the show cdp neighbor command to check the

CSW1#sh cdp ne Capability Codes: R - Router, T - Trans Bridge, B - Source Route Br S - Switch, H - Host, I - IGMP, r - Repeater,

R1 Fas 0/11 85 R S I RO-2811- Fas 0 R2 Fas 0/12 85 R S I RO-2811- Fas 1

Fas 0/2 Fas 0/1 144 S I WS-C3560- Fas 0/1 Fas 0/4 148 R S I WS-C3560- Fas 0/4 Fas 0/3 148 R S I WS-C3560- Fas 0/3

Fas 0/10 138 R S I WS-C3560- Fas 0/10 Fas 0/9 138 R S I WS-C3560- Fas 0/9 Fas 0/8 138 R S I WS-C3560- Fas 0/8 Fas 0/7 138 R S I WS-C3560- Fas 0/7

port to routers R1 and R2, enter (taking interface f0/11 as an example):

rface f0/11 chport trunk encapsulation dot1q tchport mode trunk tchport trunk allowed vlan 1,3,4,11,12,63,64,65,66

show cdp neighbor information, determine if EtherChannel is to be configured on links to CSW2, DSW1, and DSW2:

witch CSW1 has 4 links to switch CSW2, EtherChannel mode on should be used.

Switch CSW1 has two links to switch DSW1 and two links to switch DSW2, EtherChannel ode LACP should be useSW2 will be the passive side.


Step 6 Configure the link to switch CSW2, using the show cdp neighbor information and the EtherChannel table from the Information packet:

interface range f0/7 - 10 switc swit swit 66 chan exit inteswitc swit swit 66

Step 7 Configure formation and the EtherChan

66 chan exit inteswitc switswitc

Step 8 Configure r information and the EtherChan

interswitc swit

inte swit swit swit 66 shut

Step 9 Repeat ste ports to switch D

Step 10 Repeat ste

Step 11 Use the sh

DSW1#Capab

155 S I WS-C2960- Fas 0/1 ASW2 Fas 0/7 156 S I WS-C2960- Fas 0/2

130 R S I WS-C3560- Fas 0/5 128 R S I WS-C3560- Fas 0/4

- Fas 0/3 0- Fas 0/2

CSW1 163 R S I WS-C3560- Fas 0/1

hport trunk encapsulation dot1q chport mode trunk chport trunk allowed vlan 1,3,4,11,12,63,64,65,nel-group 33 mode on rface port-channel 33

unk encapsulation dot1q hport trchport mode trunk chport trunk allowed vlan 1,3,4,11,12,63,64,65,

the link to switch DSW1, using the show cdp neighbor innel table from the Information packet:

face range f0/1 - 2 interswitchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 1,3,4,11,12,63,64,65,

nel-group 31 mode active rface port-channel 31

q hport trunk encapsulation dot1chport mode trunk

64,65,66 hport trunk allowed vlan 1,3,4,11,12,63,

switch DSW2, using the show cdp neighbo the link tonel table from the Information packet:

face range f0/3 - 4 q hport trunk encapsulation dot1

chport mode trunk chport trunk allowed vlan 1,3,4,11,12,63,64,65,66 swit

channel-group 32 mode active shutdown exit

rface port-channel 32 chport trunk encapsulation dot1q chport mode trunk

4,11,12,63,64,65,chport trunk allowed vlan 1,3,down

ports to switch DSW1 and leaving theps 1 to 8 on switch CSW2, shutting down the SW2 enabled.

ps 1 and 2 on DSW1.

ow cdp neighbor information to discover neighbors:

sh cdp ne R - Router, T - Trans Bridge, B - Source Route Bridge ility Codes:

S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ASW1 Fas 0/6

DSW2 Fas 0/5 CSW2 Fas 0/4 CSW2 Fas 0/3 127 R S I WS-C3560CSW1 Fas 0/2 163 R S I WS-C356

Fas 0/1

54 Implementing orks (SWITCH) v1.0 © 2009 Cisco Systems, Inc. Cisco Switched Netw

Step 12 Using the show cdp neighbor information, determine if EtherChannel should be configured on links to switches CSW2, DSW1m and DSW2:

DSW1 has 1 link to ASW1 and ASW2, 1 link to DSW2. EtherChannel should not be used.

Step 13 Co

swi vlan 1,3,4,11,12,63,64,65,66 shu

Step 14 Configur EtherChannel table from

inte /1 - 2

,11,12,63,64,65,66 chan exi intswit swiswit

Step 15 Configur eighbor information and the EtherChannel table from

inteswit swi swi

inte swi swi swi ,66 shuDSW1Chan---- Grou----GrouPortPortProtMini Grou----GrouPort 8 Port rt-channels = 1 ProtMini

DSW1 has 2 links to CSW1 and 2 links to CSW2. EtherChannel mode LACP should be used. DSW1 will be the passive side for links to CSW1 and CSW2.

nfigure the link to switch DSW2, using the show cdp neighbor information:

interface f0/5 switchport trunk encapsulation dot1q switchport mode trunk

tchport trunk allowedtdown

e show cdp neighbor information and the e the link to switch CSW1, using th the Information packet:

rface range f0switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 1,3,4

nel-group 31 mode passive t erface port-channel 31

t1q chport trunk encapsulation dotchport mode trunk chport trunk allowed vlan 1,3,4,11,12,63,64,65,66

e the link to switch CSW2, using the show cdp n the Information packet:

rface range f0/3 - 4 t1q chport trunk encapsulation do

tchport mode trunk tchport trunk allowed vlan 1,3,4,11,12,63,64,65,66

channel-group 32 mode passive shutdown exit

rface port-channel 32 tchport trunk encapsulation dot1qtchport mode trunk

3,4,11,12,63,64,65tchport trunk allowed vlan 1,tdown #sh etherchann nel-group listing:

---- --------------

p: 31 ------ p state = L3 s: 2 Maxports = 8 -channels: 1 Max Port-channels = 1 ocol: - mum Links: 0

p: 32 ------ state = L3 p

s: 2 Maxports =-channels: 1 Max Poocol: - mum Links: 0


Step 16 Configure the link to switch ASW1, using the show cdp neighbor information:

interface f0/6 switc tion dot1q swit swit

Step 17 Configure

swit swit

Step 18 Configure

Inter

Step 19 Configure er:

Interswitc

12,63,64,65,66

Step 20 Repeat ste to 19 on DSW2, leaving links to switch CSW2 enabled and links to sw h DSW1, switch DSW2 is the passive sid

Step 21 On ASW1

VTP Version : running VTP1 (VTP2 capable)

Numbe : 17 VTP O : Transparent VTP D : cisco VTP P : Disabled VTP V : Disabled VTP TMD5 dConfi :00

Step 22 Repeat ste

Step 23 Use step 1

Step 24 Configure

InterSwitcSwitc

Step 25 Configure

Switchport mode access

SwitchpSwitc

Step 27 Repeat ste

hport trunk encapsulachport mode trunk

,11,63,65 chport trunk allowed vlan 1,3

the link to switch ASW2, using the show cdp neighbor information:

interface f0/7 switchport trunk encapsulation dot1q

chport mode trunk chport trunk allowed vlan 1,4,12,64,66

the link to the File server:

face f0/8 hport mode access Switc

Switchport access vlan 65

the link to the new rout

face f0/9 hport trunk encapsulation dot1q chport mode trunk swit

switchport trunk allowed vlan 1,3,4,11,

ps 1 and 2, then steps 11itch CSW1 shutdown. On the EtherChannel link to switce. File Server is in VLAN 66.

configurt the VTP mode.

Vtp domain cisco Vtp mode client Vtp password cisco Show vtp status

Configuration Revision : 0 Maximum VLANs supported locally : 1005

r of existing VLANs perating Mode

omain Name runing Mode

2 Mode raps Generation : Disabled

xBD 0x56 0x50 0xDE 0x3E igest : 0xDE 0x86 0x25 0guration last modified by 0.0.0.0 at 0-0-00 00:00

p 11 to discover neighbors.

6 model to configure links to DSW1 and DSW2.

the link to client CLT1:

face f0/3 hport mode access hport access vlan 3

the link to the FTP server:

Interface f0/4


Step 26 Configure the link to the Web server:

Interface f0/5 ort mode access

hport access vlan 63

ps 1 and 2 on switch ASW2.


Step 28 Repeat step 11 to discover neighbors.

Step 29 Use step 16 model to configure links to switches DSW1 and DSW2.

Swit

Step 31 Configur

Inte

Step 32 Configur ver:

InteSwit

Step 30 Configure the link to client CLT2:

Interface f0/3 Switchport mode access

chport access vlan 4

e the link to the FTP server:

rface f0/4 Switchport mode access Switchport access vlan 12

e the link to the Web ser

rface f0/5 chport mode access


LaC

Activity Objn occur when VLANs and trunks are not properly configured. e network you configured in the previous lab. Proud of your

achievemenwhile severalthat thwhen need tthis ac

Di

Di

Do m resolution.

VisualT

b 2-2: Troubleshoot Common VLAN onfiguration and Security Issues

Complete this lab activity to practice what you learned in the related module.

ective There are many issues that caEverything worked well in th

ts, you decided to take a week off. During that time, one of your team assistants, preparing for his CCNA, filled in for you, and took care of the network. He had to face issues, and tried to improve your configuration on a few points. Unfortunately, it seems

e improvements somehow affected Layer 2 connectivity in your network. In other words, you came back, three troubleshooting tickets were waiting for you on your desk. You o fix the network quickly using the tools you learned in this module. After completing tivity, you will be able to meet these objectives:

agnose and resolve Layer 2 connectivity problems.

agnose and resolve VLAN and EtherChannel related problems.

cument troubleshooting progress, configuration changes, and proble

Objective he figure illustrates what needs to be accomplished in this activity.


ive for Lab 2-2: Troubleshoot N Configuration and Security

Visual ObjectCommon VLAIssues


58 Implementing C H) v1.0 isco Switched Networks (SWITC © 2009 Cisco Systems, Inc.

Ce commands that you will use in this activity.



Command Description

confi l Enters global c from privileged EXEC mode, gure termina onfiguration mode,

enabl password Enters the privileg de command interpreter e password ed EXEC mo

exit its the curreEx nt mode

intergigab

ach

face fastethernet | itethernet slot/port

Enters interfwith a Fast Et

e configuration mode for a Cisco Catalyst switch ernet or Gigabit Ethernet interface installed

inter nge fastegigabslot/endin

Selects a rangface rathernet | itethernet starting_port - g_port

e of interfaces to configure

name Specifies a naconfiguration mode

vlan-name me for a VLAN for either VLAN database or VLAN

no intype

les a VLAN interface terface vlan vlan-id Disab

ping Sends an ICMPdefault settings

ip-address echo to the designated IP address, using the of size and response window time

show interface interface-id sw

Displays the s the interface itchport

witch port configuration of

show ce trunk Displays the trunk configuration of the interface interfa

show Displays VLANvlan information

show vtp status Shows the VTP configuration

shutd orown/no shutdown Shuts down enables an interface

switcvlan-

Specifies the default VLAN, which is used if the interface stops ing

hport access vlan id trunk

switc the interface into permanent nontrunking mode and negotiates to c

hport mode access Puts onvert the link into a nontrunk link

switc Puts the interfa negotiates to convert the lin

hport mode trunk ce into permanent trunking mode andk into a trunk link

switc off DTPhport nonegotiate Turns negotiation

switcvlan

thehport trunk allowed remove vlan-list

Configures list of VLANs allowed on the trunk.

switcencap

Specifies 802.1Q encapsulation on the trunk link hport trunk sulation dot1q

switchport trunk encap

Specifies ISL esulation isl

ncapsulation on the trunk link

telne termin or switch that permits yo er the

t ip-address Starts a al emulation program from a PC, router,u to access network devices remotely ov

network


Command Description

interface interface-id channgroup-desira

Unconditionally enable PAgP. Desirable mode places an interface otiatin interfth anoten de

el-group channel-number mode ble

into a negwith otherformed wimode. Wh

g state in which the interface initiates negotiations aces by sending PAgP packets. A channel is

her port group in either the desirable or auto sirable is enabled, silent operation is the default.

show rinterface interface-id

Displays interfacunning-config e-specific configuration information.

vtp do P doon mod

main domain-name Sets the VTconfigurati

main name in either the VLAN database or e

vtp moserver

TP mde [ client | | transparent ]

Sets the V ode

Job Aids These jo plete the lab activity.

e Tickets

eshooting Log

b aids are available to help you com

Troubl

Troubl


T

conclLuckrepla

This n you come in and asked your assistant how things went, he tells you that he stayed late trying to get things to work but in the end did not manage it. He asks you to have a look he dohis coswitc

Userand h

Your task is to diagnose the issues and restore switch ASW1 as a fully functional access switch on th

Trouble Ticket B: VLAN 66 Access Problem Yourbacku stalled beyond the switch CSW2 and no devices in the network seem to be able to reach VLAN 66 anymore. The File2 Server team first thought of a hacker attack

be intact. ce to router

connefortu

Your66 coand R

Trouble TicYour assistan on this Monday morning. He complains that he already spent hours assistthat tabou

your assistant started figuration issue u exactly what

impro

Your

rouble Ticket A: Switch Replacement has Gone Wrong Late Friday afternoon, the access switch ASW1 failed and your assistant quickly had to

ude that the power supply had gone bad and that the switch needed to be replaced. ily, your team still had a similar switch on the shelf and your assistant rushed on site to ce it.

morning, whe

because he is out of ideas. When you ask him what the exact problem is, he tells you that es not know and that it “simply does not work”. He first thought was the issue came from nfiguration on switch ASW1, but then he also tried to verify and improve the other

hes on the path and is not sure anymore.

on PC Client 1 has already started to complain that he cannot get access to the network e needs this problem to be fixed today.

e network.

assistant also reports a call on Thursday evening from the File2 Server administrator. A p File2 server was in

and removed the File2 from the network for forensic analysis. The Server seems toThe File2 Server team then decided to try to ping from router R1 VLAN 66 interfaR2 VLAN 66 interface. The ping fails. They are convinced that your assistant broke

ctivity for this VLAN and ask you to fix the issue immediately. Each lost minute costs a ne.

task is to identify the misconfigured item and solve the issue to recover router R1 VLAN nnectivity to router R2 VLAN 66 connectivity. R1 VLAN 66 IP address is 10.1.66.251, 2 VLAN 66 IP address is 10.1.66.252.

ket C: Gateway Unreachable t seems depressed

trying to help PC Client 2 who could not reach his gateway, router R2, anymore. Your ant is convinced that PC Client 2 user broke his PC configuration, and does not believe he issue has anything to do with the fact that your assistant improved some minor points t the network configuration.

Although you trust your assistant, the fact that the issue started as soon as improving the configuration makes you wonder if there would not be a consomewhere on one switch. The fact that your assistant is reluctant to tell yo

vements were made when the failure occurred clearly contribute to your doubts.

task is to ensure that PC Client 2 can ping router R2.


Inm the troubleshooting tickets, this first troubleshooting lab contains three

types o

Tr s communication issues between switch ASW1 and router R1, thus in the upper part of the lab.

ropriate roles and coordinate device access between the team members. A logical the workload could be to assign the upper section of the pod (client CLT1the pothe uplab coboth thorganiteam mthe coshouldreloadmembthe neelater la

Once rissuesfacilitatroubl

The in directions to prepare the lab equipment for this lab. After the instructor indicates that the lab is fully prepared, you are ready to start troubleshooting.

structions As you can see fro

f issues:

ouble Ticket A involve

Trouble Ticket C involves communication issues between client CLT2 and router R2, thus in the lower part of the lab.

Trouble Ticket B involves communication issues between the upper and the lower part of the lab.

Together with your team members, create a troubleshooting plan to divide the work, assign each team member app

way of organizing-switch ASW1-switch DSW1-switch CSW1-router R1) to one team and the lower part of d (client CLT2, switches ASW2, DSW2, and CSW2) to a second team. Issues affecting per part of the lab could be solved by the first team. Issues affecting the lower part of the uld be solved by the second team. The whole team will have to work out issues affecting e upper and lower section. This is just an example of possible organization. Whichever zational model you choose, assign the primary responsibility for each of the devices to a ember. The team member who has primary responsibility for a device is in control of

nsole of that device and changes to the devices. This means that no other team member access the console, make changes to the device or execute disruptive actions such as ing or debugging without permission from the controlling team member. All team ers can access all devices via Telnet or SSH for non-disruptive diagnostic action, without d for permission of the controlling member. Responsibilities can be reassigned during bs if necessary.

oles have been assigned, work together on Trouble Tickets A, B, and C to resolve the . Document your progress in the “Troubleshooting Log” provided below in order to help te efficient communication within the team and to have an overview of your

eshooting process for reference during the lab debrief discussions.

structor will provide you with


Ts and results during the troubleshooting process.

roubleshooting Log Use this log to document your action

Trouble Ticket

Actions and results


Trouble Ticket

Actions and results

64 Implementing C sco Switched Ne orks (SWITCH) v1.0 © 2009 Cisco Systems, Inc. i tw

Trouble Ticket

Actions and results


Trouble Ticket

Actions and results


Aen you attain the results below.

Trouble Ticket A: are connected to switch ASW1 can acquire an IP address via DHCP.

You ave documented your process, your solution, and any changes that you have made to

Troub the router R1 interface in VLAN 66 to the router

R2 interface in VLAN 66.

VLAN 66 can be reached through all trunks.

r solution, and any changes that you have made to

Troub

ASW2 can ping the gateway router R2.

You have documented your process, your solution, and any changes that you have made to ons.

ctivity Verification You have completed this lab wh

Client PCs that

Client PCs that are connected to switch ASW1 can ping the gateway router R1.

hthe device configurations.

le Ticket B: You can complete an extended ping from

Switch CSW2

Switch CSW2 interfaces in VLAN 66 are properly configured.

You have documented your process, youthe device configurations.

le Ticket C: Client PCs that are connected to switch ASW2 can acquire an IP address via DHCP.

Client PCs that are connected to switch

the device configurati

Tr

resolv

ouble Ticket A: Sample Troubleshooting Flow The following pages illustrate an example of a method that you could follow to diagnose and

e Trouble Ticket A.


ASW1 management interface is in VLAN 1, CLT1 is in VLAN 3.

CLT2>ping 10.1.3.251

Pinging 10.1.3.251 with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Ping statistics for 10.1.3.251:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

ASW1#ping 10.1.1.251

Sending 5, 100-byte ICMP Echos to 10.1.1.251, timeout is 2 seconds:

Packet sent with a source address of 10.1.1.1

!!!!!

Success rate is 100 percent (5/5)

Confirm or Deny Layer 3 Connectivity

Usualhave diaslead y

caused by a host-based firewall that is blocking pings).

Supat

Client Ping to terface fails.

ly, you would start troubleshooting the Layer 2 connectivity between devices because you scovered that there is no Layer 3 connectivity between two adjacent Layer 2 hosts, such

two hosts in the same VLAN or a host and its default gateway. Typical symptoms that could ou to start examining Layer 2 connectivity would be:

Failing pings between adjacent devices. (Keep in mind, though, that this may also be

ccessful pings between hosts in another Layer 2 domain but sharing the same physical h, such as hosts in another VLAN on the same link.

CLT1 is in VLAN 3 and obtains its IP address from router R1, acting as a DHCP server. router R1 interface in VLAN 3 from the client CLT1 command prompt in

Switch ASW1 is in VLAN1. Pings from switch ASW1 to router R1 interface in VLAN 1 succeed. This output shows that there is a physical path, Layer 2 and Layer 3 connectivity between switch ASW1 and router R1.

You can narrow the issue down to a physical connectivity issue between switch ASW1 and client CLT1, or a VLAN issue.



ASW1#sh vlan

VLAN Name Status Ports

---- --------------------------- --------- -------------------------------

1 default active Fa0/2, Fa0/4, Fa0/5 Fa0/6,

Fa0/7, Fa0/8, Fa0/9, Fa0/10

Fa0/12, Fa0/17, Fa0/18, Fa0/23

4 VLAN0004 active

11 VLAN0011 active Fa0/3

14 VLAN0014 active

63 VLAN0063 active

1002 fddi-default act/unsup

Key Clue: ASW1 VLAN Configuration

Once yowill

Verify Layer 1 and Layer 2 connectivity. If Layer 1 connectivity is broken, the interfaces should be down. If Layer 1 connectivity is established but Layer 2 connectivity is broken, a ua

D ion, baselines, and knowledge of your n you would expect frames to

pected path are actually up and forwarding traffic. If the actual

u have determined that the problem is most likely a Layer 2 or Layer 1 problem, you want to reduce the scope of the potential failures. You can diagnose Layer 2 problems with

this common troubleshooting method:

seful tool is cdp. Unless cdp is disabled, you should be able to use it to verify each device djacencies.

etermine the Layer 2 path. Based on documentatetwork in general, the next step is to determine the path that

follow between the affected hosts. Determining the expected traffic path beforehand will help you in two ways: It will give you a starting point for gathering information about what is actually happening on the network and it will make it easier to spot abnormal behavior. The second step in determining the Layer 2 path is to follow the expected path and verify that the links on the extraffic path is different from your expected path, this step may give you clues about the particular links or protocols that are failing and the cause of these failures.

In this case, layer 2 connectivity might be involved as the VLAN database on switch ASW1 does not show VLAN 3. If the VLAN does not exist, CLT1 cannot communicate with its gateway in VLAN 3. You can create VLAN 3 on switch ASW1 from the global configuration mode.

68 Implementing C ched Networks (SWITCH) v1.0 © 2009 Cisco Systems, Inc. isco Swit


CLT1 is supposed to be in VLAN 3

Show running-config interface f0/3

Building configuration...

Current configuration : 189 bytes

!

interface FastEthernet0/3

description to CLT1

switchport access vlan 11

switchport mode access

End

Config terminal

Int f0/3


% Access VLAN does not exist. Creating vlan 3

Key Clue: ASW1 Port Configuration

AnotVLAN 11connectVLAN 11

You can change it to VLAN 3. If VLAN 3 has not been created before, the 2960 platform create

Tryingthe iss

her key piece of information comes from the previous page that displays information about . It is said to be active on interface f0/3, which is the interface to which client CLT1

s. Verifying the f0/3 interface configuration shows that it is set to access mode, but in .

s the VLAN automatically as soon as a port is affected to that VLAN.

to ping router R1 from client CLT 1 at this stage would still fail. You need to examine ue a little bit further.



ASW1# show run int f0/1Current configuration : 164 bytes!interface FastEthernet0/1description to DSW1

switchport trunk encapsulation dot1qswitchport mode trunk

end

DSW1# show run int f0/6


!


description to ASW1

switchport trunk encapsulation dot1q



end

Key Clue: ASW1 –DSW1 Trunk Configuration

The

then yo

ASW1#Show cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge DeviDSW1

Switc port f0/6 in this e r 2 protocol that may see neighboring devices even if the liDSW

TrunASWthe sw

As shin VLmodetrunk outer R1. The IP address renews successfully, thus proving layer 2 connectivity between Client 1 and route

next logical step could be to verify the path from switches ASW1 to DSW1. A useful tool to verify neighbor information is CDP. If switch ASW1 does not see switch DSW1 with CDP,

u should suspect a Layer 1 issue might be the cause:

S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

ce ID Local Intrfce Holdtme Capability Platform Port ID Fa 0/1 174 T I CA 3550 Fa 0/6

h DSW1 is seen, at least by CDP. Switch ASW1 port f0/1 connects to DSW1xample. CDP is an independent Layenk configuration is partly incorrect. The next step could be to verify the switch ASW1-1 link configuration. This link is supposed to be a trunk.

k configuration is correct on switch ASW1 as shown above. If you are managing switch 1, it is time to inform your team that the issue might also be on switch DSW1, and verify itch DSW1 link to switch ASW1.

own above, the port configuration on switch DSW1 is incorrect. It is set to access mode, AN 65. VLAN 3 information coming from switch ASW1 cannot be received in this . The interface command switchport mode trunk allows you to change the mode back to . On Client 1, you try to renew the IP address, which is to be assigned from r

r R1. You have solved Problem 1.



Al

duringother p

_____ ________________________________________

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

ternate Resources and Solutions to the One You Used Other groups may use a solution different from yours. Possible solutions will be discussed

the debrief period after the lab. For your reference, use the following space to document ossible solutions.

_____________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________


_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

Tr

resolv

ouble Ticket B: Sample Troubleshooting Flow The following pages illustrate an example of a method that you could follow to diagnose and

e Trouble Ticket B.


R1#pingProtocol [ip]: Target IP address: 10.1.66.252Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: ySource address or interface: 10.1.66.251Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.66.252, timeout is 2 seconds:Packet sent with a source address of 10.1.66.251 .....Success rate is 0 percent (0/5)

Connectivity Verification: R1 to R2 in VLAN 66

The firtroubleshprobleprobleor CS

st test can be to ping router R2 from router R1 interface in VLAN 66. As reported on the ooting ticket, the ping is unsuccessful. This issue could come from IP addressing

ms on routers R1 or R2 as well as layer 2 configuration problems. If you start this m as a layer 2 issue, you might begin by looking at the configurations on switch CSW1

W2.



interface FastEthernet0/7switchport trunk encapsulation dot1qswitchport mode trunkshutdownchannel-group 33 mode on!interface FastEthernet0/8switchport trunk encapsulation dot1qswitchport mode trunkshutdownchannel-group 33 mode on…/…

Key Clue: CSW2 Links to CSW1

A loCSW1

On s

Show run int f0/11 Buildi Curr! interface FastEthernet0/11 swi swiend DSW1Fast is up (connected) …/… The nected. The known on CSW1: CSW1 VLAN s ---- ---------------------------- …/… 66 …/…

VLA ed on switcThe c

gical step is to verify switch CSW1 to switch CSW2 link configuration, along with switch to router R1 and switch CSW2 to router R2 configurations

witch CSW1, the link to router R1 is supposed to be a trunk:

ng configuration...

ent configuration : 95 bytes

tchport trunk encapsulation dot1q tchport mode trunk

#sh int f0/11 Ethernet0/11 is up, line protocol

link to R1 is configured properly, and con step could be to verify if VLAN 66 isnext

#sh vlan

Name Status Port--- --------- --- -----------------------------

VLAN0066 active

N 66 is known, at least on switch CSW1. The same verifications could be conducth CSW2, verifying the trunk link to router R2 along with switch CSW2 VLAN database.

be valid, just like on switch CSW1. onfiguration should

74 Implementing witched Networks (SWITCH) v1.0 © 2009 Cisco Systems, Inc. Cisco S


In a step

CSW1#sh oup: Port- ----- Age o l = 0d:00h:45m:07s Logic 2/24 Number of ports = 0 HotStPort Proto

The Et nfirm this point b

Show inter swit swit channe mode passive ! inter swit swit chan! inter swit swit chan! inter swit swit chan

They a 2) is still in on mode, passive on swi decide to correct this:

CSW1#Enter h CNTL/Z. CSW1 CSW1 CSW1 CSW1

You thping w

by step approach, you could verify the link between switches CSW1 and CSW2:

ow etherchannel 33 port-ch Port-channels in the gr ---------------------------

channel: Po33 (Primary Aggregator)

-------

f the Port-channe slot/port = al

andBy port = null state = Port-channel Ag-Not-Inuse col = LACP

herChannel link is not in use! It shows LACP instead of “on”! You can coy checking the physical connections:

run face FastEthernet0/7 chport trunk encapsulation dot1q chport mode trunk l-group 33

face FastEthernet0/8 chport trunk encapsulation dot1q chport mode trunk nel-group 33 mode passive

FastEthernet0/9 facechport trunk encapsulation dot1q chport mode trunk nel-group 33 mode passive

face FastEthernet0/10 rt trunk encapsulation dot1q chpo

chport mode trunk nel-group 33 mode passive

other end (switch CSWre obviously in a wrong mode. Thetch CSW1 will not create an EtherChannel. You

conf t configuration commands, one per line. End wit(config)#int ran f0/7 - 10

gr 33 mo pas (config-if-range)#no channel-(config-if-range)#channel-gr 33 mo on (config-if-range)#end

en may want to try again to ping router R2 from router R1 interface in VLAN 66: the ould still be unsuccessful. There is more than one issue to solve for this ticket.


CSW2# show run int po 33

interface Port-channel33

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-65,67-4094

switchport mode trunk…/…

Key Clue: CSW2 EtherChannel to CSW1

You may then shift your attention to switch CSW2 and verify its connection to switch CSW1. EtherChannel link does not seem to be operational on this side either. Verifying the ports iguration shows that they are in shutdown state. Once enabled, a verification of the Port-

el for these ports show that the link is up.

The confChann

CSW2#show etherchannel 33 port-channel Port---- Age LogiGC = null PortProt Port Inde EC state No of bits ---- 0 0 0 0 Time :00m:17s Fa0/9

Now reattempt a ping from router R1 to router R2. The ping is st r part to the issue to solve.

-channel: Po33 --------

of the Port-channel = 0d:00h:00m:49s cal slot/port = 2/24 Number of ports = 4 = 0x00000000 HotStandBy port state = Port-channel Ag-Inuse ocol = -

s in the Port-channel:

x Load Port --+------+------+------------------+----------- 00 Fa0/7 On 0 00 Fa0/8 On 0 00 Fa0/9 On 0 00 Fa0/10 On 0

since last port bundled: 0d:00h

that the ports are enabled, you may want toill unsuccessful. There is still anothe



While EtherCfrom t

CSW2#Enter ommands, one per line. End with CNTL/Z. L3SW4L3SW4L3SW4R1#piProtoTargeRepeaDatagTimeoExtenSourc .66.251 Type Set DValidData LooseSweepType Sendi timeout is 2 seconds: Packe .66.251 !!!!!Succe

verifying switch CSW2 configuration, you may see that VLAN 66 is not allowed on the hannel! You might have seen this issue at an earlier stage. It is shown here to isolate it

he shutdown issue. It is easy to correct:

conf t configuration c(config)#int po 33 (config-if)#sw trun all vla ad 66 (config-if)#end ng col [ip]: t IP address: 10.1.66.252

: t count [5]ram size [100]: ut in seconds [2]: ded commands [n]: y e address or interface: 10.1of service [0]: F bit in IP header? [no]: ate reply data? [no]: pattern [0xABCD]:

Verbose[none]: , Strict, Record, Timestamp, range of sizes [n]: escape sequence to abort.

6.252, ng 5, 100-byte ICMP Echos to 10.1.6f 10.1t sent with a source address o

ss rate is 100 percent (5/5)


A

durinother

____ _________________________________________

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____



_____________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

Td

resol

rouble Ticket C: Sample Troubleshooting Flow The following pages illustrate an example of a method that you could follow to diagnose an

ve Trouble Ticket C.


ASW2#sh run int f0/3Building configuration...Current configuration : 82 bytes!interface FastEthernet0/3switchport access vlan 4switchport mode trunkend

ASW2#sh run int f0/1

Building configuration...


!




end

Key Clue: ASW2 Ports Configuration

A possiexamYou ob

ASW2EnteASW2(config)#int f0/3 ASW2(config-if)#sw mo ac ASW2

Sinceconfi port is f0/1. You notice this time that the port i unk mode:

ASW2EnteASW2ASW2ASW2

After yorenew

ble first step is to verify switch ASW2 port to client CLT2 configuration. In this ple, the port is f0/3. The port is in trunk mode. It should be in access mode in VLAN 4.

viously correct this mistake:

#conf t r configuration commands, one per line. End with CNTL/Z.

(config-if)#end

the switch ASW2 port configuration was incorrect, you may also want to verify the port guration to switch DSW2. In this example, thes in access mode, so you need to change it to tr

#conf t r configuration commands, one per line. End with CNTL/Z. (config)#int f0/1 (config-if)#sw mo trunk (config-if)#end

u have made the changes, have you resolved the issue? Test the solution by trying to client CLT2 IP address and if it fails, then there are other issues.

80 Implementing nc. Cisco Switched Networks (SWITCH) v1.0 © 2009 Cisco Systems, I


DSW2#sh run int f0/6Building configuration...Current configuration : 104 bytes!interface FastEthernet0/6switchport trunk encapsulation dot1qswitchport mode trunkshutdownend

Key Clue: DSW2 Link to ASW2

Now turn your attention to switch DSW2 and check its connection to switch ASW2. The port is own so you need to re-enable it for communication to switch ASW2:

conf t configuration commands, one per line. End with CNTL/Z.

shutd

DSW2#EnterDSW2(config)#int f0/6 DSW2(config-if)#no sh DSW2(

When rnotice wrong VLAN. Client CLT2 has an address in VLAN 1 instead

config-if)#end

enewing the client CLT2 IP address this time, CLT2 does obtain an IP address but you that the IP address is on the of VLAN 4.



DSW2#sh run int po 32Building configuration...Current configuration : 125 bytes!interface Port-channel32switchport trunk encapsulation dot1qswitchport trunk native vlan 4switchport mode trunkend

Key Clue: Native VLAN

You have already checked the port configuration for client CLT2 on switch ASW2 and you it is an Access port in VLAN 4. The switches DSW1 and DSW2 port configuration show

the ports are in trunking mode and a possible cause might be a native VLAN problem. ing the port configuration on switch DSW2 to switches CSW1 and CSW2 verifies the

know thatCheckproblem as a Native VLAN issue:

DSW2Buil Curr! inte swi swi swiend DSW2Buil Curr! inte swi swi swiend

Both l the other links are in native VLAN 1, the DHCP reque DSW2 to switch CSW2 on VLAN 4, and switch CSW ter R2.

Chan CSW1 and between switches DSW2 and C

#sh run int po 32 ding configuration...


rface Port-channel32 tchport trunk encapsulation dot1q tchport trunk native vlan 4 tchport mode trunk

#sh run int po 31 ng configuration... di


rface Port-channel31 tchport trunk encapsulation dot1q tchport trunk native vlan 4 tchport mode trunk

links are in native VLAN 4. As alst is forwarded untagged to from switch

forwards it to its native VLAN 1 to rou2

ging the native VLAN between switches DSW2 andSW2 solves the problem.



