SWITCH | Implementing Cisco Switched Networks Version 1.0 Lab Guide ‘Text Part Number: 97-2836-01,cisco. Seseseu [DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED“AS IS" CISCO MAKES AND YOU RECEIVE NO WARRANTIES IN |CONNECTION WITH THE CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY OR IN ANY OTHER PROVISION OF [THIS CONTENT OR COMMUNICATION BETWEEN CISCO ANDYOU. CISCO SPECIFICALLY DISCLAIMS ALL IMPLIED | WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. This leaning product may contain early release fone, and wile Cisco believes it ta be soca, i fills subject othe disclaimer above, Lab Guide | (© 2008 Cisco Systems, Inc.All Rahs Reserved,Table of Contents Lab Guide Overview Outline Lab 1-1: New Hire Test Activity Objective Information Packet Materials, Command List Job Aids: Task 1: Establish an Implementation Requirements List Task 2: Create an Implementation and Verification Plan, Task 3: Implement and Verify Student Notes Alternate Resources and Solutions Lab 1-1: Key Commands and Tools Used Hints Lab 2-1: Design and Implement VLANs, Trunks, and EtherChannel Activity Objective Information Packet Command List Job Aids: Task 1: Establish an Implementation Requirements List Task 2: Create an Implementation and Verification Plan, Task 3: Implement and Verify Student Notes Alternate Resources and Solutions Lab 2-1: Key Commands and Tools Used Hints Lab 2-2: Troubleshoot Common VLAN Configuration and Security Issues Activity Objective Visual Objective Command List dob Aids Trouble Ticket A: Switch Replacement Has Failed Trouble Ticket B: VLAN 66 Access Problem ‘Trouble Ticket C: Gateway Unreachable Instructions ‘Troubleshooting Log Activity Verification Trouble Ticket A: Sample Troubleshooting Flow Alternate Resources and Solutions Trouble Ticket B: Sample Troubleshooting Flow Alternate Resources and Solutions Trouble Ticket C: Sample Troubleshooting Flow Alternate Resources and Solutions Lab 2-2: Key Commands and Tools Used Lab 2-3: Implement Private VLANs Activity Objective Information Packet Command List dob Aids. Task 1: Establish an Implementation Requirements List Task 2: Create an Implementation and Verification Plan, Task 3: Implement and Verify Student Notes Alternate Resources and Solutions Lab 2-3: Key Commands and Tools Used Hints Lab 3-1: Implement Multiple Spanning Tree 101 CoeVvownnaa be S028 OOLLR SOOO IINIDPQOQIAAIAAATARSOLORUNVNNA aoe SLFSSSSSLFRSLSTINSSRLSSSSSASSSELSLSSBBNBNNISENActivity Objective Information Packet Command List Job Aids Task 1: Observing STP Random State ‘Task 2: Create an Implementation Requirements List for MST ‘Task 3: Create Implementation and Verification Plan ‘Task 4: Implement and Verify Student Notes Alternate Resources and Solutions Lab 3-1: Key Commands and Tools Used Hints Lab 3-2: Implement PVRST+ Activity Objective Information Packet Command List dob Aids Task 1: Create an Implementation Requirements List for Migration to PVRST+ Task 2: Create an Implementation and Verification Plan for Your Solution Task 3: Implement and Verity Student Notes Alternate Resources and Solutions Lab 3-2: Key Commands and Tools Used Hints Lab 3-3: Troubleshooting Spanning Tree Issues Activity Objective Visual Objective Command List dob Aids Trouble Ticket A: Switch Optimization Failed Trouble Ticket B: Unstable STP Instructions Troubleshooting Log Activity Verification Ticket A: Sample Troubleshooting Flow Alternate Resources and Solutions Ticket B: Sample Troubleshooting Flow Alternate Resources and Solutions Lab 3-3: Key Commands and Tools Used Lab 4-1: Implement Inter-VLAN Routing Activity Objective Information Packet Command List Job Aids Task 1: Create a Layer 3 Design Task 2: Create an Implementation Requirements List for Inter-VLAN Routing Task 3: Create an Implementation and Verification Plan, Task 4: Implement and Verify Student Notes Alternate Resources and Solutions Lab 4-1: Key Commands and Tools Used Hints Lab 4-2: Troubleshooting Inter-VLAN Routing ‘Activity Objective Visual Objective Command List dob Aids Trouble Ticket A: Missing Routes on Some Switches ‘Trouble Ticket B: Troubleshoot EIGRP on Layer 3 Switches Trouble Ticket C: Disappearing Routes and VLANS 101 102 104 105 106 408 110 114 115 117 119 120 128 128 128 131 132 133 136 140 141 143 445 146 149 149 149 150 150 150 150 151 152 156 157 166 168 174 176 W7 177 178 181 182 183 184 185 186 187 189 191 192 202 202 202 203 203 204 204 204 Implementing Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems. ncInstructions 204 Troubleshooting Log 205 Activity Verification 209 Trouble Ticket A: Sample Troubleshooting Flow 210 Alternate Resources and Solutions 215 Trouble Ticket B: Sample Troubleshooting Fiow 217 Alternate Resources and Solutions 219 Trouble Ticket C: Sample Troubleshooting Flow 221 Alternate Resources and Solutions 224 Lab 4-2: Key Commands and Tools Used 226 Lab 5-1: Implementing High Availabilty and Reporting in a Network Design 227 Activity Objective 207 Information Packet 228 Command List 230 Job Aids 234 Task 1: Create an Implementation Requirements List for High Availability and Reporting 235 Task 2: Create an Implementation and Verification Plan 236 Task 3: Implement and Verify 237 Student Notes. 238 Alternate Resources and Solutions 240 Lab 5-1: Key Commands and Tools Used 242 Hints 243 Lab 6-1: Implement and Tune HSRP 250 Activity Objective 250 Information Packet 251 Command List 253 dob Aids 254 Task 1: Create an Implementation Requirements List for HSRP Configuration 255 Task 2: Create an Implementation and Verification Plan 256 Task 3: Implement and Verify 257 Student Notes. 258 Alternate Resources and Solutions 260 Lab 6-1: Key Commands and Tools Used 262 Hints 263, Lab 6-2: Implementing VRRP 266 Activity Objective 266 Information Packet 266 Command List 268 Job Aids 268 Task 1: Create an Implementation Requirements List for VRRP Configuration 269 Task 2: Create an Implementation and Verification Plan 270 Task 3: Implement and Verity 2m Student Notes. 272 Alternate Resources and Solutions 274 Lab 6-2: Key Commands and Tools Used 276 Hints 277 Lab 7-1: Secure Network Switches to Mitigate Security Attacks 280 Activity Objective 280 Information Packet 281 Command List 282 Job Aids 287 Task 1: Create an Implementation Requirements List for Security Configuration 288 Task 2: Create an Implementation and Verification Plan 289 Task 3: Implement and Verify 290 Student Notes. 291 Alternate Resources and Solutions 293 Lab 7-1: Key Commands and Tools Used 295 Hints 296 5 2008 Cisco Systems, Inc Implementing Cisco Switched Networks (SWITCH) v1.0 iiLab 8-1: Plan Implementation and Verification of VoIP in a Campus Network 303 Activity Objective 303 Information Packet 304 Command List 306 Job Aids 307 Task 1: Create an Implementation Requirements List for VoIP Integration in the Campus 308, Task 2: Create an Implementation and Verification Plan 309 Task 3: Implement and Verify 312 Student Notes. 313 Alternate Resources and Solutions 315 Lab 8-1: Key Commands and Tools Used 317 Hints 318 Lab 9-1: Integrating Wireless in the Campus 328 Activity Objective 328 Information Packet 329 Command List 331 Job Aids 332 Task 1: Create an Implementation Requirements Listfor Wireless Integration in the Campus 333, Task 2: Create an Implementation and Verification Plan 334 Task 3: Implement and Verify 337 Student Notes. 338 Alternate Resources and Solutions 340 Lab 9-1: Key Commands and Tools Used 342 Hints 343 Ending Configurations 347 Lab 1-1: New Hire Test 347 Lab 2-1 Design and Implement VLANs, Trunks, and EtherChannel 349 Lab 2-3 Implement Private VLANs 355 Lab 3-1: Implement Multiple Spanning Tree 356 Lab 3-2: Implement PVRST+ 360 Lab 4-1: Implement Inter-VLAN Routing 360 Lab 5-1: Implementing High Availability and Reporting in a Network Design 362 Lab 6-1: Implement and Tune HSRP 362 Lab 6-2: Implementing VRRP 363 Lab 7-1: Secure Network Switches to Mitigate Security Attacks 364 Lab 8-1: Pian Implementation and Verification of VoIP in a Campus Network 366 Lab 9-1 Integrating Wireless in the Campus’ 370 Pod Physical Ports Map 372 wv Implementing Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems. ncSWITCH Lab Guide Overview This guide presents the instructions and other information concerning the lab activities for the course, Hints are provided at the end of each lab, Ending configurations for each lab are provided at the end of the lab guide, Outline This guide includes these activities: Lab 1-1: Lab 2-1: New Hite Test Design and Implement VLANs, Trunks, and EtherChannel Troubleshoot Common VLAN Configuration and Security Issues Implement Private VLANs Implement Multiple Spanning Tree 2: Implement PVRST+ Troubleshoot Spanning Tree Issues Implement Inter-VLAN Routing 2: Troubleshoot Inter-VLAN Routing Implement High Availability and Reporting in a Network Design Implement and Tune HSRP 2: Implement VRRP Secure Network Switches to Mitigate Security Attacks Plan Implementation and Verification of VoIP in a Campus Network Integrate Wireless in the CampusLab 1-1: New Hire Test Complete this lab activity to confirm and refresh your skills from interconnecting Cisco Networking Devices Part | (ICND1) and interconnecting Cisco Networking Devices Part 2 (ICND2), Activity Objective You have achieved Cisco CCNA® certification, and you are at a job interview. The hiring manager hands you a packet of information, leads yu to a terminal, and simply say “Implement this.” Your task is to plan the implementation, then effectively configure the lab devices as per the given specifications before verifying that your configuration fulfills the requirements. Carefully read the “Information Packet Materials” section on the following pages, and proceed through the lab to establish an implementation requirements list, create an implementation and verification plan, and then configure the lab devices as per the specifications. Do not forget to verify and document your verifications, as the job interview results will depend on your implementation of the solution, After completing this activity, you will be able to meet these objectives: Prepare basic configuration templates for your switehes Explore the remote lab device connections Deploy configuration templates to your switches Verify your configurations according to the verification plan you created 2 Implementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neInformation Packet Materials This section contains the information that was given to you by the hiring manager at your interview, and includes the information needed to accomplish in this activity. Read it carefully. The information packet materials describe the requirements common to all devices in the network, along with information specific to each devi Implementation Policy The company has a large network. It is clearly stated that some settings must be consistent from one networking device to the next. The following list details the initial configuration requirements for all switches that will be connected to the company network. Your configuration must be consistent with these requirements: All switches must have a hostname, Hostnames are unique and must match the switeh designation on the network diagram displayed in the following pages. Telnet is allowed to all possible vty interfaces and must be configured Initial console access does not need to be protected by a password, Vty access and the enable password must be protected by a password All passwords are “cisco.” Terminal idle timeout must be set to 0 (unlimited). The logging synchronous command should be used so that logging messages appearing on the console of each switch do not disturb commands that are being entered, Log messages should appear with a time stamp. Time should be configured on the switches to match the current time in your class Commands entered incorreetly should not cause the switches to attempt to resolve the entry as a DNS name. Unless stated otherwise, the speed and duplex settings for all interfaces must be left to auto. All unused interfaces must be set to shutdown. All devices must have an IP address so that they can be man: (© 2009 Cisco Systems. Ine Lab Guide 3Device Information The table provides the information specific to each device in the network: Device Name _| Role IP Address Gateway | VLAN asi Layer 2 access switch | 10.1.1.1/24 tot4251 | 1 swe Layer2 access switch | 10.1.1.2/24 10.11.2521 pswi Layer 3 switch 104.1.11124 sor2st | 4 pswa Layer 3 switch 10.1.4.22124 sortase | 4 cswi Layer 3 switch soarttii04 sor2st | 4 cswa Layer 3 switeh 10:.4.222104 sori2se | 4 Rt Router FaQ0: 10.4.4.254124 1 R2 Router FaQ0: 10.4.4.252/24 1 During the implementation process, you must determine, for each switch, which port connects to which neighbor. The ports represented on each device connection in the Visual Objective are generic ports. Each port can represent one or several physical interfaces. When implementing your solution in Task 3, use the “Pod Physical Ports Map” table, available at the end of this Lab Guide, to document the physical interfaces used in your pod, and report this information on the large network diagram for this lab (Lab 1-1), which is also available at the end of this Lab Guide. You will use this information throughout the labs. 4 Implementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neVisual Objective The figure illustrates what you will accomplish in this activity Visual Objective for Lab 1-1: New Hire Test actors You can use the large version of the visual objective, which is available at the end of this Lab Guide, to write notes on the diagram. (© 2009 Cisco Systems. Ine Lab GuideCommand List The table describes the commands that are used in this activity. ‘Command, Description ‘configure terminal Enters global configuration mode, from privileged EXEC mode. ‘clock set hhimm ['ss] month day year Manually sets the clock on the device. ‘copy running-config startup- config ‘Saves your entries inthe configuration fie. default-routeraddress faddress2 address8] (Optional) Specifies the IP address ofthe default router fora DHCP client. The IP address should be on the same subnet as the client. One IP address is required; however, you can specily Up to eight IP addresses in one command line, These default routers are listed in order of preference; that is, address is the most preferred router, address2is the next most preferred router, and $0 on. description description ‘Adds a scription (up to 240 characters) for an interface. domain-name domain ‘Specifies the domain name for the client. duplex ‘auto | full | half) Sets the duplex parameter for the interface. enable password password Sets the privileged EXEC mode command interpreter. exec-timeout 0 0 Sets the idle terminal timeout interval exit Exits the current made. hostname hosiname ‘Manually configures a system name. interface fastethernet]| gigabitethernet siovjport Enters interface configuration mode for a Cisco Catalyst switch with a Fast Ethernet or Gigabit Ethemet interface installed interface range fastethernet | gigabitethernet slot/starting_port- ‘Species the range of interfaces (VLANs or physical ports) Configured, and enters interface-range configuration mode. ending_port interface vian 4 Enters interface configuration mode, and enters the VLAN to which the IP information is assigned, ip address jp addross subnet-mask | Sets the IP address and subnet mask. ip default-gateway Defines a default gateway (router) when IP routing is disabled, line faux | console | vty] beginning- line-number ending-tine-number] Modifies console, aux, and virtual terminal settings. logging console Enables message logging, logging synchronous Enables synchronous logging of messages. login Enables password checking at login. ‘no ip domai Disables DNS-based hostname-to-address translation on the switch, no shutdown Brings up an interface. password password ‘Assigns a password to a terminal or other device on a line. 6 Implementing Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, ne‘Command, ping ip-addross ‘Sends an ICMP echo request fo an IP address, Enables time stamps on log messages. Depending on the options selected, the time stampcan include the date, time in service timestamps log datetime | milliseconds relative tothe local time zone, and the time zone [msec] localtimelishow-timezone] | name. Enables time stamps on log messages, showing the time since service timestamps log uptime _| the system was rebooted, ‘show cdp neighbors [interface-id) | Displays Cisco Discovery Protocol information about neighbors, [etait including device type, interface type and number, hold time seltings, capabilites, platform, and port ID. ‘show interfaces fastethernet Displays administrative and operational status of switching ‘moa/port switchport (oonrouting) ports. show interfaces status Displays interface status, ‘show running-config Verifies your entries, shutdown ‘Shuts down an interface. ‘speed{10 | 100 | 1000 | auto [10] _| Sets the appropriate speed parameter for the interface: Enter 100 | 1000]] nonegotiato} 40, 100, oF 1000 to set a specific speed forthe interface. The 4000keyword is available only for 10/10/1000 Mbis ports. Enter auto to enable the interface to autonegotiate speed with the connected device. If you use the 10, 100, or the 1000 keywords with the auto keyword, the port autonegotiates only at the specified speeds. The nonegotiate keyword is available conly for SFP module ports. SFP module ports operate only at 1000 Mbis, but can be configured not to negotiate if connected to a device that does not support autonegoliation, telnetip-addross Uses Telnet to connect to an IP address. These are the job aids for this lab activity: Value Location Blank implementation requirements fist Task 1 Blank implementation and verification plan | Task 2 form Blank verification notes form Task 3 ‘Aliemate resources and solutions form End ofthis lab Key commands and tools used form End ofthis lab Implementation requirements hints “Hints” section at the end of this lab Implementation plan hints Hints" section atthe end ofthis lab Verification plan hints Hints" section at the end ofthis lab ‘Solution configuration answer key (step-by- | Configuration section at the end ofthis lab step procedure) (© 2009 Cisco Systems. Ine Lab Guide 7Task 1: Establish an Implementation Requirements List The first step in your configuration deploymentis to create a list ofthe items needed to configure each device (for example, device names, password values, trunk encapsulation types, etc.) Use the following table, the Visual Objective for this lab, and the information in the Implementation Policy” and “Device Information” sections to create an Implementation Requirements list. Include the high-level implementation tasks needed for each device and how to obtain the information required for each task. If you are unsure, use the information provided in the “Hints” section at the end of this lab. Device High-Level Task Information Source Implementing Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neTask 2: Create an Implementation and Verification Plan The second step in your configuration deployment isto create a task list that includes each item that must be configured on each device and in what order the items must be configured. The Implementation and Verification Plan is very important because it enables you to ensure that all requirements are properly configured and in the correet order. The task will help you set up configuration checkpoints, Use the plan to determine how you will verify that each required item was effectively configured. You will move to the actual implementation in the next task. Use the following table and the “Information Packet Materials” section to create the Implementation and Verification Plan. If you are unsure, use the information provided in the “Hints” section at the end of this lab. Complete | Device | implementation | Values and Items to Verification Method and v Order Implement Expected Results (© 2009 Cisco Systems. Ine Lab Guide 8Complete Implementation y Order Values and Items to Implement Verification Method and Expected Results 10 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neTask 3: Implement and Verify Now that you have all of the requirements and have planned the implementation, you are ready to connect to the remote lab. You can then implement your solution, Do not forget to save Once your solution is implemented, verify that your configuration is working and that it fulfills the requirements specified by the hiring manager. Keep in mind that once you leave the company, a network specialist will verify yourconfiguration. Your ability to implement the solution according to the specifications given to you by the hiring manager will determine whether or not you get the job. (© 2009 Cisco Systems. Ine LebGuide 11Student Notes Use the following space to document the details that you think are important to remember 12 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, ne(© 2009 Cisco Systems. Ine LebGuide 13Alternate Resources and Solutions Other groups may use a solution that is different from yours. Possible solutions will be discussed during the debriefing period after the lab. For your reference, use the following space to document other possible solutions. 14 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, ne(© 2009 Cisco Systems. Ine LebGuide 15Lab 1-1: Key Commands and Tools Used 16 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neHints You are encouraged to complete the labs using your knowledge. However, if you need help, this seetion contains a series of hints to help you complete the lab. Lab 1-4 Hint Sheet: New Hire Test Implementation Requirements To facilitate the configuration of your network, the Task 1 asks you to create an Implementation Requirements list. The list details the elements needed to develop an. implementation plan. The following is an example of such a list: Device | Implementation Requirements | Lab 1-1 Section Containing Hint List All Neighbor list and connected ports | show cdp neighborin Command List; ‘Pod Phy switches Ports Map" table atthe end ofthis Lab Guide Hostname Visual Objective Enable, line vty 015 password | Implementation Policy cisco" Log in on line viy 04 Implementation Policy VIAN 1 IP address Device information Gateway Device Information Idle timeout set to 0 Implementation Poli Log messages on the console, | Implementation Poli with a time stamp Current time in the class Implementation Policy No DNS lookup Implementation Pi Unused interfaces shutdown (© 2009 Cisco Systems. Ine LebGuide 17Implementation Plan In Task 2, you will create an implementation plan, There are several possible correct solutions. One possible approach groups items that are common to all switches in a template and then applies the template to all switches. You canthen configure each switch with items that are unique to each device, such as IP addresses or gateways. The common template could be named “Common_Template,” created in a text editor, copied and pasted as appropriate, and could contain the following item: enable password cisco no ip domain-lookup line con 0 exee-timeout 00 line vty 04 password ciseo logging synchronous login service timestamp log datetime An example of the implementation plan is shown in this table. Complete | Device | Implementation | Values and Items to Implement ‘Step Number Order v All 1 Paste Common_Template, 2 v Per 2 Configure hostname. 3 switch v Per 3 Configure VLAN 1 IP address. 3 switch v Per 4 Configure switch gateway. 3 switch v Per 5 Configure current time and date. 4 switch v Per 6 Verify neighbor ports. 5 switch q Per 7 ‘Shut down unused ports. 6 switch v Per 8 Verify connectivity to the gateway. 7 switch v Per 9 Verify configuration. 8 switch 18 __Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neVerification Plan Complete Values and Items to Implement Verification Method and Expected Results ‘Step Number q All Paste Common_Template Verifyenable password As this isthe fist line of the template, its correct value indicates that the first part of the script was pasted properly. Paste Common_Template Verity while pasting the template that no error is reported, Paste Common_Template 1no ip domain-lookup, Because this is the last line of the template, its success shows that the template was successfully implemented. You can verity no ip domain lookup by using show running-configor by entering a bogus command and ventying thatthe switch does not atiempt DNS. resolution, Configure Hostname Prompt should display the switch name. Configure VLAN 4 IP address ‘The show ip interface brief command should cisplay the Fight address, 10 Configure default gateway ‘The show running-config ‘command should show the gateway information, 1" Configure time and date ‘Show clock. 2 ‘Shut unused ports Use the show edp neighbors command to display neighbors and ports, and show running-config to verify that the other ports are shut. Verify connectivity Ping the default gateway, the ping should be successful ‘Asan extra verification, ping the other switches. should be successful (© 2009 Cisco Systems. Ine Lab Guide 19Step-by-Step Procedure Complete these steps: Step 1 Connect to the switch interface in configuration mode. Connect to the remote lab, Access the Switch console, m= Enter privilege mode, using the enable command. m= Enter configuration mode, using the configure terminal command, Step2 Paste the Common_Template file into the console Create a notepad text file named Common_template that contains thes m= enable password ciseo = no ip domain-lookup = line con 0 m= exee-timeout 00 m line vty 04 m= password ciseo m= logging synchronous = login service timestamp log datetime . no ip domain-lookup Paste the Common_Template file content into the console. Verify as you paste that no error message is reported. Step3 Configure the switch hostname and IP information, Use thes ASWI1: hostname ASW interface VLAN 1 address 10.1.1. exit p default-gateway 10.1.1.251 end ‘ommands, for example in switeh The information in italics is specific to switch ASW1. Use the “Device Information” table in the “Information Packet Materials” section tofind the relevant name and 1P information for each switch Step4 Configure the current time and date on the switch, Use the command elock set; for example: clock set 10:05:39 08 Aug 2009 20 Imolementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neStep 5 Verify neighbor and connecting ports using Cisco Discovery Protocol. For example: show cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S = Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device 1D Local Intréce __Holdtme Capability Platform Port 1D psw2 Fas 0/2 329 RSI WS-C2560- Fas 0/7 psa Fas 0/1 323 RSI WS-C2560- Fas 0/6 In this example, the local switch has two neighbors, switches DSW2 and DSW1. The local switch connects to switch DSW2 from interface f0/2, which links to switch DSW2 interface {0/7. The local switch connects to switch DSW1 from interface £0/1, which links to switeh DSW1 interface (0/6, Step 6 Shut down all ports except links to neighbors: configure terminal interface rang £0/1 - 24 shutdown interface £0/2 no shutdown interface £0/1 no shutdown end This example applies to switch ASW1. On each switch, use the show edp neighbor information command to determine which local interfaces are to remain enabied, Stop 7 Verify connectivity to the gateway: ping 10.1.1.251 type escape sequence to abort Sending 5, 100-byte ICMP Echos to 10.1.1.251, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ma Step 8 Verify enable password and hostname (using prompt): asWi#disable 2sWi>enable Password: cisco Astle Step9 Verify no ip domain-lookup at the last line of the template: getnethere Translating "getmethere" % Unknown compand or computer nane, or unable to find computer address Stop 10 Verify IP address: sh ip interface brie Interface IP-address OK? Method Status Protocol Vleat 10.2.2.2 YES manual up wp Step 11 Verify gateway: sh run | beg ip default ip default-gateway 10.1.1.251 Stop 12 Verify time: show clock 16:26:43.545 eastera Sat Jun 6 2009 (© 2009 Cisco Systems. Ine Lab Guide 21Lab 2-1: Design and Implement VLANs, Trunks, and EtherChannel Complete this lab activity to practice what you leamed in the related module. Activity Objective You were hired by NotaRoute Inc. to design andconfigure their branch office Layer 2 network Their network is not fully ready yet, but lateron they intend to implement several servers and additional routers. They know that some devices are supposed to be in VLANs and others in trunks, but this is where their knowledge ends. They provided you with a cabling plan and asked you to help them design and configure a typical solution for their network on a test lab, You need to configure the existing network equipment to use the devices once they are installed. Your configuration will be used by the customer as a configuration template as additional network equipment is purchased. When collecting information about their network infrastructure, you found that their requirements were all about link types, unk encapsulation, and EtherChannels. You realize that they have little understanding about more advanced options such as allowed VLANS, but that they expect you to guide them and to provide a documented, functional, and reasonably secured network. Afier completing this activity, you will be able to meet these objectives: Plan a segmented Layer 2 network implementation m Create a Layer 2 implementation and verification plan m= Implement a full Layer 2 solution including VLANs, trunks, pruning, VTP, and EtherChannel 2 Implementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neInformation Packet This packet contains the information needed to accomplish in this activity, and describes the requirements common to all devices in the network and the information specific to each device. Read the information carefully Implementation Policy This deployment builds on Lab 1-1, In other words, keep the configuration from Lab 1-1, and add the following requirements. Not all network equipment is installed, The network infrastructure has been installed but not the additional servers or the additional routers. Your configuration should include the configuration for the switch ports to these devices. A quick call to the local administrator identifies the following elements: m= FTP, Web servers, and additional routers are to be connected later. For example, you are asked to configure the first available port on switches ASW1 and ASW? for the FTP server, and the next available port forthe file server. For example, if the first four ports are already used after Lab 1-1, configure port $ for the FTP server and port 6 for the web server. Apply the same logic for the file servers and the additional routers on switches DSW1 and DSW2. On each switch, the file server will be on the frst available port and the additional router on the next available port m Several IP addresses are already configured on the Ethernet interfaces on each router (routers R1 and R2) to your pod, as they need to send traffic to several of your VLAN subnets. You do not need to configure the routers, The switches need to be configured completely, from VLAN database to link type. During the conversation, you mentioned VTP and its modes. The local administrator would like to try VTP, with the following restrictions: — _ Allswitches should be in transparent mode. — You should name the domain “cisca” — The administrator does not want the pruning feature of VTP to be enabled, and asks you to manually prune all unnecessary VLANS from the inter-switeh links, Using this information, your task is todesign the VLAN topology with some additional specifications: Although the network topology allows for extensive redundaney, redundancy is not to be used at this stage, Make sure to disable the links between switches ASW and DSW2, ASW? and DSW1, DSW] and CSW2, CSW1 and DSW2, CSW] and router R2, and CSW2 and router R1. In other words, the only connection between the upper part of the network (switches ASW1, DSW1, and CSW1) and the lower part ofthe network (switches ASW2, DSW2, and CSW2) transits through the link between switches CSW and CSW2. Use Cisco Discovery Protocol to determine the links between switches and shut down the ones that are not needed. (© 2009 Cisco Systems. Ine LebGuide 23m For efficiency, several physical connections exist between some of the switches. To simplify the network administration, group these physical links into logical links wherever possible. Where two 100-Mbis links are grouped, use an IEEE grouping protocol, and make sure that one end actively tries to negotiate the virtual link creation, while the other only responds to solicitations and does not actively try to create the link. Where four 100-Mb/s links are to be grouped, create the virtual link unconditionally without using any negotiation protocol, Use the description feature on each virtual link to reflect the device they connect. Also use the table in the “Device Information” section, = Client PC in VLAN 3 and client PC in VLAN 4 need to receive their IP address from routers RI and R2. RI and R2 are preconfigured Device Information The table provides the information specific to each switch in the network. This information is the same as in Lab 1-1: Device Name | Role IP Address Gateway | VLAN ASW Layer 2 access switch | 10.1.1.1/24 10.4.1.251 [4 ASW2 Layer 2 access switch | 10.1.1,2/24 10.4.1.252 [4 oswi Layer 3 switch 10.4.1.11/24 10.4.1.251 [4 Dsw2_ Layer 3 switch 10.1.1.22/24 10.4.1.252 [4 cswi Layer 3 switch 10.4.1.411124 10.4.1.251 [4 csw2_ Layer 3 switch 10.1.1.222124 10.1.1.252 | 1 Ri Router Fa0Q/0: 10.1.4.251/24 1 R2 Router Fa(/0: 10.1.4.252/24 1 The table below provides information about the devices connected or to be connected to the network. Use the space to document the port in your pod to which each device should connect per the above policy and the previous lab information: Device | Role Network. VLAN Physical Port in Your Lab Location cut Client station ‘ASWI PS 3 cLT2 Client station ‘ASW2 P3 4 NRt Router swt P7 Trunk NR2 Router Dsw2P7 Trunk WEB1 Web server ‘ASWI PS 1" WEB2 —_| Web server ‘ASW2 PS 12 FIP1 FTP server ASWI Pa 63 FIP2 FTP server ASW2 Pa 64 FILE’ File server Swi Pé 65 FILE2 File server Dsw2 P6 66 2 Implementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neSome links between switches should be bundled together. The following table shows all possible numbering conventions for these link bundles. Note that not alfof these numbers are needed. You should use Cisco Discovery Protocol to determine which links between switches can be bundled. Once you have determined which links must be bundled, use the following table to apply the right bundle number: Device Hf Used, Bundle Number Should Be: ASWt Asw2 10 ASWt swt 1" ASWt osw2 12 asw2 | ASWi 10 ASW2, swt 1 asw2 osw2 12 oswi Asi 1" oswi Asw2 12 oswi osw2 21 oswi cswi 34 oswi csw2 32 osw2 | aswi 1 osw2 | asw2 2 Dsw2 swt 24 osw2 [cswi 34 osw2 | csw2 32 cswi swt 31 cswi oswa 32 cswi cswa 33 csw2_ swt 31 cswa2_ Dsw2 32 csw2 | cswi 33 (© 2009 Cisco Systems. Ine LabGuide 25Visual Objective ‘The figure illustrates what you will accomplish in this activity. Visual Objective for Lab 2-1: Design and Implement VLANs, Trunks, and EtherChannel 26 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, IneCommand List The table describes the commands that are used in this activity. Configuration Commands ‘Command| Description terface fastethernet | bitethemet slovport Enters interface configuration mode for a Cisco Catalyst switch with a Fast Ethemet or Gigabt Ethemet interface installed terface range fastethernet | bitethernet slovstarting port ‘ending port Selects a range of interfaces to configure ‘name vian-name ther VLAN database or VLAN ‘Specifies a name for a VLAN for configuration mode, no interface vian vian-idtype Disables a VLAN interface. ‘show interface intorface-id switchport Displays the switch port configuration ofthe interface, show interface trunk Displays the trunk configuration of the interface. ‘show vian Displays VLAN information, ‘show vip status ‘Shows the VTP configuration shutdown/no shutdown ‘Shuts down or enables an interface. ‘switchport access vian vlan-id ‘Specifies the default VLAN, which is used ifthe interface stops trunking, ‘switchport mode access Puts the interface into permanent nontrunking mode and negotiates to convert the link into @ nontrunk link ‘switchport mode trunk Puts the interface into permanent trunking mode and negotiates to ‘convert the link into a trunk link, ‘switchport nonegotiate ‘Turns off DTP negotiation, ‘switchport trunk allowed vian remove vian-lst, Configures the list of VLANS allowed on the trunk. ‘switchport trunk encapsulation dottq ‘Specifies 802.1Q encapsulation on the trunk link. ‘switchport trunk encapsulation isl ‘Specifies ISL encapsulation on the trunk link interface intorface-id channel-group channel-group- number mode desirable Unconditionally enables Port Aggregation Protocol (PAgP). Desirable mode places an interlace into a negotiating state in which the interface initiates negotiations with other interfaces by sending PAg? packets, A channel is formed with another port {group in either the desirable or aulo mode. When desirable is enabled, silent operation is the default ‘show running-config interface interface-id Displays interface-speciic configuration information, vtp domain domain-name Sets the VTP domain name, vtp mode [client | server | transparent] Sets the VTP mode. (© 2009 Cisco Systems. Ine Lab Guide 27wre the job aids for this lab activity: Value Location Blank implementation requirements lst Task 4 Blank implementation and verification plan | Task 2 form Blank verification notes form Task 3 ‘Alternate resources and solutions form End ofthis lab Key commands and tools used form End of this lab Implementation requirements hints “Hints” section at the end of this lab Implementation and verification plan hints ‘Hints” section at the end of this lab Solution configuration answer key (step-by- step procedure) Configuration section at he end of this lab 8 Implementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neTask 1: Establish an Implementation Requirements List The first step in your configuration deploymentis to create a list of the items needed to configure each device (for example, allowed VLANs, VTP role, trunk encapsulation types, tc.). Use the following table, the lab Visual Objective, and the information in the Implementation Policy” and “Device Information” sections to create an Implementation Requirements list. Include the high-level implementation tasks needed for each device and how to obtain the information required for each task. If you are unsure, use the information provided in the “Hints” section at the end of this lab. Device | High-Level Task Inform: Source (© 2009 Cisco Systems. Ine LabGuide 28High-Level Task Information Source 30 __Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neTo help you decide on the VLAN implementation, use the following table to list the VLANs you will need and determine the devices on which they should be configured: VLAN Number VLAN Name Configure on Switches: (© 2009 Cisco Systems. Ine Lab Guide atTask 2: Create an Implementation and Verification Plan The second step in your configuration deployment is to create a task list that includes each item that must be configured on each device and in what order the items must be configured. The Implementation and Verification Plan is very important, because it enables you to ensure that all requirements are properly configured and in the correct order. The task will help you set up configuration checkpoints, Use the plan to determine how you will verify that each required item was effectively configured. You will move to the actual implementation in the next task. Use the following table and the information in the “Information Packet” section to create the Implementation and Verification Plan, If you are unsure, use the information provided in the “Hints” section at the end of this lab, Complete | Device | Implementation | Values and Items to Verification Method and v Order Implement Expected Results ‘32 Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neComplete Implementation Order Values and Items to Implement Verification Method and Expected Results (© 2009 Cisco Systems. Ine Lab Guide 38Complete Implementation Order Values and Items to Implement Verification Method and Expected Results Implementina Ci 20 Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neComplete Implementation Order Values and Items to Implement Verification Method and Expected Results (© 2009 Cisco Systems. Ine Lab Guide 35Task 3: Implement and Verify Now that you have all of the requirements and have planned the implementation, you are ready to connect to the remote lab. You can then implement your solution, Do not forget to save Once your solution is implemented, verify that your configuration is working and that it fulfills the requirements specified by the company. Keep in mind that once you leave the company, they will use your configuration as a white paper to implement their network. The company will apply your configuration, without modification, to connect any device of the same type as the one you configured for each port, Use the previous table to document the verifications you conducted to ensure that your solution is complete. If you are unsure about the verification steps, use the information provided in the “Hints” section at the end of this lab. 6 Implementing Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neStudent Notes Use the following space to document the details that you think are important to remember (© 2009 Cisco Systems. Ine LabGuide 3738 Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neAlternate Resources and Solutions Other groups may use a solution that is different from yours, Possible solutions will be discussed during the debriefing period after the lab. For your reference, use the following space to document other possible solutions. (© 2009 Cisco Systems. Ine LebGuide 3840 Imolementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neLab 2-1: Key Commands and Tools Used (© 2009 Cisco Systems. Ine LebGuide atHints You are encouraged to complete the labs using your knowledge. However, if you need help, this section contains a series of hints to help you complete the lab, Lab 2-1 Hint Sheet: Design and Implement VLANs, Trunks, and EtherChannel Implementation Requirements To facilitate the configuration of your network, Task 1 asks you to create an Implementation Requirements list. The list details the elements needed to develop an implementation plan, The following is an example of such a list: Device Implementation Requirements Lab 2-1 Section Containing Hint ASWt Part to client CLT1 in VLAN 3, Implementation Policy First available port in VLAN 63. Implementation Policy ‘Second available portin VLAN 11 Implementation Policy Link to switch DSW1 in trunk mode (verify EtherChannel} Implementation Policy , Device Information ‘Allow VLANs 1, 3, 14, and 63 on trunk Implementation Policy, Device Information Link to switch DSW2 in trunk mode (verify EtherChannel} Implementation Policy, Device Information Allow VLANs 1, 3, 11, and 63 on trunk, Implementation Policy, Device Information VIP transparent, domain “cisco,” password ‘cisoo.” Implementation Policy Configure and shut port(s) to switch ASW2. Implementation Policy ASW2 Port to client CLT2 in VLAN 4, Implementation Policy First available portin VLAN 64, Implementation Policy ‘Second available port in VLAN 12, Implementation Policy Link to switch DSW2 in trunk mode (verify EtherChannel), Implementation Policy, Device Information ‘Allow VLANs 1, 4, 12, and 64 on trunk. Implementation Policy, Device Information Link to switch DSW/1 in trunk mode (verify EtherChannel) Implementation Policy, Device Information ‘Allow VLAN 1, 4, 12, and 64 on trunk. Implementation Policy, Device Information VIP transparent, domai assword ‘cisoo.” Implementation Policy Configure and shut ports) to switch ASW1. Implementation Policy pswi VIP transparent domain “cisco,” password ‘cisco.” Implementation Policy First available port in VLAN 65. Implementation Policy ‘Second available port in trunk Implementation Policy 42 mplementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neDevice Implementation Requirements List Lab 2-1 Section Containing Hint VLANs 1,3, 4, 11, 12,63, 64, 65, and 66 allowed on trunk. Implementation Policy, Device Information Link to switch DSW2 in trunk mode (verify EtherChannel) Implementation Policy Information Device VLANs 1,3, 4, 11, 12,63, 64, 65, and 66 allowed on trunk. Implementation Policy, Device Information Configure and shut pori(s) to switch DSW2. Implementation Policy Link to switch ASW1 in trunk mode (verify Implementation Policy, Device EtherChannel), Information VLANs 1, 3, 17, and 63 allowed on trunk. Implementation Policy, Device Information Link to switch ASW?2 in trunk mode (verify EtherChannel), Implementation Policy, Device Information VLANs 1, 4, 12, and 64 allowed on trunk. Implementation Policy, Device Information Configure and shut pori(s) to switch ASW2. Implementation Policy Link to switch CSW1 in trunk mode (verify EtherChannel) Implementation Policy, Device Information VLANs 1,3, 4, 11, 12,63, 64, 65, and 66 allowed on trunk. Implementation Policy, Device Information Link to switch CSW2 in trunk mode (verify EtherChannel) Implementation Policy, Device Information VLANs 1,3, 4, 11, 12,63, 64, 65, and 66 allowed on trunk. Implementation Policy, Device Information Configure and shut port(s) to switch CSW2. Implementation Policy Link to switch DSW2 in trunk mode (verify EtherChannel) Implementation Policy, Device Information VLANs 1, 3, 4, 11, 12,63, 64, 65, and 66 allowed on trunk. Implementation Policy, Device Information Configure and shut pori(s) to switch DSW2. Implementation Policy Dsw2_ VIP transparent, domain “cisco,” password ‘cisoo.” Implementation Policy First available portin VLAN 66, Implementation Policy ‘Second available port in trunk Implementation Policy VLANs 1, 3, 4, 11, 12,63, 64, 65, and 68 allowed oon trunk. Implementation Policy, Device Information Link to switch DSW1 in trunk mode (verify EtherChannel), Implementation Policy, Device Information VLANs 4, 3, 4, 11, 12,63, 64, 65, and 68 allowed on trunk. Implementation Policy, Device Information Configure and shut ports) to switch DSW1 Implementation Policy Link to switch ASW1 in trunk made (verify EtherChannel) Implementation Policy, Device Information VLANs 3, 11, and 63 allowed on trunk. Implementation Policy, Device Information (© 2009 Cisco Systems. Ine Lab Guide 43Device Implementation Requirements List Lab 2-1 Section Containing Hint Link to switch ASW2 in trunk mode (verify EtherChannel) Implementation Policy, Device Information VLANs 1, 4, 12, and 64 allowed on trunk Implementation Policy, Device Information Configure and shut ports) to switch ASW2 Implementation Policy Link to switch CSW1 in trunk mode (verify EtherChannel), Implementation Policy, Device Information VLANs 1, 3, 4, 11, 12,63, 64, 65, and 68 allowed on trunk. Implementation Policy, Device Information Link to switch CSW?2 in trunk mode (verify EtherChannel) Implementation Policy, Device Information VLANs 1, 3, 4, 11, 12,63, 64, 65 and 66 allowed on trunk. Implementation Policy, Device Information Configure and shut port(s) to switch CSW2 Implementation Policy Link to switch DSW2 in trunk mode (verify EtherChannel), Implementation Policy, Device Information VLANs 1, 3, 4, 11, 12,63, 64, 65, and 68 allowed on trunk. Implementation Policy, Device Information Configure and shut port(s) to switch DSW2 Implementation Policy CSW1 | VIP transparent, domain “cisco, password Implementation Policy ‘is00.” Link to router R1 in trunk. Visual Objective VLANs 1, 3, 11, 63, and 65 allowed on trunk. Implementation Policy, Device Information Link to router R2 in trunk. Visual Objective VLANs 1, 4, 12, 64, and 66 allowed on trunk. Implementation Policy, Device Information Link to switch DSW2 in trunk mode (verify Implementation Policy, Device EtherChannel) Information VLANS 1, 3,4, 11, 12,63, 64, 65, and 66 allowed | Implementation Policy, Device on trunk Information Configure and shut por(s) to switch OSW2, Implementation Policy Link to switch DSW in trunk mode (verify Implementation Policy, Device EtherChannel) Information VLANs 1, 3,4, 11, 12,63, 64, 65, and 66 allowed | Implementation Policy, Device on trunk Information Link to switch CSW2 in trunk mode (verify Implementation Policy, Device EtherChannel) Information VLANs 1, 3, 4, 11, 12,63, 64, 65, and 66 allowed | Implementation Policy, Device on trunk Information Csw2 | VTP transparent, domain “cisco,” password Implementation Policy ‘cisoo.” Link to router Rt in trunk. Visual Objective VLANs 1, 3, 11, 63, and 65 allowed on trunk Implementation Policy, Device Information 44 Implementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neDevice Implementation Requirements List Link to router R2 in trunk. Lab 2-1 Section Containing Hint Visual Objective VLANs 1, 4, 12, 64, and 66 allowed on trunk Implementation Policy, Device Information Link to switch DSW1 in trunk mode (verify EtherChannel), Implementation Policy, Device Information VLANs 1, 3, 4, 11, 12,63, 64, 65, and 66 allowed on trunk. Implementation Policy, Device Information Configure and shut ports) to switch DSW1. Implementation Policy Link to switch DSW2 in trunk mode (verify EtherChannel), Implementation Policy, Device Information VLANs 1, 3, 4, 11, 12,63, 64, 65, and 68 allowed on trunk. Implementation Policy, Device Information Link to switch CSW1 in trunk mode (verify EtherChannel), Implementation Policy, Device Information VLANs 1, 3, 4, 11, 12,63, 64, 65, and 66 allowed on trunk. Implementation Policy, Device Information (© 2009 Cisco Systems. Ine Lab Guide 45Implementation and Verification Plan In Task 2, you will create an implementation and verification plan. There are several possible correct solutions. One possible approach groups items that are common to all switches in a template and then applies the template to all switches. You can then configure each switeh with items that are unique to each device, interface mode, or EtherChannel links. The common template could be named “Common_Template,” just like in the previous lab. For this lab, the template could contain the following items: = ytp mode transparent = vtp domain ciseo = vtp password cisco wm vlan 3,4,11,12,63-66 You can implement this template on switches CSW1, CSW2, DSW1, and DSW2. Switches ASWI and ASW? require specific VLAN configuration, so you may want to configure them manually. An example of the Implementation and Verification Plan follows Complete | Device | Impl Values and Items to Verification Method and Expected | Step y mentation | Implement Results Num- Order ber com [1 Paste Common_Template. 2 domain “cisco,” password “cisco") 2 Configure trunk link to R1, | show run interface to router Rt 4 allowed VLANs 1,3, 11, "| trunk, allowed VLANs 1, 3, 4, 11, 12, 63, 65, 63, 64, 65, and 66, show interface trunk 3 Configure trunk link to R2, | show run interface to router R2, 4 allowed VLANs 1,4, 12, "| trunk, allowed VLANs 1, 3, 4, 11, 12, 64, 66, 63, 64, 65, and 66, show interface trunk 4 (Verify if needed and) show etherchannel status active or | 5 configure EtherChannel to | on switch CSW2, on if4 links, LACP if links, 5 Configure irunk to switch | show run interface to switch CSW2, | 6 CSW2, allowed VLANs 1, | trunk, allowed VLANs 1, 3, 4, 11, 12, 3.4, 11, 12, 63, 64,65 and | 63, 64, 65, and 66, show interface 66, trunk 6 (Verify if needed and) show etherchannel status active or | 5 configure EtherChannel to | on switch DSW2 on if 4 links, LACP if links, 7 Configure trunk to switch | show run interface to switch DSW2, | & DSW2, allowed VLANs 1, _ | trunk allowed VLANs 1, 3, 4, 11, 12, 3,4, 11, 12, 63, 64, 65, and | 63, 64, 65, and 66, link shut, 66, Shut link down, 8 (Verify if needed and) show etherchannel status active or | 5 configure EtherChannel to | on switch DSW, on if 4 links, LACP if links. 6 Implementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neComplete Imple- | Values and Items to Verification Method and Expected | Step y mentation | implement Results Num- Order ber 8 Configure trunk to switch | show run interface to switch CSw2, | 7 DSWi, allowed VLANs 1, _ | trunk, alowed 1, 3,4, 11, 12, 63, 64, 3,4, 14, 12, 63, 64, 65, and | 65, and 66, show interface trunk 66. ceswa [4 Paste Common_Template, | show vip status (shows transparent, | 9 domain “cisco,” password ‘cisco") 2 Configure trunk link to R41, show run interface to router R1 9 allowed VLANs 1,3, 11, "| trunk, allowed VLANs 1, 3, 4, 11, 12, 63, and 65, 63, 64, 65, and 66, show interface trunk 3 Configure trunk link to R2, | show run interface to router R2, | 9 allowed VLANs 1,4, 12, | trunk, alowed VLANs 1, 3, 4, 11, 12, 64, and 66, 63, 64, 65, and 68, show interface trunk 4 (Verify ifneeded and) ‘show etherchannel status active or | 9 Configure EtherChannel to | on switch CSW1, on if 4 links, LACE it? links. 5 Configure trunk to switch 9 CSWi, allowed VLANs 1, _ | trunk, alowed VLANs 1, 3, 4, 1, 12, 3,4, 14, 12, 63, 64, 65, and | 63, 64, 65, and 66, show interface 66. trunk 6 (Verity ifneeded and) show etherchannel status active or | 9 Configure EtherChannel to | on switch DSW1, on if 4 links, LACE it? links. 7 ‘Configure trunk to switch 9 DSWi, allowed VLANs 1, _ | trunk allowed VLANs 1,3, 4,11, 12, 3,4, 14, 12, 63, 64, 65, and | 63, 64, 65, and 66 66, Shut fink down 8 (Verity ifneeded and) show etherchannel status active or | 9 Configure EtherChannel to | on. switch DSW2, on if 4 links, LACE it? links. 9 Configure rink to switch | show run interface fo switch CSW2, | 9 DSW2, allowed VLANs 1, _ | trunk, alowed 1, 3,4, 11, 12, 63, 64, 3,4, 11, 12, 63, 64, 65, and | 65, and 66, link shit. 66, Shut fink down oswt [1 Paste Common_Template, | show vip status (shows transparent, | 10 change VIP mode to domain “cisco,” password ‘cisco") server. 2 (Verify if needed and) show etherchannel status active or | 11/12 configure EtherChannel to | on switch CSW1, on if 4 links, LACP it? links. 3 Configure trunk to switch | show run interface to switch CSW1, | 14 CSWi, allowed VLANs 1, _ | trunk, alowed VLANs 1, 3, 4,11, 12, 3,4, 14, 12, 63, 64, 65, and | 63, 64, 65, and 66, show interface 66. trunk {© 2009 Cisco Systems. ne Lab Guide 47Complete | Device | Impl Values and Items to jon Method and Expected | Stop y mentation | implement Num- Order ber 4 (Verify if needed and) show etherchannel status active or | 11/12 configure EtherChannel to | on switch CSW2, on i 4 inks, LACE it? links. 5 Configure irunk to switch | show run interface to switch CSW2, | 15 CSW2, allowed VLANs 1, _ | trunk, alowed VLANs 1, 3, 4, 17, 12, 3,4, 11, 12, 63, 64, 65, and | 63, 64, 65, and 66, link shut 66, Shut fini down 6 (Verify f needed and) ‘show etherchannel status active or | 1/12 configure EtherChannel to | on switch DSW2, on if 4 links, LACP it? links. 7 Configure trunk to switch | show run interface to switch DSW2, | 13 DSW2, allowed VLANs 1, _ | trunk, alowed VLANs 1, 3, 4, 11, 12, 3,4, 11, 12, 63, 64, 65, and | 63, 64, 65, and 686, link shut 66, Shut fini down 8 (Verify f needed and) ‘show etherchannel status active or | 1/12 configure EtherChannel to | on switch ASW1, nif links, LACP it? links. 8 Configure trunk to switch | show run interface to switch ASW1, | 16 ASW, allowed VLANs 1, | trunk, alowed VLANs 1, 3, 11, 63, 3,14, 63, and 65. and 65, show interface trunk 10 (Verify if needed and) ‘show etherchannel status active or | 1/12 configure EtherChannel to | on switch ASW2, onif 4 links, LACP it? links. "1 Configure irunk to switch | show run interface to switch ASW1, | 16 ASW2, allowed VLANs 1, | trunk, alowed VLANs 1, 2, 12, 64 2,12, 64, and 66. and 66, show interface trunk 12 Configure fst available | First available portin access mode, | 18 port in access mode, VLAN | VLAN 65. 65. 8 Configure second available | Second available port in trunk, 19 port in trunk, allowed allowed VLANs 7, 3, 4, 11, 12, 63, 64 VLANs 1, 3.4.11, 12, 63, | 65, and 66, show interface trunk 64, 65, and 66. psw2 |4 Paste Common_Template, | show vip status (shows transparent, | 21 domain “cisco, 2 (Verity ifneeded and) show etherchannel status active or | 21 Configure EtherChannel to | on switch CSW2, on if 4 links, LACP it? links. 3 Configure irank to switch | show run interface to switch CSW2, | 24 CSW2, allowed VLANs 1, _ | trunk, alowed VLANS 1, 3, 4, 1, 12, 3,4, 14, 12, 63, 64, 65, and | 63, 64, 65, and 66, show interface 66. trunk 4% —__Imolementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neComplete Imple- | Values and Items to Verification Method and Expected | Step y mentation | Implement Results Num- Order ber 4 (Verify it needed and) show etherchannel status active or | 21 Configure EtherChannel to | on switch CSW1, on if links, LACP if2 links: 5 Configure trunk to switch | show run interface to switch CSW1, | 21 CSW, allowed VLANs 1, | trunk, allowed VLANs 1, 3, 4, 17, 12, 3,4, 11, 12, 63, 64, 65, and | 63, 64, 65, and 66, link shut, 66, Shut link down, 6 (Verity it needed and) ‘show etherchannel status active or | 21 Configure EtherChannel to | on switch DSW1, on if links, LACP if 2 links, 7 Configure trunk to switch | show run interface to switch DSW1, | 21 DSWi, allowed VLANs 1, | trunk, allowed VLANs 1, 3, 4, 11, 12, 3,4, 11, 12, 63, 64, 65, and | 63, 64, 65 and 66, lik shut 66, Shut link down, 8 (Verity it needed and) ‘show etherchannel status active or | 21 Configure EtherChannel to | on switch ASW2, on if 4 links, LACP if links, 9 Configure trunk to switch | show run interface to switch ASW1, | 21 ASW2, allowed VLANs 1, | trunk, allowed VLANs 1, 3, 11, 63 and 2, 12, 64, and 66. 65, show interface trunk 10 (Verity it needed and) ‘show etherchannel status active or | 21 Configure EtherChannel to | on switch ASW1, on if links, LACP if links, "1 Configure trunk to switch | show run interface to switch ASW1, | 21 ASW1, allowed VLANs 1, | trunk, allowed VLANs 1, 2, 12, 64, 3,11, 63, and 65. and 66, show interface trunk 12 Configure frst available | First available portin acoess mode, | 21 Poort in access mode, VLAN | VLAN 66. 66, 13 Configure second available | Second available port in trunk, 24 port in trunk, allowed allowed VLANs 1, 3, 4, 11, 12, 63, 64, VLANs 1, 3,4, 11, 12,63, | 65 and 66, show interface trunk’ 64, 65, and 66, aswt | 4 VIP mode transparent, | show vtp status, transparent, 22 domain “cisco,” password | domain “cisco,” password “cisco” ‘cisco.” 2 (Verify if needed and) ‘show etherchannel status active or | 23 configure EtherChannel to | on switch DSW1, on if 4 links, LACP if links, 3 Configure trunk to switch | show run interface to switch DSW1, | 24 DSWi, allowed VLANs 1, | trunk, allowed VLANs 1, 3, 11, 63, 3,11, 63, and 68. and 65, show interface trunk (© 2009 Cisco Systems. Ine LebGuide 49Complete | Device | Impl Values and Items to jon Method and Expected | Stop y mentation | Implement Num- Order ber 4 (Verify if needed and) show etherchannel statusactive or | 23 configure EtherChannel to | on switch DSW2, on if 4 links, LACP if 2 links, 5 Configure irunk to switch | show run interface to switch DSW2, | 24 DSW2, allowed VLANs 1, | trunk, allowed VLANs 1, 3, 11, 63, 3,11, 63, and 68. and 65, show interface trunk 6 Port to client CLT1 in VLAN | show run interface to client CLT1, | 25 3, ‘access VLAN 3 7 First available port in VLAN | show run interface to fist available | 26 3. port, access VLAN 63, 8 ‘Second available port in| show run interface to second a7 VLAN 11 available port, access VLAN 11 asw2 [4 VTP mode transparent, | show vip status, transparent, 28 domain “cisco,” password | domain “cisco,” password “cisco” cisco.” 2 (Verity it needed and) show etherchannel status active or | 29 Configure EtherChannel to | on switch DSW, on if 4 links, LACP if 2 links, 3 Configure trunk to switch | show run interface to switch DSW1, | 30 DSWi, allowed VLANs 1, | trunk, allowed VLANs 1, 2, 12, 64, 2, 12, 64, and 66. and 66, show interface trunk 4 (Verity it needed and) show etherchannel status active or | 29 configure EtherChannel to | on switch DSW2, on if 4 links, LACP if 2 links, 5 Configure trunk to switch | show run interface to switch DSW2, | 30 DSW2, allowed VLANs 1, | trunk, allowed VLANs 1, 2, 12, 64, 2, 12, 64, and 66. and 66, show interface trunk 6 Port to client CLT2 in VLAN | show run interface to client CLT2, | 31 4, access VLAN 4 7 First available port in VLAN | show run interface to first available | 32 66, rt, access VLAN 64, show interface trunk 8 ‘Second available port in| show run interface to second 33, VLAN 12 available port, access VLAN 12 50 __Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neStep-by-Step Procedure Complete these steps: Step 1 Connect to switch CSW1 in configuration mode, Connect to the remote lab Access the Switch console. m= Enter privilege mode, using the enable command. = Enter configuration mode, using the configure terminal command. Stop 2 Inject the Common_Template fie m Create a notepad text file named Common_template that contains these lines: — — vtp mode transparent — — vtp domain cisco — _ vtp password cisco — vlan 3,4,11,12,63-66 Paste the Common_Template file content into the console. im Verify as you paste that no error message is reported, Step 3 Use the show edp neighbor command to check the port to each neig Csiiiish edp ne Capability Codes: R - Router, T - Trans Br: S - Switch, H- Host, T - 10 Route Bridge water, P - Phone Device 1D Local Intréce Holdtme Capability Platform Port ID oat as RSI Ro-2601- Fas 0 o/aa as RSI Ro-2611- Fas 1 o/2 ua ST WS-C3560- Fas 0/2 oft ua ST WS-C3560- Fas 0/1 0/4 ua RSI — WS-C3560- Fas 0/4 0/3 ua RSI S60- Fas 0/3 0/10 a8 RSI €3560- Fas 0/20 o/s ne RST 560- Fas 0/9 oa ne RST S60- Fas 0/8 0/7 ne RST 560- Fas 0/7 Step 4 fh port to routers R1 and R2, enter (taking interface (0/11 as an example): interface £0/11 switchport trunk encapsulation ty fed vlan 1,3,4,12,12, 63,64, 65,66 Step Using the show edp neighbor information, determine if EtherChannel is to be configured on links to switches CSW2, DSW, and DSW2: Switch CSWI has 4 links to switch CSW2, and EtherChannel mode on should be used, Switch CSW1 has two links to switch DSW1 and two links to switch DSW2, EtherChannel mode LACP should be used. Switch CSW1 will be the active side, and switches DSWI and DSW2 will be the passive side. (© 2009 Cisco Systems. Ine LebGuide 51Stop6 Configure the link to switch CSW2, using the show edp neighbor information and the EtherChannel table from the “Information Packet” section of this lab: interface range £0/7 - 10 switchport trunk encapsulation dotiq ‘switchport mode trunk switchport trunk allowed vlan 1,3,4,11,12,63,64, 65,65 channel-group 33 mode on exit interface port-channel 33 switchport trunk encapsulation dotiq switchport mode trunk switchport trunk allowed vlan 1,3,4,11,12,63,64, 65,66 Stop7 Configure the link to switch DSW1, using the show edp neighbor information and the EtherChannel table from the “Information Packet” section of this lab: interface range £0/1 - 2 switchport trunk encapsulation dotiq ‘switchport mode trunk switchport trunk allowed vlan 1,3,4,11,12,63,64, 65,65 channel-group 31 mode active exit interface port-channel 31 switchport trunk encapsulation dotiq ‘switchport mode trunk switchport trunk allowed vlan 1,3,4,11,12,63,64,65, 65 Stop 8 Configure the link to switch DSW2, using the show edp neighbor information and the EtherChannel table from the “Information Packet” section of this lab: interface range £0/3 - 4 switchport trunk encapsulation dotiq ‘switchport mode trunk switchport trunk allowed vlan 1,3,4,11,12,63,64, 65,65 channel-group 32 mode active shutdown exit interface port-channel 32 switchport trunk encapsulation dotiq switchport mode trunk switchport trunk allowed vlan 1,3,4,11,12,63,64, 65,65 shutdown Step 9 Repeat Steps I to 8 on switch CSW2, shutting down the ports to switch DSW1 and leaving the ports to switch DSW2 enabled. Stop 10. Repeat Steps 1 and 2 on switch DSWI. Stop 11 Use the show edp neighbor information to discover neighbors: Dswifsh edp ne Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S = Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device 1D local Intrfce | Woldtne Capability, Platform, Pert. 1D aswi Fas 0/6 355 WS-C2950- Fas 0/2 Asa Fas 0/7 156 Sst Ws-C2950- Fas 0/2 psw2 Fas 0/5 330 R&I WS-C3560- Fas 0/5 cst Fas 0/4 128 RSI WS-C3560- Fas 0/4 esa Fas 0/3 327 RSI WS-C3560- Fas 0/3 csi Fas 0/2 163 RSI WS-C3560- Fas 0/2 cst Fas 0/1 163 RSI WS-C3560- Fas 0/2 52 __Implementina Cisco Switched Networks (SWITCH) vt 0 (@ 2009 Cisco Systems, IneStep 12 Using the show edp neighbor information, determine if EtheChannel should be configured on links to switches CSW2, DSW1, and DSW2: = Switch DSW1 has one link to switches ASW! and ASW2, one link to switch DSW2. EtherChannel should not be used @ DSWI has two links to switch CSW1 and two links to switch CSW2, EtherChannel mode LACP should be used. Switch DSW1 will be the passive side for links to switches CSW1 and CSW2. Stop 13. Configure the link to switch DSW2, using the show edp neighbor information: interface £0/5 switchport trunk encapsulation dotiq switchport mode trunk switchport trunk allowed vlan 1,3,4,11,12,63,64, 65,66 shutdown Stop 14 Configure the link to switch CSW1, using the show edp neighbor information and the EtherChannel table from the “Information Packet” section of this lab: interface range £0/1 - 2 switchport trunk encapsulation dotiq ‘switchport mode trunk switchport trunk allowed vlan 1,3,4,11,12,63,64, 65,65 channel-group 31 mode passive exit interface port-channel 31 switchport trunk encapsulation dotiq switchport mode trunk switchport trunk allowed vlan 1,3,4,11,12,63,64,65, 65 Stop 15 Configure the link to switch CSW2, using the show edp neighbor information and the EtherChannel table from the “Information Packet” section of this lab: interface range £0/3 - 4 switchport trunk encapsulation dotiq ‘switchport mode trunk switchport trunk allowed vlan 1,3,4,11,12,63,64, 65,65 channel-group 32 mode passive shutdown exit interface port-channel 32 switchport trunk encapsulation dotiq switchport mode trunk switchport trunk allowed vlan 1,3,4,11,12,63,64, 65,65 shutdown DSWi#sh etherchann L List Chi Group: 31 Group state = 13 Ports: 2. Maxports = 8 Port-channels: 1 Max Port-channels Protocol: ~ Minimum Links: 0 32 Group state = 13 Ports: 2 Maxports = 8 Port-channels: 1 Max Port-channels Protocol: ~ Minimum Links: 0 (© 2009 Cisco Systems. Ine Lab Guide 53Step 16 Step 17 Step 18 Step 19 Step 20 Step 21 Step 22 Step 23 Step 24 Step 25 Step 26 Step 27 Configure the link to switch ASW1, using the show edp neighbor information: interface £0/6 switchport trunk encapsulation dotiq switenport mode trunk switchport trunk allowed vlan 1,3,12,63, 65 Configure the link to switeh ASW2, using the show edp neighbor information: interface £0/7 switchport trunk encapsulation dotiq ‘switchport mode trunk switchport trunk allowed vlan 1,4,12,64,66 Configure the link to the file server: Interface £0/8 Switchport mode access Switehport access vlan 65 Configure the link to the new router: Interface £0/9 switchport trunk encapsulation dotlq switchport mode trunk switchport trunk allowed vlan 1,3,4,11,12,63,64,65,66 Repeat Steps 1 and 2, then Steps 11 to 19 0n switch DSW2, leaving links to switch CSW2 enabled and links to switeh CSW1 shut down, On the EtherChannel link to switch DSWI, switch DSW? is the passive side. The file server is in VLAN 66. On switch ASW, configure the VTP mode. vtp domain cisco Vep mode client Vetp password cisco Show vtp status VIP Version running VIP1 (VIP2 capable) Configuration Revision ro Maximom VLANs supported locally : 1005 Munber of existing VIANs 7 VIP Operating Mode : Transparent VIP Domain Nane cisco VIP Pruning Mode Disabled VIP v2 Mode Disabled VIP Traps Generation + Disabled MD digest OXDE 0X85 0X25 OXED OXS6 0X50 OXDE Ox3E Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 Repeat Step 11 to discover neighbors. Use the Step 16 model to configure links to switches DSW1 and DSW2. Configure the link to client CLT1: Interface £0/3 Switchport mode access Switehport access vlan 3 Configure the link to the FTP server: Interface £0/4 Switchport mode access Switehport access vlan 11 Configure the link to the web server: Interface £0/5 Switchport mode access Switehport access vlan 63 Repeat Steps 1 and 2 on switch ASW2. ‘54 Implementina Cisco Switched Networks (SWITCH) v1.0 (@ 2009 Cisco Systems, IneStep 28 Step 29 Step 30 Step 31 Step 32, Repeat Step 11 to discover neighbors. Use the Step 16 model to configure links to switches DSW and DSW2 Configure the link to client CLT2: Interface £0/3 Switchport mode access Switenport access vlan 4 Configure the link to the FTP server: Interface £0/4 Switchport mode access wt access vlan 12 Configure the link to the web server: Interface £0/' Switchport moe Switehport access vlan 64 (© 2009 Cisco Systems. Ine Lab Guide 55Lab 2-2: Troubleshoot Common VLAN Configuration and Security Issues Complete this lab activity to practice what you leamed in the related module. Activity Objective There are many issues that canoccur when VLANs and trunks are not properly configured, Everything worked well in the network you configured in the previous lab. Proud of your achievements, you decided to take a week off, During that time, one of your team assistants, while preparing for his CCNA, filled in for you and took care of the network. He had to fac several issues, and tried to improve your configuration on a few points, Unfortunately, it seems: that the improvements somehow affected Layer 2 connectivity in your network. In other words, when you came back, three troubleshooting tickets were waiting for you on your desk. You need to fix the network quickly using the tools you leamed in this module. Afier completing this activity, you will be able to meet these objectives: Diagnose and resolve Layer 2 connectivity problems Diagnose and resolve VLAN and EtherChannel-related problems Document troubleshooting progress, configuration changes, and problem resolution Visual Objective The figure illustrates what you will accomplish in this activity. Visual Objective for Lab 2-2: Troubleshoot Common VLAN Configuration and Security Issues 56 Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neCommand List The table describes the commands that you will use in this activity. Configuration Commands ‘Command, Description ‘configure terminal Enters global configuration mode, from privileged EXEC mode, enable password password Enters the privileged EXEC mode command interpreter, exit Exits the current mode. terface fastethernet | bitethemnet siovport Enters interface configuration mode for a Cisco Catalyst switch with a Fast Ethemet or Gigabt Ethemet interface installed terface range fastethernet | itethernet siovstarting_port ‘ending_port ‘Selects a range of interfaces to configure. ‘name vian-name ther VLAN database or VLAN ‘Specifies a name for a VLAN for configuration mode, no interface vian vian-idtype Disables a VLAN interface. ping p-addross ‘Sends an ICMP echo to the designated IP address, using the default settings of size and response window time. ‘show interface interface-id switchport Displays the switch port configuration ofthe interface, show interface trunk Displays the trunk configuration ofthe interface, show vian Displays VLAN information, ‘show vip status ‘Shows the VTP configuration shutdown/no shutdown ‘Shuts down or enables an interface. ‘switchport access vian vlan-id ‘Specifies the default VLAN, which is used ifthe interface stops trunking, switchport mode access Puts the interface into permanent nontrunking mode and negotiates to convert the link into a nontrunk link ‘switchport mode trunk Puts the interface into permanent trunking mode and negotiates to ‘convert the link into a trunk link, ‘switchport nonegotiate ‘Turns off DTP negotiation, ‘switchport trunk allowed vian remove vian-list Configures the list of VLANS allowed on the trunk. ‘switchport trunk encapsulation dottq, ‘Specifies 802.1Q encapsulation on the trunk link. ‘switchport trunk encapsulation isl ‘Specifies ISL encapsulation on the trunk link telnet ip-address ‘Star's a terminal emulation program from a PC, router, or switch that permits you to access network devices remotely over the network, (© 2009 Cisco Systems. Ine Lab Guide 87Description channel-group channel-group- number mode desirable show running-config interface interface-id ‘vtp domain domai Unconditionally enables PAgP. Desirable mode places an interface into a negotiating siatein which the interface initiates egotiations with other interfac 1g PAQP packets. A ‘channel is formed with another port group in either the desirable Cf auto mode. When desirable is enabled, silent operation is the default, Displays interface-specific configuration information Seis the VTP domainname in ether the VLAN database or configuration mode, vtp mode [client | server | transparent] Job Aids Thes m= Trouble Tickets m= Troubleshooting Log Sets the VIP mode. job aids are available to help you complete the lab activity 58 Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neTrouble Ticket A: Switch Replacement Has Failed Late on Friday afternoon, the access switch ASW1 failed and your assistant quickly concluded that the power supply had failed and that the switch needed to be replaced. Luckily, your team siill had a similar switch on the shelf and your assistant rushed to the site to replace it When you returned to work and asked your assistant how things went while you were gone, your assistant tells you that all efforts to restore service failed. Your assistant asks you for help. When you ask your assistant to describe the exact problem, you are told that “it simply does not work.” Your assistant first thought the issue was a result of his configuration on switch ASW, but then tried to verify and improve the other switches on the path and is not sure anymore, A user on PC Client 1 has already started to complain that attempts to access to the network have failed and that the problem must be fixed today. Your task is to diagnose the issues and restore switch ASW as a fully functional access switeh on the network. Trouble Ticket B: VLAN 66 Access Problem Your assistant also reports a call on Thursday evening from the File2 Server administrator. A. backup File2 server was installed beyond the switch CSW2 and no devices in the network seem to be able to reach VLAN 66 anymore. The File2 Server team first thought of a hacker attack and removed the File2 server from the network for forensic analysis. The server seems to be operational. The File2 Server team then decided to try to ping from the router R1 interface in VLAN 66 to the router R2 interface in VLAN 66. The ping failed. The team is convinced that your assistant broke connectivity for this VLAN and asks you to fix the issue immediately, Each lost minute is extremely expensive. Your task is to identify the misconfigured item and solve the issue to recover connectivity between the router RI interface in VLAN 66 tothe router R2 interface in VLAN 66. The router RI VLAN 66 IP address is 10.1.66.251, and the router R2 VLAN 66 IP address is 10.1,66.252. Trouble Ticket C: Gateway Unreachable Your assistant seems to have a number of problems on this Monday morning. Your assistant complains that hours have already been spent trying to help PC Client 2, who could not reach his gateway, router R2, anymore. Your assistant is convinced that PC Client 2 broke the PC configuration and does not believe that the issue has anything to do with the minor improvements that your assistant made in the network configuration, Although you trust your assistant, the fact that the issue started as soon as your assistant started improving the configuration makes you wonder whether there is a configuration issue somewhere on one switch. The fact that your assistant is reluctant to tell you exactly what improvements were made when the failure occurred clearly contributes to your doubts. Your task is to ensure that PC Client 2 can ping router R2. (© 2009 Cisco Systems. Ine LebGuide 98Instructions As you can see from the troubleshooting tickets, this troubleshooting lab includes three types of issues: @ = Trouble Ticket A involves communication issues between switch ASW! and router R1, and therefore originates in the upper part of the client network. m= Trouble Ticket C involves communication issues between client CLT2 and router R2, and therefore originates in the lower part of the client network. m= Trouble Ticket B involves communication issues between the upper and the lower parts of the client network Together with your team members, createa troubleshooting plan to divide the work, assign each team member appropriate roles, and coordinate device access among the team members. A. logical way of organizing the workload could be to assign the upper section of the pod (client CLTI-switch ASW1-switeh DSW1-switch CSW1-router R1) to one team and the lower part of the pod (client CLT2, switches ASW2, DSW2, and CSW2) o a second team. Issues affecting the upper part of the lab could be solved by the first team. Issues affecting the lower part of the lab could be solved by the second team. The teams will have to work together to resolve issues affecting both the upper and lower section. This isan example of a possible organization of the teams, Whichever organizational model you choose, assign the primary responsibility for each of the devices to a team member. The team member who has primary responsibility for a device is in control of the console of that device and changes to the device. This means that no other ‘team member should access the console, make changes to the device, or execute unauthorized actions, such as reloading or debugging, without permission from the controlling team member All team members can access all devices via Telnet or SSH for nondistuptive diagnostic action, without the need for permission from the controlling member. Responsibilities can be reassigned during later labs if necessary. Once roles have been assigned, work together on Trouble Tickets A, B, and C to resolve the Document your progress in the “Troubleshooting Log” provided below in order to help facilitate efficient communication within the team and to have an overview of your troubleshooting process for reference during the lab debriefing discussions, The instructor will provide you with directions to prepare the lab equipment for this lab. After the instructor indicates that the lab is fully prepared, you are ready to start troubleshooting, cy Implementing Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neTroubleshooting Log Use this log to document your actions and results during the troubleshooting process Trouble | Actions and Results Ticket (© 2009 Cisco Systems. Ine Lab Guide 6tTrouble | Actions and Results Ticket 62 __Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neTrouble | Actions and Results Ticket (© 2009 Cisco Systems. Ine LebGuide 63Trouble | Actions and Results Ticket Implementing Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neActivity Verification You have completed this lab when you attain the results below Trouble Ticket A: o o o Client PCs that are connected to switch ASW! can acquire an IP address via DHCP. Client PCs that are connected to switch ASW1 can ping the gateway router RI You have documented your process, your solution, and any changes that you have made to the device configurations. Trouble Ticket B: o You can complete an extended ping from the router RI interface in VLAN 66 to the router R2 interface in VLAN 66. Switch CSW2 in VLAN 66 can be reached through all trunks. Switch CSW2 interfa You have documented your process, your solution, and any changes that you have made to the device configurations. in VLAN 6 are properly configured Trouble Ticket C: o o o Client PCs that are connected to switch ASW2 can acquire an IP address via DHCP, Client PCs that are connected to switch ASW2 can ping the gateway router R2. You have documented your process, your solution, and any changes that you have made to the device configurations. (© 2009 Cisco Systems. Ine LebGuide 65,Trouble Ticket A: Sample Troubleshooting Flow The following pages illustrate an example of a method that you could follow to diagnose and resolve Trouble Ticket A. Confirm or Deny Layer 3 Connectivity The switch ASW1 management interface is in VLAN 1; Client CLT1 is in VLAN 3. Catisplag 1013 25t Pinging 10.1.3.251 with 22 nytes of data, Ping statistics for 10.1.3.251 te: Seat + 4, Received + 0, Lost « 4 (1008 tots), JAswufping 10.2.2.252 Sending 5, 100-byte IOMP keno to 10.1.1.251, timeout Le 2 seconde: Succete cate ie 100 percent (5/5) Usually, you would start troubleshooting the Layer 2 connectivity between devices because you have discovered that there is no Layer 3 connedivity between two adjacent Layer 2 hosts, such as two hosts in the same VLAN or a host and its default gateway. Typical symptoms that could lead you to start examining Layer 2 connectivity would be: = Failing pings between adjacent devices. (Keep inmind, though, that this may also be caused by a host-based firewall that is blocking pings). 1m Successful pings between hosts in another Layer 2 domain but sharing the same physical path, such as hosts in another VLAN on the same link Client CLT1 is in VLAN 3 and obtains its IP address from router R1, acting as a DHCP server. A ping to router RI interface in VLAN 3 from the client CLT1 command prompt interface fails. Switch ASW is in VLAN 1. Pings from switch ASW! to the router R1 interface in VLAN 1 succeed. This output shows that there is a physical path—Layer 2 and Layer 3 connectivity between switch ASW1 and router RI You can identify the issue as ether a physical connectivity issue between switch ASW! and client CLTI or a VLAN issue {66 __Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neKey Clue: Switch ASW1 VLAN Configuration Tewiten view active a0/2, Fa0/4, Fa0/S 30/6, 40/7, 90/8, ¥a0/8, ¥a0/10 va0/12, va0/it, ¥90/18, 20/23 na vamoou. active Pa0/3 3002 feai-detandt ace/sneup Once you have determined that the problem is most likely a Layer 2 or Layer I problem, you will want to reduce the scope of the potential failures. You can diagnose Layer 2 problems with this common troubleshooting method: m Verify Layer | and Layer 2 connectivity. If Layer 1 connectivity is broken, the interfaces should be down. If Layer 1 connectivity is established but Layer 2 connectivity is broken, a useful tool is Cisco Discovery Protocol. Unless Cisco Discovery Protocol is disabled, you should be able to use it to verify all device adjacencies = Determine the Layer 2 path, Based on documentation, baselines, and knowledge of your network in general, the next step is to determine the path that you would expect frames to follow between the affected hosts. Determining the expected iraffic path beforehand will help you in two ways: It will give you a starting point for gathering information about what is aciually happening on the network, and it will make it easier to spot abnormal behavior. The second step in determining the Layer 2 path is to follow the expected path and verify thatthe links on the expected path are actually up and forwarding traffic, If the actual traffic path is different from your expected path, this step may give you clues about the particular links or protocols that are failing and the cause of these failures. In this case, Layer 2 connectivity might be involved as the VLAN database on switch ASW1 does not show VLAN 3, Ifthe VLAN does not exist, client CLT1 cannot communicate with its gateway in VLAN 3. You can create VLAN 3 on switch ASW1 from the global configuration mode. (© 2009 Cisco Systems. Ine LebGuide 67Key Clue: Switch ASW1 Port Configuration Client CLT1 is supposed to be in VLAN 3. Bhow Funsiag-coafig daterface 0/3 interface Pasttthernst0/2 Geseripticn to Cutt Contig teraina: rat 20/3 Access VIAM doce not exist, Ceeating vian 2 Another key piece of information comes from the previous page, which displays information about VLAN 11. Iti said to be active on interface 0/3, which is the interface to which client CLTI connects. Verifying the f0/3 interface configuration shows that itis set to access mode, but in VLAN 11 You can change it to VLAN 3. If VLAN 3 has not been created before, the 2960 platform creates the VLAN automatically as soon as a port is attached to that VLAN. Trying to ping router R1 from client CLT! at this stage would stil fail. You need to examine the issue a little bit further. cy Implementing Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neKey Clue: Switch ASW1 to Switch DSW1 Trunk Configuration SRI show nim ae FO/T carseat configuration : 164 bytes interface rastethernst0/t Joc tenpore trunk encapsulation dota suitenport goge Coun exe [ent aoraa ta Jcurseat configuration + 164 bytes interface rastethernst0/é ovitenport aose access ovitenport access vian 55 exe The next logical step could be to verify thepath from switch ASW1 to switch DSW1. A useful tool to verify neighbor information is Cisco Discovery Protocol. If switch ASW1 does not recognize switch DSW1 with Cisco Discovery Protocol, then you should suspect a Layer 1 issue might be the cause: ASW1#Show cdp neighbors Capability Codes: R - Router, T - Trans Br: S - Switch, H- Host, T - 10 Device 1D Local Intréce Holdtme Capability Platform Port 1D peat Fa 0/1 174 TI cA 3550 Fa 0/6 Switch DSW1 is recognized, at least by Cisco Discovery Protocol. Switch ASWI port {0/1 connects to switch DSW1 port {0/6 in this example. Cisco Discovery Protocol is an independent Layer 2 protocol that may recognize neighboring devices even if the link configuration is partly incorrect. The next step could be to verify the switch ASW1-DSW1 link configuration. This link is supposed to be a trunk. The trunk configuration is correct on switch ASW! as shown above. If you are managing switch ASW, itis time to inform your team that the issue might also be on switch DSWI, and verify the switch DSW1 link to switch ASWL As shown above, the port configuration on switch DSW1 is incorrect, It is set to access mode in VLAN 65. VLAN 3 information coming from switch ASW1 cannot be received in this mode. The interface command switehport mode trunk allows you to change the mode back to trunk. On Client 1, try to renew the IP address, which is to be assigned from router R1. The IP address renews successfully, thus proving Layer 2 connectivity between Client | and router RI. You have resolved the trouble ticket. (© 2009 Cisco Systems. Ine LebGuide 69Alternate Resources and Solutions Other groups may use a solution that is different from yours. Possible solutions will be discussed during the debriefing period after the lab. For your reference, use the following space to document other possible solutions. 