Anda di halaman 1dari 26

CCNPv7 SWITCH

Skills-Based Assessment
Topology

Objectives
Part 1: Build the physical network topology (optional).
Part 2: Configure the switches in the topology according to the diagram and the specifications provided.
Part 3: Test the network for connectivity and the configured options.

Exam Overview
This skills-based assessment (SBA) is the final practical exam for instructor training for the CCNPv6 SWITCH
course. It is similar to the student version, but differs in how the IP addressing and devices are configured. In
Part 1, you build the physical network. In Part 2, you configure various features such as trunking,
EtherChannel, VTP, VLANs, SVIs, routed links, OSPF, HSRP, port security, and DHCP snooping. In Part 3,
you create a Tcl script to test IP connectivity and use show commands to verify the configured options. This
exam combines building the network with device configuration and troubleshooting.

All contents are Copyright © 1992–2010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 26
CCNPv6 SWITCH

Note: This lab uses Cisco WS-C2960-24TT-L switches with the Cisco IOS image c2960-lanbasek9-mz.122-
46.SE.bin, and Catalyst 3560-24PS with the Cisco IOS image c3560-advipservicesk9-mz.122-46.SE.bin. You
can use other switches (such as 2950 or 3550) and Cisco IOS Software versions if they have comparable
capabilities and features. Depending on the switch model and Cisco IOS Software version, the commands
available and output produced might vary from what is shown in this lab.

Required Resources
 2 switches (Cisco 2960 with the Cisco IOS Release 12.2(46)SE C2960-LANBASEK9-M image or
comparable)
 2 switches (Cisco 3560 with the Cisco IOS Release 12.2(46)SE C3560-ADVIPSERVICESK9-mz
image or comparable)
 2 PCs (Windows OS)
 Ethernet and console cables

Part 1: Build the Physical Network (Optional)


Instructor note: It is up to the instructor’s discretion as to whether Part 1 is required, based on the
physical equipment and time available.
Connect all devices as shown in the topology. You must use the interfaces specified in diagram, if
possible. Clear previous configurations as required.

Part 2: Configure the network according to specifications.


1. Ensure that the VLAN 1 interface on all switches is not used for administrative management or user
traffic . Shutdown all ports. Activate ports as necessary in configuration of these interfaces. As a
security best practice, ensure that unused ports are moved to the Parking_LOT VLAN and are
statically configured as access ports. Set all basic administration passwords and remote login
passwords to cisco unless otherwise specified.
2. Configure the Fa0/11-12 link between DLS1 and DLS2 as a Layer 3 EtherChannel and assign a
subnet to it. (See chart in step 6 for subnet information.) Do not use a negotiation protocol.
3. Bind all inter-switch links in an EtherChannel using LACP.
4. Statically set all other inter-switch links as 802.1Q trunks. Ensure that the NATIVE VLAN is altered to
VLAN 777. Restrict trunks to only allow VLAN traffic from only VLANs used in this scenario. Disable
trunk negotiation.
5. Place all switches in the VTP domain LAB_TEST with all switches in VTP transparent mode to
support local VLANs.

All contents are Copyright © 1992–2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 26
CCNPv6 SWITCH

6. Use the table below to create local VLANs used in the campus network.

VLAN VLAN Name Subnet

10 Client 10.10.10.0/24

20 VOICE 10.10.20.0/24

30 Server 10.10.30.0/24

199 Management 10.10.199.0/24

777 Native_VLAN

900 Parking_LOT

L3 Subnet 10.10.12.0/30

7. Configure MSTP on all switches in the region TEST_LAB. Assign VLANs 10 and 20 to instance 1,
and VLANs 30 and 199 to instance 2. Ensure that DLS1 becomes the spanning-tree root for instance
1 and the backup root for instance 2. DLS2 should become the root for instance 2 and the backup
root for instance 1.
8. On DLS1 and DLS2, configure SVIs and HSRP to provide gateway redundancy for access layer
clients in VLANs 10, 20, 30, and 199. Create an SVI in VLANs 10, 20, 30, and 199, each with an IP
address and mask. Reference the chart below for IP address information. Map the HSRP group
number to the VLAN number.