Al

duringother p

_____ ________________________________________

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________



_____________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________


_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


La_____________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

b 2-2: Key Commands and Tools Used _____________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________


L

Activity Objective nteresting part of module 2, you would like to experiment on this ers, each of them having a link to both switches CSW1 and CSW2,

and ywantmovithe swwill b

P

C

Impl

Inforo accomplish in this activity. Read it carefully.

ents common to all devices in the network, along with information specific to each device.

ImMakeyour lab 3 witches you use for this task before

501 and 51, and switch CSW1. Start by configuring switch CSW1 to Connect to routers R1 and R2, and create an interface for VLAN

51. C

ab 2-3: Implement Private VLANs Complete this lab activity to practice what you learned in the related module.

As private VLANs were an ifeature. The lab has two rout

ou think that it would be interesting to use them to try the isolated VLAN. As you do not to keep your routers isolated for the next labs, this feature will have to be removed when ng to lab 3-1. So make sure that you saved before this optional task, and that you reboot

itches you use for this task before moving to next lab. After completing this activity, you e able to meet these objectives:

lan a segmented private VLANs implementation.

reate a private VLANs implementation and verification plan.

ement private VLANs.

mation Packet This packet contains the information needed tThe Information Packet describes the requirem

plementation Policy sure you saved your configuration before moving to this step. As you do not want to keep routers isolated for the next labs, private VLANs will have to be removed when moving to -1. Be sure to save before this optional task, and reboot the s

moving to next lab.

For this task, use VLANs support VLAN 501 and 51.

onfigure a static IP address for each router using the table below:

Device name Interface IP address VLAN

R1 10.1.51.1/24 51 F0/0.51

R2 F0/1 10.1.51.2/24 51

VerifCSW

Verify that both routers can ping each other from their VLAN 51 interface.

Once this poi , conv to isolated, using V e primary VLAN. ur configuration ful, routers R1 and e able to ping each other anymore.

You may want to use the Hint section of the lab to verify which steps are involved in this conficonfi 1 and R2 without saving the configu

y that switch CSW1 link to router R2 is enabled, and in VLAN 51. Verify that switch 1 trunk to router R1 allows VLAN 51.

nt is verified ert VLAN 51 LAN 501 as th If yo is success R2 should not b

guration. The end of the lab guide contains the solution for this task. Once your guration is working, reboot switch CSW1 and routers R

ration.

Network Diagram


Visual Objective for Lab 2-3: Configure Private VLANs


88 Implementing C H) v1.0 isco Switched Networks (SWITC © 2009 Cisco Systems, Inc.




Command Description

inter ernet | gigab slot/port

Enters interfac ode for a Cisco Catalyst switch with a Fast Eth interface installed.

face fastethitethernet

e configuration mernet or Gigabit Ethernet

interfastegigabslot/endin

ngface range thernet | itethernet

Selects a ra

starting_port - g_port


name Specifies a name for a VLAN for either VLAN database or VLAN uration mode.

vlan-name config

no in n-id type

Disables a VLAN interface. terface vlan vla

priva vlan-list

Specifies whicVLAN.

te-vlan association h secondary VLANs are associated to the primary

priva e . te-vlan isolated Configures th current VLAN as an isolated VLAN

priva primary Configures the current VLAN as a primary VLAN. te-vlan

show id sw

sinterface interface-itchport

Displays the witch port configuration of the interface.

show s the trinterface trunk Display unk configuration of the interface.

show s VLANvlan Display information.

show s the VTP cvtp status Show onfiguration.

shutd orown/no shutdown Shuts down enables an interface.

switcvlan-

Specifies the default VLAN, which is used if the interface stops ing.

hport access vlanid trunk

switc cess Puts the interfa e and negotiates to c

hport mode ac ce into permanent nontrunking modonvert the link into a nontrunk link.

switc Puts the interfa negotiates to convert the link

hport mode trunk ce into permanent trunking mode and into a trunk link.

switc off DTPhport nonegotiate Turns negotiation.

switcvlan

thehport trunk allowed remove vlan-list

Configures list of VLANs allowed on the trunk.

switcencap

802.hport trunk sulation dot1q

Specifies 1Q encapsulation on the trunk link.

switcencap

Specifies ISL encapsulation on the trunk link. hport trunk sulation isl

interface interface-id changroupdesir

Unconditionall gP). mod ating state in

inter er interfaces by gP

nt

nel-group channel--number mode

Desirable which the

able sending PAgroup in either enabled, sile

y enables Port Aggregation Protocol (PAe places an interface into a negotiface initiates negotiations with othpackets. A channel is formed with another port the desirable or auto mode. When desirable is operation is the default.

show inter

Displays interfrunning-config face interface-id

ace-specific configuration information.



b Aids These are t

Value Location


Blank im plementation plan form Task 2

Blank verific Task 3 ation plan form

Debrief altern End of this lab ate solutions form




Solution c Configuration sectio b guide onfiguration answer key n at the end of the la


T

confifollowInforimpleeach


gure each device (for example, for example devices involved, role, etc.). Use the ing table, the initial lab visual objective, the Implementation Policy and Devices

mation to create an Implementation Requirement list. Include the high-level mentation tasks needed for each device and how to obtain the information required for task. If you are unsure, use the hints information provided at the end of this lab.



Ta

configimporthe codetermmove tPackeinform

sk 2: Create an Implementation and Verification Plan The second step in your configuration deployment is to create a task list of each item to

ure on each device and in what order. The Implementation and Verification Plan is very tant, because it enables you to ensure that all requirements are properly configured and in rrect order. The task will help you setup configuration checkpoints. Use the plan to ine how you will verify that each required item was effectively configured. You will o the actual implementation in the next task. Use the following table and the Information

t to create the Implementation and Verification Plan. If you are unsure, use the hints ation provided at the end of this lab.

Complete √





Complete √






to consolutiospecificonfigconfigconfigensureabout


nect to the remote lab and implement your solution. Do not forget to save! Once your n is implemented, verify your configuration is working and fulfills the requirements ed by the company. Keep in mind that once you leave the company, they will use your uration as a whitepaper to implement their network. The company will apply your uration, without modification, to connect any device of the same type as the one you ured for each port. Use the previous table to document the verifications you conducted to that your solution is complete. Hints are available at the end of this lab if you are unsure the verification steps.



___

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____


_______________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________


A

durinother

____ _________________________________________

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____



_____________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________


L______________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____


_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

© 2009 Cisco Systems, I idnc. Lab Gu e 99


contai

Lab 2-3 Hint Sheet: Imple



nts Yo


ment private VLANs




CSW1 Create VLAN 51 and 501 Implementation Policy

L Implementation PolicAllows V ANs 51 and 501 on trunks to R1 y

Set link to R2 to VLAN 51 Implementation Policy

N d Implementation PolicSet VLA 501 as primary and 51 as isolate y

R1 Configure ation Policsubinterface to CSW1 in VLAN 51 Implement y

R2 Configure Implementation Polic interface to CSW1 in VLAN 51 y

Implementation and VerificIn task 2, you will ssible cAn exam of the I

ation Plan create an implementation plan. There are several po

mplementation and Verification Plan follows. orrect solutions.

ple

Complete √


Values and items to implement Verification method and expected results

Step-by-step No

1 CSW1 1 Create VLAN 51. Show vlan.

2 Create VLAN 501. Show vlan. 1

A 51R

o R1.

3 llow VLAN1.

on the trunk link to Show run interface t 2

4 C re link to R2 as access mode, VLAN 51.

Show run interface to R2.

3 onfigu

After R1 and Rc gured suc51 to be isolated.

w private vlan. 8 2 links are cessfully, set VLAN

Shoonfi

7

9 Set VLAN 501 to be primarmapped to VLA

w private vlan. y, ShoN 51.

7

R1 5 Configure subi e on link to R1 to be 10.1.51.1/24.

Show ip interface brief.nterfac 4

R2 C igure link t10.1.51.2/24.

brief.6 onf o CSW1 to be Show ip interface 5

P R1 interfa d succeed. 7 ing ce 10.1.51.1. Ping shoul 6

10 Try to ping R1 8 interface 10.1.51.1. Ping should fail.

CSW1, R1, R2

11 R without seload aving. Show run. 9

100 Implementing H) v1.0 © 2009 Cisco Systems, Inc. Cisco Switched Networks (SWITC

StSt switch CSW1:

.

Create vlan 51 using: vlan 51.

Step 2

Interface f0/11 Switchport trunk allowed vlan add 51

InteSwitSwit

InteEncaIp a

Step 5 Configur rface to be 10.1.51.2/24:

Ip ad .255.0 No s

Step 6 Try to pin successful:

Send Echos to 10.1.51.1, timeout is 2 seconds: !!!!Succ

pr pr 51 vlan nam pr

Step 8 Try to pin ail:

Type ce to abort. Send 0.1.51.1, timeout is 2 seconds: ....Succ

Step 9 Revert your configuration to a state prior to task 4: reboot routers R1, R2, and switch CSW1 without s

ep-by-Step Procedure ep 1 Create VLANs 51 and 501 on


Access CSW1 console.



Create vlan 501, using: vlan 501.

Allow VLAN 51 support on the trunk links to router R1:

Step 3 Set CSW1 link to router R2 f0/1 to VLAN 51:

rface f0/12 chport mode access chport access vlan 51

No shutdown

Step 4 Configure R1 interface to be 10.1.51.1/24:

rface f0/0.51 psulation dot1q 51 ddress 10.1.51.1 255.255.255.0

e router R2 f0/1 inte

Interface f0/1 dress 10.1.51.2 255.255

hutdown

g from router R1 to router R2 or back, ping should be

ing 10.1.51.1 R2#p Type e abort. scape sequence to

ing 5, 100-byte ICMP!

percent (5/5) ess rate is 100

e VLAN 501 and 51Step 7 Configur to be primary and isolated respectively, on all the involved switches:

vlan 501 ivate-vlan primary ate-vlan association iv

51 e TestIsolated

n isolated ivate-vla

g from router R1 to router R2 or back, ping should f

R2#ping 10.1.51.1

escape sequening 5, 100-byte ICMP Echos to 1. s rate is 0 percent (0/5) es

aving the configuration.


Laimplem

Activity Objatting about spanning tree with a friend at the cafeteria, and the eard your conversation. She selected you to make a presentation

about you wfor thidiffereand imthe dethis ac

De

Cr

Im

b 3-1: Implement Multiple Spanning Tree Complete this lab activity to reinforce your understanding of Spanning Tree Protocol

entation from the course.

ective Congratulations! You were chhead of the local University h

spanning tree, and to demonstrate on live equipment, in front of a large audience, how ould configure the various modes of spanning tree. You decide that preparing a little bit s presentation could be useful, and that you would use your pod to walk through the nt steps involved and the various spanning tree modes. In this activity, you will design plement Multiple Spanning Tree Protocol (MSTP) in Layer 2 topology. As you complete

sign, you will connect to your remote lab to implement your solution. After completing tivity, you will be able to meet these objectives:

sign a spanning tree.

eate a spanning tree implementation plan.

plement a spanning tree according to implementation plan.

Create a spanning tree verification plan.

Verify the spanning tree according to the verification plan.

102 Implementing Ci ed Networks (S 09 Cisco Systesco Switch WITCH) v1.0 © 20 ms, Inc.

Ination needed to accomplish in this activity. Read it carefully.

The Ialong

Implementatioigure the functioning of Spanning Tree Protocol (STP) in your

tails the preparation and configuration requirements for all switc

Ic

Before configuring and enabling spanning tree, verify that the Etherchannels configured in

1, between switches DSW1 and ASW2, and between switches DSW2 and ASW1. Link between switch CSW1 and router

root, switch DSW2 must be secondary

Device Information

formation Packet This packet contains the inform

nformation Packet describes the requirements common to all devices in the network, with information specific to each device.

n Policy You will observe and confnetwork. The following list de

hes in the company network. Your configuration must implement all these requirements:

n the lab progression, you should observe the existing STP “random” state, and then onvert your configuration to MSTP.

lab 2-1 have been be configured properly. Enable the EtherChanel links between switches CSW1 and DSW2, between switches CSW2 and DSW

R2 and link between switch CSW2 and router R1 must also be configured, but only on the switch side. The router side is already configured. Only the link between switch DSW1 and switch DSW2 should remain shut.

Switch DSW1 is to be the primary root bridge for odd VLANs, switch DSW2 is to be the primary root bridge for even VLANs. When instances are used, switch DSW1 is root for instance 0 and 1, switch DSW2 is root for instance 2. Instance 1 contains the odd VLANs, instance 2 contains the even VLANs. 1 region is enough for your network.

For all VLANs for which switch DSW1 is primaryroot. For all VLANs for which switch DSW2 is primary root, switch DSW1 must be secondary root.

The Device Information section describes the VLANs and corresponding roots.

The table provides the Layer 3 reachability information specific to each switch in the network:




DSW1 Layer 3 switch 10.1.1.11/24 10.1.1.251 1

DSW2 Layer 3 switch 10.1.1.22/24 10.1.1.252 1

CSW1 Layer 3 switch 10.1.1.111/24 10.1.1.251 1

CSW2 Layer 3 switch 10.1.1.222/24 10.1.1.252 1

R! Router .1.251/24 1 Fa0/0: 10.1

R2 Router Fa0/0: 10.1.1.252/24 1

© 2009 Cisco Systems, I 103 nc. Lab Guide

Links betpossibwill be

ween switches should already be bundled together. The following table shows all le numbering conventions for these link bundles. Note that NOT all of these numbers used:

Device Link to Bundle number should be:

ASW1 1 11 DSW

ASW1 W2 12 DS

ASW2 DSW1 11

ASW2 DSW2 12

DSW1 W1 11 AS

DSW1 W2 12 AS

DSW1 W2 21 To remain s wn DS hutdo

DSW1 CSW1 31

DSW1 CSW2 32

DSW2 ASW1 11

DSW2 ASW2 12

DSW2 DSW1 21 To remain shutdown

DSW2 CSW1 31

DSW2 CSW2 32

CSW1 DSW1 31

CSW1 DSW2 32

CSW1 CSW2 33

CSW2 DSW1 31

CSW2 DSW2 32

CSW2 CSW1 33

VLAN Information

VLAN Root Backup Instance (when needed)

1 W1 DSW2 Instance1 DS

3 W1 DSW2 Instance1 DS

4 DSW2 DSW1 Instance2

11 DSW2 Instance1 DSW1






Network Diagram


Visual Objective for Lab 3-1: Implement Multiple Spanning Tree

Command List The table describes the commands that you will use in this activity.

Command Description

instance instancevlan-range

-id vlan Maps VLANs to an MST instance.

For instance-id, the range is 0 to 4094.

For vlan vlan-range, the range is 1 to 4094.

name name Specifies the configuration name. The name string has a maximum lengt and is case sensitive. h of 32 characters

revision version Specifies the configuration revision number. The range is 0 to 65535.

show Shows your coconfiguration.

pending nfiguration by displaying the pending

show spanning-tree vlan vlan-id

Displays your entries.

show summary Displays your espanning-tree ntries.

spannimst |

Configures spanning-tree mode.

Select pvs

Select mst

Select rap

ng-tree mode {pvst | rapid-pvst}

t to enable PVST+ (802,1D, the default setting).

to enable MSTP (and RSTP).

id-pvst to enable rapid PVST+.

panniconfi

ST cong-tree mst guration

Enters M nfiguration mode.

104 Implementing Ci ems, Inc. sco Switched Networks (SWITCH) v1.0 © 2009 Cisco Syst



b Aids These are t

Value Location

Blank im ation requirements list for MSTP

Task 2 plement

Blank imform fo

plementation and verification plan r MSTP

Task 3

Blank student notes for MSTP Task 4

Implem t hints Hint Section entation requiremen



Solution c Configuration sectio b guide

onfigure answer key n at the end of the la


T by shutting down the

unusswitcdocuseconstate

ask 1: Observing STP Random State In the previous labs, the control of path between switches was ensured

ed ports. In this task, you will start by enabling all links between switches and between hes and routers, except the link between switches DSW1 and DSW2. Then, observe and ment the “random” (default) state of the STP on Cisco switches, documenting root, dary, and paths between switches. Use the following table to document the “random” STP in your pod.

VLAN Root Secondary

1

3

4

11

12

63

64

65

66


Spanniswitchin you

ng Tree calculation will occur the same way for all VLANs allowed on the same es. Use the following table to determine, for each group of VLANs and from each switch r network, which path is used to reach the root:

VLANs Switch Path to root

1, 3, 11 ASW1 , 63, 65

ASW2

DSW1

DSW2

CSW1

CSW2

4, 12, 6 66 ASW1 4,

ASW2

DS 1 W

DSW2

CSW1

CSW2


T

may desigsolutthis gto thedistriYou and 1secon

To he

ask 2: Create an Implementation Requirements List for MST According to the multivendor policy in the University, a set of switches from another vendor

be implemented in the University network. To prevent compatibility issues, you decide to n and migrate the existing random STP configuration towards Multiple-instance STP ion. This model will save CPU cycle by preventing per VLAN STP processing. To achieve oal, you have to mark the main requirements for the smooth migration to MST according constraints in the Information Packet. You need to decide on the number of instances, the bution of VLANs among instances, and the role of each switch in this new architecture. have to list the main requirements, e.g. DSW1 will be primary root switch for instances 0 and secondary for instance 2. The opposite with DSW2 – to be primary for instance 2 and dary for instances 0 and 1.

lp you, use the following table to report each switch role in the new architecture:

Device Device role MSTP instance VLANs


Once the objectirequirlab gu

MST switch roles are clear in your mind, use the following table, the initial lab visual ve, the implementation policy and devices information to create your implementation

ement list. If you are unsure, you can use the hints information provided at the end of the ide.

Device High level task Information source

110 Implementing co Switched Ne orks (SWITC ) v1.0 © 2009 Cisco Sy Inc. Cis tw H stems,

T

verifiwhicthe oimplefromVerifithis la

ask 3: Create Implementation and Verification Plan It is very important to establish a task list of the needed configurations and the possible

cations for every configuration change. It must be a detailed step-by-step list. The order in h each change should be applied is critical, since a successful implementation depends on rder. With the help of this list you can define configuration checkpoints. The actual mentation will be conducted in the next lab. Use the following table and the information

the Information Packet and the previous tasks to prepare your Implementation and cation plan. If you are unsure, you can use the hints information provided at the end of b.

Complete √





Complete √





Complete √





Complete √





Tplanned the implementation, you are ready

to cosolutspecicondyou a

ask 4: Implement and Verify Now that you have all of the requirements and have

nnect to the remote lab and implement your solution. Do not forget to save! Once your ion is implemented, verify your configuration is working and fulfills the requirements fied in the Information Packet. Use the previous table to document the verifications you ucted to ensure that your solution is complete. Hints are available at the end of this lab if re unsure about the verification steps.


Ste to document the details that you think are important to remember.

____

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

udent Notes Use the following spac

______________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________


_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


Al

duringother p

_____ ________________________________________

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______



_____________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________


_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


La_____________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________


____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

120 Implementing co Switched Networks ( 1.0 © 2009 Cisco Systems, Inc. Cis SWITCH) v

Hu are encouraged to complete the labs using your knowledge. If you need a tip, this section

conta

Lab 3-1 Hint Sh

Spthe following configuration. The actual configuration in

“random configuration” depends on the actual physical switc

ints Yo

ins a series of hints to help you complete the lab.

eet: Implement Multiple Spanning Tree

anning Tree Random State In a random state, STP could show your pod may be different, as the

hes that you are using.

VLAN Root Secondary

1 DSW2 CSW1

3 CSW1 DSW2

4 CSW1 DSW2

11 CSW1 DSW2

12 CSW1 DSW2

63 CSW1 DSW2

64 CSW1 DSW2

65 CSW1 DSW2

66 CSW1 DSW2

If the state of Spanning Tree” is as described in the above table, the path to root could be as follows:

“random

VLAN Switch Path to root

1, 3, 1 , 65 ASW1 Fa 0/1 1, 63

ASW2 Fa 0/2

DSW1 Po 31

D Po 32 SW2

CSW1 N/A

Po 33 CSW2

4, 12, 64, 66 ASW1 Fa 0/1

ASW2 Fa 0/2

DSW1 Po 31

DSW2 Po 32

CSW1 N/A

CSW2 Po 33


Step-Ste face in configuration mode.

.

Step 2 Enabl

Step 3 Repeat the

Step 4 Verify spa ample, on DSW2:

Root Hello Max Fwd

VLAN0 32 2 20 15 Fa0/5 VLAN0 32 2 20 15 Fa0/5 VLAN0VLAN0VLAN0VLAN0VLAN0VLAN0VLAN0

Design a MST SoThe fiInform

by-Step Procedure p 1 Connect to DSW1 switch inter





e previously shut ports:

DSW1(config)#interface range FastEthernet0/3 - 4 DSW1(config-if)# no shutdown

same process on switches DSW2, CSW1 and CSW2.

nning-tree root status on all switches. For ex

DSW2#sho spanning-tree root

Vlan Root ID Cost Time Age Dly Root Port -------------- ------------------ --------- ----- --- --- ------------

001 24577 001f.2721.8680 3 24579 001f.2721.8680 00

004 24580 001f.2721.8600 0 2 20 15 011 24587 001f.2721.8680 32 2 20 15 Fa0/5 012 24588 001f.2721.8600 0 2 20 15 063 24639 001f.2721.8680 32 2 20 15 Fa0/5 064 24640 001f.2721.8600 0 2 20 15 065 24641 001f.2721.8680 32 2 20 15 Fa0/5 066 24642 001f.2721.8600 0 2 20 15

lution for an L2 Network rst task is to decide which device has which role in which instance. Roles, as per the ation Packet, are as follows:

Device Device role MSTP instance VLANs

DSW1 primary root 0

primary root 1 1,3,11,63,65

secondary root 2 4,12,64,66

DSW 4,12,64,66 2 primary root 2

s ondary 0 ec root

ondary 1 sec root 1,3,11,63,65


Imour network, the first task asks you to create an

Impleimple

plementation Requirements To facilitate the configuration of y

mentation Requirements list. The list details the elements needed to develop an mentation plan. The following is an example of such a list:


Distribswitch

T conftances

entation po tion ution es

MSins

iguration – region 1, 0,1 and 2

Implem licy sec

Distribswitch

a mentation poution es

Primary nd secondary root bridges Imple licy section

Distribution switch

isw

n poles

VLAN dbridge s

tribution between the root itches

Implementatio icy section

All switch

Implementation policy section es

MST

All switches

fication Implementation policy section Veri


Device High level task Information source

DSW1 ion – region1, etwork Diagram, DMST configurat instance 1 N esign and Implementation Requirements

MST configuration – region1, instance 2 Network Diagram, D ntation Requirements

esign and Impleme

MST insta1,3,11,63,65

lemnce 1 assign odd VLANs - Design and Imp entation Requirements

MST insta4,12,64,6

Implemnce 2 assign even VLANs - 6

Design and entation Requirements

MST prim Implemary root for instance 1 Design and entation Requirements

MST seco nstance 2 Design and Implementation Requirements ndary root for i

DSW2 MST con ork Diagram, Direments

figuration – region1, instance 1 NetwRequ

esign and Implementation

MST con Diagram, Dfiguration – region1, instance 2 Network esign and Implementation Requirements

tanc1,3,11,63,65 MST ins e 1 assign odd VLANs - Design and Implementation Requirements

MST insta4,12,64,66

lemnce 2 assign even VLANs - Design and Imp entation Requirements

MST prim Implemary root for instance 2 Design and entation Requirements

MST seco tance 1 Design and Implementation Requirements ndary root for ins

ASW1 MST con0,1 and 2

Implemfiguration – region1, instances


MST instanc1,3,11,63

gn and Implementatioe 1 assign odd VLANs - ,65

Desi n Requirements

MST insta4,12,64,6

nd Implemnce 2 assign even VLANs - 6

Design a entation Requirements

ASW2 n0,1 and 2

plemMST co figuration – region1, instances

Design and Im entation Requirements

MST insta1,3,11,63

Implemnce 1 assign odd VLANs - ,65


MST instanc4,12,64,6

Implementatioe 2 assign even VLANs - 6

Design and n Requirements

CSW1 MST con on1, instances 2

Design and Implementation Requirements figuration – regi0,1 and

MST insta odd VLANs - 1,3,11,63,

Design and Implementation Requirements nce 1 assign65

MST insta4,12,64,6

Implemnce 2 assign even VLANs - 6


CSW2 MST con0,1 and 2

Implemfiguration – region1, instances


sta63

plemMST in1,3,11,

nce 1 assign odd VLANs - ,65

Design and Im entation Requirements

MST instanc even VLANs - 4,12,64,6

Design and Implementation Requirements e 2 assign6

Comment [A1]: This table doesn’t not have a title or lead-in.

124 Implementing co Switched Ne IT 1.0 © 2009 Cisco Systems, ICis tworks (SW CH) v nc.

Imn. There are several possible correct solutions.

One appliuniqu

plementation and Verification Plan In task 2, you will create an implementation pla

possible approach groups items that are common to all switches in a template and then es the template to all switches. You can then configure each switch with items that are e to each device. An example of the Implementation and Verification Plan follows.

Complete √




1. nding. DSW1 1 Mst instance Show pe

2 ign VLANs 1instance 1.

Show pending. Ass ,3,11,63,65 to

3 Mst instance 2. Show pending.

assign VLANs 4,instance 2.

4 12,64,66 to Show pending.

Change stp mo w spanning-tree. 5 de to mst. Sho

Primary root for tree 6 instances 0-1. Show spanning-root.

Secondary root for 7 instance 2. Show spanning-tree root.

DSW2 Mst instance 1. 8 Show pending.

9 Assign VLANs 1,3,11,63,65 to instance 1.

Show pending.

Mst instance 2. 10 Show pending.

Assign VLANs 4instance 2.

Show pending. 11 ,12,64,66 to

2 Change stp mo e. 1 de to mst. Show spanning-tre

13 Primary root for Show spanning-tree root.

instance 2.

4 Secondary root for 1.

Show spanning-tree 1 instances 0-root.

ASW1 16 Mst instance 1. Show pending.

7 Assign VLANs 1instance 1.

g. 1 ,3,11,63,65 to Show pendin

Mst instance 2. 18 Show pending.

19 Assign VLANs 4,12,64,66 to instance 2.

Show pending.

20 Change stp mo mst. Show spanning-tree. de to

ASW2 Mst instance 1. how pending. 21 S


2 ,3,11,63,65 to Show pending.

Mst instance 2. Show pending. 23


Show pending. 2 ,12,64,66 to

25 Change stp mo Show spanning-tree. de to mst.

CSW1 Mst instance 1. g. 26 Show pendin


Complete √




27 Assign VLANs 1,3,11,63,65 to instance 1.

Show pending.

28 Mst instance 2. Show pending.

assign VLANs 4,instance 2.

how pending. 29 12,64,66 to S

Change stp mod e. 30 e to mst. Show spanning-tre

CSW2 31 Mst instance 1. Show pending.


. 32 ,3,11,63,65 to Show pending

33 Mst instance 2. w pending. Sho


34 ,12,64,66 to Show pending.

Change stp mod how spanning-tree. 35 e to mst. S

Step-by-Step Proc dure Step 1 Enter MST configuration mode on switch DSW1:

DSW1(c ig)# span g-tree mst configuration

Step 2 Configure region name:

region1

DSW1(

Step 4 Put VLAN

1 vlan 1, 3, 11, 63, 65

Step 5 Put VLAN

nce 2 vlan 4, 12, 64, 66

Step 6 Show pendin

Name Revis

----- ---- 0

----- ---------------------------- DSW1(

Step 7 Change th

DSW1(

Step 8 Configure spanning-tree ro switch DSW1:

DSW1(

Step 9 Configure

DSW1( ary

e

onf nin

DSW1(config-mst)# name

Step 3 Configure revision:

config-mst)# revision 1

s 1,3,11,63 and 65 in instance 1:

DSW1(config-mst)# instance

s 4,12,64 and 66 in instance 2:

DSW1(config-mst)# insta

g to check the configuration:

config-mst)#sho pending DSW1(Pending MST configuration

[] ion 1 Instances configured 3

Instance Vlans mapped

--- -------------------------------------------------------- 2,5-10,13-62,67-4094

1 1,3,11,63,65 2 4,12,64,66

-------------------------------------config-mst)#

e stp mode to MST on switch DSW1:

config)# spanning-tree mode mst

ot primary for instance 0 and for instance 1 on

config)# spanning-tree mst 0-1 root primary

switch DWS1: spanning-tree root secondary for instance 2 on

oot secondconfig)# spanning-tree mst 2 r


Step 10 Verify spanning-tree root status:

DSW1#sho spanning-tree root oot Hello Max Fwd MST ----MST0MST1MST2

Step 11 Repeat st

Configur

primary

DSW2(c

Step 14 Verify sp

Cost Time Age Dly Root Port - --------- ----- --- --- ---------

MST0 0 2 20 15 Fa0/5 MST1 00000 2 20 15 Fa0/5 MST2

Step 15 Repeat st

Step 16 Repeat st

Step 17 Repeat st

Step 19 Verify spanning-tree root – repeat step 10.

1:

List ------------------

MST2 Po32

em : 1

RInstance Root ID Cost Time Age Dly Root Port ------------ ------------------ --------- ----- --- --- --------- 24576 001f.2721.8680 0 2 20 15 24577 001f.2721.8680 0 2 20 15 24578 001f.2721.8600 200000 2 20 15 Fa0/5

eps 1 to 7 on switch DSW2:

Step 12

D

e spanning-tree root primary for instance 2 on switch DWS2:

SW2(config)# spanning-tree mst 2 root

Step 13 Configure spanning-tree root secondary for instance 0 and for instance 1 on switch DSW2:

onfig)# spanning-tree mst 0-1 root secondary

anning-tree root status:


Root Hello Max Fwd MST Instance Root ID ---------------- -----------------

24576 001f.2721.8680 24577 001f.2721.8680 2

24578 001f.2721.8600 0 2 20 15

eps 1 to 7 on switch �SW1.

eps 1 to 7 on switch �SW2.

eps 1 to 7 on switch CSW1.

Step 18 Repeat steps 1 to 7 on switch CSW2.

Step 20 Verify spanning-tree blocked ports on switch DSW

DSW1#sho spanning-tree blockedports Name Blocked Interfaces-------------------- ------------------

Number of blocked ports (segments) in the syst

Step 21 Repeat step 21 on all the rest switches.

© 2009 Cisco Syst Lab Guide 127 ems, Inc.

Lang Tree Protocol

implem

Activity Obj configuration was a success. You are asked to give another ST+. Here again, you decide that preparing a little bit for this

presensteps iPlus (Premoteadaptepresen

De

Cr

Im

an

Informati this activity. Read it carefully.

The rk,

Imtion to PVRST+. The following list details the preparation and

configimplem

Be channels enabled in lab 3-1 are still enabled. You need full and redundant connectivity for this lab. Only the link

d switch DSW2 must remain shut.

he primary root bridge for odd VLANs, switch DSW2 is to be the pri

Foro is primary root, switch DSW1 must be secondary root.

b 3-2: Implement PVRST+ Complete this lab activity to reinforce your understanding of Spanni

entation from the course.

ective Congratulations! Your MSTPpresentation focusing on PVR

tation could be useful, and that you would use your pod to walk through the different nvolved. In this activity, you will design and implement Per VLAN Rapid Spanning Tree VRST+) in Layer 2 topology. As you complete the design, you will connect to your lab to implement your solution. At the end of the lab, you will keep this solution best d to this lab environment. You will then have all the steps required to perform your live tation. After completing this activity, you will be able to meet these objectives:

sign a spanning tree

eate a spanning tree implementation plan

plement a spanning tree according to implementation plan

Create a spanning tree verification pl

Verify the spanning tree according to the verification plan

on Packet This packet contains the information needed to accomplish in

Information Packet describes the requirements common to all devices in the netwoalong with information specific to each device.

plementation Policy You will migrate your configura

uration requirements for all switches in the company network. Your configuration must ent all these requirements:

fore configuring and enabling spanning tree, verify that the Ether

between switch DSW1 an

Switch DSW1 is to be tmary root bridge for even VLANs.

r all VLANs for which switch DSW1 is primary root, switch DSW2 must be secondary ot. For all VLANs for which switch DSW2

The Device Information section describes the VLANs and corresponding roots.

128 Implementing ched Ne ITCH) v1.0 © 2009 Cisco Systems, Inc. Cisco Swit tworks (SW

Deve Layer 3 reachability information specific to each switch in the network:

ice Information The table provides th


ASW1 2 ac itch 10.1.1.1/24 51 1 Layer cess sw 10.1.1.2


DSW1 Layer 3 switch 10.1.1.11/24 10.1.1.251 1

DSW2 Layer 3 switch 10.1.1.22/24 10.1.1.252 1

CSW Layer 3 sw 0.1.1.111/24 251 1 1 itch 1 10.1.1.

CSW2 Layer 3 switch 10.1.1.222/24 10.1.1.252 1

R! Router a0/0: 10.1.1.251/24 1 F

R2 Router Fa0/0: 10.1.1.252/24 1

Links between switches sh ready be bundled toge s all possi umbering conve these link bundles. N num rs need used:

ould be alntions for

ther. The following table showote that NOT all of theseble n be

to be

Device Link to Bundle number should be:

ASW1 DSW1 11

ASW1 12 DSW2

ASW2 DSW1 11

ASW2 DSW2 12

DSW SW1 11 1 A

DSW SW2 12 1 A

DSW1 SW2 21 To remain down D shut

DSW1 W1 31 CS

DSW SW2 32 1 C

DSW2 ASW1 11

DSW2 ASW2 12

DSW2 DSW1 21 To remain shutdown

DSW2 CSW1 31

DSW2 CSW2 32

CSW SW1 31 1 D

CSW SW2 32 1 D

CSW SW2 33 1 C

CSW2 DSW1 31

CSW2 DSW2 32

CSW2 CSW1 33

VLAN Information

VLAN Root Backup

1 DSW1 DSW2

3 DSW1 DSW2

4 DSW2 DSW1

11 DSW1 DSW2

12 DSW2 DSW1

63 DSW1 DSW2

64 DSW2 DSW1

65 DSW1 DSW2

66 DSW2 DSW1

Network Diagram

© 2009

Visual Objective for Lab 3-2: Implement PVRST+

Cisco Systems, Inc. All rights reserved. SWITCH v1.0—18



Ce commands that you will use in this activity.