70 Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, ne(© 2009 Cisco Systems. Ine LebGuide 71Trouble Ticket B: Sample Troubleshooting Flow The following pages illustrate an example of a method that you could follow to diagnose and resolve Trouble Ticket B. a Connectivity Verification: Router R1 to Router R2 in VLAN 66 Tip The first test can be to ping router R2 from the router R1 interface in VLAN 66. As reported on the troubleshooting ticket, the ping is unsuccessful. This issue could be as a result of IP addressing problems on routers R1 or R2 as wall as Layer 2 configuration problems. If you approach this problem as a Layer 2 issue, you might begin by looking at the configurations on switch CSW1 or switch CSW2. 72 Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neKey Clue: Switch CSW2 Links to Switch csw1 interface Fastathernet0/7 ewitehport trunk encapavlation dotig switchport mode trunk shutdown channel-group 33 mode on 1 interface Fastetherneto/8 ewitehport trunk encapsulation dotig switchport mode trunk shutdown channel-group 33 mode on ohn A logical step is to verify the switch CSW1 to switch CSW2? link configuration, along with the switch CSW1 to router RI and switch CSW2 to router R2 configurations On switch CSW1, the link to router R1 is supposed to be a trunk: Show run int £0 Building configuration current configuration : 95 bytes interface FastEthernet0/1 switchport trunk encapsulation dotiq switchport mode trunk end DSWiveh int £0/12 FastBthernet0/11 is up, line p / ‘The link to R1 is configured properly, and connected. ‘The next step could be to verify if VIAN 66 ie known on CSW: cswi#sh vlan ocol is up (connected) VIAN Name Status Porte fn 66 vianoass active / VLAN 66 is known, at least on switch CSW1. The same verifications could be conducted on switch CSW2, verifying the trunk link to router R2 along with the switch CSW2 VLAN database. The configuration should be valid, as it is on switch CSW1 (© 2009 Cisco Systems. Ine LebGuide 73Ina step-by-step approach, you could verily the link between switches CSW1 and CSW2: CSWiishow etherchannel 33 port-ch Port-channels in the group: Port-channel: Po33 (Primary Aggregator] Age of the Port-channel = od:00h:4sm:078 Logical slot/port = 2/24 Number of ports = 0 HotStandBy port = null Port state = Port-channel Ag-Not-Tnuse Protocol. = LACE. ‘The EtherChannel link is not in use. It shows LACP instead of “on.” You ean confirm this point by checking the physical connections: show van interface FastEthernet0/7 ‘switchport trunk encapsulation dotiq switchport mode trunk channel-group 33 mode passive interface FastEthernet0/a ‘switchport trunk encapsulation dotiq switchport mode trunk channel-group 33 mode passive interface FastEthernet0/9 ‘switchport trunk encapsulation dotiq switchport mode trunk channel-group 33 mode passive interface FastBtherneto/10 ‘switchport trunk encapsulation dotiq switchport mode trunk channel-group 33 mode passive ‘They are obviously in an incorreet mode. The other end (switch CSW2) is still in On mode, passive mode on switch CSW1 will not create an EtherChannel. You decide to correct this as follows: csiiteont Enter configuration commends, one per line. kad with CNTL/2. CsW1 (config)#int ran £0/7 - 10 CSi1 (conf ig-if-range) ino channel-gr 33 no pas CSW1 (config-if-range) fchannel-gr 33 mo on CSW1 (config-if-range) fend ‘You then may want to try again to ping routerR2 from the router R1 interface in VLAN 66, but the ping will still be unsuccessful. There is more than one issue to solve for this ticket. 74 Implement Cisco Switched Networks (SWITCH) v1.0 (@ 2009 Cisco Systems, IneKey Clue: Switch CSW2 EtherChannel to Switch CSW1 [GSN2¥ show ron int po 35 Jinterface Port-channel33 ewitchport trunk encapsulation dotig switchport trunk allowed vian 1-65,67-4094 switchport mode trunk. /. You may then shifi your attention to switch CSW2 and verify its connection to switch CSW1 The EtherChannel link does not seem to be operational on this side either. Verifying the port configurations show that they are in shutdown state, Once enabled, a verification of the port channel for these ports shows that the link is up. csii2itshow etherchannel 33 port-channel Port-channel: 2033 = 04:00h:00m:498 Logical slot/port = 2/24 Wunber of ports = 4 cc = 0x00000000 HotStandBy port = null Port state rt-channel Ag-Inuse Protocol - Ports in the Port-channel: Index Load Port EC state Wo of bits 000 Fa0/7.— oa ° 0 00 -FaD/B. oon. 0 0 00 Fap/9. oa, ° 0 00 Fap/10 oa. ° ‘Time since last port bundled: 0d:00h:00m:17¢ —Fa0/9 Now that the ports are enabled, you may want to reattempt a ping from router Rl to router R2. The ping is still unsuccessful, There is still another part of the issue to solve. (© 2009 Cisco Systems. Ine LabGuide 75While verifying the switch CSW2 configuration, you may see that VLAN 66 is not allowed on the EtherChannel. You might have seen this issue at an earlier stage. It is shown here to isolate it from the shutdown issue. It is easy to correct: csw2#eoné & Enter configuration commands, one per line. End with CNTL/2. 38H (config) #int po 33 13874 (conf ig-if)#sw trun all via ad 66 138W4 (conf ig- if) #end Rifping Protocol [ip] Target 1P address: 10.1.66.252 Repeat count [5] Datagram size [100]: Timeout in seconds. [2]: Extended commands [n]: y Source address or interface: 10.1.66.251 Type of service [0]: Set DF bit in IP header? [no] Validate reply data? [no] : Data pattern [0xABCD] : Loose, Strict, Record, Timestamp, Verbose [none] Sweep range of sizes {n] ‘Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.66.252, timeout is 2 seconds: Packet sent with a source address of 10.1.66.251 Success rate is 100 percent (5/5) 7% Implementing Cisco Switched Networks (SWITCH) v1.0 (@ 2009 Cisco Systems, IneAlternate Resources and Solutions Other groups may use a solution that is different from yours, Possible solutions will be discussed during the debriefing period after the lab. For your reference, use the following space to document other possible solutions. (© 2009 Cisco Systems. Ine LebGuide 778 __Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neTrouble Ticket C: Sample Troubleshooting Flow The following pages illustrate an example ofa method that you could follow to diagnose and resolve Trouble Ticket C. Key Clue: Switch ASW2 Ports Configuration [aSWaWaR ron Int £075 Building configuration. . Current configuration : 82 bytes interface Pastathernet0/3 awitehport acce: ewitchport mode trunk end vlan 4 faswa¥ah eon Ine £0/2 Building configuration. . Current configuration : 82 bytes 1 interface Pastethernet0/1 awitchport ace: awitchport mode acce end vlan 4 A possible first step is to verify the switch ASW2 port to client CLT2 configuration. In this example, the port is £0/3. The port is in trunk mode. It should be in access mode in VLAN 4. You obviously correct this mistake as follows: RSW2HteonE © Enter configuration comands, one per line. End with CNTL/Z RSW (config) Hint £0/3 RsW2 (config-if) 4ow mo ac RSW2 (config-if) #end Because the switch ASW2 port configuration was incorrect, you may also want to verify the port configuration to switch DSW2. In this example, the por is {0/1. You notice this time that the por is in access mode, so you need to change it to trunk mod xswaiteonf & Enter configuration commands, one per line. End with CNTL/2. RSW2 (config) dint £0/1 ASN2 (conf ig-if) #ew mo trunk ASN2 (config-if) end fier you have made the changes, have you resolved the issue? Test the solution by trying to renew the client CLT2 IP address. If it fils, then there are other issues, (© 2009 Cisco Systems. Ine LabGuide 78Key Clue: Switch DSW2 Link to Switch ASW2 Dana¥ah ron Tat F076 Building configuration... Current configuration + 104 bytes 1 interface Fastetherneto/é switchport mode trunk shutdown end ewitenport trunk encapsulation dotq Now tum your attention to switch DSW2 and check its connection to switch ASW2. ed to re-enable it for communication to switch ASW2: has been shut down, so you ni DSN2#eonf & Enter configuration commands, one per Dsw2 (config) #int £0/6 DS#2 (conf ig-it) #no eh DSW (conf ig- it) Hend End with eNTL/z the port When renewing the client CLT2 IP address this time, CLT2 does obtain an IP address, but you notice that the IP address is on the wrong VLAN, Client CLT2 has an address in VLAN 1 instead of VLAN 4, 0 Implementing Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neKey Clue: Native VLAN DEWa¥eR Fun int po 37 Building configuration... lcurrent configuration : 125 bytes 1 Jinterface Port-channel32 ewitchport trunk encapsulation dotig switchport trunk native vlan 4 ewitchport mode trunk lend You have already checked the port configuration for client CLT2 on switch ASW2 and you know it is an access port in VLAN 4, The switch DSW and DSW2 port configurations show that the ports are in trunking mode and a possible cause might be a native VLAN problem. Checking the port configuration on switch DSW2 to switches CSW! and CSW2 verifies the problem as a native VLAN issue: DsW2#sh run int po 32 Building configuration. current configuration : 125 bytes interface Port-channel32 switchport trunk encapsulation dotiq switchport trunk native vlan 4 switchport mode trunk end DSW2#sh run int po 31 Building configuration Current configuration : 125 bytes ints end Both links are in native VLAN 4. As all the other links are in native VLAN 1, the DHCP request is forwarded untagged from switch DSW2 to switch CSW2 on VLAN 4, and switeh CSW? forwards it through its native VLAN 1 to router R2. channe131 ‘trunk encapsulation dotiq trunk native vlan 4 mode trunk Changing the native VLAN between switches DSW2 and CSW and between switches DSW2 and CSW? solves the problem. (© 2009 Cisco Systems. Ine LebGuide 81Alternate Resources and Solutions Other groups may use a solution that is different from yours. Possible solutions will be discussed during the debriefing period after the lab. For your reference, use the following space to document other possible solutions. 2 —__Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, ne(© 2009 Cisco Systems. Ine LebGuide 83Lab 2-2: Key Commands and Tools Used {4 —__Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neLab 2-3: Implement Private VLANs Complete this lab activity to practice what you learmed in the related module. Acti ity Objective As private VLANs were an interesting part of Module 2, you would like to experiment on this feature. The lab has two routers, each of them having a link to switehes CSWI and CSW2, and you think that it would be interesting to use them to experiment with the isolated VLAN Feature. Because you do not want to keep your routers isolated for the next labs, this feature will have to be removed when moving to Lab 3-1, So make sure that you saved before this optional task, and that you reboot the switches youuse for this task before moving to the next lab, After completing this activity, you will be able to meet these objectives: Plan a segmented private VLAN implementation m= Create a private VLAN implementation and verification plan m= Implement private VLANs Information Packet This section contains the information needed to accomplish in this activity, and describes the requirements common to all devices in the network, along with information specific to each device, Read this information carefully. Implementation Policy Make sure you have saved your configuration before moving to this step. As you do not want to Keep your routers isolated for the next labs, private VLANS will have to be removed when moving to Lab 3-1. Be sure to save before this optional task, and reboot the switches you use for this task before moving to next lab. For this task, use VLANs 501 and 51, and switch CSW1. Start by configuring switeh CSW1 to support VLANs 501 and 51. Connect to routers RI and R2, and create an interface for VLAN 51, Configure a static IP address for each router using the table below: Device Name _| Interface IP Address VLAN RI Fo0.s1 10.1.51.1/24 5 R2 Fort 10.1.51.2/24 51 Verify that the switch CSW! link to router R2is enabled and is in VLAN 51. Verify that the switch CSW1 trunk to router RI allows VLAN 51 Verify that both routers can pingeach other from their VLAN 51 interfac Once this point is verified, convert VLAN 51 to isolated, using VLAN 501 as the primary VLAN. If your configuration is successful, routers and R2 should not be able to ping each other anymore. You may want to use the “Hints” section at theend of this lab to verify the steps that are involved in this configuration, The end of this Lab Guide contains the solution for this task, Once your configuration is working, reboot switch CSW1 and routers R1 and R2 without saving the configuration, (© 2009 Cisco Systems. Ine LebGuide 85Visual Objective The figure illustrates what you will accomplish in this activity Visual Objective for Lab 2-3: Implement Private VLANs n/m 8 —_Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neCommand List The table describes the commands that are used in this activity. Configuration Commands ‘Command| Description terface fastethernet | bitethemet slovport Enters interface configuration mode for a Cisco Catalyst switch with a Fast Ethemet or Gigabt Ethemet interface installed terface range fastethernet | bitethemnet slovstarting_port ‘ending port Selects a range of interfaces to configure ‘name vian-name ‘Specifies a name for a VLAN for either VLAN database or VLAN configuration mode, no interface vian vian-idtype Disables a VLAN interface. private-vian association vian-list Specifies which secondary VLANsare associated with the primary VLAN. private-vian isolated Configures the current VLAN as an isolated VLAN, private-vian primary Configures the current VLAN as a primary VLAN, ‘show interface intorface-id switchport Displays the switch port configuration ofthe interface, show interface trunk Displays the trunk configuration ofthe interface, show vian Displays VLAN information, show vip status ‘Shows the VTP configuration shutdown/no shutdown ‘Shuts down or enables an interface. ‘switchport access vian vlan-id ‘Specifies the default VLAN, which is used ifthe interface stops trunking, ‘switchport mode access Puts the interface into permanent nontrunking mode and negotiates to convert the link into a nontrunk link ‘switchport mode trunk Puts the interface into permanent trunking mode and negotiates to convert the link into a trunk link. switchport nonegotiate ‘Turns off DTP negotiation, ‘switchport trunk allowed vian remove vian-lst, Configures the list of VLANS allowed on the trunk. ‘switchport trunk encapsulation dott ‘Specifies 802.1Q encapsulation on the trunk link. ‘switchport trunk encapsulation isl ‘Specifies ISL encapsulation on the trunk link interface intorface-id channel-group channel-qroup- number mode desirable Unconditionally enables Port Aggregation Protocol (PAgP). Desirable mode places an interface into a negotiating state in which the interface initiates negotiations with other interfaces by sending PAg? packets. A channels formed with another port, {group in either the desirable or auto mode. When desirable is enabled, silent operation is the defaut. ‘show running-config interface interface-id Displays interface-speciic configuration information, (© 2009 Cisco Systems. Ine Lab Guide 87wre the job aids for this lab activity: Value Location Blank implementation requirements lst Task 4 Blank implementation and verification plan | Task 2 form Blank verification notes form Task 3 ‘Alternate resources and solutions form End ofthis lab Implementation requirements hints “Hints” section at the end of this lab Implementation and verification plan hints ‘Hints” section at the end of this lab ‘Solution configuration answer key (step-by- step procedure) Configuration section atthe end ofthis lab 8 Implementin Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neTask 1: Establish an Implementation Requirements List The first step in your configuration deploymentis to create a list of the items needed to configure each device (for example, for example devices involved, role, etc.). Use the following table, the Visual Objective for this lab, and the information in the “Implementation Policy” and “Device Information” sections to create an Implementation Requirements list. Include the high-level implementation tasks needed for each device and how to obtain the information required for each task. If you are unsure, use the hints information provided at the end of this lab. De Source High-Level Task Inform: (© 2009 Cisco Systems. Ine LebGuide 89Task 2: Create an Implementation and Verification Plan The second step in your configuration deployment is to create a task list that includes each item that must be configured on each device and in what order the items must be configured. The Implementation and Verification Plan is very important, because it enables you to ensure that all requirements are properly configured and in the correct order. The task will help you set up configuration checkpoints, Use the plan to determine how you will verify that each required item was effectively configured. You will move to the actual implementation in the next task. Use the following table and the “Information Packet” section to create the Implementation and Verification Plan. If you are unsure, use the information provided in the “Hints” section at the end of this lab Complete | Device | Implementation | Values and Items to Verification Method and v Order Implement Expected Results {90 Implementina Cisco Switched Networks (SWITCH) v1.0 {© 2009 Gisco Svstems. IneComplete Implementation Order Values and Items to Implement Verification Method and Expected Results (© 2009 Cisco Systems. Ine Lab Guide otTask 3: Implement and Verify Now that you have all of the requirements and have planned the implementation, you are ready to connect to the remote lab and implement your solution, Do not forget to save. Once your solution is implemented, verify that your configuration is working and fulfills the requirements specified by the company. Keep in mind that once you leave the company, they will use your configuration asa white paper to implement their network. The company will apply your configuration, without modification, to connect any device of the same type as the one you configured for each port, Use the previous table to document the verifications you conducted to censure that your solution is complete, If you are unsure about the verification steps, use the information provided in the “Hints” section at the end of this lab. 2 Implementing Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neStudent Notes Use the following space to document the details that you think are important to remember (© 2009 Cisco Systems. Ine LabGuide 98Implementing Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neAlternate Resources and Solutions Other groups may use a solution that is different from yours, Possible solutions will be discussed during the debriefing period after the lab. For your reference, use the following space to document other possible solutions. (© 2009 Cisco Systems. Ine LabGuide 9596 _Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neLab 2-3: Key Commands and Tools Used (© 2009 Cisco Systems. Ine LebGuide 97Hints You are encouraged to complete the labs using your knowledge. However, if you need help, this section contains a series of hints to help you complete the lab, Lab 2-3 Hint Sheet: Implement Private VLANs Implementation Requirements To facilitate the configuration of your network, the first task asks you to i an Implementation Requirements list. The list detals the elements needed to develop an implementation plan. The following is an ample of such a list: Device | Implementation Requirements List Lab 2.3 Section Containing Hint CSW1_| Create VLAN 51 and 501 Implementation Policy Allow VLANs 51 and 501 on trunks to R1 Implementation Policy Set link to R2 to VLANSt Implementation Policy Set VLAN 501 as primary and 51 as isolated. Implementation Policy Rt] Configure sutniariace to switch CSW! in VLAN | Implementation Pokey R2__| Configure interface to switch CSW1 in VLANS1. | Implementation Policy Implementation and Verification Plan In Task 2, you will create an implementation plan, There are several possible correct solutions. An example of the Implementation and Verification Plan follows. Complete | Device | Imple- | Values and items to Implement _| Verification Method and_| Stop v mentation Expected Results Number Order cswt_|t Create VLAN 51 show vlan 1 2 Create VLAN 501. show vian 1 3 Allow VLAN 51 on the trunk link to R1. | show run interfacetoR1 | 2 4 Configure link to R2.as access mode, | show run interface to R2 | 3 VLAN 51. 8 ‘fer R1 and R2 links are configured | show private vian 7 successflly, set VLAN 51 to be isolated. 9 Sel VLAN 501 to be primary, mapped | show private vlan 7 to VLAN 51 RI 5 Configure subinterlace on nk to R1 to | show ip interface brief | 4 be 10.1.51.1/24. R2 (6 Configure link to CSWi to be show ip interface brief | 5 10.1.51.2124. 7 Ping R1 interface 10,1.51.1 Ping should succeed. | 6 10 Try to ping R1 interface 10.1.51.4 Ping should fail 8 cswi, [11 Reload without saving, ‘show run 9 Rt, RZ 38 _Implementna Cisco Swiched Networks (SWITCH) vt 0 1 2009 Cisco Svsems. neStep-by-Step Procedure Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Complete these steps: te VLANs 51 and 01 on switch CSW1: Connect to the remote lab. Access switch CSW1 console Enter privilege mode, using enable. Enter configuration mode, using configure terminal, ‘Create VLAN 51 using: vlan 51 Create VLAN 501, using: vlan 501 Allow VLAN 51 support on the trunk links to router RI: Interface £0/11 Switchport trunk allowed vlan ad Set switch CSW1 link to router R2 {0/1 to VLAN 51: Interface £0/12 Switchport mode access Switchport access vlan 51 No shutdown Configure R1 interface to be 10.1,51.1/24: Interface £0/0.51 Configure router R2 £0/1 interface to be 10,1.51.2/24: Interface £0/1 2 88 10.1.51.2 255.255.255.0 No sautéown Try to ping from router RI to router R2 or from router R2 to router R1; ping should be successful: R2#ping 10.1.51.1 ‘Type escape sequence to abort Sending 5, 100-byte ICMP Echo Success rate is 100 percent (5/5) Configure VLAN 501 and 51 to be primary and isolated, respectively, on all the involved switches to 10.1.51.1, timeout is 2 seconds vlan 502 rivate-vlan primary private-vlan association 51 vlan 51 name TestIsolated private-vlan isolated (© 2009 Cisco Systems. Ine LebGuide 99Step@ Try to ping from router RI to router R2 or from router R2 to router RI; ping should fail: Roping 10.2.52.1 ‘Type escape sequence to abort Sending 5, 100-byte ICMP Echos to 10.1.51.1, timeout is 2 seconds Suecees rate ie 0 percent (0/5) Step 9 Revert your configuration to a state prior to Step 4: reboot routers R1, R2, and switch CSW1 without saving the configuration 100 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neLab 3-1: Implement Multiple Spanning Tree Complete this lab activity to reinforce your understanding of Spanning Tree Protocol implementation, Activity Objective Congratulations! You were chatting about spanningtree with a friend at the cafeteria, and the head of the local university heard your conversation, She selected you to make a presentation about spanning tree, and to demonstrate on live equipment, in font of a large audience, how you would configure the various modes of spanning tree. You decide that preparing for this, presentation could be useful, and that you would use your pod to walk through the different steps involved and the various spanning tree modes In this activity, you will design and implement Multiple Spanning Tree Protocol (MSTP) in a Layer 2 topology. As you complete the design, you will connect to your remote lab to implement your solution. Afier completing this activity, you will be able to meet these objectives: Design a spanning tree Creat spanning tree implementation plan Implement a spanning tree according to an implementation plan, Creat spanning tree verification plan Verify the spanning tree according to the verification plan (© 2009 Cisco Systems. Ine Lab Guide 101Information Packet This section contains the information needed to accomplish in this activity, and describes the requirements common to all devices in the network, along with information specific to each device, Read this information carefully Implementation Policy You will observe and configure the functioning of Spanning Tree Protocol (STP) in your network. The following list details the preparation and configuration requirements for all switches in the company network. Your configuration must implement all these requirements: In the lab progression, you should observe the existing STP “random” state, and then convert your configuration to MSTP. = Before configuring and enabling spanning tree, verify that the EtherChannels configured in Lab 2-1 have been be configured property. Enable the EtherChannel links between switches CSW] and DSW2, between switches CSW2 and DSW1, between switches DSW1 and ASW2, and between switches DSW2 and ASW. A link must be configured between switch CSW/ and router R2; a link must also be configured between switch CSW2 and router R1, but only on the switch side. The routerside is already configured. Only the link between switeh DSW! and switch DSW2 should remain shut. m= Switch DSW1 is to be the primary root bridge for odd VLANs, and switch DSW2 is to be the primary root bridge for even VLANs. When instances are used, switch DSW1 is the root for instance 0 and 1, and switch DSW? is the root for instance 2. Instance | contains the odd VLANs, and instance 2 contains the even VLANs, One region is enough for your network, m= Forall VLANs for which switch DSW is the primary root, switch DSW2 must be the secondary root. Forall VLANS for which switch DSW2 is the primary root, switch DSW1 must be the secondary root tm The “Device Information” section describes the VLANs and corresponding roots. Device Information The table provides the Layer 3 reachability information specific to each switch in the network: Device Name | Role IP Address Gateway __| VLAN ASI Layer 2 access switch | 10.4.1.1/24 10.11.2561 | 1 ASW Layer 2 access switch | 10.4.1.2/24 10.1.1.252 | 4 Dswi Layer 3 switch 104.1.11124 soz [4 Dsw Layer 3 switch 10.1.1.22/24 10.1.1.252 | 4 cswi Layer 3 switch 10..4.41124 so1i2s1 | 4 cswe Layer 3 switch 10.4.1.222/24 10.1.1.252 | 4 Rt Router FaQ0: 10.4.4.254124 1 R2 Router FaQ/0: 10.4.4.252/24 1 102 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neLinks between switches should already be bundled together. The following able shows all possible numbering conventions for these link bundles. Note that not all ofthese numbers will be used: Device ink To Bundle Number Should B ASWt swt 1" ASWt osw2 12 ASW2, swt "1 ASW2 Dsw2 2 oswi ASWi "1 oswi Asw2 12 pswi osw2 21 To remain shut down oswi cswi 34 swt csw2 32 osw2 | aswi 1 osw2 | asw2 2 Dsw2 swt 21 To remain shut down osw2 [cswi 31 osw2 | csw2 32 cswi oswi 31 cswi oswa 32 cswi ceswa 33 csw2_ swt 31 cswa_ Dsw2 32 csw2 | cswi 33 VLAN Information VLAN Root Backup Instance (When Needed) 1 Dsw1 Dsw2 Instance’ oswi Dsw2 Instance! 4 Dsw2_ swt Instance? 1 Dswi Dsw2 Instance’ 2 Dsw2_ swt Instance? 63 oswi Dsw2 Instance’ CG Dsw2_ swt Instance? 65 oswi Dsw2 Instance’ 66 Dsw2_ swt Instance? (© 2009 Cisco Systems. Ine Lab Guide 103Visual Objective The figure illustrates what you will accomplish in this activity Visual Objective for Lab 3-1: Implement Multiple Spanning Tree hene2 action eS Command List The table describes the commands that you will use in this activity, Command Description instance instance-id vlan vian- Maps VLANs to an MST instance. range For instance-i, the range is 0 to 4094 For vlan vian-range, the range is 1 to 4094. ‘name name ‘Specifies the configuration name. The name string has @ maximum length of 32 characters and is case sensitive, revision version Specifies the configuration rexision number. The range 65535. show pending ‘Shows your configuration by displaying the pending configuration, ‘show spanning-tree vian vian-id | Displays your entries show spanning-tree summary _| Displays your entries. ‘spanning-tree mode {pvst|mst | | Configures spanning tree mode. rapid-pvst} ‘a Select pvst to enable PVST+ (802.10, the default setting), ‘= Select mst to enable MSTP (and RSTP) ‘= Select rapid-pvst to enable rapid PVST#. ‘spanning-tree mst cor uration | Enters MST configuration mode, 104 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neJob Aids These are the job aids for this lab activity: Value Location Observe random STP state forms Task 1 Blank implementation requirements listfor | Task 2 MSTP Blank implementation and verification plan | Task 3 form for MSTP Blank student notes for MSTP. Task 4 Implementation requirement hints Hint Section Implementation hints Hint Section Verification hints Hint Section Solution configuration answer key Confeuaton section atthe end of he ab (© 2009 Cisco Systems. Ine Lab Guide 105Task 1: Observing STP Random State In the previous lal the control of path between switches was ensured by shutting down the unused ports. In this task, you will start by enabling all links between switches and between switches and routers, except the link betwe switches DSW1 and DSW2. Then, observe and document the random (default) state of the STP on Cisco switches, documenting root, secondary, and paths between switches. Use the following table to document the random STP. state in your pod VLAN Root ‘Secondary 7 3 4 1" 12 63. 64 65 66 106 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neSpanning tree calculation will occur the same way for all VLANs allowed on the same switches. Use the following table to determine, for each group of VLANS and from each switch in your network, which path is used to reach the root VLANs Switch Path to Root 1,3,11,63,65 | ASW1 ASW2 swt Dsw2 cst csw2 4,12, 64,66 | ASW1 ASW2 swt Dsw2 cswi csw2 (© 2009 Cisco Systems. Ine Lab Guide 107Task 2: Create an Implementation Requirements List for MST According to the multivendor policy at the university, a set of switches from another vendor may be implemented in the university network. To prevent compatibility issues, you decide to design and migrate the existing random STP configuration toward a multiple-instance STP solution. This model will save CPU cycles by preventing per-VLAN STP processing. To achieve this goal, you must mark the main requirements for the smooth migration to MST according to the constraints in the “Information Packet” section. You need to decide on the number of instances, the distribution of VLANs among instances, and the role of each switeh in this new architecture, You must list the main requirements; for example, switch DSW1 will be the primary root switch for instances 0 and 1 and the secondary root for instance 2. The opposite is true for switch DSW2; itis to be primary for instance 2 and secondary for instances Oand 1 Use the following table to report each switch role in the new architecture: Device _ | Device Role MSTP Instance VLANs 108 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neOnce the MST switch roles are clear in your mind, use the following table, the Visual Objective for this lab, and the “Implementation Policy” ind “Device Information” sections to create your implementation requirements list. If you are unsure, use the information in the “Hints” section al the end of this lab, Device igh-Lovel task | Information Source (© 2009 Cisco Systems. Ine Lab Guide 108Task 3: Create Implementation and Verification Plan Itis very important to establish a task list of the needed configurations and the possible verifications for every configuration change. It must be a detailed step-by-step list. The order in which each change should be applied is critical because a suecessful implementation depends cn the order, With the help of this list you can define configuration checkpoints, The actual implementation will be conducted in the next task. Use the following table, the information from the “Information Packet” section, and the previous tasks to prepare your Implementation and Verification plan. If you are unsure, use the information in the “Hints” section at the end of this lab. Complete | Device | Implementation | Values and Items to Verification Method and y Order Implement Expected Results 110 ITCH vi 0 (© 2009 Cisco Systems, ne Imolementina Cisco Switched Networks (SMComplete Implementation Order Values and Items to Implement Verification Method and Expected Results (© 2009 Cisco Systems. Ine Lab Guide iComplete Implementation y Order Values and Items to Implement Verification Method and Expected Results 12 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neComplete Implementation Order Values and Items to Implement Verification Method and Expected Results (© 2009 Cisco Systems. Ine Lab Guide 118Task 4: Implement and Verify Now that you have all of the requirements and have planned the implementation, you are ready to connect to the remote lab and implement your solution, Do not forget to save. Once your solution is implemented, verify that your configuration is working and fulfills the requirements specified in the “Information Packet” section . Use the previous table to document the verifications you conducted to ensure that your solution is complete. If you are unsure about the verification steps, use the information in the “Hints” section at the end of this lab. 114 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neStudent Notes Use the following space to document the details that you think are important to remember (© 2009 Cisco Systems. Ine LebGuide 115116 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neAlternate Resources and Solutions Other groups may use a solution that is different from yours, Possible solutions will be discussed during the debriefing period after the lab. For your reference, use the following space to document other possible solutions. (© 2009 Cisco Systems. Ine LebGuide 117118 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neLab 3-1: Key Commands and Tools Used (© 2009 Cisco Systems. Ine LebGuide 119Hints You are encouraged to complete the labs using your knowledge. If you need a tip, this section contains a series of hints to help you complete the lab. Lab 3-1 Hint Sheet: Implement Multiple Spanning Tree Spanning Tree Random State Ina random state, STP could show the following configuration, The actual configuration in your pod may be different, as the random configuration depends on the actual physical switches that you are using VLAN Root ‘Secondary 1 cst osw2 3 cswi osw2 4 cswi osw2 1 cst Dsw2 12 cst Dsw2 63 cswi osw2 64 cswi osw2 65 cswi osw2 66 cswi osw2 Ifthe random state of spanning tree is the same as described in the above table, the path to root could be as follows VLAN Switch Path to Root 1,3, 11,63,65 | ASW1 Fait ASW2 Fa0i2 Dswi Po3t Dsw2 P032 cswi NA csw2 P033 4,12, 64,668 | ASW1 Fao ASW2 Fa0i2 Dswi Po3t Dsw2 P032 cswi NA csw2 P033 120 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neStep-by-Step Procedure Step 1 Step 2 Step 3 Step 4 Complete these steps: Connect to the DSW! switch inter in configuration mode. Connect to the remote lab, m Access the Switch console, m= Enter privilege mode, using the enable command. m= Enter configuration mode, using the configure terminal command, Enable previously shut ports: pswi (config) #interface range FastBthernet0/3 - 4 Sill (conf ig-if)# no shutdown Repeat the same process on switches DSW2, CSW1, and CSW2. Verify the spanning tree root status on all switches. For example, on switch DSW2: Dswaisho spanning-tree root Root Hello Max Fwd vlan Root 1D cost Time Age Dly Root Port vLaNoao2 24577 001£.2721.8680 32 2 20 15 Fa0/s ‘yLANo003 24579 001£.2721.9580 32°02 20 15 Fa0/s ‘vLaNooo4 24580 001£.2721.8500 0 2 20 15 VLANOOLI 24587 001f.2721.8580 32° 2 20 15 Pa0/s viaNoo12 24588 001£.2721.8600 0 2 20 15 viaNoos3 24639 001f.2721.8580 32° 2 20 15 Pa0/s viaNoosa 24640 001£.2721.8600 0 2 20 15 viaNoo6s 24641 001f.2721.8580 32° 2 20 15 Pa0/s ‘VLANO0S6 24642 001£.2721.8600 0 2 2 15 Design an MST Solution for a Layer 2 Network The first task is to decide the role foreach device in “Information Packet” section are as follows: ch instance, Roles, as per the Device | Device Role MSTP Instance | VLANs swt Primary root | 0 Primary root 1 4, 3,11, 63, 65 ‘Secondary root 2 4,12, 64, 66 swe Primary root 2 4,12, 64, 66 Secondary root 0 ‘Secondary root 1 4,3, 11, 63, 65 (© 2009 Cisco Systems. Ine Lab Guide 121Implementation Requirements To facilitate the configuration of your network, the first task asks you to ere Implementation Requirements list. The list details the elements ni an ed to develop an implementation plan. The following is an example of such a list: Device | Implementation Requirements List | Lab 3-1 Section Containing Hint Distribution | MST configuration—region 1, Implementation Policy switches | instances 0,1, and 2 Distribution | Primary and secondary root bridges | Implementation Policy switches, Distribution | VLAN cistribution between the root | Implementation Policy switches | bridge switches All MST Implementation Policy switches All Verification Implementation Policy switches, 12 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neDevice High-Level Task Information Source swt MST configuration—region’, instance 1 Visual Objective, Information Packet MST configuration—region1, instance 2 Visual Objective, Information Packet 3 MST instance 1 assign odd VLANS— 11, 63, 65 Information Packet MST instance 2 assign even VLANs—4, 12, 64, 66 Information Packet MST primary root for instance 1 Information Packet MST secondary root for instance 2 Information Packet swe MST configuration—region’, instance 1 Visual Objective, Information Packet MST configuration—region1, instance 2 Visual Objective, Information Packet MST instance 1 assign odd VLANS—1, 3, 11, 63, 65 Information Packet MST instance 2 assign even VLANs—4, 12, 64, 68 Information Packet MST primary root for instance 2 Information Packet MST secondary root for instance 1 Information Packet ASW MST configuration—region', instances. Ot and 2 Information Packet MST instance 1 assign odd VLANS—1, 3, 11, 63, 65 Information Packet MST instance 2 assign even VLANs—4, 12, 64, 68 Information Packet “ASW2 MST configuration—regiont, instances 0, tand 2 Information Packet MST instance 1 assign odd VLANS—1, 3, 11, 63, 65 Information Packet MST instance 2 assign even VLANs—4, 12, 64, 66 Information Packet cow MST configuration—region , instances Ot and 2 Information Packet MST instance 1 assign odd VLANS—1, 3, 11, 63, 65 Information Packet MST instance 2 assign even VLANs—4, 12, 64, 68 Information Packet csw2 MST configuration—region , instances Ot and 2 Information Packet MST instance 1 assign odd VLANS—1, 3, 11, 63, 65 Information Packet MST instance 2 assign even VLANs—4, 12, 64, 68 Information Packet (© 2009 Cisco Systems. Ine Lab Guide 123Implementation and Verification Plan In Task 2, you will ereate an implementation requirements list. There are several possible correct solutions. One possible approach groups items that are common to all switches in a template and then applies the template to all switches. You can then configure each switeh with items that are unique to each device. An exampk of the Implementation and Verification Plan follows, 124 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neComplete Implementation Order Values and Items to Implement Verification Method and Expected Results oswi | 1 MST instance 4 show pending 2 ‘Assign VLANs 1, 3, 11, 63, and | show pending 65 to instance 4 3 MST instance 2, show pending 4 ‘Assign VLANs 4, 12, 64, and 66 | show pending to instance 2. 5 Change STP mode to MST. show spanningtree 6 Primary root for instances 0-1. | show spanning-tree root 7 ‘Secondary root forinstance 2. | show spanning-tree root oswe |8 MST instance 1 show pending 9 ‘Assign VLANs 1, 3, 11, 63, and_| show pending 65 to instance 1 10 MST instance 2 show pending 1" ‘Assign VLANs 4, 12, 64, and 66 | show pending to instance 2. 12 Change STP mode to MST. show spanningtree 13 Primary root for instance 2. show spanning-tree root 14 ‘Secondary root for instances 0- | show spanning-tree 1 root aswi [16 MST instance 1 show pending 7 ‘Assign VLANs 1, 3, 11, 63, and_ | show pending 65 to instance 1 18 MST instance 2, show pending 19 ‘Assign VLANs 4, 12, 64, and 66 | show pending to instance 2. 20 Change STP mode to MST. show spanningtree asw2 | 21 MST instance 4 show pending 2 ‘Assign VLANs 1, 3, 11, 63, and_ | show pending 65 to instance 4 23 MST instance 2 show pending 24 ‘Assign VLANs 4, 12, 64, and 66 | show pending to instance 2. 25 Change STP mode to MST. show spanningtree cswi [26 MST instance 1 show pending 27 ‘Assign VLANs 1, 3, 11, 63, and_ | show pending 65 0 instance 1 (© 2009 Cisco Systems. Ine Lab Guide 125Complete | Device | implementation | Values and Items to Verification Method y Order Implement and Expected Results 28 MST instance 2 show pending 29 ‘Assign VLANs 4, 12, 64, and 66 | show pending to instance 2. 30 Change STP mode to MST. ‘show spanning-tree csw2 [31 MST instance 1 show pending 32 ‘Assign VLANs 1, 3, 11, 63, and_| show pending 65 to instance 1 33 MST instance 2 show pending 34 ‘Assign VLANs 4, 12, 64, and 66 | show pending to instance 2. 