SWITCH10 LabGuide

SWITCH
Lab Guide
Overview
This guide presents the instructions and other information concerning the lab activities for the
course. Hints are provided at the end of each lab. Ending configurations for each lab are
provided at the end of the lab guide.
Outline
This guide includes these activities:
Lab 1-1: New Hire Test
Lab 2-1: Design and implement VLANs, trunks, and EtherChannel
Lab 2-2: Troubleshoot Common VLAN Configuration and Security Issues
Lab 2-3: Implement Private VLANs
Lab 3-1: Implement Multiple Spanning Tree
Lab 3-2: Implement PVRST+
Lab 3-3: Troubleshoot Spanning Tree Issues
Lab 4-1: Implement Inter-VLAN Routing
Lab 4-2: Troubleshooting Inter-VLAN Routing
Lab 5-1: Implementing High Availability and Reporting in a Network Design
Lab 6-1: Implement and Tune HSRP
Lab 6-2: Implementing VRRP
Lab 7-1: Secure Network Switches to Mitigate Security Attacks
Lab 8-1: Plan implementation and Verification of VoIP in a Campus Network
Lab 9-1: Integrating Wireless in the Campus

Complete this lab activity to confirm and refresh your skills from ICND1 and ICND2.
Activity Objective
You are a CCNA at a job interview. The hiring manager hands you a packet of information,
leads you to a terminal, and simply says, Implement this. Your task is to plan the
implementation, then effectively configure the lab devices as per the given specifications before
verifying that your configuration fulfills the requirements. Carefully read the Information
Packet section on the following pages, and proceed through the lab to establish an
implementation requirement list, create an implementation and verification plan, and then
configure the lab devices as per the specifications. Do not forget to verify and document your
verifications, as the job interview results will depend on your implementation of the solution.
After completing this activity, you will be able to meet these objectives:
Prepare basic configuration templates for your switches.
Explore the remote lab devices connections.
Deploy configuration templates to your switches.
Verify your configurations according to the verification plan you created.
Implementing Cisco Switched Networks (SWITCH) v1.0
2009 Cisco Systems, Inc.
Information Packet
This packet contains the information needed to accomplish in this activity. Read it carefully.
The Information Packet describes the requirements common to all devices in the network,
along with information specific to each device.
Implementation Policy
The company has a large network. It is clearly stated that some settings must be consistent from
one networking device to the next. The following list details the initial configuration
requirements for all switches to be connected to the company network. Your configuration
must be consistent with these requirements:
All switches must have a hostname. Hostnames are unique and must match the switch
designation on the network diagram displayed in the following pages.
Telnet is allowed to all possible vty interfaces and must be configured.
Initial console access does not need to be protected by any password. Vty access and enable
password must be protected by a password.
All passwords are cisco.
Terminal idle timeout must be set to 0 (unlimited).
Logging synchronous should be used so that logging messages appearing on the console of
each switch do not disturb commands that are being entered.
Log messages should appear with a timestamp.
Time should be configured on the switches to match your class current time.
Commands entered incorrectly should not cause the switches to attempt to resolve the entry
as a DNS name.
Unless stated otherwise, all interfaces speed and duplex settings must be left to auto.
All unused interfaces must be set to shutdown.
All devices must have an IP address so that they can be managed remotely.
Lab Guide
Devices Information
The table provides the information specific to each device in the network:
Device name
Role
IP address
Gateway
VLAN
ASW1
Layer 2 access switch
10.1.1.1/24
10.1.1.251
ASW2
10.1.1.2/24
10.1.1.252
DSW1
Layer 3 switch
10.1.1.11/24
10.1.1.251
DSW2
Layer 3 switch
10.1.1.22/24
10.1.1.252
CSW1
Layer 3 switch
10.1.1.111/24
10.1.1.251
CSW2
Layer 3 switch
10.1.1.222/24
10.1.1.252
R1
Router
Fa0/0: 10.1.1.251/24
R2
Router
Fa0/0: 10.1.1.252/24
During the implementation process, determine, for each switch, which port connects to which
neighbor. The ports represented on each device connection in the Visual Objective are generic
ports. Each port can represent one or several physical interfaces. When implementing your
solution in task 3, use the Physical Ports Map table, available at the end of the lab guide, to
document the physical interfaces used in your pod, and report this information on your lab large
network diagram, which is also available at the end of this lab guide. You will use this
information throughout the labs.
Network Diagram
Visual Objective for Lab 1-1: New Hire Test
2009 Cisco Systems, Inc. All rights reserved.
SWITCH v1.03
You can use the large version of the Network Diagram available at the end of the lab guide to
write notes on the diagram.
Lab Guide
Command List
The table describes the commands that are used in this activity.
Command
Description
configure terminal
Enters global configuration mode, from privileged EXEC mode.
clock set hh:mm [:ss] month day

year
Manually sets the clock on the device.
copy running-config
startup-config
Saves your entries in the configuration file.
default-router address
[address2 ... address8]
(Optional) Specifies the IP address of the default router for a

DHCP client. The IP address should be on the same subnet as
the client. One IP address is required; however, you can specify
up to eight IP addresses in one command line. These default
routers are listed in order of preference; that is, address is the
most preferred router, address2 is the next most preferred
router, and so on.
description description
Adds a description (up to 240 characters) for an interface.
domain-name domain
Specifies the domain name for the client.
duplex {auto | full | half}
Sets the duplex parameter for the interface.
enable password password
Sets the privileged EXEC mode command interpreter.
exec-timeout 0 0
Sets the idle terminal timeout interval.
exit
Exits the current mode.
hostname hostname
Manually configures a system name.
interface fastethernet |
gigabitethernet slot/port
Enters interface configuration mode for a Cisco Catalyst switch

with a Fast Ethernet or Gigabit Ethernet interface installed.
interface range
fastethernet |
gigabitethernet
slot/starting_port ending_port
Specifies the range of interfaces (VLANs or physical ports)

configured, and enters interface-range configuration mode.
interface vlan 1
Enters interface configuration mode, and enters the VLAN to

which the IP information is assigned.
ip address ip address
subnet-mask
Sets the IP address and subnet mask.
ip default-gateway
Defines a default gateway (router) when IP routing is disabled.
line [aux | console | vty]

beginning-line-number
[ending-line-number]
Modifies console, aux, and virtual terminal settings.
logging console
Enables message logging.
logging synchronous
Enables synchronous logging of messages.
login
Enables password checking at login.
no ip domain-lookup
Disables DNS-based hostname-to-address translation on the

switch.
no shutdown
Brings up an interface.
password password
Assigns a password to a terminal or other device on a line.
Implementing Cisco Switched Networks (SW ITCH) v1.0
ping ip-address
Sends an ICMP echo request to ip address.
service timestamps log

datetime [msec] [localtime][showtimezone]
Enables time stamps on log messages. Depending on the

options selected, the time stamp can include the date, time in
milliseconds relative to the local time-zone, and the time zone
name.
service timestamps log

uptime
Enables time stamps on log messages, showing the time since

the system was rebooted.
show cdp neighbors [interfaceid] [detail]
Displays Cisco Discovery Protocol (CDP) information about

neighbors, including device type, interface type and number,
holdtime settings, capabilities, platform, and port ID.
show interfaces
fastethernet mod/port
switchport
Displays administrative and operational status of switching

(nonrouting) ports.
show interfaces status
Displays interface status.
show running-config
Verifies your entries.
shutdown
Shuts down an interface.
speed {10 | 100 | 1000 |

auto [10 | 100 | 1000] |
nonegotiate}
Sets the appropriate speed parameter for the interface: Enter

10, 100, or 1000 to set a specific speed for the interface. The
1000 keyword is available only for 10/100/1000 Mb/s ports.
Enter auto to enable the interface to autonegotiate speed with
the connected device. If you use the 10, 100, or the 1000
keywords with the auto keyword, the port autonegotiates only at
the specified speeds. The nonegotiate keyword is available only
for SFP module ports. SFP module ports operate only at 1000
Mb/s but can be configured to not negotiate if connected to a
device that does not support autonegotiation.
telnet ip-address
Telnets to an IP address.
Job Aids
These are the job aids for this lab activity:
Value
Location
Blank implementation requirements list
Task 1
Blank implementation plan form
Task 2
Blank verification plan form
Task 3
Debrief alternate solutions form
End of this lab
Implementation requirement hints
Hint Section
Implementation hints
Hint Section
Verification hints
Hint Section
Solution configuration answer key
Configuration section at the end of the lab guide
Lab Guide
Task 1: Establish an Implementation Requirements List

The first step in your configuration deployment is to create a list of the items needed to
configure each device (for example, device names, password values, trunk encapsulation types,
etc.). Use the following table, the initial lab visual objective, the Implementation Policy and
Devices Information to create an Implementation Requirement list. Include the high-level
implementation tasks needed for each device and how to obtain the information required for
each task. If you are unsure, use the hints information provided at the end of this lab.
Device
High Level Task
Information Source
Task 2: Create an Implementation and Verification Plan

The second step in your configuration deployment is to create a task list of each item to
configure on each device and in what order. The Implementation and Verification Plan is very
important, because it enables you to ensure that all requirements are properly configured and in
the correct order. The task will help you setup configuration checkpoints. Use the plan to
determine how you will verify that each required item was effectively configured. You will
move to the actual implementation in the next task. Use the following table and the Information
Packet to create the Implementation and Verification Plan. If you are unsure, use the hints
information provided at the end of this lab.
Complete
Device
Implementation
Order
Values and items to

implement
Verification method and

expected results
Lab Guide
Complete
10
Device
Implementation
Order
Values and items to

implement

expected results
Task 3: Implement and Verify

Now that you have all of the requirements and have planned the implementation, you are ready
to connect to the remote lab. You can then implement your solution. Do not forget to save!
Once your solution is implemented, verify that your configuration is working and fulfills the
requirements specified by the hiring manager. Keep in mind that once you leave the company, a
network specialist will verify your configuration. Your ability to implement the solution as per
the hiring manager specifications will determine whether or not you get the job.
Lab Guide
11
Student Notes
Use the following space to document the details that you think are important to remember.
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
12
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
13
Alternate Resources and Solutions to the One You Used

Other groups may use a solution different from yours. Possible solutions will be discussed
during the debrief period after the lab. For your reference, use the following space to document
other possible solutions.
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
14
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
15
Lab 1-1: Key Commands and Tools Used

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
16
Hints
You are encouraged to complete the labs using your knowledge. If you need a tip, this section
contains a series of hints to help you complete the lab.
Lab 1-1 Hint Sheet: New Hire Test

Implementation Requirements
To facilitate the configuration of your network, the first task asks you to create an
Implementation Requirements list. The list details the elements needed to develop an
implementation plan. The following is an example of such a list:
Device
Implementation Requirement
Hint
All
switches
Neighbor list and connected ports
Show cdp neighbor in command list, port table at the end

of lab guide
Hostname
Network Diagram
Enable, line vty 0 15 password

cisco
Implementation policy section
Login on line vty 0 4
VLAN 1 IP address
Devices Information section
Gateway
Devices Information section
Idle timeout set to 0
Log messages on the console,

with a timestamp
Current time in the class
No DNS lookup
Unused interfaces shutdown
Show cdp neighbor in command list, port table at the end

of lab guide
Lab Guide
17
Implementation Plan
In task 2, you will create an implementation plan. There are several possible correct solutions.
One possible approach groups items that are common to all switches in a template and then
applies the template to all switches. You can then configure each switch with items that are
unique to each device, such as IP addresses or gateway. The common template could be named
Common_Template created in a text editor, copied and pasted as appropriate, and contain the
following items:
enable password cisco
no ip domain-lookup
line con 0
exec-timeout 0 0
line vty 0 4
password cisco
logging synchronous
login
service timestamp log datetime
An example of the implementation plan follows.

Complete
Device
Implementation
Order
Values and items to implement
Step-by-step
section No
All
Paste Common_Template.
per sw
Configure hostname.
per sw
Configure VLAN 1 IP address.
per sw
Configure switch gateway.
per sw
Configure current time and date.
per sw
Verify neighbors ports.
per sw
Shutdown unused ports.
per sw
Verify connectivity to the gateway.
per sw
Verify configuration.
18
Verification Plan
Complete
Device
Values and items to

implement

expected results
Step-by-step
section No
All
Paste
Common_Template
Verify enable password. As

this is the first line of the
template, its correct value
indicates that the first part of
the script was pasted
properly.
Paste
Common_Template
Verify while pasting the

template that no error is
reported.
Paste
Common_Template
Verify the implementation of

no ip domain-lookup. As this
is the last line of the
template, its success shows
that the template was
successfully implemented.
No ip domain lookup can be
verified using show runningconfig or by entering a bogus
command and verifying that
the switch does not attempt
DNS resolution.
Configure Hostname
Prompt should display the

switch name.
Configure VLAN 1 IP
address
Show ip interface brief

should display the right
address.
10
Configure default
gateway
Show running-config should

show the gateway
information.
11
Configure time and

date
Show clock.
12
Shut unused ports
Show cdp neighbors to

display neighbors and ports,
show running-config to verify
that the other ports are shut.
Verify connectivity
Ping the default gateway,

ping should be successful.
As an extra verification, ping
the other switches. Pings
should be successful.
Lab Guide
19
Step-by-Step Procedure
Step 1
Connect to the switch interface in configuration mode
Step 2
Connect to the remote lab.
Access the Switch console.
Enter privilege mode, using enable.
Enter configuration mode, using configure terminal.
Paste the Common_Template file

Create a notepad text file named Common_template and containing the lines:
no ip domain-lookup
line con 0
exec-timeout 0 0
line vty 0 4
password cisco
logging synchronous
login
service timestamp log datetime
Paste the Common_Template file content to the console.

Verify as you paste that no error message is reported.
Step 3
Configure the switch hostname and IP information. Use the commands, for example in ASW1:
hostname ASW1
interface VLAN 1
ip address 10.1.1.1 255.255.255.0
exit
ip default-gateway 10.1.1.251
end
The information in italics is specific to ASW1. Use the Device Information table in the
Information Packet to find the relevant name and IP information for each switch.
Step 4
Configure the current time and date on the switch. Use the command clock set, for example:
clock set 10:06:39 08 Aug 2009
20
Step 5
Verify neighbor and connecting ports using cdp. For example:

show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID
DSW2
DSW1
Local Intrfce
Fas 0/2
Fas 0/1
Holdtme
129
129
Capability Platform Port ID

R S I
WS-C3560- Fas 0/7
R S I
WS-C3560- Fas 0/6
In this example, the local switch has 2 neighbors, switches DSW2 and DSW1. The local switch
connects to switch DSW2 from interface F0/2, which links to switch DSW2 interface f0/7. The
local switch connects to switch DSW1 from interface f0/1, which links to switch DSW1
interface f0/6.
Step 6
Shutdown all ports except links to neighbors:

configure terminal
interface rang f0/1 24
shutdown
interface f0/2
no shutdown
interface f0/1
no shutdown
end
This example applies to ASW1. On each switch, use the show cdp neighbor information to
determine which local interfaces are to be kept enabled.
Step 7
Verify connectivity to the gateway:

ping 10.1.1.251
type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.251, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms
Step 8
Verify enable password and hostname (using prompt):

ASW1#disable
ASW1>enable
Password: cisco
ASW1#
Step 9
Verify no ip domain-lookup, last line of the template:

getmethere
Translating "getmethere"
% Unknown command or computer name, or unable to find computer address
Step 10
Verify IP address:
sh ip interface brie
Interface
Protocol
Vlan1
Step 11
IP-Address
OK? Method Status
10.1.1.1
YES manual up
up
Verify gateway:
sh run | beg ip default
Step 12
Verify time:
show clock
16:26:43.545 eastern Sat Jun 6 2009
Lab Guide
21
Lab 2-1: Design and Implement VLANs, Trunks,

and EtherChannel
Complete this lab activity to practice what you learned in the related module.
Activity Objective
You were hired by NotaRoute Inc. to design and configure their branch office Layer 2 network.
Their network is not fully ready yet, but later on they intend to implement several servers and
additional routers. They know that some devices are supposed to be in VLANs and others in
trunks, but this is where their knowledge ends. They provided you with a cabling plan and
asked you to help them design and configure a typical solution for their network on a test lab.
You need to configure the existing network equipment to use the devices once they are
installed. Your configuration will be used by the customer as a configuration template as
additional network equipment is purchased. When collecting information about their network
infrastructure, you found that their requirements were all about link types, trunk encapsulation,
and EtherChannels. You realize that they have little understanding about more advanced
options such as allowed VLANs, but that they expect you to guide them to provide a
documented, functional, and reasonably secured network. After completing this activity, you
will be able to meet these objectives:
22
Plan a segmented Layer 2 network implementation.
Create a Layer 2 implementation and verification plan.
Implement a full Layer 2 solution including VLANs, trunks, pruning, VLAN Trunking
Protocol (VTP), and EtherChannel.
Information Packet
This deployment builds on lab 1-1. In other words, keep the configuration from lab 1-1, and
add the following requirements.
Not all network equipment is installed. The network infrastructure has been installed but not the
additional servers or the additional routers. Your configuration should include the configuration
for the switch ports to these devices. A quick call to the local administrator brings the following
elements:
FTP, Web servers and additional routers are to be connected later. You are asked to
configure, as an example, the first available port on switches ASW1 and ASW2 for the FTP
server, and the next available port for the file server. For example, if the first 4 ports are
already used after lab 1-1, configure port 5 for the FTP server and port 6 for the Web
server. Apply the same logic for the File servers and the additional routers on DSW1 and
DSW2. On each switch, the File Server will be on the first available port and the additional
router on the next available port.
Several IP addresses are already configured on each router Ethernet interfaces (routers R1
and R2) to your pod, as they need to send traffic to several of your VLAN subnets. You do
not need to configure the routers. The switches need to be configured completely, from
VLAN database to link type.
During the conversation, you mentioned VTP and its modes. The local administrator would
like to try VTP, with the following restrictions:
All switches should be in transparent mode.
You should name the domain cisco.
The administrator does not want the pruning feature of VTP enabled, and asks you
to prune all unnecessary VLANs from the inter-switch links manually.
Lab Guide
23
Using this information, your task is to design the VLAN topology with some additional
specifications:
Although the network topology allows for large redundancy, redundancy is not to be used
at this stage. Make sure to disable the links between switches ASW1 and DSW2, ASW2
and DSW1, DSW1 and CSW2, CSW1 and DSW2, CSW1 and router R2, CSW2 and router
R1. In other words, the only connection between the upper part of the network (switches
ASW1, DSW1 and CSW1) and the lower part of the network (switches ASW2, DSW2 and
CSW2) transits through the link between switches CSW1 and CSW2. Use Cisco Discovery
Protocol to learn the links between switches and shutdown the ones that are not needed.
For efficiency, several physical connections exist between some of the switches. To
simplify the network administration, group these physical links into logical links wherever
possible. Where two 100 Mbps links are grouped, use an IEEE grouping protocol, and
make sure that one end actively tries to negotiate the virtual link creation, while the other
only responds to solicitations and does not actively try to create the link. Where four 100
Mbps are to be grouped, create the virtual link unconditionally without using any
negotiation protocol. Use the description feature on each virtual links to reflect which
devices they connect. Also use the table in devices information.
Client PC in VLAN 3 and client PC in VLAN 4 need to receive their IP address from
routers R1 and R2. R1 and R2 are preconfigured.
Devices Information
The table provides the information specific to each switch in the network. This information is
the same as in lab 1-1:
24
Device name
Role
IP address
Gateway
VLAN
ASW1
10.1.1.1/24
10.1.1.251
ASW2
10.1.1.2/24
10.1.1.252
DSW1
Layer 3 switch
10.1.1.11/24
10.1.1.251
DSW2
Layer 3 switch
10.1.1.22/24
10.1.1.252
CSW1
Layer 3 switch
10.1.1.111/24
10.1.1.251
CSW2
Layer 3 switch
10.1.1.222/24
10.1.1.252
R1
Router
Fa0/0: 10.1.1.251/24
R2
Router
Fa0/0: 10.1.1.252/24
The table below provides information about the devices connected or to be connected to the
network. Use the space to document which port in your pod each device should connect per the
above policy and the previous lab information:
Device
Role
Network
location
VLAN
CLT1
Client station
ASW1 P3
CLT2
Client station
ASW2 P3
NR1
Router
DSW1 P7
trunk
NR2
Router
DSW2 P7
trunk
WEB1
Web Server
ASW1 P5
11
WEB2
Web Server
ASW2 P5
12
FTP1
FTP Server
ASW1 P4
63
FTP2
FTP Server
ASW2 P4
64
FILE1
File Server
DSW1 P6
65
FILE2
File Server
DSW2 P6
66
Physical port in your lab
Lab Guide
25
Some links between switches should be bundled together. The following table shows all
possible numbering convention for these link bundles. Note that NOT all of these numbers are
needed. You should use cdp to determine which links between switches can be bundled. Once
you have determined which links has to bundle, use the following table to apply the right
bundle number:
26
Device
Link to
If used, bundle number should be:
ASW1
ASW2
10
ASW1
DSW1
11
ASW1
DSW2
12
ASW2
ASW1
10
ASW2
DSW1
11
ASW2
DSW2
12
DSW1
ASW1
11
DSW1
ASW2
12
DSW1
DSW2
21
DSW1
CSW1
31
DSW1
CSW2
32
DSW2
ASW1
11
DSW2
ASW2
12
DSW2
DSW1
21
DSW2
CSW1
31
DSW2
CSW2
32
CSW1
DSW1
31
CSW1
DSW2
32
CSW1
CSW2
33
CSW2
DSW1
31
CSW2
DSW2
32
CSW2
CSW1
33
Network Diagram
Visual Objective for Lab 2-1: Design and

Implement VLANs, Trunk and EtherChannel
SWITCH v1.04
Lab Guide
27
Command List
Configuration Commands
28
Command
Description

interface range
fastethernet |
gigabitethernet
Selects a range of interfaces to configure.
name vlan-name
Specifies a name for a VLAN for either VLAN database or VLAN

configuration mode.
no interface vlan vlan-id

type
Disables a VLAN interface.
show interface interfaceid switchport
Displays the switch port configuration of the interface.
show interface trunk
Displays the trunk configuration of the interface.
show vlan
Displays VLAN information.
show vtp status
Shows the VTP configuration.
shutdown/no shutdown
Shuts down or enables an interface.
switchport access vlan

vlan-id
Specifies the default VLAN, which is used if the interface stops

trunking.
switchport mode access
Puts the interface into permanent nontrunking mode and

negotiates to convert the link into a nontrunk link.
switchport mode trunk
Puts the interface into permanent trunking mode and negotiates to

convert the link into a trunk link.
switchport nonegotiate
Turns off DTP negotiation.
switchport trunk allowed

vlan remove vlan-list
Configures the list of VLANs allowed on the trunk.
switchport trunk
encapsulation dot1q
Specifies 802.1Q encapsulation on the trunk link.
switchport trunk
encapsulation isl
Specifies ISL encapsulation on the trunk link.
interface interface-id
channel-group channelgroup-number mode
desirable
Unconditionally enables Port Aggregation Protocol (PAgP).

Desirable mode places an interface into a negotiating state in
which the interface initiates negotiations with other interfaces by
sending PAgP packets. A channel is formed with another port
group in either the desirable or auto mode. When desirable is
enabled, silent operation is the default.
show running-config
Displays interface-specific configuration information.
vtp domain domain-name
Sets the VTP domain name.
vtp mode [ client |

server | transparent ]
Sets the VTP mode.
Job Aids
Value
Location
Task 1
Task 2
Task 3
End of this lab
Hint Section
Hint Section
Verification hints
Hint Section
Lab Guide
29

configure each device (for example allowed VLANs, VTP role, trunk encapsulation types, etc.).
Use the following table, the initial lab visual objective, the Implementation Policy and Devices
Information to create an Implementation Requirement list. Include the high-level
Device
30
High Level Task
Information Source
Device
High Level Task
Information Source
Lab Guide
31
To help you decide on the VLAN implementation, use the following table to list the VLANs
you will need and decide on which devices they should be configured:
VLAN
Number
VLAN Name
Configure on switches:

Complete
32
Device
Implementation
Order
Values and items to

implement

expected results
Complete
Device
Implementation
Order
Values and items to

implement

expected results
Lab Guide
33
Complete
34
Device
Implementation
Order
Values and items to

implement

expected results
Complete
Device
Implementation
Order
Values and items to

implement

expected results
Lab Guide
35
Complete
36
Device
Implementation
Order
Values and items to

implement

expected results

to connect to the remote lab. You can then implement your solution. Do not forget to save!
Once your solution is implemented, verify your configuration is working and fulfills the
requirements specified by the company. Keep in mind that once you leave the company, they
will use your configuration as a whitepaper to implement their network. The company will
apply your configuration, without modification, to connect any device of the same type as the
one you configured for each port. Use the previous table to document the verifications you
conducted to ensure that your solution is complete. Hints are available at the end of this lab if
you are unsure about the verification steps.
Lab Guide
37
Student Notes
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
38
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
39

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
40
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
41

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
42
Hints
Lab 2-1 Hint Sheet: Design and Implement VLANs, Trunks, and EtherChannel
Device
ASW1
Port to CLT1 in VLAN 3.
First available port in VLAN 63.
Second available port in VLAN 11.
Link to DSW1 in trunk mode (verify Etherchannel).
Implementation Policy , Devices

Information
Allow VLANs 1, 3, 11 and 63 on trunk.
Implementation Policy, Devices

Information

Information

Information
VTP transparent domain cisco password cisco.
ASW2
DSW1
Hint
Configure and shut port(s) to ASW2.
Second available port in VLAN 12.

Information

Information

Information

Information
VTP transparent domain cisco, with password

cisco.
VTP transparent, domain cisco password cisco.
Second available port in trunk.
Lab Guide
43
Device
DSW2
44
Hint
VLANs 1, 3, 4, 11, 12, 63, 64, 65 and 66 allowed

on trunk.

Information

Information

on trunk.

Information
Configure and shut port(s) to DSW2.
Link to ASW1 in trunk mode (verify Etherchannel).

Information
VLANs 1, 3, 11 and 63 allowed on trunk.

Information

Information

Information
Link to CSW1 in trunk mode (verify Etherchannel).

Information

on trunk.

Information

Information

on trunk.

Information
Configure and shut port(s) to CSW2.

Information

on trunk.

Information
VTP transparent, domain cisco pass cisco.
Second available port in trunk.

on trunk.

Information

Information

on trunk.

Information

Information
VLANs 3, 11 and 63 allowed on trunk.

Information
Device
CSW1
CSW2
Hint

Information

Information

Information

on trunk.

Information

Information

on trunk.

Information
Configure and shut port(s) to CSW2.

Information

on trunk.

Information
Link to R1 in trunk.
Network Diagram
VLANs 1, 3, 11, 63 and 65 allowed on trunk.

Information
Network Diagram

Information

Information

on trunk.

Information

Information

on trunk.

Information

Information

on trunk.

Information
Network Diagram

Information
Network Diagram
Lab Guide
45
Device
46
Hint

Information

Information

on trunk.

Information

Information

on trunk.

Information

Information

on trunk.

Information
Implementation and Verification Plan

unique to each device, interface mode or EtherChannel links. The common template could be
named Common_Template just like in the previous lab: For this lab, the template could
contain the following items:
Vtp mode transparent
vtp domain cisco
vtp password cisco
vlan 3,4,11,12,63-66
You can implement this template to CSW1, CSW2, DSW1 and DSW2. ASW1 and ASW2
require specific VLAN configuration, so you may want to configure them manually. An
example of the Implementation and Verification Plan follows.
Complete
Device
Implementation
Order
Values and items to

implement

expected results
Stepbystep
No
CSW1
Paste
Common_Template.
Show vtp status (shows

transparent, domain cisco,
password cisco).
Configure trunk link to R1,

allowed VLANs 1, 3, 11,
63, 65.
Show run interface to R1,

trunk, allowed VLANs 1, 3, 4,
11, 12, 63, 64, 65 and 66,
show interface trunk.

64, 66.

11, 12, 63, 64, 65 and 66,
(Verify if needed and)

configure EtherChannel to
CSW2, on if 4 links, LACP
if 2 links.
Show etherchannel status

active or on.
Configure trunk to CSW2,

allowed VLANs 1, 3, 4, 11,
12, 63, 64, 65 and 66.
Show run interface to CSW2,

11, 12, 63, 64, 65 and 66,

DSW2, on if 4 links, LACP
if 2 links.

active or on.
Configure trunk to DSW2,

12, 63, 64, 65 and 66.
Shut link down.
Show run interface to DSW2,

trunk allowed VLANs 1, 3, 4,
11, 12, 63, 64, 65 and 66, link
shut.

if 2 links.

active or on.
Lab Guide
47
Complete
Device
CSW2
DSW1
48
Implementation
Order
Values and items to

implement

expected results
Stepbystep
No

12, 63, 64, 65 and 66.

trunk, allowed 1, 3, 4, 11, 12,
63, 64, 65 and 66, show
interface trunk.
Paste
Common_Template.

password cisco).

63, 65.

11, 12, 63, 64, 65 and 66,

64, 66.

11, 12, 63, 64, 65 and 66,

if 2 links.

active or on.

12, 63, 64, 65 and 66.

11, 12, 63, 64, 65 and 66,

if 2 links.

active or on.

12, 63, 64, 65 and 66.
Shut link down.

trunk allowed VLANs 1, 3, 4,
11, 12, 63, 64, 65 and 66.

if 2 links.

active or on.

12, 63, 64, 65 and 66.

trunk, allowed 1, 3, 4, 11, 12,
63, 64, 65 and 66, link shut.
Paste
Common_Template,
change VTP mode to
server.

password cisco).
10

if 2 links.

active or on.
11/12

12, 63, 64, 65 and 66.