Command Description

name Specifies the c . The name string has a maximum lengt rs and is case sensitive.

name onfiguration nameh of 32 characte

show Shows your coconfiguration.

pending nfiguration by displaying the pending

show vlan-

Displays your spanning-tree vlanid

entries.

show s your entriespanning-tree summary Displays .

spannmst |

spanni

s efault setting).

t to enable MSTP (and RSTP).

ing-tree mode {pvst | rapid-pvst}

Configures ng-tree mode.

Select pv

Select ms

t to enable PVST+ (802,1D, the d

Select rapid-pvst to enable rapid PVST+

spanniroot primary [diameter net-diameter [hello-time seconds]]

Configures

mber of

(Optionasecmess 1 to 10; the default is 2.

ng-tree vlan vlan-id a switch to become the root for the specified VLAN.

For vlan-id, you can specify a single VLAN identified by VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma. The range is 1 to 4094.

(Optional)nurange

For diameter net-diameter, specify the maximum switches between any two-end stations. The

is 2 to 7.

l) For hello-time seconds, specify the interval in onds between the generation of configuration

ages by the root switch. The range is

spanning-tree vlan vlan-id root secondary [diameter net-diameter [hello-time seconds]]

Configuresspecifie

For vlan-id, you can specify a single VLAN identified by

rang

(Optiona eter, specify the maximum number of switches between any two end stations. The

nal) , specify the interval in

def

a switch to become the secondary root for the d VLAN.

VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma. The

e is 1 to 4094.

l) For diameter net-diam

range is 2

(Optioseconmessages

to 7.

For hello-time secondsds between the generation of configuration

by the root switch. The range is 1 to 10; the ault is 2.



b Aids These are t

Value Location

Blank im ation requirements list for PVRST

Task 1 plement+

Blank imform fo

plementation and verification plan r PVRST+

Task 2

Blank student notes Task 3

Implem nts Hint Section entation requirement hi



Solution configure answer key Configuration section at the end of the lab guide


TM

rk properly, but you like the idea of enhancing the efficiencygoal befordocuInfor

ask 1: Create an Implementation Requirements List for igration to PVRST+

Your MST configuration should wo of the convergence in case of a link failure. An efficient technology to achieve this

is to use PVRST+. This is why you want to migrate your network from MST to PVRST+ e presenting this solution during your next conference. Here again, you need to decide and ment which switch should be root for which VLAN. Use the following table and the mation Packet:

VLAN Root Secondary

1

3

4

11

12

63

64

65

66


At this point, your lab network has a functioning MST implementation and you are ready to migratdetailegather the en

e it to PVRST+. You have to make a list with the requirements in order to prepare a d implementation and verification plan in the next task. Use the Information Packet to the needed information. If you are unsure, you can use the hints information provided at

d of the lab guide.


134 Implementing co Switche tworks (SWITCH) v1.0 © 2009 Cisco Systems, Inc. Cis d Ne



TaSo

most important step in the planning process. Based on the information from the InformatVerifiprogredocumat the

sk 2: Create an Implementation and Verification Plan for your lution

This is theion Packet and the previous tasks, you must prepare a step-by-step Implementation and

cation plan. The task will help you setup configuration checkpoints to verify your ss. Use the plan to verify each item in the implementation. Use the following table to ent your steps in the correct order. If you are unsure, use the hints information provided

end of this lab.

Complete √





Complete √





Complete √





Complete √






to conthis PV

Once yrequirements specified in the Information Packet. Use the previous table to document the verificend of


nect to the remote lab and implement your solution. Do not forget to save! You will keep RST+ configuration and use it for the subsequent labs.

our solution is implemented, verify your configuration is working and fulfills the

ations you conducted to ensure that your solution is complete. Hints are available at the this lab if you are unsure about the verification steps.



___

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____


_______________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________


A

durinother

____ _________________________________________

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____



_____________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________


L______________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____


_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________



contai


De may be as follows:

nts Yo


ment PVRST+

sign a PVRST+ Solution for an L2 Network When migrating from MSTP to PVRST+, the device role

Device Device role VLANs primary VLANs secondary

DSW1 STP root 1,3,11,63,65 4,12,64,66

DSW2 STP root 4,12,64,66 1,3,11,63,65

Implementation R ents To faci configura networ asks you to create an Implem irem list det s needed to develop an

is an example of such a list:

equiremlitate the entation Requ

tion of yourents list. The

k, the first taskails the element

implementation plan. The following


All switches

Change stp from mst to rapid-pvst. Implementation policy section

Distribution switches

Primary and secondary root bridge. Implementation policy section

Distribuswitche

N distrbridge swi

ntation poliction VLAs

ibution between the root Implemetches.

y section

All switche

ation. Implementation policy section s

Verific


DSW1 -tree mode Design and Implementation Requirements Spanning rapid-pvst

DSW1 -tree d Network Diagram, DesiRequirements

SpanningVLANs

primary root for od gn and Implementation

DSW1 Spanning-tree secondary root for even VLANs

Network Diagram, Design and Implementation Requirements

DSW2 g-tree mode Design and ImplemSpannin rapid-pvst entation Requirements

DSW2 g en

Network Diagram, ements

Spannin -tree primary root for evVLANs

Design and Implementation Requir

DSW2 ng-tree

iagram, Dnts

SpanniVLANs

secondary root for odd Network DRequireme


ASW1 Spanning rapid-pvst Design and Implem nts -tree mode entation Requireme

ASW2 ng emSpanni -tree mode rapid-pvst Design and Impl entation Requirements

CSW1 Spanning-tree mode rapid-pvst Design and Implem nts entation Requireme

CSW2 ng and ImplemSpanni -tree mode rapid-pvst Design entation Requirements


Imn. There are several possible correct solutions.

One appliuniqu

plementation and Verification Plan In task 2, you will create an implementation pla

possible approach groups items that are common to all switches in a template and then es the template to all switches. You can then configure each switch with items that are e to each device. An example of the Implementation and Verification Plan follows.

Complete √




mvst

g-tree. DSW1 1 Spanning-treep

ode rapid- Show spannin

spanning-tree vl1,3,11,63,65 roo

ro2 an t primary

Show spanning-tree ot.

3 spanning-tree vlan 4,12,64,66 root

Show spanning-tree vlan . secondary

4 No spanning-treconfiguration

e mst Show run.

DSW2 5 Spanning-tree mpvst

. ode rapid- Show spanning-tree

6 spanning-tree vl4,12,64,66 root

g-tree roan primary

Show spannin ot.

spanning-tree vl1,3,11,63,65 roosecondary

vl7 an t

Show spanning-tree an .


e mst Show run.

ASW1 9 Spanning-tree mpvst

ning-tree. ode rapid- Show span


e mst Show run.

ASW2 11 Spanning-tree mpvst

g-tree. ode rapid- Show spannin

No spanning-treconfiguration

12 e mst Show run.

CSW1 13 Spanning-tree modpvst

g-tree. e rapid- Show spannin


w run. e mst Sho

CSW2 15 Spanning-tree m pid-pvst

Show spanning-tree. ode ra


e mst Show run.


Step-Ste o PVRST+ on switch DSW1:

Step 2 Configure SW1:

DSW1(

DSW1(

Step 6 Configure

12,64,66 root primary

LANs 1, 3, 63 and 65 on switch DSW2:

Step 8 Repeat ste

Step 10 Repeat ste


ot Hello Max Fwd Vlan Root ID Cost Time Age Dly Root Port

--- ----- --- --- --------- 0 2 20 15

2 20 15 2 20 15 Fa0/5

VLAN001 0 2 20 15 VLAN0 19 2 20 15 Fa0/5 VLAN0 0 2 20 15 VLAN0VLAN0VLAN0DSW1#

Step 14 Repeat ste

by-Step Procedure p 1 Change STP mode from MST t

DSW1(config)# spanning-tree mode rapid-pvst

spanning-tree root primary for VLANs 1, 3, 63 and 65 on switch D

DSW1(config)# spanning-tree vlan 1,3,11,63,65 root primary

Step 3 Configure spanning-tree root secondary for VLANs 4, 12, 64 and 66 on switch DSW1:

config)# spanning-tree vlan 4,12,64,66 root secondary

Step 4 Remove MST configuration on switch DSW1:

config)# no spanning-tree mst configuration

Step 5 Repeat step 1 on switch DSW2:

spanning-tree root primary for VLANs 4, 12, 64 and 66 on switch DSW2:

DSW2(config)# spanning-tree vlan 4,

Step 7 Configure spanning-tree root secondary for V

DSW2(config)# spanning-tree vlan 1,3,11,63,65 root secondary

p 4 on switch DSW2.

Step 9 Repeat steps 1 and 4 on switch ASW1.


Step 11 Repeat steps 1 and 4 on switch CSW1.

Step 12 Repeat steps 1 and 4 on switch CSW2.

Step 13 Verify spanning-tree root on switch DSW1:

Ro

---------------- ------------------ ------VLAN0001 24577 001f.2721.8680 VLAN0003 24579 001f.2721.8680 0VLAN0004 24580 001f.2721.8600 19

1 24587 001f.2721.8680 012 24588 001f.2721.8600

24639 001f.2721.8680 063 064 24640 001f.2721.8600 19 2 20 15 Fa0/5 065 24641 001f.2721.8680 0 2 20 15 066 24642 001f.2721.8600 19 2 20 15 Fa0/5

p 13 on all switches.

L

Activity Objective yze, locate, and fix STP problems on your network caused by rror. You should prepare a troubleshooting plan which will guide

you slearne

D

I

recommendations.

Visual Obj

ab 3-3: Troubleshooting Spanning Tree Issues Complete this lab activity to practice what you learned in the related module.

In this activity, you will analmisconfiguration or design e

tep-by-step in your efforts. You should be able to quickly fix the network using the skills d in this module. After completing this activity, you will be able to meet these objectives:

evelop a work plan to troubleshoot configuration and security issues, related to the STP.

solate the causes of the problems.

Correct all of the identified Spanning Tree issues.

Document and report the troubleshooting findings and

ective The figure illustrates what needs to be accomplished in this activity.

© 20

tive for Lab 3-3: Troubleshooting ee Issues

Visual ObjecSpanning Tr

09 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—19



Co commands that are used in this activity.


mmand List The table describes the

Command Description

config Enters global config rom privileged EXEC mode, ure terminal uration mode f

enable ssword Enters the privile ommand interpreter. password pa ged EXEC mode c

inter| gigaslot/

ers interfacee

face fastethernet Entbitethernet port

with a Fast Eth configuration mode for a Cisco Catalyst switch rnet or Gigabit Ethernet interface installed.

spannienable

ng-tree bpdufilter

Enables BPDU filtering on an interface.

spannienable

les BPSU guard feature on an interface.. ng-tree bpduguard Enab

show sblocke

rtspanning-tree dports

Shows the po that are blocked by the spanning tree algorithm.

exit rrenExits the cu t mode.

Job Aids These jo o help you complete the lab activity.

Trou ets

Troubleshooting Log

Trouble Tickshort period of time. During your absence, your junior

network. The IT manager asked him to improve the behavior d as a result you saw a lot of error messages in the

logs of yo You are asked by the management to quickly correct the situation, as the network is very slow.

Trouble TickYour aswitchis to idDSW1 er paths.

b aids are available t

ble Tick

et A: Switch Optimization Gone Wrong You have been on a vacation for a colleague managed the switchedof the network. He made some changes an

ur switches on your arrival back.

Your task is to diagnose the issues and restore normal network operation.

et B: Unstable STP ssistant reports that ports are in an err-disabled state and that the link between the root es is down. The STP shows that no VLANs are blocked on the root switches. Your task entify the misconfigured item(s) and solve the issue(s) to recover connectivity between and DSW2 and ensure that the STP algorithm is enabling the prop


Inm the troubleshooting tickets, this troubleshooting lab contains two types of

issue

T involves error messages on several switches in the lab.

them. Together with your team members, create a troubleshooting plan to divide the work, assign memhelp troub

As difor thinstru

Oncetime indic

structions As you can see fro

s:

icket one

Ticket two involves problems with switch interfaces in error-disabled state.

Each ticket involves several switches, so the whole team has to work together to solve each of

each team member appropriate roles and coordinate device access between the team bers. Document your progress in the “Troubleshooting Log” provided below in order to facilitate efficient communication within the team and to have an overview of your leshooting process for reference during the lab debrief discussions.

fferent teams work at different speeds, this lab’s tickets are separated. To prepare the lab is exercise ask your instructor how you should initiate Trouble Ticket A. After the ctor indicates that the lab is fully prepared, you are ready to start troubleshooting.

you fix ticket A, ask your instructor if time is left for you to move on to the next ticket. If allows, ask your instructor how you should initiate Trouble Ticket B. After the instructor ates that the lab is fully prepared, you are ready to start troubleshooting.


Tr and results during the troubleshooting process.

oubleshooting Log Use this log to document your actions

Trouble Ticket

Actions and results


Trouble Ticket

Actions and results


Trouble Ticket

Actions and results


Trouble Ticket

Actions and results


Acn you attain the results below.

Trouble Ticket A: he L3 switches you can see no more error log entries generated.

Verify the STP status is the same as the end of Lab 3-1.

Trouble

opriate links are up.

tivity Verification You have completed this lab whe

Verify that on t

Verify that on the L2 switches you do not have ports in err-disabled state.

Ticket B: Verify the STP is blocking the correct VLANs on the root switches.

Verify the appr

Verif yy ou do not have ports in err-disabled state.

Tse and

resol

icket A: Sample Troubleshooting Flow The following pages illustrate an example of a method that you could follow to diagno

ve ticket A.


DSW1#show logg*Mar 6 18:10:41.823: %SW_MATM-4-MACFLAP_NOTIF: Host 0015.f904.bb2f in vlan 1 is flapping between port Po35 and port Fa0/5*Mar 6 18:10:41.823: %SW_MATM-4-MACFLAP_NOTIF: Host 0022.9042.2700 in vlan 1 is flapping between port Po35 and port Fa0/5

DSW2#show logg*Mar 6 18:10:41.823: %SW_MATM-4-MACFLAP_NOTIF: Host 0015.f904.bb2f in vlan 1 is flapping between port Po45 and port Fa0/5*Mar 6 18:10:41.823: %SW_MATM-4-MACFLAP_NOTIF: Host 0022.9042.2700 in vlan 1 is flapping between port Po45 and port Fa0/5

CSW1#show logg*Mar 6 18:10:41.823: %SW_MATM-4-MACFLAP_NOTIF: Host 0015.f904.bb2f in vlan 1 is flapping between port Po45 and port Po35*Mar 6 18:10:41.823: %SW_MATM-4-MACFLAP_NOTIF: Host 0022.9042.2700 in vlan 1 is flapping between port Po45 and port Po35

Key Clue: Error Logs on DSW1, DSW2 and CSW1

You have information for error log messages on your switches DSW1, DSW2 and CSW1.

natural first task is to access these devices and view the error messages.

an see that the error messages on the three switches are the same, regarding a flapping

The

You cMAC address of a host on EtherChannels and physical interfaces.

Reve

You and Dconnection between them. After this examination, you find out you have a switching loop.

A sw

The next

rt to the diagram, determine what links participate in these PortChannels and interfaces.

find out that the EtherChannels connect the Core switch CSW1 with the switches DSW1 SW2. You, also find out that the interfaces Fa 0/5 on both Distribution switches are the

itching loop is related to the functioning of the STP, in our case – PVRST+.

logical step is to check the PVRST+ on the affected interfaces.



DSW1#show spanning-tree interface port-channel 31

Vlan Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- ------------------------

VLAN0001 Desg FWD 12 128.296 P2p


VLAN0004 Root FWD 12 128.296 P2p







Key Clue: Observe STP on Suspicious Ports




You ca

You seinte

Proceed to the next switch.

n verify the STP state for the affected interfaces, e.g. Po31 and Fa0/5, on DSW1.

e that the STP state for interface Po31 looks normal, but the information returned for rface Fa0/5 is more confusing. The same strange information appears on CSW2 Po33.





DSW2#sho spanning-tree interface FastEthernet 0/5

Vlan Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------










DSW2#


You

He

Your next logical step is to analyze the interface Fa0/5, as its state looks different from the others.

check the STP state for the affected interfaces, e.g. Po31 and Fa0/5, on DSW2.

re the situation is the same as it is on DSW1.



DSW1#sho spanning-tree interface FastEthernet 0/5 detail

Port 7 (FastEthernet0/5) of VLAN0001 is designated forwarding

Port path cost 19, Port priority 128, Port Identifier 128.7.

Designated root has priority 24577, address 001f.2721.8680

Designated bridge has priority 24577, address 001f.2721.8680

Designated port id is 128.7, designated path cost 0

Timers: message age 0, forward delay 0, hold 0

Number of transitions to forwarding state: 1

Link type is point-to-point by default

Bpdu filter is enabled

BPDU: sent 260, received 9


You ch

DSW1 Por Po Designated root has priority 24577, address 001f.2721.8680 Designated bridge has priority 24577, address 001f.2721.8680 D T N L B B

You

Sinceinterf

ecked the STP for the interface Fa0/5 on DSW1.

#sho spanning-tree interface FastEthernet 0/5 detail t 7 (FastEthernet0/5) of VLAN0001 is designated forwarding rt path cost 19, Port priority 128, Port Identifier 128.7.

esignated port id is 128.7, designated path cost 0 imers: message age 0, forward delay 0, hold 0 umber of transitions to forwarding state: 1 ink type is point-to-point by default pdu filter is enabled PDU: sent 260, received 9

see that on interface Fa0/5 you have the bpdu filter feature enabled!

this is a feature that relates to access ports, preventing the BPDUs, and is a trunk ace, you understand that this is a problem.



Key Clue: Check Why DSW2 Don’t Receive BPDU from DSW1

Check t

DSW1#inter span

You found a wrong configuration issue regarding STP security feature.

he configuration of the interface Fa0/5 on DSW1 to verify you have hit the problem:

show run interface fastEthernet 0/5 face fastEthernet 0/5 ning-tree bpdufilter enable



DSW1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

DSW1(config)#interface fastEthernet 0/5

DSW1(config-if)#no spanning-tree bpdufilter enable

Key Clue: Configure DSW1

You have to correct the configuration:

#conf t r configuration commands, one per line. End with CNTL/Z. (config)#interface fastEthernet 0/5

DSW1EnteDSW1DSW1(config-if)#no spanning-tree bpdufilter enable



Key Clue: Check DSW1

The s

Veri

DSW1#Vlan Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- ------------------- VLAN0VLAN000VLAN0004 Root FWD 19 128.7 P2p VLAN0VLAN001VLAN0VLAN0VLAN0VLAN0

Additi ssages in thei

ame issue appears on CSW2 Po33 link. Resolve it the same way.

fy the STP is back to normal and you have corrected the problem:

sho spanning-tree interface FastEthernet 0/5

001 Desg FWD 19 128.7 P2p 3 Desg FWD 19 128.7 P2p

011 Desg FWD 19 128.7 P2p 2 Root FWD 19 128.7 P2p

063 Desg FWD 19 128.7 P2p 064 Root FWD 19 128.7 P2p 065 Desg FWD 19 128.7 P2p 066 Root FWD 19 128.7 P2p

onally, you can go to the switches again and check that there are no new error mer logs.



Key Clue: Check DSW1

Verify i

DSW1 Por P Designated root has priority 24577, address 001f.2721.8680 Designated bridge has priority 24577, address 001f.2721.8680 D T N L B

Addiin the

f the STP state shows that the bpdu filter feature is not enabled anymore:

#sho spanning-tree interface FastEthernet 0/5 detail t 7 (FastEthernet0/5) of VLAN0001 is designated forwarding ort path cost 19, Port priority 128, Port Identifier 128.7.

esignated port id is 128.7, designated path cost 0 imers: message age 0, forward delay 0, hold 0 umber of transitions to forwarding state: 1 ink type is point-to-point by default PDU: sent 284, received 12

tionally, you can go to the switches again and check that there are no new error messages ir logs.



Al

duringother p

____ _____________________________________________

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________



_________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________


_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

Ti to diagnose and

resolv

cket B: Sample Troubleshooting Flow The following pages illustrate an example of a method that you could follow

e ticket B.


Key Clue: STP on DSW1

You c

On DSW1

DSW1#Name -------------------- ------------------------------------ Number of blocked ports (segments) in the system : 0 DSW1#FastE Hardware is Fast Ethernet, address is 001f.2721.8687 (bia 001f.2721.8687) MTU Enc Kee Aut inp.

heck the reported switches for the blocked port and the STP status.

you find that Fa0/5 is in err-disabled state and that the STP is not blocking VLANs:

sh spanning-tree blockedports Blocked Interfaces List

sho int fa 0/5 thernet0/5 is down, line protocol is down (err-disabled)

1500 bytes, BW 10000 Kbit, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255 apsulation ARPA, loopback not set palive set (10 sec) o-duplex, Auto-speed, media type is 10/100BaseTX ut flow-control is off, output flow-control is unsupported



Key Clue: STP on DSW2

You find a similar situation on DSW2. Port Fa0/5 is in state notconnect and the STP is not ing VLANs, as expected:

#sho spanning-tree blockedports Blocked Interfaces List

block

DSW2Name-------------------- ------------------------------------ Number of blocked ports (segments) in the system : 0 DSW2Fast Ha is 001f.2721.8607 (bia 001f.2721.8607) MTU 150 5

You

You t place to look

#sho int fa 0/5 Ethernet0/5 is down, line protocol is down (notconnect) rdware is Fast Ethernet, address

0 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/25

have a problem with the STP. It is not blocking VLANs as expected.

find out that you need more information to hit the problem. The most natural firsis the log.



Key Clue: Logs on DSW1

The log on DSW1 clearly shows you the problem – a security spanning-tree feature, in our case duguard has put the Fa0/5 in err-disabled state, as BPDUs appeared on this interface.

it is normal to have BPDUs sent and received on this interface, you check the

the bp

Since configuration of this interface.



Key Clue: Check Fa0/5 on CSW1

Your

DSW1BuilCurr! interface FastEthernet0/5 swi swi swi spaend

You rt.

You

The n rmine if this is the p

check of interface Fa0/5 shows the following:

#sho run int Fa0/5 ding configuration... ent configuration : 175 bytes

tchport trunk encapsulation dot1q tchport trunk allowed vlan 1,3,4,11,12,63-66 tchport mode trunk nning-tree bpduguard enable

find the bpdu guard feature configured on a trunk po

found a problem.

ext steps involve correction of the mistaken configuration and tests to deteroblem.



Key Clue: Disable STP bpduguard Fa0/5 on CSW1

Ma

DSW1#EnterDSW1(DSW1(config-if)#no spanning-tree bpduguard enable DSW1(config-if)#shut DSW1(DSW1(

Check erface:

DSW1#FastE Har 1.8687)

Verify he correct VLANs are being blocked to be sure that you ha

ke the needed configuration change:

conf t configuration commands, one per line. End with CNTL/Z. config)#int Fa0/5

config-if)#no shut config-if)#exit

the status of the int

sho int Fa0/5 thernet0/5 is up, line protocol is up (connected) dware is Fast Ethernet, address is 001f.2721.8687 (bia 001f.272

the status of the STP and determine tve fixed the right problem.



Key Clue: Check STP

The c

DSW1Name----VLAN0004 Po31 VLAN0012 Po31 VLANVLANNumb 4 DSW2Name----VLANVLANVLANVLANVLANNumb

As th

hecks are successful:

#sho spanning-tree blockedports Blocked Interfaces List ---------------- ------------------------------------

0064 Po31 0066 Po31 er of blocked ports (segments) in the system : #sho spanning-tree blockedports Blocked Interfaces List ---------------- ------------------------------------ 0001 Po32 0003 Po32 0011 Po32 0063 Po32 0065 Po32 er of blocked ports (segments) in the system : 5

e verification has been successful you have to document your findings.



Al

duringother p

_____ ________________________________________

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________



_____________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________


_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


La_____________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________


____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________


LVLA

Activity Objective ntinues to grow the demands for expansion, better convergence and ager to ask you for a solution for the migration towards a Layer 3

Core impleoperaEIGRLayefor yimpleobject

D

C

C -step implementation and verification plan.

ng and routing protocols.

ab 4-1: Implement Inter-VLAN Routing Complete this lab activity to confirm your knowledge from the course on the topics of inter-

N routing and routing protocols.

As the corporate network coreliability drove your IT man

and Distribution design. He insisted on using dynamic routing protocol, to ease the mentation of new networks, thus reducing the possibility of mistakes and risks of tion failures. The specifications given to you from the IT manager clearly state the use of P as routing protocol and implementation of separate networks on the links between the

r 3 switches. The distribution switches must become the new gateways and DHCP servers our access layer. Once the design is complete, you will connect to your remote lab to ment your solution. After completing this activity, you will be able to meet these ives:

esign an L3 network.

reate an implementation requirements list.

reate a step-by

Implement and verify Inter-VLAN routi



The Inalong

ImplementationVLAN routing and a routing protocol in your network. The

ing preparation and routing configuration requirements for all switchrequir

Co

Co ces between switches DSW1 and DSW2 to become L3 links. Enable this li

s for data VLANs on both distribution switches according to the

Change management VLAN on Access switches from VLAN 1 to first data VLAN (VLAN

ces

CLT2 must obtain their IP address



Policy You have to configure inter-following list details regard

es in the company network. Your configuration must implement all of these ements:

nfigure all interfaces between the Distribution and Core switches to become L3 links.

nfigure the interfank.

Configure the links between the core switches and the routers to become L3.

Use the networks from the table provided below for the L3 links.

Setup SVI interfaceinformation provided in the Device Information section.

3 or VLAN 4 depending on devices). You need to create an SVI for this VLAN. The IP addresses for your switches will change. For example, if your device VLAN 1 IP address was in 10.1.1.0/24, VLAN 1 will no longer have an IP address, and VLAN 3 IP address will be in 10.1.3.0/24. Apply this rule to all of your devices. Refer to the DeviInformation section to know which IP address should be used on which switch.

Remove the management VLAN 1 IP address on Distribution switches, as you can manage them via any routed interface or SVI.

Switches DSW1 and DSW2 will be default gateways for the clients and the access switches. Switch DSW1 will be the default gateway for switches ASW1 and CLT1, switch DSW2 will be the default gateway for switch ASW2 and client CLT2.

Configure DHCP services on switches DSW1 and DSW2 for networks 10.1.3.0/24 and 10.1.4.0/24. Switch DSW1 must allocate addresses 50 to 99 and DSW2 must allocate addresses 100 to 149 for each scope. Clients CLT 1 andfrom switch DSW1 or switch DSW2.

Remove DHCP service and sub-interfaces from routers R1 and R2.

Configure EIGRP AS 10 on the Core and Distribution switches and the Routers.

Execute the Verification plan to ensure IP connectivity.

178 Implementing Cis d Netw TCH) v1.0 © 2009 Cisco Systems, Inc. co Switche orks (SWI

Devnformation specific to the devices in the network. These subnets use

a /31reser

ices Information The table provides the L3 i

(255.255.255.254) mask, using RFC 3021 specifications. Notice that this type of mask is ved for point-to-point links, which is the case here:

Device name L3 interface IP address

DSW1 10.1.253.0/31 Po 31

DSW1 10.1.253.2/31 Po 32

DSW1 P3 10.1.253.4/31

DSW2 Po 31 10.1.253.6/31

DSW2 Po 32 10.1.253.8/31

DSW2 P3 10.1.253.5/31

CSW1 Po 31 10.1.253.1/31

CSW1 Po 32 10.1.253.9/31

CSW1 Po 33 10.1.253.10/31

CSW1 P1 10.1.253.12/31

CSW1 P2 10.1.253.14/31

CSW2 Po 31 10.1.253.7/31

CSW2 Po 32 10.1.253.3/31

CSW2 Po 33 10.1.253.11/31

CSW2 P1 10.1.253.16/31

CSW2 P2 10.1.253.18/31

R1 P1 10.1.253.13/31

R1 P2 10.1.253.19/31

R2 P1 10.1.253.17/31

R2 P2 10.1.253.15/31

This tab ovides IP addressing information regarding the ches: le pr SVI interfaces on the swit

Device SVI IP address

ASW1 VLAN 3 10.1.3.10/24

ASW2 VLAN 4 10.1.4.20/24

DS VLAN 3 10.1.3.1/24 W1

DSW1 VLAN 4 10.1.4.1/24

DSW2 VLAN 3 10.1.3.2/24

DSW2 VLAN 4 10.1.4.2/24

Network Diagram


Visual Objective for Lab 4-1: Implementing Inter-VLAN Routing


180 Implementing 0 Cisco Switched Networks (SWITCH) v1. © 2009 Cisco Systems, Inc.



Command Description

chan hannel-group-n de {auto [non-[non-pass

Assigns the po p, and specify the PAgP or the LACP mode.

de, sele

to—Enab e is detected. It the rt re

desiport into neg

on—Forc

grouthe on mod

modcapThe sana to operate, to attach h

activdetin wsen

passipasLAC not start LACP pac

nel-group cumber mo

silent] | desirable silent] | on} | {active | ive}

For mo

auplacesthe postart

rt to a channel grou

ct one of these keywords:

les PAgP only if a PAgP devicport into a passive negotiating state, in which

sponds to PAgP packets it receives but does not PAgP packet negotiation.

rable—Unconditionally enables PAgP. It places the an active negotiating state, in which the port starts

otiations with other ports by sending PAgP packets.

es the port to channel without PAgP or LACP. In the on mode, an EtherChannel exists only when a port

p in the on mode is connected to another port group in e.

non-silent—(Optional) Configure the switch port for nonsilent operation when the port is in the auto or desirable

e, if your switch is connected to a partner that is PAgP able,. If you do not specify non-silent, silent is assumed.

ilent setting is for connections to file servers or packet lyzers. This setting allows PAgP

t e port to a channel group, and to use the port for transmission.

e—Enables LACP only if a LACP device is ected. It places the port into an active negotiating state hich the port starts negotiations with other ports by ding LACP packets.

ve—Enables LACP on the port and places it into a sive negotiating state in which the port responds to P packets that it receives, but does

ket negotiation.

default-router address [address2 ... address8]

(Optional) DHCP cl

The s the client.

routersthe mospreferre

Specifies the IP address of the default router for a ient.

IP address should be on the same subnet a

One IP address is required; however, you can specify a up to eight IP addresses in one command line. These default

are listed in order of preference; that is, address is t preferred router, address2 is the next most d router, and so on.

doma he din-name domain Specifies t omain name for the client.

config al c from privileged EXEC mode. ure terminal Enters glob onfiguration mode

enable password password Enters the privileged EXEC mode command interpreter.

interface interface-id Specify a physical port, and enter interface configuration mode.

interface port-channel port-channel-number

Specify the pconfiguratio

ort-channel logical interface, and enter interface n mode.

ip address ip-address mask

Assigns an IP address and subnet mask to the EtherChannel.

ip rou Enables IP routing ting.

© 2009 Cisco Systems, Inc Lab Guide 181 .

Command Description

ip dhcp excluded-address low-aaddre

Specifies the IP addresses that the DHCP server should not CPddress [high-

ss] assign to DH clients.

ip dh

reates a name for the DHCP server address pool and enters DHCP pool configuration mode.

cp pool name C

lease[minutes]| infinite}

ptional) Speci

The default is a one-day lease.

The infinite is unlimited.

{days [hours] (O fies the duration of the lease.

keyword specifies that the duration of the lease

network network-number [mask | /prefix-length]

Specifies the subnet network number and mask of the DHCP address pool.

network mber Associates ting process. EIGRP to network-nu sends updates

networks with an EIGRP routhe interfaces in the specified networks.

no au isab-level routesto-summary (Optional) D

into networkles automatic summarization of subnet routes

.

no ip hat the address Ensures tport.

re is no IP address assigned to the physical

no sw Places the interfitchport ace into Layer 3 mode.

router eigrpsyste

Enables an EIG ter configuration mode. Tother EIGRP rou

autonomous-m number

RP routing process, and enter rouhe AS number identifies the routes to

ters and tags routing information.

show ethchanndetai

Shows your entrieserchannel el-group-number l

.

show hich iP relip eigrp interface Displays w

about EIGRnterfaces EIGRP is active on and information ating to those interfaces.

show ip protocols Shows your entries.

show lays the cur le. ip route Disp rent state of the routing tab


Value Location

Blank Ta design requirements list sk 1

Blank ents list Ta implementation requirem sk 2

Blank implementation and verification plan form Task 3


Debri lab ef alternate solutions form End of this


Impleme Hint Section ntation hints

Verifica Hint Section tion hints

Solution nfiguration sectio d of the lab guide configure answer key Co n at the en


Tthe network. You have to decide on

the Inthe cchang

ask 1: Create a Layer 3 Design You have to create your design for the migration to L3 in

ter-VLAN routing and on the use of EIGRP as a routing protocol. You have to consider hanges in the links between the Core and Distribution switches, the changes in DHCP, the es in VTP. Use the table below to create the expected design.

Complete √

Device SVI interfaces L3 interfaces Is the device a DHCP server?

EIGRP AS No (if applicable)


TaIn

n, it is time to create a list in which you will document the requiremobjectirequirlab gu

sk 2: Create an Implementation Requirement List for ter-VLAN Routing

After you have decided on a desigents for the successful implementation. Use the following table, the initial lab visual

ve, the implementation policy, and device information to create your implementation ement list. If you are unsure, you can use the hints information provided at the end of the ide.


184 Implementing co Switched Ne rks (SWITC ) v1.0 © 2009 Cisco Sy Inc. Cis two H stems,

T

on eabecauorderyou wimplethe Imat the

ask 3: Create an Implementation and Verification Plan The next step in your configuration deployment is to create a task list of each item to configure

ch device and in what order. The Implementation and Verification Plan is very important, se it enables you to ensure that all requirements are properly configured and in the correct . The task will help you setup configuration checkpoints. Use the plan to determine how ill verify that each required item was effectively configured. You will move to the actual mentation in the next task. Use the following table and the Information Packet to create plementation and Verification Plan. If you are unsure, use the hints information provided end of this lab.

Complete √

Device Implementation order





to consolutiospecifconduyou ar


nect to the remote lab and implement your solution. Do not forget to save! Once your n is implemented, verify your configuration is working and fulfills the requirements

ied in the Information Packet. Use the previous table to document the verifications you cted to ensure that your solution is complete. Hints are available at the end of this lab if e unsure about the verification steps.