35 Change STP mode to MST. ‘show spanning-tree Step-by-Step Procedure Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Complete these steps: Enter MST configuration mode on switch DSW1 psa ( fig) # spanning-tree met configuration Configure region name DSi (config-nst) # name region Configure revision: siti (config-nst)# revision 1 Put VLANs 1,3,11,63 and 65 in instance 1 sift (config-mst)# instance 1 vlan 1, 3, 11, 63, 65 Put VLANs 4, 12, 64, and 66 in instance 2: siti (config-mst]# instance 2 vlan 4, 12, 64, 66 Use the show pending command to cl DsWll (conf ig-mst) #she pending Pending MST configuration Name the configuration: Revision 1 Instances configured 3 /13+62,67-4094 1,3,11, 63,65 2 4,12, 64,66 Dsii (contig-mst) # Change the STP mode to MST on switch DSW1: Dsifi (config) # spanning-tree moge nst Configurespanning-tree root primary for instance 0 and for instance 1 on switeh DSW1: psa ( fig) # spanning-tree mst 0-1 root primary Configurespanning-tree root secondary for instance 2 on switch DSW1: DSi (config)# spanning-tree mst 2 root secondary 126 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neStep 10 Step 11 Step 12, Step 13, Step 14 Step 15 Step 16 Step 17 Step 18 Step 19 Step 20 Step 21 Verify the spanning tree root status: DSW1#sho spanning-tree root Root Hello Max Fwd MST Instance Root 1D cost Time Age Diy Root Port 24576 001£.2721.8680 0 2 20 15 24877 001£.2721.8680 0 2 20 15 24878 001£.2721.8600 200000» «2-201. Faa/s Repeat Steps 1 to 7 on switch DSW2: Configurespanning-tree root primary for instance 2 on switch DSW2: pswa (config) # spanning-tree met 2 root primary Configurespanning-tree root secondary for instance 0 and for instance 1 on switch DSW2: Wa (config)# spanning-tree mst 0-1 root secondary Verify the spanning tree root status: DSW2#sho spanning-tree root Root Hello Max Fwd MST Instance Root 1D cost Time Age Diy Root Port usta 24576 001£.2721.8680 0 2 20 usta 24877 001£.2721.8680 200000 2-20 mst2 2457a 001£.2721.8600 0 2 20 Repeat Steps 1 to 7 on switch ASW1 Repeat Steps | to 7 on switch ASW2. Repeat Steps 1 to 7 on switch CSW1 Repeat Steps 1 to 7 on switeh CSW2. Verify spanning-tree root; repeat Step 10. Verify spanning-tree blockedports on switch DSW1: DsWisho spanning-tree blockedporte Name Blocked Interfaces Li: ust2 Po32 Number of 6! ts (segments) in the system ed Repeat Step 21 on all the rest of the switches. (© 2009 Cisco Systems. Ine LebGuide 127Lab 3-2: Implement PVRST+ Complete this lab activity to practice what you leared in the related module. Activity Objective Congratulations! Your MSTP configuration wasa success. You are asked to give another presentation focusing on PVRST+. Here again, you decide that preparing for this presentation could be useful, and that you would use your pod to walk through the diferent steps involved In this activity, you will design and impkment Per VLAN Rapid Spanning Tree Plus (PVRST+) in a Layer 2 topology. As you complete the design, you will connect to your remote lab to implement your solution, At the end of the lab, you will keep this solution, which is the solution best adapted to this lab environment. You wiil then have all the steps required to perform your live presentation, After completing this activity, you will be able to meet these objectives: Design a migration plan to PVRST+ Create a PVRST* implementation plan Implement PVRST+ according to implementation plan Create a PVRST# verification plan Verify the PVRST+ spanning tree accerding to the verification plan in Packet This section contains the information needed to accomplish in this activity, and describes the requirements common to all devices in the network, along with information specific to each device, Read this information carefully Informa Implementation Policy You will migrate your configuration to PVRST+. The following list details the preparation and configuration requirements for all switches in the company network. Your configuration must implement all these requirements: m= Before configuring and enabling spanning tree, verify that the EtherChannels enabled in Lab 3-1 are still enabled, You need full and radundant connectivity for this lab. Only the link between switch DSWI and switch DSW2 must remain shut Switch DSW1 is to be the primary root bridge for odd VLANs, and switch DSW2 is to be the primary root bridge for even VLANs. m= Forall VLANs for which switch DSW is the primary root, switch DSW2 must be the secondary root. Forall VLANS for which switch DSW2 is the primary root, switch DSW1 must be the secondary root The “Device Information” section describes the VLANs and corresponding roots, 128 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neDevice Information The table provides the Layer 3 reachability information specific to each switch in the network: Device Name _| Role IP Address Gateway VLAN ASWt Layer 2 access switch | 10.1.1.1/24 10.1.1.254 1 ASW2 Layer 2 access switch | 10.4.1.2/24 10.4.1.252 1 swt Layer 3 switch 10.1.1.11/24) 10.1.1.254 1 Dsw2 Layer 3 switch 10.4.4.22/24 10.4.1.252 1 cst Layer 3 switch 10.1.4.111/24 10.1.1.254 1 csw2_ Layer 3 switch 10.4.1.222/24 10.4.1.252 1 RI Router FaQ/0: 10.4.4.251/24 1 R2 Router FaQ/0: 10.1.1.252/24 1 Links between switches should be already be bundled together. The following table shows all possible numbering conventions for these link bundles. Note that not al/of these numbers need to be used: Device | Link To Bundle Number Should Be: ASWt swt "1 ASWt osw2 12 ASW2 swt 1 ASW2 Dsw2 2 oswi ASWi "1 oswi Asw2 12 pswi osw2 21 To remain shut down oswi cswi 34 oswi csw2 32 Dsw2 | ASWi "1 osw2 | asw2 2 Dsw2 swt 21 To remain shut down osw2 [cswi 31 osw2 | csw2 32 cswi oswi 31 cswi swe 32 cswi ceswa 3 csw2_ swt 31 csw2 Dsw2 32 esw2_|[cswi 33 (© 2009 Cisco Systems. Ine Lab Guide 128VLAN Information VLAN Root Backup 1 swt osw2 3 swt osw2 4 Dsw2_ Dsw1 1" swt osw2 12 Dsw2_ Dsw1 63 swt osw2 64 Dsw2_ oswi 65 swt osw2 66 Dsw2_ oswi Visual Objective The figure illustrates what you will accomplish in this activity Visual Objective for Lab 3-2: Implement PVRST+ snore en 130 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neCommand List The table describes the commands that you will use in this activity. Command. Description name name Specifies the configuration name. The name string has a rraximum length of 32 characters and is case sensitive show pending ‘Shows your configuration by displaying the pending configuration, ‘show spanning-tree vian vian-id Displays your enities, ‘show spanning-tree summary Displays your entries. ‘spanning-tree mode {pvst | mst | rapid-pvst} Configures spanning-iree mode. 18 Select pvst to enable PVST* (802,10, the default setting) Select mst to enable MSTP (and RSTP) = Select rapid-pvst to enable rapid PVST+ ‘spanning-tree vlan vian-id root primary diameter net-diameter {hello-time seconds] Configures a switch to become the root for the specified VLAN. = For vlan-id you can specify a single VLAN identified by (AND Gultber’a choos of LARS separated bya 2 hyphen, cr a series of VLANs separated by a comma, The range ls 1 to 4094 = (Optional) For diameter net-diameter, specify the maximum number of switches between any two end stations, The range is 2 to 7. ‘= (Optional) For hello-time seconds, specify the interval in seconds between the generation of configuration messages by the root switch, The range is 1 t0 10; the defaults 2. ‘spanning-tree vlan vian-id root secondary [diameter net-diametor Ihello-time seconds] Configures a switch to become the secondary root for the specified VLAN. = For vian-id you can specify a single VLAN identified by VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma. The range is 1 to 4094. = (Optional) For diameter net-diameter, specify the maximum number of switches between any two end stations, The range is 2 to 7. seconds between the generation of configuration messages by the root switch. The range is 1 to 10; the default is 2 (© 2009 Cisco Systems. Ine Lab Guide 131Job Aids These are the job aids for this lab activity: Value Location Blank implementation requirements listfor |] Task 1 PVRST+ Blank implementation and verification plan | Task 2 form for PVRST+ Blank verification notes form Task 3 ‘Alternate resources and solutions hints ‘Hints” section atthe end of this lab Key commands and tolls used form Hints” section at the end of this lab Blank device roles form Implementation requirements hints “Hints” section at the end of this lab Implementation and verification plan hints ‘Hints” section at the end of this lab ‘Solution configuration answer key (step-by- step procedure) Configuration section atthe end of this lab 132 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neTask 1: Create an Implementation Requirements List for Migration to PVRST+ Your MST configuration should work properly, but you like the idea of enhaneing the efficiency of the convergence in case of a link failure. An efficient technology to achieve this goal is to use PVRST+. For this reason, youshould migrate your network from MST to PVRST+ before presenting this solution during your next conference. You will need to decide and document the switch that should be the root for each VLAN. Use the following table and information Packet” section to complete your Implementation Requirements list VLAN Root ‘Secondary (© 2009 Cisco Systems. Ine Lab Guide 133At this point, your lab network has a functioning MST implementation and you are ready to migrate it to PVRST+, You must make a list of the requirements in order to prepare a detailed implementation and verification plan in the next task. Use the “Information Packet” section to ather the needed information. If you are unsure, use the information in the “Hints” section at the end of this lab. Device | High-Level Task Information Source 14 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neDevice High-Level Task Information Source (© 2009 Cisco Systems. Ine Lab Guide 135Task 2: Create an Implementation and Verification Plan for Your Solution This is the most important step in the planning process. Based on the information from the “Information Packet” section and the previous tasks, you must prepar a step-by-step Implementation and Verification plan. The task will help you set up configuration checkpoints to verify your progt Use the plan to verify each item in the implementation, Use the following table to document your steps in the correct order. If you are unsure, use the information in the “Hints” section at the end of this lab. Complete | Device | Implementation | Values and Items to Verification Method and y Order Implement Expected Results 136 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neComplete Implementation Order Values and Items to Implement Verification Method and Expected Results (© 2009 Cisco Systems. Ine Lab Guide 87Complete Implementation y Order Values and Items to Implement Verification Method and Expected Results 138 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neComplete Implementation Order Values and Items to Implement Verification Method and Expected Results (© 2009 Cisco Systems. Ine Lab Guide 139Task 3: Implement and Verify Now that you have all of the requirements and have planned the implementation, you are ready to connect to the remote lab and implement your solution, Do not forget to save. You will keep this PVRST+ configuration and use it in subsequent labs. Once your solution is implemented, verify that your configuration is working and fulfills the requirements specified in the “Information Packet” section. Use the previous table to document the verifications you conducted to ensure that your solution is complete. If you are unsure about the verification steps, use the information in the “Hints” section at the end of this lab. 140 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neStudent Notes Use the following space to document the details that you think are important to remember (© 2009 Cisco Systems. Ine Lab Guide 141142 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neAlternate Resources and Solutions Other groups may use a solution that is different from yours, Possible solutions will be discussed during the debriefing period after the lab. For your reference, use the following space to document other possible solutions. (© 2009 Cisco Systems. Ine LabGuide 143,“144 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neLab 3-2: Key Commands and Tools Used (© 2009 Cisco Systems. Ine LabGuide 145,Hints You are encouraged to complete the labs using your knowledge. However, if you need help, this section contains a series of hints to help you complete the lab, Lab 3-2 Hint Sheet: Implement PVRST+ Design a PVRST* Solution for a Layer 2 Network When migrating from MSTP to PYRST- the device roles may be as follows: Device Device Role VLANs Primary VLANs Secondary Dswi STP root 1,3, 11,63, 65 4, 12, 64, 66 pswa STP root 4,12, 64, 66 4,3,11, 63, 65 Implementation Requirements To facilitate the configuration of your network, the first task asks you to create Implementation Requirements list. The list details the elements ni an ed to develop an implementation plan. The following is an example of such a list Implementation Req All ange STP fom MST to Rapid switches | PVS Implementation Policy Distribution | Primary and secondary root bridge. switches Implementation Potioy Distribution | VLAN distribution between the root Implementation Policy switches | bridge switches. All Verification Implementation Policy switches Device | High-Level Task Information Source DsWw1 | spanning-tree mode rapid-pvst Implementation Requirements List DsW1 | spanning-tree primary root for odd VLANs. Visual Objective, Implementation Requirements List DsW1 | spanning-tree secondary root for even VLANs. Visual Objective, Implementation Requirements List Dsw | spanning-tree mode rapid-pvst Implementation Requirements List Dsw2 | spanning-tree primary root for even VLANs: Visual Objective, Implementation Requirements List Dsw2 | spanning-tree secondary root for Visual Objective, Implementation Requirements ‘odd VLANs list ASW tree mode rapid-pvst Implementation Requirements List ‘ASW tree mode rapid-pvst Implementation Requirements List cswi tree mode rapid-pvst Implementation Requirements List csw2 tree mode rapid-pvst Implementation Requirements List 46 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neImplementation and Verification Plan In Task 2, you will create an implementation and verification plan, There are several possible correct solutions. One possible approach groups items that are common to all switches in a template and then applies the template to all switches. You ean then configure each switch with items that are unique to each device. An exampk of the Implementation and Verification Plan follows, Complete | Device | Implementation | Values and Items to Verification Method and v Order Implement Expected Results swt | 1 spanning-tree mode show spanning-tree. rapid-pvst 2 spanning-tree vian show spanning-tree root 1,3,11,63,65 3 spanning-tree vian show spanning-tree vian 4;12,64,66 root secondary 4 ‘no spanning-tree mst. | show run configuration osw2 | 5 spanning-tree mode show spanning-tree rapid-pvst 6 spanning-tree vian show spanning-tree root 4,12,64,66 root primary 7 spanning-tree vian show spanning-tree vian 1,3,11,63,65 root secondary 8 ‘no spanning-tree mst. | show run configuration aswi [9 spanning-tree mode show spanning-tree rapid-pvst 10 no spanningtree mst | show run configuration asw2 | 11 spanning-tree mode show spanning-tree rapid-pvst 12 ‘no spanning-tree mst. | show run configuration ceswt | 13) spanning-tree mode show spanning-tree rapid-pvst 14 no spanningtree mst | show run configuration cswe | 15 spanning-tree mode show spanning-tree show run configuration (© 2009 Cisco Systems. Ine Lab Guide 47Step-by-Step Procedure Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Stop 7 Stop 8 Step 9 Step 10 Step 1 Step 12 Step 13 Step 14 Complete these steps: Change STP mode from MST to PVRST+ on switch DSW1: siti (contig) # spanning-tree mode rapid-pvst Configurespanning-tree root primary for VLANs 1, 3, 63, and 65 on switch DSW1: psi ( (fig) # spanning-tree vlan 1,3,11,63,65 root primary Configurespanning-tree root secondary for VLANs 4, 12, 64 and 66 on switch DSW1: psi ( onfig)# spanning-tree vlan 4,12,64,66 root secondary Remove MST configuration on switch DSW1: psa ( fig) # no spanning-tree mst configuration Repeat Step 1 on switch DSW2: Configurespanning-tree root primary for VLANs 4, 12, 64, and 66 on switch DSW2: pia ( \fig)# spanning-tree vlan 4,12,64,65 root primary Configurespanning-tree root secondary for VLANs 1, 3, 63, and 65 on switeh DSW2: sia (config) # spanning-tree vlan 1,3,11,62,65 root Repeat Step 4 on switch DSW2. condary Repeat Steps 1 and 4 on switch ASWL Repeat Steps 1 and 4 on switeh ASW2. Repeat Steps 1 and 4 on switch CSW1 Repeat Steps 1 and 4 on switch CSW2. Verify spanning-tree root on switch DSW1: DsWifsho spanning-tree root Root Hello Max Fwd Vian cost Time Age Diy. Root Port viaNooa 24577 002£.2721.8680 0 2 20 15 viaNooo3 24579 002£.2721.8680 0 2 20 15 vuaNoao4 24580 003£.2721.8600 19-2 20 15 Fa0/s ‘vEaNoo12 24587 001£.2721.8680 0 2 20 15 ‘vEaNoo12 24588 001f.2721.8600 192 20 15 Fa0/s viaNoas3 24639 002£.2721.8680 0 2 20 15 viaNoosa 24640 003£.2721.8600 19-2 20 15 Fao/s vLaNoa6s 24641 002£.2721.8680 0 2 20 15 viaNoas6 24642 003£.2721.8500 19-2 20 15 Fa0/s Dswiy Repeat Step 13 on all switches. 148 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neLab 3-3: Troubleshooting Spanning Tree Issues Complete this lab activity to practice what you learmed in the related module. Act ity Objective In this activity, you will analyze, locate, and fix STP problems on your network caused by misconfiguration or design error. You should prepare a troubleshooting plan that will guide you ina step-by-step manner in your efforts, Youshould be able to quickly fix the network using the skills learned in this module. Afier completing this activity, you will be able to meet these objectiv Develop a work plan to troubleshoot configuration and security issues related to the STP Isolate the causes of the problems Correct all of the identified spanning tree issues Document and report the troubleshooting findings and recommendations Visual Objective The figure illustrates what needs to be accomplished in this activity a Visual Objective for Lab 3-3: Troubleshoot Spanning Tree Issues (© 2009 Cisco Systems. Ine LebGuide 149)Command List The table describes the commands that are used in this activity. Configuration Commands Command. Description configure terminal Enters global configuration mode from privileged EXEC mode, enable password password _| Enters the privileged EXEC mode command interpreter. terface fastethernet| Enters interface configuration mode for a Cisco Catalyst switch gigabitethemet siovport with a Fast Ethemet or Gigabit Ethemet interface installed ‘spanning-tree bpdufilter enable | Enables BPDU fitering on an interface spanning-tree bpduguard Enables BPDUGuard feature on an interface. ‘show spanning-tree ‘Shows the ports that are blocked by the spanning tee algorithm. blockedports exit Exits the current mode. Job Aids These job aids are available to help you complete the lab activity = Trouble Tickets = Troubleshooting Log Trouble Ticket A: Switch Optimization Failed You have been on a vacation for a short period of time, During your absence, your junior .e managed the switched network. The IT manager asked your colleague to improve the behavior of the network. He made some changes, and as a result you saw a lot of error sin the logs of your switches on your return from vacation, You are asked by the sment to quickly correct the situation because the network is very slow. Your task is to diagnose the issues and restore normal network operation. Trouble Ticket B: Unstable STP Your assistant reports that ports are in an error-disabled state and that the link between the root switches is down. The STP shows that no VLANs are blocked on the root switches. Your task is to identify the misconfigured item(s) and solve the issue(s) to recover connectivity between switches DSW and DSW2 and ensure that the STP algorithm is enabling the proper paths; 160 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neInstructions As you can issues: from the troubleshooting tickets, this troubleshooting lab involves two types of Ticket one involves error messages on several switches in the lab, Ticket two involves problems with switch interfaces the in error-disabled state, Each ticket involves several switches, so the whole team must work together to solve each of them, Together with your team members, create a troubleshooting plan to divide the work, assign each team member appropriate roles, and coordinate device access among the team members. Document your progress in the “Troubleshooting Log” section provided below in order to help facilitate efficient communication within the team and to have an overview of your troubleshooting process for reference during the lab debriefing discussions. Because different teams work at different speeds, the lab tickets are separated. To prepare the lab for this exercise, ask your instructor how to initiate Trouble Ticket A. After the instructor indicates that the lab is fully prepared, you are ready to start troubleshooti Once you fix Trouble Ticket A, ask your instructor if there is time remaining for you to move on to the next ticket. If time allows, ask your instructor how to initiate Trouble Ticket B. After the instructor indicates that the lab is fully prepared, you are ready to start troubleshooti (© 2009 Cisco Systems. Ine Lab Guide 151Troubleshooting Log Use this log to document your actions and results during the troubleshooting process Trouble | Actions and Results Ticket 162 Imolementna Cisco Swiched Networks (SWITCH) v1.0 © 2009 Cisco Svsiems. ncTrouble | Actions and Results Ticket (© 2009 Cisco Systems. Ine Lab Guide 153Trouble | Actions and Results Ticket 164 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neTrouble | Actions and Results Ticket (© 2009 Cisco Systems. Ine Lab Guide 185Activity Verification You have completed this lab when you attain the results below Trouble Ticket A: (Verify that there are no more error log entries being generated on the Layer 3 switches: (Verify that there are no ports in error-disabled state on the Layer 2 switches. Verify that the STP status is the same as it was at the end of Lab 3-1 Trouble Ticket (Verify that the STP is blocking thi (Verify that the appropriate links are up. correct VLANs on the root switches. (Verify there are no ports in error-disabled state. 166 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neTicket A: Sample Troubleshooting Flow The following pages illustrate an example ofa method that you could follow to diagnose and resolve Trouble Tic! a Key Clue: Error Logs on Switches DSW1, DSW2, and CSW1 BERTHS Toa (AQAGFIAT HOT, Hoge 002290622700 in 1Opttas Bitte AMe PSL IE pHgtt Oe1s- 9043 agptag Bavtous pace Pots aaa post bowg'™ 907219082 ~ You have information for error log messages on switches DSW1, DSW2, and CSW1 The natural first task is to access these devices and view the error messages. You can see that the error m on the three switches are the same—all involve a flapping MAC address of a host on EtherChannels and physical interfaces, Refer to the Vis interfaces. al Objective and determine what links participate in these PortChannels and -s DSWI and ‘as the switching loop. You discover that the EtherChannels connect the core switch CSW1 with switel DSW2. You also discover that interface Fa 0/5 on both distribution switches connection between them. After this examination, you discover that you have A switching loop is related to the functioning of the STP; in this case, PVRST+. The next logical step is to check the PVRST+ on the affected interfaces. (© 2009 Cisco Systems. Ine LebGuide 157Key Clue: Observe STP on Susp Ports [Dewitchow spanning tree Tatarface port-channel 37 vie Role Sta Cost Prio.Nbe Type esg rw 12 esg rw 12 Root FWD 12 esg rw 12 Root FWD 12 168 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, nea Key Clue: Observe STP on Suspicious Ports (Cont.) DSWINShar spaning-teee interface Fastetheriet 075 viawo001 esa FAD 19 vianoo0s eos FAD 19 yran0004 esq FAD 19 vra0066 Deeg FAD 39 You can verify the STP state for the affected interfaces; for example, Po31 and Fa0/S on DsW1 You sce that the STP state for interface Po31 looks normal, but the information returned for interface Fa0/5 is more confusing. The same unusual information appears on switch CSW2 interface Po33, Key Clue: Observe STP on Suspicious Ports (Cont.) 128.308 20.304 (© 2009 Cisco Systems. Ine Leb Guide 159Key Clue: Observe STP on Susp Ports (Cont.) [Dewafeho spanaiag-tres Tavertace Fastatherat 0/= vie Role Sta Cost Prio.Nbe Type esg rw 19 Check the STP state for the affected interfaces; for example, Po31 and Fa0/S on DSW2. Here the situation is the same as it is on switch DSWL. Your next logical step is to analyze interface Fa0/5, as its state looks different from the others. 160 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neKey Clue: Observe STP on Suspicious Ports (Cont.) Tastitherset 0/5 detail Fort 7 (Pastutnezset0/S) of ViAMOODI iz designated forwarding Port path cost 18, Post priority 128, Port Identifier 128.7 Desiguated root hat priceity 24577, addeees O01E.2721.8690 Decignated bridge has priocity 24577, address 00LE.2721.8580 Designated port id e 128.7, depignated path cost 0 Link type i= poighate-peint by detaule Bpau chiter 4 Check the STP for interface Fa0/5 on switch DSW1 DSW1#sho spanning-tree interface FastEthernet 0/5 detail Port 7 (FastEthernet0/5) of VLANO0O1 is designated forwarding rt path cost 19, Port priority 128, Port Identifier 128.7 Designated root has priority 24577, address 001£.2721. 8680 Designated bridge hae priority 24577, address 001f.2721.8680 Designated port id is 128.7, designated path cost 0 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default Bpdu filter is enabled BPDU: sent 260, received 9 You can see that the BPDUFilter feature is enabled on interface Fa0/5. Because this is a feature that relates to access ports, prevents the BPDUs, and is a trunk interface, you understand that this is a problem, (© 2009 Cisco Systems. Ine Lab Guide 161Key Clue: Determine Why Switch DSW2 Does Not Receive BPDUs from Switch DSW1 DSU fonow run intertace fazeEthernet 0/5 Interface fastBthernet 0/5 ‘spanning-tree bpdugilter enable Check the configuration of interface Fa0/S on switch DSW1 to verily that you have identified the problem: Dswiehow run interface fastEthernet 0/5 interface fastEthernet 0/5 spanning-tree Bpdufilter enable You have discovered an incorrect configuration issue involving an STP security feature, 162 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neKey Clue: Configure Switch DSW1 fpewiecont meter configucetion commande, one per Line. fad with CHTL/t ows (contig) #iatertace fastuthecnet 0/5 oows (contig-St} 420 apansiag-tree bodutilter enable You must correct the configuration: DsWifeoné t Enter configuration commands, one config) #interface fastEthernet 0/5 if) mo spanning-tree bpéufilter enable ine. End with CNTL/Z (© 2009 Cisco Systems. Ine Leb Guide 163Key Clue: Check Switch DSW1 The same issue appears on the switch CSW2 interface Po33 link. Resolve it using the method. tres intartace FastESERSt O75 Verify that the STP is back to normal and you have corrected the problem: DsWidsho spenning-tree interface FastEthernet 0/5 viaa VLANOO0 VLANO003 ‘VLANooo4 \VEANoo11 VLANOO12 VLANO063 VLANOO64 VLANOO6S VLANOO66 Role Ste Cost Prio.Nbr Ty Desg Desg Root Desg Root Desg Root Desg Root FAD 19 328 Pap Pap Pap Pap Pap Pap Pap Pap Pap You can also go to the switches again and check that there are no new error messages in their logs. 164 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neKey Clue: Check Switch DSW1 (Cont.) DavFshe spuning tres Tntarhwe Fastetharwet 075 davai Port 7 (Fastitherwet0/5) of VLAMDOOL is designated forwarding Designated root has priority 24577, dress OLE. 2721, 8630 Designated bridge has priority 24577, adress OOLT 2721. 8580 Designated port id is 128.7, designated path cost 0 ink type is point-to-point by default Verify that the STP state shows that the BPDUFilter feature is no longer enabled: DSW1#sho spanning-tree interface FastEthernet 0/5 detail Port 7 (FastEthernet0/5) of VLANO0O1 is designated forwarding Port path cost 19, Port priority 128, Port Identifier 128.7 Designated root has priority 24577, address 001£.2721. 8680 Designated bridge hae priority 24577, address 001f.2721.8680 Designated port id is 128.7, designated path cost 0 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 284, received 12 You can also go to the switches again and check that there are no ne logs. in their (© 2009 Cisco Systems. Ine LabGuide 165Alternate Resources and Solutions Other groups may use a solution that is different from yours. Possible solutions will be discussed during the debriefing period after the lab. For your reference, use the follow to document other possible solutions. 166 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, ne(© 2009 Cisco Systems. Ine LebGuide 167Ticket B: Sample Troubleshooting Flow The following pages illustrate an example of a method that you could follow to diagnose and resolve Trouble Ticket B. Key Clue: STP on Switch DSW1 ‘SWIG Spang tes ISS ERISSEES Musbor of blocked parts (scgmats) it the system 0 katy at 08 Frstethemet9/5 1 dom, Line protocol $9 dom Ger-atenbing) lity 295/28, tata 1/255 ond 1/285 Iterdploc, aito-spoed wea tae ts 20. Check the reported switches for the blocked port and the STP status. On switch DSW1 you find that interface Fa0/S isin the err-disabled state and that the STP is not blocking VLANs: DSWi#ish spanning-tree blockedports Name Blocked Inter! ces List Number of blocked ports (segments) in the system : 0 DSW sho int fa 0/5 FastEthernet0/5 is down, line protocol is down (err-disabled) Hardware is Fast Ethernet, address is 001f.2721.8687 (bia 001f.2721.8687) MTU 1500 bytes, BH 10000 Kbit, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Auto-duplex, Auto-speed, media type is 10/100BaseTx input £1 st flow-contro) is unsupported Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neKey Clue: STP on Switch DSW2 [DaRVTGhS spanning tres bockedparts berotane int 0/5 Fett te dm, ne wot ts dam canes) ote 2121 8607) . MEU 1500 bytes, Bw 100000 KBse, DEY 200 wsce reliability 255/255, txload 1/255, reload 1/255 You find a similar situation on switch DSW2, Port Fa(/s is in the notconnect state and the STP is not blocking VLANs as expected: DSN2#sho spanning-tree blockedports Name Blocked Interfaces List Number of blocked p: DSW2¥sho int fa 0/5 FastEthernet0/5 is down, line protocol is down (notconnect) Hardware is Fast Ethernet, address is 001f.2721.8607 (bia 001f.2721.8607) MTU 1500 bytes, BH 100000 Kbit, DLY 100 usec, reliability 255/255, txload’1/255, rxload 1/255 ts (segments) in the system : 0 You have a problem with the STP, It is not blocking VLANs as expected. You will need more information in order to identify the problem. The first place to look is in the log. (© 2009 Cisco Systems. Ine LebGuide 169Key Clue: Logs on Switch DSW1 paLiaho Toss (ie, 01:20:44 2615 ssenREE-2-n100K BODUGHARD Reonived BED on port ‘ior 1 02:20:44.261. Siar ARR DISABLE. Uysdugvard exxox detected om Fai’, ‘putting Fao/S in ere-aisabie state ‘tar 1 01:20:45,276: LIVEDROTO-5-UPEEHM Line protavol on Inter fa0e Puctutheract®/S, changed state to dam cnoe £ 04:20-46.285, Suimic3-ungcmt anterface Foottthernct9/S, changed The log on switch DSW1 clearly shows the problem. A security spanning-tree feature, in this case BPDUGuard has put the Fa0/S in error-disabled state because BPDUs appeared on this interface Because itis normal to have BPDUs sent and received on this interface, you should check the configuration of this interface 170 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neKey Clue: Check Fa0/5 on Switch CSW1 [Raveaie cam Tat FOE | uttaing coucigurat ion | | curent cougiguration : 375 byter |; | sntcntace mastethermsto/s | “Siteteoct tm encapeuat fon dot ig | Scaecngoct tr sttoned vlan 2,3, 414,12, 62-66 | SMiteteoct ode ern Your check of interface Fa0/5 shows the following: DSWi¥sho run int Fa0/S Building configuration Current configuration : 175 bytes interface FastEthernet0/5 You find that the BPDUGuard feature is configured on a trunk port. You have identified a problem. The next steps involve correction of the mistaken configuration and tests to determine if this is the problem, (© 2009 Cisco Systems. Ine Lab Guide 171Key Clue: Disable STP BPDUGuard Fa0/5 on Switch CSW1 Enter configuration commands, ons per Line. End sith CMmi/2 sum (comt a) Hint Fa0/S snitshe ant 40/5 Pactbtharnet0/5 is wp, Line protocol Ss up (comected) ont 291.8087) Make the needed configuration change: Dswitleoné Enter configuration comands, one per line. End with CNTL/Z DSi (configh#int Fa0/s DSill (config-if)#no spanning-tree bpduguard enable DSi (config-if) Ashut DSi (config-if) Ano sbut sili (conf ig-if) fendi Check the status of the interface: DSWifisho int Fa0/S FagtEthernet0/5 is up, Line prot: Hardware is Fast Ethernet, 01 is up (connected) iress is 001f.2721.8687 (bia 001f.2721.8687) Verify the status of the STP and verify that the correct VLANs are being blocked to be sure that you have fixed the right problem, 12 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neKey Clue: Check STP. DswAsho Spanning tres bicckapares toner of biockod ports (soguoats) in the system © a psw2nsho spanning-troa blacksdports tome Plocked Taterfaces List rran0003 pad rran006s Poo? The checks are successful: DSW1#sho spanning-tree blockedports Name Blocked Interfaces Liet viaNooo4 Boal viaNoo1 Boal viaNoosa Boal viaNoase Poal Wumber of 6! ts (segments) in the system : 4 DSN2#sho spanning-tree blockedports Name Blocked Interfaces Liet VLANOOO1 032 viaNooo3 Po32 viaNa Po32 viaNoos3 Po32 viaNooss Po32 Wumber of 6! ked ports (segments) in the system : 5 Because the verification has been successful, you must document your findings. (© 2009 Cisco Systems. Ine LabGuide 173,Alternate Resources and Solutions Other groups may use a solution that is different from yours. Possible solutions will be discussed during the debriefing period after the lab. For your reference, use the following space to document other possible solutions. 174 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, ne(© 2009 Cisco Systems. Ine Leb Guide 175Lab 3-3: Key Commands and Tools Used 176 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neLab 4-1: Implement Inter-VLAN Routing Complete this lab activity to practice what you learmed in the related module. Acti ity Objective As the corporate network continues to grow, the demands for expansion, better convergence, and reliability drive your IT manager to ask you for a solution for the migration toward a Layer 3 core and distribution design. He insists on using dynamic routing protocol to ease the implementation of new networks, thus reducing the possibility of mistakes and risks of operation failures. The specifications given to you by the IT manager clearly inelude the use of EIGRP as the routing protocol and implementation of separate networks on the links between the Layer 3 switches. The distribution switches must become the new gateways and DHCP servers for your access layer. Once the design is complete, you will connect to your remote lab to implement your solution, After completing this activity, you will be able to meet th objectives: Design a Layer 3 network Create an implementation requirements list Create a step-by-step implementation and verification plan Implement and verify inter-VLAN routing and routing protocols (© 2009 Cisco Systems. Ine LebGuide 17Information Packet This section contains the information needed to accomplish in this activity, and describes the requirements common to all devices in the network, along with information specific to each device, Read the information carefully Implementation Policy You must configure inter-VLAN routing and a routing protocol in your network. The following list provides details regarding preparation and routing configuration requirements for all switches in the company network. Your configuration must implement all of these requirements: = Configure all interfaces between the distribution and core switches to become Layer 3 links. ™ Configure the interfaces between switches DSW and DSW2 to become Layer 3 links, Enable these links. Configure the links between the core switches and the routers to become Layer 3 links. Use the networks from the table provided below for the Layer 3 links, Set up SVIs for data VLANs on both distribution switches according to the information provided in the “Device Information” section, Change the management VLAN on access switches from VLAN 1 to the first data VLAN (VLAN 3 or VLAN 4 depending on devices). You need to create an SVI for this VLAN. The IP addresses for your switches will change. For example, if your device VLAN 1 IP address was in 10.1.1.0/24, VLAN I will no longer have an IP address, and the VLAN 3 IP address will be in 10.1.3.0/24, Apply this rule to all of yourdevices. Refer to the “Device Information” section for information on the IP address that should be used on each switch. m= Remove the management VLAN 1 IP address on the distribution switches, because you can manage them via any routed interface or SV = Switches DSW1 and DSW2 will be default gateways for the client and the access switches. Switch DSW1 will be the default gateway for switches ASW! and client CLT, switch DSW? will be the default gateway for switch ASW2 and client CLT2. = Configure DHCP services on switches DSW1 and DSW2 for networks 10.1.3.0/24 and 10.1.4.0/24. Switch DSW must allocate addresses 50 to 99 and DSW2 must allocate addresses 100 to 149 for each scope. ClientsCLT! and CLT2 must obtain their IP address from switch DSW1 or switch DSW2, Remove DHCP service and subinterfaces from routers RI and R2. Configure EIGRP AS 10 on the core and distribution switches and the routers. Execute the verification plan to ensure IP connectivity 178 _Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neDevice Information The table provides the Layer 3 information specific to the devices in the network. These subnets use a/31 (255.255.255.254) mask, using RFC 3021 specifications. Notice that this type (of mask is reserved for point-to-point links, which is the case here: Device Name _| Layer 3 Interface IP Address osw1 Po3t 10.1.253.0/31 oswi Po 32 10.1.253.2131 oswi P3 10.1.253.4/31 Dsw2 Po3t 10.1.253.6/31 Dsw2 Po 32 10.1.253.8/31 Dsw2 P3 10.1.253.5/31 cswi Po3t 10.1.253.4/31 cswi Po 32 101.253.9131 cst Po 33 101.253.1031 csi Pi 10.1.253,12/31 cst P2. 10.1.253,14/31 csw2 Po3t 10.1.253.7/31 csw2 Po 32 10.1.253.3/31 cswa2_ Po 33 10.4.253.11/31 cswa2_ Pt 10.4.253.16/31 cswa2_ P2 10.4.253.18/31 Ri PA 10.1,253.13/31 Ri P2. 