11, 12, 63, 64, 65 and 66,
14
Complete
Device
DSW2
Implementation
Order
Values and items to

implement

expected results
Stepbystep
No

if 2 links.

active or on.
11/12

12, 63, 64, 65 and 66.
Shut link down.

11, 12, 63, 64, 65 and 66. Link
shut.
15

if 2 links.

active or on.
11/12

12, 63, 64, 65 and 66.
Shut link down.

11, 12, 63, 64, 65 and 66. Link
shut.
13

ASW1, on if 4 links, LACP
if 2 links.

active or on.
11/12
Configure trunk to ASW1,

63 and 65.
Show run interface to ASW1,

63 and 65, show interface
trunk.
16
10

if 2 links.

active or on.
11/12
11

64 and 66.

trunk.
16
12
Configure first available

port in access mode,
VLAN 65.
First available port in access

mode, VLAN 65.
18
13
Configure second
available port in trunk,
12, 63, 64, 65 and 66.
Second available port in trunk,

allowed VLANs 1, 3, 4, 11, 12,
63, 64, 65 and 66, show
interface trunk.
19
Paste
Common_Template.

password cisco).
21

if 2 links.

active or on.
21

12, 63, 64, 65 and 66.

11, 12, 63, 64, 65 and 66,
21
Lab Guide
49
Complete
Device
ASW1
50
Implementation
Order
Values and items to

implement

expected results
Stepbystep
No

if 2 links.

active or on.
21

12, 63, 64, 65 and 66.
Shut link down.

11, 12, 63, 64, 65 and 66. Link
shut.
21

if 2 links.

active or on.
21

12, 63, 64, 65 and 66.
Shut link down.

11, 12, 63, 64, 65 and 66. Link
shut.
21

if 2 links.

active or on.
21

64 and 66.

trunk.
21
10

if 2 links.

active or on.
21
11

63 and 65.

trunk.
21
12
Configure first available

port in access mode,
VLAN 66.
First available port in access

mode, VLAN 66.
21
13
Configure second
available port in trunk,
12, 63, 64, 65 and 66.
Second available port in trunk,

allowed VLANs 1, 3, 4, 11, 12,
63, 64, 65 and 66, show
interface trunk.
21
VTP mode transparent,

domain and password
cisco.
Show vtp status, transparent,

domain and password cisco.
22

if 2 links.

active or on.
23

63 and 65.

trunk.
24
Complete
Device
ASW2
Implementation
Order
Values and items to

implement

expected results
Stepbystep
No

if 2 links.

active or on.
23

63 and 65.

trunk.
24
Show run interface to CLT1,

access VLAN 3.
25
First available port in

VLAN 63.
Show run interface to first

available port, access VLAN
63.
26
Second available port in

VLAN 11.
Show run interface to second

11.
27
VTP mode transparent,

domain and password
cisco.
Show vtp status, transparent,

domain and password cisco.
28

if 2 links.

active or on.
29

64 and 66.

trunk.
30

if 2 links.

active or on.
29

64 and 66.

trunk.
30
Show run interface to CLT2,

access VLAN 4.
31
First available port in

VLAN 66.
Show run interface to first

64, show interface trunk.
32
Second available port in

VLAN 12.
Show run interface to second

12.
33
Lab Guide
51
Step 1
Connect to the switch CSW1 in configuration mode
Step 2
Inject the Common_Template file
Step 3
Create a notepad text file named Common_template and containing the lines:
Vtp mode transparent
vtp domain cisco
vtp password cisco
vlan 3,4,11,12,63-66
Paste the Common_Template file content to the console.
Verify as you paste that no error message is reported.
Use the show cdp neighbor command to check the port to each neighbors:
CSW1#sh cdp ne
Device ID
R1
R2
DSW1
DSW1
DSW2
DSW2
CSW2
CSW2
CSW2
CSW2
Step 4
Local Intrfce
Fas 0/11
Fas 0/12
Fas 0/2
Fas 0/1
Fas 0/4
Fas 0/3
Fas 0/10
Fas 0/9
Fas 0/8
Fas 0/7
Holdtme
85
85
144
144
148
148
138
138
138
138
Capability
R S I
R S I
S I
S I
R S I
R S I
R S I
R S I
R S I
R S I
Platform
RO-2811RO-2811WS-C3560WS-C3560WS-C3560WS-C3560WS-C3560WS-C3560WS-C3560WS-C3560-
Port ID
Fas 0
Fas 1
Fas 0/2
Fas 0/1
Fas 0/4
Fas 0/3
Fas 0/10
Fas 0/9
Fas 0/8
Fas 0/7
For each port to routers R1 and R2, enter (taking interface f0/11 as an example):
interface f0/11
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,3,4,11,12,63,64,65,66
Step 5
52
Using the show cdp neighbor information, determine if EtherChannel is to be configured on links to
switches CSW2, DSW1, and DSW2:
Switch CSW1 has 4 links to switch CSW2, EtherChannel mode on should be used.
Switch CSW1 has two links to switch DSW1 and two links to switch DSW2, EtherChannel
mode LACP should be used. Switch CSW1 will be the active side, switches DSW1 and
DSW2 will be the passive side.
Step 6
Configure the link to switch CSW2, using the show cdp neighbor information and the EtherChannel
table from the Information packet:
interface range f0/7 - 10
switchport trunk encapsulation
switchport trunk allowed vlan
channel-group 33 mode on
exit
interface port-channel 33
switchport trunk allowed vlan
Step 7
dot1q
1,3,4,11,12,63,64,65,66
dot1q
1,3,4,11,12,63,64,65,66
Configure the link to switch DSW1, using the show cdp neighbor information and the
EtherChannel table from the Information packet:
channel-group 31 mode active
exit
Step 8
Configure the link to switch DSW2, using the show cdp neighbor information and the
EtherChannel table from the Information packet:
shutdown
exit
shutdown
Step 9
Repeat steps 1 to 8 on switch CSW2, shutting down the ports to switch DSW1 and leaving the ports
to switch DSW2 enabled.
Step 10
Repeat steps 1 and 2 on DSW1.
Step 11
Use the show cdp neighbor information to discover neighbors:

DSW1#sh cdp ne
Device ID
ASW1
ASW2
DSW2
CSW2
CSW2
CSW1
CSW1
Local Intrfce
Fas 0/6
Fas 0/7
Fas 0/5
Fas 0/4
Fas 0/3
Fas 0/2
Fas 0/1
Holdtme
155
156
130
128
127
163
163
Capability Platform Port ID

S I
WS-C2960- Fas 0/1
S I
WS-C2960- Fas 0/2
R S I
WS-C3560- Fas 0/5
R S I
WS-C3560- Fas 0/4
R S I
WS-C3560- Fas 0/3
R S I
WS-C3560- Fas 0/2
R S I
WS-C3560- Fas 0/1
Lab Guide
53
Step 12
Step 13
Using the show cdp neighbor information, determine if EtherChannel should be configured on links
to switches CSW2, DSW1m and DSW2:
DSW1 has 1 link to ASW1 and ASW2, 1 link to DSW2. EtherChannel should not be used.
DSW1 has 2 links to CSW1 and 2 links to CSW2. EtherChannel mode LACP should be
used. DSW1 will be the passive side for links to CSW1 and CSW2.
Configure the link to switch DSW2, using the show cdp neighbor information:
interface f0/5
shutdown
Step 14
channel-group 31 mode passive
exit
Step 15
shutdown
exit
shutdown
DSW1#sh etherchann
Channel-group listing:
---------------------Group: 31
---------Group state = L3
Maxports = 8
Ports: 2
Port-channels: 1 Max Port-channels = 1
Protocol:
Minimum Links: 0
Group: 32
---------Group state = L3
Ports: 2
Maxports = 8
Port-channels: 1 Max Port-channels = 1
Protocol:
Minimum Links: 0
54
Step 16
Configure the link to switch ASW1, using the show cdp neighbor information:
interface f0/6
switchport trunk allowed vlan 1,3,11,63,65
Step 17
Configure the link to switch ASW2, using the show cdp neighbor information:
interface f0/7
Step 18
Configure the link to the File server:

Interface f0/8
Switchport mode access
Switchport access vlan 65
Step 19
Configure the link to the new router:

Interface f0/9
Step 20
Repeat steps 1 and 2, then steps 11 to 19 on DSW2, leaving links to switch CSW2 enabled and
links to switch CSW1 shutdown. On the EtherChannel link to switch DSW1, switch DSW2 is the
passive side. File Server is in VLAN 66.
Step 21
On ASW1configurt the VTP mode.

Vtp domain cisco
Vtp mode client
Vtp password cisco
Show vtp status
VTP Version
: running VTP1 (VTP2 capable)
Configuration Revision
: 0
Maximum VLANs supported locally : 1005
Number of existing VLANs
: 17
VTP Operating Mode
: Transparent
VTP Domain Name
: cisco
VTP Pruning Mode
: Disabled
VTP V2 Mode
: Disabled
: Disabled
VTP Traps Generation
: 0xDE 0x86 0x25 0xBD 0x56 0x50 0xDE 0x3E
MD5 digest
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Step 22
Repeat step 11 to discover neighbors.
Step 23
Use step 16 model to configure links to DSW1 and DSW2.
Step 24
Configure the link to client CLT1:

Interface f0/3
Step 25
Configure the link to the FTP server:

Interface f0/4
Step 26
Configure the link to the Web server:

Interface f0/5
Step 27
Repeat steps 1 and 2 on switch ASW2.
Lab Guide
55
Step 28
Repeat step 11 to discover neighbors.
Step 29
Use step 16 model to configure links to switches DSW1 and DSW2.
Step 30
Configure the link to client CLT2:

Interface f0/3
Step 31
Configure the link to the FTP server:

Interface f0/4
Step 32
Configure the link to the Web server:

Interface f0/5
56
Lab 2-2: Troubleshoot Common VLAN

Configuration and Security Issues
Activity Objective
There are many issues that can occur when VLANs and trunks are not properly configured.
Everything worked well in the network you configured in the previous lab. Proud of your
achievements, you decided to take a week off. During that time, one of your team assistants,
while preparing for his CCNA, filled in for you, and took care of the network. He had to face
several issues, and tried to improve your configuration on a few points. Unfortunately, it seems
that the improvements somehow affected Layer 2 connectivity in your network. In other words,
when you came back, three troubleshooting tickets were waiting for you on your desk. You
need to fix the network quickly using the tools you learned in this module. After completing
this activity, you will be able to meet these objectives:
Diagnose and resolve Layer 2 connectivity problems.
Diagnose and resolve VLAN and EtherChannel related problems.
Document troubleshooting progress, configuration changes, and problem resolution.
Visual Objective
The figure illustrates what needs to be accomplished in this activity.
Visual Objective for Lab 2-2: Troubleshoot

Common VLAN Configuration and Security
Issues
SWITCH v1.05
Lab Guide
57
Command List
The table describes the commands that you will use in this activity.
58
Command
Description
configure terminal
Enters global configuration mode, from privileged EXEC mode,
Enters the privileged EXEC mode command interpreter
exit
Exits the current mode

with a Fast Ethernet or Gigabit Ethernet interface installed
interface range
fastethernet |
gigabitethernet
Selects a range of interfaces to configure
name vlan-name

configuration mode

type
Disables a VLAN interface
ping ip-address
Sends an ICMP echo to the designated IP address, using the

default settings of size and response window time
Displays the switch port configuration of the interface
Displays the trunk configuration of the interface
show vlan
Displays VLAN information
show vtp status
Shows the VTP configuration
Shuts down or enables an interface

vlan-id

trunking

negotiates to convert the link into a nontrunk link

convert the link into a trunk link
Turns off DTP negotiation

switchport trunk
encapsulation dot1q
Specifies 802.1Q encapsulation on the trunk link
switchport trunk
encapsulation isl
Specifies ISL encapsulation on the trunk link
telnet ip-address
Starts a terminal emulation program from a PC, router, or switch

that permits you to access network devices remotely over the
network
Command
Description
desirable
Unconditionally enable PAgP. Desirable mode places an interface

into a negotiating state in which the interface initiates negotiations
with other interfaces by sending PAgP packets. A channel is
formed with another port group in either the desirable or auto
mode. When desirable is enabled, silent operation is the default.
show running-config
vtp domain domain-name
Sets the VTP domain name in either the VLAN database or

configuration mode
vtp mode [ client |

server | transparent ]
Sets the VTP mode
Job Aids
These job aids are available to help you complete the lab activity.
Trouble Tickets
Troubleshooting Log
Lab Guide
59
Trouble Ticket A: Switch Replacement has Gone Wrong

Late Friday afternoon, the access switch ASW1 failed and your assistant quickly had to
conclude that the power supply had gone bad and that the switch needed to be replaced.
Luckily, your team still had a similar switch on the shelf and your assistant rushed on site to
replace it.
This morning, when you come in and asked your assistant how things went, he tells you that he
stayed late trying to get things to work but in the end did not manage it. He asks you to have a
look because he is out of ideas. When you ask him what the exact problem is, he tells you that
he does not know and that it simply does not work. He first thought was the issue came from
his configuration on switch ASW1, but then he also tried to verify and improve the other
switches on the path and is not sure anymore.
User on PC Client 1 has already started to complain that he cannot get access to the network
and he needs this problem to be fixed today.
Your task is to diagnose the issues and restore switch ASW1 as a fully functional access switch
on the network.
Trouble Ticket B: VLAN 66 Access Problem

Your assistant also reports a call on Thursday evening from the File2 Server administrator. A
backup File2 server was installed beyond the switch CSW2 and no devices in the network seem
to be able to reach VLAN 66 anymore. The File2 Server team first thought of a hacker attack
and removed the File2 from the network for forensic analysis. The Server seems to be intact.
The File2 Server team then decided to try to ping from router R1 VLAN 66 interface to router
R2 VLAN 66 interface. The ping fails. They are convinced that your assistant broke
connectivity for this VLAN and ask you to fix the issue immediately. Each lost minute costs a
fortune.
Your task is to identify the misconfigured item and solve the issue to recover router R1 VLAN
66 connectivity to router R2 VLAN 66 connectivity. R1 VLAN 66 IP address is 10.1.66.251,
and R2 VLAN 66 IP address is 10.1.66.252.
Trouble Ticket C: Gateway Unreachable

Your assistant seems depressed on this Monday morning. He complains that he already spent
hours trying to help PC Client 2 who could not reach his gateway, router R2, anymore. Your
assistant is convinced that PC Client 2 user broke his PC configuration, and does not believe
that the issue has anything to do with the fact that your assistant improved some minor points
about the network configuration.
Although you trust your assistant, the fact that the issue started as soon as your assistant started
improving the configuration makes you wonder if there would not be a configuration issue
somewhere on one switch. The fact that your assistant is reluctant to tell you exactly what
improvements were made when the failure occurred clearly contribute to your doubts.
Your task is to ensure that PC Client 2 can ping router R2.
60
Instructions
As you can see from the troubleshooting tickets, this first troubleshooting lab contains three
types of issues:
Trouble Ticket A involves communication issues between switch ASW1 and router R1,
thus in the upper part of the lab.
Trouble Ticket C involves communication issues between client CLT2 and router R2, thus
in the lower part of the lab.
Trouble Ticket B involves communication issues between the upper and the lower part of
the lab.
Together with your team members, create a troubleshooting plan to divide the work, assign
each team member appropriate roles and coordinate device access between the team members.
A logical way of organizing the workload could be to assign the upper section of the pod (client
CLT1-switch ASW1-switch DSW1-switch CSW1-router R1) to one team and the lower part of
the pod (client CLT2, switches ASW2, DSW2, and CSW2) to a second team. Issues affecting
the upper part of the lab could be solved by the first team. Issues affecting the lower part of the
lab could be solved by the second team. The whole team will have to work out issues affecting
both the upper and lower section. This is just an example of possible organization. Whichever
organizational model you choose, assign the primary responsibility for each of the devices to a
team member. The team member who has primary responsibility for a device is in control of
the console of that device and changes to the devices. This means that no other team member
should access the console, make changes to the device or execute disruptive actions such as
reloading or debugging without permission from the controlling team member. All team
members can access all devices via Telnet or SSH for non-disruptive diagnostic action, without
the need for permission of the controlling member. Responsibilities can be reassigned during
later labs if necessary.
Once roles have been assigned, work together on Trouble Tickets A, B, and C to resolve the
issues. Document your progress in the Troubleshooting Log provided below in order to help
facilitate efficient communication within the team and to have an overview of your
troubleshooting process for reference during the lab debrief discussions.
The instructor will provide you with directions to prepare the lab equipment for this lab. After
the instructor indicates that the lab is fully prepared, you are ready to start troubleshooting.
Lab Guide
61
Troubleshooting Log
Use this log to document your actions and results during the troubleshooting process.
Trouble
Ticket
62
Actions and results
Trouble
Ticket
Actions and results
Lab Guide
63
Trouble
Ticket
64
Actions and results
Trouble
Ticket
Actions and results
Lab Guide
65
Activity Verification
You have completed this lab when you attain the results below.
Trouble Ticket A:
Client PCs that are connected to switch ASW1 can acquire an IP address via DHCP.
Client PCs that are connected to switch ASW1 can ping the gateway router R1.
You have documented your process, your solution, and any changes that you have made to
the device configurations.
Trouble Ticket B:
You can complete an extended ping from the router R1 interface in VLAN 66 to the router
R2 interface in VLAN 66.
Switch CSW2 VLAN 66 can be reached through all trunks.
Switch CSW2 interfaces in VLAN 66 are properly configured.
Trouble Ticket C:
66
Client PCs that are connected to switch ASW2 can acquire an IP address via DHCP.
Client PCs that are connected to switch ASW2 can ping the gateway router R2.
Trouble Ticket A: Sample Troubleshooting Flow

The following pages illustrate an example of a method that you could follow to diagnose and
resolve Trouble Ticket A.
Confirm or Deny Layer 3 Connectivity

ASW1 management interface is in VLAN 1, CLT1 is in VLAN 3.
CLT2>ping 10.1.3.251
Pinging 10.1.3.251 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.1.3.251:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
ASW1#ping 10.1.1.251
Packet sent with a source address of 10.1.1.1
!!!!!
Success rate is 100 percent (5/5)
SWITCH v1.06
Usually, you would start troubleshooting the Layer 2 connectivity between devices because you
have discovered that there is no Layer 3 connectivity between two adjacent Layer 2 hosts, such
as two hosts in the same VLAN or a host and its default gateway. Typical symptoms that could
lead you to start examining Layer 2 connectivity would be:
Failing pings between adjacent devices. (Keep in mind, though, that this may also be
caused by a host-based firewall that is blocking pings).
Successful pings between hosts in another Layer 2 domain but sharing the same physical
path, such as hosts in another VLAN on the same link.
Client CLT1 is in VLAN 3 and obtains its IP address from router R1, acting as a DHCP server.
Ping to router R1 interface in VLAN 3 from the client CLT1 command prompt interface fails.
Switch ASW1 is in VLAN1. Pings from switch ASW1 to router R1 interface in VLAN 1
succeed. This output shows that there is a physical path, Layer 2 and Layer 3 connectivity
between switch ASW1 and router R1.
You can narrow the issue down to a physical connectivity issue between switch ASW1 and
client CLT1, or a VLAN issue.
Lab Guide
67
Key Clue: ASW1 VLAN Configuration

ASW1#sh vlan
VLAN Name
Status
Ports
---- --------------------------- --------- -----------------------------1
default
active
Fa0/2, Fa0/4, Fa0/5 Fa0/6,

Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/12, Fa0/17, Fa0/18, Fa0/23
VLAN0004
active
11
VLAN0011
active
14
VLAN0014
active
63
VLAN0063
active
1002 fddi-default
Fa0/3
act/unsup
SWITCH v1.07
Once you have determined that the problem is most likely a Layer 2 or Layer 1 problem, you
will want to reduce the scope of the potential failures. You can diagnose Layer 2 problems with
this common troubleshooting method:
Verify Layer 1 and Layer 2 connectivity. If Layer 1 connectivity is broken, the interfaces
should be down. If Layer 1 connectivity is established but Layer 2 connectivity is broken, a
useful tool is cdp. Unless cdp is disabled, you should be able to use it to verify each device
adjacencies.
Determine the Layer 2 path. Based on documentation, baselines, and knowledge of your
network in general, the next step is to determine the path that you would expect frames to
follow between the affected hosts. Determining the expected traffic path beforehand will
help you in two ways: It will give you a starting point for gathering information about what
is actually happening on the network and it will make it easier to spot abnormal behavior.
The second step in determining the Layer 2 path is to follow the expected path and verify
that the links on the expected path are actually up and forwarding traffic. If the actual
traffic path is different from your expected path, this step may give you clues about the
particular links or protocols that are failing and the cause of these failures.
In this case, layer 2 connectivity might be involved as the VLAN database on switch ASW1
does not show VLAN 3. If the VLAN does not exist, CLT1 cannot communicate with its
gateway in VLAN 3. You can create VLAN 3 on switch ASW1 from the global configuration
mode.
68
Key Clue: ASW1 Port Configuration

CLT1 is supposed to be in VLAN 3
Show running-config interface f0/3
Building configuration...
Current configuration : 189 bytes
!
interface FastEthernet0/3
description to CLT1
switchport access vlan 11
End
Config terminal
Int f0/3
% Access VLAN does not exist. Creating vlan 3
SWITCH v1.08
Another key piece of information comes from the previous page that displays information about
VLAN 11. It is said to be active on interface f0/3, which is the interface to which client CLT1
connects. Verifying the f0/3 interface configuration shows that it is set to access mode, but in
VLAN 11.
You can change it to VLAN 3. If VLAN 3 has not been created before, the 2960 platform
creates the VLAN automatically as soon as a port is affected to that VLAN.
Trying to ping router R1 from client CLT 1 at this stage would still fail. You need to examine
the issue a little bit further.
Lab Guide
69
Key Clue: ASW1 DSW1 Trunk Configuration

ASW1# show run int f0/1
!
description to DSW1
end
DSW1# show run int f0/6
!
description to ASW1
end
SWITCH v1.09
The next logical step could be to verify the path from switches ASW1 to DSW1. A useful tool
to verify neighbor information is CDP. If switch ASW1 does not see switch DSW1 with CDP,
then you should suspect a Layer 1 issue might be the cause:
ASW1#Show cdp neighbors
Device ID
DSW1
Local Intrfce
Fa 0/1
Holdtme
174
Capability
T I
Platform Port ID
CA 3550 Fa 0/6
Switch DSW1 is seen, at least by CDP. Switch ASW1 port f0/1 connects to DSW1 port f0/6 in
this example. CDP is an independent Layer 2 protocol that may see neighboring devices even if
the link configuration is partly incorrect. The next step could be to verify the switch ASW1DSW1 link configuration. This link is supposed to be a trunk.
Trunk configuration is correct on switch ASW1 as shown above. If you are managing switch
ASW1, it is time to inform your team that the issue might also be on switch DSW1, and verify
the switch DSW1 link to switch ASW1.
As shown above, the port configuration on switch DSW1 is incorrect. It is set to access mode,
in VLAN 65. VLAN 3 information coming from switch ASW1 cannot be received in this
mode. The interface command switchport mode trunk allows you to change the mode back to
trunk. On Client 1, you try to renew the IP address, which is to be assigned from router R1.
The IP address renews successfully, thus proving layer 2 connectivity between Client 1 and
router R1. You have solved Problem 1.
70

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
71
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
72
Trouble Ticket B: Sample Troubleshooting Flow

resolve Trouble Ticket B.
Connectivity Verification: R1 to R2 in VLAN 66

R1#ping
Protocol [ip]:
Target IP address: 10.1.66.252
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.1.66.251
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
.....
SWITCH v1.010
The first test can be to ping router R2 from router R1 interface in VLAN 66. As reported on the
troubleshooting ticket, the ping is unsuccessful. This issue could come from IP addressing
problems on routers R1 or R2 as well as layer 2 configuration problems. If you start this
problem as a layer 2 issue, you might begin by looking at the configurations on switch CSW1
or CSW2.
Lab Guide
73
Key Clue: CSW2 Links to CSW1

shutdown
!
shutdown
/
SWITCH v1.011
A logical step is to verify switch CSW1 to switch CSW2 link configuration, along with switch
CSW1 to router R1 and switch CSW2 to router R2 configurations
On switch CSW1, the link to router R1 is supposed to be a trunk:
Show run int f0/11
!
end
DSW1#sh int f0/11
FastEthernet0/11 is up, line protocol is up (connected)
/
The link to R1 is configured properly, and connected.
The next step could be to verify if VLAN 66 is known on CSW1:
CSW1#sh vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- -----------------------------/
66
VLAN0066
active
/
VLAN 66 is known, at least on switch CSW1. The same verifications could be conducted on
switch CSW2, verifying the trunk link to router R2 along with switch CSW2 VLAN database.
The configuration should be valid, just like on switch CSW1.
74
In a step by step approach, you could verify the link between switches CSW1 and CSW2:
CSW1#show etherchannel 33 port-ch
Port-channels in the group:
--------------------------Port-channel: Po33
(Primary Aggregator)
-----------Age of the Port-channel

= 0d:00h:45m:07s
Logical slot/port
Number of ports = 0
= 2/24
HotStandBy port = null
Port state
= Port-channel Ag-Not-Inuse
Protocol
=
LACP
The EtherChannel link is not in use! It shows LACP instead of on! You can confirm this
point by checking the physical connections:
Show run
!
!
!
dot1q
dot1q
dot1q
dot1q
They are obviously in a wrong mode. The other end (switch CSW2) is still in on mode, passive
on switch CSW1 will not create an EtherChannel. You decide to correct this:
CSW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
CSW1 (config)#int ran f0/7 - 10
CSW1 (config-if-range)#no channel-gr 33 mo pas
CSW1 (config-if-range)#channel-gr 33 mo on
CSW1 (config-if-range)#end
You then may want to try again to ping router R2 from router R1 interface in VLAN 66: the
ping would still be unsuccessful. There is more than one issue to solve for this ticket.
Lab Guide
75
Key Clue: CSW2 EtherChannel to CSW1

CSW2# show run int po 33
interface Port-channel33
switchport trunk allowed vlan 1-65,67-4094
switchport mode trunk/
SWITCH v1.012
You may then shift your attention to switch CSW2 and verify its connection to switch CSW1.
The EtherChannel link does not seem to be operational on this side either. Verifying the ports
configuration shows that they are in shutdown state. Once enabled, a verification of the PortChannel for these ports show that the link is up.
CSW2#show etherchannel 33 port-channel
Port-channel: Po33
-----------Age of the Port-channel
= 0d:00h:00m:49s
Logical slot/port
= 2/24
Number of ports = 4
GC
= 0x00000000
HotStandBy port = null
Port state
= Port-channel Ag-Inuse
Protocol
=
Ports in the Port-channel:
Index
EC state
No of bits
Load
Port
------+------+------+------------------+----------0
00
Fa0/7
On
0
0
00
Fa0/8
On
0
0
00
Fa0/9
On
0
0
00
Fa0/10
On
0
Time since last port bundled:
0d:00h:00m:17s
Fa0/9
Now that the ports are enabled, you may want to reattempt a ping from router R1 to router R2.
The ping is still unsuccessful. There is still another part to the issue to solve.
76
While verifying switch CSW2 configuration, you may see that VLAN 66 is not allowed on the
EtherChannel! You might have seen this issue at an earlier stage. It is shown here to isolate it
from the shutdown issue. It is easy to correct:
CSW2#conf t
L3SW4(config)#int po 33
L3SW4(config-if)#sw trun all vla ad 66
L3SW4(config-if)#end
R1#ping
Protocol [ip]:
Target IP address: 10.1.66.252
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.1.66.251
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
!!!!!
Lab Guide
77

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
78
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
79
Trouble Ticket C: Sample Troubleshooting Flow

resolve Trouble Ticket C.
Key Clue: ASW2 Ports Configuration

ASW2#sh run int f0/3
!
end
!
end
SWITCH v1.013
A possible first step is to verify switch ASW2 port to client CLT2 configuration. In this
example, the port is f0/3. The port is in trunk mode. It should be in access mode in VLAN 4.
You obviously correct this mistake:
ASW2#conf t
Enter configuration commands, one per line.
ASW2(config)#int f0/3
ASW2(config-if)#sw mo ac
ASW2(config-if)#end
End with CNTL/Z.
Since the switch ASW2 port configuration was incorrect, you may also want to verify the port
configuration to switch DSW2. In this example, the port is f0/1. You notice this time that the
port is in access mode, so you need to change it to trunk mode:
ASW2#conf t
ASW2(config)#int f0/1
ASW2(config-if)#sw mo trunk
ASW2(config-if)#end
End with CNTL/Z.
After you have made the changes, have you resolved the issue? Test the solution by trying to
renew client CLT2 IP address and if it fails, then there are other issues.
80
Key Clue: DSW2 Link to ASW2

DSW2#sh run int f0/6
!
shutdown
end
SWITCH v1.014
Now turn your attention to switch DSW2 and check its connection to switch ASW2. The port is
shutdown so you need to re-enable it for communication to switch ASW2:
DSW2#conf t
DSW2(config)#int f0/6
DSW2(config-if)#no sh
DSW2(config-if)#end
End with CNTL/Z.
When renewing the client CLT2 IP address this time, CLT2 does obtain an IP address but you
notice that the IP address is on the wrong VLAN. Client CLT2 has an address in VLAN 1
instead of VLAN 4.
Lab Guide
81
Key Clue: Native VLAN

DSW2#sh run int po 32
!
switchport trunk native vlan 4
end
SWITCH v1.015
You have already checked the port configuration for client CLT2 on switch ASW2 and you
know it is an Access port in VLAN 4. The switches DSW1 and DSW2 port configuration show
that the ports are in trunking mode and a possible cause might be a native VLAN problem.
Checking the port configuration on switch DSW2 to switches CSW1 and CSW2 verifies the
problem as a Native VLAN issue:
!
end
!
end
Both links are in native VLAN 4. As all the other links are in native VLAN 1, the DHCP
request is forwarded untagged to from switch DSW2 to switch CSW2 on VLAN 4, and switch
CSW2 forwards it to its native VLAN 1 to router R2.
Changing the native VLAN between switches DSW2 and CSW1 and between switches DSW2
and CSW2 solves the problem.
82

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
83
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
84

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
85
Lab 2-3: Implement Private VLANs

Activity Objective
As private VLANs were an interesting part of module 2, you would like to experiment on this
feature. The lab has two routers, each of them having a link to both switches CSW1 and CSW2,
and you think that it would be interesting to use them to try the isolated VLAN. As you do not
want to keep your routers isolated for the next labs, this feature will have to be removed when
moving to lab 3-1. So make sure that you saved before this optional task, and that you reboot
the switches you use for this task before moving to next lab. After completing this activity, you
will be able to meet these objectives:
Plan a segmented private VLANs implementation.
Create a private VLANs implementation and verification plan.
Implement private VLANs.
Information Packet
Make sure you saved your configuration before moving to this step. As you do not want to keep
your routers isolated for the next labs, private VLANs will have to be removed when moving to
lab 3-1. Be sure to save before this optional task, and reboot the switches you use for this task
before moving to next lab.
For this task, use VLANs 501 and 51, and switch CSW1. Start by configuring switch CSW1 to
support VLAN 501 and 51. Connect to routers R1 and R2, and create an interface for VLAN
51. Configure a static IP address for each router using the table below:
Device name
Interface
IP address
VLAN
R1
F0/0.51
10.1.51.1/24
51
R2
F0/1
10.1.51.2/24
51
Verify that switch CSW1 link to router R2 is enabled, and in VLAN 51. Verify that switch
CSW1 trunk to router R1 allows VLAN 51.
Verify that both routers can ping each other from their VLAN 51 interface.
Once this point is verified, convert VLAN 51 to isolated, using VLAN 501 as the primary
VLAN. If your configuration is successful, routers R1 and R2 should not be able to ping each
other anymore.
You may want to use the Hint section of the lab to verify which steps are involved in this
configuration. The end of the lab guide contains the solution for this task. Once your
configuration is working, reboot switch CSW1 and routers R1 and R2 without saving the
configuration.
86
Network Diagram
Visual Objective for Lab 2-3: Configure Private

VLANs
SWITCH v1.016
Lab Guide
87
Command List
88
Command
Description

interface range
fastethernet |
gigabitethernet
name vlan-name

configuration mode.

type
Disables a VLAN interface.
private-vlan association
vlan-list
Specifies which secondary VLANs are associated to the primary

VLAN.
private-vlan isolated
Configures the current VLAN as an isolated VLAN.
private-vlan primary
Configures the current VLAN as a primary VLAN.
show vlan
show vtp status
Shows the VTP configuration.

vlan-id

trunking.


convert the link into a trunk link.

switchport trunk
encapsulation dot1q
switchport trunk
encapsulation isl
Specifies ISL encapsulation on the trunk link.
desirable
Unconditionally enables Port Aggregation Protocol (PAgP).