___

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____


_______________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________


A

durinother

____ _________________________________________

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____



_____________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________


L______________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____


_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________



contai


La

nts Yo


ment Inter-VLAN Routing

yer 3 Design

Complete √

Device SVI interfaces

L3 interfaces Is device a DHCP server

EIGRP AS No (if applicable)

3 No ASW1 VLAN No No

ASW2 VLAN 4 No No No

DSW1 s 3,4, 2, P3 Yes, 10.1.3.0/24 and 10.1.4.0/24

AS VLAN Po31, Po3 10

DSW2 VLANs 3,4, Po31, Po32, P3 Yes, 10.1.3.0/24 and 10.1.4.0/24

AS 10

CSW1 No Po31, Po32, Po33, No AS 10 P1, P2

CSW2 No Po31, Po32, Po33, P1, P2

No AS 10

R1 No P1, P2 No AS 10

R2 P2 AS No P1, No 10


Imour network, the first task asks you to create an

Impleimple

plementation Requirements To facilitate the configuration of y

mentation Requirements list. The list details the elements needed to develop an mentation plan. The following is an example of such a list:


Distrib ore switch

L3 links betwCore switch

ation policy ution and Ces

een the Distribution and es.

Implement section

Distrib ws.

olicyution switches L3 links betswitche

een the Distribution Implementation p section

Core s s betw tion policywitches L3 link een the Core switches. Implementa section

Core srouters

s betwand routers

tion policywitches and L3 link een the Core switches .

Implementa section

Distrib SVI interfac policyution switches es. Implementation section

Accesswitch

nge ma policys and Distribution es

Cha nagement VLAN. Implementation section

Distrib serve Implementation policyution switches DHCP r. section

Distribution and Core switch

Enable IP routing. Implementation policy section es

Distribswitches

EIGRPs. Implementation policy section ution Core, and routers

All switc ation. Implementation policyhes and routers Verific section



ASW1 Network Diagram, Duirements

Change management VLAN. esign and Implementation Req

ASW1 Change default gateway. Network Diagram, entation Requirements

Design and Implem

ASW2 Change management VLAN. Network Diagram, Design and Implementation Requirements

ASW2 Change default gateway. Network Diagram, Design and Implementation Requirements

DSW1 bwit

Network Diagram, Requirements

L3 linksCore s

etween the Distribution and ches.

Design and Implementation

DSW1 L3 links between the Distribution s.

Network Diagram, D ntation switche Requirements

esign and Impleme

DSW1 SVI interf Network Diagram, entation ents

aces. Design and ImplemRequirem

DSW1 Diagram, Requirements

Change management VLAN. Network Design and Implementation

DSW1 e Network Diagram, Requirements

DHCP s rver. Design and Implementation

DSW1 IP ork Diagram, uirements Enable routing. Netw

ReqDesign and Implementation

DSW1 EIGRP. Network Diagram, DRequirements


DSW2 L3 links between the Distribution and Core switches.

Network Diagram, entation Design and ImplemRequirements

DSW2 L3 links between the Distribution switches.

Network Diagram, entation Design and ImplemRequirements

DSW2 SVI interfaces. Network Diagram, Design and Implementation Requirements

DSW2 Change management VLAN. Network Diagram, Design and Implementation Requirements

DSW2 DHCP server. Network Diagram, Design and Implementation Requirements

DSW2 Enable IP routing. Network Diagram, Design and Implementation Requirements

DSW2 EIGRP. Network Diagram, entation Design and ImplemRequirements

CSW1 s betCore switches.

work Diagram, Requirements

L3 link ween the Distribution and Net Design and Implementation

CSW1 b itches. Network Diagram, Requirements

L3 links etween the Core sw Design and Implementation

CSW1 s bet es and .

Network Diagram, Requirements

L3 linkrouters

ween the Core switch Design and Implementation

CSW1 Enable IP routing. Network Diagram, DRequirements


CSW1 EIGRP. Network Diagram, entation

Design and ImplemRequirements

Comment [A2]: This table needs an intro or label.



CSW2 L3 links between the Distribution and Core switches.


CSW2 L3 links itches. between the Core sw Network Diagram, entation Design and ImplemRequirements

CSW2 L3 links between the Core switches and routers .


CSW2 Enable IP routing. Network Diagram, Design and Implementation Requirements

CSW2 EIGRP. Network Diagram, Design and Implementation Requirements

R1 L3 links between the Core switches and .

Network Diagram, ntation Requirements routers

Design and Impleme

R1 EIGRP. Network Diagram, entation Design and ImplemRequirements

R2 L3 links between the Core switches and routers .


R2 EIGRP. Network Diagram, Design and Implementation Requirements

Comment [A2]: This table needs an intro or label.


Impn and Verification Plan. There are several possible

correctemplaitems follow

lementation and Verification Plan In this task, you will create an Implementatio

t solutions. One possible approach groups items that are common to all switches in a te and then applies the template to all switches. You can then configure each switch with

that are unique to each device. An example of the Implementation and Verification Plan s.

Complete √

Device Imple-mentation order


DSW1 1

-channel XX

chport

ip address

interface range f

no switchport

up X mode on

Show interface port-chainterface port

no swit

ast

channel-gro X

nnel

DSW2 2

interface port-channel XX

no switchport

ip address

interface range fast

no switchport

channel-group XX mode on

Show interface port-channel

CSW1 3

erface port-channel XX

switchport

ip address

interface range f

no switchport

channel-group XX

Show interface port-channel int

no

ast

mode on

CSW2 4

interface port-channel XX

no switchport

ip address

interface range fast

no switchport

channel-group XX mode on

Show interface port-channel


Complete √



R1 5 interface Fa 0/X

ip address

Show interface fa 0/x

R1 No interface f0/ Show IP interface brief 6 0.Y

R2 7 interface Fa 0/X

ip address

Show interface fa 0/x

R2 8 No interface f0/0.Y Show IP interface brief

DSW1 9 interface vlan

ip address

Show interface vlan xx XX

DSW2 10 interface vlan XX

ip address

Show interface vlan xx

ASW1 11 interface vlan

ip address

Show interface vlan 3 3

ASW2 12 interface vlan 4

ip address

Show interface vlan 4

ASW1 default-gateway 13 ip

ASW2 14 ip default-gateway

DSW1 terface vlan

ddress

Show interface vlan 1 15

in

no ip a

1

DSW2 16 interface vlan 1

no ip address

Show interface vlan 1

DSW1 17

p excluded-addres10.1.3.1 10.1.3

5

ip dhcp pool vl

network 10.15.255.255.0

default-route

ip dhcp exclud10.1.4.1 10.1.410.1.4.100 to 2

ip dhcp pool vlan4

network 10.1255.255.255.0

default-route

p binding ip dhc s Sh ip dhc.49, then 100 to

25

an3

.3.0 25

r 10.1.3.1

ed-address .49, then 55

.4.0

r 10.1.4.1

© 2009 Cisco Systems, In Lab Guide c. 197

Complete √



DSW2 18

excluded-address 10.1.3.1 10.1.3.99, then 150 to 255

ip dhcp pool vla

network 10.1.3.0 255.255.255.0

default-router

ip dhcp exclude10.1.4.1 10.1.4.99, then 150 to 255

hcp pool vla

network 10.1.255.255.255.0

default-router

Sh ip dhcp binding ip dhcp

n3

10.1.3.2

d-address

ip d n4

4.0

10.1.4.2

DSW1 19 ip routing Sh ip route

DSW2 20 ip routing Sh ip route

CSW1 21 ip routing Sh ip route

CSW2 22 ip routing Sh ip route

DSW1 23

router eigrp 10

no auto-summary

network 10.1.0. 0 0.0.255.255

sh ip eigrp interfaces

Sh ip route

DSW2 24

ter eigrp 10

no auto-summary

network 10.1.0.

sh ip eigrp interfaces

sh ip route

rou

0 0.0.255.255

CSW1 25

router eigrp 10

no auto-summary

network 10.1.0.0 0.0.255.255

Sh ip eigrp interfaces

Sh ip route

CSW2 26

grp 10

auto-summary

network 10.1.0.

grp interfaces router ei

no

Sh ip ei

Sh ip route

0 0.0.255.255

R1 27

router eigrp 10

no auto-summary

network 10.1.0.0 0.0.255.255


Sh ip route

R2 28

router eigrp 10

no auto-summa

twork 10.1.0.


Sh ip route ry

ne 0 0.0.255.255


StSt tch interface in configuration mode

.

Step 2 Config

DSW1(cDSW1DSW1DSW1DSW1

Step 3 Configur ce Po32 and

Step 4 Configur

4 255.255.255.254

Step 5 Repeat step 2 on switch DSW2 to configure L3 EtherChannel link to switch CSW2, using interface

Step 6 Configur el link to switch CSW1, using interface: Po32 and

Step 8 link to switch CSW2 (interface Po33, interface

.

Step 13 Repeat step 2 on switch CSW2 to configure L3 link to switch DSW2 (interface Po31, interface

Step 14 W2 to configure L3 link to switch DSW1 (interface Po32, interface

Step 15 gure L3 link to router R2 (interface f0/11) and L3 link to router R1 (interface f0/12).

ep-by-Step Procedure ep 1 Connect to switch DSW1 swi





ure L3 ether channel to switch CSW1 on switch DSW1:

DSW1(config)# interface range Fa 0/1 – 2 DSW1(config-if)# no switchport DSW1(config)# interface Port-channel31

onfig-if)# no switchport (config-if)# ip address 10.1.253.0 255.255.255.254 (config)# interface range Fa 0/1 – 2 (config-if)# channel-group 31 mode on (config-if)# no shutdown

e the same way on switch DSW1 L3 EtherChannel link to switch CSW2, using interfa interface range f0/3 – 4.

e L3 on Fa 0/5 on switch DSW1 to switch DSW2:

DSW1(config)# interface fa 0/5 DSW1(config-if)# no switchport DSW1(config-if)# ip address 10.1.253.

Po31 and interface range f0/1 – 2.

e the same way on switch DSW2 L3 EtherChann interface range f0/3 – 4.

Step 7 Repeat st

Repeat step 2 on switch CSW1 to configure L3 range f0/7 – 10).

ep 4 on switch DSW2 to configure DSW2 f0/5 L3 link to switch DSW1.

Step 9 Repeat step 2 on switch CSW1 to configure L3 link to switch DSW1 (interface Po31, interface range f0/1 – 2).

Step 10 Repeat step 2 on switch CSW1 to configure L3 link to switch DSW2 (interface Po32, interface range f0/3 – 4).

Step 11 Repeat step 4 on switch CSW1 to configure L3 link to router R1 (interface f0/11) and L3 link to router R2 (interface f0/12)

Step 12 Repeat step 2 on switch CSW2 to configure L3 link to switch CSW1 (interface Po33, interface range f0/7 – 10).

range f0/1 – 2).

Repeat step 2 on switch CSrange f0/3 – 4).

Repeat step 4 on switch CSW2 to confi


Step 16 Configure router R1 interfaces to switches CSW1 and CSW2:

R1(config)# interface f0/11 R1(co 255.255.254 R1(coR1(coR1(co .255.254 R1(co

Step 17 Repeat steand CSW1

terface Vlan3 255.0

Step 19 Repeat ste 4.

Step 20 Repeat ste

ASW1(config)# interface Vlan1

Step 22 Change de

ASW1(

Step 23 Repeat ste

Step 24 Verify tha

ile, B - BGP inter area

nal type 2 external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ute

Gatew C C C C D D D 03h, Vlan3 C Ethernet0/5 C rt-channel32 C D D nel31 D

nfig-if)# ip address 10.1.253.13 255.nfig-if)# no shutdown nfig-if)# interface f0/11 nfig-if)# ip address 10.1.253.19 255.255nfig-if)# no shutdown

ps from Repeat step 16 on router R2 to configure its interfaces to switches CSW2 .

Step 18 Configure SVI interface on switch DSW1:

DSW1(config)# inDSW1(config-if)# ip address 10.1.3.1 255.255.DSW1(config-if)# no shutdown

p 18 on switch DSW1 to configure SVI VLAN

p 18 and 19 on switch DSW2.

Step 21 On switch ASW1, move management IP address from VLAN 1 to VLAN 3:

ASW1(config-if)# no ip address ASW1(config-if)# interface Vlan3 ASW1(config-if)# ip address 10.1.3.10 255.255.255.0 ASW1(config-if)# no shutdown

fault gateway on switch ASW1:

config)# ip default-gateway 10.1.3.1


t you have reachability to all subnets. For example, on DSW1:

DSW1#sh ip route Codes: C - connected, S - static, R - RIP, M - mob

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF N1 - OSPF NSSA external type 1, N2 - OSPF NSSA exter

E1 - OSPF external type 1, E2 - OSPF

ia - IS-IS inter area, * - candidate default, U - per-user static ro o - ODR, P - periodic downloaded static route

ay of last resort is not set

10.0.0.0/8 is variably subnetted, 13 subnets, 3 masks 10.1.3.0/24 is directly connected, Vlan3 10.1.4.0/24 is directly connected, Vlan4 10.1.63.0/24 is directly connected, Vlan63 10.1.64.0/24 is directly connected, Vlan64 10.1.253.32/29 [90/18176] via 10.1.253.1, 5d03h, Port-channel31

10.1.253.18/31 [90/33280] via 10.1.253.1, 5d03h, Port-channel31 10.1.253.6/31 [90/15616] via 10.1.4.1, 5d03h, Vlan4

[90/15616] via 10.1.3.2, 5d 10.1.253.4/31 is directly connected, Fast

0.1.253.2/31 is directly connected, Po 1 10.1.253.0/31 is directly connected, Port-channel31

nel31 10.1.253.12/31 [90/30720] via 10.1.253.1, 5d03h, Port-chan 10.1.253.10/31 [90/17920] via 10.1.253.1, 5d03h, Port-chan 10.1.253.8/31 [90/15616] via 10.1.4.1, 5d03h, Vlan4 [90/15616] via 10.1.3.2, 5d03h, Vlan3


Step 25 Configure DHCP server on switch DWS1:

DSW1(config)# ip dhcp excluded-address 10.1.3.1 10.1.3.49 DSW1DSW1DSW1DSW1DSW1DSW1DSW1DSW1DSW1

Step 26 Repeat st 0.1.3.255, and 10.1.

Step 28 Repeat step 26 on switches DWS2, CSW1 and CSW2.

DSW1

and routers R1 and R2.

(config)# ip dhcp excluded-address 10.1.3.100 10.1.3.255 (config)# ip dhcp excluded-address 10.1.4.1 10.1.4.49 (config)# ip dhcp excluded-address 10.1.4.1 100.1.4.255 (config)# ip dhcp pool vlan3 (dhcp-config)# network 10.1.3.0 255.255.255.0 (dhcp-config)# default-router 10.1.3.1 (config)# ip dhcp pool vlan4 (dhcp-config)# network 10.1.4.0 255.255.255.0 (dhcp-config)# default-router 10.1.4.1

ep 24 on switch DWS2, excluding 10.1.3.1 to 10.1.3.99 then 10.1.3.159 to 14.1 to 10.1.4.99 then 10.1.4.159 to 10.1.4.255

Step 27 Enable IP routing on switch DSW1:

DSW1(config)# ip routing

Step 29 Configure EIGRP on switch DSW1:

(config)# router eigrp 10 DSW1(config-router)# no auto-summary DSW1(config-router)# network 10.1.0.0 0.0.255.255

Step 30 Repeat step 28 on switches DWS2, CSW1, CSW2,

La

Activity Objective to analyze, locate and fix Layer 3 problems on your network, r wrong design. After this activity, you will be able to meet these

object

De

Iso of the problems.

Document and report the troubleshooting findings and recommendations.

Visual

b 4-2: Troubleshooting Inter-VLAN Routing Complete this lab activity to practice what you learned in the related module.

In this activity, you will have caused by misconfiguration o

ives:

velop a work plan to troubleshoot configuration and inter-VLAN routing issues.

late the causes

Correct all of the identified routing issues.

Test the fixes made.

Objective The figure illustrates what needs to be accomplished in this activity.

© 2009

ive for Lab 4-2: Troubleshooting outing

Visual ObjectInter-VLAN R







Command Description

conf nal Enters global c from privileged EXEC mode,. igure termi onfiguration mode

enable password the privileged EXEC mode command interpreter. password Enters

routsyst

nable an EIGmo

er eigrp autonomous- E

em number configuration other EIGRP r

RP routing process, and enter router ode. The AS number identifies the routes to uters and tags routing information.

netw watesork network-number Associate net

sends updorks with an EIGRP routing process. EIGRP to the interfaces in the specified networks.

no auto-summary (Optional) Disainto network-lev

ble automatic summarization of subnet routes el routes.

show ur entr ip protocols Verify yo ies.

show Display which iabout EIGRP r ip eigrp interface nterfaces EIGRP is active on and information

elating to those interfaces.

show Display the current state of the routing table. ip route

showinte

Display the trunk configuration of the interface. interfaces rface-id trunk

Job Aids Thes to help you complete the lab activity.

T

Troub

e job aids are available

rouble Tickets

leshooting Log


Tr

collealooks as the your s

Trouble Tick leshoot EIGRP on L3 switch

your inmanagcreateswitch

Trouble TickYou ar ne played with the devices – this is a bad habit in the compa care who is responsible; you just want to fix the problem as the clients do not have connectivity. You check the routers and see that everything

InstructionsAs youissues

Ti subnet.

volves problems with the routing protocol.

nvolves problems with trunk misconfiguration.

Each tthem. ith your team members, create a troubleshooting plan to divide the work, assign each team member appropriate roles and coordinate device access between the team

the lab for this exercise ask your instructor how you should initiate Trouble Ticket A. After the instruc

Once ytime alindica

Repeat

ouble Ticket A: Missing routes on some switches After the lunch break you find out that some end users are not able to connect to R1 or R2. A

gue of yours, who has being playing with network management system in the morning, a bit nervous. He confesses that he has tried to manage the switches. You have to be fast normal operation of the network must be restored. Verify that all routes are visible on all witches.

et B: TroubYou conducted tests regarding EIGRP of the new network. You determine that some switches do not seem to have the same routing table as others. It is a weird situation. To rely on the network you should investigate and find out where you have a problem and what it is. During

vestigations you find out, from the log of the RADIUS server, that your boss, the IT er, logged to several switches and made some reconfigurations. You wonder if this

d the issue. Verify your switches and make sure the routing works properly, and that the es exchange routes.

et C: Disappearing routes and VLANs e again in serious trouble. Someony. At this point, you do not even

on them is normal. Verify that all routes are seen by all switches, and that clients in all VLANs can ping R1 and R2 IP address in all VLANs.

see from the troubleshooting tickets, this troubleshooting lab contains three types of

:

cket one involves lost connectivity problems to a specific

Ticket two in

Ticket three i

icket involves several switches, so the whole team has to work together to solve each of Together w

members. Document your progress in the Troubleshooting Log provided below to help facilitate efficient communication within the team and to have an overview of your troubleshooting process for reference during the lab debrief discussions.

As different teams work at different speeds, this lab’s tickets are separated. To prepare

tor indicates that the lab is fully prepared, you are ready to start troubleshooting.

ou fix ticket A, ask your instructor if time is left for you to move on to the next ticket. If lows, ask your instructor how you should initiate Trouble Ticket B. After the instructor

tes that the lab is fully prepared, you are ready to start troubleshooting.

the same process for ticket C, if time allows.


Ts and results during the troubleshooting process.

roubleshooting Log Use this log to document your action

Trouble Ticket

Actions and results


Trouble Ticket

Actions and results

206 Implementing C sco Switched Ne orks (SWITCH) v1.0 © 2009 Cisco Systems, Inc. i tw

Trouble Ticket

Actions and results


Trouble Ticket

Actions and results


A the results below.

Trouble Ticket A: t CLT1 and Client CLT2 can ping all network devices.

Troub Verify L3 switches have EIGRP adjacencies with witch other.

Tr

ctivity Verification You have completed this lab when you attain

Verify that Clien

le Ticket B:

ouble Ticket C: Verify that Client CLT1 and Client CLT2 can ping all network devices.

Ti to diagnose and

resolv

cket A: Sample Troubleshooting Flow The following pages illustrate an example of a method that you could follow

e ticket A.


Key Clue: DSW1 Routing Configuration

First, yconne

You not alpreviously, the first possibility is eliminated. If you do not have the path to this device, you are also missing the route to it.

These the Core switches and the servers beyon each the distrib

The sawork,

This le stribution L3 switches DSW1 and DSW2.

ou verify that you can successfully ping the gateway. This means that you have ctivity to the gateway, which is the DSW1 switch.

try to ping to a Core switch from CLT1, but you fail. This can mean two things – you are lowed to connect or you do not have path to this device. As you have been able to connect

simple tests lead you to conclude that you do not have connectivity to d them. Most probably, you face a routing problem, as you can r

ution switch DSW3, which is your default gateway.

me situation occurs for connections from CLT2 to DSW2 and CSW2: pings to DSW2 but pings to CSW2 fail.

ads you to check the routing on the Di



Key Clue: DSW1 Routing Configuration (Cont.)

Your troubleshooting work continues on DSW1 and DSW2. The above example shows the display on DSW1, as the steps and work on DSW2 are the same.

ify the routing protocols, configured in the previous lab, and find out the EIGRP is You verworking properly.

Here is the next conclusion—you have a working routing protocol, but you do not have routing.




Your

DSW1#DefauHost ICMP redirect cache is empty

You see

Your c g is not working. As this is a Layer 3 switch, where you can switch go on to configure the ip routing to enable it.

next step is to verify the routes on the switch.

sh ip route lt gateway is not set Gateway Last Use Total Uses Interface

that the routing table is empty!

onclusion is that the routin on and off the routing functionality, you




To fi

DSW1EnteDSW1

The command ip routing enables the Layer 3 functionality on a Layer 3 switch.

x the problem, go into configuration mode and issue the following commands:

#conf t r configuration commands, one per line. End with CNTL/Z. (config)#ip routing




Vericheck t

show ipCodes D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 didate default, U - per-user static route odic downloaded static route Gatew is not set C C C D

Now,

For thethe benetwo the Core switch

fy that your solution is correct and that you have spotted the problem correctly. For this, he routing table again:

route : C - connected, S - static, R - RIP, M - mobile, B - BGP

E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - cano - ODR, P - peri

ay of last resort 10.0.0.0/8 is variably subnetted, 17 subnets, 3 masks 10.1.11.0/24 is directly connected, Vlan11 10.1.3.0/24 is directly connected, Vlan3 10.1.4.0/24 is directly connected, Vlan4 10.1.1.0/24 [90/18176] via 10.1.253.14, 3d21h, Port-channel31 [90/18176] via 10.1.253.10, 3d21h, Port-channel32

everything looks okay on the switch.

next verification, go on the Client CLT1 and carry out the same tests as the ones from the ginning. Try to release and renew the IP address. After successfully acquiring

e ofrk settings, try a ping to the default gateway and after that to connect to ones and a router.



A

durinother

____ _________________________________________

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____



_____________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

Tse and

resol

icket B: Sample Troubleshooting Flow The following pages illustrate an example of a method that you could follow to diagno

ve ticket B.


Key Clue: EIGRP on CSW1 and CSW2

After yo

You check the status of the EIGRP and everything is normal.

The rredun work, you check the Neighbors table on CSW2 and everything is normal.

This ion betwe

The s

u analyzed the preliminary data, your logical next step is to login to CSW1 and check the routing.

Your verification shows that the EIGRP neighbors table is empty.

outing configuration on both CSW1 and CSW2 must be identical, as they provide routing dancy in the net

leads you to the conclusion that there must be differences in the EIGRP configuraten the two Core switches.

ame examination of DSW1 and DSW2 also shows similar differences.



Key Clue: EIGRP Reconfiguration on CSW1

After wrong

CSW1#EnterCSW1(config)#no router eigrp 20 CSW1(config)#router eigrp 10 CSW1(CSW1(CSW1#EIGRP-I bors for process 10 H A erface Hold Uptime SRTT RTO Q Seq EIGRPH A e SRTT RTO Q Seq s) Cnt Num 1 13 12 14 1 0 49 5 1

You fi

Correc

After t

you find the differences in the EIGRP configuration, your next step is to correct the configuration on CSW1:

conf t configuration commands, one per line. End with CNTL/Z.

config-router)#no auto-summary config-router)# network 10.1.0.0 0.0.255.255 show ip eigrp neighbors Pv4:(10) neigh

ddress Int (sec) (ms) Cnt Num -IPv4:(10) neighbors for process 10

Uptimddress Interface Hold (sec) (m0.1.253.0 Po31 13 00:32:44 196 1176 0 283 0.1.253.15 Fa0/11 11 00:32:10 13 200 0 40

2:20 1 200 0 41 0.1.253.17 Fa0/12 14 00:30.1.253.4 Po32 10 00:32:18 1 200 0.1.253.11 Po33 10 00:32:22 1 200 0 49

nd that the EIGRP AS number is incorrect.

t the issue the same way on DSW2.

he correction of the problem, verify the EIGRP is back to normal.



A

durinother

___ ______________________________________________

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____



_________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

Tse and

resol

icket C: Sample Troubleshooting Flow The following pages illustrate an example of a method that you could follow to diagno

ve ticket B.


Key Clue: DSW3 to PC1 Connectivity

You find a problem with CLT1 connectivity. CLT2 has the same issue.

flow shows how to solve CLT1 connectivity issue. CLT 2 connectivity is solved with the same process. This

To exclude deeper network problems, you check the connectivity to CLT1 from DSW1. Again, you have a failure.

Between CLT1 and DSW1 is only the ASW1 switch. So, the logical next step is to verify the links

You figuration on the interface pointing to the ASW1 switch and confirm all VLANs are present.

between these two switches.

check the trunk con



Key Clue: ASW1 Trunk to DSW3

Nextthere.

To finpointing to DSW1.

You fi

When checking ASW2, you find that VLAN 4, which is CLT2 VLAN, is also absent from ASW2

, you concentrate on the ASW1 switch, since the evidence indicates the problem must be

ish the check, started on DSW1, you check the trunk configuration on the interfaces

nd out that VLAN3, which is the VLAN where CLT1 resides, is absent.

trunk to DSW2.



Key Clue: Configure ASW1

To fiDSW2:

ASW1EnteASW1(config)#interface range fastEthernet 0/1 - 2 ASW1(config-if)# switchport trunk allowed vlan add 3

After

ASW1 rfaces fastEthernet 0/1 trunk Port Encapsulation Status Native vlan Fa0/PortFa0/PortFa0/

The s

x the problem, allow the needed VLANs on both interfaces to point to switches DSW1 and

#conf t r configuration commands, one per line. End with CNTL/Z.

the changes are made, verify they are correct:

#show inte Mode 1 on 802.1q trunking 1 Vlans allowed on trunk 1 1-4094 Vlans allowed and active in management domain 1 1-4,11,19,63

ame way, add VLAN 4 to ASW2 trunk to DSW2.



Al

duringother p

____ _____________________________________________

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________



_________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________


_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


La_____________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________


____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________


LR

availability and

Activity Obng a large network often prevent a daily verification of each device y a solution is needed that implements logs from different devices place. In this lab, you will implement such a solution. To achieve

this gTo rebasedyour

D

C

C

ab 5-1: Implementing High Availability and eporting in a Network Design

Complete this lab activity to confirm your knowledge on the topics of highreporting.

jective The dynamics of administeristate and activity. This is whthat are gathered in a single

oal, you will configure your switches to send information to a syslog and a SNMP server. spond to the need of monitoring the network state, you will also implement an IP SLA solution. Once the design is complete, you will connect to your remote lab to implement solution. After completing this activity, you will be able to meet these objectives:

esign a HA solution consisting of Syslog and SNMP reporting and IP SLA solution.


reate a step-by-step implementation and verification plan.

Implement and verify your solution.



The Inalong

ImplementationP, Syslog and IP SLA in your network. The following list details

uirements for all switches in the company network. Your config

Cocli

Configure switches ASW2, DSW2, CSW2, and router R2 to send syslog information to

rs, configure the level of syslog messages to be informational.

embership, and interfaces status changed to error-disable. Configure your routers to send to the SNMP relevant server information of configuration changes.

switches ASW1, ASW2, CSW1, and CSW2. Configure ICMP probes

Execute the Verification plan to ensure IP connectivity.



Policy You have to configure SNMpreparation and configuration req

uration must implement all requirements:

nfigure switches ASW1, DSW1, CSW1, and router R1 to send syslog information to ent CLT1.

client CLT2.

On all switches and route

Configure switches ASW1, DSW1, CSW1, and router R1 to send SNMP traps to client CLT1.

Configure switches ASW2, DSW2, CSW2 and router R2 to send SNMP traps to client CLT2.

Configure your switches to send the SNMP relevant server information of the configuration changes, VLAN m

You should in both cases use the default SNMP version with Read only community.

Configure IP SLA on for the IP SLA between switches ASW1 and CSW1. Switch ASW1 should probe switches CSW1 and CSW1 should probe switch ASW1.

Configure ICMP probes for the IP SLA between switch ASW2 and CSW2. Switch ASW2 should probe switch CSW2, and switch CSW2 should probe switch ASW2.

Devrmation about SNMP, Syslog and IP SLA:

ices Information The table provides info


Device name Send to Syslog Send to SNMP IP SLA to Syslog? server SNMP

server? server

ASW1 Yes CL SWCLT1 Yes T1 C 1

ASW2 Yes CLT2 Yes CLT2 CSW2

DSW1 Yes CL - CLT1 Yes T1

DSW2 Yes CLT2 Yes CLT2 -

CSW1 Yes CL ASW CLT1 Yes T1 1

CSW2 Yes CLT2 Yes CLT2 ASW2

R1 Yes CLT1 Yes CLT1 -

R2 Yes CLT2 Yes CLT2 -

Network Diagram

© 2009

V al Objecti r La Imp nt HArk Design

isu ve fo b 5-1: leme in a Netwo



Co commands that are used in this activity.

mmand List The table describes the

Command Description

acces ess-list-number ermit} sourc

If you specified cess list number in previous step , then create he command as many

ess

ss-lin

T e

cond

acce

(Optional) For source-wildcard, enter the wildcard bits in

ones

s-list acc{deny | p

e [source-wildcard] times as nec

For accespecified

an IP standard acthe list, repeating t

ary.

ist-number, enter the access list number previous step.

h deny keyword denies access if the conditions are matched. The permit keyword permits access if the

itions are matched.

For source, enter the IP address of the SNMP managers that are permitted to use the community string to gain

ss to the agent.

dotted decimal notation to be applied to the source. Place in the bit positions that you want to ignore.

frequency seconds (Optional) s operation repeats. T60 se

Set the rate at which a specified IP SLAhe range is from 1 to 604800 seconds; the default is

conds.

icmp-echo {destination-ip-address | destination-hostnaddresource-iinterface-id]

Configure tand enter I

destination-the destinat

(Optional) s ress | hostname}—Specify the e IP address

me

ame} [source-ip {ip-ss | hostname} |

nterface

he IP SLAs operation as an ICMP Echo operation CMP echo configuration mode.

ip-address | destination-hostname — Specify ion IP address or hostname.

ource-ip {ip-addsourcor hostnaaddress n

(Optional) sou

or hostname. When a source IP address e is not specified, IP SLAs chooses the IP arest to the destination .

source-interface interface-id —Specify the rce interface for the operation.

230 Implementing Cisco Switched Networks (SWITCH) v1.0 2009 Cisco Systems, Inc. ©

Command Description

ip sla monitor schedule oper{for[sta[monpendhh:mseco

Configure the scheduling parameters for an individual IP SLAs

tion the RTR entry number.

Optionaeg

—

nth.

—

— Ente

—

(Optional) ageout seconds—Enter the number of seconds to kcollecthe defa

(Optionarun ev

ation-number [life ever | seconds}] rt-time {hh:mm [:ss] th day | day month] | ing | now | after m:ss] [ageout nds] [recurring]

operation.

opera

(Optiona(forever) ofrom 0 to hour).

(b

-number—Enter

l) life —Set the operation to run indefinitely r for a specific number of seconds. The range is

2147483647. The default is 3600 seconds (1

l) start-time—Enter the time for the operation to in collecting information:

To start at a specific time, enter the hour, minute, second (in 24-hour notation), and day of the month. If no month is entered, the default is the current mo

Enter pending to select no information collection until a start time is selected.

r now to start the operation immediately.

Enter after hh:mm:ss to show that the operation should start after the entered time has elapsed.

eep the operation in memory when it is not actively ting information. The range is 0 to 2073600 seconds,

ult is 0 seconds (never ages out).

l) recurring — Set the operation to automatically ery day.

ip sla operation-number Create an mode.

IP SLAs operation, and enter IP SLAs configuration

ip sla responder {tcp-connect | udp-echo} ipaddress ip-address port port-number

Configure t

The optiona

tcp-con r for TCP connect ions

choProtocol (U or jitter operations.

ddress

Nconfigured

he switch as an IP SLAs responder.

l keywords have these meanings:

nect—Enable the respondeoperat

udp-e

.

—Enable the responder for User Datagram DP) echo

ipa

port port-

ote The IP ad

ip-address—Enter the destination IP address.

number—Enter the destination port number.

dress and port number must match those on the source device for the IP SLAs operation.

logging buffered [size] Log mes he switch. sages to an internal buffer on t

logging host Log mes

For hostas

sages to a UNIX syslog server host.

, specify the name or IP address of the host to be used the syslog server.

line [console | vty] line-number [ending-line-number]

Spec fme

Use the cothrough th

e linre t

vty c nnecTelnet ses

i y the line to be configured for synchronous logging of ssages.

nsole keyword for configurations that occur e switch console port.

Use thlines a

o

e vty line-number command to specify which vty o have synchronous logging enabled. You use a tion for configurations that occur through a sion. The range of line numbers is from 0 to 15.


Command Description

logging synchronous [leveall] buffe

Enable synchronous logging of messages.

lesse

(Optionaprint

p

messThe default is

l [severity-level | | limit number-of-rs]

(Optionalseverity lehighenumbers

) For level severity-level, specify the message vel. Messages with a severity level equal to or

r than this value are printed asynchronously. Low mean greater severity and high numbers mean

r severity. The default is 2.

l) Specifying level all means that all messages are ed asynchronously regardless of the severity level.