10.1,253,19131 R2 Pt 10.4.253.17/31 R2 P2 10.1.253.15/31 This table provides IP addressing information regarding the SVI interfaces on the switches: Device | SVI IP Address aswi | VLANS 10.1.3.10/24 Asw2 | VLAN4 10.4.4.20/24 oswi | VLANS 10.1.3.4/24 oswi | VLANA 10.1.4.4124 Dsw2 | VLAN3 10.1.3.2/24 Dsw2 | VLAN4 10.1.4.2/24 (© 2009 Cisco Systems. Ine Lab Guide 178Visual Objective The figure illustrates what you will accomplish in this activity Visual Objective for Lab 4-1: Implement Inter-VLAN Routing 160 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neCommand List The table describes the commands that are used in this activity. Command Description channel-group channel-group- ‘numbermode {auto [non-sitent) | desirable [non-silent| | on) | active I passive} ‘Assigns the port to a channel group, and specifies the PAgP or the ACP mode. For mode, select one of these keywords: = auto—Enables PAgP only if a PAgP device is detected. It places the port into a passive negotiating state, in which the port responds to PAgP packets it receives, but does not start PAgP packet negoiiation, = desirable—Unconditionally enables PAgP. It places the por into an active negotiating site, in which the por starts negotiations with other ports by sending PAgP packets. = onForces the port to channel without PAgP or LACP. In the on mode, an EtherChannel exists only when a port {group in the on mode is connected to another port group in the on mode. lent{Optional) Configure the switch port for ‘ronsilent operation when the port isin the auto or desirable mode, if your switch is connected to a partner that is PAgP capable. If you do not specify non-silent silent is assumed. ‘The silent setting is for connections to file servers or packet analyzers. This Setting allows PAgP to operate, to attach the port to a channel group, and to use the port for transmission. = active—Enables LACP only if a LACP device is detected. It places the port into an active negotiating state in which the por starls negotiations with other ports by sending LACP. packets, = passive—Enables LACP on the port and places itinto a passive negotiating state in which the port responds to CAGP packets that it receives, but doesnot start LACP packet negotiation default-router address [address2... address6] eh Specifies the IP address of the default router for a HCP client ‘The IP address should be on the same subnet as the client '& One IP address is required; however, you can specify up to «ight IP addresses in one command ine. These default routers are listed in order of preference; thatis, address is the most preferred router, address? is the next most preferred router, and so on. domain-name domain ‘Specifies the domain name forthe client. ‘configure terminal Enters global configuration mode from privileged EXEC mode. enable password password Enters the privileged EXEC mode command interpreter. interface intorface-id Specify a physical port, and enter interface configuration mode. interface port-channel port-channel- number ‘Specify the port-channel logical interface, and enter interface configuration mode, ip address jp-addrass mask ‘Assigns an IP address and subnet mask to the EtherChannel ip routing Enables IP routing (© 2009 Cisco Systems. Ine Lab Guide 181‘Command, Description ip dhcp excluded-address lowe address [high-addres ‘Specifies the IP addresses that the DHCP server should not assign to DHCP clients. ip dhep pool name Creates a name for the DHCP server address pool and enters HCP pool configuration mode. lease (days (hours) minutes} nite) (Optional) Specifies the duration ofthe lease. = The defaultis a one-day lease. a Theinfinite keyword specifies that the duration of the lease is unlimited, network network-number mask] prefx-length ‘Specifies the subnet network number and mask of the DHCP address pool network network-number ‘Associates networks with an EIGRP routing process. EIGRP ‘sends updates to the interfacesin the specified networks. no auto-summary (Optional) Disables automatic summarization of subnet routes into network-level routes. no ip address Ensures that there is no IP address assigned to the physical port. no switchport Places the interface into Layer 3 mode. router eigrp aufonomous-systom number Enables an EIGRP routing process; enier router configuration mode. The, AS number ientiies the routes to other ETGRP routers and tags routing information. ‘show etherchannel channel-group- number detail ‘Shows your entries. show ip eigrp interface Displays the interfaces on which EIGRP is active and information about EIGRP relating to those interfaces. ‘show ip protocols ‘Shows your entries, show ip route Displays the current state ofthe routing table. Job Aids These are the job aids for this lab activity: Value Location Blank design requirements list Task 1 Blank implementation requirements list Task 2 Blank implementation and verification plan form | Task 3 Blank verification notes form Task 4 ‘Altemate resources and solutions form End of this lab Key commands and tools used form End of this lab Implementation requirements hints “Hints” section atthe end of this lab Implementation and verification plan hints ‘Hints” section at the end of this lab ‘Solution configuration answer key (step-by-step procedure) Configuration section atthe end of this lab 162 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neTask 1: Create a Layer 3 Design You must create your design for the migration to Layer 3 in the network. You must decide on the Inter-VLAN routing and on the use of EIGRP as a routing protocol, You must consider the changes in the links between the core and distribution switches, the changes in DHCP, and the changes in VTP. Use the table below to create your design, Complete | Device _| SVI Interfaces | Layer 3 Is the Device a | EIGRP AS No. v Interfaces, DHCP Server? | (if applicable) (© 2009 Cisco Systems. Ine Lab Guide 188Task 2: Create an Implementation Requirements List for Inter-VLAN Routing Afier you have decided on a design, itis time to create alist in which you will document the requirements for the successful implementation, Use the following table, the Visual Objective for this lab, and the “Implementation Policy” and “Device Information” sections to create your implementation requirements list, 'you are unsure, use the information in the “Hints” section atthe end of this lab. Device | High-Level Task Information Source 164 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neTask 3: Create an Implementation and Verification Plan The next step in your configuration deployment isto create a task list of each item to be configured on each device and in what order it isto be configured. The Implementation and Verification Plan is very important, because it enables you to ensure that all requirements are properly configured and in the correct order. The task will help you set up configuration checkpoints. Use the plan to determine how you will verify that each required item was effectively configured. You will move to the actual implementation in the next task. Use the following table and the “Information Packet” section to create the Implementation and Verification Plan, If you are unsure, use the information in the “Hints” section at the end of this, lab. Gomplete | Device | implementation | Values and Items to | Verification Method and. v Order Implement Expected Results (© 2009 Cisco Systems. Ine Lab Guide 185Task 4: Implement and Verify Now that you have all of the requirements and have planned the implementation, you are ready to connect to the remote lab and implement your solution, Do not forget to save. Once your solution is implemented, verify that your configuration is working and fulfills the requirements specified in the “Information Packet” section. Use the previous table to document the verifications you conducted to ensure that your solution is complete. If you are unsure about the verification steps, use the information in the “Hints” section at the end of this lab, 186 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neStudent Notes Use the following space to document the details that you think are important to remember (© 2009 Cisco Systems. Ine LebGuide 187168 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neAlternate Resources and Solutions Other groups may use a solution that is different from yours, Possible solutions will be discussed during the debriefing period after the lab. For your reference, use the following space to document other possible solutions. (© 2009 Cisco Systems. Ine LebGuide 189190 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neLab 4-1: Key Commands and Tools Used (© 2009 Cisco Systems. Ine Lab Guide 191Hints You are encouraged to complete the labs using your knowledge. However, if you need help, this section contains a series of hints to help you complete the lab, Lab 4-1 Hint Sheet: Implement Inter-VLAN Routing Layer 3 Design Complete | Device | SVI Layer3 interfaces | Isthe Device | EIGRP AS Vv Interfaces a DHCP Number (if Server? applicable) ASW VANS [No No No asw2 | VAN4 [No No No Dswi VLANs 3,4 | Po31,P032,P3 | Yes, AS 10 10.13.0126 and 0.1.4.0128 Dsw2 VLANs 3,4 | Po31, Po32, P3 ‘Yes, AS 10 10.1.3.0/24 and 10.1.4.0/24 cswi No 031, Po32, Po33, | No AS 10 P1,P2 cesw2 | No 031, Po32, Po33, | No A810 P1,P2 Rt No. P1,P2 No AS 10 R2 No. P1,P2 No AS 10 182 Imolementna Cisco Switched Networks (SWITCH) v1.0 {© 2008 Cisco Svaloms. IneImplementation Requirements To fa cilitate the configuration of your network, the first task asks you to create an Implementation Requirements list. The list details the elements needed to develop an implementation plan. The following is an example of such a list: Device Implementation Requirements List Lab 4-1 Section Containing Hint Distribution and core switches Layer 3 links between the distribution and core switches Implementation Policy Distribution switches Layer 3 links between the distribution switches Implementation Policy Core switches Layer 3 links between the core switches Implementation Policy Core switches and Layer 3 links between the core Implementation Policy routers switches and routers. Distribution switches | SVI interfaces Implementation Policy ‘Access and distribution | Change management VLAN Implementation Policy switches Distribution switches | DHCP server Implementation Policy Distribution and core Enable IP routing Implementation Policy switches Distribution and core | EIGRP Implementation Policy switches and routers ‘All switches and routers | Verification Implementation Policy (© 2009 Cisco Systems. Ine Lab Guide 193Device High-Level Task Information Source ‘ASW1_ | Change the management VLAN. Visual Objective, Implementation Requirements List ‘ASW | Change the default gateway. Visual Objective, Implementation Requirements ist ‘ASW2_| Change the management VLAN. Visual Objecive, Implementation Requirements List ‘ASW2 | Change the defauit gateway. Visual Objecive, Implementation Requirements List DsW1 | Layer3 links between the distribution | Visual Objective, Implementation Requirements and core switches. List DsW1 | Layer3 links between the distibution | Visual Objective, Implementation Requirements Switches. List DSW1 | SVlinteraces: Visual Objcve, Inplomenation Requirements ist Dsw1_| Change the management VLAN. Visual Objective, Implementation Requirements List Dswt_| DHCP server. Visual Objective, Implementation Requirements List swt | Enable IP routing Ygval Objective, Implementation Requirements Visual Objective, Implementation Requirements Dswt | ElerP. ig DSW2 | Layer3 links between the distrbution | Visual Objective, Implementation Requirements and core switches. List DSW2 | Layer3 links between the distrbution | Visual Objective, Implementation Requirements switches. List Dsw2 | sVIinterfaces. Ygual Objective, Imolementaton Requirements ist (DSW2 | Change the management VLAN. Visual Objecive, Implementation Requirements List DSW2 | DHOP server. Visual Objecive, Implementation Requirements List Visual Objecive, Implementation Requirements DsW2 | Enable IP routing, et Visual Objective, Implementation Requirements DsW2 | EIGRP. iz CSW1 | Layer3 links between the distrbution | Visual Objective, Implementation Requirements and core switches. List CSW1_ | Layer’ links between the core Visual Objective, Implementation Requirements switches. List CSW1_| Layer’ links between the core switches | Visual Objective, Implementation Requirements and router List jsval Objective, Implementation Requirements swt | Enable IP routing, Yigyato Impl Re cswi | clare. Visual Objective, Implementation Requirements List 194 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neDevice High-Level Task Information Source csw2 Layer 3 links between the distribution and core switches. Visual Obiective, Implementation Requirements ist cswa2) Layer 3 links between the core switches. Visual Obiective, Implementation Requirements list csw2 Layer 3 links between the core switches and routers, Visual Objective, Implementation Requirements ist csw2 Enable IP routing, Visual Obiective, Implementation Requirements ist csw2 EIGRP. Visual Obiective, Implementation Requirements ist RI Layer 3 links between the core switches and routers, Visual Objective, Implementation Requirements List RI EIGRP. Visual Objective, Implementation Requirements ist R2 Layer links between the core switches and routers, Visual Obiective, Implementation Requirements ist R2 EIGRP. Visual Obiective, Implementation Requirements ist (© 2009 Cisco Systems. Ine Lab Guide 195Implementation and Verification Plan In this task, you will create an Implementation and Verification Plan, There are several possible correct solutions. One possible approach groups items that are common to all switches in a template and then applies the template to all switches. You in then configure each switch with items that are unique to each device. An exampk of the Implementation and Verification Plan follows Complete | Device | impk Values and Items to Implement | Verification Method and v mentation Expected Results Order interface port-channel XX show interface port- channel no switchport ip address oswt | 1 interface range fast no switchport channel-group XX mode on interface port-channel XX ‘show interface port- channel no switchport ip address pswa | 2 interface range fast no switchport channel-group XX mode on interface port-channel XX show interface port- channel no switchport ip address cst | 3 interface range fast no switchport channel-group XX mode on interface port-channel XX ‘show interface port- channel no switchport ip address cswe |4 interface range fast no switchport channel-group XX mode on. 196 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neComplete | Device Values and Items to Implement y mentation Expected Results Order a Is interface Fa 0X show interface fa O/x ip address Ri [6 No interface f0/0.Y show IP interface brief interface Fa 0X show interface fa Ox R2 {7 ip address R2 [8 No interface f0/0.Y show IP interface brief interface vlan XX show interface vian xx oswi | 9 ip address interface vlan XX ‘show interface vlan xx Dswa | 10 ip address interface vian 3 show interface vian 3 aswt | 11 ip address interface vian 4 ‘show interface vlan 4 swe | 12 ip address aswt | 13 ip dofault-gateway swe | 14 ip dofault-gateway interface vian 4 show interface vian 4 pswi | 15 no ip address interface vian 4 ‘show interface vian 4 Dswa | 16 no ip address ip dhcp excluded-address __| show ip dhcp binding 40.1.3.1 10.1.3.49, then 100 to 255 ip dhep pool viand network 10.1.3.0 255.255.258.0, default-router 10.1.3.4 psi | 17 ip dhep excluded-address, 10.1.4.1 10.1.4.49, then 10.1.4:100 to 255 ip dhep pool viand network 10.1.4.0 255.255.255.0, default-outer 10.1.4.1 (© 2009 Cisco Systems. Ine Lab Guide 197Complete | Device Values and Items to Implement | Verification Method and y ‘mentation Expected Results Order ip dhep excluded-address show ip dhcp binding 0.1.3.1 10.1.3.99, then 150 to 255 ip dhcp pool vian3 network 10.1.3.0 255.255.255.0 default-router 10.1.3.2 oswe | 18 ip dhep excluded-address 10.1.4.1 10.1.4.99, then 150 to 255 ip dhep pool viand network 10.1.4.0 255.255.255.0, default-router 10.1.4.2 oswi | 19 ip routing show ip route oswe | 20 ip routing show ip route esi | 21 ip routing show ip route cswe | 22 ip routing show ip route router eigrp 10 ‘show ip eigrp interfaces oswi | 23 no auto-summary show ip route network 10.1.0 0.0.255.255 router eigrp 10 show ip eigrp interfaces oswe | 24 no auto-summary show ip route network 10.1.0 0.0.255.255 router eigrp 10 ‘show ip eigrp interfaces cswi | 25 no auto-summary show ip route network 10.1.0 0.0.255.255 router eigrp 10 show ip eigrp interfaces cswe | 26 no auto-summary show ip route network 10.1.0 0.0.255.255 router eigrp 10 show ip eigrp Ri | a7 no auto-summary show ip route network 10.1.0 0.0.255.255 router eigrp 10 show ip eigrp interfaces R2 | 28 no auto-summary show ip route network 10.1.00 0.0.255.255 198 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neStep-by-Step Procedure Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 Step 12 Step 13, Step 14 Complete these steps: Connect to the switch DSW! switch interface in configuration mode: Connect to the remote lab Access the Switch console. m= Enter privilege mode, using the enable command. m= Enter configuration mode, using the configure terminal command, Configure a Layer 3 EtherChannel to switch CSW1 on switch DSWI psWi (config) # interface range Fa 0/1 - 2 Sill (config-if)# no switchport psWi (config) # interface Port-channel31 Sill (conf ig-if)# no switchport sili (config-if)# ip address 10.1.253.0 255.255.255.254 DSW (config)# interface range Fa 0/1 - 2 DSW (conf ig-if)# channel-group 31 mode on sili (config-if)# no shutdown In the same manner as seen in Step 2, configure a Layer 3 EtherChannel link on switch DSW1 to switch CSW2, using interface Po32 and interface range {0/3 to {0/4 Configure a Layer 3 EtherChannel on Fa 0/5 on switch DSW1 to switch DSW2: DsWvi (config) # interface fa 0/5 Dsifi (config-it)# no ewitehport siti (config-if)¥ 4p address 10.1.253.4 255.255.255.254 Repeat Step 2 on switch DSW2 to configure a Layer 3 EtherChannel link to switch CSW2, using interface Po31 and interface range 10/1 to 10/2. Repeat Step 2 on switch DSW2 to configure aLayer 3 EtherChannel link to switch CSW1, using interface Po32 and interface range 10/3 to 10/4 Repeat Step 4 on switch DSW2 to configure a Layer 3 EtherChannel link on {0/5 to switch DSWI Repeat Step using interfa 2. on switch CSW1 to configure a Layer 3 EtherChannel link to switch CSW2 Po33 and interface range (0/7 to {0/10. Repeat Step 2 on switeh CSW1 to configure aLayer 3 EtherChannel link to switch DSW1 using interface Po31 and interface range 10/1 to 10/2. Repeat Step 2 on switeh CSW1 to configure aLayer 3 EtherChannel link to switch DSW2 using interface Po32 and interface range 10/3 to 10/4 Repeat Step 4 on switch CSW1 to configure a Layer 3 EtherChannel link to router RI interface {0/11 and a Layer 3 EtherChannel link to router R2 interface (0/12, Repeat Step 2 on switeh CSW2 to configure aLayer 3 EtherChannel link to switch CSW1 using interface Po33 and interface range (0/7 to {0/10. Repeat Step 2 on switeh CSW2 to configure aLayer 3 EtherChannel link to switch DSW2 using interface Po31 and interface range 10/1 to £0/2. Repeat Step 2 on switeh CSW2 to configure aLayer 3 EtherChannel link to switch DSW1 using interface Po32 and interface range 10/3 to 10/4 (© 2009 Cisco Systems. Ine LabGuide 199Stop 15 Step 16 Step 17 Step 18 Step 19 Step 20 Step 21 Step 22 Step 23 Step 24 Repeat Step 4 on switch CSW? to configure a Layer 3 EtherChannel link to router R2 interface 40/11) and a Layer 3 EtherChannel link to router R1 interface {0/12. Configure router R1 interfaces to switches CSW1 and CSW2: Ri(config)# interface £0/11 Ri (conf ig-it)# ip address 10.1.253.13 255.255.255.254 Ri (conf ig-if)# no shutdown Ri (config-if)# interface £0/12 Ri (config-if)# ip address 10.1.253.19 255.255.255.254 Ri (config-if)# no shutdown Repeat Step 16 on router R2 to configure its interfaces to switches CSW2 and CSW1. Configure an SVI interface on switch DSW1: Dsii1 (conf ig)# interface Vian3 sili (config-if)# ip address 10.1.3.1 255.255.255.0 Dsiii (conf ig-if)# no shutdown Repeat Step 18 on switch DSWI to configure SVI VLAN 4, Repeat Steps 18 and 19 on switch DSW2. On switch ASW1, move the management IP address from VLAN | to VLAN 3: ASW1 (config) interface Viant ASW (config-if)# no ip address ASW1 {config-if)¥ interface Vian? ASW! (config-if)# ip address 10.1.3.10 255.255.255.0 ASW [config-if)# no shutdown Change the default gateway on switch ASW1: ASW1(config)# ip default-gateway 10.1.3.1 Repeat Steps 21 and 22 on switch ASW2. Verify that you have reachability to all subnets. For example, on DSW1: DsWiish ip route Codes: C = connected, § - static, R- RIP, M- mobile, B - BGP D = EIGRP, EX'- EIGR? external, O * OSPF, IA - OSPF inter area NL - OSPF 'NSSA external type 1, N2 - OSPF NSSA external type 2 EL - OSPF external type 1, B2 ~ OSPF external type 2 i + 18-18, su - IS-IS summary, bl - I8-I8 level-1, L2 - IS-TS level-2 ja - 18-15 inter area, + - candidate default, U - per-user static route © - ODR, P - periodic’ downloaded static route Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 13 subnets, 3 masks c 10.1.3.0/24 is directly connected, Vlan3 c 10.1.4.0/24 is directly connected, VLand c 10.1.63.0/24 is directly connected, vVian63 c 10.1.64.0/24 is directly connected, vViané4 D 10.1.253.32/29 [90/18176] via 10.1.253.1, Sd03h, Port-channel31 D 10.1.253.18/31 [90/3280] via 10.1.253.1, Sd03h, Port-channel3i D 10.1.253.6/31 [90/15816] via 10.1.4.1, sd03n, Vand [90/15e16] via 10.1.3.2, Sd03h, Vian3 c 10.1.253.4/31 is directly connected, FastEtherneto/s c 10.1.253.2/31 is directly connected, Port-channel32 c 10.1.253.0/31 is directly connected, Port-channel31 D 10.1.253.12/31 [90/30720] via 10.1.253.1, Sd03h, Fort-channel31 D 10.1-253.10/31 [90/17920] via 10.1.253.1, Sd03h, Port-channel3i D 10.1.253-8/31 [90/15616] via 10.1.4.1, Sd03n, Vand [90/15e16] via 10..3.2, Sd03h, Vian3 200 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, IneStep 25 Configure the DHCP server on switch DSW1: (config) # ip dhcp excluded-adéress 10.1.3.1 10.1.3.49 (config) # ip dhcp excluded-address 10.1.3.100 10.1.3.255 (config) # ip dhcp excluded-address 10.1.4.1 10.1.4.49 (config) # ip dhep excluded-address 10-1.4-1 100.1.4.255 (config) # ip dhep pool vian3 1 (dhep-config)# network 10.1.3.0 255.255.255.0 DSWi (config) # ip dhcp pool viand DSili (dnep-config)# network 10.1.4.0 255.255.255.0 DSW (dhep-config)# default-router 10.1.4.1 Step 26 Repeat Step 24 on switch DSW2, excluding 10.1.3.1 t0 10.1.3.99 then 10.1.3.159 to 10.1.3.255, and 10.1.4.1 10 10.1.4.99 then 10.1.4.159 to 10.1.4.255. Step 27 Enable IP routing on switch DSW1 Dsiti (config) # ip routing Stop 28 Repeat Step 26 on switches DSW2, CSW1, and CSW2, Stop 29 Configure EIGRP on switch DSW1: DsWi (config) # router eigrp 10 DSili (conf ig-router)# no auto-summary DSW (conf ig-router)# network 10.1.0.0 0.0.255.255 Step 30 Repeat Step 28 on switches DSW2, CSW1, CSW2, and routers R1 and R2. (© 2009 Cisco Systems. Ine Lab Guide 201Lab 4-2: Troubleshoo g Inter-VLAN Rou Complete this lab activity to practice what you learned in the related module Activity Objective In this activity, you must analyze, locate, and fix Layer 3 problems in your network, caused by misconfiguration or incorrect design, Afier this activity, you will be able to meet these objectives: Develop a work plan to troubleshoot configuration and inter-VLAN routing issues Isolate the causes of the problems Correct all of the identified routing issues Test the corrections made Document and report the troubleshooting findings and recommendations Visual Objective The figure ilustrates what needs to be accomplished in this activity Visual Objective for Lab 4-2: Troubleshoot Inter-VLAN Routing 202 Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neCommand List The table describes the commands that are used in this activity. Job Configuration Commands Command ‘configure terminal Enters global configuration mode from privileged EXEC mode. ‘enable password password Enters the privileged EXEC mode command interpreter. router eigrp aufonomous-systom number Enable an EIGRP routing process, and enter router configuration mode. The AS number identifies the routes to ther EIGRP routers and tags routing information, network network-number ‘Associate networks with an EIGRP routing pro ‘sends updates to the interfacesin the specified no auto-summary (Optional) Disable automatic summarization of subnet routes into network-level routes, show ip protocols Verify your entries. show ip eigrp interface Displays the interfaces on which EIGRP is active and information about EIGRP relating to those interfaces. show ip route Display the current state ofthe routing table. ‘show interfaces intorface-id trunk Display the trunk configuration ofthe interface IS These job aids are available to help you comple = Trouble Ticket = Troubleshooting Log the lab activity (© 2009 Cisco Systems. Ine Lab Guide 208Trouble Ticket A: Missing Routes on Some Switches Afier the lunch break you find out that some end users are not able to connect to router RI or R2. A colleague of yours, who has being playing with the network management system in the morning, looks a bit nervous. He confesses that he has tried to manage the switches. You must correct this problem quickly because the normal operation of the network must be restored, Verify that all routes are visible on all your switches, Trouble Ticket B: Troubleshoot EIGRP on Layer 3 Switches You conducted tests regarding EIGRP on the new network and determine that some switches do not seem to have the same routing table as others. This is an unusval situation, You must investigate and find out where you have a problem and what itis. During your investigations you determine, from the log of the RADIUS server, that your boss, the IT' manager, logged to several switches and made some reconfigurations. You wonder if this ereated the issue. Verify your switches and make sure the routing works properly, and that the switches exchange routes. Trouble Ticket C: Disappearing Routes and VLANs You are again in serious trouble. Someone has made changes on the devices, which is a continuing problem in the company. At this point, you do not even care who is responsible; you Just want to fix the problem because clients do not have connectivity. You check the routers and see that everything is normal. Verify that all routes are seen by all switches, and that clients in all VLANs can ping router R1 and R2 IP addresses in all VLANs. Instructions As you see from the troubleshooting tickets, this troubleshooting lab contains three types of issues: Trouble Ticket A involves lost connectivity problems to a specific subnet. Trouble Ticket B involves problems with the routing protocol. m= Trouble Ticket C involves problems with trunk misconfiguration. Each ticket involves several switches, so the whole team must work together to solve the problems on each switch. Together with your team members, create a troubleshooting plan to divide the work, assign appropriate roles to each team member, and coordinate device ac among the team members. Document your progress in the Troubleshooting Log provided below to help facilitate efficient communication within the team and to have an overview of your troubleshooting process for reference during the lab debriefing discussions, Because different teams work at different speeds, the tickets in this lab are separated, To prepare the lab for this exercise, ask your instructor how to initiate Trouble Ticket A. After the instructor indicates that the lab is fully prepared, you are ready to start troubleshooting. Once you fix the issue in Trouble Ticket A, ask your instructor if time is left for you to move on to the next ticket. IF time allows, ask your instructor how to initiate Trouble Ticket B. After the instructor indicates that the lab is fully prepared, you are ready to start troubleshooting, Repeat the same process for Trouble Ticket C, i time allows. 204 Imolementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neTroubleshooting Log Use this log to document your actions and results during the troubleshooting process Trouble | Actions and Results Ticket (© 2009 Cisco Systems. Ine Lab Guide 205,Trouble | Actions and Results Ticket 206 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neTrouble | Actions and Results Ticket (© 2009 Cisco Systems. Ine Lab Guide 207Trouble | Actions and Results Ticket 208 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neActivity Verification ‘You have completed this lab when you attain the results below. Trouble Ticket A: Verify that Client CLT1 and Client CLT2 can ping all network devices. Trouble Ticket B: Verify that Layer 3 switches have EIGRP adjacencies with each other. Trouble Ticket C: Verify that Client CLT1 and Client CLT2 can ping all network devices. (© 2009 Cisco Systems. Ine Lab Guide 208Trouble Ticket A: Sample Troubleshooting Flow The following pages illustrate an example of a method that you could follow to diagnose and resolve Trouble Ticket A. a Key Clue: Switch DSW1 Routing Configuration DSW1 is supposed to be the PC default gateway and inter-VLAN router Dewiaping 10.1,2.102 ‘Type stcape sequence to abort Success xate 2 100 percent (5/5), round-trip nin/avg/nae = 1/2/8 me First, verify that you can successfully ping the gateway. This means that you have connectivity to the gateway, which is the DSW switch. When you try to ping to a core switch from client CLT1, the ping fails. This can indicate one of two things—you are not allowed to connect or you do not have a path to this device. As you have been able to connect previously, the first possibility is eliminated. If you do not have the path to this device, you are also missing the route to the device These simple tests lead you to conclude that you do not have connectivity to the core switches and the servers beyond them. This is most likely due to a routing problem, because you can reach the distribution switch DSW3, which is your default gateway. The same situation occurs for connections from client CLT2 to switehes DSW2 and CSW2: pings to switch DSW2 work, but pings to switch CSW? fal This leads you to check the routing on the Layer 3 distribution switches DSW! and DSW2, 210 Imolementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neKey Clue: Switch DSW1 Routing Configuration (Cont.) ‘Check routing protocols on DSW1 Outgoing upaate filter List for all intertaces 42 not eat 20:1.0.0/16 ‘eatensy Distance Last Update Gateway Distance Last Update Your troubleshooting work continues on switches DSW1 and DSW2. The example in the figure shows only the display on switch DSW1 because the steps and work on switch DSW2 are the same. You verify the routing protocols, which were configured in the previous lab, and find out that the EIGRP is working properly. You conclude that you have a working routing protocol, but you do not have routing. (© 2009 Cisco Systems. Ine Leb Guide 211Key Clue: Switch DSW1 Routing Configuration (Cont.) Check routing table on DSW1 Your next step is to verify the routes on the switch, DsWish ip route Default gateway ie not set Host Gateway Last Use Total Uses ICMP redirect cache is empty You see that the routing table is empty. Your conclusion is that the routing is not working. Because this is a Layer 3 switch, wl can turn routing functionality on and off, you configure theip routing co routing, Inte! mand to enable 212 Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, nea Key Clue: Switch DSW1 Routing Configuration (Cont.) Enable routing on DSW1 To fix the problem, go into configuration mode and issue the following commands: DSWiveoné t configuration commands, one per line. End with cNTL/Z config) #ip routing The ip routing command enables the Layer 3 funetionality on a Layer 3 switch, (© 2009 Cisco Systems. Ine LebGuide 213Key Clue: Switch DSW1 Routing Configuration (Cont.) Check routing table on DSW1 20.2.11.0/24 2 airectay connected, Vianil 30.1.1,0/24 {90/18176} via 10.11253,14, 2421h, Port-channel32 180/182761 vin 10.1,253.10, 342th, Port-channel32 Verify that you have accurately identified the problem and that your solution is correct. Check the routing table again: show ip route Codes: C - connected, 8 - static, R- RIP, M- mobile, B - BGP D - EIGRP, EX'- EIGRP external, 0 * OSPF, IA -'OSPF inter area F'NSSA external type 1, N2 - NSSA external type 2 F external type 1, E2 - OSPF external type 2 i+ 18-15, ou - summary, Ll - I-18 level-1, b2 - 18-18 level-2 ‘a - 18-6 inter area, + - candidate default, U - per-user static route = 0bR, P - periodic’ downloaded static route Gateway of last resort is net set (0.0.0.0/8 is variably subnetted, 17 subsets, 3 masks c ° 0/24 is directly connected, Vian c 0.1.3.0/24 is directly connected, Vlan3 c 0.1.4.0/24 is directly connected, Viand D ° 10.1,1,0/24 [90/18176) via 10.1.253.14, 2d21h, Port-channel32 90/18176] via 10.1.253.10, 3a21h, Port-channel32 Everything is now correct on the switch, For the next verification, go on the client CLT and carry out the same tests you performed on switch DSW1. Try to release and renew the IP address, Afier successfully acquiring the network settings, try a ping to the default gateway. After pinging the default gateway, try to connect to one of the core switches and a router. 214 Imolementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neAlternate Resources and Solutions Other groups may use a solution that is different from yours, Possible solutions will be discussed during the debriefing period after the lab. For your reference, use the following space to document other possible solutions. (© 2009 Cisco Systems. Ine LebGuide 218216 Imolementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neTrouble Ticket B: Sample Troubleshooting Flow The following pages illustrate an example ofa method that you could follow to diagnose and resolve Trouble Ticket B. Key Clue: EIGRP on Switches CSW1 and csw2 EIORE-IPv4: (20) netghbore for procese 20 {CaN Nehow Ip okaep welabore No Address Interface Mold Uptine SEIT RTO Seq 3 10.1.289.17 reo/t nse 13 200 0 0 2 10.1.253.19 ra0/12 ase 1 200 0 at Afier you analyze the preliminary data, your logical next step is to log in to switch CSW1 and check the routing. Your verification shows that the EIGRP neighbor table is empty When you cheek the status of the EIGRP, everything is normal. The routing configuration on switches CSW and CSW2 must be identical because they provide routing redundancy in the network. When you check the neighbor table on switeh CSW2, everything is normal. This leads you to the conclusion that there must be differences in the EIGRP configurations of the two core switches. When you examine switches DSW! and DSW2, you also see similar differences. (© 2009 Cisco Systems. Ine LebGuide 217Key Clue: EIGRP Reconfiguration on Switch CSW1 (CSM (contig) tno router stgep 20 (C541 (contig-router) # network 1010.0 0.0.255.255 comitshow 4p ctor nesohbes Ho Address Intexface Hold Uptine SEIT RTO @ Seq ELORP-1Pv4: (10) netghbors for process 10 Ho Address Interface Wold Uptine SET RTO @ Seq 10.2.253.0 Poa 1300192148 196 1176 0 268 fier you find the differences in the EIGRP configurations, your next step is to correet the configuration on switch CSW1: cswiteoné © Enter configuration commands, one per line. End with CNTL/Z Csi (conf ig)#no router eigrp’ 20 Csi (conf ig) #eouter eigrp 10 CSW1 (conf ig-router) #no auto-surmary Csi (conf ig-router] # network 10.1.0.0 0.0.255.255 csWitshow ip eigrp neighbors EIGRP-IPv4: (10) neighbors for process Ho Address Interface Hold Uptime SRTT RTO Q seq (sec) (ms) Cat Num EIGRP-IPv4: (10) neighbors for process 10 Ho Address Interface Hold Uptime SRTT RTO Q seq (sec) (ms) Cat Num 1,253.0 Po3t 13 00:32:44 196 1176 0 203 3 31253 11 00:32:10 13 200 0 40 2 0.11283 14 00:32:20 1 200 0 42 4 10.11283 10 00:32:18 1 200 0 49 5 10.2.25311 10 00:32:22 1 200 0 49 You find that the EIGRP AS number is incorrect. Correct the issue in the same way on switch DSW2 After the correction of the problem, verify that the EIGRP is back to normal, 218 Imolementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neAlternate Resources and Solutions Other groups may use a solution that is different from yours. Possible solutions will be discussed during the debriefing period after the lab. For your reference, use the following space to document other possible solutions. (© 2009 Cisco Systems. Ine LebGuide 219220 Imolementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neTrouble Ticket C: Sample Troubleshooting Flow The following pages illustrate an example ofa method that you could follow to diagnose and resolve Trouble Ticket B. Key Clue: Switch DSW3 to PC1 Connectivity Dswiwping 10.12.1027 Type escape eequence to abort gending 5, 100-byte ECuP Echos to 10.1.2.102, timout ix Success rate 1s 0 percent (0/5) DSWIF show datertaces factEthernet 0/6 trunk Fa0/é on 02.14 teumking You find a problem with client CLT1 connectivity, and client CLT2 has the same issue. This flow shows how to solve the client CLTI connectivity issue. The client CLT 2 connectivity is solved by using the same process, To exclude deeper network problems, check the connectivity to client CLT1 from switch DSWI. Again, you see that there isa failure Between client CLT! and switch DSW1 there is only the ASW switch. The logical next step is to verify the links between these two switches, When you check the trunk configuration on the interface pointing to the ASW1 switch, you can confirm that all VLANs are present. (© 2009 Cisco Systems. Ine Lab Guide 221Key Clue: Switch ASW1 Trunk to Switch DSW3 TERI Vehow Twtavtacer TavtEtharnet O71 Pano so2a@ veusking P07 1,2.4-t094 Feo 22,4,12,19;63 Next, concentrate on the ASW! switch because the evidence indicates that the problem must be on that switeh. To finish the check that you started on switch DSW1, check the trunk configuration on the interfaces pointing to switch DSW1 You find out that VLAN 3, which is the VLAN where client CLT] resides, is absent When checking switch ASW2, you find that VLAN 4, which is the client CLT2 VLAN, is also absent from the switch ASW? trunk to switch DSW2, 222 Implementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neKey Clue: Configure Switch ASW1 BewiWeon® © Enter configuration commande, one per Line. End with CHPL/2. ASHI (config) Hnterface range fastEthernet 0/1 ~ ASHI (config-if) no switchport trunk alleved vlan 1-2, AEWLFohow interfaces fastEthernst 0/1 trunk Fors - 24 fewmtng 2 Fao 1-404 Feo 14.11,19,69 To fix the problem, allow the needed VLANs on both interfaces to point to switches DSW1 and DSsW2: ASWi#con£ t Enter configuration commands, one per line. End with CNTL/Z ASW] (configi#interface range fastBthernet 0/1 - 2 # switehport trunk allowed vlan add 3 fier the changes are made, verify that they are correct: xsWi#show interfaces fastRthernet 0/1 trunk Port Mode Encapsulation statue Native vlan Fa0/2 oa 802.14 trunking 1 Port. Vians allowed on trunk a0/2 3-4084 Port Vlane allowed and active in management a0/2 1-411, 29,63 In the same way, add VLAN 4 to the switch ASW2 trunk to switeh DSW2. (© 2009 Cisco Systems. Ine Leb Guide 223,Alternate Resources and Solutions Other groups may use a solution that is different from yours. Possible solutions will be discussed during the debriefing period after the lab. For your reference, use the follow to document other possible solutions. 24 Imolementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, ne(© 2009 Cisco Systems. Ine LebGuide 225Lab 4-2: Key Commands and Tools Used 228 _Imolementina Cisco Switched Networks (SWITCH) v1 0 (© 2009 Cisco Systems, neLab 5-1: Implementing High Availability and Reporting in a Network Design Complete this lab activity to confirm yourknowledge on the topics of high availability and reporting, Activity Objective The dynamics of administering a large network often prevent a daily verification of the state and activity on each device. This is why a solution is needed that implements logs from different devices that are gathered in a single place. In this lab, you will implement such a solution, To achieve this goal, you will configure your switches to send information to a syslog and an SNMP server. To respond to the need for monitoring the network state, you will also implement a Cisco IOS IP SLA-based solution. Once the design is complete, you will connect to your remote lab to implement your solution. After completing this activity, you will be able to meet these objectives: Design a high availability solution consisting ofa syslog, SNMP reporting, and an IP SLA. solution Create an implementation requirements list Crea a step-by-step implementation and verification plan Implement and verify your solution (© 2009 Cisco Systems. Ine LebGuide 227Information Packet This section contains the information needed to accomplish in this activity, and describes the requirements common to all devices in the network, along with information specific to each device, Read this information carefully Implementation Policy You must configure SNMP, syslog, and IP SLA in your network. The following list details preparation and configuration requirements forall switches in the company network. Your configuration must implement all requirements: = Configure switehes ASWI, DSW1, CSW1, and router RI to send syslog information to client CLT1 = Configure swite client CLT2. es ASW2, DSW2, CSW2, and router R2 to send syslog information to On all switches and routers, configure the level of syslog messages to be informational Configure switches ASW1, DSW1, CSW1, and router RI to send SNMP traps to client CLT! = Configure switches ASW2, DSW2, CSW2 and router R2 to send SNMP traps to client CLT2, = Configure your switches to send relevant server information concerning configuration changes, VLAN membership, and interface status that has been changed to error-disable to the SNMP server. Configure your routers to send relevant server information on configuration changes to the SNMP server. In both cases you should use the default SNMP version with Read-only community = Configure IP SLA on switehes ASW1, ASW2, CSW1, and CSW2. Configure ICMP probes for the IP SLA between switches ASW1 aid CSWI. Switch ASW1 should probe switch CSW, and CSW1 should probe switch ASW = Configure ICMP probes for the IP SLA between switches ASW2 and CSW2, Switeh ASW? should probe switch CSW2, and switch CSW2 should probe switch ASW2. m= Execute the verification plan to ensure IP conne ily 228 Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neDevice Information The table provides information about SNMP, syslog, and IP SLA: Device Name |Sendto | Syslog | Sendto |SNMP | IP SLATo Syslog? | Server |SNMP | Server | Switch Server? Ast Yes cut Yes cum cst ASW2 Yes cim2 [Yes cLT2 csw2_ osw1 Yes cut Yes cut = Dsw2_ Yes ciT2 [Yes cLT2 = csi Yes cut Yes cut ASW csw2_ Yes cim2 [Yes cura [asw2 Rt Yes cut Yes cut = R2 Yes cim2 [Yes cuT2 - Visual Objective The figure illustrates what you will ymplish in this activity Visual Objective for Lab 5-1: Implement High Availability and Reporting in a Network Design (© 2009 Cisco Systems. Ine LebGuide 229Command List The ‘Command, ible describes the commands that are used in this activity, Description access-list access-list-number {deny I permit} source [source- wildcard} I you specified an IP standard acoess list number in the previous step, then create the list, repealing the command as many times a8 necessary. = For access-list-number, enter the access list number specified in previous step, = Thedenykeyword denies act matched. The permit keyword permits access if the conditions are matched = Forsource, enter the IP address of the SNMP managers that are permitted to use the community string to gain access to the agent. (Optional) For source-wildcard. enter the wildcard bits in dotted decimal notation to be applied to the source. Place ‘ones in the bit positions that you want to ignore, frequency seconds (Optional) Set the rate at which @ speci IP SLA operation Fepeats. The range is from 1 to 604800 seconds, the default is 60 seconds, iemp-echo (destination jp-address | destination-hostname} [source-ip {p- address | hostname} | source- interface interface-id} ‘Configure the IP SLA operation as an ICMP echo operation and enter ICMP echo configuration mode. destination jp-address | destination-hostname—Specify the destination IP address or hostname. (Optional) source-ip {p-address | hosiname)—Speciy the source IP address or hosiname. When a source IP address. or hostname is not specified, IP SLAs choose the IP ‘address nearest to the destination, ‘= (Optional) source-interface interface-id-Specily the ssouroe interface for the operation. 230 Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neCommand ip sla monitor schedule opevation- ‘number life {forever | seconds)] [start-time fahimm ['ss] month day | dy mont i ending now after ‘mm:ss] jageout seconds} [recurring] ‘Configure the scheduling parameters for an individual IP SLA operation. = operation-number—Enter the Cisco IOS IP SLA entry number. = (Optional tife—Set the operation to run indefinitely (forever ofr a speci numberof seconds. The range is fom 0 0 2147483647. The defaults 3600 seconds (1 our) = (Optional) start-time—Enter the time for the operation to begin collecting information: — To-start at a specific time, enter the hour, minute, second (in 24-hour notation), and day of the month. If no month is entered, the defaultis the current month. — Enter pendingto select no information collection until, a start time is selected — Enter now/o start the operation immediately. — Enter after hh:mm:ss'o show that the operation should start after the entered time has elapsed, 1 (Optional ageout seconds—Enter the numberof seconds to keep the operation in memory when itis not actively collecting information. The range is 0 to 2073600 seconds; the defaultis 0 seconds (never ages out). ‘© (Optional) recurring—Set the operation to automatically run every day. ip sla oporation-number ‘Create a IP SLA operation, and enter IP SLA configuration mode. ip sla responder {tep-connect | udp-echo} ipaddress jp-address port port-number Configure the switch as an IP SLA responder. ‘The optional keywords have these meanings: = tep-connect—Enable the responder for TCP connect operations. = udp-echo—Enable the responder for User Datagram Protocol (UDP) echo or jtter operations, = ipaddress ip-address—Enier the destination IP address. = port port-number—Enter the destination port number. Note The IP address and port number must match those Configured on the source device for the IP SLA operation, logging buffered [size] Log messages to an internal buffer on the switch. logging host Log messages to a UNIX syslog server host. For host, specify the name or IP address ofthe host to be used as the syslog server. (© 2009 Cisco Systems. Ine Lab Guide 231‘Command, Description line [console | vty] line-number ending-line-numbe!} ‘Specify the line to be configured for synchronous logging of messages. Use the console keyword for configurations that occur through the switch console port. ‘= Use the line vty line-number command to specify which vay lines are to have synchronous logging enabled, You Use a vy connection for configurations that occur through a Telnet session, The range of line numbers is from 0 to 15 logging synchronous [level Bseverily-lovel | all) | limit rumber-of- butfors} ‘= Enable synchronous logging of messages, (Optional) For level soveritJovel, specify the message severly level. Messages witha seventy level equal © or Figher than tis valve are printed asynchronously. Low numbers mean greater severly and igh numbers mean lesser severity. The defaults 2 = (Optional) Specifying evel alfmeans that all messages are printed asynchronously regardless of the severity level. (Optional) Fortimit ember oF butters spect the number of buffers to be queued for the terminal after which new messages are dropped. The range is 0 to 2147483647 The defaultis 20, no logging console Disable message logging, ‘show ip sla responder Verify the IP SLA responder configuration on the device, ‘show ip sla statistics Displays information about the IP SLA tests, ‘show ip sla configuration [operation-number} (Optional) Display configuration values, including all defaults for all iP SLA operations or a specified operation. ‘show snmp Displays SNMP statistics, ‘snmp-server community string [view viow-name] fro | rw] faccess- Jist-number) Configure the community string = Forstring, specify a string that acts like @ password and emits access to the SNMP protocol. You can configure fone or more community strings of any length, ‘= (Optional) For view, specify the view record accessible to the community = (Optional) Specify either read-only (Fo) if you want authorized management stations toretrieve MIB objects, or ‘specify read-writé (ew) if you want authorized management stations to retrieve and modify MIB objects. By default, the community string permits read-miy access to all objects. (Optional) For access-list-number enter an IP standard access list numbered from 1 to 99 and 1300 to 1999, ‘snmp-server enginelD focal ‘engineid-string | remote ip-address fudp-port port-number] engineid- string) Configure a name for either the local or remote copy of SNMP. The enginoid-stringis a 24-character ID string with the ame of the copy of SNMP. You need not specify the entire 24-character engine ID if ithas traling zeros. Specify only the portion of the engine ID up to the point where only zeros remain in the value. For example, to configure an engine 1D of 123400000000000000600000, you can enter this: snmp-server enginelD local 1234, ‘= Ifyou select remote, specify the ip-address of the device that contains the remote copy of SNMP and the optional User Datagram Protocol (UDP) port on the remote device, ‘The defaultis 162. 