Desirable mode places an interface into a negotiating state in
which the interface initiates negotiations with other interfaces by
sending PAgP packets. A channel is formed with another port
group in either the desirable or auto mode. When desirable is
enabled, silent operation is the default.
show running-config
Job Aids
Value
Location
Task 1
Task 2
Task 3
End of this lab
Hint Section
Hint Section
Verification hints
Hint Section
Lab Guide
89

configure each device (for example, for example devices involved, role, etc.). Use the
following table, the initial lab visual objective, the Implementation Policy and Devices
Information to create an Implementation Requirement list. Include the high-level
Device
90
High Level Task
Information Source

Complete
Device
Implementation
Order
Values and items to

implement

expected results
Lab Guide
91
Complete
92
Device
Implementation
Order
Values and items to

implement

expected results

to connect to the remote lab and implement your solution. Do not forget to save! Once your
solution is implemented, verify your configuration is working and fulfills the requirements
specified by the company. Keep in mind that once you leave the company, they will use your
configuration as a whitepaper to implement their network. The company will apply your
configuration, without modification, to connect any device of the same type as the one you
configured for each port. Use the previous table to document the verifications you conducted to
ensure that your solution is complete. Hints are available at the end of this lab if you are unsure
about the verification steps.
Lab Guide
93
Student Notes
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
94
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
95

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
96
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
97

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
98
Hints
Lab 2-3 Hint Sheet: Implement private VLANs

Device
Hint
CSW1
Create VLAN 51 and 501
Allows VLANs 51 and 501 on trunks to R1
Set link to R2 to VLAN 51
Set VLAN 501 as primary and 51 as isolated
R1
Configure subinterface to CSW1 in VLAN 51
R2
Configure interface to CSW1 in VLAN 51

An example of the Implementation and Verification Plan follows.
Complete
Device
Implementation
Order
Verification method
and expected results
Stepbystep
No
CSW1
Create VLAN 51.
Show vlan.
Create VLAN 501.
Show vlan.
Allow VLAN 51 on the trunk link to

R1.
Show run interface to

R1.
Configure link to R2 as access

mode, VLAN 51.
Show run interface to

R2.
After R1 and R2 links are

configured successfully, set VLAN
51 to be isolated.
Show private vlan.
Set VLAN 501 to be primary,

mapped to VLAN 51.
Show private vlan.
R1
Configure subinterface on link to

R1 to be 10.1.51.1/24.
Show ip interface brief.
R2
Configure link to CSW1 to be

10.1.51.2/24.
Show ip interface brief.
Ping R1 interface 10.1.51.1.
Ping should succeed.
10
Try to ping R1 interface 10.1.51.1.
Ping should fail.
11
Reload without saving.
Show run.
CSW1,
R1, R2
Lab Guide
99
Step 1
Create VLANs 51 and 501 on switch CSW1:
Step 2
Access CSW1 console.
Create vlan 51 using: vlan 51.
Create vlan 501, using: vlan 501.
Allow VLAN 51 support on the trunk links to router R1:

Interface f0/11
Switchport trunk allowed vlan add 51
Step 3
Set CSW1 link to router R2 f0/1 to VLAN 51:

Interface f0/12
No shutdown
Step 4
Configure R1 interface to be 10.1.51.1/24:

Interface f0/0.51
Encapsulation dot1q 51
Ip address 10.1.51.1 255.255.255.0
Step 5
Configure router R2 f0/1 interface to be 10.1.51.2/24:

Interface f0/1
Ip address 10.1.51.2 255.255.255.0
No shutdown
Step 6
Try to ping from router R1 to router R2 or back, ping should be successful:

R2#ping 10.1.51.1
!!!!!
Step 7
Configure VLAN 501 and 51 to be primary and isolated respectively, on all the involved switches:
vlan 501
private-vlan association 51
vlan 51
name TestIsolated
Step 8
Try to ping from router R1 to router R2 or back, ping should fail:

R2#ping 10.1.51.1
.....
Step 9
100
Revert your configuration to a state prior to task 4: reboot routers R1, R2, and switch CSW1
without saving the configuration.

Complete this lab activity to reinforce your understanding of Spanning Tree Protocol
implementation from the course.
Activity Objective
Congratulations! You were chatting about spanning tree with a friend at the cafeteria, and the
head of the local University heard your conversation. She selected you to make a presentation
about spanning tree, and to demonstrate on live equipment, in front of a large audience, how
you would configure the various modes of spanning tree. You decide that preparing a little bit
for this presentation could be useful, and that you would use your pod to walk through the
different steps involved and the various spanning tree modes. In this activity, you will design
and implement Multiple Spanning Tree Protocol (MSTP) in Layer 2 topology. As you complete
the design, you will connect to your remote lab to implement your solution. After completing
this activity, you will be able to meet these objectives:
Design a spanning tree.
Create a spanning tree implementation plan.
Implement a spanning tree according to implementation plan.
Create a spanning tree verification plan.
Verify the spanning tree according to the verification plan.
Lab Guide
101
Information Packet
You will observe and configure the functioning of Spanning Tree Protocol (STP) in your
network. The following list details the preparation and configuration requirements for all
switches in the company network. Your configuration must implement all these requirements:
In the lab progression, you should observe the existing STP random state, and then
convert your configuration to MSTP.
Before configuring and enabling spanning tree, verify that the Etherchannels configured in
lab 2-1 have been be configured properly. Enable the EtherChanel links between switches
CSW1 and DSW2, between switches CSW2 and DSW1, between switches DSW1 and
ASW2, and between switches DSW2 and ASW1. Link between switch CSW1 and router
R2 and link between switch CSW2 and router R1 must also be configured, but only on the
switch side. The router side is already configured. Only the link between switch DSW1 and
switch DSW2 should remain shut.
Switch DSW1 is to be the primary root bridge for odd VLANs, switch DSW2 is to be the
primary root bridge for even VLANs. When instances are used, switch DSW1 is root for
instance 0 and 1, switch DSW2 is root for instance 2. Instance 1 contains the odd VLANs,
instance 2 contains the even VLANs. 1 region is enough for your network.
For all VLANs for which switch DSW1 is primary root, switch DSW2 must be secondary
root. For all VLANs for which switch DSW2 is primary root, switch DSW1 must be
secondary root.
The Device Information section describes the VLANs and corresponding roots.
Device Information
The table provides the Layer 3 reachability information specific to each switch in the network:
102
Device name
Role
IP address
Gateway
VLAN
ASW1
10.1.1.1/24
10.1.1.251
ASW2
10.1.1.2/24
10.1.1.252
DSW1
Layer 3 switch
10.1.1.11/24
10.1.1.251
DSW2
Layer 3 switch
10.1.1.22/24
10.1.1.252
CSW1
Layer 3 switch
10.1.1.111/24
10.1.1.251
CSW2
Layer 3 switch
10.1.1.222/24
10.1.1.252
R!
Router
Fa0/0: 10.1.1.251/24
R2
Router
Fa0/0: 10.1.1.252/24
Links between switches should already be bundled together. The following table shows all
possible numbering conventions for these link bundles. Note that NOT all of these numbers
will be used:
Device
Link to
Bundle number should be:
ASW1
DSW1
11
ASW1
DSW2
12
ASW2
DSW1
11
ASW2
DSW2
12
DSW1
ASW1
11
DSW1
ASW2
12
DSW1
DSW2
21 To remain shutdown
DSW1
CSW1
31
DSW1
CSW2
32
DSW2
ASW1
11
DSW2
ASW2
12
DSW2
DSW1
DSW2
CSW1
31
DSW2
CSW2
32
CSW1
DSW1
31
CSW1
DSW2
32
CSW1
CSW2
33
CSW2
DSW1
31
CSW2
DSW2
32
CSW2
CSW1
33
VLAN Information
VLAN
Root
Backup
Instance
(when needed)
DSW1
DSW2
Instance1
DSW1
DSW2
Instance1
DSW2
DSW1
Instance2
11
DSW1
DSW2
Instance1
12
DSW2
DSW1
Instance2
63
DSW1
DSW2
Instance1
64
DSW2
DSW1
Instance2
65
DSW1
DSW2
Instance1
66
DSW2
DSW1
Instance2
Lab Guide
103
Network Diagram
Visual Objective for Lab 3-1: Implement

Multiple Spanning Tree
SWITCH v1.017
Command List
Command
Description
instance instance-id vlan

vlan-range
Maps VLANs to an MST instance.

For instance-id, the range is 0 to 4094.
For vlan vlan-range, the range is 1 to 4094.
name name
Specifies the configuration name. The name string has a

maximum length of 32 characters and is case sensitive.
revision version
Specifies the configuration revision number. The range is 0 to

65535.
show pending
Shows your configuration by displaying the pending

configuration.
show spanning-tree vlan

vlan-id
Displays your entries.
show spanning-tree summary
spanning-tree mode {pvst |

mst | rapid-pvst}
Configures spanning-tree mode.
panning-tree mst
configuration
104
Select pvst to enable PVST+ (802,1D, the default setting).
Select mst to enable MSTP (and RSTP).
Select rapid-pvst to enable rapid PVST+.
Enters MST configuration mode.
Job Aids
Value
Location
Blank implementation requirements list for

MSTP
Task 2
Blank implementation and verification plan

form for MSTP
Task 3
Blank student notes for MSTP
Task 4
Hint Section
Hint Section
Verification hints
Hint Section
Solution configure answer key
Configuration section at the end of the lab

guide
Lab Guide
105
Task 1: Observing STP Random State

In the previous labs, the control of path between switches was ensured by shutting down the
unused ports. In this task, you will start by enabling all links between switches and between
switches and routers, except the link between switches DSW1 and DSW2. Then, observe and
document the random (default) state of the STP on Cisco switches, documenting root,
secondary, and paths between switches. Use the following table to document the random STP
state in your pod.
VLAN
Root
Secondary
1
3
4
11
12
63
64
65
66
106
Spanning Tree calculation will occur the same way for all VLANs allowed on the same
switches. Use the following table to determine, for each group of VLANs and from each switch
in your network, which path is used to reach the root:
VLANs
Switch
1, 3, 11, 63, 65
ASW1
Path to root
ASW2
DSW1
DSW2
CSW1
CSW2
4, 12, 64, 66
ASW1
ASW2
DSW1
DSW2
CSW1
CSW2
Lab Guide
107
Task 2: Create an Implementation Requirements List for MST

According to the multivendor policy in the University, a set of switches from another vendor
may be implemented in the University network. To prevent compatibility issues, you decide to
design and migrate the existing random STP configuration towards Multiple-instance STP
solution. This model will save CPU cycle by preventing per VLAN STP processing. To achieve
this goal, you have to mark the main requirements for the smooth migration to MST according
to the constraints in the Information Packet. You need to decide on the number of instances, the
distribution of VLANs among instances, and the role of each switch in this new architecture.
You have to list the main requirements, e.g. DSW1 will be primary root switch for instances 0
and 1 and secondary for instance 2. The opposite with DSW2 to be primary for instance 2 and
secondary for instances 0 and 1.
To help you, use the following table to report each switch role in the new architecture:
Device
108
Device role
MSTP instance
VLANs
Once the MST switch roles are clear in your mind, use the following table, the initial lab visual
objective, the implementation policy and devices information to create your implementation
requirement list. If you are unsure, you can use the hints information provided at the end of the
lab guide.
Device
High level task
Information source
Lab Guide
109
Task 3: Create Implementation and Verification Plan

It is very important to establish a task list of the needed configurations and the possible
verifications for every configuration change. It must be a detailed step-by-step list. The order in
which each change should be applied is critical, since a successful implementation depends on
the order. With the help of this list you can define configuration checkpoints. The actual
implementation will be conducted in the next lab. Use the following table and the information
from the Information Packet and the previous tasks to prepare your Implementation and
Verification plan. If you are unsure, you can use the hints information provided at the end of
this lab.
Complete
110
Device
Implementation
Order
Values and items to

implement

expected results
Complete
Device
Implementation
Order
Values and items to

implement

expected results
Lab Guide
111
Complete
112
Device
Implementation
Order
Values and items to

implement

expected results
Complete
Device
Implementation
Order
Values and items to

implement

expected results
Lab Guide
113

specified in the Information Packet. Use the previous table to document the verifications you
114
Student Notes
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
115
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
116

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
117
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
118

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
119
Hints
Lab 3-1 Hint Sheet: Implement Multiple Spanning Tree

Spanning Tree Random State
In a random state, STP could show the following configuration. The actual configuration in
your pod may be different, as the random configuration depends on the actual physical
switches that you are using.
VLAN
Root
Secondary
CSW1
DSW2
CSW1
DSW2
CSW1
DSW2
11
CSW1
DSW2
12
CSW1
DSW2
63
CSW1
DSW2
64
CSW1
DSW2
65
CSW1
DSW2
66
CSW1
DSW2
If the random state of Spanning Tree is as described in the above table, the path to root could
be as follows:
VLAN
Switch
Path to root
1, 3, 11, 63, 65
ASW1
Fa 0/1
ASW2
Fa 0/2
DSW1
Po 31
DSW2
Po 32
CSW1
N/A
CSW2
Po 33
ASW1
Fa 0/1
ASW2
Fa 0/2
DSW1
Po 31
DSW2
Po 32
CSW1
N/A
CSW2
Po 33
4, 12, 64, 66
120
Step 1
Connect to DSW1 switch interface in configuration mode.
Step 2
Enable previously shut ports:

DSW1(config)#interface range FastEthernet0/3 - 4
DSW1(config-if)# no shutdown
Step 3
Repeat the same process on switches DSW2, CSW1 and CSW2.
Step 4
Verify spanning-tree root status on all switches. For example, on DSW2:

DSW2#sho spanning-tree root
Root
Hello Max Fwd
Vlan
Root ID
Cost
Time Age Dly
Root Port
-------------- ------------------ --------- ----- --- --- -----------24577 001f.2721.8680
VLAN0001
32
2
20 15 Fa0/5
24579 001f.2721.8680
VLAN0003
32
2
20 15 Fa0/5
24580 001f.2721.8600
0
2
20 15
VLAN0004
24587 001f.2721.8680
32
2
20 15 Fa0/5
VLAN0011
24588 001f.2721.8600
0
2
20 15
VLAN0012
24639 001f.2721.8680
32
2
20 15 Fa0/5
VLAN0063
24640 001f.2721.8600
0
2
20 15
VLAN0064
24641 001f.2721.8680
32
2
20 15 Fa0/5
VLAN0065
24642 001f.2721.8600
0
2
20 15
VLAN0066
Design a MST Solution for an L2 Network

The first task is to decide which device has which role in which instance. Roles, as per the
Information Packet, are as follows:
Device
Device role
MSTP instance
DSW1
primary root
primary root
1,3,11,63,65
secondary root
4,12,64,66
primary root
4,12,64,66
secondary root
secondary root
DSW2
VLANs
1,3,11,63,65
Lab Guide
121
122
Device
Hint
Distribution
switches
MST configuration region 1,

instances 0,1 and 2
Distribution
switches
Primary and secondary root bridges
Distribution
switches
VLAN distribution between the root

bridge switches
All
switches
MST
All
switches
Verification
Device
DSW1
DSW2
ASW1
ASW2
CSW1
CSW2
High level task
Comment [A1]: This table doesnt not

have a title or lead-in.
Information source
MST configuration region1, instance 1
Network Diagram, Design and Implementation

Requirements

Requirements
MST instance 1 assign odd VLANs 1,3,11,63,65
Design and Implementation Requirements
MST instance 2 assign even VLANs 4,12,64,66
MST primary root for instance 1
MST secondary root for instance 2

Requirements

Requirements
MST primary root for instance 2
MST secondary root for instance 1
MST configuration region1, instances

0,1 and 2

0,1 and 2

0,1 and 2

0,1 and 2
Lab Guide
123

unique to each device. An example of the Implementation and Verification Plan follows.
Complete
Device
Implementation
Order
Values and items to

implement
Verification method
DSW1
Mst instance 1.
Show pending.
Assign VLANs 1,3,11,63,65 to

instance 1.
Show pending.
Mst instance 2.
Show pending.
assign VLANs 4,12,64,66 to

instance 2.
Show pending.
Change stp mode to mst.
Show spanning-tree.
Primary root for instances 0-1.
Show spanning-tree
root.
Secondary root for instance 2.
Show spanning-tree
root.
Mst instance 1.
Show pending.

instance 1.
Show pending.
10
Mst instance 2.
Show pending.
11
Assign VLANs 4,12,64,66 to

instance 2.
Show pending.
12
Show spanning-tree.
13
Primary root for instance 2.
Show spanning-tree
root.
14
Secondary root for instances 01.
Show spanning-tree
root.
16
Mst instance 1.
Show pending.
17

instance 1.
Show pending.
18
Mst instance 2.
Show pending.
19

instance 2.
Show pending.
20
Show spanning-tree.
21
Mst instance 1.
Show pending.
22

instance 1.
Show pending.
23
Mst instance 2.
Show pending.
24

instance 2.
Show pending.
25
Show spanning-tree.
26
Mst instance 1.
Show pending.
DSW2
ASW1
ASW2
CSW1
124
Complete
Device
CSW2
Implementation
Order
Values and items to

implement
Verification method
27

instance 1.
Show pending.
28
Mst instance 2.
Show pending.
29
assign VLANs 4,12,64,66 to

instance 2.
Show pending.
30
Show spanning-tree.
31
Mst instance 1.
Show pending.
32

instance 1.
Show pending.
33
Mst instance 2.
Show pending.
34

instance 2.
Show pending.
35
Show spanning-tree.
Step 1
Enter MST configuration mode on switch DSW1:
DSW1(config)# spanning-tree mst configuration
Step 2
Configure region name:
Step 3
Configure revision:
DSW1(config-mst)# name region1
DSW1(config-mst)# revision 1
Step 4
Put VLANs 1,3,11,63 and 65 in instance 1:
Step 5
Put VLANs 4,12,64 and 66 in instance 2:
DSW1(config-mst)# instance 1 vlan 1, 3, 11, 63, 65
DSW1(config-mst)# instance 2 vlan 4, 12, 64, 66

Step 6
Show pending to check the configuration:

DSW1(config-mst)#sho pending
Pending MST configuration
[]
Name
Instances configured 3
Revision 1
Instance Vlans mapped
-------- -----------------------------------------------------------2,5-10,13-62,67-4094
0
1
1,3,11,63,65
2
4,12,64,66
---------------------------------------------------------------------DSW1(config-mst)#
Step 7
Change the stp mode to MST on switch DSW1:
Step 8
Configure spanning-tree root primary for instance 0 and for instance 1 on switch DSW1:
Step 9
Configure spanning-tree root secondary for instance 2 on switch DWS1:
DSW1(config)# spanning-tree mode mst
DSW1(config)# spanning-tree mst 0-1 root primary
DSW1(config)# spanning-tree mst 2 root secondary
Lab Guide
125
Step 10
Verify spanning-tree root status:

MST Instance
---------------MST0
MST1
MST2
Root
Hello Max Fwd
Root ID
Cost
Time Age Dly Root Port
------------------ --------- ----- --- --- --------24576 001f.2721.8680
0
2
20 15
24577 001f.2721.8680
0
2
20 15
24578 001f.2721.8600
200000
2
20 15 Fa0/5
Step 11
Repeat steps 1 to 7 on switch DSW2:
Step 12
Configure spanning-tree root primary for instance 2 on switch DWS2:
Step 13
Configure spanning-tree root secondary for instance 0 and for instance 1 on switch DSW2:
Step 14
Verify spanning-tree root status:
DSW2(config)# spanning-tree mst 2 root primary
DSW2(config)# spanning-tree mst 0-1 root secondary
MST Instance
---------------MST0
MST1
MST2
Root
Hello Max Fwd
Cost
Root ID
------------------ --------- ----- --- --- --------0
2
20 15 Fa0/5
24576 001f.2721.8680
2
20 15 Fa0/5
24577 001f.2721.8680
200000
24578 001f.2721.8600
0
2
20 15
Step 15
Repeat steps 1 to 7 on switch SW1.
Step 16
Repeat steps 1 to 7 on switch SW2.
Step 17
Repeat steps 1 to 7 on switch CSW1.
Step 18
Repeat steps 1 to 7 on switch CSW2.
Step 19
Verify spanning-tree root repeat step 10.
Step 20
Verify spanning-tree blocked ports on switch DSW1:

DSW1#sho spanning-tree blockedports
Name
Blocked Interfaces List
-------------------- -----------------------------------MST2
Po32
Number of blocked ports (segments) in the system : 1
Step 21
126
Repeat step 21 on all the rest switches.

Complete this lab activity to reinforce your understanding of Spanning Tree Protocol
implementation from the course.
Activity Objective
Congratulations! Your MSTP configuration was a success. You are asked to give another
presentation focusing on PVRST+. Here again, you decide that preparing a little bit for this
presentation could be useful, and that you would use your pod to walk through the different
steps involved. In this activity, you will design and implement Per VLAN Rapid Spanning Tree
Plus (PVRST+) in Layer 2 topology. As you complete the design, you will connect to your
remote lab to implement your solution. At the end of the lab, you will keep this solution best
adapted to this lab environment. You will then have all the steps required to perform your live
presentation. After completing this activity, you will be able to meet these objectives:
Design a spanning tree
Create a spanning tree implementation plan
Implement a spanning tree according to implementation plan
Create a spanning tree verification plan
Verify the spanning tree according to the verification plan
Information Packet
You will migrate your configuration to PVRST+. The following list details the preparation and
configuration requirements for all switches in the company network. Your configuration must
implement all these requirements:
Before configuring and enabling spanning tree, verify that the Etherchannels enabled in lab
3-1 are still enabled. You need full and redundant connectivity for this lab. Only the link
between switch DSW1 and switch DSW2 must remain shut.
Switch DSW1 is to be the primary root bridge for odd VLANs, switch DSW2 is to be the
primary root bridge for even VLANs.
For all VLANs for which switch DSW1 is primary root, switch DSW2 must be secondary
root. For all VLANs for which switch DSW2 is primary root, switch DSW1 must be
secondary root.
The Device Information section describes the VLANs and corresponding roots.
Lab Guide
127
Device Information
The table provides the Layer 3 reachability information specific to each switch in the network:
Device name
Role
IP address
Gateway
VLAN
ASW1
10.1.1.1/24
10.1.1.251
ASW2
10.1.1.2/24
10.1.1.252
DSW1
Layer 3 switch
10.1.1.11/24
10.1.1.251
DSW2
Layer 3 switch
10.1.1.22/24
10.1.1.252
CSW1
Layer 3 switch
10.1.1.111/24
10.1.1.251
CSW2
Layer 3 switch
10.1.1.222/24
10.1.1.252
R!
Router
Fa0/0: 10.1.1.251/24
R2
Router
Fa0/0: 10.1.1.252/24
Links between switches should be already be bundled together. The following table shows all
possible numbering conventions for these link bundles. Note that NOT all of these numbers
need to be used:
128
Device
Link to
Bundle number should be:
ASW1
DSW1
11
ASW1
DSW2
12
ASW2
DSW1
11
ASW2
DSW2
12
DSW1
ASW1
11
DSW1
ASW2
12
DSW1
DSW2
DSW1
CSW1
31
DSW1
CSW2
32
DSW2
ASW1
11
DSW2
ASW2
12
DSW2
DSW1
DSW2
CSW1
31
DSW2
CSW2
32
CSW1
DSW1
31
CSW1
DSW2
32
CSW1
CSW2
33
CSW2
DSW1
31
CSW2
DSW2
32
CSW2
CSW1
33
VLAN Information
VLAN
Root
Backup
DSW1
DSW2
DSW1
DSW2
DSW2
DSW1
11
DSW1
DSW2
12
DSW2
DSW1
63
DSW1
DSW2
64
DSW2
DSW1
65
DSW1
DSW2
66
DSW2
DSW1
Network Diagram

PVRST+
SWITCH v1.018
Lab Guide
129
Command List
Command
Description
name name
Specifies the configuration name. The name string has a

maximum length of 32 characters and is case sensitive.
show pending
Shows your configuration by displaying the pending

configuration.
show spanning-tree vlan

vlan-id
show spanning-tree summary
spanning-tree mode {pvst |

mst | rapid-pvst}
Configures spanning-tree mode.
spanning-tree vlan vlan-id

root primary [diameter
net-diameter [hello-time
seconds]]
spanning-tree vlan vlan-id

root secondary [diameter
net-diameter [hello-time
seconds]]
130
Select pvst to enable PVST+ (802,1D, the default setting).
Select mst to enable MSTP (and RSTP).
Select rapid-pvst to enable rapid PVST+
Configures a switch to become the root for the specified VLAN.
For vlan-id, you can specify a single VLAN identified by

VLAN ID number, a range of VLANs separated by a
hyphen, or a series of VLANs separated by a comma. The
range is 1 to 4094.
(Optional) For diameter net-diameter, specify the maximum

number of switches between any two-end stations. The
range is 2 to 7.
(Optional) For hello-time seconds, specify the interval in

seconds between the generation of configuration
messages by the root switch. The range is 1 to 10; the
default is 2.
Configures a switch to become the secondary root for the

specified VLAN.
For vlan-id, you can specify a single VLAN identified by

VLAN ID number, a range of VLANs separated by a
hyphen, or a series of VLANs separated by a comma. The
range is 1 to 4094.
(Optional) For diameter net-diameter, specify the maximum

number of switches between any two end stations. The
range is 2 to 7.
(Optional) For hello-time seconds, specify the interval in

seconds between the generation of configuration
messages by the root switch. The range is 1 to 10; the
default is 2.
Job Aids
Value
Location
Blank implementation requirements list for

PVRST+
Task 1

form for PVRST+
Task 2
Blank student notes
Task 3
Hint Section
Hint Section
Verification hints
Hint Section

guide
Lab Guide
131
Task 1: Create an Implementation Requirements List for

Migration to PVRST+
Your MST configuration should work properly, but you like the idea of enhancing the
efficiency of the convergence in case of a link failure. An efficient technology to achieve this
goal is to use PVRST+. This is why you want to migrate your network from MST to PVRST+
before presenting this solution during your next conference. Here again, you need to decide and
document which switch should be root for which VLAN. Use the following table and the
Information Packet:
VLAN
Root
Secondary
1
3
4
11
12
63
64
65
66
132
At this point, your lab network has a functioning MST implementation and you are ready to
migrate it to PVRST+. You have to make a list with the requirements in order to prepare a
detailed implementation and verification plan in the next task. Use the Information Packet to
gather the needed information. If you are unsure, you can use the hints information provided at
the end of the lab guide.
Device
High Level Task
Information Source
Lab Guide
133
Device
134
High Level Task
Information Source
Task 2: Create an Implementation and Verification Plan for your