(O tional) For limit number-of-buffers, specify the number of buffers to be queued for the terminal after which new

ages are dropped. The range is 0 to 2147483647. 20.

no logging console Disable message logging.

show ip sla responder Verify the IP SLAs responder configuration on the device.

show splays information about the IP SLA tests. ip sla statistics Di

show [oper

ptional) Displa all defaults for As oper

ip sla configuration (Oation-number] all IP SL

y configuration values, including ations or a specified operation.

show NMP statistics. snmp Displays S

snmp-strin[ro |numbe

the co

one or more community strings of any length.

(Optional) F ccessible to commu

stationscommunit

acce 1300 to 1999.

server community Configure g [view view-name] rw] [access-list-r]

For string, spermits acc

mmunity string.

pecify a string that acts like a password and ess to the SNMP protocol. You can configure

or view, specify the view record athe

(Optionauthorizspecif

nity.

al) Specify either read-only (ro) if you want ed management stations to retrieve MIB objects, or

y read-write (rw) if you want authorized management to retrieve and modify MIB objects. By default, the

y string permits read-only access to all objects.

(Optional) For access-list-number, enter an IP standard ss list numbered from 1 to 99 and

snmp-server engineID {local engineid-string | remote ip-address [udp-port port-number] engineid-string}

Conf

The engnam24-cthe portiozeroengine I

If youat contain

g

igure a name for either the local or remote copy of SNMP.

ineid-string is a 24-character ID string with the e of the copy of SNMP. You need not specify the entire haracter engine ID if it has trailing zeros. Specify only

n of the engine ID up to the point where only s remain in the value. For example, to configure an

D of 123400000000000000000000, you can enter this: snmp-server engineID local 1234.

select remote, specify the ip-address of the device thUser DataThe defau

s the remote copy of SNMP and the optional ram Protocol (UDP) port on the remote device.

lt is 162.


Command Description

snmp-server group grou{aut[reawritnotiacce

Configure a new SNMP group on the remote device.

p

models.

—

width.

— authent

Auth — Enables the Message Digest 5 (MD5) and the Sec

Noauth — Enables vel. This is the defa

Priencr

64 ccan on

O64 cnt

(Optionaexcyou

exc

pname {v1 | v2c | v3 h | noauth | priv}} d readview] [write eview] [notify fyview] [access ss-list]

For grou

Specify a s

— v1

name, specify the name of the group.

ecurity model:

is the least secure of the possible security

v2c is the second least secure model. It allows transmission of informs and integers twice the normal

v3, the most secure, requires you to select an ication level:

ure Hash Algorithm (SHA) packet authentication.

the noAuthNoPriv security leult if no keyword is specified.

v — Enables Data Encryption Standard (DES) packet yption (also called privacy).

(Optional) Enter read readview with a string (not to exceed haracters) that is the name of the view in which you

ly view the contents of the agent.

( ptional) Enter write writeview with a string (not to exceed haracters) that is the name of the view in which you

e er data and configure the contents of the agent.

l) Enter notify notifyview with a string (not to eed 64 characters) that is the name of the view in which specify a notify, inform, or trap.

(Optional) Enter access access-list with a string (not to eed 64 characters) that is the name of the access list.

snmp-server host host-addr

[informs | traps] [version {1 | 2c | 3 {auth | noauth | priv}}] community-string [notification-type]

Specify the rec

hos

(Optiona

(Optionathe hos

ptional)SN

(Optiona uth,

ord-like community string sent with

(Optiona e enter snmp-server enable rap

ipient of an SNMP trap operation.

For host-addr, specify the name or Internet address of the t (the targeted recipient).

l) Enter informs to send SNMP informs to the host.

l) Enter traps (the default) to send SNMP traps to t.

(O Specify the SNMP version (1, 2c, or 3). MPv1 does not support informs.

l) For Version 3, select authentication level a, or priv.

noauth

For comspecifie

munity-string, when version 1 or version 2c is d, enter the passw

the notification operation. When version 3 is specified, enter the SNMPv3 username.

l) For notification-typt s ?

snmp-server enable traps notification-types

Enable of notifications to be sent.

the switch to send traps or informs and specify the type


Command Description

udp-jitter {destination-ip-adhostnport addre[sour[contdisabnumbe[inteinter

Configure the IP SLAs operation as a UDP jitter operation, and tter

n-destination IP address or hostname.

s

ddress

tiport numbnum

(Optiona

SLAsto es

p

the defa

(Optionabetw

0

dress | destination-ame} destination-[source-ip {ip-ss | hostname}] ce-port port-number] rol {enable | le}] [num-packets r-of-packets] rval interpacket-val]

enter UDP ji

destinatiothe

dethe range from 1 t

(Optional) soursourcor hosaddres

(Op

configuration mode.

ip-address | destination-hostname — Specify

tination-port — Specify the destination port number in o 65535.

ce-ip {ip-address | hostname} —Specify the e IP address or hostname. When a source IP atname is not specified, IP SLAs chooses the IP s nearest to the destination.

onal) source-port port-number—Specify the source er in the range from 1 to 65535. When a port

ber is not specified, IP SLAs chooses an available port.

l) control—Enable or disable sending of IP SLAs control messages to the IP SLAs responder. By default, IP

control messages are sent to the destination device tablish a connection with the IP SLAs responder.

(O tional) num-packets number-of-packets—Enter the number of packets to be generated. The range is 1 to 6000;

ult is 10.

l) interval inter-packet-interval —Enter the interval een sending packets in milliseconds. The range is 1 to

60 0; the default value is 20 ms.


Value Location

Blank design requirements list Task 1

Blank implementation requirements list Task 2

Blank i 3 mplementation and verification plan form Task


Debrie olutions form End of this lab f alternate s




Solutio uration section of the lab guide

n configure answer key Config at the end


TA

et, your first task is to create a list where you will documlab vimpleat the

ask 1: Create an Implementation Requirement List for High vailability and Reporting

After you have analyzed the Information Packent the requirements for a successful implementation. Use the following table, the initial

isual objective, and the implementation policy and devices information to create your mentation requirement list. If you are unsure, you can use the hints information provided end of the lab guide.



Ta

on eacbecausorder. you wimplemthe Imat the

sk 2: Create an Implementation and Verification Plan The next step in your configuration deployment is to create a task list of each item to configure

h device and in what order. The Implementation and Verification Plan is very important, e it enables you to ensure that all requirements are properly configured and in the correct The task will help you setup configuration checkpoints. Use the plan to determine how ill verify that each required item was effectively configured. You will move to the actual

entation in the next task. Use the following table and the Information Packet to create plementation and Verification Plan. If you are unsure, use the hints information provided end of this lab.

Complete √

Device Implemen-tation order





to cosolutspeciyour verifi


nnect to the remote lab and implement your solution. Do not forget to save! Once your ion is implemented, verify your configuration is working and fulfills the requirements fied. Use the previous table to document the verifications you conducted to ensure that solution is complete. Hints are available at the end of this lab if you are unsure about the cation steps.



____

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________


______________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________


_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


Al

duringother p

_____ ________________________________________

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______



_____________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________


_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


La_____________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________


____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

242 Implementing d NetwCisco Switche orks (SWITCH) v1.0 © 2009 Cisco Systems, Inc.


conta

Lab 5-1 Hint Sh

Imur network, the first task asks you to create an

The list details the elements needed to develop an imple

ints Yo


eet: Implementing HA in a Network Design

plementation Requirements To facilitate the configuration of yoImplementation Requirements list.

mentation plan. The following is an example of such a list:


All s witches and routers Syslog server Implementation policy section

All sw routers SNMP policy section itches and Implementation

ASW1 and CSW1 IP SLA Implementation policy section

ASW2 and CSW2 IP SLA Implementation policy section

All sw Implementation policitches and routers Verification y section


ASW1 Design and Implementa Syslog server Network Diagram, tion Requirements

ASW SNMP Network Diagram, Design and Implementation Requirements 1

ASW1 IP SLA Network Diagram, Design and Implementation Requirements

ASW2 Syslog server Network Diagra ion Requirements m, Design and Implementat

ASW2 SNMP Network Diagram, Design and Implementation Requirements

ASW2 IP SLA Network Diagram, Design and Implementation Requirements

DSW1 yslog se Network Diagram, S rver Design and Implementation Requirements

DSW1 MP Network Diagra SN m, Design and Implementation Requirements

DSW2 Syslog server Network Diagram, Design and Implementation Requirements

DSW2 SNMP Network Diagram, Design and Implementation Requirements

CSW1 yslog se Network Diagram, S rver Design and Implementation Requirements

CSW1 MP Network Diagram, SN Design and Implementation Requirements

CSW1 SLA Network Diagra IP m, Design and Implementation Requirements

CSW2 Syslog server Network Diagram, Design and Implementation Requirements

CSW2 SNMP Network Diagram, Design and Implementation Requirements

CSW2 IP SLA Network Diagram, Design and Implementation Requirements

R1 yslog se Network Diagram, S rver Design and Implementation Requirements

R1 NMP Network DiagraS m, Design and Implementation Requirements

R2 Syslog server Network Diagram, Design and Implementation Requirements

R2 SNMP Network Diagram, Design and Implementation Requirements


Imptation and Verification Plan. There are several

possibin a tewith itPlan fo

lementation and Verification Plan In the next task, you will create an Implemen

le correct solutions. One possible approach groups items that are common to all switches mplate and then applies the template to all switches. You can then configure each switch ems that are unique to each device. An example of the Implementation and Verification llows.

244 Implementing co Switched Ne ITC .0 Cisco SCis tworks (SW H) v1 © 2009 ystems, Inc.

Complete √




ASW1 1 Logging on w logging. Sho

ASW1 Logging 10.1.3. w logging. 2 50 Sho

ASW1 Logging traps informational

3 Show logging.

ASW2 4 Logging on Show logging.

ASW2 5 Logging 10.1.4.100 Show logging

ASW2 6 Logging traps informational

Show logging.

DSW1 Logging on 7 Show logging.

DSW1 Logging 10.1.3. ogging. 8 50 Show l

DSW1 Logging traps informational

w logging. 9 Sho

DSW2 10 Logging on Show logging.

DSW2 11 Logging 10.1.4.100 Show logging.

DSW2 12 Logging traps informational

Show logging.

CSW1 Logging on w logging. 13 Sho

CSW1 Logging 10.1.3. . 14 50 Show logging

CSW1 Logging traps informational

ogging. 15 Show l

CSW2 16 Logging on Show logging.

CSW2 17 Logging 10.1.4.100 Show logging.

CSW2 18 Logging traps informational

Show logging.

ASW1 snmp-server entraps errdisable

snmp. 19 able Show

ASW1 snmp-server entraps config

w snmp. 20 able Sho

ASW1 snmp-server enabtraps vlan-mem

21 le Show snmp. bership

ASW1 23 snmp-server cociscor ro

snmp. mmunity Show

ASW1 snmp-server ho24 st 10.1.3.50 traps ciscor

Show snmp.

ASW2 25 snmp-server enable traps errdisable

Show snmp.

ASW2 26 snmp-server enable traps config

Show snmp.

ASW2 27 snmp-server enable traps vlan-membership

Show snmp..

ASW2 28 snmp-server community ciscor ro

Show snmp.

Comment [A3]: Is this referring to The CiscoR 12000 Series Eight-Port OC-48c/STM-16c POS Line Card (8-Port OC-48 POS) or anything related? There are several instances of ciscor and ciscor ro in this table. Please verify okay or correct.


Complete √




ASW2 29 snmp-server host 10.1.4.100 traps ciscor

Show snmp.

DSW1 30 snmp-server enatraps errdisable

ble Show snmp.

DSW1 snmp-server enatraps config

31 ble Show snmp.

DSW1 32 snmp-server enatraps vlan-memb

ble ership

Show snmp.

DSW1 33 snmp-server comciscor ro

munity Show snmp.

DSW1 34 snmp-server hos10.1.3.50 traps ci

t Show snmp. scor

DSW2 35 snmp-server enable traps errdisable

Show snmp.

DSW2 36 snmp-server enable traps config

Show snmp.

DSW2 37 snmp-server enable traps vlan-membership

Show snmp.

DSW2 38 snmp-server community ciscor ro

Show snmp.

DSW2 39 snmp-server host 10.1.4.100 traps ciscor

Show snmp.

CSW1 40 snmp-server enatraps errdisable

ble Show snmp.

CSW1 snmp-server enable traps config

41 Show snmp.

CSW1 snmp-server enatraps vlan-memb

42 ble ership

Show snmp.

CSW1 43 snmp-server comciscor ro

munity Show snmp.

CSW1 44 snmp-server host 10.1.3.50 traps ciscor

Show snmp.

CSW2 45 snmp-server enable traps errdisable

Show snmp.

CSW2 46 snmp-server enable traps config

Show snmp.

CSW2 47 snmp-server enable traps vlan-membership

Show snmp.

CSW2 48 snmp-server community ciscor ro

Show snmp.

CSW2 49 snmp-server host 10.1.4.100 traps ciscor

Show snmp.

R1 50 snmp-server enable traps config

Show snmp.

R1 51 snmp-server comciscor ro

snmp. munity Show


Complete √




R1 52 snmp-server host 10.1.3.50 traps c

Show snmp. iscor

R2 53 snmp-server enable traps config

Show snmp.

R2 54 snmp-server community ciscor ro

Show snmp.

R2 55 snmp-server host 10.1.4.100 traps ciscor

Show snmp.

ASW1 56 Ip sla 1 a configurationShow ip sl .

ASW1 Icmp-echo 10.1 uration57 .253.1 Show ip sla config .

ASW1 ip sla schedule forever start-tim

Show ip sla statistics. 58 1 life e now

ASW2 59 Ip sla 1 Show ip sla configuration.

ASW2 60 Icmp-echo 10.1.253.7 Show ip sla configuration.

ASW2 61 ip sla schedule 1 life forever start-time now

Show ip sla statistics.

CSW1 Ip sla 1 Show ip sla configurat62 ion.

CSW1 Icmp-echo 10.1 igurat63 .3.1 Show ip sla conf ion.

CSW1 ip sla schedule forever start-tim

tistics. 64 1 life e now

Show ip sla sta

CSW2 65 Ip sla 1 Show ip sla configuration.

CSW2 66 Icmp-echo 10.1.4.2 Show ip sla configuration.

CSW2 67 ip sla schedule 1 life forever start-time now

Show ip sla statistics.


Step-Ste face in configuration mode

Step 2 Confi

Step 3 Repeat ste W2, CSW1, CSW2,and routers R1 and R2. Verify sys

DSW1#

No In C M tor logging: level debugging, 0 messages logged, xml disabled, filtering disabled B er logging: level debugging, 1022 messages logged, xml disabled, E C t and timestamp logging messages: disabled F P T

Step 4 Configure

ASW1(ASW1( ASW1(ASW1(ASW1(

by-Step Procedure p 1 Connect to ASW1 switch inter




Enter configuration mode, using configure terminal.

gure Syslog server on switch ASW1:

ASW1(config)# logging on ASW1(config)# logging 10.1.3.50 ASW1(config)# logging trap informational

ps 1 and 2 on switches ASW2, DSW1, DSlog server configuration, for example on DSW1:

show logging Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled) No Active Message Discriminator.

active Message Discriminator.

onsole logging: disabled oni uff filtering disabled eption Logging: size (4096 bytes) xc

ounile logging: disabled ersistent logging: disabled rap logging: level informational, 1000 message lines logged

abled, Logging to 10.1.3.51 (udp port 514, audit dis authentication disabled, encryption disabled, link up), 150 message lines logged, 0 message lines rate-limited, 0 message lines dropped-by-MD, xml disabled, sequence number disabled filtering disabled

SNMP on switch ASW1:

config)# snmp-server community ciscor ro config)# snmp-server host 10.1.3.50 traps ciscor

config)# snmp-server enable traps errdisable config)# snmp-server enable traps config config)# snmp-server enable traps vlan-membership


Step 5 Repeat step 4 on switches ASW2, DSW1, DSW2, CSW1, and CSW2. On routers R1 and R2, repeat step 4 without errdisable and without vlan-membership. Verify the snmp configuration, for example on CSW1:

CSW1#show snmp Chas0 SN supplied ize 1000) 5 SN t size 1500) SNMP SNMP /10, 5 sent, 0 dropped. SNMP

Step 6 Configur

ASW1ASW1 .1.253.1 ASW1

Step 7 Repeat st

Roun Late ar 5 1993 Late

Operat

sis: FDO1310X136 MP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get-request PDUs 0 Get-next PDUs 0 Set-request PDUs

aximum queue s0 Input queue packet drops (MMP packets output

packe0 Too big errors (Maximum 0 No such name errors 0 Bad values errors 0 General errors 0 Response PDUs 5 Trap PDUs global trap: disabled

logging: enabled Logging to 10.1.3.51.162, 0 agent enabled

e IP SLA on switch ASW1:

onfig)# ip sla 1 (c(config-ip-sla)#icmp-echo 10(config)# ip sla schedule 1 life forever start-time now

2, and CSW2. Verify that the IP SLA test is running:ep 6 on switches CSW1, ASW

CSW1#show ip sla statistics

d Trip Time (RTT) for Index 1 Latest RTT: 1 ms

st operation start time: *22:24:34.231 eastern Fri Mst operation return code: OK er of successes: 290 Numb

Number of failures: 0 ion time to live: Forever


Laigh

Availa

Activity Objr your company has become a friend of yours. Once, while

m and an engineer from Cisco, the engineer mentioned the need for a nwant texistendiscusyou tofeatureand pelab to object

De

Cr

Cr

b 6-1: Implement and Tune HSRP Complete this lab activity to confirm your knowledge from the course on the topics of H

bility and Reporting.

ective The Cisco account manager fohaving a friendly chat with hi

etwork to have a redundancy mechanism implemented. You like the idea as you do not o take unnecessary risks. You dig deep into the documentation and find out about the ce of a protocol called Hot Standby Router Protocol (HSRP). After an informal

sion with your IT manager, he gives a green light to proceed with the project, but asks demonstrate HSRP step by step, to understand how it really works and what the various s are. As you leave him, you realize the need to create a design, implementation plan, rform the reconfiguration. Once the design is complete, you will connect to your remote implement your solution. After completing this activity, you will be able to meet these ives:

sign a HSRP solution.

eate an implementation requirements list.

eate a step-by-step implementation and verification plan.




The Ialong

ImplementatioRP in your network. The following lists details preparation and s for all switches in the company network. Your configuration must

imple

YC

For both cases, switches DSW1 and DSW2 will be the default gateways for the clients.

e interfaces will decrement the priority of switch DSW1 by 30.

e interfaces will decrement the priority of switch DSW1 by 30.

In your implementation, proceed in order:

, implement the preempt feature. Test.

riority.



n Policy You have to configure HSconfiguration requirement

ment all these requirements:

ou must implement two HSRP solutions: one offering first hop redundancy for client LT1 in VLAN 3, and one offering first hop redundancy for client CLT2 in VLAN 4.

Switch DSW1 will be the primary HSRP router on VLAN3 and secondary HSRP router on VLAN4.

Switch DSW2 will be the primary HSRP router on VLAN4 and secondary HSRP router on VLAN3.

Primary HSRP on switch DSW1 will track interfaces Po31 and Po32. The loss of connectivity to thes

Primary HSRP on switch DSW2 will track interfaces Po31 and Po32. The loss of connectivity to thes

Preempt should be configured so that each Layer 3 switch tries to become primary whenever possible.

— Start by implementing HSRP in both VLANs, without preempt, without tracking, and without priority. Test by shutting down the link to the primary HSRP router, then reenabling the link.

— Once this has been tested

— Once you have tested this, implement tracking and p

Devmation about IP addresses:

ices Information The table provides infor


Device name HSRP IP address IP address HSRP IP address VLAN 3 VLAN 4

ASW1 No - - -

ASW2 No - - -

DSW1 Yes 10.1.3. 10.1.4.3 3 10.1.3.1

DSW2 Yes 10 10.1.4.2 .1.4.1 .1.3.2 10

CSW1 No - - -

CSW2 No - - -

R1 No - - -

R2 No - - -

Network Diagram

© 2009

Vi Objecti for Lab 6-1: Impl ment and RP

sual ve eTune HS





Command Description

conf inal Enters global c from privileged EXEC mode, igure term onfiguration mode

inte nters interfacterface on wh

rface interface-id Ein

e configuration mode, and enter the Layer 3 ich you want to enable HSRP.

stan ) Conf

1— Select

lect

dby version {1 | 2} (Optional igures the HSRP version on the interface.

HSRPv1.

2— Se HSRPv2.

standby [ ] ip [ip-address [secondary]]

umber and vir

number on the

mber.

musinte

(Optionahot

the primaraddrstandby

group-number Creates (or enables) the HSRP group using its ntual IP address.

(Optional) group-number — The groupinterface for whto 255; the you do no

(Optiona

ich HSRP is being enabled. The range is 0 default is 0. If there is only one HSRP group,

t need to enter a group nu

l on all but one interface) ip-address — The virtual IP address of the hot standby router interface. You

t enter the virtual IP address for at least one of the rfaces; it can be learned on the other interfaces.

l) secondary — The IP address is a secondary standby router interface. If neither router is designated

as a secondary or standby router and no priorities are set, y IP addresses are compared and the higher IP

ess is the active router, with the next highest as the router.

standby [group-number] priority priority [preempt [delay delay]]

Sets a priorangrepresen

(Optionawhic

(Optionarouter ctive router, it

mes c

nal)ne t

onds fault is 0 no de

rity value used in choosing the active router. The e is 1 to 255; the default priority is 100. The highest number

ts the highest priority.

l) group-number — The group number to h the command applies.

l) preempt — Select so that when the local has a higher priority than the a

assu

(Optiopostpoof sec

ontrol as the active router.

delay — Set to cause the local router to aking over the active role for the shown number . The range is 0 to 3600(1 hour); the de

( lay before taking over).

standby [group-number] track type number [interface-priority]

Configures e of the otherpriorit

(Optionawhic

numb

numbeinte

ional)hich t

remenr comes is 10.

an interface to track other interfaces so that if on interfaces goes down, the device's Hot Standby

y is lowered.

l) group-number — The group number to h the command applies.

type — Enter the interface type (combined with interface er) that is tracked.

r — Enter the interface number (combined with rface type) that is tracked.

(Optby wdeco

interface-priority — Enter the amount he hot standby priority for the router is ted or incremented when the interface goes down back up. The default value

show standby [interface-id [group]]

Verify the configuration.



b Aids These are t

Value Location

Blank d uirements list Task 1 esign req

Blank im Task 2 plementation requirements list

Blank implem Task 3 entation and verification plan form

Blank st Task 4 udent notes

Debrief End of this lab alternate solutions form



Verification hi Hint Section nts

Solution c Configuration section at tend of the lab guide

onfigure answer key he


TC

zed the Information Packet, your first task is to create a list where you will documlab vimpleat the

ask 1: Create an Implementation Requirement List for HSRP onfiguration

After you have analyent the requirements for a successful implementation. Use the following table, the initial



© 2009 Cisco Systems, I Lab G de 255 nc. ui

Ta





Complete √





Complete √






to con

Duringorder:

Stwithout priority. Test by shutting down the link to the primary HSRP router, then re-

acking and priority.

req ed to re unsure

about the verification steps.


nect to the remote lab and implement your solution. Do not forget to save!

your implementation, do not forget to follow the Information Packet implementation

art by implementing HSRP in both VLANs, without preempt, without tracking, and

enabling the link.

Once you have tested this, implement the preempt feature. Test.

Once you have tested this, implement tr

Once your solution is implemented, verify your configuration is working and fulfills the uirements specified. Use the previous table to document the verifications you conduct

ensure that your solution is complete. Hints are available at the end of this lab if you a



___

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____


_______________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________


A

durinother

____ _________________________________________

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____



_____________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________


L______________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____


_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________



contai


Implementation RTo facilitate the configuration of your network, the first task asks you to create an

list details the elements needed to develop an is an example of such a list:

nts Yo


menting HA in a Network Design This solution provides the final configuration with preempt, priority, and tracking.

equirements

Implementation Requirements list. Theimplementation plan. The following


DSW1 HSRP Implementation policy section



DSW1 on VLAN 4, primary on VLAN 3 and secondary on VLAN 4

Network Diagram, Design anImplementation Requirements

HSRP 3 and VLAN d

DSW2 HSRP on VLAN 3 and VLAN 4, primary on and secondary on VL

Network Diagram, Design and Implementation RequirVLAN 4 AN 3 ements


Imd Verification Plan. There are several possible

corretempthe fo

plementation and Verification plan In this task, you create an Implementation an

ct solutions. One possible approach groups items that are common to all switches in a late and then applies the template to all switches. For this lab, the template could contain llowing items:

Complete √




3 DSW1 1 interface vlan

DSW1 2 ip 10.1.3.3 255.255.255.0

e vlan 3. address Show interfac

DSW1 standby 3 ip 10.13 .3.1

DSW1 standby 3 priorit4 y 120

DSW1 5 standby 3 preempt

DSW1 standby 3 track channel31 30

6 Port-

DSW1 standby 3 track Port-channel14 30

y. 7 Show standb

DSW1 interface vlan 4 8

DSW1 ip address 10.1.255.255.255.0

terface vlan 4. 9 4.3 Show in

DSW1 standby 4 ip 10.10 1.4.1

DSW1 standby 4 preempt y. 11 Show standb

DSW2 12 interface vlan 3


DSW2 standby 3 preempt 14 Show standby.

DSW2 interface vlan 4 15


DSW2 standby 4 priorit17 y 120

DSW2 standby 4 preem18 pt

DSW2 standby 4 track Port-channel31 30

19

DSW2 standby 4 track channel32 30

dby. 20 Port- Show stan

Step-by-Step Procedure Step 1 Connect to DSW1 switch interface in configuration m

Connect to the rem

Ac ess the Switch c

Enter privilege mo enable.

Enter configuratio figure terminal.

switch ode

ote lab.

c onsole.

de, using

n mode, using con


Step 2 Configure HSRP on VLAN3 on switch DSW1:

DSW1(config)# interface Vlan3 DSW1( 255.0 DSW1(DSW1(DSW1(DSW1(DSW1(

Step 3 Configure

DSW1(

DSW1(

Step 4 Repeat ste

Step 5 Configure

3.1

DSW2(DSW2(DSW2(DSW2(

Step 7 Verify HS n DSW1:

DSW1#Vlan6 Sta Vir Act

Pre Act Sta 2, priority 90 (expires in 11.200 sec) Pri T T GroVlan6 Sta Vir Act L .0c07.ac40 (v1 default) Hel N Pre Act Sta Pri Gro

config-if)# ip address 10.1.3.3 255.255.config-if)# standby 3 ip 10.1.3.1 config-if)# standby 3 priority 120 config-if)# standby 3 preempt config-if)# standby 3 track Port-channel31 30

0 config-if)# standby 3 track Port-channel32 3

HSRP on VLAN4 on switch DSW1:

config)# interface Vlan4 DSW1(config-if)# ip address 10.1.4.3 255.255.255.0DSW1(config-if)# standby 4 ip 10.1.4.1

config-if)# standby 4 preempt

p 1 on switch DSW2.

HSRP on VLAN3 on switch DSW2:

DSW2(config)# interface Vlan3 DSW2(config-if)# standby 3 ip 10.1.DSW2(config-if)# standby 3 preempt

Step 6 Configure HSRP on VLAN4 on switch DSW2:

config)# interface Vlan4 config-if)# standby 4 ip 10.1.4.1 config-if)# standby 4 priority 120 config-if)# standby 4 preempt

DSW2(config-if)# standby 4 track Port-channel31 30DSW2(config-if)# standby 4 track Port-channel32 30

RP configuration and priorities, for example o

show standby 3 - Group 63 te is Active tual IP address is 10.1.63.254 ive virtual MAC address is 0000.0c07.ac3f ocal virtual MAC address is 0000.0c07.ac3f (v1 default) L

Hello time 3 sec, hold time 10 sec Next hello sent in 1.664 secs

emption enabled ive router is local ndby router is 10.1.63.ority 120 (configured 120) rack interface Port-channel31 state Up decrement 30 rack interface Port-channel32 state Up decrement 30 up name is "hsrp-Vl63-63" (default) 4 - Group 64 te is Standby

54 000.0c07.ac40

tual IP address is 10.1.64.2ive virtual MAC address is 0ocal virtual MAC address is 0000lo time 3 sec, hold time 10 sec ext hello sent in 0.688 secs emption enabled ive router is 10.1.64.1, priority 120 (expires in 9.232 sec) ndby router is local ority 90 (configured 90)

4" (default) up name is "hsrp-Vl64-6


L on the topics of high

avail

Activity Objective igned and implemented a redundant network for its core layer. As u notice that the two routers in your aggregation layer are not in a

redunconna stanprepaa ver

D

C

C

Information Packet refully.

on to all devices in the network,

ImYou confiimple

U

1 so that its interfaces to routers R1 and R2 are set to access mode

Cin

O rface (SVI) for VLAN10.

ab 6-2: Implementing VRRP Complete this lab activity to confirm your knowledge from the course

ability and reporting.

In the previous labs, you desyou analyze the network, yo

dant mode of operation, which may lead to unexpected problems. To prevent any future ectivity issue, you decide to implement the Virtual Router Redundancy Protocol (VRRP), dardized solution supported by your Cisco equipment, into your network. You have to re an implementation plan, make the needed configuration changes, and test according to

ification plan. After completing this activity, you will be able to meet these objectives:

esign a VRRP solution.


reate a step-by-step implementation and verification plan.


This packet contains the information needed to accomplish in this activity. Read it caThe Information Packet describes the requirements commalong with information specific to each device.

plementation Policy have to configure VRRP in your network. The following lists details preparation and guration requirements for all switches in the company network. Your configuration must ment all these requirements:

se the IP addresses from the given below table.

Configure switch CSWin VLAN10.

onfigure switch CSW2 so that its interfaces to routers R1 and R2 are set to access mode VLAN20. n switch CSW1, create a switch virtual inte

On switch CSW2, create an SVI for VLAN20.

Router R1 interface Fa0/0 will be in VRRP group 1 and Fa0/1 will be in VRRP group 2.

Router R2 interface Fa0/0 will be in VRRP group 2 and Fa0/1 will be in VRRP group 1.

Router R1 will be master on group 1 and backup on group 2.

Router R2 will be master on group 2 and backup on group 1.

Devmation about IP addresses. All masks are /29:


Device IP address IP address IP address VRRP IP IP address VRRP IP name VLAN 10 VLAN 20 Fa0/0 address Fa0/0 Fa0/1 address Fa0/1

ASW1 - - - - -

ASW2 - - - - -

DSW1 - - - - -

DSW2 - - - - -

CSW1 10.1.253.25 - - - -

CSW2 10.1.253.33 - - - -

R1 .1.253.27 1 .253.30 10 36 10.1.253.34 - - 10 0.1 .1.253.

R2 - - 10.1.253.35 10.1.253.34 10.1.253.26 10.1.253.30

Network Diagram

© 2009

Vi Obj ve for Lab 6-2: Impsual ecti lementing VRRP



268 Implementing C © s, Inc. isco Switched Networks (SWITCH) v1.0 2009 Cisco System



Command Description

conf nal Enters global c from privileged EXEC mode. igure termi onfiguration mode

inte nters interfacrface type number E e configuration mode.

ip amask

an Iddress ip-add

onfiguresress C P address for an interface.

vrrp[sec

s VRRP

•After you identify a primary IP address, you can use the vrrp ip ain with the secondary keyword to indicate a

group ip ip-address ondary ]

Enable on an interface.

command agadditional IP ddresses supported by this group.

vrrp n text

Assigns a text group descriptio description to the VRRP group.

vrrp group priority level Sets the priority level of the router within a VRRP group.

vrrpmini

es theoup if

ter.

r

group preempt [delay mum seconds]

ConfigurVRRP grrouter mas

router to take over as virtual router master for a it has a higher priority than the current virtual

The default delay period is 0 seconds.

The routeregardless

that is IP address owner will preempt, of the setting of this command.

vrrpadvertise [msec] interval

Configures the the virtual rout group.

keyw

group timers interval between successive advertisements by er master in a VRRP

The unit of the interval is in seconds unless the msec. ord is specified. The default interval value is 1 second.

vrrp group timers learn Configuresfor a VRRthe virtual rout

the router, when it is acting as virtual router backup P group, to learn the advertisement interval used by

er master.


Value Location




Debrief this lab alternate solutions form End of

Impleme int Section ntation requirement hints H

Implem hints Hint Section entation


Solution c Configuration section d of the uide

onfigure answer key at the enlab g


Taco

zed the Information Packet, your first task is to create a list where you will documlab visimplemat the

sk 1: Create an Implementation Requirement List for VRRP nfiguration

After you have analyent the requirements for a successful implementation. Use the following table, the initial ual objective, and the implementation policy and devices information to create your entation requirement list. If you are unsure, you can use the hints information provided

end of the lab guide.


270 Implementing Cisco Switched Ne orks (SWITC ) v1.0 © 2009 Cisco System nc. tw H s, I

T

on eabecauorderyou wimplethe Imat the

ask 2: Create an Implementation and Verification Plan The next step in your configuration deployment is to create a task list of each item to configure

ch device and in what order. The Implementation and Verification Plan is very important, se it enables you to ensure that all requirements are properly configured and in the correct . The task will help you setup configuration checkpoints. Use the plan to determine how ill verify that each required item was effectively configured. You will move to the actual mentation in the next task. Use the following table and the Information Packet to create plementation and Verification Plan. If you are unsure, use the hints information provided end of this lab.

Complete √





to consolutiospecifiyour sverific


nect to the remote lab and implement your solution. Do not forget to save! Once your n is implemented, verify your configuration is working and fulfills the requirements ed. Use the previous table to document the verifications you conducted to ensure that olution is complete. Hints are available at the end of this lab if you are unsure about the ation steps.