232 Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neCommand ‘snmp-server group groupnamo (v1 | v2c | v3 {auth | noauth | priv}} [read readview [write writevien] inotity notifyview] access access-list] ‘Configure a new SNMP group on the remote device = Forgroupname, specity the name of the group. = Specify a security modet — vis the least secure ofthe possible security models. — v2cis the second least secure model. It allows transmission of informs and integers twice the normal width. — v3, the most secure, requires you to select an authentication level = Auth—Enables the Message Digest 5 (MDS) and the ‘Secure Hash Algorithm (SHA) packet authentication. = Noauth—Enables the noAuthNoPriv security level. Ths is the default no keyword is specified ‘= PrivEnables Data Encryption Standard (DES) packet encryption (also called privacy) ‘© (Optional) Enter read readview with a string (not to exceed 64 characters) that is the name of the view in which you can only view the contents of the agent, = (Optional) Enter write vriteviow with a string (not to exceed 64 characters) that is the name of the view in which you enter data and configure the contents of the agent. © (Optional) Enter notify notifyviow with a string (not to exceed 64 characters) that is the name of the view in which ‘you specify a notify, inform, or trap. © (Optional) Enter access access-listwith a string (not to exceed 64 characters) that is the name of the access list. ‘snmp-server host host-addr [informs | traps] jversion (1 | 2c] 3 {auth | noauth | priv}}] community. String [nottication-type} ‘Specify the recipient of an SNMP trap operation. = Forhost-addr, specify the name or Intemet address of the host (the targeted recipient) 1» {Optional Enter informs to send SNMP informs tothe ost. ‘© (Optional) Enter traps (the default) to send SNMP traps to the host. = (Optional) Specify the SNMP version (1, 2c, or 3). 'SNMPvt does not suppor informs. © (Optional) For Version 3, select authentication level auth, ‘noauth, or p = For community-string, when version 4 or version 2cis, specified, enter the passwordiike community string sent with the notification operation. When version 3is specified, enter the SNMPV3 usemame. ‘© (Optional) For notitication-type, enter smp-server enable traps, ‘snmp-server enable traps notilication-typos Enable the switch to send traps or informs and specifies the type of notifications to be sent. (© 2009 Cisco Systems. Ine Lab Guide 233udp,jitter (destination-p-adaress | destination-hosiname} destination- port (source-ipip-address | hostname) (source-port port- ‘number {control {enable | disable}] [num-packets number-ot packets} [interval interpacket-intorval Description Configure the IP SLA operations a UDP jiter operation, and enter UDP jitter configuration mode. destination jp-address | destination-hostname—Specify the destination IP address or hostname. ‘= destination port—Specify the destination port number in the range from 1 to 65535. (Optional) source-ip fp-address | hostname}—Specify the source IP address or hosiname. When a source IP address. for hostname is not specified, IP SLAs choose the IP address nearest to the destination. (Optional) source-port port-number—Specity the source port number in the range from 1 to 65535, When a port umber is not specified, IP SLAs choose an available port. = Optional) control—Enable or disable sending of IP SLA Control messages to the IP SLA responder. By default, IP SLA control messages are sent to the destination device to establish a connection with the IP SLA responder. = (Optional) num-packets number-of packets—Enter the umber of packats to be generated. The range is 1 to 6000; the default is 10, ‘= (Optional) interval intor-packot-intervalEnter the interval between sending packets in miliseconds. The range is 1 to 6000; the default value is 20 ms. Job Aids These are the job aids for this lab activity: Value Locat Blank implementation requirements list Task 1 Blank implementation and verification plan form Task 2 Biank verification notes form Task 3 ‘Alternate resources and solutions form End ofthis lab Key commands and tools used form End of this tab Implementation requirements hints “Hints” section at the end of this lab Implementation and verification plan hints 'Hinis® section at the end of this lab ‘Solution configuration answer key (step-by-step procedure) Configuration section at the end of this lab 234 Imolementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neTask 1: Create an Implementation Requirements List for High Availability and Reporting Afier you have analyzed the information in the “Information Packet” section, your first task is to create alist where you will document the requirements for a successful implementation, Use the following table, the Visual Objective for this lab, and the “Implementation Policy” and “Device Information” sections to create your implementation requirements list. Ifyou are unsure, use the information provided in the “Hints” section atthe end of this lab. Device High-Level Task Information Source (© 2009 Cisco Systems. Ine Leb Guide 235Task 2: Create an Implementation and Verification Plan The second step in your configuration deployment is to create a task list that includes each item that must be configured on each device and in what order the items must be configured. The Implementation and Verification Plan is very important, because it enables you to ensure that all requirements are properly configured and in the correct order. The task will help you set up configuration checkpoints, Use the plan to determine how you will verify that each required item was effectively configured. You will move to the actual implementation in the next task. Use the following table and the “Information Packet” section to create the Implementation and Verification Plan. If you are unsure, use the information provided in the “Hints” section at the end of this lab Complete | Devi Implemen- | Values and Items to v tation Order Implement Expected Results 236 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neTask 3: Implement and Verify Now that you have all of the requirements and have planned the implementation, you are ready to connect to the remote lab and implement your solution, Do not forget to save. Once your solution is implemented, verify that your configuration is working and fulfills the requirements specified, Use the previous table to document the verifications you conducted to ensure that your solution is complete. However, if you need help, this section contains a series of hints to inelp you complete the lab (© 2009 Cisco Systems. Ine LebGuide 237Student Notes Use the following space to document the details that you think are important to remember 238 Imolementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, ne(© 2009 Cisco Systems. Ine LebGuide 239Alternate Resources and Solutions Other groups may use a solution that is different from yours. Possible solutions will be discussed during the debriefing period after the lab. For your reference, use the following space to document other possible solutions. 240 Imolementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, ne(© 2009 Cisco Systems. Ine Lab Guide 241Lab 5-1: Key Commands and Tools Used 242 Implementina Cisco Switched Networks (SWITCH) v1 0 (© 2009 Cisco Systems, neHints You are encouraged to complete the labs using your knowledge. However, if you need help, this seetion contains a series of hints to help you complete the lab. Lab 5-1 Hint Sheet: Implementing High Availability and Reporting in a Network Design Implementation Requirements To facilitate the configuration of your network, the first task asks you to create an Implementation Requirements list. The list details the elements needed to develop an implementation plan. The following is an example of such a list: Devic Implementation Requirements | Lab 5-1 Section Containing Hint List ‘All switches and routers | Syslog server Implementation Policy All switches and routers | SNMP Implementation Policy ‘ASW/ and CSW1 IP SLA Implementation Policy ‘ASW and CSW2 IP SLA Implementation Policy ‘All switches and routers | Verification Implementation Policy {© 2009 Cisco Systems. ne Lab Guide 243Device High-Level Task | Information Source Aswi Syslog server Visual Objective, Implementation Requirements List Aswi SNMP Visual Objective, Implementation Requirements List Aswi IP SLA Visual Objective, Implementation Requirements List ASW2 | Syslog server Visual Objective, Implementation Requirements List Asw2 | SNMP Visual Objective, Implementation Requirements List ASW IP SLA Visual Objective, Implementation Requirements List si Syslog server Visual Objective, Implementation Requirements List swi SNMP Visual Objective, Implementation Requirements List Dsw2 __| Syslog server Visual Objective, Implementation Requirements List Dsw2 | SNMP Visual Objective, Implementation Requirements List cswi Syslog server Visual Objective, Implementation Requirements List cswi SNMP Visual Objective, Implementation Requirements List cswi IP SLA Visual Objective, Implementation Requirements List csw2__| Sysiog server Visual Objective, Implementation Requirements List csw2 [SNMP Visual Objective, Implementation Requirements List csw2 [IP SLA Visual Objective, Implementation Requirements List Rt Syslog server Visual Objective, Implementation Requirements List Rt ‘SNMP Visual Objective, Implementation Requirements List R2 Syslog server Visual Objective, Implementation Requirements List R2 ‘SNMP Visual Objective, Implementation Requirements List Implementation and Verification Plan In the Task 2, you will create an Implementation and Verification Plan, There are several possible correet solutions. One possible approach groups items that are common to all switches ina template and then applies the template toall switches. You can then configure each switch with items that are unique to each device. An example of the Implementation and Verification Plan follows. Complete | Device | Implementation | Values and Items to | Verification Method and v Order Implement Expected Results, asm | 4 logging on show logging aswt [2 logging 10.1:3.50 show logging aswt [3 logging traps show logging informational aswa [4 logging on ‘show logging swe | 5 logging 10.1.4.100 show logging swe | 6 logging traps. show logging informational ost |7 logging on show logging 244 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neComplete | Device | implementation | Values and items to | Verification Method and y Order Implement Expected Results oswi | 8 logging 10.1.3.50 show logging oswi | 9 logging traps show logging informational pswa | 10 logging on ‘show logging swe [11 logging 10.1.4.100 ‘show logging psw2 | 72 raps ‘show logging informational csi | 13 logging on show logging cswi | 14 logging 10.1.3.50 show logging csi | 15 logging traps show logging informational cswe | 16 logging on ‘show logging cswe | 17 logging 10.1.4.100 ‘show logging cswe | 18 k raps ‘show logging informational aswi | 19 snmp-server enable | show snmy traps erisable ° aswi | 20 snmp-server enable | show snmp traps config swt | 21 snmp-server enable | show snmp ‘raps vian-emembership swt | 23 ‘snmp-server show snmp community ciscor ro aswi | 24 snmp-server host show snmy {013.80 traps ciscor ° Aswe | 25 ‘snmp-server enable | show snmp traps errdisable Aswe | 26 ‘snmp-server enable | show snmp traps config aswa | 27 ‘snmp-server enable | show snmp traps vian-membership Aswe | 28 ‘snmp-server ‘show snmp Aswe | 29 ‘snmp-server host ‘show snmp 10.1.4.100 traps ciscor 30 snmp-server enable | show snmp pst traps errdisable 31 snmp-server enable | show snmp pst traps config 32 snmp-server enable | show snmy Dswi traps vansmembership ° 33 show snmp pst community ciscor ro {© 2009 Cisco Systems. ne Lab Guide 245Complete | Device | implementation | Values and items to | Verification Method and v Order Implement Expected Results 34 snmp-server host___| show snmp ost 40.13.50 traps ciscor 5 ‘Snmp-server enable | show snmp oswa traps orrdisable 36 ‘snmp-server enable | show snmp ae traps contig 37 ‘Snmp-sorver enable | show snmp ee traps vlan-mombership pswa | %° conmuntyicorre [fl nn 39 snmpserver host | show snmp oswa 40.1.4.100 traps ciscor 40 samp-server enable | show snmp cst traps orrdisable 4 snmp-server enable | show snmp cst traps config 42 snmp-server enable | show snmp cst traps vlan-membership eswt |* Sommunty ciscorro [vv enme 44 samp-sorver host | show snmp cst 40.13.50 traps ciscor 45 ‘Snmp-server enable | show samp esse traps orrdisable 46 snmp-server enable | show snmp csw2 traps contig a7 ‘snmp-sorver enable | show snmp csw2 traps vlan-mombership cswe | 48 ‘snmp-server show snmp community ciscor ro 49 Snmpserver host | show snmp eg 40.1.4.00 traps ciscor Ri | snmp-server enable | show samp traps contig st snmp-server show snmp Rt ‘community ciscor ro 2 samp-sorver host | show snmp Rt 40.13.50 traps ciscor a ‘snmp-server enable | show snmp R2 traps config wm |e ‘snmp-server show samp community eiscor ro 5 Snmp-sorver host | show snmp ge 40.1.4.100 traps ciscor aswi | 56 Ipslat show ip sla configur 246 Imolementina Cisco Switched Networks (SM ITCH) v1 0 (© 2009 Cisco Systems, neComplete | Device | implementation | Values and items to | Verification Method and y Order Implement Expected Results aswi | 97 lemp-echo 10.1.253.1 _| show ip sla configuration aswi | 58 ip sla schedule 1 life | show ip sla statistics, forever start-time now swe | 59 Ipsiat ‘show ip sla configuration Asw2 | 60 lemp-echo 10.1.253.7 _ | show ip sla configuration ‘Aswa | 61 ip sla schedule 1 life | show ip sla statistics forever start-time now cswi | 62 Ipsiat show ip sla configuration cswi | 63 lemp-echo 10.1.3.4 show ip sla configuration cswi | 64 ip sla schedule 1 life _| show ip sla statistics forever start-time now cswe | 65 Ipsiat ‘show ip sla configuration ceswa | 66 lemp-echo 10.142 | show ip sla configuration ceswa | 67 ip sla schedule 1 life | show ip sla statistics forever start-time now (© 2009 Cisco Systems. Ine Lab Guide 27Step-by-Step Procedure Complete these steps: wration mode: Step1 Connect to the ASWI switch interface in config Connect to the remote lab m Access the Switch console, m= Enter privilege mode, using the enable command. m= Enter configuration mode, using the configure terminal command, Stop2 Configure the syslog server on switch ASW1: Stop 3 Repeat Steps | and 2 on switches ASW2, DSW1, DSW2, CSWI, and CSW2, and on routers RL and R2. Verify the syslog server configuration; for example, on switch DSW: DsWitshow logging Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled) No Active Message Discriminator. No Inactive Message Discriminator. console Legging: disabled Monitor logging: level debugging, 0 messages logged, xml disabled, filtering disabled x logging: level debugging, 1022 messages logged, xml disabled, Filtering disabled Exception Logging: size (4096 bytes) Count and timestamp logging meseages: disabled File logging: disabled Persistent logging: disabled Trap logging: level informational, 1000 message lines logged p port 514, audit disabled, authentication disabled, encryption disabled, link up), 50 message lines log 0 message Lines rate-Limited, 0 message lines dropped-by-MD, xml disabled, sequence number disabled Filtering disabled Stop4 Configure SNMP on switch ASWI aswa ASW Bu! community ciscor ro host 10.1.3.50 traps ciscor ASW1 (config) # snmp-server enable traps errdisable ASW1 (config) snmp-server enable traps config ASW! (config) # snmp-server enable traps vian-nembership 248 Imolementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neStep Repeat Step 4 on switches ASW2, DSW1, DSW2, CSW1, and CSW2. On routers RI and R2, repeat Step 4 without errdisable and without vlan-membership. Verify the SNMP configuration; for example, on CSW1: CsWi#show samp Chassis: FDO1310x136 0 SNMP packets input 0 Bad SNMP version errora © Unknown community name © Tllegal operation for community name supplied 0 Encoding errors 0 Number of requested variables Q Number of altered variables ° 0 ° Get-request. PDUs Get-next PDUs Set-request PDUs Tnput queue packet drops (Maximum queue size 1000) 5 SNMP packets output 0 Too big errors (Maximum packet size 1500) No such name errors 0 Bad values errors 0 General ezzors 0 Response PDUs 5 Trap PDUs sui global trap: disabled SNMP logging: enabled Logging to 10.1.3.51.162, 0/10, 5 sent, 0 dropped sump agent enabled Step 6 Configure IP SLA on switch ASW1: ASW1 (config) # ip sla 1 ASW2 (conf ig-ip-sla) #icmp-echo 10.1.253.1 ASW1(config)# ip sla schedule 1 life forever start-time now Stop 7 Repeat Step 6 on switches CSW1, ASW2, and CSW2. Verify that the IP SLA test is running: Csiishow ip sla statistics Round Trip Time (RTT) for Index 1 Latest RIT: 2 ms Latest operation start time: *22:24:34.231 eastern Fri Mar 5 1993 Latest operation return code: OK Number of successes: 290 Number of failures: 0 Operation time to live: Forever (© 2009 Cisco Systems. Ine Lab Guide 249Lab 6-1: Implement and Tune HSRP Complete this lab activity to practice what you leamed in the related module.. Activity Objective The Cisco account manager for your company has become a friend of yours. Once, while having a friendly chat with him and an engineer from Cisco, the engineer mentioned the need for a network to have a redundaney mechanism implemented, You like the idea because you do not want to take unnecessary risks. You dig deep into the documentation and find out about the existence of a protocol called Hot Standby Router Protocol (HSRP). After an informal discussion with your IT manager, he tells you to proceed with the project, but asks you to demonstrate HSRP in a step-by-step manner so he can understand the various features and how it really works. As you leave him, you realizethe need to create a design, implementation plan, and perform the reconfiguration, Once the design is complete, you will connect to your remote lab to implement your solution. After completing this activity, you will be able to meet the objectives: m Design an HSRP solution m= Create an implementation requirements list m Create . step-by. step implementation and verification plan Implement and verify your solution 250 Imolementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neInformation Packet This section contains the information needed to accomplish in this activity, and describes the requirements common to all devices in the network, along with information specific to each device, Read the information carefully Implementation Policy You must configure HSRP in your network. The following list details preparation and configuration requirements for all switches in the company network. Your configuration must implement all these requirements: m= You must implement two HSRP solutions: one offering first-hop redundancy for client CLT1 in VLAN 3, and one offering first-hop redundancy for client CLT2 in VLAN 4. For both cases, switches DSW1 and DSW? will be the d Switch DSW1 will be the primary HSRP router on VLAN 3 and the secondary HSRP router on VLAN 4. Switch DSW2 will be the primary HSRP router on VLAN 4 and the secondary HSRP. router on VLAN 3, The primary HSRP on switch DSW1 will track interfaces Po31 and Po32. The loss of connectivity to these interfaces will decrement the priority of switch DSW1 by 30. ult gateways for the clients, The primary HSRP on switch DSW2 will track interfaces Po31 and Po32. The loss of connectivity to these interfaces will decrement the priority of switch DSW1 by 30. m= Preempt should be configured so that each Layer 3 switch tries to become primary whenever possible = In your implementation, proceed in the following order: — Start by implementing HSRP in both VLANs, without preempt, without tracking, and without priority. Test by shutting down the link to the primary HSRP router, then re-enabling the link, = One his has been tested, implement the preempt feature and test. — Once you have tested this, implement tracking and priority. (© 2009 Cisco Systems. Ine Leb Guide 251Device Information The table provides information about IP addresses: Device Name | HSRP | IP Address IP Address | HSRP IP Address. VLAN 3, VLAN 4 ASW No [— = = ASW2 No [— = = swt Yes | 10.1.3.3 101.43 10.1.3.4 sw2 Yes | 10.1.3.2 101.42 10.1.4.4 cswi No | = = csw2 No |— = = Ri No [— = = R2 No [— = = Visual Objective The figure illustrates what you will accomplish in this activity Visual Objective for Lab 6-1: Implement and Tune HSRP 252 _Imolementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neCommand List The table describes the commands that are used in this activity. ‘Command, Description ‘configure terminal Enters global configuration mode from privileged EXEC mode, interface interface-id Enters interface configuration mode, and enters the Layer 3 interface on which you want to enable HSRP. standby version {1 | 2) (Optional) Configures the HSRP version on the interface = 1. Select HSRPV1 a 2-Select HSRPV2, ‘standby [oroup-number ip [ip- address [secondary] (Creates (or enables) the HSRP group using its number and virtual IP address, = (Optional) group-number—The group number on the (Rita Wo thch HORE e bei obabod the Tange is to 255; the defaultis 0. If here is only one HSRP group, {YOU de nol need to enter a group number. ‘© (Optional on all but one interface) jp-address—The virtual IP address of the hot standby router interface. You must, enter the virtual IP address for at least one of the interfaces, it can be leamed on the olher interfaces. ‘= (Optional) secondary—The IP address is a secondary hot standby router interface. I neither router is designated as a secondary or standby router and no priorities are set, the primary IP addresses are compared and the higher IP ‘address is the active router, with the next highest as the standby router. ‘standby [group-number| priority | Sets a priority value used in choosing the active router. The priority [preempt[delay dolayj} range is 1 1 255; the default piority is 100. The highest number represents the highest priority 18 Optional) roup-number—The group number to which the command applies. 1 {Optional preempt Selec o that when the ocalrouter has a higher prionty than the active router, it assumes control as the active router. = (Optional) delay—Set to cause the local router to postpone taking over the active role for the shown number of seconds. The range is 0 to 3600 (7 hour): the default is 0 (no delay before taking over) ‘standby lgroup-number] track type | Configures an interface to track other interfaces so that if one of| ‘umber tinterface-priority the other interfaces goes down, te device's hot standby priority is lowered, ‘= (Optional) group-number—The group number to which the command applies. = type—Enier the interface type (combined with the interface number) that is tracked, = number—Enter the interface number (combined with the interface type) that is tracked, = (Optional) interface-priority—Enter the amount by which the hot standby priority for the router is decremented or incremented when the interface goes down or comes back up. The default value is 10. show standby [interface-id {group} Verify the configuration. (© 2009 Cisco Systems. Ine Lab Guide 253wre the job aids for this lab activity: Value Location Blank implementation requirements list Task 1 Blank implementation and verification plan form Task 2 Blank verification notes form Task 3 ‘Altemate resources and solutions form End of this tab Key command and tools used form End of this lab Implementation requirements hints “Hints” section atthe end of this lab Implementation and verification plan hints ‘Hints’ section at the end ofthis lab Solution configuration answer key (step-by-step Configuration section at the end of this procedure) lab 254 Imolementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neTask 1: Create an Implementation Requirements List for HSRP Configuration Afier you have analyzed the information in the “Information Packet” section, your first task is to create alist where you will document the requirements for a successful implementation, Use the following table, the Visual Objective at the beginning of this lab, and the “Implementation Policy” and “Device Information” sections to create your implementation requirements list. If you are unsure, use the information provided inthe “Hints” section at the end of this lab. Device High-Level Task Information Source (© 2009 Cisco Systems. Ine Lab Guide 255Task 2: Create an Implementation and Verification Plan The second step in your configuration deployment is to create a task list that includes each item that must be configured on each device and in what order the items must be configured. The Implementation and Verification Plan is very important, because it enables you to ensure that all requirements are properly configured and in the correct order. The task will help you set up configuration checkpoints, Use the plan to determine how you will verify that each required item was effectively configured. You will move to the actual implementation in the next task. Use the following table and the “Information Packet” section to create the Implementation and Verification Plan. If you are unsure, use the information provided in the “Hints” section at the end of this lab Complete | Device | implemen | Values and Items to Verification Method and q tation | Implement Expected Results Order 256 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neTask 3: Implement and Verify Now that you have all of the requirements and have planned the implementation, you are ready to connect to the remote lab and implement your solution, Do not forget to save. During your implementation, do not forget to follow the implementation order in the “Information Packet” section: m= Start by implementing HSRP in both VLANs, without preempt, without tracking, and without priority. Test by shutting down the link to the primary HSRP router, then re- enabling the link, Once you have tested this, implement the preempt feature and test Once you have tested this, implement tracking and priority, Once your solution is implemented, verify that your configuration is working and fulfills the requirements specified. Use the previous table fo document the verifications you conducted to censure that your solution is complete. If you are unsure about the verification steps, use the information provided in the “Hints” section at the end ofthis lab. (© 2009 Cisco Systems. Ine LebGuide 257Student Notes Use the following space to document the details that you think are important to remember 258 Imolementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, ne(© 2009 Cisco Systems. Ine Lab Guide 258Alternate Resources and Solutions Other groups may use a solution that is different from yours. Possible solutions will be discussed during the debriefing period after the lab. For your reference, use the following space to document other possible solutions. 260 Imolementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, ne(© 2009 Cisco Systems. Ine Lab Guide 261Lab 6-1: Key Commands and Tools Used 262 Imolementina Cisco Switched Networks (SWITCH) v1 0 (© 2009 Cisco Systems, neHints You are encouraged to complete the labs using your knowledge. However, if you need help, this seetion contains a series of hints to help you complete the lab. Lab 6-1 Hint Sheet: Implement and Tune HSRP This solution provides the final configuration with preempt, priority, and tracking. Implementation Requirements To facilitate the configuration of your network, the first task asks you to create an Implementation Requirements list. The list details the elements needed to develop an implementation plan. The following is an example of such a list: De Implementation Requirements List Lab 6-1 Section Containing Hint oswi | HSRP. Implementation Policy swe | HSRP. Implementation Policy High-Level Task Information Source swt HSRP on VLAN 3 and VLAN 4, primary on VLAN 3 and secondary on VLAN 4 Visual Objective, Implementation Requirements List swe HSRP on VLAN 3 and VLAN 4, primary on VLAN 4 and secondary on VLAN 3 Visual Objective, Implementation Requirements List (© 2009 Cisco Systems. Ine Lab Guide 263Implementation and Verification Plan In Task 3, you create an Implementation and Verification Plan. There are several possible correct solutions. One possible approach groups items that are common to all switches in a template and then applies the template to all switches. For this lab, the template could contain the following items: Complete | Device | Implementa- | Values and tems to | Verification Method and v tion Order Implement Expected Results oswi_ [4 interface vian 3 pew |2 ipaddross 104.33 | show interface van 3 oswi_|3 Standby 3 ip 10.4.3. oswi_ [4 standby 3 priority 120 oswi_ [5 ‘standby 3 proompt pew |8 channels 90 oswi [7 ‘standby 3 track Port- | show standby channel 30 oswi_|8 interface vian 4 oswi | 9 ipaddress 10.1.4.3 | show interface vian 4 155.255.255.0 pswi_| 10 standby 4 ip 10.4.1 oswi_| 11 ‘standby 4 preempt __| show standby psw2 | 12 interface vian 3 psw2_| 13 Standby 3 ip 10.4.3.1 psw2 | 14 ‘standby3 preempt | show standby psw2_| 15 interface vian 4 psw2_| 16 standby osw2_| 17 standby 4 psw2 | 18 ‘standby 4 proompt oswe |"? send Por pew |20 Standby deck Port | show standby Step-by-Step Procedure Complete th st Stop 1 Connect to the switeh DSW! switch interface in configuration mode Connect to the remote lab Access the Switch console. m= Enter privilege mode, using the enable command. m= Enter configuration mode, using the configure terminal command, 264 Imolementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neStep 2 Step 3 Step 4 Step 5 Step 6 Step 7 Configure HSRP on VLAN 3 on switch DSW1. pswi (config) # interface Vian3 siti (config-if)# ip address 10.1.3.3 255.255.255.0 sii (config-if)# standby 3 ip 10.1.3.1 Siti (config-if)# standby 3 priority 120 Siti (config-if)# standby 3 preempt sii (config-if)# standby 3 track Port-channel31 30 sii (config-if)# standby 3 track Port-channel32 30 Configure HSRP on VLAN 4 on switch DSW1: DSWi (config) # interface Viand sii (config-if)# ip address 10.1.4.3 255.255.255.0 sili (config-if)# standby 4 ip 10.1.4.1 DSi (config-if)# atandby 4 preempt Repeat Step 1 on switch DSW2. Configure HSRP on VLAN 3 on switch DSW2: psw2 (config) # interface Vian3 Dsw2(config-if)# standby 3 ip 10.1.3.1 Dsi2(config-if)# standby 3 preempt Configure HSRP on VLAN 4 on switch DSW2: psw2 (config) # interface Viand Dsi2(config-if)# standby 4 ip 10.1.4.1 Dsi2(config-if)# standby 4 priority 120 Dsi2(config-if)# etendby 4 preempe Dsii2(config-if)# standby 4 track Port-channel31 30 Ds#2(config-if)# standby 4 track Port-channel32 30 Verify HSRP configuration and priorities, for example on switch DSW1: DSWi#show standby Vian63 - Group 63 State is Active Virtual IP address ie 10.1.63.254 Active virtual MAC address is 0000.0c07.ac3 Local virtual MAC address is 0000.0c07.ac3£ (v1 default) Hello time 3 sec, hold time 10 sec Next hello sent in 1.664 secs Preemption enabled Active router is local Standby router is 10.1.63.2, priority 90 (expires in 11.200 sec) Priority 120 (c 120) Track interta jannel31 state Track interfa janne132 state Group name is "nsrp-V163-63" (default) Vlan64 - Group 64 State is stancby Virtual IP address ie 10.1.64.254 Active virtual MAC address is 0000.0c07.act0 Local virtual MAC address is 0000.0c07.ac40 (v1 default) Hello time 3 sec, hold time 10 sec Next hello sent in 0.688 secs Preemption enabled Active router is 10.1.64.1, priority 120 (expires in 9.232 sec) Standby router is local Priority 90 (configured 90) up name is "herp-V16q-64" decrement 30 Gecrenent 30 fault) (© 2009 Cisco Systems. Ine Lab Guide 265,Lab 6-2: Implementing VRRP Complete this lab activity to practice what you leamed in the related module.. Activity Objective In the previous labs, you designed and implemented a redundant network for its core layer. As you analyze the network, you notice that the two routers in your aggregation layer are not in a redundant mode of operation, which may lead to unexpected problems. To prevent any future connectivity issue, you decide to implement the Virtual Router Redundancy Protocol (VRRP), a standardized solution supported by your Cisco equipment, in your network. You have to prepare an implementation plan, make the needed configuration changes, and test according to a verification plan, After completing this activity, you will be able to meet these objectives: Design a VRRP solution Create an implementation requirements list Create a step-by-step implementation and verification plan Implement and verify your solution Information Packet This section contains the information needed to accomplish in this activity, and describes the requirements common to all devices in the network, along with information specific to each device, Read the information carefully Implementation Policy You must configure VRRP in your network. The following lists details preparation and configuration requirements for all switches in the company network. Your configuration must implement all these requirements: Use the IP addresses shown in the following “Device Information” section ™ Configure switch CSW1 so that its interfaces to routers R1 and R2 are set to access mode in VLAN 10, ™ Configure switch CSW2 so that its interfaces to routers R1 and R2 are set to a in VLAN 20, On switch CSW1, create a switeh virtual interface (SVI) for VLAN 10. On switch CSW2, create an SVI for VLAN 20. Router RI interface Fa0/0 will be in VRRP group 1 and Fa0/I will be in VRRP group 2. Router R2 interface Fa0/0 will be in VRRP group 2 and Fa0/1 will be in VRRP group ss mode Router R1 will be the master on group 1 and the backup on group 2. Router R2 will be the master on group 2 and the backup on group 1 268 Imolementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neDevice Information The table provides information about IP addresses, All masks are Device | IP Address | IP Address | IP Address | VRRP IP IP Address VRRP IP Name | VLAN 10 /VLAN20 | Fa0i0 ‘Address Faolt ‘Address Fa0io Faglt asm [- : : : : asw2_[- : : : : pswi_|- : : : : psw2_|- : - : : eswi_ | 10.1.253.25 | - : : : esw2_|- 10.1.253.33 | - : : Rt : : 10..253.27 | 10.1.25330 | 10.1.253.36 | 10.1.259.34 R2 : : 10,253.35 | 10.1.25334 | 10.1.253.26 | 10.1.258.30 Visual Objective The figure illustrates what you will accomplish in this activity Visual Objective for Lab 6-2: Implement VRRP (© 2009 Cisco Systems. Ine Lab Guide 267Command List The table deseril the commands that are used in this activity. ‘Command, Description ‘configure terminal Enters global configuration mode from privileged EXEC mode. interface typo number Enters interface configuration mode. ip address jp-address mask Configures an IP address for an interface. \verp group ip ip-address [secondary] Enables VRRP on an interface. ‘After you identify @ primary IP address, you can use the vrrp ip command again with the secondary keyword to indicate additional IP addresses supported by this group, ‘Assigns a text description to the VRRP group. ‘Sets the priority level of the router within a VRRP group. verp group preempt [delay minimum seconds} Configures the router to take over as virtual router master for a VRRP group if thas a higher piorty than the current virtual router master. ‘= The default delay period is 0 seconds. The router that is the IP address owner will preempt, regardless of the setting ofthis command, ‘rrp group timers advertise msec] interval Configures the interval between successive advertisements by the virtual router master in a VRRP group. ‘= The unit ofthe interval isin seconds unless themsec. keyword is specified. The default interval value is 1 second. verp group timers learn Configures the router, when itis acting as virtual router backup fora VRRP group, to leam the advertisement interval used by the virual router master. Job Aids These are the job aids for this lab activity: Value Loc Blank implementation requirements list Task 1 Blank implementation and verification plan form Task 2 Blank verification notes form Task 3 Alternate resources and solutions form End of this lab Key Commands and fools used form End ofthis lab Implementation requirements hints “Hints” section at the end of this lab Implementation and verification plan it ints Hints” section at the end of this lab ‘Solution configuration answer key (step-by-step procedure) Configuration section at the end of this lab Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neTask 1: Create an Implementation Requirements List for VRRP Configuration Afier you have analyzed the information in the “Information Packet” section, your first task is to create alist where you will document the requirements for a successful implementation, Use the following table, the Visual Objective for this lab, and the “Implementation Policy” and “Device Information” sections to create your implementation requirement list. If you are unsure, use the information provided in the “Hints” section at the end of this lab. De High vel Task (© 2009 Cisco Systems. Ine Lab Guide 269Task 2: Create an Implementation and Verification Plan The second step in your configuration deployment is to create a task list that includes each item that must be configured on each device and in what order the items must be configured. The Implementation and Verification Plan is very important, because it enables you to ensure that all requirements are properly configured and in the correct order. The task will help you set up configuration checkpoints, Use the plan to determine how you will verify that each required item was effectively configured. You will move to the actual implementation in the next task. Use the following table and the “Information Packet” section to create the Implementation and Verification Plan. If you are unsure, use the information provided in the “Hints” section at the end of this lab Complete | Device | implemen | Values and Items to implement | Verification Method and Expected y -tation Results Order 270 Imolementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neTask 3: Implement and Verify Now that you have all of the requirements and have planned the implementation, you are ready to connect to the remote lab and implement your solution, Do not forget to save. Once your solution is implemented, verify that your configuration is working and fulfills the requirements specified, Use the previous table to document the verifications you conducted to ensure that your solution is complete, If you are unsure about the verification steps, use the information provided in the “Hints” section at the end of this lab. (© 2009 Cisco Systems. Ine Leb Guide 271Student Notes Use the following space to document the details that you think are important to remember 272 __Implementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, ne(© 2009 Cisco Systems. Ine Leb Guide 273Alternate Resources and Solutions Other groups may use a solution that is different from yours. Possible solutions will be discussed during the debriefing period after the lab. For your reference, use the following space to document other possible solutions. 