DLS1 DLS2 ALS1 ALS2 HSRP VIP

10.10.10.2/24 10.10.10.3/24 10.10.10.1

10.10.20.2/24 10.10.20.3/24 10.10.20.1

10.10.30.2/24 10.10.30.3/24 10.10.30.1

10.10.199.2/24 10.10.199.3/24 10.10.199.4 10.10.10.199.5 10.10.199.1/24

9. Configure DLS1 as the active HSRP router for VLANs 10 and 20 with a priority value of 120, and
configure DLS2 as the backup. Configure DLS2 as the active router for VLANs 30 and 199 with a
priority value of 120, and configure DLS1 as the backup.
10. On DLS1, configure the loopback address of 200.200.200.1/24. This loopback address will be used in
conjunction with HSRP interface tracking.

All contents are Copyright © 1992–2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 26
CCNPv6 SWITCH

11. Configure a tracked object on DLS1 to check for reachability of the 200.200.200.1 loopback address
using an IP SLA. If reachability is lost, DLS1 should relinquish its role to as active router for VLANs
10 and 20.
12. Configure DLS1 as a DHCP server for VLAN 10 and DLS2 as DHCP server for the VLAN 30.
Exclude the first 10 addresses from each pool. Name the pool with VLAN number and name, i.e.,
VLAN_10_STUDENT. Set the DNS server to the loopback 200.200.200.1 address.
13. Configure all switches with DHCP snooping on VLAN 10, and 30 to guard against DHCP spoofing
and man-in-the-middle attacks.
14. On ALS1 and ALS2, create an SVI for MGMT VLAN 199 with an IP address from the VLAN 199
subnet assigned in Step 9.
15. For ALS1 and ALS2, specify the HSRP gateway address of VLAN 199 as the default gateway.
16. Enable PortFast on all access layer switch ports.
17. On ALS1, configure Fa0/6 as an access port using a MACRO and configure the the CLIENT to have
access to VLAN 10.
18. Configure Fa0/6 with a rate limit of 10 pps to prevent DHCP starvation attacks.
19. On ALS1, configure port Fa0/6 with port security. Allow up to two MAC addresses to be learned for IP
phone support. Enable sticky learning. Shut down the port if a violation occurs.
20. On ALS1, enable error disable autorecovery for the switchport in the event of a port security violation.
Set the auto recovery period to 30 seconds.
21. On ALS2, configure port Fa0/6 as an access port in FACULTY VLAN 30.
22. Configure IP routing on DLS1 and DLS2, and use OSPF to advertise 10.10.0/16. Ensure that the
routing information is only exchanged over the layer 3 EtherChannel. Hard code the router-id on both
devices. DLS1 should use 1.1.1.1 and DLS2 should use 2.2.2.2.
23. Configure all switching devices to synchronize using NTP with authentication. Use a NTP password
of s3cureNTP. DLS1 should be set as the NTP master. Ensure the clocks are accurate on all
devices.
24. Configure remote login on all switching devices using SSH version 2. Restrict remote login on the
VTY lines to only allow the management VLAN using the SSH protocol.
25. Configure client PC-A and PC-B to obtain an IP address from the DHCP server.
Instructor note: If PCs are not available, you can create an SVI in VLAN 10 on ALS1 and an SVI in
VLAN 30 on ALS2 for testing purposes.