___

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____


_______________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________


A

durinother

____ _________________________________________

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____



_____________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________


L______________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____


_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________



contai




nts Yo


menting VRRP




CSW1 Access ports Implementation policy section

CSW1 SVI ntation policy Impleme section

CSW2 Access ports Implementation policy section

CSW2 SVI Implementation policy section

R1 VRRP Implementation policy section

R2 VRRP Implementation policy section


CSW1 cess ports Network Diagram, Design and ImRequirements

Ac plementation

CSW1 SVI Network Diagram, Design and Implementation Requirements

CSW2 Network Diagram, Requirements

Access ports Design and Implementation

CSW2 Network Diagram, Requirements

SVI Design and Implementation

R1 Network Diagram, Requirements

VRRP Design and Implementation

R2 Network Diagram, DRequirements

VRRP esign and Implementation

278 Implementing Cisco Switched Ne s (SWITC .0 c. twork H) v1 © 2009 Cisco Systems, In


corretempthe fo

plementation and Verification Plan In this task, you create an Implementation an


Complete √



CSW1 1 e range FastEthernet0/11-12 interfac

CSW1 2 switchport

CSW1 itchport mo3 sw de access

CSW1 4 switchport access vlan10 Show vlan.

CSW1 terface Vlan1 5 in 0

CSW1 address 10. Show interface vlan10.

6 ip 1.253.25 255.255.255.248

CSW2 terface range 7 in FastEthernet0/11-12

CSW2 itchport 8 sw

CSW2 itchport mo9 sw de access

CSW2 10 switchport access vlan20 Show vlan.

CSW2 terface Vlan211 in 0

CSW2 address 10. 55.255.248 Show interface vlan20.

12 ip 1.253.33 255.2

R1 terface FastE 13 in thernet0/0

R1 s 10. Show interface fa0/0.

14 ip addres 1.253.27 255.255.255.248

R1 p 1 ip 10.1. 15 vrr 253.30

R1 p 1 priority 116 vrr 20 Show vrrp.

R1 17 interface FastEthernet0/1 Show interface fa0/1.

R1 s 10.1.25318 ip addres .36 255.255.255.248

R1 219 vrrp 2 ip 10.1. 53.34 Show vrrp.

R2 rface FastE Show interface fa0/0.

23 inte thernet0/0

R2 s 10. 48 24 ip addres 1.253.35 255.255.255.2

R2 p 2 ip 10.1. 25 vrr 253.34

R2 26 vrrp 2 priority 120 Show vrrp.

R2 rface FastE27 inte thernet0/1

R2 s 10. Show interface fa0/1.

28 ip addres 1.253.26 255.255.255.248

R2 p 2 ip 10.1. Show vrrp. 29 vrr 253.34


Step-Ste h interface in configuration mode

Step 2

CS

CSW1(

Step 3 Configure

CSW1(CSW1(

Step 5 Configure

R1(co

R1(config-if)# vrrp 1 priority 120

R1(coR1(coR1(co

Step 7 Repeat ste and priorities, for example on R2:

FastE Sta Vir Vir

s 120 ter is 10.1.253.35 (local), priority is 120

Mas interval is 1.000 sec Mas FastE Sta Vir Vir Adv Pre Pri Mas Mas Mas

by-Step Procedure p 1 Connect to switch CSW1 switc




Enter configuration mode, using configure terminal.

Configure access ports on switch CSW1:

W1(config)# interface range FastEthernet0/11 - 12 CSW1(config-if)# switchport CSW1(config-if)# switchport mode access

config-if)# switchport access vlan 10

SVI on switch CSW1:

config)# interface Vlan10 config-if)# ip address 10.1.253.25 255.255.255.248

Step 4 Repeat steps from 1 to 3 on switch CSW2.

VRRP on Fa0/0 on router R1:

nfig)# interface FastEthernet0/0 .255.248 R1(config-if)# ip address 10.1.253.27 255.255

R1(config-if)# vrrp 1 ip 10.1.253.30

Step 6 Configure VRRP on Fa0/1 on router R1:

nfig)# interface FastEthernet0/1 nfig-if)# ip address 10.1.253.36 255.255.255.248 nfig-if)# vrrp 2 ip 10.1.253.34

n ps from 5 to 6 on router R2. Verify VRRP configuratio

R2#show vrrp thernet0/0 - Group 2 te is Master tual IP address is 10.1.253.34 tual MAC address is 0000.5e00.0102

Advertisement interval is 1.000 sec Preemption enabled Priority i Master Rou

ter Advertisementter Down interval is 3.414 sec

thernet0/1 - Group 1 te is Backup tual IP address is 10.1.253.30 tual MAC address is 0000.5e00.0101

sec ertisement interval is 1.000emption enabled ority is 100 ter Router is 10.1.253.27, priority is 120 ter Advertisement interval is 1.000 sec ter Down interval is 3.414 sec


LS

your knowledge from the course on the topics of High

Activity Obager, you discussed the current status of the corporate network and have agreed that you currently have a very good network echanisms to protect your client PCs. You agreed to analyze your

securirequinetwthinkthe Sanalyrunninetwyou a

After

P

I

Write an implementation plan to implement security measures on network switches.

W

ab 7-1: Secure Network Switches to Mitigate ecurity Attacks

Complete this lab activity to confirm availability and reporting.

jective In a meeting with the IT manits future development. You infrastructure, but you lack m

ty needs and risks in front of the network. As a first step, you must implement the red set of port-based security measures. The second important step is to manage the ork traffic with VLAN access-lists. You have taken care of end-user security, now you of how to protect the operation of your Spanning Tree Protocol (STP). When protected, TP is a stable operation, reducing the risks of unwanted topology changes. As you zed the corporate network and its services, you find that one of your major services ng is the DHCP service. As all the end users rely on DHCP to acquire IP addresses and ork settings, you decide to secure the DHCP service operation in your network. Also, since re afraid of possible ARP table exploits, you must take care of this.

completing this activity, you will be able to meet these objectives:

erform a baseline assessment of network switch security settings.

dentify possible threats, points of attack, and vulnerability points in the network.

rite a plan to test and verify security threat mitigation measures for VLANs.

Configure port security and other switch security features.

Configure VLAN access control list (VACL).

Verify the correct implementation of security measures.

Document the switch and VLAN security plan, settings, operations, and maintenance.


The Inalong

Implementationrity in your network. The following list details the preparation and for all switches in the company network. Your configuration must

implem

PoCLM

abled by default.

ts

Network D



Policy You have to configure secuconfiguration requirements

ent all these requirements:

rt security should be configured on ASW1 and ASW2 ports to client PC ports (to clients T1 and CLT2 respectively). Port security should be configured to limit the maximum

AC addresses on a port to 1.

Port security on ASW1 and ASW2 should dynamically learn MAC address. Violation should set the port to err-disable and send a trap.

On both ASW switches, set loopguard to be en

Use VACLs on switches DSW1 and DSW2 to ban clients PC1 and PC2 from performing telnet sessions to any destination, but permit any other traffic.

Protect the root bridge switches from other switches becoming roots.

Globally protect the access ports on all switches from receiving bridge protocol data uni(BPDUs) through the use of. Use BPDU guard.

Protect the alternate and root ports from becoming designated.

Protect the DHCP service with DHCP snooping on the ASW switches.

Protect ARP with ARP snooping on switches DSW1 and DSW2.

iagram

Visual Objective for Lab 7-1: Secure Network Switches to Mitigate Security Attacks






Command Description

conf inal Enters global c from privileged EXEC mode. igure term onfiguration mode

accenumbsour[log

efines a stannd wildcard.

ss-

access di

The source is twork or host from which the pack

The 32-bit

The keywosource-wilneed to en

sour

(Optional) Tthe sour

(Optional) Enter to logging mesthe cons

ss-list access-list-er {deny | permit}

Da

ce [source-wildcard] ] The acce

99 or 1300 to 1

Enter deny or if con

dard IPv4 access list by using a source address

list-number is a decimal number from 1 to 999.

permit to specify whether to deny or permit tions are matched.

the source address of the neet is being sent specified as:

quantity in dotted-decimal format.

rd any as an abbreviation for source and dcard of 0.0.0.0 255.255.255.255. You do not ter a source-wildcard.

The keyword host as an abbreviation for source and ce-wildcard of source 0.0.0.0.

he source-wildcard applies wildcard bits to ce.

log cause an informationalsage about the packet that matches the entry to be sent to

ole.


Command Description

access-list access-list-numbe

{deny ocol

sourc

destiwildcpreceden[fraginputrange

Defines an extended IPv4 access list and the access

The access-l a decimal number from 100 to 2699.

pnditi

olp, e p,

spf, pc to 255 r

et pro.

e iss se

The source-w ildcard bits to the source.

The destinathe packet is se

The destinatiodestination.

Source, soudestination

The 32-bit qu

The keywor

The keywor

The other keywo

tos — En

logto be entryentry

specmark

r

| permit} prot

conditions.

e source-wildcard to 199 or 2000

Enter deny or nation destination-ard [precedence

access if co

ce] [tos tos] ments] [log] [log-] [time-range time--name] [dscp dscp]

For protocahp, eigrnos, orange 0any Internkeyword ip

The sourcthe packet i

ist-number is

ermit to specify whether to deny or permit ons are matched.

, enter the name or number of an IP protocol: sp, gre,icmp, igmp, igrp, ip, ipinip, pim, tcp, or udp, or an integer in the

epresenting an IP protocol number. To match tocol (including ICMP, TCP, and UDP), use the

the number of the network or host from which nt.

ildcard applies w

tion is the network or host number to which nt.

n-wildcard applies wildcard bits to the

rce-wildcard, destination, and -wildcard can be specified as:

antity in dotted-decimal format.

d any for 0.0.0.0 255.255.255.255 (any host).

d host for a single host 0.0.0.0.

rds are optional and have these meanings:

precedence — Enter to match packets with a precedence level specified as a number from 0 to 7 or by name: routine (0), priority (1), immediate (2), flash (3), flash-override (4), critical (5), internet (6), network (7).

fragments—Enter to check non-initial fragments.

ter to match by type of service level, specified by a number from 0 to 15 or a name: normal (0), max-reliability (2), max-throughput (4), min-delay (8).

— Enter to create an informational logging message sent to the console about the packet that matches the

or log-input to include the input interface in the log .

time-range — For an explanation of this keyword, see the "Using Time Ranges with ACLs" section.

dscp — Enter to match packets with the DSCP value ified by a number from 0 to 63, or use the question (?) to see a list of available values.

ip access-list standard name

Defiacc

The name

nes a standard IPv4 access list using a name, and enter ess-list configuration mode.

can be a number from 1 to 99.


Command Description

deny source source-wildany}

or

perm urce [source-wild | host source | any}

In access-list configuration mode, specifies one or more tions deni

{ [card] | host source | [log]

condiforwarded or d

it {socard] [log]

ed or permitted to decide if the packet is ropped

ip aname

ended IPv4 access list using a name, and enter figuration mode.

can

ccess-list extended

Defines an extaccess-list con

The name be a number from 100 to 199.

{den

source source-wildcard

destwildprec[frainpurang

st c s allowed or deni

y | permit} protocol In access-li

ination destination-card [precedence edence] [tos tos] gments] [log] [log-t] [time-range time-e-name]

onfiguration mode, specifies the conditioned.

ip d s DHCP snooping globally. hcp snooping Enable

ip dvlan

DHCP snooping on a VLAN or range of VLANs. The to 4094.

hcp snooping vlan -range

Enables range is 1

ip d ptional) Configures the interface as trusted or untrusted. You can use the no keyword to configure an interface to receive messages fromuntrusted.

hcp snooping trust (O

an untrusted client. The default setting is

ip avlan

s dynamnami bled on all VLANs.

n-raer, a r

series of VLAN4094.

Specify the sam r both switches.

rp inspection vlan -range

Enabledefault, dy

ic ARP inspection on a per-VLAN basis. By c ARP inspection is disa

For vlaID numb

nge, specify a single VLAN identified by VLAN ange of VLANs separated by a hyphen, or a s separated by a comma. The range is 1 to

e VLAN ID fo

ip a

es the

By default, all int

rp inspection trust Configur connection between the switches as trusted.

erfaces are untrusted.

mac access-list extended name

Defines an extended MAC access list using a name.


Command Description

{deny permit any host sourc{any MAC aMAC amask aarp spanndiagn6000 lavc-mop-d| net|vine65535

In extended MAC access-list configuration mode, specify to or de

a

c

masith m l

n

costo 7 us

| } { |source MAC address | e MAC address mask} | host destination ddress | destination ddress mask} [type | lsap lsap mask | | amber | dec-ing | decnet-iv | ostic | dsm | etype-| etype-8042 | lat | sca | mop-console | ump | msdos | mumps bios | vines-echo s-ip | xns-idp | 0-] [cos cos]

permit address with a mand any destinwith a mask, or

(Optional) You

type packet whexadecapplie

lsap lsap mIEEE 802.2with optiona

aarp | | diagetypeconsoetbi

ny any source MAC address, a source MAC ask, or a specific host source MAC address tion MAC address, destination MAC address

a specific destination MAC address.

an also enter these options:

k — An arbitrary EtherType number of a Ethernet II or SNAP encapsulation in decimal, , or octal with optional mask of do not care bits i a

d to the EtherType before testing for a match.

ask — An LSAP number of a packet with encapsulation in decimal, hexadecimal, or octal l mask of do not care bits.

amber | dec-spanning | decnet-iv nostic | dsm | etype-6000 | -8042 | lat | lavc-sca | mop-le | mop-dump | msdos | mumps | os | vines-echo |vines-ip | xns-

idp — A non-IP protocol.

cos—An IEEE 802.1Q cost of service number from 0 ed to set priority.

show access-lists [number | name]

Shows the access list configuration.

show ip dhcp snooping Displays the DHCP snooping configuration for a switch.

show ip dhcp snooping binding

Displays the DHCP snooping bi able.

only the dynamically configured bindings innding database, also referred to as a binding t

show datab statistics.

ip dhcp snooping ase

Displays the DHCP snooping binding database status and

show stati

the DHip dhcp snooping stics

Displaysform.

CP snooping statistics in summary or detail

show inter

the dynaip arp inspection faces

Verifies mic ARP inspection configuration.

show vlan

the dynaip arp inspection vlan-range

Verifies mic ARP inspection configuration.

show statirange

the dynip arp inspection stics vlan vlan-

Checks amic ARP inspection statistics.

show ur enport-security Verifies yo tries.

spann ast bpdug

ables BPDU guard.

, BPDing-tree portf Globally enuard default By default U guard is disabled.

spann Enables root guard on the interface.

, root

ing-tree guard root

By default guard is disabled on all interfaces.

spanndefau

loop guard.

efault, p guard is disabled. ing-tree loopguard lt

Enables

By d loo


Command Description

switchport port-security [viorestshut

(Optional) Sets the violation mode, the action to be taken when lat

t limit allowed on the port,

oto dropof maa s

restraddrwithremov

SNviolati

shutdviolatiis scou

shutd

inst

lation {protect | rict | shutdown | down vlan}]

a security vio

protecaddrpa

ion is detected, as one of these:

— When the number of port secure MAC esses reaches the maximum

ckets with unknown source addresses are dropped until y u remove a sufficient number of secure MAC addresses

below the maximum value or increase the number ximum allowable addresses. You are not notified that

ecurity violation has occurred.

ict — When the number of secure MAC esses reaches the limit allowed on the port, packets unknown source addresses are dropped until you

e a sufficient number of secure MAC addresses or increase the number of maximum allowable addresses. An

MP trap is sent, a syslog message is logged, and the on counter increments.

own — The interface is error disabled when a on occurs, and the port LED turns off. An SNMP trap

ent, a syslog message is logged, and the violation nter increments.

own vlan — Use to set the security violation mode per VLAN. In this mode, the VLAN is error disabled

ead of the entire port when a violation occurs.

switchport port-security [mac-address mac-address [vlan {vlan-id | {access | voice}}]

(Optional) can use mber of secure MAC adthan dynamic

(Optional

th

dhe ve

access ify the VLAN as an access VL

voice — Ovoice VLA

Enters a secure MAC address for the interface. You this command to enter the maximum nudresses. If you configure fewer secure MAC addresses

the maximum, the remaining MAC addresses are ally learned.

) vlan—set a per-VLAN maximum value.

Enter one of

vlan-iID and tthe nati

ese options after you enter the vlan keyword:

— On a trunk port, you can specify the VLAN MAC address. If you do not specify a VLAN ID,

VLAN is used.

— On an access port, specAN.

n an access port, specify the VLAN as a N.

switchport port-security mac-address sticky

(Optional) Enables sticky learning on the interface.

© 2009 Cisco Systems, Inc. ab Guide 287 L

Command Description

switchport port-security mac-aaddre{acce

(Optional) Enters a sticky secure MAC address, repeating the madddd

igur

ptional) vla

Enter one of thes the vlan keyword:

vlan-id—MAC addreVLAN is us

acce

voice he VLAN as a voice VLAN.

ddress sticky [mac-ss | vlan {vlan-id | ss | voice}}]

command as secure MAC aaddresses are secure MAC adconf ation.

(O

ny times as necessary. If you configure fewer resses than the maximum, the remaining MAC ynamically learned, are converted to sticky resses, and are added to the running

n—set a per-VLAN maximum value.

e options after you enter

On a trunk port, specify the VLAN ID and the ss. If you do not specify a VLAN ID, the native ed.

access—On an access port, specify the VLAN as an ss VLAN.

—On an access port, specify t

vlan access-map name [number]

Creates a VLAN and (optionally) a number. ber of the entry with

map, and give it a namequence num The number is the se

in the map.

action {drop | forward} (Optional) map entry. The default is to .

Sets the action for theforward

match{name name | number]

es the pacagainst one or mthat packets are t access lists of the correct

e. IP pac acced M d access lists.

{ip | mac} address | number} [

Match ket (using either the IP or MAC address) ore standard or extended access lists. Note

only matched againsprotocol typextended IPagainst nam

kets are matched against standard or ess lists. Non-IP packets are only matched AC extende

vlan list

LA

an stri

comma and hyp

filter mapname vlan-list

Applies the V

The list c(10-22), or a

N map to one or more VLAN IDs.

be a single VLAN ID (22), a consecutive list ng of VLAN IDs (12, 22, 30). Spaces around the hen are optional.


Value Location


Blank implementation and verification plan Task 2 form


Debri ef alternate solutions form End of this lab

Implementation requirement hints Hint Section

Implem ints Hint Section entation h

Verifica ction tion hints Hint Se

Solution on secti nd of the lab configure answer key Configuratiguide

on at the e

288 Implementing co Switche tworks (SWITCH) v1.0 © 2009 Cisco Systems, Inc. Cis d Ne

TC

zed the Information Packet, your first task is to create a list where you will doculab vimpleat the

ask 1: Create an Implementation Requirement List for Security onfiguration

After you have analyment the requirements for a successful implementation. Use the following table, the initial isual objective, and the implementation policy, and devices information to create your mentation requirement list. If you are unsure, you can use the hints information provided end of the lab guide.



Ta





Complete √











____

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________


______________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________


_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


Al

duringother p

_____ ________________________________________

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______



_____________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________


_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


La_____________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________


____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________



conta

Lab 7-1 Hint Sh s



ints Yo


eet: Secure Network Switches to Mitigate Security Attack




ASW 1 Port security Implementation policy section

ASW2 ecu Implementation policy section Port s rity

DSW1 VACL Implementation policy section

DSW2 L Implementation polic VAC y section

DSW1 t gua Implementation polic Roo rd y section

DSW2 t gua Implementation polic Roo rd y section

ASW1 fast Implementation polic Port BPDU guard y section

ASW2 fast BPDU Implementation polic Port guard y section

DSW1 fast BPDU Implementation polic Port guard y section

DSW2 fast Implementation polic Port BPDU guard y section

ASW1 p gua Implementation polic Loo rd y section

ASW2 p gua Implementation polic Loo rd y section

DSW1 ard Implementation polic Loop gu y section

DSW2 Loop guard Implementation policy section

ASW1 P sn Implementation polic DHC ooping y section

ASW2 CP sn Implementation polic DH ooping y section

DSW1 P sno Implementation polic AR oping y section

DSW2 no Implementation polic ARP s oping y section



ASW1 ecurity work Diagram, DRequirements

Port s Net esign and Implementation

ASW2 Port security Network Diagram, D ntation Requirements

esign and Impleme

DSW1 Network Diagram, DRequirements

VACL esign and Implementation

DSW2 Network Diagram, DRequirements

VACL esign and Implementation

DSW1 guar Network Diagram, DRequirements

Root d esign and Implementation

DSW2 Root guard Network Diagram, D ntation Requirements

esign and Impleme

ASW1 Port fast BPDU guard Network Diagram, D ntation Requirements

esign and Impleme

ASW2 fast BPD Network Diagram, DRequirements

Port U guard esign and Implementation

DSW1 t B Network Diagram, DRequirements

Port fas PDU guard esign and Implementation

DSW2 t B Network Diagram, DRequirements

Port fas PDU guard esign and Implementation

ASW1 ar Network Diagram, DRequirements

Loop gu d esign and Implementation

ASW2 Loop guard Network Diagram, D ntation Requirements

esign and Impleme

DSW1 Loop guard Network Diagram, D ntation Requirements

esign and Impleme

DSW2 guar Network Diagram, DRequirements

Loop d esign and Implementation

ASW1 P sno Network Diagram, DRequirements

DHC oping esign and Implementation

ASW2 sno Network Diagram, DRequirements

DHCP oping esign and Implementation

DSW1 ARP snooping Network Diagram, Design and Implementation Requirements

DSW2 ARP snooping Network Diagram, D ntation Requirements

esign and Impleme

298 Implementing Cisco Switched Ne ITC .0 © 2009 Cisco Systems, Intworks (SW H) v1 c.


corretempthe fo



Complete √



ASW1 1 show mac address-table interface Fa0/3

ASW1 2 interface FastEthernet0/3

ASW1 witchport por ecurity 3 s t-s

ASW1 switchport port-sct 4 ecurity violation restri

ASW1 witchport por0050.5684.3a29

w port-security rface fastEthernet 5 s t-security mac-address sho

inte0/3

ASW2 e FastEthernet0/3 6 interfac

ASW2 7 switchport port-security

ASW2 8 witchport por sticky interface fastEthernet

0/3

s t-security mac-address show port-security

DSW1 access-list e9 ip xtended NOTEL

DSW1 cp any w access-list 10 permit t any eq telnet sho

DSW1 11 vlan access-map TEST 10

DSW1 tion drop 12 ac

DSW1 13 match ip address NOTEL

DSW1 cess-m14 vlan ac ap TEST 20

DSW1 tion forward15 ac

DSW1 n filter TESom CLT1 and switches does

not work 16 vla T vlan-list 3-4

telnet frCT2 to

DSW2 access-list e17 ip xtended NOTEL

DSW2 cp any access-list 18 permit t any eq telnet show

DSW2 n access-m19 vla ap TEST 10

DSW2 tion drop 20 ac

DSW2 21 match ip address NOTEL

DSW2 n access-m22 vla ap TEST 20

DSW2 23 action forward

DSW2 ilter TEST vlan-lisLT1 and

witches does

24 vlan f t 3-4 CT2 to snot work

telnet from C


Complete √



DSW1 25 interface range FastEthernet0/5-6

DSW1 nning-tree g26 spa uard root

DSW2 rface range 27 inte FastEthernet0/5-6

DSW2 28 spanning-tree guard root

ASW1 g-tree portfault 29 spannin ast bpduguard

def

ASW2 spanning-tree portfault 30 ast bpduguard def

DSW1 31 spanning-tree p uguard default ortfast bpd

DSW2 32 nning-tree p uguard default spa ortfast bpd

ASW1 nning-tree lo33 spa opguard default

ASW2 34 spanning-tree loopguard default

DSW1 nning-tree lo35 spa opguard default

DSW2 nning-tree lo36 spa opguard default

ASW1 37 ip dhcp snooping

ASW1 hcp snoopin38 ip d g vlan 1-4094

ASW1 rface range 39 inte FastEthernet0/1-2

ASW1 hcp snoopin nooping 40 ip d g trust show ip dhcp s

ASW2 hcp snoopin 41 ip d g

ASW2 hcp snooping 42 ip d vlan 1-4094

ASW2 erface range Fast43 int Ethernet0/1-2

ASW2 hcp snooping oping g 44 ip d trust show ip dhcp sno

bindin

DSW1 arp inspection v45 ip lan 1-4094

DSW2 rp inspection 46 ip a vlan 1-4094

DSW1 rface range 47 inte FastEthernet0/5 - 7

DSW1 rp inspection ction 48 ip a trust show ip arp inspestatistics vlan 3

DSW2 rface range 49 inte FastEthernet0/5 - 7

DSW2 rp inspection show ip arp inspection n 4 50 ip a trust statistics vla

300 Implementing © 2009 Cisco Systems, Inc. Cisco Switched Networks (SWITCH) v1.0

StSt tch interface in configuration mode:

l.

Step 2 Confi

ASW1(cASW1

Step 3 Configur

ASW2ASW2ASW2

olation restrict ASW2ASW2PortPortViolAginAginSecuMaxiTotaConfSticLastSecu

Step 4 Configur

DSW1DSW1 telnet DSW1DSW1DSW1 DSW1

DSW1DSW1DSW1Exte DSW1Vlan Ma Ac Vlan Ma Ac

ep-by-Step Procedure ep 1 Connect to switch ASW1 swi




Enter configuration mode, using configure termina

gure port security on switch ASW1:

ASW1#sho mac address-table interface FastEthernet 0/3 ASW1(config)#interface FastEthernet0/3 ASW1(config-if)# switchport port-security

onfig-if)# switchport port-security mac-address sticky (config-if)# switchport port-security violation restrict

e port security on switch ASW2:

#sho mac address-table interface FastEthernet 0/3 (config)#interface FastEthernet0/3 (config-if)# switchport port-security

c-address sticky ASW2(config-if)# switchport port-security maASW2(config-if)# switchport port-security vi

(config-if)# end # ASW2#show port-security interface f0/3 Security : Enabled Status : Secure-up ation Mode : Restrict g Time : 10 mins

activity g Type : InreStatic Address Aging : Disabled mum MAC Addresses : 1 l MAC Addresses : 1 igured MAC Addresses : 0 ky MAC Addresses : 1 Source Address:Vlan : 0050.5684.32ac:4 rity Violation Count : 0

e VACL on switch DSW1:

(config)#ip access-list extended NOTEL (config-ext-nacl)# permit tcp any any eq

(config)#vlan access-map TEST 10 (config-access-map)# action drop (config-access-map)#match ip address NOTEL

(config)#vlan access-map TEST 20 DSW1(config-access-map)# action forward

(config)#vlan filter TEST vlan-list 3-4 (config)# end show access-lists #

nded IP access list 100 10 permit tcp any any eq telnet #show vlan access-map access-map "DROP" 10 h clauses: tc

ip address: 100 tion: drop ccess-map "DROP" 20 a

tch clauses: tion: forward


Step 5 Repeat step 4 on switch DSW2.

Step 6 Configure STP security on switch ASW1:

d default ASW1(

Step 7 Repeat ste

Step 9 Repeat ste

Step 10 Configure

ASW1(config)# ip dhcp snooping vlan 1-4094 2

ASW1#SwitcDHCP 1-409DHCP 1,4,1DHCP Interfaces: Inser ci rOptioVerifVerifDHCP Inter t (pps) ----- ------- FastEFastE

Step 11 Repeat ste

Step 12 Configure

DSW1(DSW1(DSW1( DSW1#

ASW1(config)# spanning-tree portfast bpduguarconfig)# spanning-tree loopguard default

p 6 on switches ASW2, DSW1, and DSW2.

Step 8 Configure root guard on switch DSW1:

DSW1(config)# interface FastEthernet0/5 DSW1(config-if)# spanning-tree guard root

p 8 on switch DSW2.

DHCP snooping on switch ASW1:

ASW1(config)# ip dhcp snooping

ASW1(config)# interface range FastEthernet0/1 - ASW1(config-if)# ip dhcp snooping trust

show ip dhcp snooping h DHCP snooping is enabled snooping is configured on following VLANs: 4 ooping is operational on following VLANs: sn

1-12,63-66 snooping is configured on the following L3

tion of option 82 is enabled mat: vlan-mod-port rcuit-id for

emote-id format: MAC rt is not allowed n 82 on untrusted po

ication of hwaddr field is enabled ication of giaddr field is enabled ooping trust/rate is configured on the following Interfaces: sn

face Trusted Rate limi------------------- ------- ---------

unlimited thernet0/1 yes thernet0/2 yes unlimited

p 10 on switch ASW2.

ARP inspection on switch DSW1:

config)# ip arp inspection vlan 1-4094 config)# interface range FastEthernet0/5 - 7 config-if)# ip arp inspection trust

sho ip arp inspection

Source Mac Validation : Disabled Destination Mac Validation : Disabled IP Address Validation : Disabled


Vla --- 1 1 1 Vla ---…/… Vlan --- 408 408 409 409 409 409 409

Step 13 Repeat st

n Configuration Operation ACL Match Static ACL - ------------- --------- --------- ---------- 1 Enabled Active 2 Enabled Inactive 3 Enabled Active 4 Enabled Active 5 Enabled Inactive 6 Enabled Inactive 7 Enabled Inactive 8 Enabled Inactive 9 Enabled Inactive 0 Enabled Inactive 1 Enabled Active 2 Enabled Active n Configuration Operation ACL Match Static ACL - ------------- --------- --------- ---------- (long output ommited)

res IP Validation Failures Invalid Protocol Data Dest MAC Failu- ----------------- ---------------------- --------------------- 8 0 0 0

0 0 9 0 0 0 0 0 1 0 0 0 2 0 0 0 3 0 0 0 4 0 0 0

ep 12 on switch DSW2.


LaVo

ourse on the topics of High

Activity Obj the IT manager that a VoIP solution is expected to be Your task is to make the needed changes and prepare the network way that it will work without interruption. An email from the

voice list of tinfrastand Hiinformof the

After c

Ga

Pr ments list for VoIP readiness.

Prepare

Im

b 8-1: Plan Implementation and Verification of IP in a Campus Network

Complete this lab activity to confirm your knowledge from the cavailability and reporting.

ective You receive information fromimplemented in a near future.for the future project in such a

consultant informs you that the voice part of the implementation will be externalized. A he planned voice equipment is attached. Your assignment is to prepare the wired

ructure for this addition. You will have to design the voice VLANs, Auto QoS, DHCP gh availability features for to prepare the network. Your first task is to analyze the ation and make a plan for the needed steps to prepare the network for the implementation voice solution.

ompleting this activity, you will be able to meet these objectives:

ther information regarding the implementation of VoIP.

epare implementation require

an implementation and verification plan.

plement and verify.



The Ialong

Implementatioe in your network. The following lists details preparation and s for all switches in the company network. Your configuration must

imple

II

For every switch port connecting an IP phone, you have to allow the Voice VLAN (VLAN

tch DSW2 must

oth

the DHCP scopes.

tween switches, and access ports to CMEs.

to plan and configure PoE to support IP phones where needed.



n Policy You have to integrate voicconfiguration requirement


P phones will be connected to switches ASW1 and ASW2. Refer to the Device nformation table and configure each port accordingly.

63 on switch ASW1 and VLAN 64 on switch ASW2) and a data VLAN (VLAN 3 on switch ASW1 and VLAN 4 on switch ASW2).

Cisco Unified Call Manager Express units (CMEs) will be connected to switches DSW1 and DSW2 as per the Devices Information section information.

The CME on switch DSW1 must be in Voice VLAN 63, the CME on swibe in Voice VLAN 64.

HSRP on switches DSW1 and DSW2 for Voice VLAN (VLAN 63 and VLAN 64) should be configured. Switch DSW1 should be the primary gateway with a priority of 120. Bswitches DSW1 and DSW2 should preempt. Both switches DSW1 and DSW2 should track their links to switches CSW1 and CSW2. Loss of connectivity to either Core switch should decrease the priority by 30.

Switches DSW1 and DSW2 should be DHCP servers for Voice VLAN (VLAN 63 and VLAN 64). For each Voice VLAN, DSW1 will distribute addresses .50 to .99, and switch DSW2 will distribute addresses .100 to .149.

You should configure option 150 in each DHCP scope and point VLAN 63 DHCP clients to CME1 IP address, and VLAN 64 DHCP clients to CME2 IP address. Make sure that both CME IP addresses are excluded from

Verify that routing is properly configured to allow communication between these various VLANs.

You should configure Auto QoS on access ports to IP phones, trunk ports be

Class of service (CoS) values sent by IP phones and PCs connected to them should be trusted.

Power adapters were ordered along with the phones. Some Power over Ethernet (PoE) switches will be added to your network at a later date. Use the Task 2 section to make sure that you know how

Devmation about device locations:


Role IP address Network loDevice cation

IP phon IP phone DHCP assigned W1 P4 e 1 AS

IP phon one DHCP assigned 5 e 2 IP ph ASW1 P

IP phone 3 IP phone DHCP assigned ASW2 P4

IP phon one DHCP assigned 5 e 4 IP ph ASW2 P

CME 1 g 10.1.63.11/24 Call Mana er Express DSW1 P6

CME 2 g 10.1.64.12/24 Call Mana er Express DSW2 P6

Network Diagram

© 2009

bjective for Lab 8-1: Plan ntation of VoIP in a Campus Network

Visual OImpleme






Command Description

auto isco-phone

Enables auto-Q d specify that the port is connected to a

qos voip c oS on the port, an Cisco IP Phone.

The QoS labelCisco IP Phon

s of incoming packets are trusted only when the e is detected.

auto qos voip trust Enables auto-Qconnected to a

oS on the port, and specify that the port is trusted router or switch.

cdp CDP globally. By default, it is enabled. enable Enables

mls

gures the he pack

default CoS va

qos trust cos Confiusing t

interface to classify incoming traffic packets by et CoS value. For untagged packets, the port lue is used.

inte net | giga

interface configuration mode for a Cisco Catalyst switch ith a Fast Eth

rface fastetherbitethernet slot/port

Entersw ernet or Gigabit Ethernet interface installed

interfafastethernet | gigaslotendi

ts a rangce range Selec

bitethernet /starting_port - ng_port


ip h Enables forwarforwarding UD

elper-address address ding and specify the destination address for P broadcast packets, including BOOTP.

ip d Creates a name for the DHCP server address pool and enters P pool configuration mode.

hcp pool pool-name DHC

netw ask | /prefix

Specifies the IP address of the DHCP address pool to be configured.

ork ip-address [m-length]

opti TCisco nified I

is you

on 150 ip ip-address Specifies the FTP server address from which the P phone downloads the image configuration file. U

This r Cisco Unified CME router's address. default-router ip-address (Optional) Spe to

ceivecifies the router that the IP phones will use

send or re IP traffic that is external to their local subnet.

leas[min

(Optional) Spe of the lease.

fault

The infileas

e {days [hours] utes]| infinite} The de

cifies the duration

is a one-day lease.

nite keyword specifies that the duration of the e is unlimited.