274 implementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, ne(© 2009 Cisco Systems. Ine LabGuide 275Lab 6-2: Key Commands and Tools Used 276 Imolementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neHints You are encouraged to complete the labs using your knowledge. However, if you need help, this seetion contains a series of hints to help you complete the lab. Lab 6-2 Hint Sheet: Implementing VRRP Implementation Requirements To facilitate the configuration of your network, the first task asks you to create an Implementation Requirements list. The list details the elements needed to develop an implementation plan. The following is an example of such a list: Implementation Requirements List| Lab 6-2 Section Containing Hint ‘Access ports Implementation Pot sv Implementation Pol ‘Access ports Implementation Policy svi Implementation Pol Rt ‘VRRP Implementation Policy R2 ‘VRRP Implementation Policy Device | High-Level Task Information Source est | Access ports Visual Objective, Implementation Requirements List csi [svi Visual Objective, Implementation Requirements List ‘esw2 | Access ports Visual Objective, Implementation Requirements List csw2 | sv Visual Objective, Implementation Requirements list Rt [VRRP Visual Objective, Implementation Requirements ist R2 | VRRP Visual Objective, Implementation Requirements List (© 2009 Cisco Systems. Ine Lab Guide eaImplementation and Verification Plan In Task 2, you create an Implementation and Verification Plan. There are several possible correct solutions. One possible approach groups items that are common to all switches in a template and then applies the template to all switches. For this lab, the template could contain the following items Complete | Device | implemen | Values and items to Implement Verification y tation Method and Order Expected Results swt [4 interface range FastEthernet0/1 1-12 csi [2 switchport osm [3 switchport mode access cami [4 switehport access viant0 show vlan osm [5 interface Viant0 cow [6 ip address 10.1.258.25 255.255.255.248 | show interface cswa [7 interface range FastEthernet0/1 1-12 cswe [8 switehport cswe [9 switchport mode access cswe | 10 switehport access vian20 show vlan cswe_ [14 interface Vian20 cswe | 2 in addrss 104259.39 256.285.255.248 | show intrface ee interface FastEthernet0/0 Ri [14 ip address 10.1.253.27 256.255.255.248 | show interface fa0/0 Ri 15 virp 1 ip 10.1.258.30 Ri 6 itp 1 priority 120 show verp Ri [a7 interface FastEthernet0H show interface Ri [78 ip address 10.1.253.96 255.255.255.248 Ri [19 verp 2 ip 10.4.253.34 show verp rR |2 interface FastEthernet0/0 show interface fa0/0 Ro | 24 ip address 10.1.253.35 255.255.255.248 R2 [25 virp 2 ip 10.1.258.34 2 [26 itp 2 priority 120 show verp Ro [27 interface FastEthernet0/t ro | ip address 10.1.253.26 255.255.255.248 _| show interface R2 [29 itp 2 ip 10..253.34 show verp 278 Imolementina Cisco Switched Networks (SM ITCH) v1 0 (© 2009 Cisco Systems, neStep-by-Step Procedure Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Complete these steps: Connect to the switch CSW1 switch interface in configuration mode: Connect to the remote lab. m Access the Switch console, Enter privilege mode, using the enable command. m= Enter configuration mode, using the configure terminal command. Configure access ports on switch CSW1: csi (config) # interface range FastBthernet0/11 - 12 Csi (conf ig-if)# switehport CSW (conf ig-it)# switchport mode access CSWi (conf ig-it)# switehport access vlan 10 Configure SVI on switch CSW1: csi (conf ig)# interface Vianl0 CsWi (conf ig-if)# dp address 10.1.253.25 255.255.255.248 Repeat Steps from 1 to 3 on switch CSW2. Configure VRRP on Fa0/0 on router RI: Ri (config)# interface Fastzthernet0/0 Ri(config-if)# ip address 10.1.253.27 255.255.255.248 Ri(config-if)¥ verp 1 ip 10,1.253.30 Ri(config-if)¥ verp 1 priority 120 Configure VRRP on Fa0/1 on router RI: Ri(config)# interface Fastzthernet0/1 Ri(config-it)# ip address 10.1.253.36 255.255.255.248 Ri(config-if)# verp 2 ip 10.1.253.34 Repeat Steps 5 and 6 on router R2. Verify VRRP configuration and priorities; for example, on R2: Raishow verp FastEtherneto/0 - state is Master Virtual IP address is 10.1.253.34 rtual MAC address is 0000.5e00.0102 sup 2 Priority ie 120 Master Router is 10.1.253.35 (local), priority is 120 Master Advertisement interval is 1.000 sec Master Down interval is 3.414 sec FagtEtherneto/1 - State is Backup Virtual IP address ie 10.1.253.30 Virtual MAC address is 000.520.0101 Advertisement interval is 1,000 sec Preemption enabled Priority is 100 Master Router is 10.1.253.27, priority ie 120 Master Advertisement interval ie 1.000 sec Master Down interval is 3.414 sec up 1 (© 2009 Cisco Systems. Ine LebGuide 279Lab 7-1: Secure Network Switches to M igate Security Attacks Complete this lab activity to practice what you leamed in the related module, Activity Objective In a meeting with the IT manager, you discussed the current status of the corporate network and its future development. You have agreed that you currently have a very good network infrastructure, but you lack mechanisms to protect your client PCs. You agreed to analyze the security needs and risks for your network. Asa first step, you must implement the required set of port-based security measures, The second important step is to manage the network traffic with VLAN access lists. Afier you have taken care of end-user security, you think of how to protect the operation of your Spanning Tree Protocol (STP). When protected, the STP is a stable operation, reducing the risks of unwanted topology changes. As you analyzed the coxporate network and its services, you find that one of the major services running isthe DINCP service. As all the end users rely on DHCP to acquire IP addresses and network decide to secure the DHCP service operation in your network. You must also guard against possible ARP table exploits Afier completing this activity, you will be able to meet these objectives: Perform a baseline assessment of network switch security settings Identify possible threats, points of attack, and vulnerability points in the network Write an implementation plan to implement security measures on network switches Write a plan to test and verify security threat mitigation measures for VLANs Configure port security and other switch security features ‘Configure a VLAN access control list (VACL) Verify the correct implementation of security measures Document the switch and VLAN security plan, settings, operations, and maintenance 280 Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neInformation Packet This section contains the information needed to accomplish in this activity, and describes the requirements common to all devices in the network, along with information specific to each device, Read the information carefully Implementation Policy You must configure security in your network. The following list details the preparation and configuration requirements for all switches in the company network. Your configuration must implement all these requirements: Port security should be configured on switches ASW1 and ASW? ports to client PC ports (Go clients CLT! and CLT2, respectively). Port security should be configured to limit the maximum MAC addresses on a port to 1 Port security on switches ASW and ASW2 should dynamically learn the MAC address. Violation should set the port to error-disable and send a trap, ‘On both ASW switches, set LoopGuard to be enabled by default Use VACLs on switches DSW1 and DSW2 to ban clients PC1 and PC2 from performing Telnet sessions to any destination, but permit any other traffic. Configure the root bridge to prevent other switches from becoming the root Globally protect the access ports on all switches from receiving bridge protocol data units (BPDUs) by using BPDUGuard Protect the alternate and root ports from becoming designated Protect the DHCP service with DHCP snooping on the ASW switches. Protect ARP with ARP snooping on switches DSW1 and DSW?. (© 2009 Cisco Systems. Ine Leb Guide 281Visual Objective Command The figure illustrates what you will accomplish in this activity Visual Objective for Lab 7-1: Secure Network Switches to Mitigate Security Attacks sw cw on deat ace I ot sre sea t The table describes the commands that are used in this activity. ‘Command Description ‘configure terminal Enters global configuration mode from privileged EXEC mode. access-list access-lst-number{deny | Defines a standard IPv4 access list by using @ source address k per ‘source source-wildcard) | and wildcard. The access-list-numberis a decimal number from 4 to 99 or 1300 to 1999) Enterdeny or permit to specify whether to deny or permit access if conditions are matched, ‘The sourceis the source address of the network or host from the packet is being sent specified as: The 32-bit quantity in dotied-cecimal format. The keyword anyas an abbreviation for source and source-wildcard of 0.0.0.0 255.255.255.255. You do not need to enter a source-wildcard, = The keyword host as an abbreviation for source and source-wildcard of source 0.0.0.0. (Optional) The source-wildcard applies wildcard bits to the source, (Optional) Enter log to cause an informational logging message about the packet that matches the entry to be sent to the console. Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, ne‘Command, access-list accass-list-number {deny | permit} protocol source source-wildcard destination destination-wildeard [precedence precedence) [tos fos] [fragments] [log] [log-input] [time- ange time-range-name] [dscp dscp] Defines an extended IPv4 access list and the access conditions. ‘Theaccess-list-tumberis a decimal number from 100 to 199 or 2000 to 2699, Enterdeny orpermit o specify whether to deny or permit access if conditions are matched, For protocol, enter the name or number of an IP protocol: ahp, eigrp, esp, gre, icmp, igmp, igrp, ip, Nos, ospt, Pep, pim, fep, or udp, or an integer in the range 0 to 255 Fepresenting an IP protocol number. To match any Intemet protocol (including ICMP, TCP, and UDP), use the keyword ip. The sourcois the numberof the network or host from which the packet is sent. ‘The source-wildcard applies wildcard bits to the source. Thedostinaionts the network or host number to which the packet is sent. ‘The destination-wildcard applies wildcard bits to the destination ‘Source, source-wildcard, destination, and destination-wikicard can be specified as: = The 32 i quantity in dotted-decimal format. 8 The keyword any for 0.0.0.0 255.255.256.255 (any host) The keyword host fora single host 0.0.0.0 ‘The other keywords are optional and have these meanings: 1 precedence Ener to match packets wih a precedence fevel specified as a number from 0 to 7 or by name: routine (0), priority (1), immediate (2), flash (3), flash-override (4) critical (5), internet (6), network (7). a fragments—Enter to check noninitial fragments. 1 tos_Enlerto match by ype of service level, specified by a Number from Oto 1S 0 name normal (0), maxcrelabiiy (2); maxcthroughput (4), min-delay (8). © log—Enter to create an informational logging message to be sent to the console about the packet that matches the entry or log-input to include the input interface inthe log entry, = time-range—Enter to define a time and date during which the access list is valid = _dscp—Enter to match packets with the DSCP value specified by a number from 0 to 63, oF use the question mark (2) to see a list of available values. ip access-list standardname Defines a standard IPv4 access list using a name, and enter ‘access-list configuration mode. ‘Thenamecan be a number from 1 to 99. deny {source [source-wildcard | host sourco| any} flog] or permit {source [source-wildcard] | host source | any} [log] In access-list configuration mode, specifies one or m conditions denied or permitted to decide ifthe packet is forwarded or dropped, (© 2009 Cisco Systems. Ine Lab Guide 283Command Description ip access-list extendednamo Defines an extended |Pv4 access list using a name; enter access-list configuration mode. ‘The name can be a number from 100 to 198. {deny | permit} protocol source source-wildcard destination destination-wildcard [precedence precodencd [tos tos] [fragments] [log] [log-input] [time- range timo-range-name] In access-list configuration mode, specifies the conditions allowed or denied. ip dhep snoo} a Enables DHCP snooping globally ip dhcp snooping vlan vian-range Enables DHCP snooping on a VLAN or range of VLANs. The range is 1 to 4094. (Optional) Configures the interface as trusted or untrusted. You can use the no keyword to configure an interface to receive messages from an untrusted client, The default setting is untrusted, ip arp inspection vlan vian-rango Enables dynamic ARP inspection on a per-VLAN basis. By default, dynamic ARP inspection is disabled on all VLANS. For vien-range, specify a single VLAN identified by VLAN ID umber, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma, The range is 1 10 4094 ‘Specify the same VLAN ID for both switches, ip arp inspection trust Configures the connection between the switches as trusted. By default, all interfaces are untrusted mac access-list extendedname Defines an extended MAC acoess list using a name. {deny | permit fany| host source MAC address| source MAC address ‘mash}fany [host destination MAC address | destination MAC address mask} type mask | Isap Isap mask | ‘aarp | amber | dec-spanning| decnet-iv| diagnostic | dsm | etype- 6000 | etype-8042| lat| lave-sca | mop-console| mop-dump | msdos | mumps | netbios | vines-echo Ivines-ip | xns In extended MAC access-list configuration mode, specify to permitor deny any source MAC address, a source MAC address with a mask, or a specific host source MAC address and any destination MAC address, destination MAC address with a mask, or a specific destination MAC address. (Optional) You can also enter these options: = {ype mask—An arbitrary EtherType number of a packet th Ethemet Il or SNAP encapsuiatio in decimal hexadecimal, or octal with an optional mask of do not care bits applied to the Etherype before testing for a match. ‘= Isap {sap mask—An LSAP number of a packet with IEEE 802.2 encapsulation in decimal, hexadecimal, oF octal with optional mask of do not care bits. ‘= aarp | amber | dec-spanning | decnet.v | diagnostic | dsm | etype-6000 | etype-8042 | lt | lave-sca | mop-console | rrop-dump | msdos | mumps | netbios | vines-echo |vines-ip | xns-idp—A non-IP protocol 1 coscos—An IEEE 802.1 cost-of service number from 0 'o 7 used to set priority. ‘Shows the access list configuration, ‘show ip dhep snooping Displays the DHCP snooping configuration for a switch. show ip dhep snooping binding Displays only the dynamically configured bindings in the DHCP. snooping binding database; also referred to as a binding table. 284 Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, ne‘Command, Desi show ip dhcp snooping database Displays the DHCP snooping binding database status and statistics, show ip dhcp snooping statistics Display the DHCP snooping statics in summary or deta form, ‘show ip arp inspection interfaces Verifies the dynamic ARP inspection configuration ‘show ip arp inspection vian vian- range Verifies the dynamic ARP inspection configuration ‘show ip arp inspection statistics vlan vlan-range ‘Checks the dynamic ARP inspection statistics, ‘show port-security Verifies your entre spanning-tree portfast bpduguard default Globally enables BPDUGuard, By default, BPOUGuard is disabled ‘spanning-tree guard root Enables RootGuard on the interface. By default, RootGuard is disabled on all interfaces, ‘spanning-tree loopguard default Enables LoopGuard By default, LoopGuard is disabled. ‘switchport port-securty [violation {protect| restrict| shutdown | shutdown vian}] (Optional) Sets the violation mode or the action to be taken when 2 security violation is detected, such as one ofthese: ‘= protect—When the number of port secure MAC addresses reaches the maximum limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses to ‘drop below the maximum value or increase the number of maximum allowable addresses. You are not notified that a secufity violation has occurred. = restrict_When the number of secure MAC addresses reaches the limit allowed on the port, packets with unknown, source addresses are dropped until you remove a sufficient ‘number of secure MAC addresses or increase the number ‘of maximum allowable addresses. An SNMP trap is sent, a syslog message is logged, and the violation counter, increments. = shutdown—The interface is error disabled when a violation ‘occurs, and the port LED tus off. An SNMP trap is sent, a syslog message is logged, and the violation counter, increments. = shutdown vian—Use to set the security violation mode per VLAN. In this mode, the VLAN is error disabled instead of the entire port when a violation occurs, (© 2009 Cisco Systems. Ine Lab Guide 285Command Description ‘switchport port-security fmac- address mac-address{vlan {vian-id| {access | voice)}) (Optional) Enters a secure MAG address for the interface, You can use this command to enter the maximum number of secure MAC addresses. If you configure fewer secure MAC addresses than the maximum, the remaining MAC addresses are dynamically leamed. (Optional) vian—set a per-VLAN maximum value. Enter one of these options atter you enter the vlan keyword: ‘= vlan-id—On a trunk port, you can specify the VLAN ID and the MAC address. If you do not specify a VLAN ID, the native VLAN is used mt access—On an access port, specify the VLAN as an ‘access VLAN, 1 voice—On an access por, specify the VLAN as a voice VLAN. ‘switchport port-security mac- address sticky (Optional) Enables sticky learning on the interface. ‘switchport port-security mac- address sticky [mac-address | vian {vian-id| {access | voice}}] (Opiona) Enters a sticky secure MAC adress, repeating the Command as many times as necessary. Ifyou configure fewer Segue MAC adresses than the maximum the remaining MAC addresses are dynamically leamed, are converted to sticky secure MAC addresses, and are added to the running configuration. (Optional) vian—set a per-VLAN maximum value Enter one of these options atter you enter the vlan keyword: ‘= Vian-id—On a trunk port, specify the VLAN ID and the MAC address. Ifyou do not specify @ VLAN ID, the native VLAN is used = access—On an access port, specify the VLAN as an access VLAN. | voice—On an access por, specify the VLAN as a voice VLAN. vlan access-mapname jnumbe| Creates a VLAN ma number. The number within the map. 1nd gives it aname and (optionally) a the sequence number of the entry action {drop | forward) (Optional) Sets the action for the map entry. The defaul forward, match {ip | mac} address {namo | ‘number (name | number] ‘Matches the packet (using either the IP or MAC address) against one or more standard or extended access lists. Note that packets are only matched against access lists of the correct protocol type. IP packets are matched against standard or ‘extended IP access lists. Non-IP packets are only matched against named MAC extended access lists vlan filter mapname vian- ‘Applies the VLAN map to one or more VLAN IDs. The list can be a single VLAN ID (22), a consecutive list (10 22), ora string of VLAN IDs (12, 22, 30). Spaces around the ‘comma and hyphen are optional 286 Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, nere the job aids for this lab activity: Location implementation requirements li Task 1 Blank implementation and verification plan | Task 2 form Biank verification notes form Task 3 ‘Altemate resources and solutions form End of this lab Key commands and tools used form End of this lab Implementation requirements hints “Hints” section atthe end of this lab Implementation and verification plan hints ‘Hints” section atthe end of this lab Solution configuration answer key (step-by- | Configuration section at the end of this lab step procedure) (© 2009 Cisco Systems. Ine LebGuide 287Task 1: Create an Implementation Requirements List for Security Configuration Afier you have analyzed the information in the Information Pack: ction, your first task is to create a list where you will document the requirements for a successful implementation, Use the following table, the Visual Objective for this lab, and the “Implementation Policy” and “Device Information” sections to create your implementation requirement list. If you are unsure, use the information provided in the “Hints” section atthe end of this lab. Device High-Level Task Information Source 268 Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neTask 2: Create an Implementation and Verification Plan The second step in your configuration deployment isto create a task lis that includes each item that must be configured on each device and in what order the items must be configured. The Implementation and Verification Plan is very important, because it enables you to ensure that all requirements are properly configured and in the correct order. The task will help you set up configuration checkpoints, Use the plan to determine how you will verify that each required item was effectively configured. You will move to the actual implementation in the next task. Use the following table and the “Information Packet” section to create the Implementation and Verification Plan. If you are unsure, use the information provided in the “Hints” section at the end of this lab. Complete | Device | Implementa- | Values and Items to Verification Method and v tion Order Implement Expected Results (© 2009 Cisco Systems. Ine Leb Guide 289Task 3: Implement and Verify Now that you have all of the requirements and have planned the implementation, you are ready to connect to the remote lab and implement your solution, Do not forget to save. Once your solution is implemented, verify that your configuration is working and fulfills the requirements specified, Use the previous table to document the verifications you conducted to ensure that your solution is complete. If you are unsure about the verification steps, use the information provided in the “Hints” section at the end of this lab. 290 Imolementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neStudent Notes Use the following space to document the details that you think are important to remember (© 2009 Cisco Systems. Ine Lab Guide 291282 —_Imolementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neAlternate Resources and Solutions Other groups may use a solution that is different from yours, Possible solutions will be discussed during the debriefing period after the lab. For your reference, use the following space to document other possible solutions. (© 2009 Cisco Systems. Ine Lab Guide 203,294 Imolementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neLab 7-1: Key Commands and Tools Used (© 2009 Cisco Systems. Ine Lab Guide 205Hints You are encouraged to complete the labs using your knowledge. If you need help, this section contains a series of hints to help you complete the lab, Lab 7-1 Hint Sheet: Secure Network Switches to Mitigate Security Attacks Implementation Requirements To facilitate the configuration of your network, the first task asks you to i an Implementation Requirements list. The list detals the elements needed to develop an implementation plan. The following is an ample of such a list: Device _| Implementation Requirements List Lab 7-4 Section Con ASW | Port security Inplementation Policy ASW | Port security Implementation Policy oswi | VACL Implementation Policy sw | VACL Implemeriation Policy DsWi | RootGuard Implementation Policy Dsw2 | RootGuard Implementation Policy ASW _| PortFast BPDUGuard Implementation Policy ‘ASW _ | PortFast BPDUGuard Implementation Policy Dswi | PortFast BPDUGuard Implementation Policy Dswe | PortFast BPDUGuard Implementation Policy ‘ASW | LoopGuard Implementation Policy ‘ASW2 | LoopGuard Implementation Policy DsWi | LoopGuare Implementation Policy DsW2__ | LoopGuare Implementation Policy ‘ASW | DHCP snooping Implementation Policy ‘ASW2__ | DHCP snooping Implementation Policy DSWi [ARP snooping Implementation Policy DsW2 | ARP snooping Implementation Policy 296 Imolementina Gisco Switched Networks (SWITCH) v1.0 {© 2009 Gisco Svstems. neDevice High-Level Task Information Source ‘ASW1 | Port security Visual Objective, Implementation Requirements list ‘ASW2 | Port security Vigual Objective, Implementation Requirements ist swt | VACL Visual Objecive, Implementation Requirements List psw2 | VACL Visual Objecive, Implementation Requirements list swt | RootGuard Visual Objective, Implementation Requirements ist Dsw2 | RootGuard Visual Objective, implementation Requirements List Aswi | PoriFast BPDUGuard Visual Objectve, Implementation Requirements ist ‘ASW2_ | PoriFast BPDUGuard Visual Objectve, Implementation Requirements ist Dswi__ | PortFast BPOUGuard Visual Objective, Implementation Requirements ist Dsw2 | PortFast 8PDUGuard Visual Objective, Implementation Requirements List ‘ASW1 | LoopGuard Visual Objective, Implementation Requirements st ‘ASW2 | LoopGuard Visual Objective, Implementation Requirements st swt | LoopGuard Visual Objective, Implementation Requirements list Dsw2 | LoopGuard ‘Visual Objective, implementation Requirements List ‘ASW1 | DHCP snooping Visual Objective, Implementation Requirements list ‘ASW2__| DHCP snooping Visual Objective, Implementation Requirements list Dsw1 | ARP snooping Visual Objective, Implementation Requirements list Dsw2 | ARP snooping Visual Objectve, Implementation Requirements List (© 2009 Cisco Systems. Ine Lab Guide 287Implementation and Verification Plan In this task, you cn the following items ie an Implementation and Verification Plan, There are several possible correct solutions. One possible approach groups items that are common to all switches in a template and then applies the template to all switches. For this lab, the template could contain Compete | Device implemen: | Values and items tolmploment ] Veifcaton Method 1 tation and Expocted Results Order asm 1 table nterace Fads ASW1 2 interface FastEthernet0/3 aswi_ [3 swtchport portsecurity now ba sxchpot pet seen aswi |s sulemeggesegray > Ine stare ASw2 | 6 interface FastEthernet0/3 asw2_[7 swtchport portsecurity wove |e [mttorgmmeessveme | Renee psw1 |9 ip access-list extended NOTEL pew [10 permit ep any any eq telnet show accosstst pswi [11 vlan access-map TEST 10 osm [12 action drop osm [8 rratch ip adress NOTEL pwi | 14 vlan aocoss-map TEST 20 pDswi 15 action forward Terps fo we Tee! swt | 16 Vian filter TEST viandlst 3-4 from client CLT and Sen nctwork pswe | 17 ip access-list extended NOTEL pew? [18 permit ep any any eq telnet show accosstst pew [18 vlan accoss-map TEST 10 psw2 | 20 faction drop Dsw2 | 21 match ip address NOTEL oswe |Z vlan aecoss-map TEST 20 Dsw2 | 23 action forward 298 Imolementina Cisco Switched Networks (SM ITCH) v1 0 (© 2009 Cisco Systems, neComplete Impleme Values and Items to Implement ve ication Method v tation and Expected Results Order ‘tempts to use Telnet from olant CLT? and pswe | 24 vian filter TEST vanlist 3-4 from cient CLT! and does not work Dswi | 25 interface range FastEthernet0/5-6 Dswi | 26 spanning-tree guard root osw2 [27 interface range FastEthernet0/5-6 Dsw2 | 28 spanningrtree guard root spanning-troe porifast bpduguard aswi | 29 spanni spanningtree porifast bpduguard asw2 | 30 spannin spanningtree porifast bpduguard dswi | 31 default spanningtree porifast bpduguard oswe | 32 spanni aswi | 38 spanning-tree loopguard default aw | 34 spanning-tree loopguard default Dewi [35 spanning-tree loopguard default Dsw2 | 36 spanning-tree loopguard default new [37 ip ahep snooping aswi | 38 ip dhep snooping vian 14094 Aswi | 39 interface range FastEthernet0/1-2 aswt | 40 Ip hep snooping trust show ip dep asw2 | at ip dhep snooping swe | 42 ip dhep snooping vian 1-4094 swe [a8 interface range FastEthernetO/t-2 ip dhep snooping trus show ip dhep asw2 | 44 ip dhep snooping trust snooping binding oswi [45 ip arp inspection vlan 1-4094 osw2 | 46 ip arp inspection vlan 1-4094 oswi [47 interface range FastEthernet0/S -7 show ip arp pswt | 48 ip arp inspection trust inspoction statistics vlan 3 Dsw2 | 49 interface range FastEthernet0/S -7 show ip arp osw2 | 50 ip arp inspection trust inspoction statistics vlan 4 (© 2009 Cisco Systems. Ine Lab Guide 299Step-by-Step Procedure Complete these steps: Stop1 Connect to the switch ASWI switch interface in configuration mode: Connect to the remote lab, m Access the Switch console, m= Enter privilege mode, using the enable command. m= Enter configuration mode, using the configure terminal command. Stop2 Configure port security on switch ASW1: ASWifisho mac address-table interface FastBthernet 0/3 ASW] (config) #interface FastEthernet0/3 ASW! (config-if)# switehport port-security ASW] (config-if)# switchport port-security mac-address sticky ASW1 (config-if)# switehport port-security violation restrict Stop3 Configure port security on switch ASW2: ASii2#sho mac address-table interface FastEthernet 0/2 ASN2 (config) #interface Faststhernet0/3 ASN2 (config-if]# switehport port-security ASN2 (config-if)# switehport port-security mac-address sticky ASN2 (config-if)# switchport port-security violation restrict ASN2 (config-if) # end ASH2H show port-security interface £0/3 Port Security Enabled Port Status Secure-up Violation Mode Restrict aging Time 10 mins Aging Type Inactivity Securestatic address Aging : Disabled Maximim MAC Addresses ? ‘Total HAC addresses, i Configured NAC Addresses : 0 Sticky NAC Addresses 1 Last Source Address:Vlan : 0050.5684.32ac:4 Security Violation Count : 0 Stop4 Configure VACL on switch DSW1: psi Ds config) #ip access-list extended NOTEL snfig-ext-nacl]# permit tcp any any eq telnet Ds#ll (config) vlan access-map TEST 10 DSW (conf ig-access-nap)# action drop DSM (conf ig-acc match ip address NOTEL Dsl (conf ig)#vlan filter TEST vian-list 3-4 sili (conf ig)# end DSH1# show access-lists Extended IP access list 100 0 permit tep any any eq telnet DSWi#show vlan access-map Vlan access-map "DROP" 10 Match clauses: p address: 100 Action! ‘drop Vlan access-map "DROP" 20 Match clauses: 300 Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neStep 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 Step 12 Action! forward Repeat Step 4 on switeh DSW2. Configure STP security on switch ASW1: ASW1 (config) # spanning-tree portfast bpduguard default ASW1 (config) # spanning-tree loopguard default Repeat step 6 on switches ASW2, DSW, and DSW2 Configure RootGuard on switch DSW1: sw (config) # interface Fastgthernet0/5 Sill (config-if)# spanning-tree guard root i Step 8 on switch DSW2. Repe Configure DHCP snooping on switch ASW1: ASW1 (config) # ip dhep snooping ASW1 (config) # ip dhep snooping vlan 1-4094 ASW (config)# interface range FastBthernet0/1 - 2 ASWI (config-if)# ip dhep snooping trust. ASWi#show ip dhcp snooping Switch DHCP encoping is enabled DHCP snooping is configured on follow 21-4094 DHCP snooping is operational on following VLANs: 1,4,11-12, 63-66 viaNe DC? snooping is configured on the following 13 Inte Insertion of option 82 is enabled circuit-id format; vlan-med-port remote-id format: MAC option 82 on untrusted port is not allowed Verification of hwaddr field ia enabled Verification of giaddr field is enabled DHCP snooping trust /rate is configured on the following Interfaces Interface Trusted Rate Limit (pps) FastEtherneto/ yes unlimited FastEtherneto/2 yes unlimited Repeat Step 10 on switch ASW2. Configure ARP inspection on switch DSW1: sW1 (config) # ip arp inspection vlan 1-4094 DSWi (config) # interface range FastSthernet0/5 - 7 DSii(config-it)# ip arp inspection trust DSWi#sho ip arp inspection Source Mac Validation Disabled Destination Mac Validation : Disabled IP Address Validation Disabled (© 2009 Cisco Systems. Ine Lab Guide 301Configuration Operation ACL Match Static ACL Enabled Active Enabled Inactive Enabled Rotive Enabled Rotive Enabled Inactive Enabled Inactive Enabled Inactive Enabled Inactive Enabled Inactive Enabled Inactive Enabled Active Enabled Active Vian Configuration Operation ACL Match Static ACL w-/= (long output onnited) Vian Dest MAC Failures IP Validation Failures Invalid Protocol Data 4088 0 0 0 4089 0 0 0 4030 0 0 0 4091 0 0 0 4092 0 0 0 4093 0 0 0 4094 0 0 0 Step 13. Repeat Step 12 on switch DSW2. 302 _Implementina Cisco Switched Networks (SWITCH) v1.0 (@ 2009 Cisco Systems, IneLab 8-1: Plan Implementation and Verification of VoIP in a Campus Network Complete this lab activity to practice what you leamed in the related module. Activity Objective You receive information from the IT managerthat a VoIP solution is expected to be implemented in the near future. Your task is to make the needed changes and prepare the network for the future project in such a way that it will work without interruption. An email from the voice consultant informs you that the voice part of the implementation will be externalized, A list ofthe planned voice equipment is attached to the voice consultant email Your assignment is to prepare the wired infrastructure for this addition. You will have to desig the voice VLANs, Cisco AutoQoS, DIICP, and high availability features to prepare the network. Your first task is to analyze the information and create a plan for the needed steps to prepare the network for the implementation of the voice solution Afier completing this activity, you will be able to meet these objectives: Gather information regarding the implementation of VoIP m= Prepare an implementation requirements list for VoIP readiness m= Prepare an implementation and verification plan . Implement and verify the VoIP readiness plan (© 2009 Cisco Systems. Ine Lab Guide 303Information Packet This section contains the information needed to accomplish in this activity, and describes the requirements common to all devices in the network, along with information specific to each device, Read the information carefully Implementation Policy You must integrate voice in your network. The following lists details preparation and configuration requirements for all switches in the company network. Your configuration must implement all these requirements: IP phones will be connected to switches ASW1 and ASW2. Refer to the “Device Information” table and configure each port accordingly m= For every switch port that connects an IP phone, you must allow a voice VLAN (VLAN 63 ‘on switeh ASW1 and VLAN 64 on switch ASW2) and a data VLAN (VLAN 3 on switch ASWI1 and VLAN 4 on switch ASW2). = Cisco Unified Communications Manager Express units will be connected to switches DSWI1 and DSW? as per the “Device Information” section information. The Cisco Unified Communications Manager Express unit on switch DSW1 must be in voice VLAN 63, and the Cisco Unified Communications Manager Express unit on switeh DSW2 must be in voice VLAN 64, m= HRP should be configured on switches DSW1 and DSW? for voice VLAN (VLAN 63 and VLAN 64), Switch DSW1 should be the primary gateway with a priority of 120, Both switches DSW and DSW2 should preempt, Bath switches DSW and DSW2 should track their links to switches CSWI and CSW2. Loss of connectivity to either core switch should decrease the priority by 30 = Switches DSW1 and DSW? should be DHCP servers for voice VLAN (VLAN 63 and VLAN 64), For each voice VLAN, switch DSWI will distribute addresses .50 to .99, and switch DSW? will distribute addresses .100 to .149. = You should configure option 150 in each DHCP scope and point VLAN 63 DHCP clients to the IP address ofthe first Cisco Unified Communications Manager Express and VLAN 64 DHCP clients to the IP address of the second Cisco Unified Communications Manager Express. Make sure that both Cisco Unified Communications Manager Express IP addresses are excluded from the DHCP scopes. Verify that routing is properly configured to allow communication between these various VLANs. You should configure Cisco AutoQoS on access ports to IP phones, trunk ports between switches, and access ports to Cisco Unified Communications Manager Express Class of service (CoS) values sent by IP phones and PCs connected to them should be trusted. m= Power adapters were ordered along with the phones. Some Power over Ethernet PoE) switches will be added to your network at a later date. Use the Task 2 section to make sure that you know how to plan and configure PoE to support IP phones where needed. 304 Implementing Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neDevice Information The table provides information about device locations: Device Role IP Address Network Location IP phone 1 IP phone DHCP assigned ‘ASW P4 IP phone 2 IP phone DHCP assigned ASW1 PS. IP phone 3 IP phone DHCP assigned ASW PA IP phone 4 IP phone DHCP assigned ASW2 PS. Cisco Unified | Cisco Unified 10.1.63.11/24 DSW1 Pé Communications | Communications Manager Manager Express Express 1 Cisco Unified | Cisco Unified 10.1.64,12/24 Dsw2 Pé Communications | Communications Manager, Manager Express Express 2 Visual Objective Visual Objective for Lab 8-1: Plan Implementation and Verification of VoIP in a Campus Network (© 2009 Cisco Systems. Ine Lab Guide 305Command List The table describes the commands that are used in this activity. Command, Description auto gos voip cisco-phone Enables AutoQoS on the port, and specifies that the port is| ‘connected to a Cisco IP phone. ‘The QoS labels of incoming packets are trusted only when the Cisco IP phone is detected, ‘auto gos voip trust Enables AutoQoS on the port, and specifies that the port is connected to a trusted router or switch. ‘edp enable Enables Cisco Discovery Protocol globally, By default, enabled. mis qos trust cos Configures the interface to classify incoming trafic packets by Using the packet CoS value. For untagged packets, the port default CoS value is used, terface fastethernet]| bitethernet slotiport Enters interface configuration mode for a Cisco Catalyst switch with a Fast Ethemet or Gigabit Ethernet interface installed, terface range fastethernet| abitethernet slotstarting_port - ‘ending_port ‘Selects a range of interfaces to configure. ip helper-address address Enables forwarding and specifies the destination address for forwarding UDP broadcast packets, including BOOTP. Tp dhep pool poolname ‘Creates a name for the DHCP server address pool and enters: BHCP pool configuration mode. ‘network ip-addrass [mask [/preti= length] ‘Specifies the IP address of the DHCP address pool to be: configured, ‘option 150 ip ip-adaress ‘Specifies the TFTP server address from which the Cisco Unified IP phone downloads the image configuration file This is the address of your Cisco Unified Communications Manager Express router. default-router ip-address (Optional) Specifies the router that the IP phones wil use to send or receive IP traffic that is extemal to their local subnet. lease {days [hours] minutes} nite} (Optional) Specifies the duration ofthe lease. = The defaultis a one-day lease. = Theinfinite keyword specifies that the duration of the lease is unlimited. 308 Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neCommand ‘switchport voice vlan {vian-id | dot1p| none | untagged)} ‘Configures how the Cisco IP Phone caries voice traffic = vian-id—Configure the phone to forward all voice trafic through the specified VLAN. By default, the Cisco IP phone. forwards the voice traffic with an IEEE 802.10 priority of 5. Valid VLAN IDs are 1 to 4094. = dottp—Configure the phone to use IEEE 802.1p priority tagging for voice trafic and to use the default native VLAN LAN 0) to cary all trafic, By default, the Cisco IP phone forwards the voice traffic with an IEEE 802. p priory of 5 = none—Allow the phone to use its own configuration to send untagged voice traffic, ‘= untagged—Configure the phone to send untagged voice traffic, ‘switehport priority extend {cos vaive | rust} ‘Sets the priority of data traffic received from the Cisco IP phone ‘access port: = cos value—Configure the phone to override the priority received from the PC or the attached device with the Specified CoS value, The value is a number from 0 to 7, with 7 as the highest priority. The default prionty is cos 0. = trust—Configure the phone access port to trust the priority received fromthe PC or the attached device. ‘show interfaces interface-id switchport Verify your entries. Job Is These are the job aids for this lab activity: Location iplementation requirements Task 1 plementation and verification plan form | Task 2 Blank verification notes form Task 3 ‘Alternate resources and solutions form End of this fab Key commands and tools used form End ofthis lab Implementation requirements hints “Hints” section at the end of this lab Implementation and verification plan hints 'Hinis® section at the end of this lab ‘Solution configuration answer key (step-by-step procedure) Configuration section at the end of this lab (© 2009 Cisco Systems. Ine Lab Guide 307Task 1: Create an Implementation Requirements List for VoIP Integration in the Campus Afier you have analyzed the information in the “Information Packet” section, your first task is to create alist where you will document the requirements for a successful implementation, Use the following table, the Visual Objective for this lab, and the “Implementation Policy” and “Device Information” sections to create your implementation requirements list If you are unsure, use the information provided in the “Hints” section atthe end of this lab. Device | High-Level Task Information Source 308 Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neTask 2: Create an Implementation and Verification Plan The second step in your configuration deployment isto create a task lis that includes each item that must be configured on each device and in what order the items must be configured. The Implementation and Verification Plan is very important, because it enables you to ensure that all requirements are properly configured and in the correct order. The task will help you set up configuration checkpoints, Use the plan to determine how you will verify that each required item was effectively configured. You will move to the actual implementation in the next task. Use the following table and the “Information Packet” section to create the Implementation and Verification Plan. If you are unsure, use the information provided in the “Hints” section at the end of this lab. Complete | Device | Implementa- | Values and Items to v tion Order Implement Expected Results (© 2009 Cisco Systems. Ine Lab Guide 309Complete | Device | Implementa- tion Order Values and Items to Implement Verification Method and Expected Results 310 Implementina Ci 20 Switched Networks (SWITCH) V1.0 (© 2009 Cisco Systems, nePoE configuration: PoE switches will be added later to your network. Answer the following questions: 1. How will the phones be powered? 2. Are all PoE switches the same? 3. Areall PoE devices equal (requiring the same power from the PoE switch)? 4. Are other PoE devices likely to be installed in the network? 