Part 3: Test network connectivity and configured options.


a. Create a Tcl script to test connectivity from each distribution layer switch to the addresses you
assigned in the topology.
Note: The Cisco IOS Software for the access layer switches used in this SBA does not support Tcl
scripting.
tclsh

foreach address {
10.10.10.1

All contents are Copyright © 1992–2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 26
CCNPv6 SWITCH

10.10.10.2
10.10.10.3
10.10.20.1
10.10.20.2
10.10.20.3
10.10.199.1
10.10.199.2
10.10.199.3
10.10.199.4
10.10.199.5
10.10.12.1
10.10.12.2
10.10.10.11 (Obtain the IP from PC-A IP address)
10.10.30.1
10.10.30.2
10.10.30.3
10.10.30.12 (Obtain the IP from PC-B IP address)
} {
ping $address }

b. What is the show command used to verify that the correct VLANs exist on all switches and contain the
correct ports?
__show___________________________________________________________________
c. What is the show command used to verify that the EtherChannel between switches is configured
correctly?_________________________________________________________________________
d. What is the show command used to verify the spanning-tree configuration and root bridge (DLS1 or
DLS2) for each VLAN?_______________________________________________________________
e. What is the show command used to verify that the correct SVIs exist and that the correct HRSP
routers are primary and standby for each VLAN?___________________________________________
f. What is the command used to verify the IP SLA configuration? _______________________________
g. What is the command used to verify that client PC-A can ping server PC-B?_____________________
h. What is the command used to verify the traced route from client PC-A to server PC-B._____________
i. Test the HSRP configuration by shutting down the loopback interface on DLS1. Initiate a continuous
ping from the student VLAN PC. DLS1 should relinquish the HSRP active role. The host on the student
VLAN should see minimal disruption. Verify the result
j. Verify the routing configuration. Are DLS1 and DLS2 only neighboring across the Po3 interface? What
is the appropriate show command to verify.

Exam Notes:
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________

All contents are Copyright © 1992–2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 26
CCNPv6 SWITCH

__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________

All contents are Copyright © 1992–2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 6 of 26
CCNPv6 SWITCH

__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________

All contents are Copyright © 1992–2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 7 of 26
CCNPv6 SWITCH

Device Configurations (Instructor version)

Switch DLS1

hostname DLS1
!
enable secret 5 $1$JPpG$V2H6KfhZX7i5Ui0R0DKWx/
!
username SMITH password 0 cisco

vtp domain LAB_TEST


vtp mode transparent
ip routing
ip domain-name cisco.com
!
ip dhcp excluded-address 10.10.10.1 10.10.10.10
!
ip dhcp pool VLAN_10_STUDENT
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 200.200.200.1
!
!
ip dhcp snooping vlan 10,30
ip dhcp snooping
!
!
spanning-tree mode mst
spanning-tree extend system-id
!
spanning-tree mst configuration
name TEST_LAB
instance 1 vlan 10, 20
instance 2 vlan 30, 199
!
spanning-tree mst 1 priority 24576
!
vlan internal allocation policy ascending
!
vlan 10
name Student
!
vlan 20
name Voice
!
vlan 30
name Faculty
!
vlan 199
name Management
!
vlan 777
name NATIVE_VLAN
!
vlan 900

All contents are Copyright © 1992–2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 8 of 26
CCNPv6 SWITCH

name Parking_Lot
!
track 10 ip sla 1
!
ip ssh version 2

!
interface Loopback0
ip address 200.200.200.1 255.255.255.0
shutdown
!
interface Port-channel1
description connected to PO1 connected to ALS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 777
switchport trunk allowed vlan 10,20,30,199
switchport mode trunk
ip dhcp snooping trust
!
interface Port-channel2
switchport trunk encapsulation dot1q
switchport trunk native vlan 777
switchport trunk allowed vlan 10,20,30,199
switchport mode trunk
ip dhcp snooping trust
!
interface Port-channel3
no switchport
ip address 10.10.12.1 255.255.255.0
!
interface FastEthernet0/1
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/2
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/3
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/4
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/5
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/6