Command Description

switchport voice vlan {vlanuntag

Configures how the Cisco IP Phone carries voice traffic:

an-id ffi

priorit

dot1p prioritVLAN

priorit

none send

untagg ne to send untagged

-id | dot1p | none | ged}}

vltraPh

— Configure the phone to forward all voice c through the specified VLAN. By default, the Cisco IP

one forwards the voice traffic with an IEEE 802.1Q y of 5. Valid VLAN IDs are 1 to 4094.

— Configure the phone to use IEEE 802.1p y tagging for voice traffic and to use the default native (VLAN 0) to carry all traffic. By default, the Cisco IP

Phone forwards the voice traffic with an IEEE 802.1p y of 5.

— Allow the phone to use its own configuration to untagged voice traffic.

— Configure the phoed voice traffic.

switchport priority extend {cos value | trust}

Sets the hone access port:

priorit attached device with the specifiewith 7 as th

trust — one access port to trust the o

priority of data traffic received from the Cisco IP P

cos value — Configure the phone to override the y received from the PC or the

d CoS value. The value is a number from 0 to 7, e highest priority. The default priority is cos 0.

Config hure the ppri rity received from the PC or the attached device.

show interfaces interface-id switchport

Verify your entries.


Value Location

Blank implementation requirements Task 1 list



Debri ab ef alternate solutions form End of this l


Implementation hints Hint Section

Verifica Section tion hints Hint

Solution ectio nd of the lab guide configure answer key Configuration s n at the e


TIn

et, your first task is to create a list where you will documlab vimpleat the

ask 1: Create an Implementation Requirement List for VoIP tegration in the Campus

After you have analyzed the Information Packent the requirements for a successful implementation. Use the following table, the initial




Ta





Complete √





Complete √





PoE configuration: PoE switches will be added later to your network. Answer the following questi

1. Ho nes be powered?

_______________________________

______

2. Are all PoE switches the same?

_________________________________

________________________________________________________________________

3. Are all

______

4. Are other PoE devices likely to be installed in the network?

________________________________________________________________________

________

Phones:

______

______

________________________________________________________________________

________________________________________________________________________

______

ons:

w will the pho

_________________________________________

__________________________________________________________________

_______________________________________

PoE devices equal (requiring the same power from the PoE switch)?

__________________________________________________________________

________________________________________________________________________

________________________________________________________________

5. Document the steps and commands required to configure PoE on switch ports to IP

__________________________________________________________________

__________________________________________________________________

________________________________________________________________________

__________________________________________________________________








____

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________


______________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________


_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


Al

duringother p

_____ ________________________________________

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______



_____________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________


_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


La_____________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________


____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________



conta

Lab 8-1 Hint Sh a Campus N

ImTo facilitate the configuration of your network, the first task asks you to create an

The list details the elements needed to develop an g is an example of such a list:

ints Yo


eet: Plan Implementation and Verification of VoIP in etwork

plementation Requirements

Implementation Requirements list.implementation plan. The followin


ASW 1 IP Phone 1 Implementation policy section

ASW1 IP Phone 2 mentation policy section Imple

ASW2 IP Phone 3 Implementation policy section

ASW2 IP Phone 4 Implementation policy section

DSW1 CME 1 Implementation polic y section

DSW1 HSRP Implementation polic y section

DSW1 DHCP Implementation polic y section


DSW2 CME 2 Implementation policy section

DSW2 DHCP Implementation policy section

All sw Auto QoS Implementation policitches y section



ASW1 IP Phone 1 work Diagram, D Requirements Net esign and Implementation

ASW1 IP Phone 2 Network Diagram, D ntation Requirements

esign and Impleme

ASW2 one Network Diagram, DRequirements IP Ph 3 esign and Implementation

ASW2 one Network Diagram, DRequirements IP Ph 4 esign and Implementation

DSW1 1 Network Diagram, DRequirements CME esign and Implementation

DSW2 CME 2 Network Diagram, D ntation Requirements

esign and Impleme

DSW1 HSRP Network Diagram, D ntation Requirements

esign and Impleme

DSW2 HSRP Network Diagram, DRequirements


DSW1 Network Diagram, DRequirements DHCP esign and Implementation

DSW2 Network Diagram, DRequirements DHCP esign and Implementation

All switche

Network Diagram, DRequirements s Auto QoS esign and Implementation

320 Implementing Cisco Switched Ne ITC .0 9 Cisco Systems, tworks (SW H) v1 © 200 Inc.


corretempthe fo



Complete √

Device Imple-menta-tion order


ASW1 1 face range hernet0/14-15

interFastEt

ASW1 2 tchporswi t mode access

ASW1 3 switchport access vlan 3

ASW1 tchpor4 swi t voice vlan 63

ASW1 tchporst

5 switru

t priority extend

ASW1 qos t mls rust cos

ASW1 6 qos tcisco-phomls rust device

ne sh interface Fa0/14

ASW1 7 auto qos voip cisco-phone sh mls qos int f 0/14

ASW2 8 interface range FastEthernet0/14-15

ASW2 9 switchport mode access

ASW2 10 switchport access vlan 4

ASW2 11 switchport voice vlan 64

ASW2 12 switchport priority extend trust

ASW2 13 mls qos trust cos

ASW2 14 mls qos trust device cisco-phone

sh interface Fa0/14

ASW2 15 auto qos voip cisco-phone sh mls qos int f 0/14


Complete √



DSW1 16 Interface Fastethernet 0/15

DSW1 Switchport17 mode access

DSW1 S rt18 witchpo access vlan 63

DSW2 19 Interface Fastethernet 0/15

DSW2 20 S rtwitchpo mode access

DSW2 21 Switchport vlan 64 access

DSW1 I ex1 1

22 p dhcp 0.1.63.

cluded-address 10.1.63.49

DSW1 I ex1 10

23 p dhcp 0.1.63.

cluded-address 0 10.1.63.255

DSW1 Ip dhcp ex1 1

24 cluded-address 10.1.64.49

0.1.64.

DSW1 25 Ip dhcp ex1 10

cluded-address 0.1.64. 0 10.1.64.255

DSW1 26 ip dhcp pool vlan63

DSW1 n rk 10255.255.25

27 etwo .1.63.0 5.0

DSW1 default-ro28 uter 10.1.63.1

DSW1 o 5010.1.64.12

29 ption 1 ip 10.1.63.11

DSW1 lease 8 dhcp pool

30 show ip

DSW1 i po31 p dhcp ol vlan64

DSW1 32 n rk 10255.255.25etwo .1.64.0

5.0

DSW1 33 default-router 10.1.64.1

DSW1 option 150 i 3.11 10.1.64.12

34 p 10.1.6

DSW1 l dhcp pool

35 ease 8 show ip

322 Implementing Cisco Switched Ne ITCH) v1.0 © 2009 Cisco Systems,tworks (SW Inc.

Complete √



DSW2 36 Ip dhcp excluded-address 10.1.63.1 10.1.63.99





DSW2 41 network 10.1.63.0 255.255.255.0


DSW2 43 option 150 ip 10.1.63.11 10.1.63.12

DSW2 44 lease 8 show ip dhcp pool


DSW2 46 network 10.1.64.0 255.255.255.0


DSW2 48 option 150 ip 10.1.63.11 10.1.64.12

DSW2 49 lease 8 show ip dhcp pool

DSW1 ce50 interfa Vlan 63

DSW1

51 ddres.2

ow

ip interface brief

ip a255.255

s 10.1.63.3 55.0

sh interfaceVlan 63 / sh

DSW1 standby 6 3.1 52 3 ip 10.1.6

DSW1 53 standby 63 priority 120

DSW1 54 standby 63 preempt

© 2009 Cisco Systems, I uide 3nc. Lab G 23

Complete √



DSW1 55 standby 63 track Port-channel31 30

DSW1 standby 63channel32

sh stanby 56 track Port-30

DSW1 i e 57 nterfac Vlan 64

DSW1

58 ip address 10.1.64.3 2 25

sh interfave / show face

55.255. 5.0 vlan 64 ip interbrief

DSW1 standby 64 59 ip 10.1.64.1


DSW1 standby 6461 preempt

DSW1 62 standby 64 track Port-c 1

hannel3 30

DSW1 standby 64c 2

63 track Port-30

hannel3

DSW2

64 i e nterfac Vlan 63 sh interface Vlan 63 / show ip interface brief

DSW2 65 ip address 10.1.63.2 255.255.255.0

DSW2 66 s 63tandby ip 10.1.63.1


DSW2 68 standby 63 track Port-c 2 hannel3 30

DSW2 69 standby 63 preempt sh stanby

DSW2

70 interface Vlan 64 Sh interface vlan 64 / show ip interface brief

324 Implementing Cisco Switched Ne ITC .0 Cisco Systems, tworks (SW H) v1 © 2009 Inc.

Complete √



DSW2 71 ip address 10.1.64.3 255.255.255.0

DSW2 72 standby 64 ip 10.1.64.1




DSW2 76 Standby 64 preempt Sh standby


ASW1 78 auto qos voip trust


ASW2 80 auto qos voip trust

DSW1

81 interface range FastEthernet0/1-7 , FastEthernet0/15

DSW1 82 auto qos voip trust

DSW2

83 interface range FastEthernet0/1-7 , FastEthernet0/15

DSW2 84 auto qos voip trust

CSW1

interface rer

FastEther

85 ange FastEth net0/1-4 ,

net0/7-12

CSW1 s 86 auto qo voip trust

CSW2

87 interface range FastEthernet0/1-4 , FastEthernet0/7-12

CSW2 88 auto qos voip trust


PoE configuration:

1. How will the phones be powered?

With AC power cords at first, PoE will be needed later.

2. Are all PoE s

Power, some only have power for a number of ports etc, negotiation can take place or not, there are many differences between

witches the same?

No. Some provide standard PoE, some High

models.

3. Are all PoE

No. Some use MORE, some can negotiate.

devices equal (requiring the same power from the PoE switch)?

use less power, some

4. Are other PoE devices likely to be installed in the network?

Very likely, many devices use PoE, although the list is not clearly stated in this lab.

IP Phones use standard PoE. To enable this feature for example on interface f0/1, use the command sequence:

Switch(config)Switch(config-

# interface FastEthernet0/1 if)# power inline auto

326 Implementing ems, Inc. Cisco Switched Networks (SWITCH) v1.0 © 2009 Cisco Syst

StSt rface in configuration mode

.

Step 2 Confi

ASW1(cASW1ASW1ASW1ASW1 ASW1ASW1ASW1ASW1ASW1ASW1ASW1ASW1

Step 3 Repeat st

Step 4 Configur

DSW1DSW1DSW1

n switch DSW1:

DSW1 .49 DSW1 63.255 DSW1DSW1DSW1

.63.11 10.1.64.12

DSW1(config)# ip dhcp excluded-address 10.1.641 10.1.64.49

DSW1DSW1DSW1DSW1

Step 7 Repeat st

ep-by-Step Procedure ep 1 Connect to ASW1 switch inte





gure IP Phone ports on switch ASW1:

ASW1(config)# interface FastEthernet0/14 ASW1(config-if)# switchport mode access ASW1(config-if)# switchport access vlan 3

onfig-if)# switchport voice vlan 63 (config-if)# switchport priority extend trust (config-if)# mls qos trust device cisco-phone (config-if)# mls qos trust cos (config-if)# auto qos voip cisco-phone

(config)# interface FastEthernet0/15 (config-if)# switchport mode access (config-if)# switchport access vlan 3 (config-if)# switchport voice vlan 63 onfig-if)# switchport priority extend trust (c

(config-if)# mls qos trust device cisco-phone (config-if)# mls qos trust cos (config-if)# auto qos voip cisco-phone

eps 1 and 2 on switch ASW2.

e CME interface on switch DSW1:

(config)# interface FastEthernet0/15 (config-if)# switchport mode access (config-if)# switchport access vlan 63 (config-if)# no shut DSW1

Step 5 Repeat step 10 on switch DSW2.

Step 6 Configure DHCP pool for Voice VLAN 63 and VLAN 64 o

(config)# ip dhcp excluded-address 10.1.63.1 10.1.631.(config)# ip dhcp excluded-address 10.1.63.100 10.

(config)# ip dhcp pool vlan63 (dhcp-config)# network 10.1.63.0 255.255.255.0

.1.63.1 (dhcp-config)# default-router 10(dhcp-config)# option 150 ip 10.1DSW1

DSW1(dhcp-config)# lease 8

DSW1(config)# ip dhcp excluded-address 10.1.64.100 10.1.64.255 DSW1(config)# ip dhcp pool vlan64

(dhcp-config)# network 10.1.64.0 255.255.255.0 (dhcp-config)# default-router 10.1.64.1 (dhcp-config)# option 150 ip 10.1.63.11 10.1.64.12 (dhcp-config)# lease 8

ep 6 on DSW2 with parameters specific to switch DSW2.


Step 8 Configure interface VLAN 63 and VLAN 64 on switch DSW1:

DSW1(config)# interface Vlan 63 DSW1( 55.0 DSW1(DSW1(DSW1(DSW1(DSW1(DSW1(DSW1(DSW1(DSW1(DSW1(DSW1(DSW1(

Step 9 Repeat ste

Step 10 Configure

QoS i ASW1#FastEtrusttrusttrustCOS odefauDSCP ion Map Trustqos m ASW1#Build Curre bytes ! inter swit ,3,11,63,65 swit srr- 60 20 prio mls auto ip dend

Step 11 Repeat ste

config-if)# ip address 10.1.63.3 255.255.2config-if)# standby 63 ip 10.1.63.1 config-if)# standby 63 priority 120 config-if)# standby 63 preempt config-if)# standby 63 track Port-channel31 30

0 config-if)# standby 63 track Port-channel32 3config)# interface Vlan 64 config-if)# ip address 10.1.63.3 255.255.255.0 config-if)# standby 64 ip 10.1.64.1 config-if)# standby 64 priority 90 config-if)# standby 64 preempt config-if)# standby 64 track Port-channel31 30 config-if)# standby 64 track Port-channel32 30

2. p 8 on DSW2 with parameters specific to switch DSW

QoS at the interface level on switch ASW1:

ASW1(config)# interface range FastEthernet0/1-2 ASW1(config-if)# auto qos voip trust

ASW1#sh mls qos QoS is enabled

p packet dscp rewrite is enabled

shther mls qos int f0/1 net0/1

state: trust cos mode: trust cos enabled flag: ena rride: dis ve

lt COS: 0 Mutation Map: Default DSCP Mutat device: none ode: port-based

sh run int f0/1 ing configuration...

nt configuration : 225

face FastEthernet0/1 chport trunk allowed vlan 1chport mode trunk

e bandwidth share 10 10queurity-queue out qos trust cos os voip trust q

hcp snooping trust

p 10 on switch ASW2.


Step 12 Configure trunk interfaces for QoS on switch DSW1:

DSW1(config)# interface range FastEthernet0/5-7 , FastEthernet0/15 DSW1 DSW1QoS QoS e is enabled DSW1FasttrustrustrusCOS defaDSCP ation Map Trusqos DSW1Fastauto Fastauto Fastauto Fastauto Fastauto Fastauto Fastauto Fastauto

Step 13 Repeat st

Step 14 Configur tch CSW1:

CSW1 ange FastEthernet0/1-4 , FastEthernet0/7-12 CSW1 trust

Step 15 Repeat st

(config-if)# auto qos voip trust

#sis h mls qos enabled

ip packet dscp rewrit

#sh mls qos int f0/7 hernet0/7 Et

t state: trust cos t mode: trust cos t enabled flag: ena override: dis ult COS: 0 Mutation Map: Default DSCP Mutt device: none mode: port-based

#sh auto qos Ethernet0/1 qos voip trust

net0/2 Ether qos voip trust

Ethernet0/3 qos voip trust




Ethernet0/7 ip trust qos vo

Ethernet0/15 os voip trust q

ep 12 on switch DSW2.

e trunk interfaces for QoS on swi

(config)# interface r(config-if)# auto qos voip

14 on switch CSW2. ep


Laavailab

Activity Objng, your IT manager informed you that, after voice, wireless o the existing network. You must prepare the switched network

for a winformplannefor thineeded

After c

Id

Prepare an implementation plan for wireless integration.

Pr

b 9-1: Integrating Wireless in the Campus Complete this lab activity to confirm your knowledge from the course on the topics of High

ility and reporting.

ective During a daily morning meeticapabilities should be added t

ireless integration that will take place next month. An email from the wireless consultant s you that the wireless part of the implementation will be externalized. A list of the d wireless equipment is attached. Your assignment is to prepare the wired infrastructure s wireless addition. Your first task is to analyze the information and make a plan for the steps to prepare the network for the implementation of the wireless solution.

ompleting this activity, you will be able to meet these objectives:

entify the requirements for implementing wireless structure in a network.

epare the switched network for integration of wireless equipment.

Verify that the switched network was properly provisioned.



The Ialong

Implementatioless in your network. The following lists details preparation and s for all switches in the company network. Your configuration must

imple

SR

WCS and WLC will be connected to DSW1 and DSW2 per the Devices Information

One Hybrid Remote Edge Access Point (HREAP) must be connected to each access switch.

LAN (VLAN 4). The configuration of the configuration of a port to an autonomous

SW2 must be in the VLAN 4.

.

know how to configure t series of access points to be



n Policy You have to integrate wireconfiguration requirement


everal standard Cisco 1240 series access points will be connected to ASW1 and ASW2. efer to the Device Information table and configure each port accordingly.

section.

For the autonomous AP on ASW1, allow the voice VLAN (VLAN 63) and data VLAN (VLAN 3). For the autonomous AP on ASW2, you have to allow the voice VLAN (VLAN 64) and data VLAN (VLAN 4).

HREAP are specific types of controller based access points. HREAP on ASW1 has to service the voice VLAN (VLAN 63) and data VLAN (VLAN 3). HREAP on ASW2 has to service the voice VLAN (VLAN 64) and data Vswitch port to the HREAP AP is similar to the AP.

The Lightweight AP (LAP) on ASW1 must be in the AP VLAN (VLAN 11). The Lightweight AP (LAP) on ASW2 must be in the AP VLAN (VLAN 12). Ports to these APs should be in forward state as soon as the AP is switched on.

The Wireless Control System on DSW1 must be in the VLAN 3, the Wireless Control System on D

The WLC 2106 will be connected with one port in a trunk mode, with all VLANs (wired and wireless) allowed on the trunk. Ports to the 2106s should be in forward state as soon as the controller is switched on, even if the port is a trunk.

On ports to the LAPs and on ports to the WLCs, apply the appropriate QoS policy

In the future, 1250 802.11n access points will be added to your network. These access points need enhanced PoE. Use task 2 section to make sure that you802.3at to support these access points where needed. The firsinstalled will use AC power adapters.

Devmation about device locations:


Role Network location Device

AP1 Autonomous ASW1 P4 AP

AP2 HREAP ASW1 P5

AP3 Lightweight AP ASW1 P6

AP4 Autonomous ASW2 P4 AP

AP5 HREAP ASW2 P5

AP6 Lightweight ASW2 P6 AP

WLC1 Wireless co DSW1 P7 ntroller 2106

WCS1 Wireless Con DSW1 P6 trol System

WLC2 Wireless con DSW2 P7 troller 2106

WCS2 Wireless Co 6 ntrol System DSW2 P

Network Diagram

© 2009

Objective ting in the Campus

Visual for Lab 9-1: IntegraWireless






Command Description

inte thernet | giga

Enters interfac ode for a Cisco Catalyst switch th et interface installed.

rface fastebitethernet slot/port with a Fast E

e configuration mernet or Gigabit Ethern

intefastgigaslotendi

grface range ethernet |

Selects a ran

bitethernet /starting_port - ng_port


name ifies a name for a VLAN for either VLAN database or configuration mode.

vlan-name SpecVLAN

show e-id s

Displays the switch port configuration of the interface. interface interfacwitchport

show ace trunk Displays the tr interf unk configuration of the interface.

show N vlan Displays VLA information.

shut Shuts down or enables an interface. down/no shutdown

switvlan

ifies the ding.

chport access vlan -id

Spectrunk

efault VLAN, which is used if the interface stops

swit ccess Puts the interfa e and tiates to convert

chport mode a ce into permanent nontrunking modnego the link into a nontrunk link.

swit tes the l

chport mode trunk Puts the interface into permanent trunking mode and negotiato convert ink into a trunk link.

swit gotiate Turns off DTP chport none negotiation.

switvlan

es the chport trunk allowed remove vlan-list

Configur list of VLANs allowed on the trunk.

switenca

es 802.1chport trunk psulation dot1q

Specifi Q encapsulation on the trunk link.

vlan w to cre LAN ID to

VL

vlan-id Enters a VLAN ID, andVLAN IDmodify that

enter config-vlan mode. Enter a neate a VLAN, or enter an existing VAN.



b Aids These are t

Value Location


Blank imform

plementation and verification plan Task 2


Debrief te solutions form End of this lab alterna


Implem int Section entation hints H

Verifica Section tion hints Hint

Solution configure answer key Configuration section at the end of the lab guide


TW

to create a list where you will documlab vimpleat the

ask 1: Create an Implementation Requirement List for ireless Integration in the Campus

After you have analyzed the Information Packet, your first task isent the requirements for a successful implementation. Use the following table, the initial




Ta





Complete √




Complete √




Enhanced PoE configuration: Later on, 1250 APs and Enhanced PoE (802.3at) switches will be added

Answer the following questions:

1. Ho

______________________________

______

2. Can you use the same PoE switch for both the first APs and the future 1250 APs?

__________________________________________________________________________

__________________________________________________________________________

3. Can switch?

__________

_________________________________________________________

4. Document the steps required to configure PoE on switch ports to these access points:

______

______

______

__________________________________________________________________________

__________________________________________________________________________

to your network.

w will the first APs be powered?

____________________________________________

____________________________________________________________________

the 1250 APs be powered from a standard 802.3af switch or do they need a special

________________________________________________________________

_________________

____________________________________________________________________

____________________________________________________________________

__________________________________________________________________________

____________________________________________________________________








____

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________


______________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________


_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


Al

duringother p

_____ ________________________________________

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______



_____________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________


_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

__________________________________________________________________________

_____

_____

_____

_____

__________________________________________________________________________

_____

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________


La_____________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________

__________________________________________________________________________

__________

______

______

______

__________________________________________________________________________

__________________________________________________________________________

______

______

______

__________


____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________

________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

________________________________________________________________



conta

Lab 9-1 Hint Sh



ints Yo


eet: Integrating Wireless in the Campus




ASW1 tion AP1 Implementation policy sec

ASW1 AP2 mentation policy Imple section

ASW1 AP3 Implementation policy section




DSW WLC1 Implementation policy1 section

DSW1 WCS1 Implementation policy section

DSW2 WLC2 Implementation policy section

DSW WCS2 Implementation policy2 section


ASW1 P2 Network Diagram, DeImplementation Requirem A sign and

ents

ASW1 AP3 Network Diagram, DeImplementation Requirements

sign and

ASW2 AP4 Network Diagram, Design and Implementation Requirements

ASW2 AP5 Network Diagram, DeImplementation Requ

sign and irements

ASW2 AP6 Network Diagram, DeImplementation Requirements

sign and

DSW1 WLC1 Network Diagram, DeImplementation Requ sign and

irements

DSW1 WCS1 Network Diagram, DeImplementation Requ sign and

irements

DSW2 C2 Network Diagram, DeImplementation Requ WL sign and

irements

DSW2 WCS2 Network Diagram, DeImplementation Requ

sign and irements


Imp Verification Plan. There are several possible

correctemplathe fol

lementation and Verification Plan In this task, you create an Implementation and

t solutions. One possible approach groups items that are common to all switches in a te and then applies the template to all switches. For this lab, the template could contain lowing items:

Complete √



ASW1 1 tEthernet0/11 interface Fas

ASW1 2 switchport mode trunk

ASW1

3 switchport trunk allowed vlan 3,63 sh interface 0/11 trunk Fa

ASW1 mls qos trust cos show mls qos

ASW1 interface FastEthernet0/12 4

ASW1 switchport mode trunk 5

ASW1

6 switchport trunk allowed vlan 3,63 sh interface trunk Fa0/12

ASW1 ls qos trust d7 m scp


ASW1 switchport mode access 9

ASW1 show vlan 10 switchport access vlan 11

ASW1 11 spanning-tree portfast

ASW1 12 mls qos trust dscp



ASW2

15 switchport trunk allowed vlan 4,64 sh interface Fa0/11 trunk

ASW2 16 mls qos trust cos



ASW2

19 switchport trunk allowed vlan 4,64 sh interface Fa0/12 trunk

346 Implementing Cisco Switched Ne ITC .0 tworks (SW H) v1 © 2009 Cisco Systems, Inc.

Complete √




ASW2 21 vlan 12

ASW2 22 interface Fast 3 Ethernet0/1

ASW2 23 switchport mode access

ASW2 24 switchport access vlan 12 show vlan

ASW2 25 spanning-tree portfast


ASW2 27 interface f0/1

ASW2 28 switchport tru nk allowed vlan add 12

DSW1 Fast 29 interface Ethernet0/11

DSW1 30 switchport trunk encapsulation dot1q

DSW1 chport mo31 swit de trunk

DSW1

itchport tru erface Fa0/12 trunk

32 sw nk allowed vlan 3,11,63 sh int

DSW1 33 spanning-tree portfast

DSW1 ls qos trust 34 m cos

DSW1 terface Fast35 in Ethernet0/12

DSW1 36 switchport mode access

DSW1 itchport ac show vlan 37 sw cess vlan 3

DSW2 38 vlan 12

DSW2 39 interface FastEthernet0/11

DSW2 40 switchport trunk encapsulation dot1q

DSW2 41 switchport mode trunk

DSW2

42 switchport trunk allowed vlan 4,12,64 sh interface Fa0/12 trunk

DSW2 43 spanning-tree portfast


Complete √



DSW2 44 mls qos trust cos

DSW2 45 interface f0/6

DSW2 46 switchport tru d 12 nk allowed vlan ad

DSW2 47 interface FastEthernet0/12

DSW2 48 switchport mode access

DSW2 49 switchport access vlan 4 show vlan

Enhanced PoE config

1. Ho will the first wered?

e Information Packet, so no PoE is required yet.

uration:

w APs be po

Using AC power adapters, as per th

2. a ou use the same PoE switch for both the first APs and the future 1250 APs?

Yes, if the switch: - Prov - Has

C n y

ides enhanced power. enough power resources available.

3. Can the 1250 APs be powered from a standard 802.3af switch or do they need a special switch?

The stan .3af specification, which is not enough e 1250 AP needs a switch t

dard switch provide 15 W max, as per the 802for the 1250 AP, but is enough for most other APs. Thhat provides Enhanced Power.

Enhanced PoE is configured at the port level. For the 1250 AP, you need to allow 20W. This is done, for example, on interface g0/1 (1250 APs require gigabit interfaces):

Switch(config)# interface gigabitEthernet0/1 Switch(config-if)# power inline port maximum 20000


StSt rface in configuration mode

.

Step 2 Confi

mode trunk trunk allowed vlan 4,63

ASW1(cASW1ASW1ASW1ASW1ASW1ASW1ASW1ASW1

Step 3 Repeat st

Step 4 Configur

DSW1DSW1

allowed vlan 4,11,63 DSW1(config-if)# spanning-tree portfast trunk

cos

DSW1DSW1DSW1

Step 6 Repeat st

ep-by-Step Procedure ep 1 Connect to ASW1 switch inte





gure AP on ASW1:

ASW1(config)# interface range FastEthernet0/11-12 ASW1(config-if)# switchport ASW1(config-if)# switchport

onfig-if)# interface f0/11 (config-if)# mls qos trust cos (config-if)# interface f0/12 (config-if)# mls qos trust dscp (config-if)# interface FastEthernet0/13 (config-if)# switchport mode access (config-if)# switchport access vlan 11 (config-if)# spanning-tree portfast (config-if)# mls qos trust dscp

eps 1 and 2 on ASW2.

e WLC1 on DSW1:

(config)# mls qos (config)# interface FastEthernet0/11 (config-if)# switchport mode trunk DSW1

DSW1(config-if)# switchport trunk

DSW1(config-if)# mls qos trust

Step 5 Configure WCS1 on DSW1:

(config)# interface FastEthernet0/12 (config-if)# switchport mode access (config-if)# switchport access vlan 3

eps 4 and 5 on DSW2.


ELa

the following example.

On sw

ASW1#show running-config Bui Curren! ! versioservicno serservic imestamps debug datetime localtime servic uptime no ser ption ! hostna! boot-sboot-e! enable! no aaaclock systemip subno ip ! spannispanni id ! vlan i ng ! interf! interf! interf shutd! interf shutd! …/… (o erfaces are shut) ! interf shutd! interf shutd! interf shutd! interf ip ad no ip! !

nding Configurations b 1-1: New Hire Test

Your configuration should be similar to

itch ASW1:

lding configuration...

t configuration : 2689 bytes

n 12.2 e config

e pad vice te timestamps log vice password-encry

me ASW1

tart-marker nd-marker

ssword cisco pa

new-model timezone eastern -5 mtu routing 1500 net-zero

ain-lookup dom

ng-tree mode rapid-pvst ng-tree extend system-

nternal allocation policy ascendi

ace FastEthernet0/1

ace FastEthernet0/2

ace FastEthernet0/3 own


utput omitted, all subsequent int


ace GigabitEthernet0/1 own

ace GigabitEthernet0/2 own

ace Vlan1 dress 10.1.1.1 255.255.255.0

ute-cache ro


ip deip htip ht! contr! alias gure replace flash:/switch/lab2-2.cfg force alias figure replace flash:/ switch/lab_3_2_A.cfg force aliasaliasaliasalias! line loggline pass logg logiline pass logi! end

The swit d some of these configuration lines; others were pasted by your inst g of the class. All the items that you configured should be there.

Other S :

Repeswitc

fault-gateway 10.1.1.251 tp server tp secure-server

ol-plane

exec init-2-2 confiec init-3-2-A con ex

exec init-3-2-B configure replace flash:/switch/lab_3_2_B.cfg force exec init-4-2-A configure replace flash:/switch/lab_4_2_A.cfg force exec init-4-2-B configure replace flash:/switch/lab_4_2_B.cfg force exec init-4-2-C configure replace flash:/switch/lab_4_2_C.cfg force

con 0 ing synchronous

0 4 vtyword cisco ing synchronous n vty 5 15 word cisco n

ch automatically generatere the beginninructor befo

witches

at the same process on the other switches, changing the values that are different on each h.