Solution
This is the most important step in the planning process. Based on the information from the
Information Packet and the previous tasks, you must prepare a step-by-step Implementation and
Verification plan. The task will help you setup configuration checkpoints to verify your
progress. Use the plan to verify each item in the implementation. Use the following table to
document your steps in the correct order. If you are unsure, use the hints information provided
at the end of this lab.
Complete
Device
Implementation
Order
Values and items to

implement

expected results
Lab Guide
135
Complete
136
Device
Implementation
Order
Values and items to

implement

expected results
Complete
Device
Implementation
Order
Values and items to

implement

expected results
Lab Guide
137
Complete
138
Device
Implementation
Order
Values and items to

implement

expected results

to connect to the remote lab and implement your solution. Do not forget to save! You will keep
this PVRST+ configuration and use it for the subsequent labs.
requirements specified in the Information Packet. Use the previous table to document the
verifications you conducted to ensure that your solution is complete. Hints are available at the
end of this lab if you are unsure about the verification steps.
Lab Guide
139
Student Notes
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
140
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
141

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
142
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
143

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
144
Hints
Lab 3-2 Hint Sheet: Implement PVRST+

Design a PVRST+ Solution for an L2 Network
When migrating from MSTP to PVRST+, the device role may be as follows:
Device
Device role
VLANs primary
VLANs secondary
DSW1
STP root
1,3,11,63,65
4,12,64,66
DSW2
STP root
4,12,64,66
1,3,11,63,65
Device
Hint
All
switches
Change stp from mst to rapid-pvst.
Distribution
switches
Primary and secondary root bridge.
Distribution
switches
VLAN distribution between the root

bridge switches.
All
switches
Verification.
Device
High Level Task
Information Source
DSW1
Spanning-tree mode rapid-pvst
DSW1
Spanning-tree primary root for odd

VLANs

Requirements
DSW1
Spanning-tree secondary root for even

VLANs

Requirements
DSW2
DSW2
Spanning-tree primary root for even

VLANs

Requirements
DSW2
Spanning-tree secondary root for odd

VLANs

Requirements
ASW1
ASW2
CSW1
CSW2
Lab Guide
145

unique to each device. An example of the Implementation and Verification Plan follows.
Complete
Device
Implementation
Order
Values and items to

implement

expected results
DSW1
Spanning-tree mode rapidpvst
Show spanning-tree.
spanning-tree vlan
1,3,11,63,65 root primary
Show spanning-tree root.
spanning-tree vlan
4,12,64,66 root secondary
Show spanning-tree vlan .
No spanning-tree mst
configuration
Show run.
Show spanning-tree.
spanning-tree vlan
4,12,64,66 root primary
Show spanning-tree root.
spanning-tree vlan
1,3,11,63,65 root
secondary
Show spanning-tree vlan .
configuration
Show run.
Show spanning-tree.
10
configuration
Show run.
11
Show spanning-tree.
12
configuration
Show run.
13
Show spanning-tree.
14
configuration
Show run.
15
Show spanning-tree.
16
configuration
Show run.
DSW2
ASW1
ASW2
CSW1
CSW2
146
Step 1
Change STP mode from MST to PVRST+ on switch DSW1:
DSW1(config)# spanning-tree mode rapid-pvst
Step 2
Configure spanning-tree root primary for VLANs 1, 3, 63 and 65 on switch DSW1:
Step 3
Configure spanning-tree root secondary for VLANs 4, 12, 64 and 66 on switch DSW1:
Step 4
Remove MST configuration on switch DSW1:
Step 5
Repeat step 1 on switch DSW2:
Step 6
Configure spanning-tree root primary for VLANs 4, 12, 64 and 66 on switch DSW2:
Step 7
Configure spanning-tree root secondary for VLANs 1, 3, 63 and 65 on switch DSW2:
Step 8
Repeat step 4 on switch DSW2.
Step 9
Step 10
Step 11
Repeat steps 1 and 4 on switch CSW1.
Step 12
Repeat steps 1 and 4 on switch CSW2.
Step 13
Verify spanning-tree root on switch DSW1:
DSW1(config)# spanning-tree vlan 1,3,11,63,65 root primary
DSW1(config)# spanning-tree vlan 4,12,64,66 root secondary
DSW1(config)# no spanning-tree mst configuration
DSW2(config)# spanning-tree vlan 4,12,64,66
root primary
DSW2(config)# spanning-tree vlan 1,3,11,63,65 root secondary
Vlan
---------------VLAN0001
VLAN0003
VLAN0004
VLAN0011
VLAN0012
VLAN0063
VLAN0064
VLAN0065
VLAN0066
DSW1#
Step 14
Root
Hello Max Fwd
Root ID
Cost
------------------ --------- ----- --- --- --------0
2
20 15
24577 001f.2721.8680
2
20 15
24579 001f.2721.8680
0
2
20 15 Fa0/5
24580 001f.2721.8600
19
0
2
20 15
24587 001f.2721.8680
19
2
20 15 Fa0/5
24588 001f.2721.8600
0
2
20 15
24639 001f.2721.8680
24640 001f.2721.8600
19
2
20 15 Fa0/5
24641 001f.2721.8680
0
2
20 15
24642 001f.2721.8600
19
2
20 15 Fa0/5
Repeat step 13 on all switches.
Lab Guide
147
Lab 3-3: Troubleshooting Spanning Tree Issues

Activity Objective
In this activity, you will analyze, locate, and fix STP problems on your network caused by
misconfiguration or design error. You should prepare a troubleshooting plan which will guide
you step-by-step in your efforts. You should be able to quickly fix the network using the skills
learned in this module. After completing this activity, you will be able to meet these objectives:
Develop a work plan to troubleshoot configuration and security issues, related to the STP.
Isolate the causes of the problems.
Correct all of the identified Spanning Tree issues.
Document and report the troubleshooting findings and recommendations.
Visual Objective
Visual Objective for Lab 3-3: Troubleshooting

Spanning Tree Issues
148
SWITCH v1.019
Command List
Command
Description
configure terminal
Enters global configuration mode from privileged EXEC mode,
Enters the privileged EXEC mode command interpreter.
interface fastethernet
| gigabitethernet
slot/port

spanning-tree bpdufilter
enable
Enables BPDU filtering on an interface.
spanning-tree bpduguard
enable
Enables BPSU guard feature on an interface..
show spanning-tree
blockedports
Shows the ports that are blocked by the spanning tree algorithm.
exit
Exits the current mode.
Job Aids
Trouble Tickets
Troubleshooting Log
Trouble Ticket A: Switch Optimization Gone Wrong

You have been on a vacation for a short period of time. During your absence, your junior
colleague managed the switched network. The IT manager asked him to improve the behavior
of the network. He made some changes and as a result you saw a lot of error messages in the
logs of your switches on your arrival back. You are asked by the management to quickly
correct the situation, as the network is very slow.
Your task is to diagnose the issues and restore normal network operation.
Trouble Ticket B: Unstable STP

Your assistant reports that ports are in an err-disabled state and that the link between the root
switches is down. The STP shows that no VLANs are blocked on the root switches. Your task
is to identify the misconfigured item(s) and solve the issue(s) to recover connectivity between
DSW1 and DSW2 and ensure that the STP algorithm is enabling the proper paths.
Lab Guide
149
Instructions
As you can see from the troubleshooting tickets, this troubleshooting lab contains two types of
issues:
Ticket one involves error messages on several switches in the lab.
Ticket two involves problems with switch interfaces in error-disabled state.
Each ticket involves several switches, so the whole team has to work together to solve each of
them. Together with your team members, create a troubleshooting plan to divide the work,
assign each team member appropriate roles and coordinate device access between the team
members. Document your progress in the Troubleshooting Log provided below in order to
help facilitate efficient communication within the team and to have an overview of your
As different teams work at different speeds, this labs tickets are separated. To prepare the lab
for this exercise ask your instructor how you should initiate Trouble Ticket A. After the
instructor indicates that the lab is fully prepared, you are ready to start troubleshooting.
Once you fix ticket A, ask your instructor if time is left for you to move on to the next ticket. If
time allows, ask your instructor how you should initiate Trouble Ticket B. After the instructor
indicates that the lab is fully prepared, you are ready to start troubleshooting.
150
Troubleshooting Log
Trouble
Ticket
Actions and results
Lab Guide
151
Trouble
Ticket
152
Actions and results
Trouble
Ticket
Actions and results
Lab Guide
153
Trouble
Ticket
154
Actions and results
Trouble Ticket A:
Verify that on the L3 switches you can see no more error log entries generated.
Verify that on the L2 switches you do not have ports in err-disabled state.
Verify the STP status is the same as the end of Lab 3-1.
Trouble Ticket B:
Verify the STP is blocking the correct VLANs on the root switches.
Verify the appropriate links are up.
Verify you do not have ports in err-disabled state.
Lab Guide
155
Ticket A: Sample Troubleshooting Flow

resolve ticket A.
Key Clue: Error Logs on DSW1, DSW2 and

CSW1
DSW1#show logg
*Mar 6 18:10:41.823: %SW_MATM-4-MACFLAP_NOTIF: Host 0015.f904.bb2f in
vlan 1 is flapping between port Po35 and port Fa0/5
*Mar 6 18:10:41.823: %SW_MATM-4-MACFLAP_NOTIF: Host 0022.9042.2700 in
DSW2#show logg
CSW1#show logg
vlan 1 is flapping between port Po45 and port Po35
vlan 1 is flapping between port Po45 and port Po35
SWITCH v1.020
You have information for error log messages on your switches DSW1, DSW2 and CSW1.
The natural first task is to access these devices and view the error messages.
You can see that the error messages on the three switches are the same, regarding a flapping
MAC address of a host on EtherChannels and physical interfaces.
Revert to the diagram, determine what links participate in these PortChannels and interfaces.
You find out that the EtherChannels connect the Core switch CSW1 with the switches DSW1
and DSW2. You, also find out that the interfaces Fa 0/5 on both Distribution switches are the
connection between them. After this examination, you find out you have a switching loop.
A switching loop is related to the functioning of the STP, in our case PVRST+.
The next logical step is to check the PVRST+ on the affected interfaces.
156
Key Clue: Observe STP on Suspicious Ports

DSW1#show spanning-tree interface port-channel 31
Vlan
Role Sts Cost
Prio.Nbr Type
------------------- ---- --- --------- -------- -----------------------VLAN0001
Desg FWD 12
128.296
VLAN0003
Desg FWD 12
128.296
P2p
VLAN0004
Root FWD 12
128.296
P2p
VLAN0011
Desg FWD 12
128.296
P2p
VLAN0012
Root FWD 12
128.296
P2p
VLAN0063
Desg FWD 12
128.296
P2p
VLAN0064
Root FWD 12
128.296
P2p
VLAN0065
Desg FWD 12
128.296
P2p
VLAN0066
Root FWD 12
128.296
P2p
P2p
SWITCH v1.021
Lab Guide
157
SWITCH v1.022
You can verify the STP state for the affected interfaces, e.g. Po31 and Fa0/5, on DSW1.
You see that the STP state for interface Po31 looks normal, but the information returned for
interface Fa0/5 is more confusing. The same strange information appears on CSW2 Po33.
Proceed to the next switch.
158
SWITCH v1.023

DSW2#sho spanning-tree interface FastEthernet 0/5
Vlan
Role Sts Cost
Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------VLAN0001
Desg FWD 19
128.7
P2p
VLAN0003
Desg FWD 19
128.7
P2p
VLAN0004
Desg FWD 19
128.7
P2p
VLAN0011
Desg FWD 19
128.7
P2p
VLAN0012
Desg FWD 19
128.7
P2p
VLAN0063
Desg FWD 19
128.7
P2p
VLAN0064
Desg FWD 19
128.7
P2p
VLAN0065
Desg FWD 19
128.7
P2p
VLAN0066
Desg FWD 19
128.7
P2p
DSW2#
SWITCH v1.024
You check the STP state for the affected interfaces, e.g. Po31 and Fa0/5, on DSW2.
Here the situation is the same as it is on DSW1.
Your next logical step is to analyze the interface Fa0/5, as its state looks different from the
others.
Lab Guide
159

DSW1#sho spanning-tree interface FastEthernet 0/5 detail
Port 7 (FastEthernet0/5) of VLAN0001 is designated forwarding
Port path cost 19, Port priority 128, Port Identifier 128.7.
Designated root has priority 24577, address 001f.2721.8680
Designated bridge has priority 24577, address 001f.2721.8680
Designated port id is 128.7, designated path cost 0
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
Bpdu filter is enabled
BPDU: sent 260, received 9
SWITCH v1.025
You checked the STP for the interface Fa0/5 on DSW1.

Bpdu filter is enabled
You see that on interface Fa0/5 you have the bpdu filter feature enabled!
Since this is a feature that relates to access ports, preventing the BPDUs, and is a trunk
interface, you understand that this is a problem.
160
Key Clue: Check Why DSW2 Dont Receive

BPDU from DSW1
SWITCH v1.026
Check the configuration of the interface Fa0/5 on DSW1 to verify you have hit the problem:
DSW1#show run interface fastEthernet 0/5
interface fastEthernet 0/5
spanning-tree bpdufilter enable
You found a wrong configuration issue regarding STP security feature.
Lab Guide
161
Key Clue: Configure DSW1
DSW1#conf t
End with CNTL/Z.
DSW1(config)#interface fastEthernet 0/5

DSW1(config-if)#no spanning-tree bpdufilter enable
SWITCH v1.027
You have to correct the configuration:

DSW1#conf t
DSW1(config)#interface fastEthernet 0/5
DSW1(config-if)#no spanning-tree bpdufilter enable
162
Key Clue: Check DSW1
SWITCH v1.028
The same issue appears on CSW2 Po33 link. Resolve it the same way.
Verify the STP is back to normal and you have corrected the problem:
DSW1#sho spanning-tree interface FastEthernet 0/5
Vlan
Role Sts Cost
Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------VLAN0001
Desg FWD 19
128.7
P2p
VLAN0003
Desg FWD 19
128.7
P2p
VLAN0004
Root FWD 19
128.7
P2p
VLAN0011
Desg FWD 19
128.7
P2p
VLAN0012
Root FWD 19
128.7
P2p
VLAN0063
Desg FWD 19
128.7
P2p
VLAN0064
Root FWD 19
128.7
P2p
VLAN0065
Desg FWD 19
128.7
P2p
VLAN0066
Root FWD 19
128.7
P2p
Additionally, you can go to the switches again and check that there are no new error messages
in their logs.
Lab Guide
163
Key Clue: Check DSW1
SWITCH v1.029
Verify if the STP state shows that the bpdu filter feature is not enabled anymore:
Additionally, you can go to the switches again and check that there are no new error messages
in their logs.
164

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
165
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
166
Ticket B: Sample Troubleshooting Flow

resolve ticket B.
Key Clue: STP on DSW1
SWITCH v1.030
You check the reported switches for the blocked port and the STP status.
On DSW1 you find that Fa0/5 is in err-disabled state and that the STP is not blocking VLANs:
DSW1#sh spanning-tree blockedports
Name
-------------------- -----------------------------------Number of blocked ports (segments) in the system : 0
DSW1#
sho int fa 0/5
FastEthernet0/5 is down, line protocol is down (err-disabled)
Hardware is Fast Ethernet, address is 001f.2721.8687 (bia 001f.2721.8687)
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex, Auto-speed, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
.
Lab Guide
167
Key Clue: STP on DSW2
SWITCH v1.031
You find a similar situation on DSW2. Port Fa0/5 is in state notconnect and the STP is not
blocking VLANs, as expected:
Name
-------------------- -----------------------------------Number of blocked ports (segments) in the system : 0
DSW2#sho int fa 0/5
FastEthernet0/5 is down, line protocol is down (notconnect)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
You have a problem with the STP. It is not blocking VLANs as expected.
You find out that you need more information to hit the problem. The most natural first place to
look is the log.
168
Key Clue: Logs on DSW1
SWITCH v1.032
The log on DSW1 clearly shows you the problem a security spanning-tree feature, in our case
the bpduguard has put the Fa0/5 in err-disabled state, as BPDUs appeared on this interface.
Since it is normal to have BPDUs sent and received on this interface, you check the
configuration of this interface.
Lab Guide
169
Key Clue: Check Fa0/5 on CSW1
SWITCH v1.033
Your check of interface Fa0/5 shows the following:

DSW1#sho run int Fa0/5
!
switchport trunk allowed vlan 1,3,4,11,12,63-66
spanning-tree bpduguard enable
end
You find the bpdu guard feature configured on a trunk port.

You found a problem.
The next steps involve correction of the mistaken configuration and tests to determine if this is
the problem.
170
Key Clue: Disable STP bpduguard Fa0/5 on

CSW1
SWITCH v1.034
Make the needed configuration change:

DSW1#conf t
DSW1(config)#int Fa0/5
DSW1(config-if)#no spanning-tree bpduguard enable
DSW1(config-if)#shut
DSW1(config-if)#no shut
DSW1(config-if)#exit
Check the status of the interface:

DSW1#sho int Fa0/5
FastEthernet0/5 is up, line protocol is up (connected)
Verify the status of the STP and determine the correct VLANs are being blocked to be sure that
you have fixed the right problem.
Lab Guide
171
Key Clue: Check STP
SWITCH v1.035
The checks are successful:

Name
-------------------- -----------------------------------VLAN0004
Po31
VLAN0012
Po31
VLAN0064
Po31
VLAN0066
Po31
Name
-------------------- -----------------------------------VLAN0001
Po32
VLAN0003
Po32
VLAN0011
Po32
VLAN0063
Po32
VLAN0065
Po32
As the verification has been successful you have to document your findings.
172

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
173
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
174

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
175

Complete this lab activity to confirm your knowledge from the course on the topics of interVLAN routing and routing protocols.
Activity Objective
As the corporate network continues to grow the demands for expansion, better convergence and
reliability drove your IT manager to ask you for a solution for the migration towards a Layer 3
Core and Distribution design. He insisted on using dynamic routing protocol, to ease the
implementation of new networks, thus reducing the possibility of mistakes and risks of
operation failures. The specifications given to you from the IT manager clearly state the use of
EIGRP as routing protocol and implementation of separate networks on the links between the
Layer 3 switches. The distribution switches must become the new gateways and DHCP servers
for your access layer. Once the design is complete, you will connect to your remote lab to
implement your solution. After completing this activity, you will be able to meet these
objectives:
176
Design an L3 network.
Create an implementation requirements list.
Create a step-by-step implementation and verification plan.
Implement and verify Inter-VLAN routing and routing protocols.
Information Packet
You have to configure inter-VLAN routing and a routing protocol in your network. The
following list details regarding preparation and routing configuration requirements for all
switches in the company network. Your configuration must implement all of these
requirements:
Configure all interfaces between the Distribution and Core switches to become L3 links.
Configure the interfaces between switches DSW1 and DSW2 to become L3 links. Enable
this link.
Configure the links between the core switches and the routers to become L3.
Use the networks from the table provided below for the L3 links.
Setup SVI interfaces for data VLANs on both distribution switches according to the
information provided in the Device Information section.
Change management VLAN on Access switches from VLAN 1 to first data VLAN (VLAN
3 or VLAN 4 depending on devices). You need to create an SVI for this VLAN. The IP
addresses for your switches will change. For example, if your device VLAN 1 IP address
was in 10.1.1.0/24, VLAN 1 will no longer have an IP address, and VLAN 3 IP address
will be in 10.1.3.0/24. Apply this rule to all of your devices. Refer to the Devices
Information section to know which IP address should be used on which switch.
Remove the management VLAN 1 IP address on Distribution switches, as you can manage
them via any routed interface or SVI.
Switches DSW1 and DSW2 will be default gateways for the clients and the access
switches. Switch DSW1 will be the default gateway for switches ASW1 and CLT1, switch
DSW2 will be the default gateway for switch ASW2 and client CLT2.
Configure DHCP services on switches DSW1 and DSW2 for networks 10.1.3.0/24 and
10.1.4.0/24. Switch DSW1 must allocate addresses 50 to 99 and DSW2 must allocate
addresses 100 to 149 for each scope. Clients CLT 1 and CLT2 must obtain their IP address
from switch DSW1 or switch DSW2.
Remove DHCP service and sub-interfaces from routers R1 and R2.
Configure EIGRP AS 10 on the Core and Distribution switches and the Routers.
Execute the Verification plan to ensure IP connectivity.
Lab Guide
177
Devices Information
The table provides the L3 information specific to the devices in the network. These subnets use
a /31 (255.255.255.254) mask, using RFC 3021 specifications. Notice that this type of mask is
reserved for point-to-point links, which is the case here:
Device name
L3 interface
IP address
DSW1
Po 31
10.1.253.0/31
DSW1
Po 32
10.1.253.2/31
DSW1
P3
10.1.253.4/31
DSW2
Po 31
10.1.253.6/31
DSW2
Po 32
10.1.253.8/31
DSW2
P3
10.1.253.5/31
CSW1
Po 31
10.1.253.1/31
CSW1
Po 32
10.1.253.9/31
CSW1
Po 33
10.1.253.10/31
CSW1
P1
10.1.253.12/31
CSW1
P2
10.1.253.14/31
CSW2
Po 31
10.1.253.7/31
CSW2
Po 32
10.1.253.3/31
CSW2
Po 33
10.1.253.11/31
CSW2
P1
10.1.253.16/31
CSW2
P2
10.1.253.18/31
R1
P1
10.1.253.13/31
R1
P2
10.1.253.19/31
R2
P1
10.1.253.17/31
R2
P2
10.1.253.15/31
This table provides IP addressing information regarding the SVI interfaces on the switches:
Device
178
SVI
IP address
ASW1
VLAN 3
10.1.3.10/24
ASW2
VLAN 4
10.1.4.20/24
DSW1
VLAN 3
10.1.3.1/24
DSW1
VLAN 4
10.1.4.1/24
DSW2
VLAN 3
10.1.3.2/24
DSW2
VLAN 4
10.1.4.2/24
Network Diagram
Visual Objective for Lab 4-1: Implementing

Inter-VLAN Routing
SWITCH v1.036
Lab Guide
179
Command List
Command
Description
channel-group channelgroup-number mode {auto

[non-silent] | desirable
[non-silent] | on} | {active |
passive}
Assigns the port to a channel group, and specify the PAgP or

the LACP mode.
default-router address
[address2 ... address8]
180
For mode, select one of these keywords:
autoEnables PAgP only if a PAgP device is detected. It

places the port into a passive negotiating state, in which
the port responds to PAgP packets it receives but does not
start PAgP packet negotiation.
desirableUnconditionally enables PAgP. It places the

port into an active negotiating state, in which the port starts
negotiations with other ports by sending PAgP packets.
onForces the port to channel without PAgP or LACP. In

the on mode, an EtherChannel exists only when a port
group in the on mode is connected to another port group in
the on mode.
non-silent(Optional) Configure the switch port for

nonsilent operation when the port is in the auto or desirable
mode, if your switch is connected to a partner that is PAgP
capable,. If you do not specify non-silent, silent is assumed.
The silent setting is for connections to file servers or packet
analyzers. This setting allows PAgP to operate, to attach
the port to a channel group, and to use the port for
transmission.
activeEnables LACP only if a LACP device is

detected. It places the port into an active negotiating state
in which the port starts negotiations with other ports by
sending LACP packets.
passiveEnables LACP on the port and places it into a

passive negotiating state in which the port responds to
LACP packets that it receives, but does not start LACP
packet negotiation.
(Optional) Specifies the IP address of the default router for a

DHCP client.
The IP address should be on the same subnet as the client.
One IP address is required; however, you can specify a up

to eight IP addresses in one command line. These default
routers are listed in order of preference; that is, address is
the most preferred router, address2 is the next most
preferred router, and so on.
domain-name domain
Specifies the domain name for the client.
configure terminal
Enters global configuration mode from privileged EXEC mode.
Specify a physical port, and enter interface configuration mode.
interface port-channel
port-channel-number
Specify the port-channel logical interface, and enter interface

configuration mode.
ip address ip-address
mask
Assigns an IP address and subnet mask to the EtherChannel.
ip routing
Enables IP routing.
Command
Description
ip dhcp excluded-address
low-address [highaddress]
Specifies the IP addresses that the DHCP server should not

assign to DHCP clients.
ip dhcp pool name
Creates a name for the DHCP server address pool and enters
DHCP pool configuration mode.
lease {days [hours]

[minutes]| infinite}
(Optional) Specifies the duration of the lease.
The default is a one-day lease.
The infinite keyword specifies that the duration of the lease

is unlimited.
network network-number
[mask | /prefix-length]
Specifies the subnet network number and mask of the DHCP

address pool.
Associates networks with an EIGRP routing process. EIGRP

sends updates to the interfaces in the specified networks.
no auto-summary
(Optional) Disables automatic summarization of subnet routes

into network-level routes.
no ip address
Ensures that there is no IP address assigned to the physical

port.
no switchport
Places the interface into Layer 3 mode.
router eigrp autonomoussystem number
Enables an EIGRP routing process, and enter router

configuration mode. The AS number identifies the routes to
other EIGRP routers and tags routing information.
show etherchannel
channel-group-number
detail
Shows your entries.
show ip eigrp interface
Displays which interfaces EIGRP is active on and information

about EIGRP relating to those interfaces.
show ip protocols
Shows your entries.
show ip route
Displays the current state of the routing table.
Job Aids
Value
Location
Blank design requirements list
Task 1
Task 2
Blank implementation and verification plan form
Task 3
Blank student notes
Task 4
End of this lab
Hint Section
Hint Section
Verification hints
Hint Section
Lab Guide
181
Task 1: Create a Layer 3 Design

You have to create your design for the migration to L3 in the network. You have to decide on
the Inter-VLAN routing and on the use of EIGRP as a routing protocol. You have to consider
the changes in the links between the Core and Distribution switches, the changes in DHCP, the
changes in VTP. Use the table below to create the expected design.
Complete
182
Device
SVI interfaces
L3 interfaces
Is the device a
DHCP server?
EIGRP AS No
(if applicable)
Task 2: Create an Implementation Requirement List for

Inter-VLAN Routing
After you have decided on a design, it is time to create a list in which you will document the
requirements for the successful implementation. Use the following table, the initial lab visual
objective, the implementation policy, and device information to create your implementation
requirement list. If you are unsure, you can use the hints information provided at the end of the
lab guide.
Device
High Level Task
Information Source
Lab Guide
183

The next step in your configuration deployment is to create a task list of each item to configure
on each device and in what order. The Implementation and Verification Plan is very important,
because it enables you to ensure that all requirements are properly configured and in the correct
order. The task will help you setup configuration checkpoints. Use the plan to determine how
you will verify that each required item was effectively configured. You will move to the actual
implementation in the next task. Use the following table and the Information Packet to create
the Implementation and Verification Plan. If you are unsure, use the hints information provided
Complete
184
Device
Implementation
order
Values and items to

implement

expected results

specified in the Information Packet. Use the previous table to document the verifications you
Lab Guide
185
Student Notes
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
186
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
187

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
188
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
189

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
190
Hints
Lab 4-1 Hint Sheet: Implement Inter-VLAN Routing

Layer 3 Design
Complete
Device
SVI
interfaces
L3 interfaces
Is device a
DHCP server
EIGRP AS No
(if applicable)
ASW1
VLAN 3
No
No
No
ASW2
VLAN 4
No
No
No
DSW1
VLANs 3,4,
Po31, Po32, P3
Yes,
10.1.3.0/24
and
10.1.4.0/24
AS 10
DSW2
VLANs 3,4,
Po31, Po32, P3
Yes,
10.1.3.0/24
and
10.1.4.0/24
AS 10
CSW1
No
Po31, Po32, Po33,

P1, P2
No
AS 10
CSW2
No
Po31, Po32, Po33,

P1, P2
No
AS 10
R1
No
P1, P2
No
AS 10
R2
No
P1, P2
No
AS 10
Lab Guide
191
192
Device
Hint
Distribution and Core

switches
L3 links between the Distribution and

Core switches.
Distribution switches
L3 links between the Distribution

switches.
Core switches
L3 links between the Core switches.
Core switches and

routers
L3 links between the Core switches

and routers .
SVI interfaces.
Access and Distribution

switches
Change management VLAN.
DHCP server.
Distribution and Core

switches
Enable IP routing.
Distribution Core,
switches and routers
EIGRPs.
All switches and routers
Verification.
Comment [A2]: This table needs an

intro or label.
Device
High Level Task
Information Source
ASW1

Requirements
ASW1
Change default gateway.

Requirements
ASW2

Requirements
ASW2
Change default gateway.

Requirements
DSW1

Core switches.

Requirements
DSW1

switches.

Requirements
DSW1
SVI interfaces.

Requirements
DSW1

Requirements
DSW1
DHCP server.

Requirements
DSW1
Enable IP routing.

Requirements
DSW1
EIGRP.

Requirements
DSW2

Core switches.

Requirements
DSW2

switches.

Requirements
DSW2
SVI interfaces.

Requirements
DSW2

Requirements
DSW2
DHCP server.

Requirements
DSW2
Enable IP routing.

Requirements
DSW2
EIGRP.

Requirements
CSW1

Core switches.

Requirements
CSW1

Requirements
CSW1
L3 links between the Core switches and

routers .

Requirements
CSW1
Enable IP routing.

Requirements
CSW1
EIGRP.

Requirements
Lab Guide
193
194
Comment [A2]: This table needs an intro or

label.
Device
High Level Task
Information Source
CSW2

Core switches.

Requirements
CSW2

Requirements
CSW2

routers .

Requirements
CSW2
Enable IP routing.

Requirements
CSW2
EIGRP.

Requirements
R1

routers .

Requirements
R1
EIGRP.

Requirements
R2

routers .

Requirements
R2
EIGRP.