All contents are Copyright © 1992–2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 9 of 26
CCNPv6 SWITCH

switchport access vlan 199


switchport mode access
spanning-tree portfast
!
interface FastEthernet0/7
switchport trunk encapsulation dot1q
switchport trunk native vlan 777
switchport trunk allowed vlan 10,20,30,199
switchport mode trunk
channel-group 1 mode active
ip dhcp snooping trust
!
interface FastEthernet0/8
switchport trunk encapsulation dot1q
switchport trunk native vlan 777
switchport trunk allowed vlan 10,20,30,199
switchport mode trunk
channel-group 1 mode active
ip dhcp snooping trust
!
interface FastEthernet0/9
switchport trunk encapsulation dot1q
switchport trunk native vlan 777
switchport trunk allowed vlan 10,20,30,199
switchport mode trunk
channel-group 2 mode active
ip dhcp snooping trust
!
interface FastEthernet0/10
switchport trunk encapsulation dot1q
switchport trunk native vlan 777
switchport trunk allowed vlan 10,20,30,199
switchport mode trunk
channel-group 2 mode active
ip dhcp snooping trust
!
interface FastEthernet0/11
no switchport
no ip address
channel-group 3 mode on
!
interface FastEthernet0/12
no switchport
no ip address
channel-group 3 mode on
!
interface FastEthernet0/13
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/14
switchport access vlan 900
switchport mode access
shutdown
!

All contents are Copyright © 1992–2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 10 of 26
CCNPv6 SWITCH

interface FastEthernet0/15
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/16
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/17
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/18
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/19
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/20
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/21
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/22
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/23
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/24
switchport access vlan 900
switchport mode access
shutdown
!
interface GigabitEthernet0/1
switchport access vlan 900
switchport mode access
shutdown
!
interface GigabitEthernet0/2

All contents are Copyright © 1992–2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 11 of 26
CCNPv6 SWITCH

switchport access vlan 900


switchport mode access
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 10.10.10.2 255.255.255.0
standby 10 ip 10.10.10.1
standby 10 priority 120
standby 10 preempt
standby 10 track 10 decrement 30
!
interface Vlan20
ip address 10.10.20.2 255.255.255.0
standby 20 ip 10.10.20.1
standby 20 priority 120
standby 20 preempt
standby 20 track 10 decrement 30
!
interface Vlan30
ip address 10.10.30.2 255.255.255.0
standby 30 ip 10.10.30.1
standby 30 preempt
!
interface Vlan199
ip address 10.10.199.2 255.255.255.0
standby 199 ip 10.10.199.1
standby 199 preempt
!
router ospf 1
router-id 1.1.1.1
passive-interface default
no passive-interface Port-channel3
network 10.10.0.0 0.0.255.255 area 0
!
ip http server
ip http secure-server
!
ip sla 1
icmp-echo 200.200.200.1
frequency 5
ip sla schedule 1 life forever start-time now
access-list 10 permit 10.10.199.0 0.0.0.255
!
!
line con 0
line vty 0 4
access-class 10 in
password cisco
login local
transport input ssh
line vty 5 15
login

All contents are Copyright © 1992–2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 12 of 26
CCNPv6 SWITCH

transport input all


!
ntp authentication-key 1 md5 105D5A1A100517 7
ntp authenticate
ntp trusted-key 1
ntp master 5
end

Switch DLS2
hostname DLS2
!
enable secret 5 $1$plO0$k8H0Snb0FhHpugba3Lu3Q.
!
username smith password 0 cisco
vtp domain LAB_TEST
vtp mode transparent
ip routing
ip domain-name cisco.com
!
ip dhcp excluded-address 10.10.30.1 10.10.30.10
!
ip dhcp pool VLAN_30_FACULTY
network 10.10.30.0 255.255.255.0
default-router 10.10.30.1
dns-server 200.200.200.1
!
!
ip dhcp snooping vlan 10,30
ip dhcp snooping
!
!
spanning-tree mode mst
spanning-tree extend system-id
!
spanning-tree mst configuration
name TEST_LAB
instance 1 vlan 10, 20
instance 2 vlan 30, 199
!
spanning-tree mst 1 priority 28672
spanning-tree mst 2 priority 24576
!
vlan internal allocation policy ascending
!
vlan 10
name Student
!
vlan 20
name Voice
!
vlan 30
name Faculty
!
vlan 199