LaEt

ould be similar to the following. Only the configuration sections relevant to this

On sw

ASW1! ! interf /1 switc ed vlan 1,3,11,63,65 switc rt mode trunk ! interf switc switc! interf switc switc! interfswitch switc! interfswitch switc

On switc

ASW2#s! ! interf switc 4,66 switc! int switc ed vlan 1,4,12,64,66 switc! interf FastEthernet0/3 switc switc! interfswitch switc! interfswitch switc

b 2-1 Design and Implement VLANs, Trunks, and herChannel

Your configuration shlab are displayed.

itch ASW1:

#sh run

ace FastEthernet0rt trunk allowhpo

hpo

ace FastEthernet0/2 hport trunk allowed vlan 1,3,11,63,65 hport mode trunk

ace FastEthernet0/3 hport access vlan 3 hport mode access

ace FastEthernet0/4 port access vlan 63 hport mode access

ace FastEthernet0/5 t access vlan 11 por

hport mode access

h ASW2:

h run

ace FastEthernet0/1 2,6hport trunk allowed vlan 1,4,1

hport mode trunk

erface FastEthernet0/2hport trunk allow

rt mode trunk hpo

acehport access vlan 4 hport mode access

ace FastEthernet0/4 t access vlan 63 por

hport mode access

ace FastEthernet0/5 port access vlan 11 hport mode access

352 Implementing Cis © 2009 Cisco Systems, Inc. co Switched Networks (SWITCH) v1.0

On swi

DSW1! ! inter e Port-channel31 swit q swit ,12,63-66 swit! inter swit t1q swit ,11,12,63-66 swit shut! inter swit t1q swit allowed vlan 1,3,4,11,12,63-66 swit runk chan! inter swit swit swit chan! inter swit swit swit shut chan! inter swit swit swit shut chan! inter swit swit swit shut! inter swit swit swit! inter swit swit swit! inter rnet0/8 switc swit! interswitc swit ,4,11,12,63-66 swit! !

tch DSW1:

#sh run

facchport trunk encapsulation dot1chport trunk allowed vlan 1,3,4,11chport mode trunk

face Port-channel32 ort trunk encapsulation dochp

chport trunk allowed vlan 1,3,4chport mode trunk down

face FastEthernet0/1 chport trunk encapsulation dochport trunk

ort mode tchpnel-group 31 mode passive

face FastEthernet0/2 chport trunk encapsulation dot1q

,4,11,12,63-66 chport trunk allowed vlan 1,3chport mode trunk

-group 31 mode passive nel

face FastEthernet0/3 chport trunk encapsulation dot1q chport trunk allowed vlan 1,3,4,11,12,63-66 chport mode trunk down

-group 32 mode passive nel


mode passive nel-group 32


face FastEthernet0/6 chport trunk encapsulation dot1q chport trunk allowed vlan 1,3,11,63,65

ort mode trunk chp


,12,64,66 chport trunk allowed vlan 1,4chport mode trunk

face FastEthehport access vlan 65 chport mode access

face FastEthernet0/9 1q hport trunk encapsulation dot

ort trunk allowed vlan 1,3chpchport mode trunk


On swi

DSW2! ! interf Port-channel31 switc switc 12,63-66 switc shutd! interf switc apsulation dot1q switc owed vlan 1,3,4,11,12,63-66 switc! interf switc switc 4,11,12,63-66 switc chann! interf switc switc switc chann! interf switc switc switc shutd chann! interf switc switc switc shutd chann! interf switc switc switc shutd! interf switc switc switc! interf switc switc switc! interf t0/8 switch switc! interfswitch switc 4,11,12,63-66 switc

tch DSW2:

#sh run

acehport trunk encapsulation dot1qhport trunk allowed vlan 1,3,4,11,hport mode trunk own

ace Port-channehport trunk enc

rt trunk all

l32

hpohport mode trunk

ace FastEthernet0/1 hport trunk encapsulation dot1q hport trunk allowed vlan 1,3,

rt mode trunk hpoel-group 32 mode passive

ace FastEthernet0/2 hport trunk encapsulation dot1q

4,11,12,63-66 hport trunk allowed vlan 1,3,hport mode trunk

group 32 mode passive el-

ace FastEthernet0/3 hport trunk encapsulation dot1q hport trunk allowed vlan 1,3,4,11,12,63-66 hport mode trunk own

group 31 mode passive el-


e passive el-group 31 mod


ace FastEthernet0/6 hport trunk encapsulation dot1q hport trunk allowed vlan 1,4,12,64,66

rt mode trunk hpo

ace FastEthernet0/7 hport trunk encapsulation dot1q

11,63,65 hport trunk allowed vlan 1,3,hport mode trunk

ace FastEtherneport access vlan 66 hport mode access

ace FastEthernet0/9 q port trunk encapsulation dot1

rt trunk allowed vlan 1,3,hpohport mode trunk


On swi

CSW1! inter 31 swit swit swit! inter swit t1q swit ,12,63-66 swit shut! inter swit t1q swit allowed vlan 1,3,4,11,12,63-66 swit ort mode trunk ! inter swit swit swit chan! inter swit swit swit chan! inter swit swit swit shut chan! inter swit swit swit shut chan! inter shut! inter shut! inter swit t1q swit 63-66 swit chan! inter swit capsulation dot1q swit 1,12,63-66 swit chan! inter swit swit swit

tch CSW1:

#sh run

face Port-channelchport trunk encapsulation dot1q chport trunk allowed vlan 1,3,4,11,12,63-66 chport mode trunk

face Port-channel32 ort trunk encapsulation dochp

chport trunk allowed vlan 1,3,4,11chport mode trunk down

face Port-channel33 encapsulation dochport trunk

chport trunk chp


,4,11,12,63-66 chport trunk allowed vlan 1,3chport mode trunk

-group 31 mode active nel

face FastEthernet0/2 chport trunk encapsulation dot1q chport trunk allowed vlan 1,3,4,11,12,63-66 chport mode trunk nel-group 31 mode active

face FastEthernet0/3 chport trunk encapsulation dot1q chport trunk allowed vlan 1,3,4,11,12,63-66 chport mode trunk down nel-group 32 mode active


mode active nel-group 32

face FastEthernet0/5 n dow

face FastEthernet0/6 down

face FastEthernet0/7 encapsulation dochport trunk

chport trunk allowed vlan 1,3,4,11,12,ort mode trunk chp

nel-group 33 mode on

net0/8 face FastEtherort trunk enchp

chport trunk allowed vlan 1,3,4,1chport mode trunk

mode on nel-group 33

face FastEthernet0/9 chport trunk encapsulation dot1q chport trunk allowed vlan 1,3,4,11,12,63-66 chport mode trunk


chann! interf switc switc switc chann! interf switc switc 12,63-66 switc! interf switc switc 4,11,12,63-66 switc! interf shutd

On switc

CSW2# ! ! int 1 swit apsulation dot1q swit owed vlan 1,3,4,11,12,63-66 swit rt mode trunk shut ! inter swit swit swit! inter swit ncapsulation dot1q swit 11,12,63-66 swit! inter swit swit ,4,11,12,63-66 swit chan! inter swit swit ,4,11,12,63-66 swit chan! inter swit swit 63-66 swit shut chan! inter swit

el-group 33 mode on

FastEthernet0/10 acehport trunk encapsulation dot1q hport trunk allowed vlan 1,3,4,11,12,63-66 hport mode trunk el-group 33 mode on

ace FastEthernet0/11 rt trunk encapsulation dot1q hpo

hport trunk allowed vlan 1,3,4,11,hport mode trunk

ace FastEthernet0/12 1q hport trunk encapsulation dot

rt trunk allowed vlan 1,3,hpohport mode trunk


h CSW2:

sh run

erface Port-channel3chport trunk encport trunk allch

chpodown

face Port-channel32 chport trunk encapsulation dot1q chport trunk allowed vlan 1,3,4,11,12,63-66 chport mode trunk

nel33 face Port-chanort trunk echp

chport trunk allowed vlan 1,3,4,chport mode trunk

face FastEthernet0/1 t1q chport trunk encapsulation do

ort trunk allowed vlan 1,3chpchport mode trunk nel-group 32 mode active


ort trunk allowed vlan 1,3chpchport mode trunk nel-group 32 mode active


chport trunk allowed vlan 1,3,4,11,12,ort mode trunk chp

down nel-group 31 mode active



swit swit shut chan! inter shut! inter shut! inter swit encapsulation dot1q swit wed vlan 1,3,4,11,12,63-66 swit chan! inter swit t1q swit 11,12,63-66 swit chan! inter swit swit swit chan! inter swit swit swit chan! inter swit swit swit! inter swit swit 11,12,63-66 swit!

chport trunk allowed vlan 1,3,4,11,12,63-66 chport mode trunk down

mode active nel-group 31

face FastEthernet0/5 down

rnet0/6 face FastEthewn do

ernet0/7 face FastEth

chport trunk chport trunk allochport mode trunk nel-group 33 mode on

face FastEthernet0/8 chport trunk encapsulation dochport trunk allowed vlan 1,3,4,port mode trunk ch



3,4,11,12,63-66 chport trunk allowed vlan 1,chport mode trunk l-group 33 mode on ne

face FastEthernet0/10 chport trunk encapsulation dot1q chport trunk allowed vlan 1,3,4,11,12,63-66 chport mode trunk nel-group 33 mode on

e FastEthernet0/11 facchport trunk encapsulation dot1q chport trunk allowed vlan 1,3,4,11,12,63-66 chport mode trunk

face FastEthernet0/12 chport trunk encapsulation dot1qport trunk allowed vlan 1,3,4,ch

chport mode trunk


La configuration sections relevant

to this

Route

IntEnc q 51 Ip add 55.0

Router R

InterfIp aNo

Switch C

Vlan 5! vlan 5 p ry pr ation 51 vlan 5 name priv! InterfSwitch! InterfSwitchSwitchNo shu

b 2-3 Implement Private VLANs Your configuration should be similar to the following. Only the

lab are displayed.

r R1:

erface f0/0.51 apsulation dot1

ress 10.1.51.1 255.255.2

2:

ace f0/1 51.2 255.255.255.0 ddress 10.1.

shutdown

SW1:

1,501

01 rivate-vlan primaivate-vlan associ

1 TestIsolatedate-vlan isolated

ace f0/11 rt trunk allowed vlan add 51 po

ace f0/12 port mode access port access vlan 51

wn tdo


LEn

in s lation dot1q swit inter swit swit chan inter swit swit chan

On switc

inter swit swit in switc q swit chan inter swit swit chan

On switc

inter swit swit inter swit swit c on inter swit swit chan

On switc

inter swit swit inter swit swit chan inter s lation dot1q s chan

ab 3-1: Implement Multiple Spanning Tree ding Configurations for Task 1:

On switch DSW1:

terface Port-channel32 witchport trunk encapsu

chport mode trunk

face FastEthernet0/3 chport trunk encapsulation doport mode trunk

t1q chnel-group 32 mode on

face FastEthernet0/4 chport trunk encapsulation dot1q chport mode trunk l-group 32 mode on ne

h CSW2:

face Port-channel32 chport trunk encapsulation dot1q chport mode trunk

terface FastEthernet0/3hport trunk encapsulation dot1chport mode trunk nel-group 32 mode on

face FastEthernet0/4 chport trunk encapsulation dot1q chport mode trunk nel-group 32 mode on

h DSW2:

ce Port-channel32 fachport trunk encapsulation dot1q chport mode trunk

face FastEthernet0/3 chport trunk encapsulation dot1q chport mode trunk

hannel-group 32 mode


h CSW2:

face Port-channel32 t1q chport trunk encapsulation do

chport mode trunk


face FastEthernet0/4 witchport trunk encapsuwitchport mode trunk


© 2009 Cisco Systems, Inc. 359 Lab Guide

End

! spanni tree mode mst spanni! spanni name revis insta insta 4, 66 ! spannispanni DSW1#s MST0 Span Root 8680 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Brid d-ext 0) Delay 15 sec Interf------Fa0/5 Fa0/6 Fa0/7 Po31 Po32 MST1 Span Root Brid ID Priority 24577 (priority 24576 sys-id-ext 1) 001f.2721.8680 ime 2 sec Max Age 20 sec Forward Delay 15 sec Interf------ ------------------ Fa0/5 Fa0/6 Fa0/7 Po31 Po32

ing Configurations for MST MSTP on switch DSW1:

ng-ng-tree extend system-id

ng-tree mst configuration ion1 reg

ion 1 , 63, 65 nce 1 vlan 1, 3, 11

nce 2 vlan 4, 12, 6

ng-tree mst 0-1 priority 24576 ng-tree mst 2 priority 28672

ho spanning-tree

ning tree enabled protocol mstp ID Priority 24576 Address 001f.2721.

ge ID Priority 24576 (priority 24576 sys-i Address 001f.2721.8680

ward Hello Time 2 sec Max Age 20 sec For

ace Role Sts Cost Prio.Nbr Type ----------- ---- --- --------- -------- ---------------------- --

Desg FWD 200000 128.7 P2p Desg FWD 200000 128.8 P2p Desg FWD 200000 128.9 P2p Desg FWD 100000 128.296 P2p Desg FWD 100000 128.304 P2p

ning tree enabled protocol mstp ID Priority 24577 Address 001f.2721.8680 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

ge Address

Hello T

ace Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- --------

Desg FWD 200000 128.7 P2p Desg FWD 200000 128.8 P2p

Desg FWD 200000 128.9 P2p Desg FWD 100000 128.296 P2p Desg FWD 100000 128.304 P2p

360 Implementing Cis Inc. co Switched Networks (SWITCH) v1.0 © 2009 Cisco Systems,

MST2 Spa Roo y 15 sec Bri Inter-----Fa0/5Fa0/6Fa0/7Po31 Po32 DSW1#

MST on

! spann mode mst spann extend system-id ! sp ion n revi n 1 inst inst! spannspann DSW2# MST0 Spa Roo Forward Delay 15 sec Bri iority 28672 sys-id-ext 0) Address 001f.2721.8600 ard Delay 15 sec Inter----- ------------------- Fa0/5Fa0/6Fa0/7Po31 Po32

nning tree enabled protocol mstp t ID Priority 24578 Address 001f.2721.8600 Cost 200000 Port 7 (FastEthernet0/5) Hello Time 2 sec Max Age 20 sec Forward Dela

dge ID Priority 28674 (priority 28672 sys-id-ext 2) Address 001f.2721.8680

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

face Role Sts Cost Prio.Nbr Type -------------- ---- --- --------- -------- ------------------------- Root FWD 200000 128.7 P2p

Desg FWD 200000 128.8 P2p Desg FWD 200000 128.9 P2p Desg FWD 100000 128.296 P2p Altn BLK 100000 128.304 P2p

switch DSW2:

ing-treeing-tree

anning-tree mst configuratame region1

sioance 1 vlan 1, 3, 11, 63, 65 ance 2 vlan 4, 12, 64, 66

-tree mst 0-1 priority 28672 inging-tree mst 2 priority 24576

sho spanning-tree

nning tree enabled protocol mstp D Priority 24576 t I

Address 001f.2721.8680 Cost 0 Port 7 (FastEthernet0/5) Hello Time 2 sec Max Age 20 sec

dge ID Priority 28672 (pr Hello Time 2 sec Max Age 20 sec Forw

Nbr Type face Role Sts Cost Prio.-------------- ---- --- --------- -------- -------

8.7 P2p Root FWD 200000 12 Desg FWD 200000 128.8 P2p Desg FWD 200000 128.9 P2p Altn BLK 100000 128.296 P2p Altn BLK 100000 128.304 P2p


MST1 Span Root 15 sec Brid Interf------Fa0/5 Fa0/6 Fa0/7 Po31 Po32 MST2 Span Root Address 001f.2721.8600 idge is the root ime 2 sec Max Age 20 sec Forward Delay 15 sec Brid d-ext 2) Delay 15 sec Interf------Fa0/5 Fa0/6 Fa0/7 Po31 Po32 DSW2#

MST on

spannispanni! spanni name revis n 1 insta an 1, 3, 11, 63, 65 insta an 4, 12, 64, 66

ning tree enabled protocol mstp ID Priority 24577 Address 001f.2721.8680 Cost 200000 Port 7 (FastEthernet0/5) Hello Time 2 sec Max Age 20 sec Forward Delay

ge ID Priority 28673 (priority 28672 sys-id-ext 1) Address 001f.2721.8600

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

ace Role Sts Cost Prio.Nbr Type ------------- ---- --- --------- -------- ------------------------- Root FWD 200000 128.7 P2p

Desg FWD 200000 128.8 P2p Desg FWD 200000 128.9 P2p Altn BLK 100000 128.296 P2p Altn BLK 100000 128.304 P2p

ning tree enabled protocol mstp D Priority 24578 I

This br

Hello T

ge ID Priority 24578 (priority 24576 sys-i Address 001f.2721.8600 Hello Time 2 sec Max Age 20 sec Forward

ace Role Sts Cost Prio.Nbr Type ------------- ---- --- --------- -------- -------------------------- Desg FWD 200000 128.7 P2p

Desg FWD 200000 128.8 P2p Desg FWD 200000 128.9 P2p Desg FWD 100000 128.296 P2p Desg FWD 100000 128.304 P2p

switches ASW1, ASW2, CSW1, and CSW2:

ng-tree mode mst ng-tree extend system-id

ng-tree mst configuration gion1 re

ionce 1 vlnce 2 vl


L

span

Lab 4-1: Im g

i ip de

On switc

ip ro in n ip a .0 255.255.255.254 inter no s ip a 54 inter no s no ichann! inter no s no i chan! inter no s ip a! inter ip a 5.255.0 ! inter ip a ! route no a netw

ab 3-2: Implement PVRST+ PVRST+ on all switches on your pod

ning-tree mode rapid-pvst

plement Inter-VLAN RoutinOn switches ASW1 and ASW2:

interface Vlan3 p address 10.1.3.10 255.255.255.0

fault-gateway 10.1.3.1

hes DSW1 and DSW2:

uting

terface Port-channel31 o switchport

ddress 10.1.253

face Port-channel32 witchport

55.255.255.2ddress 10.1.253.2 2

face range FastEthernet0/1-2 witchport p address

ssive el-group 31 mode pa

face range FastEthernet0/3-4 witchport p address

assive nel-group 32 mode p

face FastEthernet0/5 chport wit

ddress 10.1.253.4 255.255.255.254

face Vlan4 ddress 10.1.4.1 255.25

facddr

e Vlan11 ess 10.1.11.1 255.255.255.0

r eigrp 10 uto-summary

10.1.0.0 0.0.255.255 ork


On swi

inte no sw ip ad interf no sw ip ad interf no sw ip ad 54 interf no sw no ipchanne! interf no sw no ip chann! interf no sw no ip chann! interf no sw ip ad! interf no sw ip ad! router no au netwo

On route

interf ip ad speed full-! interf ip ad speed fu! router no au netwo

tches CSW1 and CSW2:

rface Port-channel31 itchport

5.255.255.254 dress 10.1.253.1 25

ace Port-channel32 chport it

dress 10.1.253.9 255.255.255.254

ace Port-channel33 chport it

dress 10.1.253.10 255.255.255.2

net0/1-2 ace range FastEtheritchport ddress a

l-group 31 mode active

net0/3-4 ace range FastEtheritchport address

group 32 mode active el-

ace range FastEthernet0/7-10 itchport address el-group 33 mode on

FastEthernet0/11 aceitchport

55.255.255.254 dress 10.1.253.12 2

ace FastEthernet0/12 itchport

ss 10.1.253.14 255.255.255.254 dre

eigrp 10 to-summary rk 10.1.0.0 0.0.255.255

rs R1 and R2:

ace FastEthernet0/0 dress 10.1.253.13 255.255.255.254

0 10duplex

ace FastEthernet0/1 dress 10.1.253.19 255.255.255.254 100

ll-duplex

eigrp 10 to-summary

0.255.255 rk 10.1.0.0 0.


LN

ip iip sl life forever start-time now loggiloggisnmp-snmp-snmp-snmp-snmp-

On switc

loggiloggisnmpsn 00 traps ciscor snmp ps config snmp- -membership snmp-

Lab 6-1: ImplOn switc

inter ip a

s nnel31 20 s nnel32 20 inter ip a stan stan

On switc

inter ip a stan stan inter ip a stan sta s stand nnel31 20 stan el32 20 end

ab 5-1: Implementing High Availability and Reporting in a etwork Design

On switch CSW1:

sla 1 cmp-echo 10.1.3.10

a schedule 1ng 10.1.3.50 ng trap informational server community ciscor ro

aps ciscor server host 10.1.3.50 trserver enable traps config server enable traps vlan-membership server enable traps errdisable

h DSW2:

ng 10.1.4.100 ng trap informational server community ciscor ro -

mp-server host 10.1.4.1-server enable traserver enable traps vlanserver enable traps errdisable

ement and Tune HSRP h DSW1:

face Vlan3 ddress 10.1.3.3 255.255.255.0

standby 3 ip 10.1.3.1 standby 3 priority 120 standby 3 preempt tandby 3 track Port-chatandby 3 track Port-cha

face Vlan4 ddress 10.1.4.3 255.255.255.0 dby 4 ip 10.1.4.1 dby 4 preempt

h DSW2:

face Vlan3 ddress 10.1.3.2 255.255.255.0 y 3 ip 10.1.3.1 db

dby 3 preempt

face Vlan4 ddress 10.1.4.2 255.255.255.0dby 4 ip 10.1.4.1

0 ndby 4 priority 12tandby 4 preempt

by 4 track Port-chadby 4 track Port-chann


La

int 1 switch switc interf switc switc interf ip ad

On switc

interf switc sw 0 interf switc switc interf ip ad

On route

interf ip ad 255.255.248 duple speed vrrp vr interf ip ad duple speed vrrp end FastEt Stat Virt Virt Adve Pree Prio Mast al), priority is 150 Mast 1.000 sec Mast terval is 3.414 sec FastEt Stat Virt Virt Adve Pree Prio Mast ority is 150 Mast Mast

b 6-2: Implementing VRRP On switch CSW1:

erface FastEthernet0/1port mode access hport access vlan 10

ace FastEthernet0/12 ort mode access hp

hport access vlan 10

ace Vlan10 dress 10.1.253.25 255.255.255.248

SW2: h C

ace FastEthernet0/11 hport mode access

itchport access vlan 2

ace FastEthernet0/12 hport mode access hport access vlan 20

ace Vlan20 dress 10.1.253.33 255.255.255.248

r R1:

ace FastEthernet0/0 dress 10.1.253.27 255.x auto auto 1 ip 10.1.253.30

rp 1 priority 150

ace FastEthernet0/1 dress 10.1.253.36 255.255.255.248 x auto auto

4 2 ip 10.1.253.3

hee rnet0/0 - Group 1 is Master

ual IP address is 10.1.253.30 ual MAC address is 0000.5e00.0101

al is 1.000 sec rtisement intervmption enabled rity is 150 er Router is 10.1.253.27 (loc

vertisement interval is er Ad Down iner

hernet0/1 - Group 2 e is Backup ual IP address is 10.1.253.34 ual MAC address is 0000.5e00.0102 rtisement interval is 1.000 sec mption enabled rity is 100

, prier Router is 10.1.253.35er Advertisement interval is 1.000 sec er Down interval is 3.609 sec (expires in 3.389 sec)

366 Implementing Cis ems, Inc. co Switched Networks (SWITCH) v1.0 © 2009 Cisco Syst

On ro

inte et0/0 ip a 8 dupl spee vrrp vrrp inter ip a 255.248 dupl spee vrrp show FastE Sta is Backup Vir al IP address is 10.1.253.30 Vir s is 0000.5e00.0101 Adv Pre Pri Mas Mas Mas ec) FastE Sta Vir Virt Adv Pre Pri Mas priority is 150 Mas sec Mas

Lab 7-1: Secu ecurity Attacks On switc

ip dhip dh

in net0/1 - 2 i inter swit swit iolation restrict swit ac-address 0050.5684.3a29

On switc

ault ip d ip d

uter R2:

rface FastEthernddress 10.1.253.35 255.255.255.24ex auto d auto 2 ip 10.1.253.34 2 priority 150

face FastEthernet0/1 ress 10.1.253.26 255.255.dd

ex auto d auto 1 ip 10.1.253.30

vrrp thernet0/1 - Group 1 tetutual MAC addresertisement interval is 1.000 sec emption enabled ority is 100 ter Router is 10.1.253.27, priority is 150 ter Advertisement interval is 1.000 sec

7 ster Down interval is 3.609 sec (expires in 3.21

thernet0/0 - Group 2 te is Master tual IP address is 10.1.253.34 ual MAC address is 0000.5e00.0102 ertisement interval is 1.000 sec ption enabled em

ority is 150 ter Router is 10.1.253.35 (local),

l is 1.000ter Advertisement intervater Down interval is 3.414 sec

re Network Switches to Mitigate Sh ASW1:

spanning-tree portfast bpduguard default spanning-tree loopguard default

cp snooping cp snooping vlan 1-4094

ip arp inspection vlan 1-4094 terface range FastEtherp dhcp snooping trust

face FastEthernet0/3 chport port-security chport port-security vchport port-security m

h ASW2:

spanning-tree portfast bpduguard def spanning-tree loopguard default

hcp snooping p snooping vlan 1-4094 hc


ip ar inter switchswitch

On switc

ip access-list extended NOTEL telnet ac ac t bpduguard default in

On switc

pe ac match ip address NOTEL p TEST 20 lt int

p inspection vlan 1-4094

ce range FastEthernet0/1 - 2 fa ip dhcp snooping trust

FastEthernet0/3 interfaceport port-security port port-security mac-address sticky

h DSW1:

permit tcp any any eq

vlan access-map TEST 10 tion drop match ip address NOTEL

vlan access-map TEST 20 tion forward

vlan filter TEST vlan-list 2-3 ip arp inspection vlan 1-4094

spanning-tree portfas spanning-tree loopguard default

interface FastEthernet0/5 spanning-tree guard root ip arp inspection trust

terface range FastEthernet0/6 - 7 ip arp inspection trust

h DSW2:

ip access-list extended NOTEL it tcp any any eq telnet rm

vlan access-map TEST 10 on drop ti

vlan access-ma

action forward

vlan filter TEST vlan-list 2-3 spanning-tree portfast bpduguard defau

spanning-tree loopguard default

vlan 1-4094 ip arp inspection

interface FastEthernet0/5 t spanning-tree guard roo

p arp inspection trust i

erface range FastEthernet0/6 - 7 nspection trust ip arp i


LC

SW2:

inswswitc 2,63-66 srr-qpriormls qauto interswitcswitc 3,4,11,12,63-66 srr-q 20 priormls qauto interswitcswitcswitcswitc ort priority extend trust srr-q ue bandwidth share 10 10 60 20 priormls qmls qauto servi interswitcswitcswitcswitcsrr-qpriormls qmls qauto servi coPhone

ab 8-1: Plan Implementation and Verification of VoIP in a ampus Network

On switches ASW1 and A

terface FastEthernet0/1 itchport mode trunk

hport trunk allowed vlan 3,4,11,160 20 ueue bandwidth share 10 10

ity-queue out os trust dscp qos voip trust

face FastEthernet0/2 hport mode trunk hport trunk allowed vlan ue bandwidth share 10 10 60ue


face FastEthernet0/14 hport mode access hport access vlan 3 ort voice vlan 63 hp

hpueity-queue out os trust device cisco-phone os trust cos qos voip cisco-phone ce-policy input AutoQoS-Police-CiscoPhone

face FastEthernet0/15 hport mode access hport access vlan 3 hport voice vlan 63

rust hport priority extend tueue bandwidth share 10 10 60 20 ity-queue out trust device cisco-phone os

os trust cos qos voip cisco-phone

e-Cisce-policy input AutoQoS-Polic


On switch DSW1:

ip 10.1.63.1 10.1.63.49 ip dhcip dhcip dhcip dhcnetwordefauloptionlease ip dhcnetwordefauloption 4.12 lease interfswitchswitch allowed vlan 3,4,11,12,63-66 srr-qu e bandwidth share 10 10 60 20 priorimls qoauto q interfswitchswitch 3,4,11,12,63-66 srr-qu 0 60 20 priorimls qoauto q interfswitchswitchsrr-qupriorimls qoauto q interfswitchswitchsrr-qupriorimls qoauto qno shu interfip addstandbstandbstandbstandbstandbinterfip add 5.0 standbstandb y 120 standb pt standb 1 30 standb

dhcp excluded-address p excluded-address 10.1.63.100 10.1.63.255 p excluded-address 10.1.64.1 10.1.64.49 p excluded-address 10.1.64.100 10.1.64.255 p pool vlan63 k 10.1.63.0 255.255.255.0 t-router 10.1.63.1 150 ip 10.1.63.11 10.1.64.12 8 p pool vlan64 k 10.1.64.0 255.255.255.0

0.1.64.1 t-router 1 150 ip 10.1.63.11 10.1.68

ace FastEthernet0/5 trunk port mode

rt trunk poeuty-queue out s trust dscp os voip trust

ace FastEthernet0/6 port mode trunk port trunk allowed vlan eue bandwidth share 10 1ty-queue out trust dscp s

os voip trust

ace FastEthernet0/7 port mode trunk port trunk allowed vlan 3,4,11,12,63-66

0 60 20 eue bandwidth share 10 1ty-queue out s trust dscp os voip trust

ace FastEthernet0/15 port mode access port access vlan 63 eue bandwidth share 10 10 60 20 ty-queue out s trust dscp os voip trust t

e Vlan 63 acress 10.1.63.3 255.255.255.0 y 63 ip 10.1.63.1 y 63 priority 120 y 63 preempt y 63 track Port-channel31 30

2 30 y 63 track Port-channel3ace Vlan 64 ress 10.1.64.3 255.255.25

.1.64.1 y 64 ip 10y 64 priorit64 preemy

y 64 track Port-channel3y 64 track Port-channel32 30


On switch DSW2:

ip .1.63.1 10.1.63.99 ip dhip dhip dhip dhnetwodefauoptioleaseip dhnetwodefauoptio 64.12 lease interswitcswitcsrr-q h share 10 10 60 20 priormls qauto interswitcswitc 3,4,11,12,63-66 srr-q 0 60 20 priormls qauto interswitcswitcsrr-qpriormls qauto interswitcswitcsrr-qpriormls qauto no sh interip adstandstandstandstandstandinterip ad 55.0 standstand y 120 standstand 31 30 stand

dhcp excluded-address 10cp excluded-address 10.1.63.150 10.1.63.255 cp excluded-address 10.1.64.1 10.1.64.99 cp excluded-address 10.1.64.150 10.1.64.255 cp pool vlan63 rk 10.1.63.0 255.255.255.0 lt-router 10.1.63.1 n 150 ip 10.1.63.11 10.1.63.12 8 cp pool vlan64 rk 10.1.64.0 255.255.255.0

10.1.64.1 lt-router n 150 ip 10.1.63.11 10.1. 8

face FastEthernet0/5 hport mode trunk

k allowed vlan 3,4,11,12,63-66 hport trunue bandwidtue


face FastEthernet0/6 hport mode trunk hport trunk allowed vlanueue bandwidth share 10 1ity-queue out trust dscp os

qos voip trust

face FastEthernet0/7 hport mode trunk hport trunk allowed vlan 3,4,11,12,63-66

10 60 20 ueue bandwidth share 10 ity-queue out os trust dscp qos voip trust

face FastEthernet0/15 hport mode access hport access vlan 63 ueue bandwidth share 10 10 60 20 ity-queue out os trust dscp qos voip trust ut

ce Vlan 63 fadress 10.1.63.2 255.255.255.0 by 63 ip 10.1.63.1 by 63 priority 120 by 63 preempt by 63 track Port-channel31 30

32 30 by 63 track Port-channelface Vlan 64 dress 10.1.64.2 255.255.2

0.1.64.1 by 64 ip 1 64 prioritby

by 64 preempt by 64 track Port-channelby 64 track Port-channel32 30


On switches CSW1 and CSW2:

intno swino ip srr-qu e 10 10 60 20 priorimls qoauto qchanne interfno swino ip srr-qupriorimls qoauto qchanne interfno swino ip srr-qupriorimls qoauto qchanne interfno swino ip srr-qu 60 20 priorimls qoauto qchanne

erface FastEthernet0/1 tchport address eue bandwidth sharty-queue out s trust dscp os voip trust l-group 31 mode on

ace FastEthernet0/2 tchport dress ad

eue bandwidth share 10 10 60 20 ty-queue out s trust dscp os voip trust l-group 31 mode on

ace FastEthernet0/3 tchport address eue bandwidth share 10 10 60 20 -queue out ty

s trust dscp os voip trust l-group 32 mode on

ace FastEthernet0/4 tchport address eue bandwidth share 10 10ty-queue out s trust dscp voip trust os

l-group 32 mode on


L

in rnet0/11 descr swit swit inter desc swit swit inter desc swit swit span mls

On A

inter desc swit 4,63 switc interf rnet0/12 desc swit swit inter desc swit switspann mls

On DSW

mls qinter desc swit swit 11,63 swit chan spa m inter rnet0/12 desc swit swit

ab 9-1 Integrating Wireless in the Campus: On ASW1:

terface FastEtheiption AP1 chport trunk allowed vlan 4,63 chport mode trunk

face FastEthernet0/12 ption AP2 ri

chport trunk allowed vlan 4,63 chport mode trunk

face FastEthernet0/13 ription AP3 chport access vlan 11 port mode access ch

ning-tree portfast qos trust dscp

SW2:

face FastEthernet0/11 ription AP4 chport trunk allowed vlan

runk hport mode t

ace FastEtheription AP5

vlan 4,63 chport trunk allowed chport mode trunk

face FastEthernet0/13 ption AP6 ri

chport access vlan 11 chport mode access ing-tree portfast qos trust dscp

: 1

os face FastEthernet0/11 ription WLC1

1q chport trunk encapsulation dot,chport trunk allowed vlan 1,4

chport mode trunk nel-group 11 mode on ning-tree portfast trunk n

ls qos trust cos

face FastEtheription WCS1 chport mode access chport access vlan 3


On DS

mls qosinterf rnet0/11 descr switc switc switc chann spann mls q interf descr switc switc

W2:

ace FastEtheiption WLC2

ion dot1q hport trunk encapsulathport trunk allowed vlan 1,4,11,63 hport mode trunk el-group 11 mode on ing-tree portfast trunk os trust cos

ace FastEthernet0/12 iption WCS2 ort mode access hp

hport access vlan 4

P for each switch, which port connects

to whgenerto dothe la

od Physical Ports Map During the implementation process, you must determine,

ich neighbor. The ports represented on each device connection in the Visual Objective are ic ports. Each port can represent one or several physical interface. Use the following table cument the physical interfaces used in your pod. You will use this information throughout bs:

Phys

ical

por

t in

your

pod


P5

DSW

2

P4

DSW

2

P2R

2P3

DSW

2

P1R

2P

2D

SW2

P2R

1P1

DSW

2

P1R

1P5

DSW

1

P5C

SW2

P4

DSW

1

P4C

SW2

P3D

SW1

P3C

SW2

P2D

SW1

P2C

SW2

P1

DSW

1

P1C

SW2

P3AS

W2

P5C

SW1

P2AS

W2

P4C

SW1

P1

ASW

2

P3C

SW1

P3AS

W1

P2C

SW1

P2

ASW

1

P1C

SW1

P1AS

W1

Port

Nam

e on

the

map

Dev

ice

Phys

ical

por

t in

your

pod

Port

Nam

e on

the

map

Dev

ice


Lab 1-1 Network Diagram


Visu

al O

bjec

tive

for L

ab 1

-1: N

ew H

ire T

est




Visu

al O

bjec

tive

for L

ab 2

-1: D

esig

n an

d Im

plem

ent V

LAN

s, T

runk

and

Eth

erC

hann

el




Visu

al O

bjec

tive

for L

ab 2

-2: T

roub

lesh

oot

Com

mon

VLA

N C

onfig

urat

ion

and

Secu

rity

Issu

es




Visu

al O

bjec

tive

for L

ab 2

-3: C

onfig

ure

Priv

ate

VLA

Ns




Visu

al O

bjec

tive

for L

ab 3

-1: I

mpl

emen

t M

ultip

le S

pann

ing

Tree




Visu

al O

bjec

tive

for L

ab 3

-2: I

mpl

emen

t PV

RST

+




Visu

al O

bjec

tive

for L

ab 3

-3: T

roub

lesh

ootin

g Sp

anni

ng T

ree

Issu

es




Visu

al O

bjec

tive

for L

ab 4

-1: I

mpl

emen

ting

Inte

r-VL

AN

Rou

ting




Visu

al O

bjec

tive

for L

ab 5

-1: I

mpl

emen

t HA

in

a N

etw

ork

Des

ign




Visu

al O

bjec

tive

for L

ab 6

-1: I

mpl

emen

t and

Tu

ne H

SRP




Visu

al O

bjec

tive

for L

ab 6

-2: I

mpl

emen

ting

VRR

P




Visu

al O

bjec

tive

for L

ab 7

-1: S

ecur

e N

etw

ork

Switc

hes

to M

itiga

te S

ecur

ity A

ttack

s




Visu

al O

bjec

tive

for L

ab 8

-1: P

lan

Impl

emen

tatio

n of

VoI

P in

a C

ampu

s N

etw

ork





Visu

al O

bjec

tive

for L

ab 9

-1: I

nteg

ratin

g W

irele

ss in

the

Cam

pus



Documents

SWITCH10_LabGuide