Requirements

In this task, you will create an Implementation and Verification Plan. There are several possible
correct solutions. One possible approach groups items that are common to all switches in a
template and then applies the template to all switches. You can then configure each switch with
items that are unique to each device. An example of the Implementation and Verification Plan
follows.
Complete
Device
Implementation
order

expected results
interface port-channel XX
Show interface port-channel
no switchport
ip address
DSW1
1
interface range fast
no switchport
channel-group XX mode on
no switchport
ip address
DSW2
2
no switchport
no switchport
ip address
CSW1
3
no switchport
no switchport
ip address
CSW2
4
no switchport
Lab Guide
195
Complete
Device
Implementation
order

expected results
R1
interface Fa 0/X
Show interface fa 0/x
R1
R2
R2
DSW1
DSW2
10
ASW1
11
ASW2
12
ASW1
13
ip default-gateway
ASW2
14
ip default-gateway
DSW1
15
DSW2
16
ip address
No interface f0/0.Y
Show IP interface brief
interface Fa 0/X
Show interface fa 0/x
ip address
No interface f0/0.Y
Show IP interface brief
interface vlan XX
Show interface vlan xx
ip address
interface vlan XX
Show interface vlan xx
ip address
interface vlan 3
Show interface vlan 3
ip address
interface vlan 4
ip address
interface vlan 1
no ip address
interface vlan 1
no ip address
10.1.3.1 10.1.3.49, then 100 to
255
Sh ip dhcp binding
ip dhcp pool vlan3

network 10.1.3.0
255.255.255.0
DSW1
17
default-router 10.1.3.1
10.1.4.1 10.1.4.49, then
10.1.4.100 to 255
ip dhcp pool vlan4
network 10.1.4.0
255.255.255.0
196
Complete
Device
Implementation
order

expected results
10.1.3.1 10.1.3.99, then 150 to
255
Sh ip dhcp binding
ip dhcp pool vlan3

network 10.1.3.0
255.255.255.0
DSW2
18
10.1.4.1 10.1.4.99, then 150 to
255
ip dhcp pool vlan4
network 10.1.4.0
255.255.255.0
DSW1
19
ip routing
Sh ip route
DSW2
20
ip routing
Sh ip route
CSW1
21
ip routing
Sh ip route
CSW2
22
ip routing
Sh ip route
router eigrp 10
sh ip eigrp interfaces
no auto-summary
Sh ip route
DSW1
23
network 10.1.0.0 0.0.255.255
DSW2
24
router eigrp 10
sh ip eigrp interfaces
no auto-summary
sh ip route
network 10.1.0.0 0.0.255.255
CSW1
25
router eigrp 10
Sh ip eigrp interfaces
no auto-summary
Sh ip route
network 10.1.0.0 0.0.255.255
CSW2
26
router eigrp 10
no auto-summary
Sh ip route
network 10.1.0.0 0.0.255.255
R1
27
router eigrp 10
no auto-summary
Sh ip route
network 10.1.0.0 0.0.255.255
R2
28
router eigrp 10
no auto-summary
Sh ip route
network 10.1.0.0 0.0.255.255
Lab Guide
197
Step 1
Connect to switch DSW1 switch interface in configuration mode
Step 2
Configure L3 ether channel to switch CSW1 on switch DSW1:

DSW1(config)# interface range Fa 0/1
DSW1(config-if)# no switchport
DSW1(config)# interface Port-channel31
DSW1(config-if)# ip address 10.1.253.0
DSW1(config)# interface range Fa 0/1
DSW1(config-if)# channel-group 31 mode
255.255.255.254
2
on
Step 3
Configure the same way on switch DSW1 L3 EtherChannel link to switch CSW2, using interface
Po32 and interface range f0/3 4.
Step 4
Configure L3 on Fa 0/5 on switch DSW1 to switch DSW2:

DSW1(config)# interface fa 0/5
DSW1(config-if)# ip address 10.1.253.4 255.255.255.254
Step 5
Repeat step 2 on switch DSW2 to configure L3 EtherChannel link to switch CSW2, using interface
Step 6
Configure the same way on switch DSW2 L3 EtherChannel link to switch CSW1, using interface:
Step 7
Repeat step 4 on switch DSW2 to configure DSW2 f0/5 L3 link to switch DSW1.
Step 8
Repeat step 2 on switch CSW1 to configure L3 link to switch CSW2 (interface Po33, interface
range f0/7 10).
Step 9
Repeat step 2 on switch CSW1 to configure L3 link to switch DSW1 (interface Po31, interface
range f0/1 2).
Step 10
range f0/3 4).
Step 11
Repeat step 4 on switch CSW1 to configure L3 link to router R1 (interface f0/11) and L3 link to
router R2 (interface f0/12).
Step 12
Repeat step 2 on switch CSW2 to configure L3 link to switch CSW1 (interface Po33, interface
range f0/7 10).
Step 13
range f0/1 2).
Step 14
range f0/3 4).
Step 15
Repeat step 4 on switch CSW2 to configure L3 link to router R2 (interface f0/11) and L3 link to
router R1 (interface f0/12).
198
Step 16
Configure router R1 interfaces to switches CSW1 and CSW2:

R1(config)# interface f0/11
R1(config-if)# ip address 10.1.253.13 255.255.255.254
R1(config-if)# no shutdown
R1(config-if)# interface f0/11
R1(config-if)# no shutdown
Step 17
Repeat steps from Repeat step 16 on router R2 to configure its interfaces to switches CSW2
and CSW1.
Step 18
Configure SVI interface on switch DSW1:

DSW1(config)# interface Vlan3
Step 19
Repeat step 18 on switch DSW1 to configure SVI VLAN4.
Step 20
Repeat step 18 and 19 on switch DSW2.
Step 21
On switch ASW1, move management IP address from VLAN 1 to VLAN 3:

ASW1(config)# interface Vlan1
ASW1(config-if)# no ip address
ASW1(config-if)# interface Vlan3
ASW1(config-if)# ip address 10.1.3.10 255.255.255.0
ASW1(config-if)# no shutdown
Step 22
Change default gateway on switch ASW1:
Step 23
Step 24
Verify that you have reachability to all subnets. For example, on DSW1:
ASW1(config)# ip default-gateway 10.1.3.1
DSW1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C
C
C
C
D
D
D
C
C
C
D
D
D
10.0.0.0/8 is variably subnetted, 13 subnets, 3 masks

10.1.3.0/24 is directly connected, Vlan3
10.1.253.32/29 [90/18176] via 10.1.253.1, 5d03h, Port-channel31
10.1.253.6/31 [90/15616] via 10.1.4.1, 5d03h, Vlan4
[90/15616] via 10.1.3.2, 5d03h, Vlan3
10.1.253.4/31 is directly connected, FastEthernet0/5
10.1.253.2/31 is directly connected, Port-channel32
10.1.253.0/31 is directly connected, Port-channel31
10.1.253.8/31 [90/15616] via 10.1.4.1, 5d03h, Vlan4
[90/15616] via 10.1.3.2, 5d03h, Vlan3
Lab Guide
199
Step 25
Configure DHCP server on switch DWS1:

DSW1(config)# ip dhcp excluded-address 10.1.3.1 10.1.3.49
DSW1(config)# ip dhcp pool vlan3
DSW1(dhcp-config)# network 10.1.3.0 255.255.255.0
DSW1(dhcp-config)# default-router 10.1.3.1
Step 26
Repeat step 24 on switch DWS2, excluding 10.1.3.1 to 10.1.3.99 then 10.1.3.159 to 10.1.3.255,
and 10.1.4.1 to 10.1.4.99 then 10.1.4.159 to 10.1.4.255
Step 27
Enable IP routing on switch DSW1:
Step 28
Repeat step 26 on switches DWS2, CSW1 and CSW2.
Step 29
Configure EIGRP on switch DSW1:
DSW1(config)# ip routing
DSW1(config)# router eigrp 10

DSW1(config-router)# no auto-summary
DSW1(config-router)# network 10.1.0.0 0.0.255.255
Step 30
200
Repeat step 28 on switches DWS2, CSW1, CSW2, and routers R1 and R2.
Lab 4-2: Troubleshooting Inter-VLAN Routing

Activity Objective
In this activity, you will have to analyze, locate and fix Layer 3 problems on your network,
caused by misconfiguration or wrong design. After this activity, you will be able to meet these
objectives:
Develop a work plan to troubleshoot configuration and inter-VLAN routing issues.
Isolate the causes of the problems.
Correct all of the identified routing issues.
Test the fixes made.
Document and report the troubleshooting findings and recommendations.
Visual Objective

Inter-VLAN Routing
SWITCH v1.037
Lab Guide
201
Command List
Command
Description
configure terminal
Enters global configuration mode from privileged EXEC mode,.
router eigrp autonomoussystem number
Enable an EIGRP routing process, and enter router

configuration mode. The AS number identifies the routes to
other EIGRP routers and tags routing information.
Associate networks with an EIGRP routing process. EIGRP

sends updates to the interfaces in the specified networks.
no auto-summary
(Optional) Disable automatic summarization of subnet routes

into network-level routes.
show ip protocols
Verify your entries.
show ip eigrp interface
Display which interfaces EIGRP is active on and information

about EIGRP relating to those interfaces.
show ip route
Display the current state of the routing table.
show interfaces
interface-id trunk
Display the trunk configuration of the interface.
Job Aids
202
Trouble Tickets
Troubleshooting Log
Trouble Ticket A: Missing routes on some switches

After the lunch break you find out that some end users are not able to connect to R1 or R2. A
colleague of yours, who has being playing with network management system in the morning,
looks a bit nervous. He confesses that he has tried to manage the switches. You have to be fast
as the normal operation of the network must be restored. Verify that all routes are visible on all
your switches.
Trouble Ticket B: Troubleshoot EIGRP on L3 switch

You conducted tests regarding EIGRP of the new network. You determine that some switches
do not seem to have the same routing table as others. It is a weird situation. To rely on the
network you should investigate and find out where you have a problem and what it is. During
your investigations you find out, from the log of the RADIUS server, that your boss, the IT
manager, logged to several switches and made some reconfigurations. You wonder if this
created the issue. Verify your switches and make sure the routing works properly, and that the
switches exchange routes.
Trouble Ticket C: Disappearing routes and VLANs

You are again in serious trouble. Someone played with the devices this is a bad habit in the
company. At this point, you do not even care who is responsible; you just want to fix the
problem as the clients do not have connectivity. You check the routers and see that everything
on them is normal. Verify that all routes are seen by all switches, and that clients in all VLANs
can ping R1 and R2 IP address in all VLANs.
Instructions
As you see from the troubleshooting tickets, this troubleshooting lab contains three types of
issues:
Ticket one involves lost connectivity problems to a specific subnet.
Ticket two involves problems with the routing protocol.
Ticket three involves problems with trunk misconfiguration.
Each ticket involves several switches, so the whole team has to work together to solve each of
them. Together with your team members, create a troubleshooting plan to divide the work,
assign each team member appropriate roles and coordinate device access between the team
members. Document your progress in the Troubleshooting Log provided below to help
facilitate efficient communication within the team and to have an overview of your
As different teams work at different speeds, this labs tickets are separated. To prepare the lab
for this exercise ask your instructor how you should initiate Trouble Ticket A. After the
instructor indicates that the lab is fully prepared, you are ready to start troubleshooting.
Once you fix ticket A, ask your instructor if time is left for you to move on to the next ticket. If
time allows, ask your instructor how you should initiate Trouble Ticket B. After the instructor
indicates that the lab is fully prepared, you are ready to start troubleshooting.
Repeat the same process for ticket C, if time allows.
Lab Guide
203
Troubleshooting Log
Trouble
Ticket
204
Actions and results
Trouble
Ticket
Actions and results
Lab Guide
205
Trouble
Ticket
206
Actions and results
Trouble
Ticket
Actions and results
Lab Guide
207
Trouble Ticket A:
Verify that Client CLT1 and Client CLT2 can ping all network devices.
Trouble Ticket B:
Verify L3 switches have EIGRP adjacencies with witch other.
Trouble Ticket C:
208
Verify that Client CLT1 and Client CLT2 can ping all network devices.
Ticket A: Sample Troubleshooting Flow

resolve ticket A.
Key Clue: DSW1 Routing Configuration
SWITCH v1.038
First, you verify that you can successfully ping the gateway. This means that you have
connectivity to the gateway, which is the DSW1 switch.
You try to ping to a Core switch from CLT1, but you fail. This can mean two things you are
not allowed to connect or you do not have path to this device. As you have been able to connect
previously, the first possibility is eliminated. If you do not have the path to this device, you are
also missing the route to it.
These simple tests lead you to conclude that you do not have connectivity to the Core switches
and the servers beyond them. Most probably, you face a routing problem, as you can reach the
distribution switch DSW3, which is your default gateway.
The same situation occurs for connections from CLT2 to DSW2 and CSW2: pings to DSW2
work, but pings to CSW2 fail.
This leads you to check the routing on the Distribution L3 switches DSW1 and DSW2.
Lab Guide
209
Key Clue: DSW1 Routing Configuration (Cont.)
SWITCH v1.039
Your troubleshooting work continues on DSW1 and DSW2. The above example shows the
display on DSW1, as the steps and work on DSW2 are the same.
You verify the routing protocols, configured in the previous lab, and find out the EIGRP is
working properly.
Here is the next conclusionyou have a working routing protocol, but you do not have routing.
210
SWITCH v1.040
Your next step is to verify the routes on the switch.

DSW1#sh ip route
Default gateway is not set
Host
Gateway
ICMP redirect cache is empty
Last Use
Total Uses
Interface
You see that the routing table is empty!

Your conclusion is that the routing is not working. As this is a Layer 3 switch, where you can
switch on and off the routing functionality, you go on to configure the ip routing to enable it.
Lab Guide
211
SWITCH v1.041
To fix the problem, go into configuration mode and issue the following commands:
DSW1#conf t
DSW1(config)#ip routing
End with CNTL/Z.
The command ip routing enables the Layer 3 functionality on a Layer 3 switch.
212
SWITCH v1.042
Verify that your solution is correct and that you have spotted the problem correctly. For this,
check the routing table again:
show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 17 subnets, 3 masks
C
C
C
D
[90/18176] via 10.1.253.10, 3d21h, Port-channel32
Now, everything looks okay on the switch.

For the next verification, go on the Client CLT1 and carry out the same tests as the ones from
the beginning. Try to release and renew the IP address. After successfully acquiring the
network settings, try a ping to the default gateway and after that to connect to one of the Core
switches and a router.
Lab Guide
213

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
214
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
215
Ticket B: Sample Troubleshooting Flow

resolve ticket B.
Key Clue: EIGRP on CSW1 and CSW2
SWITCH v1.043
After you analyzed the preliminary data, your logical next step is to login to CSW1 and check
the routing.
Your verification shows that the EIGRP neighbors table is empty.
You check the status of the EIGRP and everything is normal.
The routing configuration on both CSW1 and CSW2 must be identical, as they provide routing
redundancy in the network, you check the Neighbors table on CSW2 and everything is normal.
This leads you to the conclusion that there must be differences in the EIGRP configuration
between the two Core switches.
The same examination of DSW1 and DSW2 also shows similar differences.
216
Key Clue: EIGRP Reconfiguration on CSW1
SWITCH v1.044
After you find the differences in the EIGRP configuration, your next step is to correct the
wrong configuration on CSW1:
CSW1#conf t
CSW1(config)#no router eigrp 20
CSW1(config)#router eigrp 10
CSW1(config-router)#no auto-summary
CSW1(config-router)# network 10.1.0.0 0.0.255.255
CSW1#show ip eigrp neighbors
EIGRP-IPv4:(10) neighbors for process 10
H
Address
Hold Uptime
SRTT RTO Q Seq
Interface
(sec)
(ms)
Cnt Num
EIGRP-IPv4:(10) neighbors for process 10
H
Address
SRTT RTO Q Seq
Interface
Hold Uptime
Cnt Num
(sec)
(ms)
1
10.1.253.0
Po31
13 00:32:44 196 1176 0 283
3
10.1.253.15
Fa0/11
11 00:32:10 13
200 0 40
2
10.1.253.17
Fa0/12
14 00:32:20 1
200 0 41
4
10.1.253.4
Po32
10 00:32:18 1
200 0 49
5
10.1.253.11
Po33
10 00:32:22 1
200 0 49
You find that the EIGRP AS number is incorrect.

Correct the issue the same way on DSW2.
After the correction of the problem, verify the EIGRP is back to normal.
Lab Guide
217

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
218
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
219
Ticket C: Sample Troubleshooting Flow

resolve ticket B.
Key Clue: DSW3 to PC1 Connectivity
SWITCH v1.045
You find a problem with CLT1 connectivity. CLT2 has the same issue.
This flow shows how to solve CLT1 connectivity issue. CLT 2 connectivity is solved with the
same process.
To exclude deeper network problems, you check the connectivity to CLT1 from DSW1. Again,
you have a failure.
Between CLT1 and DSW1 is only the ASW1 switch. So, the logical next step is to verify the
links between these two switches.
You check the trunk configuration on the interface pointing to the ASW1 switch and confirm
all VLANs are present.
220
Key Clue: ASW1 Trunk to DSW3
SWITCH v1.046
Next, you concentrate on the ASW1 switch, since the evidence indicates the problem must be
there.
To finish the check, started on DSW1, you check the trunk configuration on the interfaces
pointing to DSW1.
You find out that VLAN3, which is the VLAN where CLT1 resides, is absent.
When checking ASW2, you find that VLAN 4, which is CLT2 VLAN, is also absent from
ASW2 trunk to DSW2.
Lab Guide
221
Key Clue: Configure ASW1
SWITCH v1.047
To fix the problem, allow the needed VLANs on both interfaces to point to switches DSW1 and
DSW2:
ASW1#conf t
ASW1(config)#interface range fastEthernet 0/1 - 2
ASW1(config-if)# switchport trunk allowed vlan add 3
After the changes are made, verify they are correct:

ASW1#show interfaces fastEthernet 0/1 trunk
Port
Mode
Encapsulation Status
Native vlan
Fa0/1
on
802.1q
trunking
1
Port
Vlans allowed on trunk
Fa0/1
1-4094
Port
Vlans allowed and active in management domain
Fa0/1
1-4,11,19,63
The same way, add VLAN 4 to ASW2 trunk to DSW2.
222

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
223
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
224

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
225
Lab 5-1: Implementing High Availability and

Reporting in a Network Design
Complete this lab activity to confirm your knowledge on the topics of high availability and
reporting.
Activity Objective
The dynamics of administering a large network often prevent a daily verification of each device
state and activity. This is why a solution is needed that implements logs from different devices
that are gathered in a single place. In this lab, you will implement such a solution. To achieve
this goal, you will configure your switches to send information to a syslog and a SNMP server.
To respond to the need of monitoring the network state, you will also implement an IP SLA
based solution. Once the design is complete, you will connect to your remote lab to implement
your solution. After completing this activity, you will be able to meet these objectives:
226
Design a HA solution consisting of Syslog and SNMP reporting and IP SLA solution.
Implement and verify your solution.
Information Packet
You have to configure SNMP, Syslog and IP SLA in your network. The following list details
preparation and configuration requirements for all switches in the company network. Your
configuration must implement all requirements:
Configure switches ASW1, DSW1, CSW1, and router R1 to send syslog information to
client CLT1.
Configure switches ASW2, DSW2, CSW2, and router R2 to send syslog information to
client CLT2.
On all switches and routers, configure the level of syslog messages to be informational.
Configure switches ASW1, DSW1, CSW1, and router R1 to send SNMP traps to client
CLT1.
Configure switches ASW2, DSW2, CSW2 and router R2 to send SNMP traps to client
CLT2.
Configure your switches to send the SNMP relevant server information of the configuration
changes, VLAN membership, and interfaces status changed to error-disable. Configure
your routers to send to the SNMP relevant server information of configuration changes.
You should in both cases use the default SNMP version with Read only community.
Configure IP SLA on switches ASW1, ASW2, CSW1, and CSW2. Configure ICMP probes
for the IP SLA between switches ASW1 and CSW1. Switch ASW1 should probe switches
CSW1 and CSW1 should probe switch ASW1.
Configure ICMP probes for the IP SLA between switch ASW2 and CSW2. Switch ASW2
should probe switch CSW2, and switch CSW2 should probe switch ASW2.
Execute the Verification plan to ensure IP connectivity.
Lab Guide
227
Devices Information
The table provides information about SNMP, Syslog and IP SLA:
Device name
Send to
Syslog?
Syslog
server
Send to
SNMP
server?
SNMP
server
IP SLA to
ASW1
Yes
CLT1
Yes
CLT1
CSW1
ASW2
Yes
CLT2
Yes
CLT2
CSW2
DSW1
Yes
CLT1
Yes
CLT1
DSW2
Yes
CLT2
Yes
CLT2
CSW1
Yes
CLT1
Yes
CLT1
ASW1
CSW2
Yes
CLT2
Yes
CLT2
ASW2
R1
Yes
CLT1
Yes
CLT1
R2
Yes
CLT2
Yes
CLT2
Network Diagram
Visual Objective for Lab 5-1: Implement HA in

a Network Design
228
SWITCH v1.048
Command List
Command
Description
access-list access-listnumber {deny | permit}

source [source-wildcard]
If you specified an IP standard access list number in previous

step , then create the list, repeating the command as many
times as necessary.
For access-list-number, enter the access list number

specified in previous step.
The deny keyword denies access if the conditions are

matched. The permit keyword permits access if the
conditions are matched.
For source, enter the IP address of the SNMP managers

that are permitted to use the community string to gain
access to the agent.
(Optional) For source-wildcard, enter the wildcard bits in

dotted decimal notation to be applied to the source. Place
ones in the bit positions that you want to ignore.
frequency seconds
(Optional) Set the rate at which a specified IP SLAs operation

repeats. The range is from 1 to 604800 seconds; the default is
60 seconds.
icmp-echo {destinationip-address | destinationhostname} [source-ip {ipaddress | hostname} |

source-interface
interface-id]
Configure the IP SLAs operation as an ICMP Echo operation

and enter ICMP echo configuration mode.
destination-ip-address | destination-hostname Specify

the destination IP address or hostname.
(Optional) source-ip {ip-address | hostname}Specify the

source IP address or hostname. When a source IP address
or hostname is not specified, IP SLAs chooses the IP
address nearest to the destination .
(Optional) source-interface interface-id Specify the

source interface for the operation.
Lab Guide
229
Command
Description
ip sla monitor schedule

operation-number [life
{forever | seconds}]
[start-time {hh:mm [:ss]
[month day | day month] |
pending | now | after
hh:mm:ss] [ageout
seconds] [recurring]
Configure the scheduling parameters for an individual IP SLAs

operation.
operation-numberEnter the RTR entry number.
(Optional) life Set the operation to run indefinitely

(forever) or for a specific number of seconds. The range is
from 0 to 2147483647. The default is 3600 seconds (1
hour).
(Optional) start-timeEnter the time for the operation to

begin collecting information:
To start at a specific time, enter the hour, minute,

second (in 24-hour notation), and day of the month. If
no month is entered, the default is the current month.
Enter pending to select no information collection until a

start time is selected.
Enter now to start the operation immediately.
Enter after hh:mm:ss to show that the operation should

start after the entered time has elapsed.
(Optional) ageout secondsEnter the number of seconds

to keep the operation in memory when it is not actively
collecting information. The range is 0 to 2073600 seconds,
the default is 0 seconds (never ages out).
(Optional) recurring Set the operation to automatically

run every day.
ip sla operation-number
Create an IP SLAs operation, and enter IP SLAs configuration

mode.
ip sla responder {tcpconnect | udp-echo}

ipaddress ip-address port
port-number
Configure the switch as an IP SLAs responder.

The optional keywords have these meanings:
tcp-connectEnable the responder for TCP connect

operations.
udp-echoEnable the responder for User Datagram

Protocol (UDP) echo or jitter operations.
ipaddress ip-addressEnter the destination IP address.
port port-numberEnter the destination port number.
Note The IP address and port number must match those

configured on the source device for the IP SLAs operation.
logging buffered [size]
Log messages to an internal buffer on the switch.
logging host
Log messages to a UNIX syslog server host.

For host, specify the name or IP address of the host to be used
as the syslog server.
line [console | vty]

line-number [ending-linenumber]
230
Specify the line to be configured for synchronous logging of

messages.
Use the console keyword for configurations that occur

through the switch console port.
Use the line vty line-number command to specify which vty

lines are to have synchronous logging enabled. You use a
vty connection for configurations that occur through a
Telnet session. The range of line numbers is from 0 to 15.
Command
Description
logging synchronous
[level [severity-level |
all] | limit number-ofbuffers]
Enable synchronous logging of messages.
(Optional) For level severity-level, specify the message

severity level. Messages with a severity level equal to or
higher than this value are printed asynchronously. Low
numbers mean greater severity and high numbers mean
lesser severity. The default is 2.
(Optional) Specifying level all means that all messages are

printed asynchronously regardless of the severity level.
(Optional) For limit number-of-buffers, specify the number

of buffers to be queued for the terminal after which new
messages are dropped. The range is 0 to 2147483647.
The default is 20.
no logging console
Disable message logging.
show ip sla responder
Verify the IP SLAs responder configuration on the device.
show ip sla statistics
Displays information about the IP SLA tests.
show ip sla configuration

[operation-number]
(Optional) Display configuration values, including all defaults for

all IP SLAs operations or a specified operation.
show snmp
Displays SNMP statistics.
snmp-server community
string [view view-name]
[ro | rw] [access-listnumber]
Configure the community string.
snmp-server engineID
{local engineid-string |
remote ip-address [udpport port-number]
engineid-string}
For string, specify a string that acts like a password and

permits access to the SNMP protocol. You can configure
one or more community strings of any length.
(Optional) For view, specify the view record accessible to

the community.
(Optional) Specify either read-only (ro) if you want

authorized management stations to retrieve MIB objects, or
specify read-write (rw) if you want authorized management
stations to retrieve and modify MIB objects. By default, the
community string permits read-only access to all objects.
(Optional) For access-list-number, enter an IP standard

access list numbered from 1 to 99 and 1300 to 1999.
Configure a name for either the local or remote copy of SNMP.
The engineid-string is a 24-character ID string with the

name of the copy of SNMP. You need not specify the entire
24-character engine ID if it has trailing zeros. Specify only
the portion of the engine ID up to the point where only
zeros remain in the value. For example, to configure an
engine ID of 123400000000000000000000, you can enter
this: snmp-server engineID local 1234.
If you select remote, specify the ip-address of the device

that contains the remote copy of SNMP and the optional
User Datagram Protocol (UDP) port on the remote device.
The default is 162.
Lab Guide
231
Command
Description
snmp-server group
groupname {v1 | v2c | v3
{auth | noauth | priv}}
[read readview] [write
writeview] [notify
notifyview] [access
access-list]
Configure a new SNMP group on the remote device.
For groupname, specify the name of the group.
Specify a security model:

v1 is the least secure of the possible security models.
v2c is the second least secure model. It allows
transmission of informs and integers twice the normal
width.
v3, the most secure, requires you to select an
authentication level:
snmp-server host hostaddr

[informs | traps]
[version {1 | 2c | 3
{auth | noauth | priv}}]
community-string
[notification-type]
snmp-server enable traps

notification-types
232
Auth Enables the Message Digest 5 (MD5) and the

Secure Hash Algorithm (SHA) packet authentication.
Noauth Enables the noAuthNoPriv security level. This is

the default if no keyword is specified.
Priv Enables Data Encryption Standard (DES) packet

encryption (also called privacy).
(Optional) Enter read readview with a string (not to exceed

64 characters) that is the name of the view in which you
can only view the contents of the agent.
(Optional) Enter write writeview with a string (not to exceed

64 characters) that is the name of the view in which you
enter data and configure the contents of the agent.
(Optional) Enter notify notifyview with a string (not to

exceed 64 characters) that is the name of the view in which
you specify a notify, inform, or trap.
(Optional) Enter access access-list with a string (not to

exceed 64 characters) that is the name of the access list.
Specify the recipient of an SNMP trap operation.
For host-addr, specify the name or Internet address of the

host (the targeted recipient).
(Optional) Enter informs to send SNMP informs to the

host.
(Optional) Enter traps (the default) to send SNMP traps to

the host.
(Optional) Specify the SNMP version (1, 2c, or 3).