All contents are Copyright © 1992–2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 13 of 26
CCNPv6 SWITCH

name Management
!
vlan 777
name NATIVE_VLAN
!
vlan 900
name Parking_Lot
!
ip ssh version 2
!
interface Loopback0
ip address 200.200.200.1 255.255.255.0
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport trunk native vlan 777
switchport trunk allowed vlan 10,20,30,199
switchport mode trunk
switchport nonegotiate
ip dhcp snooping trust
!
interface Port-channel2
switchport trunk encapsulation dot1q
switchport trunk native vlan 777
switchport trunk allowed vlan 10,20,30,199
switchport mode trunk
switchport nonegotiate
ip dhcp snooping trust
!
interface Port-channel3
no switchport
ip address 10.10.12.2 255.255.255.0
!
interface FastEthernet0/1
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/2
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/3
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/4
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/5
switchport access vlan 900
switchport mode access

All contents are Copyright © 1992–2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 14 of 26
CCNPv6 SWITCH

shutdown
!
interface FastEthernet0/6
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/7
switchport trunk encapsulation dot1q
switchport trunk native vlan 777
switchport trunk allowed vlan 10,20,30,199
switchport mode trunk
switchport nonegotiate
channel-group 1 mode active
ip dhcp snooping trust
!
interface FastEthernet0/8
switchport trunk encapsulation dot1q
switchport trunk native vlan 777
switchport trunk allowed vlan 10,20,30,199
switchport mode trunk
switchport nonegotiate
channel-group 1 mode active
ip dhcp snooping trust
!
interface FastEthernet0/9
switchport trunk encapsulation dot1q
switchport trunk native vlan 777
switchport trunk allowed vlan 10,20,30,199
switchport mode trunk
switchport nonegotiate
channel-group 2 mode active
ip dhcp snooping trust
!
interface FastEthernet0/10
switchport trunk encapsulation dot1q
switchport trunk native vlan 777
switchport trunk allowed vlan 10,20,30,199
switchport mode trunk
switchport nonegotiate
channel-group 2 mode active
ip dhcp snooping trust
!
interface FastEthernet0/11
no switchport
no ip address
channel-group 3 mode on
!
interface FastEthernet0/12
no switchport
no ip address
channel-group 3 mode on
!
interface FastEthernet0/13
switchport access vlan 900
switchport mode access

All contents are Copyright © 1992–2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 15 of 26
CCNPv6 SWITCH

shutdown
!
interface FastEthernet0/14
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/15
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/16
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/17
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/18
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/19
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/20
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/21
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/22
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/23
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/24
switchport access vlan 900
switchport mode access
shutdown

All contents are Copyright © 1992–2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 16 of 26
CCNPv6 SWITCH

!
interface GigabitEthernet 0/1
switchport access vlan 900
switchport mode access
shutdown
!
interface GigabitEthernet 0/2
switchport access vlan 900
switchport mode access
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 10.10.10.3 255.255.255.0
standby 10 ip 10.10.10.1
standby 10 preempt
!
interface Vlan20
ip address 10.10.20.3 255.255.255.0
standby 20 ip 10.10.20.1
standby 20 preempt
!
interface Vlan30
ip address 10.10.30.3 255.255.255.0
standby 30 ip 10.10.30.1
standby 30 priority 120
standby 30 preempt
!
interface Vlan199
ip address 10.10.199.3 255.255.255.0
standby 199 ip 10.10.199.1
standby 199 priority 120
standby 199 preempt
!
router ospf 1
router-id 2.2.2.2
passive-interface default
no passive-interface Port-channel3
network 10.10.0.0 0.0.255.255 area 0
!
access-list 10 permit 10.10.199.0 0.0.0.255
!
line con 0
line vty 0 4
access-class 10 in
password cisco
login local
transport input ssh
line vty 5 15
login
!
End

All contents are Copyright © 1992–2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 17 of 26
CCNPv6 SWITCH

Switch ALS1
Note: When the auto qos voip cisco-phone command is used by itself on Fa0/6, it generates many global
and some interface-specific QoS-related commands in the running configuration. The Fa0/6 interface-specific
QoS-related commands are highlighted below.

hostname ALS1
!
enable secret 5 $1$ayIP$YDI6nAUvI/st.fa9G8kQH1
!
username smith password 0 cisco
vtp domain TEST_LAB
vtp mode transparent
!
!
ip dhcp snooping vlan 10,30
ip dhcp snooping
ip domain-name cisco.com
!
errdisable recovery cause psecure-violation
errdisable recovery interval 30
!
spanning-tree mode mst
spanning-tree portfast default
spanning-tree extend system-id
!
spanning-tree mst configuration
name TEST_LAB
instance 1 vlan 10, 20
instance 2 vlan 30, 199
!
!
vlan internal allocation policy ascending
!
vlan 10
name Student
!
vlan 12
name EXECUTIVES
!
vlan 20
name Voice
!
vlan 30
name Faculty
!
vlan 199
name Management
!
vlan 777
name NATIVE_VLAN
!
vlan 900
name Parking_Lot
!
ip ssh version 2

All contents are Copyright © 1992–2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 18 of 26
CCNPv6 SWITCH

!
interface Port-channel1
switchport trunk native vlan 777
switchport trunk allowed vlan 10,20,30,199
switchport mode trunk
switchport nonegotiate
ip dhcp snooping trust
!
interface Port-channel2
switchport trunk native vlan 777
switchport trunk allowed vlan 10,20,30,199
switchport mode trunk
switchport nonegotiate
ip dhcp snooping trust
!
interface FastEthernet0/1
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/2
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/3
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/4
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/5
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/6
switchport access vlan 10
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky 000c.29e0.5091
switchport port-security mac-address sticky 001b.2171.e081
spanning-tree portfast
ip dhcp snooping limit rate 10
!
interface FastEthernet0/7
switchport trunk native vlan 777
switchport trunk allowed vlan 10,20,30,199
switchport mode trunk
switchport nonegotiate

All contents are Copyright © 1992–2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 19 of 26
CCNPv6 SWITCH

channel-group 1 mode active


ip dhcp snooping trust
!
interface FastEthernet0/8
switchport trunk native vlan 777
switchport trunk allowed vlan 10,20,30,199
switchport mode trunk
switchport nonegotiate
channel-group 1 mode active
ip dhcp snooping trust
!
interface FastEthernet0/9
switchport trunk native vlan 777
switchport trunk allowed vlan 10,20,30,199
switchport mode trunk
switchport nonegotiate
channel-group 2 mode active
ip dhcp snooping trust
!
interface FastEthernet0/10
switchport trunk native vlan 777
switchport trunk allowed vlan 10,20,30,199
switchport mode trunk
switchport nonegotiate
channel-group 2 mode active
ip dhcp snooping trust
!
interface FastEthernet0/11
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/12
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/13
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/14
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/15
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/16
switchport access vlan 900
switchport mode access
shutdown

All contents are Copyright © 1992–2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 20 of 26
CCNPv6 SWITCH

!
interface FastEthernet0/17
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/18
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/19
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/20
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/21
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/22
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/23
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/24
switchport access vlan 900
switchport mode access
shutdown
!
interface GigabitEthernet0/1
switchport access vlan 900
switchport mode access
shutdown
!
interface GigabitEthernet0/2
switchport access vlan 900
switchport mode access
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan199