SNMPv1 does not support informs.
(Optional) For Version 3, select authentication level auth,

noauth, or priv.
For community-string, when version 1 or version 2c is

specified, enter the password-like community string sent
with the notification operation. When version 3 is specified,
enter the SNMPv3 username.
(Optional) For notification-type enter snmp-server enable

traps ?
Enable the switch to send traps or informs and specify the type
of notifications to be sent.
Command
Description
udp-jitter {destinationip-address | destinationhostname} destinationport [source-ip {ipaddress | hostname}]

[source-port port-number]
[control {enable |
disable}] [num-packets
number-of-packets]
[interval interpacketinterval]
Configure the IP SLAs operation as a UDP jitter operation, and

enter UDP jitter configuration mode.
destination-ip-address | destination-hostname Specify

the destination IP address or hostname.
destination-port Specify the destination port number in

the range from 1 to 65535.
(Optional) source-ip {ip-address | hostname} Specify the

source IP address or hostname. When a source IP address
or hostname is not specified, IP SLAs chooses the IP
address nearest to the destination.
(Optional) source-port port-numberSpecify the source

port number in the range from 1 to 65535. When a port
number is not specified, IP SLAs chooses an available port.
(Optional) controlEnable or disable sending of IP SLAs

control messages to the IP SLAs responder. By default, IP
SLAs control messages are sent to the destination device
to establish a connection with the IP SLAs responder.
(Optional) num-packets number-of-packetsEnter the

number of packets to be generated. The range is 1 to 6000;
the default is 10.
(Optional) interval inter-packet-interval Enter the interval

between sending packets in milliseconds. The range is 1 to
6000; the default value is 20 ms.
Job Aids
Value
Location
Task 1
Task 2
Task 3
Blank student notes
Task 4
End of this lab
Hint Section
Hint Section
Verification hints
Hint Section

guide
Lab Guide
233
Task 1: Create an Implementation Requirement List for High

Availability and Reporting
After you have analyzed the Information Packet, your first task is to create a list where you will
document the requirements for a successful implementation. Use the following table, the initial
lab visual objective, and the implementation policy and devices information to create your
implementation requirement list. If you are unsure, you can use the hints information provided
at the end of the lab guide.
Device
234
High Level Task
Information Source

Complete
Device
Implementation order
Values and items to

implement

expected results
Lab Guide
235

specified. Use the previous table to document the verifications you conducted to ensure that
your solution is complete. Hints are available at the end of this lab if you are unsure about the
verification steps.
236
Student Notes
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
237
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
238

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
239
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
240

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
241
Hints
Lab 5-1 Hint Sheet: Implementing HA in a Network Design

Device
Syslog server
SNMP
ASW1 and CSW1
IP SLA
ASW2 and CSW2
IP SLA
Verification
Device
242
Hint
High Level Task
Information Source
ASW1
Syslog server
Network Diagram, Design and Implementation Requirements
ASW1
SNMP
ASW1
IP SLA
ASW2
Syslog server
ASW2
SNMP
ASW2
IP SLA
DSW1
Syslog server
DSW1
SNMP
DSW2
Syslog server
DSW2
SNMP
CSW1
Syslog server
CSW1
SNMP
CSW1
IP SLA
CSW2
Syslog server
CSW2
SNMP
CSW2
IP SLA
R1
Syslog server
R1
SNMP
R2
Syslog server
R2
SNMP

In the next task, you will create an Implementation and Verification Plan. There are several
possible correct solutions. One possible approach groups items that are common to all switches
in a template and then applies the template to all switches. You can then configure each switch
with items that are unique to each device. An example of the Implementation and Verification
Plan follows.
Lab Guide
243
Complete
244
Device
Implementation
order
Values and items to

implement

expected results
ASW1
Logging on
Show logging.
ASW1
Logging 10.1.3.50
Show logging.
ASW1
Logging traps
informational
Show logging.
ASW2
Logging on
Show logging.
ASW2
Logging 10.1.4.100
Show logging
ASW2
Logging traps
informational
Show logging.
DSW1
Logging on
Show logging.
DSW1
Logging 10.1.3.50
Show logging.
DSW1
Logging traps
informational
Show logging.
DSW2
10
Logging on
Show logging.
DSW2
11
Logging 10.1.4.100
Show logging.
DSW2
12
Logging traps
informational
Show logging.
CSW1
13
Logging on
Show logging.
CSW1
14
Logging 10.1.3.50
Show logging.
CSW1
15
Logging traps
informational
Show logging.
CSW2
16
Logging on
Show logging.
CSW2
17
Logging 10.1.4.100
Show logging.
CSW2
18
Logging traps
informational
Show logging.
ASW1
19
snmp-server enable
traps errdisable
Show snmp.
ASW1
20
snmp-server enable
traps config
Show snmp.
ASW1
21
snmp-server enable
traps vlan-membership
Show snmp.
ASW1
23
ciscor ro
Show snmp.
ASW1
24
snmp-server host
10.1.3.50 traps ciscor
Show snmp.
ASW2
25
snmp-server enable
traps errdisable
Show snmp.
ASW2
26
snmp-server enable
traps config
Show snmp.
ASW2
27
snmp-server enable
Show snmp..
ASW2
28
ciscor ro
Show snmp.
Comment [A3]: Is this referring to The

CiscoR 12000 Series Eight-Port OC-48c/STM16c POS Line Card (8-Port OC-48 POS) or
anything related? There are several instances of
ciscor and ciscor ro in this table. Please verify
okay or correct.
Complete
Device
Implementation
order
Values and items to

implement

expected results
ASW2
29
snmp-server host
Show snmp.
30
snmp-server enable
traps errdisable
Show snmp.
31
snmp-server enable
traps config
Show snmp.
32
snmp-server enable
Show snmp.
33
ciscor ro
Show snmp.
34
snmp-server host
Show snmp.
35
snmp-server enable
traps errdisable
Show snmp.
36
snmp-server enable
traps config
Show snmp.
37
snmp-server enable
Show snmp.
38
ciscor ro
Show snmp.
39
snmp-server host
Show snmp.
40
snmp-server enable
traps errdisable
Show snmp.
41
snmp-server enable
traps config
Show snmp.
42
snmp-server enable
Show snmp.
43
ciscor ro
Show snmp.
44
snmp-server host
Show snmp.
45
snmp-server enable
traps errdisable
Show snmp.
46
snmp-server enable
traps config
Show snmp.
47
snmp-server enable
Show snmp.
48
ciscor ro
Show snmp.
49
snmp-server host
Show snmp.
50
snmp-server enable
traps config
Show snmp.
51
ciscor ro
Show snmp.
DSW1
DSW1
DSW1
DSW1
DSW1
DSW2
DSW2
DSW2
DSW2
DSW2
CSW1
CSW1
CSW1
CSW1
CSW1
CSW2
CSW2
CSW2
CSW2
CSW2
R1
R1
Lab Guide
245
Complete
Device
Implementation
order
Values and items to

implement

expected results
52
snmp-server host
Show snmp.
53
snmp-server enable
traps config
Show snmp.
54
ciscor ro
Show snmp.
55
snmp-server host
Show snmp.
ASW1
56
Ip sla 1
Show ip sla configuration.
ASW1
57
Icmp-echo 10.1.253.1
ASW1
58
ip sla schedule 1 life

forever start-time now
Show ip sla statistics.
ASW2
59
Ip sla 1
ASW2
60
Icmp-echo 10.1.253.7
ASW2
61

CSW1
62
Ip sla 1
CSW1
63
Icmp-echo 10.1.3.1
CSW1
64

CSW2
65
Ip sla 1
CSW2
66
Icmp-echo 10.1.4.2
CSW2
67

R1
R2
R2
R2
246
Step 1
Connect to ASW1 switch interface in configuration mode
Step 2
Configure Syslog server on switch ASW1:

ASW1(config)# logging on
ASW1(config)# logging 10.1.3.50
ASW1(config)# logging trap informational
Step 3
Repeat steps 1 and 2 on switches ASW2, DSW1, DSW2, CSW1, CSW2,and routers R1 and R2.
Verify syslog server configuration, for example on DSW1:
DSW1#show logging
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0
flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: disabled

Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 1022 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
File logging: disabled
Persistent logging: disabled
Trap logging: level informational, 1000 message lines logged
Logging to 10.1.3.51 (udp port 514, audit disabled,
authentication disabled, encryption disabled, link up),
150 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Step 4
Configure SNMP on switch ASW1:

ASW1(config)# snmp-server community ciscor ro
ASW1(config)# snmp-server host 10.1.3.50 traps ciscor
ASW1(config)# snmp-server enable traps errdisable
ASW1(config)# snmp-server enable traps config
ASW1(config)# snmp-server enable traps vlan-membership
Lab Guide
247
Step 5
Repeat step 4 on switches ASW2, DSW1, DSW2, CSW1, and CSW2. On routers R1 and R2, repeat
step 4 without errdisable and without vlan-membership. Verify the snmp configuration, for
example on CSW1:
CSW1#show snmp
Chassis: FDO1310X136
0 SNMP packets input
0 Bad SNMP version errors
0 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
0 Number of requested variables
0 Number of altered variables
0 Get-request PDUs
0 Get-next PDUs
0 Set-request PDUs
0 Input queue packet drops (Maximum queue size 1000)
5 SNMP packets output
0 Too big errors (Maximum packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
0 Response PDUs
5 Trap PDUs
SNMP global trap: disabled
SNMP logging: enabled
Logging to 10.1.3.51.162, 0/10, 5 sent, 0 dropped.
SNMP agent enabled
Step 6
Configure IP SLA on switch ASW1:

ASW1(config)# ip sla 1
ASW1(config-ip-sla)#icmp-echo 10.1.253.1
ASW1(config)# ip sla schedule 1 life forever start-time now
Step 7
Repeat step 6 on switches CSW1, ASW2, and CSW2. Verify that the IP SLA test is running:
CSW1#show ip sla statistics
Index 1
Round Trip Time (RTT) for
Latest RTT: 1 ms
Latest operation start time: *22:24:34.231 eastern Fri Mar 5 1993
Latest operation return code: OK
Number of successes: 290
Number of failures: 0
Operation time to live: Forever
248

Complete this lab activity to confirm your knowledge from the course on the topics of High
Availability and Reporting.
Activity Objective
The Cisco account manager for your company has become a friend of yours. Once, while
having a friendly chat with him and an engineer from Cisco, the engineer mentioned the need
for a network to have a redundancy mechanism implemented. You like the idea as you do not
want to take unnecessary risks. You dig deep into the documentation and find out about the
existence of a protocol called Hot Standby Router Protocol (HSRP). After an informal
discussion with your IT manager, he gives a green light to proceed with the project, but asks
you to demonstrate HSRP step by step, to understand how it really works and what the various
features are. As you leave him, you realize the need to create a design, implementation plan,
and perform the reconfiguration. Once the design is complete, you will connect to your remote
lab to implement your solution. After completing this activity, you will be able to meet these
objectives:
Design a HSRP solution.
Lab Guide
249
Information Packet
You have to configure HSRP in your network. The following lists details preparation and
250
You must implement two HSRP solutions: one offering first hop redundancy for client
CLT1 in VLAN 3, and one offering first hop redundancy for client CLT2 in VLAN 4.
For both cases, switches DSW1 and DSW2 will be the default gateways for the clients.
Switch DSW1 will be the primary HSRP router on VLAN3 and secondary HSRP router on
VLAN4.
Switch DSW2 will be the primary HSRP router on VLAN4 and secondary HSRP router on
VLAN3.
Primary HSRP on switch DSW1 will track interfaces Po31 and Po32. The loss of
connectivity to these interfaces will decrement the priority of switch DSW1 by 30.
Primary HSRP on switch DSW2 will track interfaces Po31 and Po32. The loss of
connectivity to these interfaces will decrement the priority of switch DSW1 by 30.
Preempt should be configured so that each Layer 3 switch tries to become primary
whenever possible.
In your implementation, proceed in order:
Start by implementing HSRP in both VLANs, without preempt, without tracking,

and without priority. Test by shutting down the link to the primary HSRP router,
then reenabling the link.
Once this has been tested, implement the preempt feature. Test.
Once you have tested this, implement tracking and priority.
Devices Information
The table provides information about IP addresses:
Device name
HSRP
IP address
VLAN 3
IP address
VLAN 4
HSRP IP address
ASW1
No
ASW2
No
DSW1
Yes
10.1.3.3
10.1.4.3
10.1.3.1
DSW2
Yes
10.1.3.2
10.1.4.2
10.1.4.1
CSW1
No
CSW2
No
R1
No
R2
No
Network Diagram
Visual Objective for Lab 6-1: Implement and

Tune HSRP
SWITCH v1.049
Lab Guide
251
Command List
Command
Description
configure terminal
Enters global configuration mode from privileged EXEC mode,
Enters interface configuration mode, and enter the Layer 3

interface on which you want to enable HSRP.
standby version {1 | 2}
(Optional) Configures the HSRP version on the interface.
standby [group-number] ip
[ip-address [secondary]]
standby [group-number]
priority priority
[preempt [delay delay]]
standby [group-number]
track type number
[interface-priority]
1 Select HSRPv1.
2 Select HSRPv2.
Creates (or enables) the HSRP group using its number and
virtual IP address.
(Optional) group-number The group number on the

interface for which HSRP is being enabled. The range is 0
to 255; the default is 0. If there is only one HSRP group,
you do not need to enter a group number.
(Optional on all but one interface) ip-address The

virtual IP address of the hot standby router interface. You
must enter the virtual IP address for at least one of the
interfaces; it can be learned on the other interfaces.
(Optional) secondary The IP address is a secondary

hot standby router interface. If neither router is designated
as a secondary or standby router and no priorities are set,
the primary IP addresses are compared and the higher IP
address is the active router, with the next highest as the
standby router.
Sets a priority value used in choosing the active router. The

range is 1 to 255; the default priority is 100. The highest number
represents the highest priority.
(Optional) group-number The group number to

which the command applies.
(Optional) preempt Select so that when the local

router has a higher priority than the active router, it
assumes control as the active router.
(Optional) delay Set to cause the local router to

postpone taking over the active role for the shown number
of seconds. The range is 0 to 3600(1 hour); the default is 0
(no delay before taking over).
Configures an interface to track other interfaces so that if one of

the other interfaces goes down, the device's Hot Standby
priority is lowered.
(Optional) group-number The group number to

which the command applies.
type Enter the interface type (combined with interface
number Enter the interface number (combined with
number) that is tracked.

interface type) that is tracked.
show standby [interfaceid [group]]

252
(Optional) interface-priority Enter the amount

by which the hot standby priority for the router is
decremented or incremented when the interface goes down
or comes back up. The default value is 10.
Verify the configuration.
Job Aids
Value
Location
Task 1
Task 2
Task 3
Blank student notes
Task 4
End of this lab
Hint Section
Hint Section
Verification hints
Hint Section
Configuration section at the

end of the lab guide
Lab Guide
253
Task 1: Create an Implementation Requirement List for HSRP

Configuration
Device
254
High Level Task
Information Source

Complete
Device
Implemen
-tation
order
Values and items to

implement

expected results
Lab Guide
255
Complete
256
Device
Implemen
-tation
order
Values and items to

implement

expected results

to connect to the remote lab and implement your solution. Do not forget to save!
During your implementation, do not forget to follow the Information Packet implementation
order:
Start by implementing HSRP in both VLANs, without preempt, without tracking, and
without priority. Test by shutting down the link to the primary HSRP router, then reenabling the link.
Once you have tested this, implement the preempt feature. Test.
Once you have tested this, implement tracking and priority.
requirements specified. Use the previous table to document the verifications you conducted to
ensure that your solution is complete. Hints are available at the end of this lab if you are unsure
about the verification steps.
Lab Guide
257
Student Notes
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
258
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
259

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
260
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
261

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
262
Hints
Lab 6-1 Hint Sheet: Implementing HA in a Network Design

This solution provides the final configuration with preempt, priority, and tracking.
Device
Hint
DSW1
HSRP
DSW2
HSRP
Device
High Level Task
Information Source
DSW1
HSRP on VLAN 3 and VLAN 4, primary on

VLAN 3 and secondary on VLAN 4
Network Diagram, Design and

DSW2
HSRP on VLAN 3 and VLAN 4, primary on

VLAN 4 and secondary on VLAN 3

Lab Guide
263
Implementation and Verification plan

In this task, you create an Implementation and Verification Plan. There are several possible
template and then applies the template to all switches. For this lab, the template could contain
the following items:
Complete
Device
Implementatio
n order
DSW1
interface vlan 3
ip address 10.1.3.3
255.255.255.0
DSW1
standby 3 ip 10.1.3.1
DSW1
standby 3 priority 120
DSW1
standby 3 preempt
standby 3 track Portchannel31 30
DSW1
DSW1
interface vlan 4
DSW1
ip address 10.1.4.3
255.255.255.0
DSW1
DSW1
Values and items to

implement
DSW1
10
DSW1
11
standby 4 preempt
DSW2
12
interface vlan 3
DSW2
13
DSW2
14
standby 3 preempt
DSW2
15
interface vlan 4
DSW2
16
DSW2
17
DSW2
18
standby 4 preempt
19
20
DSW2
DSW2

expected results
Show interface vlan 3.
Show standby.
Show interface vlan 4.
Show standby.
Show standby.
Show standby.
Step 1
Connect to switch DSW1 switch interface in configuration mode
264
Step 2
Configure HSRP on VLAN3 on switch DSW1:

DSW1(config-if)# standby 3 ip 10.1.3.1
DSW1(config-if)# standby 3 priority 120
DSW1(config-if)# standby 3 preempt
DSW1(config-if)# standby 3 track Port-channel31 30
Step 3

Step 4
Step 5

Step 6

Step 7
Verify HSRP configuration and priorities, for example on DSW1:

DSW1#show standby
Vlan63 - Group 63
State is Active
Virtual IP address is 10.1.63.254
Active virtual MAC address is 0000.0c07.ac3f
Local virtual MAC address is 0000.0c07.ac3f (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.664 secs
Preemption enabled
Active router is local
Standby router is 10.1.63.2, priority 90 (expires in 11.200 sec)
Priority 120 (configured 120)
Track interface Port-channel31 state Up decrement 30
Track interface Port-channel32 state Up decrement 30
Group name is "hsrp-Vl63-63" (default)
Vlan64 - Group 64
State is Standby
Active virtual MAC address is 0000.0c07.ac40
Local virtual MAC address is 0000.0c07.ac40 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.688 secs
Preemption enabled
Active router is 10.1.64.1, priority 120 (expires in 9.232 sec)
Standby router is local
Priority 90 (configured 90)
Group name is "hsrp-Vl64-64" (default)
Lab Guide
265

Complete this lab activity to confirm your knowledge from the course on the topics of high
availability and reporting.
Activity Objective
In the previous labs, you designed and implemented a redundant network for its core layer. As
you analyze the network, you notice that the two routers in your aggregation layer are not in a
redundant mode of operation, which may lead to unexpected problems. To prevent any future
connectivity issue, you decide to implement the Virtual Router Redundancy Protocol (VRRP),
a standardized solution supported by your Cisco equipment, into your network. You have to
prepare an implementation plan, make the needed configuration changes, and test according to
a verification plan. After completing this activity, you will be able to meet these objectives:
Design a VRRP solution.
Information Packet
You have to configure VRRP in your network. The following lists details preparation and
266
Use the IP addresses from the given below table.
Configure switch CSW1 so that its interfaces to routers R1 and R2 are set to access mode
in VLAN10.
Configure switch CSW2 so that its interfaces to routers R1 and R2 are set to access mode
in VLAN20.
On switch CSW1, create a switch virtual interface (SVI) for VLAN10.
On switch CSW2, create an SVI for VLAN20.
Router R1 interface Fa0/0 will be in VRRP group 1 and Fa0/1 will be in VRRP group 2.
Router R2 interface Fa0/0 will be in VRRP group 2 and Fa0/1 will be in VRRP group 1.
Router R1 will be master on group 1 and backup on group 2.
Router R2 will be master on group 2 and backup on group 1.
Devices Information
The table provides information about IP addresses. All masks are /29:
Device
name
IP address
VLAN 10
IP address
VLAN 20
IP address
Fa0/0
VRRP IP
address Fa0/0
IP address
Fa0/1
VRRP IP
address Fa0/1
ASW1
ASW2
DSW1
DSW2
CSW1
10.1.253.25
CSW2
10.1.253.33
R1
10.1.253.27
10.1.253.30
10.1.253.36
10.1.253.34
R2
10.1.253.35
10.1.253.34
10.1.253.26
10.1.253.30
Network Diagram

VRRP
SWITCH v1.050
Lab Guide
267
Command List
Command
Description
configure terminal
interface type number
Enters interface configuration mode.
ip address ip-address
mask
Configures an IP address for an interface.
vrrp group ip ip-address

[secondary ]
Enables VRRP on an interface.

After you identify a primary IP address, you can use the vrrp ip
command again with the secondary keyword to indicate
additional IP addresses supported by this group.
vrrp group description

text
Assigns a text description to the VRRP group.
vrrp group priority level
Sets the priority level of the router within a VRRP group.
vrrp group preempt [delay

minimum seconds]
Configures the router to take over as virtual router master for a

VRRP group if it has a higher priority than the current virtual
router master.
vrrp group timers

advertise [msec] interval
The default delay period is 0 seconds.
The router that is IP address owner will preempt,

regardless of the setting of this command.
Configures the interval between successive advertisements by

the virtual router master in a VRRP group.
vrrp group timers learn
The unit of the interval is in seconds unless the msec.

keyword is specified. The default interval value is 1 second.
Configures the router, when it is acting as virtual router backup

for a VRRP group, to learn the advertisement interval used by
the virtual router master.
Job Aids
268
Value
Location
Task 1
Task 2
Blank student notes
Task 3
End of this lab
Hint Section
Hint Section
Verification hints
Hint Section
Configuration section at the end of the

lab guide
Task 1: Create an Implementation Requirement List for VRRP

configuration
Device
High Level Task
Information Source
Lab Guide
269

Complete
270
Device
Implemen
-tation
order
Verification method and expected

results

verification steps.
Lab Guide
271
Student Notes
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
272
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
273

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
274
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
275

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
276
Hints
Lab 6-2 Hint Sheet: Implementing VRRP

Device
Hint
CSW1
Access ports
CSW1
SVI
CSW2
Access ports
CSW2
SVI
R1
VRRP
R2
VRRP
Device
High Level Task
Information Source
CSW1
Access ports

Requirements
CSW1
SVI

Requirements
CSW2
Access ports

Requirements
CSW2
SVI

Requirements
R1
VRRP

Requirements
R2
VRRP

Requirements
Lab Guide
277

Complete
Device
Implemen
-tation
order
CSW1
interface range FastEthernet0/11-12
CSW1
switchport
CSW1
CSW1
switchport access vlan10
CSW1
interface Vlan10
ip address 10.1.253.25 255.255.255.248
CSW1
Show vlan.
Show interface
vlan10.
CSW2
CSW2
switchport
CSW2
CSW2
10
switchport access vlan20
CSW2
11
interface Vlan20
12
ip address 10.1.253.33 255.255.255.248
R1
13
R1
14
ip address 10.1.253.27 255.255.255.248
R1
15
vrrp 1 ip 10.1.253.30
R1
16
vrrp 1 priority 120
Show vrrp.
R1
17
Show interface
fa0/1.
R1
18
ip address 10.1.253.36 255.255.255.248
R1
19
vrrp 2 ip 10.1.253.34
Show vrrp.
23
Show interface
fa0/0.
R2
24
ip address 10.1.253.35 255.255.255.248
R2
25
vrrp 2 ip 10.1.253.34
R2
26
vrrp 2 priority 120
R2
27
CSW2
R2
R2
R2
278
Verification
method and
expected
results
28
29
Show vlan.
Show interface
vlan20.
Show interface
fa0/0.
Show vrrp.
ip address 10.1.253.26 255.255.255.248
Show interface
fa0/1.
vrrp 2 ip 10.1.253.34
Show vrrp.
Step 1
Connect to switch CSW1 switch interface in configuration mode
Step 2
Configure access ports on switch CSW1:

CSW1(config)# interface range FastEthernet0/11 - 12
CSW1(config-if)# switchport
CSW1(config-if)# switchport mode access
CSW1(config-if)# switchport access vlan 10
Step 3
Configure SVI on switch CSW1:

CSW1(config)# interface Vlan10
CSW1(config-if)# ip address 10.1.253.25 255.255.255.248
Step 4
Repeat steps from 1 to 3 on switch CSW2.
Step 5
Configure VRRP on Fa0/0 on router R1:

R1(config)# interface FastEthernet0/0
R1(config-if)# vrrp 1 ip 10.1.253.30
R1(config-if)# vrrp 1 priority 120
Step 6
Configure VRRP on Fa0/1 on router R1:

R1(config)# interface FastEthernet0/1
R1(config-if)# vrrp 2 ip 10.1.253.34
Step 7
Repeat steps from 5 to 6 on router R2. Verify VRRP configuration and priorities, for example
on R2:
R2#show vrrp
FastEthernet0/0 - Group 2
State is Master
Virtual MAC address is 0000.5e00.0102
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 120
Master Router is 10.1.253.35 (local), priority is 120
Master Advertisement interval is 1.000 sec
Master Down interval is 3.414 sec
State is Backup
Preemption enabled
Priority is 100
Master Router is 10.1.253.27, priority is 120
Lab Guide
279
Lab 7-1: Secure Network Switches to Mitigate

Security Attacks
Activity Objective
In a meeting with the IT manager, you discussed the current status of the corporate network and
its future development. You have agreed that you currently have a very good network
infrastructure, but you lack mechanisms to protect your client PCs. You agreed to analyze your
security needs and risks in front of the network. As a first step, you must implement the
required set of port-based security measures. The second important step is to manage the
network traffic with VLAN access-lists. You have taken care of end-user security, now you
think of how to protect the operation of your Spanning Tree Protocol (STP). When protected,
the STP is a stable operation, reducing the risks of unwanted topology changes. As you
analyzed the corporate network and its services, you find that one of your major services
running is the DHCP service. As all the end users rely on DHCP to acquire IP addresses and
network settings, you decide to secure the DHCP service operation in your network. Also, since
you are afraid of possible ARP table exploits, you must take care of this.
280
Perform a baseline assessment of network switch security settings.
Identify possible threats, points of attack, and vulnerability points in the network.
Write an implementation plan to implement security measures on network switches.
Write a plan to test and verify security threat mitigation measures for VLANs.
Configure port security and other switch security features.
Configure VLAN access control list (VACL).
Verify the correct implementation of security measures.
Document the switch and VLAN security plan, settings, operations, and maintenance.
Information Packet
You have to configure security in your network. The following list details the preparation and
Port security should be configured on ASW1 and ASW2 ports to client PC ports (to clients
CLT1 and CLT2 respectively). Port security should be configured to limit the maximum
MAC addresses on a port to 1.
Port security on ASW1 and ASW2 should dynamically learn MAC address. Violation
should set the port to err-disable and send a trap.
On both ASW switches, set loopguard to be enabled by default.
Use VACLs on switches DSW1 and DSW2 to ban clients PC1 and PC2 from performing
telnet sessions to any destination, but permit any other traffic.
Protect the root bridge switches from other switches becoming roots.
Globally protect the access ports on all switches from receiving bridge protocol data units
(BPDUs) through the use of. Use BPDU guard.
Protect the alternate and root ports from becoming designated.
Protect the DHCP service with DHCP snooping on the ASW switches.
Protect ARP with ARP snooping on switches DSW1 and DSW2.
Network Diagram
Visual Objective for Lab 7-1: Secure Network

Switches to Mitigate Security Attacks
SWITCH v1.051
Lab Guide
281
Command List
Command
Description
configure terminal
access-list access-listnumber {deny | permit}

source [source-wildcard]
[log]
Defines a standard IPv4 access list by using a source address

and wildcard.
The access-list-number is a decimal number from 1 to
99 or 1300 to 1999.
Enter deny or permit to specify whether to deny or permit
access if conditions are matched.
The source is the source address of the network or host from
which the packet is being sent specified as:
The 32-bit quantity in dotted-decimal format.
The keyword any as an abbreviation for source and

source-wildcard of 0.0.0.0 255.255.255.255. You do not
need to enter a source-wildcard.
The keyword host as an abbreviation for source and

source-wildcard of source 0.0.0.0.
(Optional) The source-wildcard applies wildcard bits to

the source.
(Optional) Enter log to cause an informational logging
message about the packet that matches the entry to be sent to
the console.
282
Command
Description
access-list access-listnumber
Defines an extended IPv4 access list and the access

conditions.
{deny | permit} protocol
The access-list-number is a decimal number from 100

to 199 or 2000 to 2699.
source source-wildcard
destination destinationwildcard [precedence
precedence] [tos tos]
[fragments] [log] [loginput] [time-range timerange-name] [dscp dscp]
Enter deny or permit to specify whether to deny or permit

access if conditions are matched.
For protocol, enter the name or number of an IP protocol:
ahp, eigrp, esp, gre,icmp, igmp, igrp, ip, ipinip,
nos, ospf, pcp, pim, tcp, or udp, or an integer in the
range 0 to 255 representing an IP protocol number. To match

any Internet protocol (including ICMP, TCP, and UDP), use the
keyword ip.
The source is the number of the network or host from which
the packet is sent.
The source-wildcard applies wildcard bits to the source.
The destination is the network or host number to which

the packet is sent.
The destination-wildcard applies wildcard bits to the
destination.
Source, source-wildcard, destination, and

destination-wildcard can be specified as:
The 32-bit quantity in dotted-decimal format.
The keyword any for 0.0.0.0 255.255.255.255 (any host).
The keyword host for a single host 0.0.0.0.
The other keywords are optional and have these meanings:
ip access-list standard
name
precedence Enter to match packets with a

precedence level specified as a number from 0 to 7 or by
name: routine (0), priority (1), immediate
(2), flash (3), flash-override (4),
critical (5), internet (6), network (7).
fragmentsEnter to check non-initial fragments.
tos Enter to match by type of service level, specified

by a number from 0 to 15 or a name: normal (0), maxreliability (2), max-throughput (4), min-delay (8).
log Enter to create an informational logging message

to be sent to the console about the packet that matches the
entry or log-input to include the input interface in the log
entry.
time-range For an explanation of this keyword, see

the "Using Time Ranges with ACLs" section.
dscp Enter to match packets with the DSCP value

specified by a number from 0 to 63, or use the question
mark (?) to see a list of available values.
Defines a standard IPv4 access list using a name, and enter

access-list configuration mode.
The name can be a number from 1 to 99.
Lab Guide
283
Command
Description
deny {source [sourcewildcard] | host source |

any} [log]
In access-list configuration mode, specifies one or more

conditions denied or permitted to decide if the packet is
forwarded or dropped
or
permit {source [sourcewildcard] | host source |
any} [log]
ip access-list extended
name
Defines an extended IPv4 access list using a name, and enter

access-list configuration mode.
The name can be a number from 100 to 199.
{deny | permit} protocol

source source-wildcard
In access-list configuration mode, specifies the conditions

allowed or denied.
destination destinationwildcard [precedence

precedence] [tos tos]
[fragments] [log] [loginput] [time-range timerange-name]
ip dhcp snooping
Enables DHCP snooping globally.
ip dhcp snooping vlan

vlan-range
Enables DHCP snooping on a VLAN or range of VLANs. The

range is 1 to 4094.
ip dhcp snooping trust
(Optional) Configures the interface as trusted or untrusted. You

can use the no keyword to configure an interface to receive
messages from an untrusted client. The default setting is
untrusted.
ip arp inspection vlan

vlan-range
Enables dynamic ARP inspection on a per-VLAN basis. By

default, dynamic ARP inspection is disabled on all VLANs.
For vlan-range, specify a single VLAN identified by VLAN
ID number, a range of VLANs separated by a hyphen, or a
series of VLANs separated by a comma. The range is 1 to
4094.
Specify the same VLAN ID for both switches.
ip arp inspection trust
Configures the connection between the switches as trusted.

By default, all interfaces are untrusted.
mac access-list extended

name
284
Defines an extended MAC access list using a name.
Command
Description
{deny | permit} {any |

host source MAC address |
source MAC address mask}
{any | host destination
MAC address | destination
MAC address mask} [type
mask | lsap lsap mask |
aarp | amber | decspanning | decnet-iv |
diagnostic | dsm | etype6000 | etype-8042 | lat |
lavc-sca | mop-console |
mop-dump | msdos | mumps
| netbios | vines-echo
|vines-ip | xns-idp | 065535] [cos cos]
In extended MAC access-list configuration mode, specify to

permit or deny any source MAC address, a source MAC
address with a mask, or a specific host source MAC address
and any destination MAC address, destination MAC address
with a mask, or a specific destination MAC address.
(Optional) You can also enter these options:
type mask An arbitrary EtherType number of a

packet with Ethernet II or SNAP encapsulation in decimal,
hexadecimal, or octal with optional mask of do not care bits
applied to the EtherType before testing for a match.
lsap lsap mask An LSAP number of a packet with

IEEE 802.2 encapsulation in decimal, hexadecimal, or octal
with optional mask of do not care bits.
aarp | amber | dec-spanning | decnet-iv

| diagnostic | dsm | etype-6000 |
etype-8042 | lat | lavc-sca | mopconsole | mop-dump | msdos | mumps |
netbios | vines-echo |vines-ip | xnsidp A non-IP protocol.
cos cosAn IEEE 802.1Q cost of service number from 0

to 7 used to set priority.
show access-lists [number

| name]
Shows the access list configuration.
show ip dhcp snooping
Displays the DHCP snooping configuration for a switch.

binding
Displays only the dynamically configured bindings in the DHCP

snooping binding database, also referred to as a binding table.

database
Displays the DHCP snooping binding database status and

statistics.

statistics
Displays the DHCP snooping statistics in summary or detail

form.
show ip arp inspection

interfaces
Verifies the dynamic ARP inspection configuration.

vlan vlan-range
Verifies the dynamic ARP inspection configuration.

statistics vlan vlanrange
Checks the dynamic ARP inspection statistics.
show port-security
Verifies your entries.
spanning-tree portfast
bpduguard default
spanning-tree guard root
Globally enables BPDU guard.

By default, BPDU guard is disabled.
Enables root guard on the interface.
By default, root guard is disabled on all interfaces.
spanning-tree loopguard
default
Enables loop guard.

By default, loop guard is disabled.
Lab Guide
285
Command
Description
switchport port-security
[violation {protect |
restrict | shutdown |
shutdown vlan}]
(Optional) Sets the violation mode, the action to be taken when

a security violation is detected, as one of these:
protect When the number of port secure MAC
addresses reaches the maximum limit allowed on the port,

packets with unknown source addresses are dropped until
you remove a sufficient number of secure MAC addresses
to drop below the maximum value or increase the number
of maximum allowable addresses. You are not notified that
a security violation has occurred.
restrict When the number of secure MAC

addresses reaches the limit allowed on the port, packets
with unknown source addresses are dropped until you
remove a sufficient number of secure MAC addresses or
increase the number of maximum allowable addresses. An
SNMP trap is sent, a syslog message is logged, and the
violation counter increments.
shutdown The interface is error disabled when a

violation occurs, and the port LED turns off. An SNMP trap
is sent, a syslog message is logged, and the violation
counter increments.
shutdown vlan Use to set the security violation
mode per VLAN. In this mode, the VLAN is error disabled

instead of the entire port when a violation occurs.
[mac-address mac-address
[vlan {vlan-id | {access
| voice}}]
(Optional) Enters a secure MAC address for the interface. You

can use this command to enter the maximum number of secure
MAC addresses. If you configure fewer secure MAC addresses
than the maximum, the remaining MAC addresses are
dynamically learned.
(Optional) vlanset a per-VLAN maximum value.
Enter one of these options after you enter the vlan keyword:
vlan-id On a trunk port, you can specify the VLAN
ID and the MAC address. If you do not specify a VLAN ID,

the native VLAN is used.
access On an access port, specify the VLAN as an

access VLAN.
voice On an access port, specify the VLAN as a

voice VLAN.
mac-address sticky
286
(Optional) Enables sticky learning on the interface.
Command
Description
mac-address sticky [macaddress | vlan {vlan-id |
{access | voice}}]
(Optional) Enters a sticky secure MAC address, repeating the

command as many times as necessary. If you configure fewer
secure MAC addresses than the maximum, the remaining MAC
addresses are dynamically learned, are converted to sticky
secure MAC addresses, and are added to the running
configuration.
(Optional) vlanset a per-VLAN maximum value.
Enter one of these options after you enter the vlan keyword:
vlan-idOn a trunk port, specify the VLAN ID and the

MAC address. If you do not specify a VLAN ID, the native
VLAN is used.
accessOn an access port, specify the VLAN as an

access VLAN.
voiceOn an access port, specify the VLAN as a voice

VLAN.
vlan access-map name

[number]
Creates a VLAN map, and give it a name and (optionally) a

number. The number is the sequence number of the entry
within the map.
action {drop | forward}
(Optional) Sets the action for the map entry. The default is to
forward.
match {ip | mac} address

{name | number} [name |
number]
Matches the packet (using either the IP or MAC address)

against one or more standard or extended access lists. Note
that packets are only matched against access lists of the correct
protocol type. IP packets are matched against standard or
extended IP access lists. Non-IP packets are only matched
against named MAC extended access lists.
vlan filter mapname vlanlist list
Applies the VLAN map to one or more VLAN IDs.

The list can be a single VLAN ID (22), a consecutive list
(10-22), or a string of VLAN IDs (12, 22, 30). Spaces around the
comma and hyphen are optional.
Job Aids
Value
Location
Task 1

form
Task 2
Blank student notes
Task 3
End of this lab
Hint Section
Hint Section
Verification hints
Hint Section

guide
Lab Guide
287
Task 1: Create an Implementation Requirement List for Security

Configuration
lab visual objective, and the implementation policy, and devices information to create your
Device
288
High Level Task
Information Source

Complete
Device
Implementation
order
Values and items to

implement

expected results
Lab Guide
289

verification steps.
290
Student Notes
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
291
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
292

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
293
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
294

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
295
Hints
Lab 7-1 Hint Sheet: Secure Network Switches to Mitigate Security Attacks
296
Device
Hint
ASW1
Port security
ASW2
Port security
DSW1
VACL
DSW2
VACL
DSW1
Root guard
DSW2
Root guard
ASW1
Port fast BPDU guard
ASW2
DSW1
DSW2
ASW1
Loop guard
ASW2
Loop guard
DSW1
Loop guard
DSW2
Loop guard
ASW1
DHCP snooping
ASW2
DHCP snooping
DSW1
ARP snooping
DSW2
ARP snooping
Device
High Level Task
Information Source
ASW1
Port security

Requirements
ASW2
Port security

Requirements
DSW1
VACL

Requirements
DSW2
VACL

Requirements
DSW1
Root guard

Requirements
DSW2
Root guard

Requirements
ASW1

Requirements
ASW2

Requirements
DSW1

Requirements
DSW2

Requirements
ASW1
Loop guard

Requirements
ASW2
Loop guard

Requirements
DSW1
Loop guard

Requirements
DSW2
Loop guard

Requirements
ASW1
DHCP snooping

Requirements
ASW2
DHCP snooping

Requirements
DSW1
ARP snooping

Requirements
DSW2
ARP snooping

Requirements
Lab Guide
297

Complete
298
Device
Implementation
order
ASW1
ASW1
ASW1
ASW1
switchport port-security violation

restrict
ASW1
switchport port-security mac-address

0050.5684.3a29
ASW2
ASW2
ASW2
switchport port-security mac-address

sticky
DSW1
ip access-list extended NOTEL
DSW1
10
permit tcp any any eq telnet
Verification method
show mac addresstable interface Fa0/3
DSW1
11
vlan access-map TEST 10
DSW1
12
action drop
DSW1
13
match ip address NOTEL
DSW1
14
DSW1
15
action forward
DSW1
16
vlan filter TEST vlan-list 3-4
DSW2
17
DSW2
18
DSW2
19
DSW2
20
action drop
DSW2
21
DSW2
22
DSW2
23
action forward
DSW2
24
show port-security
interface fastEthernet
0/3
show port-security
interface fastEthernet
0/3
show access-list
telnet from CLT1 and

CT2 to switches does
not work
show access-list
telnet from CLT1 and

CT2 to switches does
not work
Complete
Device
Implementation
order
DSW1
25
DSW1
26
DSW2
27
DSW2
28
ASW1
29
spanning-tree portfast bpduguard

default
ASW2
30

default
DSW1
31

default
DSW2
32

default
ASW1
33
spanning-tree loopguard default
ASW2
34
DSW1
35
DSW2
36
ASW1
37
ip dhcp snooping
ASW1
38
ip dhcp snooping vlan 1-4094
ASW1
39
ASW1
40
ASW2
41
ip dhcp snooping
ASW2
42
ASW2
43
ASW2
44
DSW1
45
ip arp inspection vlan 1-4094
DSW2
46
DSW1
47
interface range FastEthernet0/5 - 7
DSW1
48
DSW2
49
DSW2
50
Verification method

binding

statistics vlan 3

statistics vlan 4
Lab Guide
299
Step 1
Connect to switch ASW1 switch interface in configuration mode:
Step 2
Configure port security on switch ASW1:

ASW1#sho mac address-table interface FastEthernet 0/3
ASW1(config)#interface FastEthernet0/3
ASW1(config-if)# switchport port-security
ASW1(config-if)# switchport port-security mac-address sticky
ASW1(config-if)# switchport port-security violation restrict
Step 3
Configure port security on switch ASW2:

ASW2#sho mac address-table interface FastEthernet 0/3
ASW2(config)#interface FastEthernet0/3
ASW2(config-if)# switchport port-security
ASW2(config-if)# switchport port-security mac-address sticky
ASW2(config-if)# switchport port-security violation restrict
ASW2(config-if)# end
ASW2# ASW2#show port-security interface f0/3
: Enabled
Port Security
: Secure-up
Port Status
: Restrict
Violation Mode
: 10 mins
Aging Time
: Inactivity
Aging Type
SecureStatic Address Aging : Disabled
: 1
Maximum MAC Addresses
: 1
Total MAC Addresses
: 0
Configured MAC Addresses
: 1
Sticky MAC Addresses
: 0050.5684.32ac:4
Last Source Address:Vlan
: 0
Security Violation Count
Step 4
Configure VACL on switch DSW1:

DSW1(config)#ip access-list extended NOTEL
DSW1(config-ext-nacl)# permit tcp any any eq telnet
DSW1(config)#vlan access-map TEST 10
DSW1(config-access-map)# action drop
DSW1(config-access-map)#match ip address NOTEL
DSW1(config)#vlan access-map TEST 20
DSW1(config-access-map)# action forward
DSW1(config)#vlan filter TEST vlan-list 3-4
DSW1(config)# end
DSW1# show access-lists
Extended IP access list 100
10 permit tcp any any eq telnet
DSW1#show vlan access-map
Vlan access-map "DROP" 10
Match clauses:
ip address: 100
Action:
drop
Vlan access-map "DROP" 20
Match clauses:
Action:
forward
300
Step 5
Step 6
Configure STP security on switch ASW1:

ASW1(config)# spanning-tree portfast bpduguard default
ASW1(config)# spanning-tree loopguard default
Step 7
Repeat step 6 on switches ASW2, DSW1, and DSW2.
Step 8
Configure root guard on switch DSW1:

DSW1(config)# interface FastEthernet0/5
DSW1(config-if)# spanning-tree guard root
Step 9
Step 10
Configure DHCP snooping on switch ASW1:

ASW1(config)# ip dhcp snooping
ASW1(config)# ip dhcp snooping vlan 1-4094
ASW1(config)# interface range FastEthernet0/1 - 2
ASW1(config-if)# ip dhcp snooping trust
ASW1#show ip dhcp snooping
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:
1-4094
DHCP snooping is operational on following VLANs:
1,4,11-12,63-66
DHCP snooping is configured on the following L3 Interfaces:
Insertion of option 82 is enabled
circuit-id format: vlan-mod-port
remote-id format: MAC
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Verification of giaddr field is enabled
DHCP snooping trust/rate is configured on the following Interfaces:
Interface
-----------------------FastEthernet0/1
FastEthernet0/2
Trusted
------yes
yes
Step 11
Repeat step 10 on switch ASW2.
Step 12
Configure ARP inspection on switch DSW1:
Rate limit (pps)

---------------unlimited
unlimited
DSW1(config)# ip arp inspection vlan 1-4094

DSW1(config)# interface range FastEthernet0/5 - 7
DSW1(config-if)# ip arp inspection trust
DSW1#sho ip arp inspection
Source Mac Validation
: Disabled
Destination Mac Validation : Disabled
IP Address Validation
: Disabled
Lab Guide
301
Vlan
---1
2
3
4
5
6
7
8
9
10
11
12
Configuration
------------Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Vlan
Configuration
---------------/ (long output ommited)
Vlan
Dest MAC Failures
-------------------4088
0
4089
0
4090
0
4091
0
4092
0
4093
0
4094
0
Step 13
302
Operation
--------Active
Inactive
Active
Active
Inactive
Inactive
Inactive
Inactive
Inactive
Inactive
Active
Active
ACL Match
---------
Static ACL
----------
Operation
---------
ACL Match
---------
Static ACL
----------
IP Validation Failures
---------------------0
0
0
0
0
0
0
Invalid Protocol Data

--------------------0
0
0
0
0
0
0
Lab 8-1: Plan Implementation and Verification of

VoIP in a Campus Network
Activity Objective
You receive information from the IT manager that a VoIP solution is expected to be
implemented in a near future. Your task is to make the needed changes and prepare the network
for the future project in such a way that it will work without interruption. An email from the
voice consultant informs you that the voice part of the implementation will be externalized. A
list of the planned voice equipment is attached. Your assignment is to prepare the wired
infrastructure for this addition. You will have to design the voice VLANs, Auto QoS, DHCP
and High availability features for to prepare the network. Your first task is to analyze the
information and make a plan for the needed steps to prepare the network for the implementation
of the voice solution.
Gather information regarding the implementation of VoIP.
Prepare implementation requirements list for VoIP readiness.
Prepare an implementation and verification plan.
Implement and verify.
Lab Guide
303
Information Packet
You have to integrate voice in your network. The following lists details preparation and
304
IP phones will be connected to switches ASW1 and ASW2. Refer to the Device
Information table and configure each port accordingly.
For every switch port connecting an IP phone, you have to allow the Voice VLAN (VLAN
63 on switch ASW1 and VLAN 64 on switch ASW2) and a data VLAN (VLAN 3 on
switch ASW1 and VLAN 4 on switch ASW2).
Cisco Unified Call Manager Express units (CMEs) will be connected to switches DSW1
and DSW2 as per the Devices Information section information.
The CME on switch DSW1 must be in Voice VLAN 63, the CME on switch DSW2 must
be in Voice VLAN 64.
HSRP on switches DSW1 and DSW2 for Voice VLAN (VLAN 63 and VLAN 64) should
be configured. Switch DSW1 should be the primary gateway with a priority of 120. Both
switches DSW1 and DSW2 should preempt. Both switches DSW1 and DSW2 should track
their links to switches CSW1 and CSW2. Loss of connectivity to either Core switch should
decrease the priority by 30.
Switches DSW1 and DSW2 should be DHCP servers for Voice VLAN (VLAN 63 and
VLAN 64). For each Voice VLAN, DSW1 will distribute addresses .50 to .99, and switch
DSW2 will distribute addresses .100 to .149.
You should configure option 150 in each DHCP scope and point VLAN 63 DHCP clients
to CME1 IP address, and VLAN 64 DHCP clients to CME2 IP address. Make sure that
both CME IP addresses are excluded from the DHCP scopes.
Verify that routing is properly configured to allow communication between these various
VLANs.
You should configure Auto QoS on access ports to IP phones, trunk ports between
switches, and access ports to CMEs.
Class of service (CoS) values sent by IP phones and PCs connected to them should be
trusted.
Power adapters were ordered along with the phones. Some Power over Ethernet (PoE)
switches will be added to your network at a later date. Use the Task 2 section to make sure
that you know how to plan and configure PoE to support IP phones where needed.
Devices Information
The table provides information about device locations:
Device
Role
IP address
Network location
IP phone 1
IP phone
DHCP assigned
ASW1 P4
IP phone 2
IP phone
DHCP assigned
ASW1 P5
IP phone 3
IP phone
DHCP assigned
ASW2 P4
IP phone 4
IP phone
DHCP assigned
ASW2 P5
CME 1
Call Manager Express
10.1.63.11/24
DSW1 P6
CME 2
Call Manager Express
10.1.64.12/24
DSW2 P6
Network Diagram
Visual Objective for Lab 8-1: Plan

Implementation of VoIP in a Campus Network
SWITCH v1.052
Lab Guide
305
Command List
Command
Description
auto qos voip cisco-phone
Enables auto-QoS on the port, and specify that the port is

connected to a Cisco IP Phone.
The QoS labels of incoming packets are trusted only when the
Cisco IP Phone is detected.
auto qos voip trust
Enables auto-QoS on the port, and specify that the port is

connected to a trusted router or switch.
cdp enable
Enables CDP globally. By default, it is enabled.
mls qos trust cos
Configures the interface to classify incoming traffic packets by

using the packet CoS value. For untagged packets, the port
default CoS value is used.

with a Fast Ethernet or Gigabit Ethernet interface installed
interface range
fastethernet |
gigabitethernet
ip helper-address address
Enables forwarding and specify the destination address for

forwarding UDP broadcast packets, including BOOTP.
ip dhcp pool pool-name
Creates a name for the DHCP server address pool and enters
DHCP pool configuration mode.
network ip-address [mask |

/prefix-length]
Specifies the IP address of the DHCP address pool to be

configured.
option 150 ip ip-address
Specifies the TFTP server address from which the

Cisco Unified IP phone downloads the image configuration file.
306
This is your Cisco Unified CME router's address.
default-router ip-address
(Optional) Specifies the router that the IP phones will use to

send or receive IP traffic that is external to their local subnet.
lease {days [hours]

[minutes]| infinite}
(Optional) Specifies the duration of the lease.
The default is a one-day lease.
The infinite keyword specifies that the duration of the

lease is unlimited.
Command
Description
switchport voice vlan
Configures how the Cisco IP Phone carries voice traffic:
{vlan-id | dot1p | none |

untagged}}
vlan-id Configure the phone to forward all voice

traffic through the specified VLAN. By default, the Cisco IP
Phone forwards the voice traffic with an IEEE 802.1Q
priority of 5. Valid VLAN IDs are 1 to 4094.
dot1p Configure the phone to use IEEE 802.1p

priority tagging for voice traffic and to use the default native
VLAN (VLAN 0) to carry all traffic. By default, the Cisco IP
Phone forwards the voice traffic with an IEEE 802.1p
priority of 5.
none Allow the phone to use its own configuration to

send untagged voice traffic.
untagged Configure the phone to send untagged

voice traffic.
switchport priority
extend
{cos value | trust}
show interfaces
interface-id switchport
Sets the priority of data traffic received from the Cisco IP Phone
access port:
cos value Configure the phone to override the

priority received from the PC or the attached device with
the specified CoS value. The value is a number from 0 to 7,
with 7 as the highest priority. The default priority is cos 0.
trust Configure the phone access port to trust the

priority received from the PC or the attached device.
Verify your entries.
Job Aids
Value
Location
Task 1
Task 2
Blank student notes
Task 3
End of this lab
Hint Section
Hint Section
Verification hints
Hint Section
Lab Guide
307
Task 1: Create an Implementation Requirement List for VoIP

Integration in the Campus
Device
308
High Level Task
Information Source

Complete
Device
Implementatio
n order
Values and items to

implement

expected results
Lab Guide
309
Complete
310
Device
Implementatio
n order
Values and items to

implement

expected results
PoE configuration: PoE switches will be added later to your network. Answer the following
questions:
1. How will the phones be powered?
________________________________________________________________________
________________________________________________________________________
2.
Are all PoE switches the same?

________________________________________________________________________
________________________________________________________________________
3.
Are all PoE devices equal (requiring the same power from the PoE switch)?
________________________________________________________________________
________________________________________________________________________
4. Are other PoE devices likely to be installed in the network?

________________________________________________________________________
________________________________________________________________________
5. Document the steps and commands required to configure PoE on switch ports to IP Phones:
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
Lab Guide
311

verification steps.
312
Student Notes
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
313
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
314

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
315
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
316

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
317
Hints
Lab 8-1 Hint Sheet: Plan Implementation and Verification of VoIP in a Campus
Network
318
Device
ASW1
IP Phone 1
ASW1
IP Phone 2
ASW2
IP Phone 3
ASW2
IP Phone 4
DSW1
CME 1
DSW1
HSRP
DSW1
DHCP
DSW2
HSRP
DSW2
CME 2
DSW2
DHCP
All switches
Auto QoS
Hint
Device
High Level Task
Information Source
ASW1
IP Phone 1

Requirements
ASW1
IP Phone 2

Requirements
ASW2
IP Phone 3

Requirements
ASW2
IP Phone 4

Requirements
DSW1
CME 1

Requirements
DSW2
CME 2

Requirements
DSW1
HSRP

Requirements
DSW2
HSRP

Requirements
DSW1
DHCP

Requirements
DSW2
DHCP

Requirements
All
switches
Auto QoS

Requirements
Lab Guide
319

Complete
Device
Implementation
order
interface range
FastEthernet0/14-15
ASW1
ASW1
ASW1
switchport voice vlan 63
switchport priority extend

trust
ASW1
ASW1
ASW1
mls qos trust cos

6
mls qos trust device

cisco-phone
sh interface
Fa0/14
sh mls qos int f

0/14
interface range
FastEthernet0/14-15
ASW2
ASW2
10
ASW2
11
12
switchport priority extend

trust
13
mls qos trust cos
14
mls qos trust device

cisco-phone
sh interface
Fa0/14
15
sh mls qos int f

0/14
ASW1
ASW1
ASW2
ASW2
ASW2
ASW2
ASW2
320
Verification method
Complete
Device
Implementation
order
16
Interface Fastethernet
0/15
DSW1
17
DSW1
18
19
Interface Fastethernet
0/15
DSW2
20
DSW2
21
DSW1
22
Ip dhcp excluded-address
10.1.63.1 10.1.63.49
DSW1
23
10.1.63.100 10.1.63.255
DSW1
24
10.1.64.1 10.1.64.49
DSW1
25
10.1.64.100 10.1.64.255
DSW1
26
ip dhcp pool vlan63
27
network 10.1.63.0
255.255.255.0
28
29
option 150 ip 10.1.63.11

10.1.64.12
30
lease 8
31
ip dhcp pool vlan64
32
network 10.1.64.0
255.255.255.0
33
34
option 150 ip 10.1.63.11

10.1.64.12
35
lease 8
DSW1
DSW2
DSW1
DSW1
DSW1
DSW1
DSW1
DSW1
DSW1
DSW1
DSW1
Verification method
show ip dhcp
pool
show ip dhcp
pool
Lab Guide
321
Complete
Device
Implementation
order
DSW2
36
10.1.63.1 10.1.63.99
DSW2
37
10.1.63.150 10.1.63.255
DSW2
38
10.1.64.1 10.1.64.99
DSW2
39
10.1.64.150 10.1.64.255
DSW2
40
ip dhcp pool vlan63
41
network 10.1.63.0
255.255.255.0
42
43
option 150 ip 10.1.63.11

10.1.63.12
44
lease 8
45
ip dhcp pool vlan64
46
network 10.1.64.0
255.255.255.0
47
48
option 150 ip 10.1.63.11

10.1.64.12
49
lease 8
50
interface Vlan 63
51
ip address 10.1.63.3
255.255.255.0
DSW1
52
standby 63 ip 10.1.63.1
DSW1
53
DSW1
54
standby 63 preempt
DSW2
DSW2
DSW2
DSW2
DSW2
DSW2
DSW2
DSW2
DSW2
DSW1
DSW1
322
Verification method
show ip dhcp
pool
show ip dhcp
pool
sh interface
Vlan 63 / show
ip interface
brief
Complete
Device
Implementation
order
55
56
57
interface Vlan 64
58
255.255.255.0
DSW1
59
standby 64 ip 10.1.64.1
DSW1
60
DSW1
61
standby 64 preempt
62
63
64
interface Vlan 63
65
255.255.255.0
66
standby 63 ip 10.1.63.1
67
68
69
standby 63 preempt
sh stanby
70
interface Vlan 64
Sh interface
vlan 64 / show
ip interface
brief
DSW1
DSW1
DSW1
DSW1
DSW1
DSW1
DSW2
DSW2
DSW2
DSW2
DSW2
DSW2
DSW2
Verification method
sh stanby
sh interfave
vlan 64 / show
ip interface
brief
sh interface
Vlan 63 / show
ip interface
brief
Lab Guide
323
Complete
Device
Implementation
order
71
255.255.255.0
DSW2
72
standby 64 ip 10.1.64.1
DSW2
73
74
75
DSW2
76
Standby 64 preempt
ASW1
77
interface range
FastEthernet0/1-2
ASW1
78
auto qos voip trust
ASW2
79
interface range
FastEthernet0/1-2
ASW2
80
auto qos voip trust
81
interface range
FastEthernet0/1-7 ,
FastEthernet0/15
82
auto qos voip trust
83
interface range
FastEthernet0/1-7 ,
FastEthernet0/15
84
auto qos voip trust
85
interface range
FastEthernet0/1-4 ,
FastEthernet0/7-12
86
auto qos voip trust
87
interface range
FastEthernet0/1-4 ,
FastEthernet0/7-12
88
auto qos voip trust
DSW2
DSW2
DSW2
DSW1
DSW1
DSW2
DSW2
CSW1
CSW1
CSW2
CSW2
324
Verification method
Sh standby
PoE configuration:
1. How will the phones be powered?
With AC power cords at first, PoE will be needed later.
2. Are all PoE switches the same?
No. Some provide standard PoE, some High Power, some only have power for a
number of ports etc, negotiation can take place or not, there are many differences
between models.
3. Are all PoE devices equal (requiring the same power from the PoE switch)?
No. Some use less power, some use MORE, some can negotiate.
4. Are other PoE devices likely to be installed in the network?
Very likely, many devices use PoE, although the list is not clearly stated in this lab.
IP Phones use standard PoE. To enable this feature for example on interface f0/1, use the
command sequence:
Switch(config)# interface FastEthernet0/1
Switch(config-if)# power inline auto
Lab Guide
325
Step 1
Step 2
Configure IP Phone ports on switch ASW1:

ASW1(config)# interface FastEthernet0/14
ASW1(config-if)# switchport mode access
ASW1(config-if)# switchport access vlan 3
ASW1(config-if)# switchport voice vlan 63
ASW1(config-if)# switchport priority extend trust
ASW1(config-if)# mls qos trust device cisco-phone
ASW1(config-if)# mls qos trust cos
ASW1(config-if)# auto qos voip cisco-phone
ASW1(config)# interface FastEthernet0/15
ASW1(config-if)# switchport voice vlan 63
ASW1(config-if)# switchport priority extend trust
ASW1(config-if)# mls qos trust device cisco-phone
ASW1(config-if)# auto qos voip cisco-phone
Step 3
Step 4
Configure CME interface on switch DSW1:

DSW1(config-if)# switchport mode access
DSW1(config-if)# switchport access vlan 63
DSW1(config-if)# no shut
Step 5
Step 6
Configure DHCP pool for Voice VLAN 63 and VLAN 64 on switch DSW1:
DSW1(dhcp-config)# option 150 ip 10.1.63.11 10.1.64.12
DSW1(dhcp-config)# lease 8
DSW1(config)# ip dhcp excluded-address 10.1.641 10.1.64.49
DSW1(dhcp-config)# option 150 ip 10.1.63.11 10.1.64.12
DSW1(dhcp-config)# lease 8
Step 7
326
Repeat step 6 on DSW2 with parameters specific to switch DSW2.
Step 8
Configure interface VLAN 63 and VLAN 64 on switch DSW1:

DSW1(config)# interface Vlan 63
DSW1(config)# interface Vlan 64
Step 9
Repeat step 8 on DSW2 with parameters specific to switch DSW2.
Step 10
Configure QoS at the interface level on switch ASW1:

ASW1(config)# interface range FastEthernet0/1-2
ASW1(config-if)# auto qos voip trust
ASW1#sh mls qos
QoS is enabled
QoS ip packet dscp rewrite is enabled
ASW1#sh mls qos int f0/1
FastEthernet0/1
trust state: trust cos
trust mode: trust cos
trust enabled flag: ena
COS override: dis
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
Trust device: none
qos mode: port-based
!
srr-queue bandwidth share 10 10 60 20
priority-queue out
mls qos trust cos
auto qos voip trust
end
Step 11
Repeat step 10 on switch ASW2.
Lab Guide
327
Step 12
Configure trunk interfaces for QoS on switch DSW1:

DSW1(config)# interface range FastEthernet0/5-7 , FastEthernet0/15
DSW1(config-if)# auto qos voip trust
DSW1#sh mls qos
QoS is enabled
QoS ip packet dscp rewrite is enabled
DSW1#sh mls qos int f0/7
FastEthernet0/7
trust state: trust cos
trust mode: trust cos
trust enabled flag: ena
COS override: dis
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
Trust device: none
qos mode: port-based
DSW1#sh auto qos
FastEthernet0/1
auto qos voip trust
FastEthernet0/2
auto qos voip trust
FastEthernet0/3
auto qos voip trust
FastEthernet0/4
auto qos voip trust
FastEthernet0/5
auto qos voip trust
FastEthernet0/6
auto qos voip trust
FastEthernet0/7
auto qos voip trust
FastEthernet0/15
auto qos voip trust
Step 13
Step 14
Configure trunk interfaces for QoS on switch CSW1:

CSW1(config)# interface range FastEthernet0/1-4 , FastEthernet0/7-12
CSW1(config-if)# auto qos voip trust
Step 15
328
Repeat step 14 on switch CSW2.
Lab 9-1: Integrating Wireless in the Campus

Activity Objective
During a daily morning meeting, your IT manager informed you that, after voice, wireless
capabilities should be added to the existing network. You must prepare the switched network
for a wireless integration that will take place next month. An email from the wireless consultant
informs you that the wireless part of the implementation will be externalized. A list of the
planned wireless equipment is attached. Your assignment is to prepare the wired infrastructure
for this wireless addition. Your first task is to analyze the information and make a plan for the
needed steps to prepare the network for the implementation of the wireless solution.
Identify the requirements for implementing wireless structure in a network.
Prepare an implementation plan for wireless integration.
Prepare the switched network for integration of wireless equipment.
Verify that the switched network was properly provisioned.
Lab Guide
329
Information Packet
You have to integrate wireless in your network. The following lists details preparation and
330
Several standard Cisco 1240 series access points will be connected to ASW1 and ASW2.
Refer to the Device Information table and configure each port accordingly.
WCS and WLC will be connected to DSW1 and DSW2 per the Devices Information
section.
For the autonomous AP on ASW1, allow the voice VLAN (VLAN 63) and data VLAN
(VLAN 3). For the autonomous AP on ASW2, you have to allow the voice VLAN (VLAN
64) and data VLAN (VLAN 4).
One Hybrid Remote Edge Access Point (HREAP) must be connected to each access switch.
HREAP are specific types of controller based access points. HREAP on ASW1 has to
service the voice VLAN (VLAN 63) and data VLAN (VLAN 3). HREAP on ASW2 has to
service the voice VLAN (VLAN 64) and data VLAN (VLAN 4). The configuration of the
switch port to the HREAP AP is similar to the configuration of a port to an autonomous
AP.
The Lightweight AP (LAP) on ASW1 must be in the AP VLAN (VLAN 11). The
Lightweight AP (LAP) on ASW2 must be in the AP VLAN (VLAN 12). Ports to these APs
should be in forward state as soon as the AP is switched on.
The Wireless Control System on DSW1 must be in the VLAN 3, the Wireless Control
System on DSW2 must be in the VLAN 4.
The WLC 2106 will be connected with one port in a trunk mode, with all VLANs (wired
and wireless) allowed on the trunk. Ports to the 2106s should be in forward state as soon as
the controller is switched on, even if the port is a trunk.
On ports to the LAPs and on ports to the WLCs, apply the appropriate QoS policy.
In the future, 1250 802.11n access points will be added to your network. These access
points need enhanced PoE. Use task 2 section to make sure that you know how to configure
802.3at to support these access points where needed. The first series of access points to be
installed will use AC power adapters.
Devices Information
The table provides information about device locations:
Device
Role
Network location
AP1
Autonomous AP
ASW1 P4
AP2
HREAP
ASW1 P5
AP3
Lightweight AP
ASW1 P6
AP4
Autonomous AP
ASW2 P4
AP5
HREAP
ASW2 P5
AP6
Lightweight AP
ASW2 P6
WLC1
Wireless controller 2106
DSW1 P7
WCS1
Wireless Control System
DSW1 P6
WLC2
Wireless controller 2106
DSW2 P7
WCS2
Wireless Control System
DSW2 P6
Network Diagram
Visual Objective for Lab 9-1: Integrating

Wireless in the Campus
SWITCH v1.053
Lab Guide
331
Command List
332
Command
Description

interface range
fastethernet |
gigabitethernet
name vlan-name
Specifies a name for a VLAN for either VLAN database or

VLAN configuration mode.
show vlan

vlan-id

trunking.