All contents are Copyright © 1992–2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 21 of 26
CCNPv6 SWITCH

ip address 10.10.199.4 255.255.255.0


!
ip default-gateway 10.10.199.1
ip http server
ip http secure-server
access-list 10 permit 10.10.199.0 0.0.0.255
!
!
line con 0
line vty 0 4
access-class 10 in
password cisco
login local
transport input ssh
line vty 5 15
login
!
End

Switch ALS2
hostname ALS2
!
enable secret 5 $1$tIDp$YoXHrUs/A0oq2FqjiEjC9.
!
username smith password 0 cisco
no aaa new-model
system mtu routing 1500
vtp domain TEST_LAB
vtp mode transparent
!
!
ip dhcp snooping vlan 10,30
ip dhcp snooping
ip domain-name cisco.com
!
!
spanning-tree mode mst
spanning-tree portfast default
spanning-tree extend system-id
!
spanning-tree mst configuration
name TEST_LAB
instance 1 vlan 10, 20
instance 2 vlan 30, 199
!
!
vlan internal allocation policy ascending
!
vlan 10
name Student
!
vlan 20
name Voice
!

All contents are Copyright © 1992–2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 22 of 26
CCNPv6 SWITCH

vlan 30
name Faculty
!
vlan 199
name Management
!
vlan 777
name NATIVE_VLAN
!
vlan 900
name Parking_Lot
!
ip ssh version 2
!
interface Port-channel1
switchport trunk native vlan 777
switchport trunk allowed vlan 10,20,30,199
switchport mode trunk
switchport nonegotiate
ip dhcp snooping trust
!
interface Port-channel2
switchport trunk native vlan 777
switchport trunk allowed vlan 10,20,30,199
switchport mode trunk
switchport nonegotiate
ip dhcp snooping trust
!
interface FastEthernet0/1
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/2
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/3
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/4
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/5
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/6
switchport access vlan 30
switchport mode access

All contents are Copyright © 1992–2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 23 of 26
CCNPv6 SWITCH

spanning-tree portfast
!
interface FastEthernet0/7
switchport trunk native vlan 777
switchport trunk allowed vlan 10,20,30,199
switchport mode trunk
switchport nonegotiate
channel-group 1 mode active
ip dhcp snooping trust
!
interface FastEthernet0/8
switchport trunk native vlan 777
switchport trunk allowed vlan 10,20,30,199
switchport mode trunk
switchport nonegotiate
channel-group 1 mode active
ip dhcp snooping trust
!
interface FastEthernet0/9
switchport trunk native vlan 777
switchport trunk allowed vlan 10,20,30,199
switchport mode trunk
switchport nonegotiate
channel-group 2 mode active
ip dhcp snooping trust
!
interface FastEthernet0/10
switchport trunk native vlan 777
switchport trunk allowed vlan 10,20,30,199
switchport mode trunk
switchport nonegotiate
channel-group 2 mode active
ip dhcp snooping trust
!
interface FastEthernet0/11
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/12
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/13
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/14
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/15
switchport access vlan 900

All contents are Copyright © 1992–2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 24 of 26
CCNPv6 SWITCH

switchport mode access


shutdown
!
interface FastEthernet0/16
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/17
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/18
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/19
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/20
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/21
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/22
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/23
switchport access vlan 900
switchport mode access
shutdown
!
interface FastEthernet0/24
switchport access vlan 900
switchport mode access
shutdown
!
interface GigabitEthernet0/1
switchport access vlan 900
switchport mode access
shutdown
!
interface GigabitEthernet0/2
switchport access vlan 900
switchport mode access

All contents are Copyright © 1992–2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 25 of 26
CCNPv6 SWITCH

shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan199
ip address 10.10.199.5 255.255.255.0
!
ip default-gateway 10.10.199.1
ip http server
ip http secure-server
access-list 10 permit 10.10.199.0 0.0.0.255
!
!
line con 0
line vty 0 4
access-class 10 in
password cisco
login local
transport input ssh
line vty 5 15
login
!
End

All contents are Copyright © 1992–2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 26 of 26