Puts the interface into permanent trunking mode and negotiates

to convert the link into a trunk link.

switchport trunk
encapsulation dot1q
vlan vlan-id
Enters a VLAN ID, and enter config-vlan mode. Enter a new

VLAN ID to create a VLAN, or enter an existing VLAN ID to
modify that VLAN.
Job Aids
Value
Location
Task 1

form
Task 2
Blank student notes
Task 3
End of this lab
Hint Section
Hint Section
Verification hints
Hint Section
Lab Guide
333
Task 1: Create an Implementation Requirement List for

Wireless Integration in the Campus
Device
334
High Level Task
Information Source

Complete
Device
Implementation
order

expected results
Lab Guide
335
Complete
336
Device
Implementation
order

expected results
Enhanced PoE configuration: Later on, 1250 APs and Enhanced PoE (802.3at) switches will be
added to your network.
Answer the following questions:
1. How will the first APs be powered?
__________________________________________________________________________
__________________________________________________________________________
2. Can you use the same PoE switch for both the first APs and the future 1250 APs?
__________________________________________________________________________
__________________________________________________________________________
3. Can the 1250 APs be powered from a standard 802.3af switch or do they need a special
switch?
__________________________________________________________________________
__________________________________________________________________________
4. Document the steps required to configure PoE on switch ports to these access points:
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
337

verification steps.
338
Student Notes
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
339
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
340

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
341
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
342

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
343
Hints
Lab 9-1 Hint Sheet: Integrating Wireless in the Campus

344
Device
Hint
ASW1
AP1
ASW1
AP2
ASW1
AP3
ASW2
AP4
ASW2
AP5
ASW2
AP6
DSW1
WLC1
DSW1
WCS1
DSW2
WLC2
DSW2
WCS2
Device
High Level Task
Information Source
ASW1
AP2

ASW1
AP3

ASW2
AP4

ASW2
AP5

ASW2
AP6

DSW1
WLC1

DSW1
WCS1

DSW2
WLC2

DSW2
WCS2


Complete
Device
Implement
ation order
ASW1
ASW1
switchport trunk allowed vlan 3,63
sh interface
Fa0/11 trunk
mls qos trust cos
show mls qos
ASW1
ASW1
ASW1
ASW1
ASW1
mls qos trust dscp
ASW1
ASW1
ASW1
10
ASW1
11
ASW1
12
mls qos trust dscp
ASW2
13
ASW2
14
15
ASW2
16
mls qos trust cos
ASW2
17
ASW2
18
19
ASW1
ASW2
ASW2
Verification
method and
expected results
sh interface
Fa0/12 trunk
show vlan
sh interface
Fa0/11 trunk
sh interface
Fa0/12 trunk
Lab Guide
345
Complete
Device
Implement
ation order
ASW2
20
mls qos trust dscp
ASW2
21
vlan 12
ASW2
22
ASW2
23
ASW2
24
ASW2
25
ASW2
26
mls qos trust dscp
ASW2
27
interface f0/1
ASW2
28
switchport trunk allowed vlan add 12
DSW1
29
DSW1
30
DSW1
31
32
switchport trunk allowed vlan 3,11,63
DSW1
33
DSW1
34
mls qos trust cos
DSW1
35
DSW1
36
DSW1
37
DSW2
38
vlan 12
DSW2
39
DSW2
40
DSW2
41
42
switchport trunk allowed vlan 4,12,64
43
DSW1
DSW2
DSW2
346
Verification
method and
expected results
show vlan
sh interface
Fa0/12 trunk
show vlan
sh interface
Fa0/12 trunk
Complete
Device
Implement
ation order
DSW2
44
mls qos trust cos
DSW2
45
interface f0/6
DSW2
46
switchport trunk allowed vlan add 12
DSW2
47
DSW2
48
DSW2
49
Verification
method and
expected results
show vlan
Enhanced PoE configuration:

1. How will the first APs be powered?
Using AC power adapters, as per the Information Packet, so no PoE is required yet.
2. Can you use the same PoE switch for both the first APs and the future 1250 APs?
Yes, if the switch:
- Provides enhanced power.
- Has enough power resources available.
3. Can the 1250 APs be powered from a standard 802.3af switch or do they need a special
switch?
The standard switch provide 15 W max, as per the 802.3af specification, which is not
enough for the 1250 AP, but is enough for most other APs. The 1250 AP needs a
switch that provides Enhanced Power.
Enhanced PoE is configured at the port level. For the 1250 AP, you need to allow 20W. This is
done, for example, on interface g0/1 (1250 APs require gigabit interfaces):
Switch(config)# interface gigabitEthernet0/1
Switch(config-if)# power inline port maximum 20000
Lab Guide
347
Step 1
Step 2
Configure AP on ASW1:
ASW1(config)# interface range FastEthernet0/11-12
ASW1(config-if)# switchport mode trunk
ASW1(config-if)# switchport trunk allowed vlan 4,63
ASW1(config-if)# interface f0/11
ASW1(config-if)# interface f0/12
ASW1(config-if)# mls qos trust dscp
ASW1(config-if)# interface FastEthernet0/13
ASW1(config-if)# spanning-tree portfast
ASW1(config-if)# mls qos trust dscp
Step 3
Repeat steps 1 and 2 on ASW2.
Step 4
Configure WLC1 on DSW1:

DSW1(config)# mls qos
DSW1(config-if)# switchport mode trunk
DSW1(config-if)# switchport trunk allowed vlan 4,11,63
DSW1(config-if)# spanning-tree portfast trunk
DSW1(config-if)# mls qos trust cos
Step 5
Configure WCS1 on DSW1:

DSW1(config-if)# switchport mode access
DSW1(config-if)# switchport access vlan 3
Step 6
348
Repeat steps 4 and 5 on DSW2.
Ending Configurations
Your configuration should be similar to the following example.
On switch ASW1:
ASW1#show running-config
!
!
version 12.2
service config
no service pad
service timestamps debug datetime localtime
service timestamps log uptime
no service password-encryption
!
hostname ASW1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
clock timezone eastern -5
system mtu routing 1500
ip subnet-zero
no ip domain-lookup
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
shutdown
!
shutdown
!
/ (output omitted, all subsequent interfaces are shut)
!
shutdown
!
interface GigabitEthernet0/1
shutdown
!
interface GigabitEthernet0/2
shutdown
!
interface Vlan1
ip address 10.1.1.1 255.255.255.0
no ip route-cache
!
!
Lab Guide
349
ip http server
ip http secure-server
!
control-plane
!
alias exec init-2-2 configure replace flash:/switch/lab2-2.cfg force
alias exec init-3-2-A configure replace flash:/ switch/lab_3_2_A.cfg force
alias exec init-3-2-B configure replace flash:/switch/lab_3_2_B.cfg force
alias exec init-4-2-A configure replace flash:/switch/lab_4_2_A.cfg force
alias exec init-4-2-B configure replace flash:/switch/lab_4_2_B.cfg force
alias exec init-4-2-C configure replace flash:/switch/lab_4_2_C.cfg force
!
line con 0
logging synchronous
line vty 0 4
password cisco
logging synchronous
login
line vty 5 15
password cisco
login
!
end
The switch automatically generated some of these configuration lines; others were pasted by
your instructor before the beginning of the class. All the items that you configured should be
there.
Other Switches:
Repeat the same process on the other switches, changing the values that are different on each
switch.
350
Lab 2-1 Design and Implement VLANs, Trunks, and

EtherChannel
Your configuration should be similar to the following. Only the configuration sections relevant
to this lab are displayed.
On switch ASW1:
ASW1#sh run
!
!
!
!
!
!
On switch ASW2:
ASW2#sh run
!
!
!
!
!
!
Lab Guide
351
On switch DSW1:
DSW1#sh run
!
!
!
shutdown
!
!
!
shutdown
!
shutdown
!
shutdown
!
!
!
!
!
!
352
On switch DSW2:
DSW2#sh run
!
!
shutdown
!
!
!
!
shutdown
!
shutdown
!
shutdown
!
!
!
!
Lab Guide
353
On switch CSW1:
CSW1#sh run
!
!
shutdown
!
!
!
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
!
!
354
!
!
!
!
shutdown
On switch CSW2:
CSW2#sh run
!
!
shutdown
!
!
!
!
!
shutdown
!
Lab Guide
355

shutdown
!
shutdown
!
shutdown
!
!
!
!
!
!
!
356
Lab 2-3 Implement Private VLANs

Your configuration should be similar to the following. Only the configuration sections relevant
to this lab are displayed.
Router R1:
Interface f0/0.51
Encapsulation dot1q 51
Ip address 10.1.51.1 255.255.255.0
Router R2:
Interface f0/1
Ip address 10.1.51.2 255.255.255.0
No shutdown
Switch CSW1:
Vlan 51,501
!
vlan 501
private-vlan association 51
vlan 51
name TestIsolated
!
Interface f0/11
Switchport trunk allowed vlan add 51
!
Interface f0/12
No shutdown
Lab Guide
357

Ending Configurations for Task 1:
On switch DSW1:
On switch CSW2:
On switch DSW2:
On switch CSW2:
358
Ending Configurations for MST

MSTP on switch DSW1:
!
spanning-tree mode mst
!
spanning-tree mst configuration
name region1
revision 1
instance 1 vlan 1, 3, 11, 63, 65
instance 2 vlan 4, 12, 64, 66
!
spanning-tree mst 0-1 priority 24576
spanning-tree mst 2 priority 28672
DSW1#sho spanning-tree
MST0
Spanning tree enabled protocol mstp
Root ID
Priority
24576
Address
001f.2721.8680
This bridge is the root
Hello Time
2 sec Max Age 20 sec
Bridge ID
Priority
Address
Hello Time
Interface
------------------Fa0/5
Fa0/6
Fa0/7
Po31
Po32
Role
---Desg
Desg
Desg
Desg
Desg
24576 (priority 24576 sys-id-ext 0)

001f.2721.8680
2 sec Max Age 20 sec Forward Delay 15 sec
Sts
--FWD
FWD
FWD
FWD
FWD
Cost
--------200000
200000
200000
100000
100000
Prio.Nbr
-------128.7
128.8
128.9
128.296
128.304
MST1
Root ID
Priority
24577
Address
001f.2721.8680
Hello Time
Bridge ID
Priority
Address
Hello Time
Interface
------------------Fa0/5
Fa0/6
Fa0/7
Po31
Po32
Role
---Desg
Desg
Desg
Desg
Desg
Forward Delay 15 sec
Type
---------------------P2p
P2p
P2p
P2p
P2p

001f.2721.8680
Sts
--FWD
FWD
FWD
FWD
FWD
Cost
--------200000
200000
200000
100000
100000
Prio.Nbr
-------128.7
128.8
128.9
128.296
128.304
Type
-----------------------P2p
P2p
P2p
P2p
P2p
Lab Guide
359
MST2
Priority
24578
Root ID
Address
001f.2721.8600
Cost
200000
Port
7 (FastEthernet0/5)
Hello Time
Bridge ID
Priority
Address
Hello Time
Interface
------------------Fa0/5
Fa0/6
Fa0/7
Po31
Po32
Role
---Root
Desg
Desg
Desg
Altn

001f.2721.8680
Sts
--FWD
FWD
FWD
FWD
BLK
Cost
--------200000
200000
200000
100000
100000
Prio.Nbr
-------128.7
128.8
128.9
128.296
128.304
Type
------------------------P2p
P2p
P2p
P2p
P2p
DSW1#
MST on switch DSW2:

!
!
name region1
revision 1
instance 1 vlan 1, 3, 11, 63, 65
!
spanning-tree mst 0-1 priority 28672
spanning-tree mst 2 priority 24576
DSW2#sho spanning-tree
MST0
Root ID
Priority
24576
Address
001f.2721.8680
Cost
0
Port
7 (FastEthernet0/5)
Hello Time
Bridge ID
Priority
Address
Hello Time
Interface
------------------Fa0/5
Fa0/6
Fa0/7
Po31
Po32
360
Role
---Root
Desg
Desg
Altn
Altn

001f.2721.8600
Sts
--FWD
FWD
FWD
BLK
BLK
Cost
--------200000
200000
200000
100000
100000
Prio.Nbr
-------128.7
128.8
128.9
128.296
128.304
Type
-------------------------P2p
P2p
P2p
P2p
P2p
MST1
Priority
24577
Root ID
Address
001f.2721.8680
Cost
200000
Port
7 (FastEthernet0/5)
Hello Time
Bridge ID
Priority
Address
Hello Time
Interface
------------------Fa0/5
Fa0/6
Fa0/7
Po31
Po32
Role
---Root
Desg
Desg
Altn
Altn

001f.2721.8600
Sts
--FWD
FWD
FWD
BLK
BLK
Cost
--------200000
200000
200000
100000
100000
Prio.Nbr
-------128.7
128.8
128.9
128.296
128.304
MST2
Root ID
Priority
24578
Address
001f.2721.8600
Hello Time
Bridge ID
Priority
Address
Hello Time
Interface
------------------Fa0/5
Fa0/6
Fa0/7
Po31
Po32
Role
---Desg
Desg
Desg
Desg
Desg
Type
------------------------P2p
P2p
P2p
P2p
P2p

001f.2721.8600
Sts
--FWD
FWD
FWD
FWD
FWD
Cost
--------200000
200000
200000
100000
100000
Prio.Nbr
-------128.7
128.8
128.9
128.296
128.304
Type
-------------------------P2p
P2p
P2p
P2p
P2p
DSW2#
MST on switches ASW1, ASW2, CSW1, and CSW2:

!
name region1
revision 1
instance 1 vlan 1, 3, 11, 63, 65
Lab Guide
361

PVRST+
on all switches on your pod
spanning-tree mode rapid-pvst

On switches ASW1 and ASW2:
interface Vlan3
ip address 10.1.3.10 255.255.255.0
On switches DSW1 and DSW2:

ip routing
no switchport
ip address 10.1.253.0 255.255.255.254
no switchport
ip address 10.1.253.2 255.255.255.254
no switchport
no ip address
!
no switchport
no ip address
!
no switchport
ip address 10.1.253.4 255.255.255.254
!
interface Vlan4
ip address 10.1.4.1 255.255.255.0
!
interface Vlan11
ip address 10.1.11.1 255.255.255.0
!
router eigrp 10
no auto-summary
network 10.1.0.0 0.0.255.255
362
On switches CSW1 and CSW2:

no switchport
ip address 10.1.253.1 255.255.255.254
no switchport
ip address 10.1.253.9 255.255.255.254
no switchport
ip address 10.1.253.10 255.255.255.254
no switchport
no ip address
!
no switchport
no ip address
!
no switchport
no ip address
!
no switchport
ip address 10.1.253.12 255.255.255.254
!
no switchport
ip address 10.1.253.14 255.255.255.254
!
router eigrp 10
no auto-summary
network 10.1.0.0 0.0.255.255
On routers R1 and R2:

ip address 10.1.253.13 255.255.255.254
speed 100
full-duplex
!
ip address 10.1.253.19 255.255.255.254
speed 100
full-duplex
!
router eigrp 10
no auto-summary
network 10.1.0.0 0.0.255.255
Lab Guide
363
Lab 5-1: Implementing High Availability and Reporting in a

Network Design
On switch CSW1:
ip sla 1
icmp-echo 10.1.3.10
ip sla schedule 1 life forever start-time now
logging 10.1.3.50
logging trap informational
snmp-server community ciscor ro
snmp-server host 10.1.3.50 traps ciscor
snmp-server enable traps config
snmp-server enable traps vlan-membership
snmp-server enable traps errdisable
On switch DSW2:
logging 10.1.4.100
logging trap informational
snmp-server community ciscor ro
snmp-server host 10.1.4.100 traps ciscor
snmp-server enable traps config
snmp-server enable traps vlan-membership
snmp-server enable traps errdisable

On switch DSW1:
interface Vlan3
ip address 10.1.3.3 255.255.255.0
standby 3 preempt
standby 3 track Port-channel31 20
interface Vlan4
ip address 10.1.4.3 255.255.255.0
standby 4 preempt
On switch DSW2:
interface Vlan3
ip address 10.1.3.2 255.255.255.0
standby 3 preempt
interface Vlan4
ip address 10.1.4.2 255.255.255.0
standby 4 preempt
end
364

On switch CSW1:
interface Vlan10
ip address 10.1.253.25 255.255.255.248
On switch CSW2:
interface Vlan20
ip address 10.1.253.33 255.255.255.248
On router R1:
ip address 10.1.253.27 255.255.255.248
duplex auto
speed auto
vrrp 1 ip 10.1.253.30
vrrp 1 priority 150
ip address 10.1.253.36 255.255.255.248
duplex auto
speed auto
vrrp 2 ip 10.1.253.34
end
State is Master
Preemption enabled
Priority is 150
State is Backup
Preemption enabled
Priority is 100
Master Down interval is 3.609 sec (expires in 3.389 sec)
Lab Guide
365
On router R2:
ip address 10.1.253.35 255.255.255.248
duplex auto
speed auto
vrrp 2 ip 10.1.253.34
vrrp 2 priority 150
ip address 10.1.253.26 255.255.255.248
duplex auto
speed auto
vrrp 1 ip 10.1.253.30
show vrrp
State is Backup
Preemption enabled
Priority is 100
Master Down interval is 3.609 sec (expires in 3.217 sec)
State is Master
Preemption enabled
Priority is 150
Lab 7-1: Secure Network Switches to Mitigate Security Attacks

On switch ASW1:
spanning-tree portfast bpduguard default
ip dhcp snooping
switchport port-security violation restrict
switchport port-security mac-address 0050.5684.3a29
On switch ASW2:
ip dhcp snooping
366

switchport port-security mac-address sticky
On switch DSW1:
action drop
action forward
On switch DSW2:
action drop
action forward
Lab Guide
367
Lab 8-1: Plan Implementation and Verification of VoIP in a

Campus Network
On switches ASW1 and ASW2:
switchport trunk allowed vlan 3,4,11,12,63-66
priority-queue out
mls qos trust dscp
auto qos voip trust
priority-queue out
mls qos trust dscp
auto qos voip trust
switchport priority extend trust
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
service-policy input AutoQoS-Police-CiscoPhone
switchport priority extend trust
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
service-policy input AutoQoS-Police-CiscoPhone
368
On switch DSW1:
ip dhcp excluded-address 10.1.63.1 10.1.63.49
ip dhcp pool vlan63
network 10.1.63.0 255.255.255.0
option 150 ip 10.1.63.11 10.1.64.12
lease 8
ip dhcp pool vlan64
network 10.1.64.0 255.255.255.0
option 150 ip 10.1.63.11 10.1.64.12
lease 8
priority-queue out
mls qos trust dscp
auto qos voip trust
priority-queue out
mls qos trust dscp
auto qos voip trust
priority-queue out
mls qos trust dscp
auto qos voip trust
priority-queue out
mls qos trust dscp
auto qos voip trust
no shut
interface Vlan 63
ip address 10.1.63.3 255.255.255.0
standby 63 ip 10.1.63.1
standby 63 preempt
interface Vlan 64
ip address 10.1.64.3 255.255.255.0
standby 64 ip 10.1.64.1
standby 64 preempt
Lab Guide
369
On switch DSW2:
ip dhcp pool vlan63
network 10.1.63.0 255.255.255.0
option 150 ip 10.1.63.11 10.1.63.12
lease 8
ip dhcp pool vlan64
network 10.1.64.0 255.255.255.0
option 150 ip 10.1.63.11 10.1.64.12
lease 8
priority-queue out
mls qos trust dscp
auto qos voip trust
priority-queue out
mls qos trust dscp
auto qos voip trust
priority-queue out
mls qos trust dscp
auto qos voip trust
priority-queue out
mls qos trust dscp
auto qos voip trust
no shut
interface Vlan 63
ip address 10.1.63.2 255.255.255.0
standby 63 ip 10.1.63.1
standby 63 preempt
interface Vlan 64
ip address 10.1.64.2 255.255.255.0
standby 64 ip 10.1.64.1
standby 64 preempt
370
On switches CSW1 and CSW2:

no switchport
no ip address
priority-queue out
mls qos trust dscp
auto qos voip trust
no switchport
no ip address
priority-queue out
mls qos trust dscp
auto qos voip trust
no switchport
no ip address
priority-queue out
mls qos trust dscp
auto qos voip trust
no switchport
no ip address
priority-queue out
mls qos trust dscp
auto qos voip trust
Lab Guide
371
Lab 9-1 Integrating Wireless in the Campus:

On ASW1:
description AP1
description AP2
description AP3
mls qos trust dscp
On ASW2:
description AP4
description AP5
description AP6
mls qos trust dscp
On DSW1:
mls qos
description WLC1
switchport trunk allowed vlan 1,4,11,63
spanning-tree portfast trunk
mls qos trust cos
description WCS1
372
On DSW2:
mls qos
description WLC2
switchport trunk allowed vlan 1,4,11,63
spanning-tree portfast trunk
mls qos trust cos
description WCS2
Lab Guide
373
Pod Physical Ports Map
P2
R2
P3
DSW2
P1
R2
P2
DSW2
P2
R1
P1
DSW2
P1
R1
P5
DSW1
P5
CSW2
P4
DSW1
P4
CSW2
P3
DSW1
P3
CSW2
P2
DSW1
P2
P1
DSW1
CSW2
P1
CSW2
P3
ASW2
CSW1
P2
ASW2
P5
P4
CSW1
P1
ASW2
374
P4
P5
DSW2
DSW2
Physical port in your pod
CSW1
P3
ASW1
P3
P2
P2
ASW1
CSW1
P1
P1
ASW1
CSW1
Port Name on the map
Device
Device
Port Name on the map
Physical port in your pod
During the implementation process, you must determine, for each switch, which port connects
to which neighbor. The ports represented on each device connection in the Visual Objective are
generic ports. Each port can represent one or several physical interface. Use the following table
to document the physical interfaces used in your pod. You will use this information throughout
the labs:
SWITCH v1.01
Visual Objective for Lab 1-1: New Hire Test
Lab 1-1 Network Diagram
SWITCH v1.02
Lab Guide
375
Visual Objective for Lab 2-1: Design and

Implement VLANs, Trunk and EtherChannel
376
SWITCH v1.03
Visual Objective for Lab 2-2: Troubleshoot

Common VLAN Configuration and Security
Issues
SWITCH v1.04
Lab Guide
377
Visual Objective for Lab 2-3: Configure Private

VLANs
378
SWITCH v1.05

Multiple Spanning Tree
SWITCH v1.06
Lab Guide
379

PVRST+
380
SW ITCH v1.07

Spanning Tree Issues
SWITCH v1.08
Lab Guide
381

Inter-VLAN Routing
382
SWITCH v1.09
Visual Objective for Lab 5-1: Implement HA in

a Network Design
SWITCH v1.011
Lab Guide
383
Visual Objective for Lab 6-1: Implement and

Tune HSRP
384
SWITCH v1.012

VRRP
SWITCH v1.013
Lab Guide
385
Visual Objective for Lab 7-1: Secure Network

Switches to Mitigate Security Attacks
386
SWITCH v1.014
Visual Objective for Lab 8-1: Plan

Implementation of VoIP in a Campus Network
SWITCH v1.015
Lab Guide
387
388
Visual Objective for Lab 9-1: Integrating

Wireless in the Campus
SWITCH v1.016
Lab Guide
389
390

SWITCH10 LabGuide

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

SWITCH10 LabGuide

Diunggah oleh

Hak Cipta:

Format Tersedia

SWITCH

Lab 1-1: New Hire Test

Lab 2-1: Design and implement VLANs, trunks, and EtherChannel

Lab 2-2: Troubleshoot Common VLAN Configuration and Security Issues

Lab 2-3: Implement Private VLANs

Lab 3-1: Implement Multiple Spanning Tree

Lab 3-2: Implement PVRST+

Lab 3-3: Troubleshoot Spanning Tree Issues

Lab 4-1: Implement Inter-VLAN Routing

Lab 4-2: Troubleshooting Inter-VLAN Routing

Lab 5-1: Implementing High Availability and Reporting in a Network Design

Lab 6-1: Implement and Tune HSRP

Lab 6-2: Implementing VRRP

Lab 7-1: Secure Network Switches to Mitigate Security Attacks

Lab 8-1: Plan implementation and Verification of VoIP in a Campus Network

Lab 9-1: Integrating Wireless in the Campus

Lab 1-1: New Hire Test

Prepare basic configuration templates for your switches.

Explore the remote lab devices connections.

Deploy configuration templates to your switches.

Verify your configurations according to the verification plan you created.

Implementing Cisco Switched Networks (SWITCH) v1.0

2009 Cisco Systems, Inc.

Telnet is allowed to all possible vty interfaces and must be configured.

All passwords are cisco.

Terminal idle timeout must be set to 0 (unlimited).

Log messages should appear with a timestamp.

All unused interfaces must be set to shutdown.

2009 Cisco Systems, Inc.

Layer 2 access switch

Layer 2 access switch

Implementing Cisco Switched Networks (SWITCH) v1.0

2009 Cisco Systems, Inc.

Visual Objective for Lab 1-1: New Hire Test

2009 Cisco Systems, Inc. All rights reserved.

2009 Cisco Systems, Inc.

Enters global configuration mode, from privileged EXEC mode.

clock set hh:mm [:ss] month day

Manually sets the clock on the device.

Saves your entries in the configuration file.

(Optional) Specifies the IP address of the default router for a

Adds a description (up to 240 characters) for an interface.

Specifies the domain name for the client.

duplex {auto | full | half}

Sets the duplex parameter for the interface.

enable password password

Sets the privileged EXEC mode command interpreter.

Sets the idle terminal timeout interval.

Exits the current mode.

Manually configures a system name.

Enters interface configuration mode for a Cisco Catalyst switch

Specifies the range of interfaces (VLANs or physical ports)

Enters interface configuration mode, and enters the VLAN to

Sets the IP address and subnet mask.

Defines a default gateway (router) when IP routing is disabled.

line [aux | console | vty]

Modifies console, aux, and virtual terminal settings.

Enables message logging.

Enables synchronous logging of messages.

Enables password checking at login.

Disables DNS-based hostname-to-address translation on the

Assigns a password to a terminal or other device on a line.

Implementing Cisco Switched Networks (SW ITCH) v1.0