5. Document the steps and commands required to configure PoE on switch ports to IP phones: (© 2009 Cisco Systems. Ine Lab Guide 311Task 3: Implement and Verify Now that you have all of the requirements and have planned the implementation, you are ready to connect to the remote lab and implement your solution, Do not forget to save. Once your solution is implemented, verify that your configuration is working and fulfills the requirements specified, Use the previous table to document the verifications you conducted to ensure that your solution is complete. If you are unsure about the verification steps, use the information provided in the “Hints” section at the end of this lab. 312 __Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neStudent Notes Use the following space to document the details that you think are important to remember (© 2009 Cisco Systems. Ine LabGuide 313314 Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neAlternate Resources and Solutions Other groups may use a solution that is different from yours, Possible solutions will be discussed during the debriefing period after the lab. For your reference, use the following space to document other possible solutions. (© 2009 Cisco Systems. Ine LebGuide 318,316 Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neLab 8-1: Key Commands and Tools Used (© 2009 Cisco Systems. Ine LebGuide 317Hints You are encouraged to complete the labs using your knowledge. If you need help, this section contains a series of hints to help you complete the lab, Lab 8-1 Hint Sheet: Plan Implementation and Verification of VoIP in a Campus Network Implementation Requirements To facilitate the configuration of your network, the first task asks you to ere Implementation Requirements list. The list details the elements ni ample of such a lis implementation plan. The following is an an ed to develop an Device Implementation Requirements List Lab 8-1 Section Contai ASI IP Phone 4 Implementation Policy ASWi IP Phone 2 Implementation Policy ASW IP Phone 3 Implementation Policy ASW IP Phone 4 Implementation Policy bswi ico Urfed Conmunicaone Manager| phan Pokey oswi HRP. Implementation Policy si DHCP Implementation Policy sw HSRP Implementation Potioy a io Urged Cormuricatone Mane | inpkomeniion Pokey Dswe DHCP Implementation Policy Allswitches | Cisco AutoQoS. Implementation Policy ‘318 Implementina Cisco Switched Networks (SWITCH) v1.0 {© 2009 Gisco Svstems. IneDevice High-Level Task Information Source Visual Objective, Implementation Requirements ASW1 | IP Phone 1 ve ‘swt | IP Phone 2 Vigyal Objective, Implementation Requirements ‘asw2 | 1P Phone 3 Visual Objective, Implementation Requirements ‘AsW2 | IP Phone 4 Visual Objective, Implementation Requirements swi | Go Unie Commuriesions Visual Objective, Implementation Requirements wo | Gs Unied Commuriesions Vigyal Objective, Implementation Requirements pswi | HSRe Visual Objective, Implementation Requirements pswe | HSRe Visual Objective, Implementation Requirements pswi_ | pHcP Visual Objective, Implementation Requirements swe | pHcP Vigyal Objective, Implementation Requirements Alongs | 860 Aloo Visual Objective, Implementation Requirements (© 2009 Cisco Systems. Ine Lab Guide 319Implementation and Verification Plan In this task, you create an Implementation and Verification Plan, There are several possible correct solutions. One possible approach groups items that are common to all switches in a template and then applies the template to all switches. For this lab, the template could contain the following items Complete | Device | imple- | Values and Items to Implement Verification Method v menta- and Expected Results tion Order aswi 4 interface range FastEthernet0/14-15 aswi | 2 switchport mode access aswi 3 switchport access vian 3 aswi |4 switchport voice vian 63 aswi | 5 switchport priority extend trust aAsWi mls qos trust cos aswi |6 mis qos trust device cisco-phone _| sh interface Fa0/14 aswi |7 auto qos voip cisco-phone sh mis qos int £0114 ASW2 | 8 interface range FastEthernet0/14-15 Asw2 | 9 ‘switchport mode access Asw2 | 10 switchport access vlan 4 asw2 | 11 ‘switchport voice vian 64 ASW2 | 12 switchport extend trust AsW2 | 13 mils qos trust cos ASW2 | 14 mis qos trust device cisco-phone _| sh interface Fa0/14 ASW2 | 15 auto qos voip cisco-phone ‘sh mis gos int 0/14 Dsw1 | 16 interface Fastethernet 0/15 psw1 17 switchport mode access Dswi | 18 switchport access vian 63 Dsw2 | 19 interface Fastethernet 0/15 Dsw2 | 20 ‘switchport mode access 320 Implementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neComplete Values and Items to Implement Verification Method Order psw2 | 21 switchport access vian 64 vam || hep code TTT oon [2 [inte speutedaatos com an | he cota TTS oon [2 [iatepszetegaates DSW1 27 network 10.1.63.0 255.255.255.0 DSW1 28 default-router 10.1.63.4 oswi | 29 ‘option 150 ip 10.1.63.11 10.1.64.12 oswi | 30 lease 8 show ip dhcp pool DSW1 32, network 10.1.64.0 255.255.255.0 DSW1 33, default-router 10.1.64.1 oswi | 34 ‘option 150 ip 10.1.63.11 10.1.64.12 DSW1 35, lease 8 show ip dhcp pool cone ep ena TTT vow [or [iytepsesatedatos pave [a [Saaepemetaaraaee Dsw2 | 41 network 10.1.63.0 255.255.255.0 Dsw2 | 42 default-router 10.1.63.4 Dsw2 | 44 lease 8 show ip dhcp pool (© 2009 Cisco Systems. Ine Lab Guide 321Complete Values and Items to Implement Verification Method y menta- and Expected Results tion Order psw2 | 45 ip dhep pool viané4 Dsw2 | 46 network 10.1.64.0 255.255.255.0 Dsw2 | 47 default-router 10.1.64.4 Dsw2 | 48 ‘option 150 ip 10.1.63.11 10.1.64.12 Dsw2 | 49 lease 8 show ip dhep pool Dsw1 | 50 interface Vian 63 pew: | 51 ip address 10.1.63.3 255,255.255.0 sh intertce vlan 63) Dsw1 | 52 standby 63 ip 10.1.63.1 Dsw1 | 53 standby 63 priority 120 Dsw1 | 54 standby 63 preempt pswi | 55 standby 63 track Port-channel31 30 Dswi | 56 standby 63 track Port-channel32 30 | sh standby Dsw1 | 57 interface Vian 64 pswi | 58 ip address 10.1.64.3 255,255.255.0 Shite van 4 i Dsw1 | 59 standby 64 ip 10.1.64.1 Dsw1 | 60 standby 64 priority 90 sw | 6 standby 64 preempt Dsw1 | 62 standby 64 track Port-channel31 30 Dsw1 | 63 standby 64 track Port-channel32 30 pswa | & interface Vian 63 ane oy Dswe | 65 ip address 10.1.63.2 255.255.255.0 Dswe | 66 ‘standby 63 ip 10.1.63.1 Dsw2 | 67 standby 63 track Port-channel31 30 322 _Implementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neComplete Values and Items to Implement Verification Method v menta- and Expected Results tion Order Dsw2 | 68 | standby 63 track Port-channel32 30 Dswe |69 | standby 63 preempt sh standby pswe | 72 | interface vian 64 Peer Dsw2 |71 | ip address 10.1.64:3 255.255.255.0 Dsw2 |72 | standby 64ip 10.1.64.1 Dsw2 |73 | standby 64 priority 120 Dsw2 | 74 | standby 64 track Port-channel31 30 Dsw2 |75 | standby 64 track Port-channel32 30 Dsw2 | 76 —_ | standby 64 preempt Sh standby aswi | 77___ | interface range FastEthernet0it-2 paw | 7a | autoaos voip trust asw2 | 79 __ | interface range FastEthernet0it-2 asw2 | 60 __ | auto-aos voip trust pews fer | ieface range Fastetemetr-7, psi | 82 | auto gos voip trust swe [so | ierface range Fastehemetr7, Dsw2 | 84 | auto qos voip trust csws [as | ieaerang fatter, cswi | 86 | auto gos voip trust are) (Ea | Sete enema csw2 | 88 | auto qos voip trust (© 2009 Cisco Systems. Ine Lab Guide 328PoE configuration: 1. How will the phones be powered? With AC power cords at first; PoE will be needed later Are all PoE switches the same? No. Some provide standard PoE, some high power, some only have power for a number of ports, and so on; negotiation can take place or not; and there are many differences between models 3. Areall PoE devices equal (requiring the same power from the PoE switch)? No. Some use less power, some usemore, some can negotiate, 4. Are other PoE devices likely to be installed in the network? Very likely. Many devices use PoE, although the list is not clearly stated in this lab. IP phones use standard PoE. To enable this feature, for example, on interface 10/1, use the command sequenc ‘Switch conf ig)# interface FastBthernet0/1 Switch (config-if)# power inline auto 324 Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neStep-by-Step Procedure Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Complete these steps: ‘Connect to the switch ASW1 switch interface in configuration mode: Connect to the remote lab, m Access the Switch console, m= Enter privilege mode, using the enable command. m= Enter configuration mode, using the configure terminal command, Configure IP phone ports on switch ASW1: xsi11 (config) # interface FastRthernet0/14 ASW (conf ig-if)# switchport mode access ASW] (config-if)# switchport access vlan 3 ASW] (config-if)# switchport voice vlan 63 ASW £)# switchport priority extend trust ASW )# mls gos trust device cisco-phone asi )# mls gos trust cos £)# auto gos voip cisco-phone ASW1 (config) # interface FastBthernet0/15 switchport mode access switehport access vlan 3 switehport voice vlan 63 switchport priority extend trust ASW (conf ig-if]# mls qos trust device cisco-phone Asi (conf ig-if)# mls gos trust cos ASW (conf ig-if)# auto gos voip cisco-phone Repeat Steps 1 and 2 on switch ASW2 Configure a Cisco Unified Communications Manager Express interface on switch DSW1: sW1 (config) # interface FastEthernet0/15 sili (config-if)# switchport mode access Sill (config-if)# switchport access vlan 63 DSi (conf ig-if)# no shut Repeat Step 10 on switch DSW2. Configure the DHCP poo! for voice VLAN 63 and VLAN 64 on switch DSW1: sW1 (config) # ip dhep excluded-adéress 10.1.63.1 10.1.63.49 DSWi (config) ¥ ip dhep excluded-address 10.1.63.100 10.1.63.255 DSW1(config)# ip dhep pool vian63 DS#i (dnep-config)# network 10.1.63.0 255.255.255.0 sii (dhcp-config)# default-router 10-1.63.1 sili (dhcp-config)# option 150 ip 10.1.63.11 10.1.64.12 siti (dhep-config)# lease 8 Wi (config) # ip dhep excluded-adéress 10.1.641 10.1.64.49 DSW1 (config) ¥ ip dhep excluded-adéress 10.1.64.100 10.1.64.255 Wi (config) # ip dhcp pool viané4 sii (dhcp-config)# network 10.1.64.0 255.255.255.0 sii (dhcp-config)# default-router 10.1.64.1 sili (dhcp-config)# option 150 ip 10.1.63.11 10.1.64.12 sii (dhcp-config)# lease 8 Repeat Step 6 on switch DSW2 with parameters specific to switeh DSW2. (© 2009 Cisco Systems. Ine Leb Guide 325Step8 Configure interface VLAN 63 and VLAN 64 on switch DSW1: Dew q)# interface Vian 63 Dewi g-if)# ip address 10.1.63.3 255.255.255.0 DSi g-if)# standby 63 ip 10.1.63.1 DSi g-if)# standby 63 priority 120 DSi g-if)# standby 63 preempt DSi g-if)# standby 63 track Port-channel3i 30 Dew g-if)# standby 63 track Port-channel32 30 Dew g)# interface Van 64 DSii (conf ig-it)# ip address 10.1.63.3 255.255.255.0 DSi (config-if)# standby 64 ip 10.1.64.1 Siti (config-if)# standby 64 priority 90 Sill (config-if)# standby 64 preempt sili (conf ig-if)# standby 64 track Port-channel3i 30 Sil (config-if)# standby 64 track Port-channel32 30 Stop 9 Repeat Step 8 on switch DSW2 with parameters specific to switch DSW2. Step 10 Configure QoS at the interface level on switch ASW1: aswa ASW ‘onfig)# interface range FastEthernet0/1-2 config-if]# auto gos voip trust AsWifsh mls qos Qos is enabled QoS ip packet dscp rewrite ie enabled Asilijish mls gos int £0/1 FastEthernet0/1 trust state: trust cos trust mode: trust cos trust enabled flag: ena cos override: dis default cos: 0 DSCP Mutation Map: Dé Trust device: none qos mode: port-based yult DSCP Mutation Map ASiWigsh run int Building configuration Current configuration : 225 bytes inte: switchport trunk al switchport mode trunk srr-queue bandwidth share 10 10 60 20 ‘ty-queue out mls qos trust cos auto qos voip trust ep snooping trust face FastEtherneto/1 fed vlan 3,21, 63,65 P end Stop 11 Repeat Step 10 on switeh ASW2. 328 Implementing Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neStep 12 Configure trunk interfaces for QoS on switch DSW1: sW2 (config) # interface range FastBthernet0/5-7 , FastBthernet0/15 sili (config-if)# auto gos voip trust DSWi#sh mls qos Qos is enabled QoS ip packet dscp rewrite is enabled DSWi#sh mls qos int £0/7 FastEthernet0/7 trust state: trust cos trust mode: trust cos trust enabled cos override default DSCP Mutation Map: Default DSCP Mutation Map Trust device: none qos mode: port-based DSW1#sh auto qos FastEtherneto/1 auto gos voip trust FastEtherneto/2 auto gos voip trust FastEtherneto/3 auto gos voip trust FastEtherneto/4 auto gos voip trust FastEthernet0/5 auto gos voip trust FastEtherneto/6 auto gos voip trust FastEthernet0/7 auto gos voip trust FagtEtheraeta auto gos voip trust Stop 13. Repeat Step 12 on switch DSW2. Step 14 Configure trunk interfaces for QoS on switeh CSW: csi (config) # interface range FastEthernet0/1-4 , FastBthernet0/7-12 Csi (conf ig-if)# auto gos voip trust Stop 15. Repeat Step 14 on switch CSW2 (© 2009 Cisco Systems. Ine LebGuide 327Lab 9-1: Integrating Wireless in the Campus Complete this lab activity to practice what you leared in the related module. Activity Objective During a daily moming meeting, your IT manager informed you that, after voice, wireless capabilities should be added to the existing network. You must prepare the switched network for a wireless integration that will take place next month. An email from the wireless consultant informs you that the wireless part of the implementation will be externalized. A list of the planned wireless equipment is attached to the wireless consultant’s email. Your assignment is to prepare the wired infrastructure for this wireless addition. Your first task is to analyze the information and make a plan for the needed steps to prepare the network for the implementation of the wireless solution. Afier completing this activity, you will be able to meet these objectives: Identify the requirements for implementing wireless structure in a network Prepare an implementation plan for wireless integration Prepare the switched network for integration of wireless equipment . Verify that the switched network was properly provisioned 328 Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neInformation Packet This section contains the information needed to accomplish in this activity, and describes the requirements common to all devices in the network, along with information specific to each device, Read the information carefully Implementation Policy You must integrate wireless in your network. The following lists details preparation and configuration requirements for all switches in the company network. Your configuration must implement all these requirements: m= Several standard Cisco 1240 series access points will be connected to switches ASW! and ASW2, Refer to the “Device Information” section and configure each port accordingly m WCS and WLC will by Information” section. For the autonomous AP on switch ASW1, allow the voice VLAN (VLAN 63) and data VLAN (VLAN 3). For the autonomous AP on switch ASW2, you must allow the voice VLAN (VLAN 64) and data VLAN (VLAN 4). m_ One Hybrid Remote Edge Access Point (HREAP) must be connected to each access switch, HREAP are specific types of controller-based access points, HREAP on switch ASW1 must service the voice VLAN (VLAN 63) and data VLAN (VLAN 3). HREAP on switch ASW? must service the voice VLAN (VLAN 64) and data VLAN (VLAN 4). The configuration of the switch port to the HREAP APs similar to the configuration of a port oan autonomous AP. connected to switches DSWI and DSW2 per the “Device m= The Lightweight AP (LAP) on switch ASW! must be in the AP VLAN (VLAN 11). The Lightweight AP (LAP) on switch ASW2 must be in the AP VLAN (VLAN 12). Ports to these APs should be in the forward state as soon as the AP is switched on, The Cisco Wireless Control System on switch DSWI must be in VLAN 3. The Cisco Wireless Control System on switch DSW2 must be in VLAN 4, The Cisco 2106 WLC will be connected with one port ina trunk mode, with all VLANs (wired and wireless) allowed on the trunk. Ports to the Cisco 2106 WLCs should be in the forward state as soon as the controller is switched on, even if the port is a trunk. On ports to the LAPs and on ports to the Cisco WLCs, apply the appropriate QoS policy. In the future, 1250 IEEE 802.1 In access points will be added to your network. These access points need enhanced PoE. Use Task 2 to make sure that you know how to configure IEEE 802.3at to suppor th s points where needed. The first series of access points to be installed will use AC power adapters. (© 2009 Cisco Systems. Ine LebGuide 329Device Information The table provides information about device locations: Device Role Network Location Apt ‘Autonomous AP ASW P4 AP2. HREAP ASW1 PS: ‘APS. Lightweight AP_ ASWI PB APA ‘Autonomous AP ASW2 PA APS HREAP ASW2 PS: ‘APE Lightweight AP_ ASW2 PB Wict Cisco 2106 Wireless LAN swt P7 Controller west Cisco Wireless Control System | OSW1 P6 wc Cisco 2106 Wireless LAN Dsw2 P7 Controller wes2 Cisco Wireless Control System | OSW2 P6 Visual Objective The figure illustrates what you will accomplish in this activity. in the Campus Visual Objective for Lab 9-1: Integrate Wireless 330 Implementing Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neCommand List The table describes the commands that are used in this activity. Command Description interface fastethernet]| gigabitethernet sioyport Enters interface configuration mode for a Cisco Catalyst switch with a Fast Ethemet or Gigabt Ethernet interface installed interface range fastethernet | gigabitethernet slotstarting_port - ‘ending_port ‘Selects a range of interfaces to configure. ‘name vian-name ‘Specifies a name for a VLAN for either VLAN database or VLAN configuration mode. ‘show interface interface-id switchport Displays the switch port configuration of the interface. show interface trunk Displays the trunk configuration of the interface. ‘show vian Displays VLAN information, shutdownino shutdown ‘Shuts down or enables an interface. ‘switchport access vian vlan-id ‘Specifies the default VLAN, which is used ifthe interface stops trunking, ‘switchport mode access Puts the interface into permanent nontrunking mode and negotiates to convert the link into a nontrunk link. ‘switchport mode trunk Puts the interface into permanent trunking mode and negotiates to convert the lnk into @ trunk link switchport nonegotiate ‘Turns off DTP negotiation, ‘switchport trunk allowed vlan remove vian-list, Configures the list of VLANs allowed on the trunk. ‘switchport trunk encapsulation dottq ‘Specifies 802.1Q encapsulation on the trunk link. vlan vian-id| Enters @ VLAN ID, and enter config-vian mode. Enter a new VLAN ID to create a VLAN, or enter an existing VLAN ID to modify that VLAN. (© 2009 Cisco Systems. Ine Lab Guide 331wre the job aids for this lab activity: Value Location Blank implementation requirements list Task 4 Blank implementation and verification plan | Task 2 form Blank verification notes form Task 3 ‘Altemate resources and solutions form End of this tab Key commands and tools used form End of this lab Implementation requirements hints “Hints” section atthe end of this lab Implementation and verification plan hints __| Hints” section atthe end of this lab Solution configuration answer key (step-by- | Configuration section atthe end of this lab step procedure) 382 __Implementina Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, neTask 1: Create an Implementation Requirements List for Wireless Integration in the Campus Afier you have analyzed the information in the “Information Packet” section, your first task is to create alist where you will document the requirements for a successful implementation, Use the following table, the Visual Objective for this lab, and the “Implementation Policy” and “Device Information” sections to create your implementation requirements list. Ifyou are unsure, use the information provided in the “Hints” section atthe end of this lab. Device | High-Level Task Information Source (© 2009 Cisco Systems. Ine Lab Guide 333Task 2: Create an Implementation and Verification Plan The second step in your configuration deployment is to create a task list that includes each item that must be configured on each device and in what order the items must be configured. The Implementation and Verification Plan is very important, because it enables you to ensure that all requirements are properly configured and in the correct order. The task will help you set up configuration checkpoints, Use the plan to determine how you will verify that each required item was effectively configured. You will move to the actual implementation in the next task. Use the following table and the “Information Packet” section to create the Implementation and Verification Plan. If you are unsure, use the information provided in the “Hints” section at the end of this lab Complete | Device | Imple- | Values and Items to implement —_| Verification Method and q menta- Expected Results tion Order 324 Implementina Ci co Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neComplete menta- tion Order Values and Items to Implement Verification Method and Expected Results (© 2009 Cisco Systems. Ine Lab Guide 335Enhanced PoE configuration: Later on, Cisco Aironet Series 1250 Access Points and enhanced PoE (802.3at) switches will be added to your network, Answer the following questions: How will the first APs be powered? Can you use the same PoE switch for both the first APs and the future Cisco Aironet 1250 Series APs? 3. Can the Cisco Aironet 1250 Series APs be powered from a standard 802.3af switch or do they need a special switch? 4, Document the steps required fo configure PoE on switch ports to these access points: 386 Implementing Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neTask 3: Implement and Verify Now that you have all of the requirements and have planned the implementation, you are ready to connect to the remote lab and implement your solution, Do not forget to save. Once your solution is implemented, verify that your configuration is working and fulfills the requirements specified, Use the previous table to document the verifications you conducted to ensure that your solution is complete, If you are unsure about the verification steps, use the information provided in the “Hints” section at the end of this lab. (© 2009 Cisco Systems. Ine LebGuide 337Student Notes Use the following space to document the details that you think are important to remember 388 Implement Cisco Switched Networks (SWITCH) vt 0 (© 2009 Cisco Systems, ne(© 2009 Cisco Systems. Ine Leb Guide 339Alternate Resources and Solutions Other groups may use a solution that is different from yours. Possible solutions will be discussed during the debriefing period after the lab. For your reference, use the following space to document other possible solutions. ‘340 Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, ne(© 2009 Cisco Systems. Ine Lab Guide 341Lab 9-1: Key Commands and Tools Used 342 Implementing Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neHints You are encouraged to complete the labs using your knowledge. If you need help, this section contains a series of hints to help you complete the lab, Lab 9-1 Hint Sheet: Integrating Wireless in the Campus Implementation Requirements To facilitate the configuration of your network, the first task asks you to create an Implementation Requirements list. The list details the elements needed to develop an implementation plan. The following is an example of such a list: Device Implementation Requirements List Lab 9-1 Section Containing Hint ASWi APA Implementation Poli ASW AP2 Implementation Poli ASI APS Implementation Poli aswa APA) Implementation Poli aswa APS: Implementation Poli aswa APS Implementation Poli oswi wict Implementation Policy oswi west Implementation Policy swe wic2 Implementation Policy swe wes2 Implementation Policy Device High-Level Task Information Source Visual Objective, Implementation AsWi Ap2 Requirements List Visual Objective, Implementation Ast APS Requirements List Visual Objective, Implementation ASW2 Apa Requirements List Visual Objective, Implementation ASW2 APS Requirements List Visual Objective, Implementation sw APG Requirements List Visual Objective, Implementation pst weet Requirements List Visual Objective, Implementation bswi west Requirements List Visual Objective, Implementation bswe woe2 Requirements List bewe wes2 Visual Objective, Implementation Requirements List (© 2009 Cisco Systems. Ine Lab Guide 343Implementation and Verification Plan In this task, you create an Implementation and Verification Plan, There are several possible correct solutions. One possible approach groups items that are common to all switches in a template and then applies the template to all switches. For this lab, the template could contain the following items Complete | Device | Implemen- | Values and Items to Implement Verification y tation Method and Order Expected Results aswi | 4 interface FastEthernet0/14 aswi [2 switchport mode trunk asm [3 ‘switchport trunk allowed vian 3,63 sh interface, ASWi mis qos trust cos show mis qos aswi [4 interface FastEthernet0/12 ASWi switchport mode trunk asm [6 switchport trunk allowed vian 3,63, sh interface, aswi [7 mils qos trust dscp aswi [8 interface FastEthernet0/13 aswi [9 switchport mode access swt | 10 switchport access vian 11 show vian aswi | 11 spanning-tree portfast aswi | 12 mils qos trust dscp asw2 [13 interface FastEthernet0/11 Asw2_| 14 ‘switchport mode trunk oon is ‘switchport trunk allowed vian 4,64 sh nterface, Asw2_| 16 mils qos trust cos, Asw2_| 17 interface FastEthernet0/42 AsW2_ | 18 ‘switchport mode trunk ‘asw2 | 79 ‘switchport trunk allowed vian 4,64 ah interface, Asw2_| 20 mis qos trust dsep asw2 [21 vlan 12 Asw2_ | 22 interface FastEthernet0/13 Asw2_| 23 ‘switchport mode access Asw2_| 24 ‘switchport access vian 12 show vian Asw2_|25 ‘spanning-tree portfast, Asw2_| 26 mis qos trust dscp Asw2_|27 interface f0/4 a4 Implementing Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neComplete Implemen- | Values and Items to Implement Verification v tation Method and Order Expected Results asw2 | 28 ‘switchport trunk allowed vian add 12 pswi | 29 interface FastEthernet0/11 oswi_ | 30 switchport trunk encapsulation dot!q oswi_ [31 switchport mode trunk pswi | 32 switehport trunk allowed vin 311,63 sh interface pswi | 33 spanning-tree portfast oswi | 34 mls qos trust cos swi | 35 interface FastEthernet0/12 pswi | 36 switchport mode access pswi_| 37 switchport access vlan 3 show vlan psw2_| 38 vian 12 Dsw2_| 39 interface FastEthernet0/11 sw | 40 ‘switchport trunk encapsulation dotiq sw [41 ‘switchport mode trunk an Switchport trunk allowed vlan 4.1264 | sh interface Dsw2_| 43 spanning-tree portfast psw2 | 44 mils qos trust cos, Dsw2 | 45 interface f0/6 Dsw2 | 46 ‘switchport trunk allowed vian add 12 Dsw2_| 47 interface FastEthernet0/42 Dsw2 | 48 ‘switchport mode access psw2 | 49 ‘switchport access vian 4 show vian Enhanced PoE configuration: 1. How will the first APs be powered? Using AC power adapters, as per the “Information Packet” section, so no PoE is required yet 2. Can you use the same PoE switch for both the first APs and the future Cisco Aironet 1250 Series APs? Yes, if the swite - Provides enhanced power - Has enough power resourees available (© 2009 Cisco Systems. Ine Leb Guide 345,3. Can the Cisco Aironet 1250 Series APs be powered from a standard 802.3af switch or do they need a special switch? The standard switch provides 15 W max, as per the 802.3af specification, which is not enough for the Cisco Aironet 1250 Series AP, but is enough for most other APs. The Cisco Aironet 1250 Series AP needs a switch that provides enhanced power Enhanced PoE is configured at the port level. For the Cisco Aironet 1250 Series AP, you need to allow 20 W. This is done, for example, on interface g0/1 (Cisco Aironet 1250 Series APS require gigabit interfaces): Switch config) # interface gigabitethernet0/1 Switch (conf ig-it) power inline port maximum 20000 Step-by-Step Procedure Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Complete these steps: Connect to the ASW switch interface in configuration mode: Connect to the remote lab m Access the Switch console. m= Enter privilege mode, using the enable command. m Enter configuration mode, using the configure terminal command. Configure the AP on switch ASW: ASW1 (config) # interface range FastBthernet0/11-12 ASW (config-if)# switehport mode trunk ASW] (config-if)# switchport trunk allowed van 4,63 ASW] (config-if)# interface £0/11 ASW1 (config-if)# mls gos trust cos ASW (config-if)¥ interface £0/12 ASW (config-if)# mls qos trust dscp ASW (config-if)# interface FastBthernet 0/13 asWi ASW asWi ASW conf ig-if)# switchport mode access -onfig-if)# switchport access vlan 11 -onfig-if)# spanning-tree portfast config-if)#mls qos trust dscp Repeat Steps 1 and 2 on switeh ASW2. Configure WLC1 on switch DSW1: sili (config)# mls gos Dsif2 (conf ig)# interface Fast8thernet0/12 DSW (config-if)# switchport mode trunk DSWli (conf ig-if)# switchport trunk allowed vlan 4,11,63 DSW (conf ig-if)# spanning-tree portfast trunk Dsili (config-if)# mls gos trust cos Configure WCS1 on switch DSW1: Dsii1 (conf ig)# interface FastBthernet0/12 Sill (config-if)# switchport mode access sii (config-if)# switchport access vian 3 Repeat Steps 4 and 5 on switeh DSW2. 346 Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neEnding Configurations Lab 1-1: New Hire Test Your configuration should be similar to the following example, On switch ASWI: ASW1#show running-config Building configuration. current figuration ; 2689 bytes version 12.2 no service pad service timestamps debug datetime localtime service timestamps log uptime no service password-encryption hostname ASWL boot-start-marker oot-end-marker enable password no aaa new-model clock timezone eastern ‘tem mtu routing 1500 subnet -zero p domain-lookup tree mode rapid-pyst tree extend system-id vlan internal al tion policy ascending terface FastEthernet0/1 intes FastBthernet0/2 FagtEthernet 0/3 interface FastEthernet0/4 shutdown fo output omitted, all subsequent interfaces are shut) interface FastEthernet0/24 shutdown, nterface GigabitEthernet 0/1 shutdown nterface GigabitEtherneto/2 (© 2009 Cisco Systems. Ine LebGuide 347ip default-gateway 10.1.1.251 ip http server ip http secure-server control -plane alias exec init-2-2 configure replace flash: /switch/lab2-2.cfg force alias exec init-3-2-A configure alias exec init-3-2-B configure alias exec init-4-2-A configure alias exec init-4-2-B configure alias exec init-4-2-C configure Line con 0 logging synchronous Line vty 0 4 password cisco logging synchronous login Line vty 5 15 password cisco login’ end replace flash:/ switch/lab_3_?_A.cig force replace flash:/switch/1ab 3 2 B.cfg force replace flash:/switch/lab 4-2 A.cfg force replace flash:/switch/lab 4-2 B.cfg force replace flash:/switch/lab 4-2 C.cfg force ‘The switch automatically generated some of these configuration lines; others were pasted by ‘your instructor before the beginning of the css. All the items that you configured should be there, Other Switch Repeat the same process on the other switches, changing the values that are different on each switch. 348 Implementing Cisco Switched Networks (SWITCH) v1.0 (@ 2009 Cisco Systems, IneLab 2-1 Design and Implement VLANs, Trunks, and EtherChannel Your configuration should be similar to the following. Only the configuration sections relevant to this lab are displayed, On switch ASWI: AsWivsh run interface FastEthernet0/1 et trunk allowed vlan 1,3,12,63,65 wrt mode trunk interface FastEthernet0/2 switchport trunk allowed vlan 1,3,11,63,65 switchport mode trunk interface FastEthernet0/3 switchport access vlan 3 switchport mode access interface FastEthernet0/4 switchport access vlan 63 Switchport mode access interface FastEthernet0/5 switchport access vlan 11 Switchport mode access On switch ASW2: ASW2#sh run interface FastEthernet0/1 switchport trunk allowed vlan 1,4, 12,64, 66 vlan 1,4,12,64,66 interface FastEthernet 0/2 switchport access vlan 4 switchport mode access interface FastEthernet0/4 switchport access vlan 63 Switchport mode access interface FastEthernet 0/5 switchport access vlan 11 Switchport mode access (© 2009 Cisco Systems. Ine LebGuide 349On switch DSW1: DsWi¥sh run interface Port-channel31 ‘switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk interface Port-channel32 ‘switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk shutdown interface FastEthernet0/1 ‘switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk channel-group 31 mode passive interface FastEthernet0/2 ‘switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk channel-group 31 mode passive interface FastEthernet 0/3 switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk shutdown channel-group 32 mode passive interface FastEthernet0/4 ‘switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk shutdown channel-group 32 mode passive interface FastEthernet 0/5 ‘switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk shutdown interface FastEthernet0/6 ‘switchport trunk encapsulation dotig switchport trunk allowed vlan 1,3,11,63,65 switchport mode trunk interface FastEtherneto/7 ‘switchport trunk encapsulation dotig switchport trunk allowed vlan 1,4,12,64,66 switchport mode trunk interface FastEthernet0/a switchport access vlan 65 ‘switchport mode access interface FastEthernet 0/9 switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk Implementing Cisco Switched Networks (SWITCH) v1.0 (@ 2009 Cisco Systems, IneOn switch DSW2: Dsw2#sh run interface Port-channel31 ‘switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk shutdown interface Port-channel32 ‘switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk interface FastEthernet0/1 ‘switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk channel-group 32 mode passive interface FastEthernet0/2 ‘switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk channel-group 32 mode passive interface FastEthernet0/3 switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk shutdown channel-group 31 mode passive interface FastEthernet0/4 ‘switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk shutdown channel-group 31 mode passive interface FastEthernet 0/5 ‘switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk shutdown interface FastEthernet0/6 ‘switchport trunk encapsulation dotig switchport trunk allowed vlan 1,4, 12,64, 65 switchport mode trunk interface FastEthernet0/7 ‘switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3, 11,63, 65 switchport mode trunk interface FastEthernet0/a switchport access vlan 66 ‘switchport mode access interface FastEthernet0/9 switchport trunk encapsulation dotig switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk (© 2009 Cisco Systems. Ine Lab Guide 351On switch CSW1: cswi#sh run interface Port-channel31 ‘switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk interface Port-channel32 ‘switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk shutdown interface Port-channel33 ‘switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk interface FastEthernet0/1 ‘switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk channel-group 31 mode active interface FastEthernet0/2 ‘switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk channel-group 31 mode active interface FastEthernet0/3 ‘switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk shutdown channel-group 32 mode active interface FastEthernet0/4 ‘switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk shutdown channel-group 32 mode active interface FastEthernet 0/5 ‘shutdown interface FastEthernet 0/6 ‘shutdown interface FastEthernet 0/7 ‘switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk channel-group 33 mode on interface FastEthernet0/a ‘switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk channel-group 33 mode on interface FastEthernet 0/9 ‘switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk Implementing Cisco Switched Networks (SWITCH) v1.0 (@ 2009 Cisco Systems, Inechannel-group 33 mode on interface Fastétherneto/10 switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk channel-group 33 mode on interface FastEtherneto/11 switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk interface FastBtherneto/12 ‘switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-65 switchport mode trunk interface FastBtherneto/13 ‘shutdown On switch CSW2: csw2Hsh run 1 interface Port-channel?1 switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-66 switchport mode trunk shutdown 1 interface Port-channel32 switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-66 switchport mode trunk 1 interface Port-channel?3 switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-66 switchport mode trunk interface Fastzthernet0/1 switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-66 switchport mode trunk channel-group 32 mode active 1 interface Fastithernet0/2 switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-66 switchport mode trunk channel-group 32 mode active interface FastSthernet0/3 switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-66 switchport mode trunk shutdown channel-group 31 mode active interface FastSthernet0/4 switchport trunk encapsulation dotiq (© 2009 Cisco Systems. Ine Lab Guide 353switchport trunk allowed vlan 1,3,4,11,12,63-66 switchport mode trunk shutdown channel-group 31 mode active interface FastSthernet0/5 shutdown, interface FastSthernet0/6 shutdown interface FastSthernet0/7 switchport trunk encapsulation dotlq switchport trunk allowed vlan 1,3,4,11,12,63-66 switchport mode trunk channel-group 33 mode on interface Fastithernet0/8 switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-66 switchport mode trunk channel-group 33 mode on 1 interface Fastithernet0/9 switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-66 switchport mode trunk channel-group 33 mode on interface FastEthernet0/10 switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-66 switchport mode trunk channel-group 33 mode on 1 interface FastEthernet0/11 switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-66 switchport mode trunk interface FastEthernet0/12 switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,3,4,11,12,63-66 switchport mode trunk Implementing Cisco Switched Networks (SWITCH) v1.0 (@ 2009 Cisco Systems, IneLab 2-3 Implement Private VLANs Your configuration should be similar to the following. Only the configuration sections relevant to this lab are displayed. Router RI: Router R2: Interface £0/1 Switch CSWI: Vian 51,501 vlan 502 private-vlan primary private-vlan association 51 vlan 51 name TestIsolated private-vlan isolated Interface Switchport trunk allowed vlan add 5 Interface Swit Swit No 1 (© 2009 Cisco Systems. Ine Lab Guide 355Lab 3-1: Implement Multiple Spanning Tree Ending configurations for Task 1: On switch DSW: interface Port-channel32 ‘switchport trunk encapsulation dotiq switchport mode trunk interface FastEthernet0/3 ‘switchport trunk encapsulation dotiq switchport mode trunk channel-group 32 mode on interface FastEthernet0/4 ‘switchport trunk encapsulation dotiq switchport mode trunk channel-group 32 mode on On switch CSW2: interface Port-channel32 ‘switchport trunk encapsulation dotiq switchport mode trunk interface FastEthernet 0/3 switchport trunk encapsulation dotiq switchport mode trunk channel-group 32 mode on interface FastEthernet0/4 ‘switchport trunk encapsulation dotiq switchport mode trunk channel-group 32 mode on On switch DSW: interface Port-channel32 ‘switchport trunk encapsulation dotiq switchport mode trunk interface FastEthernet 0/3 ‘switchport trunk encapsulation dotiq ewitchport mode trunk channel-group 32 mode on interface FastEthernet0/4 ‘switchport trunk encapsulation dotiq switchport mode trunk channel-group 32 mode on On switch CSW2: interface Port-channel32 ‘switchport trunk encapsulation dotiq switchport mode trunk interface FastEthernet 0/3 ‘switchport trunk encapsulation dotiq ewitchport mode trunk channel-group 32 mode on interface FastEthernet0/4 ‘switchport trunk encapsulation dotiq switchport mode trunk channel-group 32 mode on 356 Implementina Cisco Switched Networks (SWITCH) v1.0 (@ 2009 Cisco Systems, IneEnding Configurations for MST MSTP on switch DSWI: spanning-tree mode mst spanning-tree extend system-id spanning-tree mst configuration name regionl revision 1 instance 1 vlan 1, 3, 11, 63, 65 instance 2 vlan 4, 12, 64, 65 spanning-tree mst 0-1 priority 24576 spanning-tree mst 2 priority 28672 DSill#sho spanning-tree sto ‘Spanning tree enabled protocol mstp Root ID Priority 24576 Address GO1£.2721.8680 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Priority 24576 (priority 24576 Address O01£.2721.8680 Hello Time 2 sec Max Age 20 sec Interface Role Sts Cost Prio.Nbr 30/5 Desg FWD 200000 128.7 Fa0/6 Desg FND 200000 128.8 30/7 Desg FND 200000 128.9 Po3. Desg FWD 190000 128.296 032 Desg FD 100000 128.304 sti ‘Spanning tree enabled protocol mstp Root ID Priority 24577 Address GO1£.2721.8680 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Priority 24577 (priority 24576 Address O01£.2721.8680 Hello Time 2 sec Max Age 20 sec Interface Role Sts Cost 30/5 Desg FWD 200000 Fa0/6 Desg FWD 200000 30/7 Desg FWD 200000 Po3. Desg FWD 100000 032 Desg FWD 100000 Prio.Nbr 328.7 328.8 328.9 128.296 2281304, Forward Delay 15 sec sys-id-ext 0) Forward Delay 15 sec Type Pap Pap Pap Pap Pap Forward Delay 15 sec sys-id-ext 1) Forward Delay 15 sec Type Pap Pap Pap Pap Pap (© 2009 Cisco Systems. Ine Lab Guide 357st2 Spanning tree enabled protocol mstp Root ID Priority 24578 Addzess 001£.2721.8600 Cost 200000 Port 7) (PastEtherneto/5) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 28674 (priority 28672 sys-id-ext 2) Address O01£.2721.8680 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type a0/5, Root FWD 200000 128.7 Pap 20/6 Desg FD 200000 128.8 Pap 30/7 Desg FWD 200000 128.9 Pap. o31 Desg FD 100000 128.296 Pap Po32 Altn BLK 100000 128.304 Pap pswig MST on switch DSW2: spanning-tree mode mst spanning-tree extend system-id spanning-tree mst configuration nane region revision 1 instance 1 vlan 1, 3, 11, 63, 65 instance 2 vlan 4, 12, 64, 65 spanning-tree mst 0-1 priority 28672 spanning-tree mst 2 priority 24576 Ds#2Hsho spanning-tree sto Spanning tree enabled protocol mstp Root ID Priority 24576 Address O01£.2721.8680 Cost 0 Port 7 (PastEtherneto/5) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 28672 (priority 28672 sys-id-ext 0) Address 001£.2721.8600 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type 30/5, Root FWD 200000 128.7. P2p 30/6 Desg FWD 200000 128.8 Pap Fa0/7 Desg Fup 200000 128.9 Pap Po31 Altn BLK 100000 128.295 Pap Po32 Altn BEK 100000 128.304 Pap 368 Implementina Cisco Switched Networks (SWITCH) vt 0 (@ 2009 Cisco Systems, Inesti Spanning tree enabled protocol mstp Root ID Bridge ID Interface a0/5 a0/6 30/7 Po31 Po32 mst2 Priority aAddzess Cost Port Hello Time 24577 ao1£.2722. 860 200000 7) (PastEtherneto/5) 2 sec Max Age 20 sec 28673 (priority 28672 ao1£.2722. 4600 2 sec Max Age 20 sec Priority Addzess Hello Time sts Cost Role Prio.Nbr 200000 200000 200000 i90000 190000 Root. Desa Desg alta alta ERD END WD BLK BLK 228.7 128.8 328.9 328.296 328.304, Spanning tree enabled protocol mstp Root ID Bridge ID Interface a0/5 a0/6 30/7 Po31 032 psw2¥ Priority 24578 Address O01£.2721.8600 ‘This bridge is the root Hello Time 2 sec Max Age 20 sec Priority 24578 (priority 24575 Address O01£.2721.8600 Hello Time 2 sec Max Age 20 sec Role Sts Cost Prio.Nbr Desa PRD 200000 128.7 Desa PND 200000 128.8 Desg FND 200000 128.9 Desg FND 100000 128.26 Desg PHD 100000 128.304 MST on switches ASWI, ASW2, CSWI, and CSW2: spanning-tree mode mst spanning-tree extend system-id spanning-tree mst configuration name regionl revision 1 instance 1 vlan 1, 3, 11, 63, 65 instance 2 vlan 4, 12, 64, 65 Forward Delay 15 sec sys-id-ext 1) Forward Delay 15 sec Type Pap Pap Pap Pap Pap Forward Delay 15 sec sys-id-ext 2) Forward Delay 15 sec Type Pap Pap Pap Pap Pap (© 2009 Cisco Systems. Ine Lab Guide 359Lab 3-2: Implement PVRST+ yest on all switches on your pod spanning-tree mode rapid-pvet Lab 4-1: Implement Inter-VLAN Routing On switches ASWI and ASW2: Onsi channel 32 no switchport fess 10.1.253.2 255.255.255.254 nterface ran no switchport no ip address channel-group 31 mode passive FastEtherneto/1-2 nterface ran no switchport no ip address channel-group 32 mode passive interface FastEthernet 0/5 no switchport p address 10.1.253.4 255.255.255.254 interface Viand p address 10.1.4.1 255.255.255.0 FastEthernet0/3-4 router eigrp 10 no auto-surmary network 10.1.0.0 0.0.255.255 360 Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neOn switches CSWI and CSW2: interface Port-channel31 no switchport ip address 10.1.253.1 255.255.255.254 interface Port-channel32 nO switchport ip address 10.1.253.9 255.255.255.254 interface Port-channel33 no switchport ip address 10.1.253.10 255.255.255.254 interface range FastEtherneto/1-2 no switchport no ip address channel-group 31 mode active interface range FastEtherneto/3-4 no switchport no ip address channel-group 32 mode active interface range FastEtherneto/7-10 no switchport no ip address channel-group 33 mode on interface FastBtherneto/11 no switchport ip address 10.1.253.12 255.255.255.254 interface FastBthemet0/12 no switchport ip address 10.1.253.14 255.255.255.254 router eigrp 10 no auto-sunmary network 10.1.0.0 0.0.255.255 On routers RI and R2: interface FastEthernet 0/0 ip address 10.1.253.13 255.255.255.254 speed 100 full -duplex interface FastEthernet0/1 ip address 10.1.253.19 255.255.255.254 speed 100 full -duplex router eigrp 10 no auto-sunmary network 10.1.0.0 0.0.255.255 (© 2009 Cisco Systems. Ine Lab Guide 361Lab 5-1: Implementing High Availability and Reporting in a Network Design On switch CSWI: pslal fomp-echo 10.1.3.10 sia schedule 1 life forever start-time now ng 10.1.3.50 ng trap informational server conmmity ciscor ro server host 10.1.3.50 traps ciscor server enable traps config server enable traps vlan-membership server enable traps errdisable ich DSW2: 4.100 nformational community ciscor ro host 10.1.4.100 traps ciscor enable traps config enable traps vlan-menbership enable traps errdisable Lab 6-1: Implement and Tune HSRP On switch DSW: interface Vian? 'p address 10.1.3.3 2: standby 3 ip 10.1.3.1 standby 4 ip 10.1.4 standby 4 preempt On switch DSW2: interface Vian? track Port-channel31 20 teack Port-channel32 20 362 __Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neLab 6-2: Implementing VRRP On switch CSWI: interface FastBtherneto/11 ‘switchport mode access switchport access vlan 10 interface FastBtherneto/12 switchport mode access switchport access vlan 10 interface Vianto ip address 10.1.253.25 255.255.255.248, On switch CSW2: interface FastBtherneto/11 ‘switchport mode access switchport access vlan 20 interface FastBtherneto/12 ‘switchport mode access switchport access vlan 20 interface Vian20 ip address 10.1.253.33 255.255.255.248 On router Ri: interface FastEthemeto/o ip address 10.1.253.27 255.255.255.248 Guplex auto speed auto vrrp 1 ip 10.1.253.30 vrrp 1 priority 150 interface FastEthernet0/1 ip address 10.1.253.36 255.255.255.248, suplex auto speed auto vrrp 2 ip 10.1.253.34 end FastEtherneto/o - Group 1 State is Master Virtual IP address is 10.1.253.30 Virtual MAC address is 000.520.0101 Advertisement interval ia 1.000 sec Preemption enabled Priority is 150 Master Router is 10.1.253.27 (local), priority is 150 Master Advertisement interval is 1.000 sec Master Down interval is 3.414 sec FastEtherneto/1 - Group 2 State is Backup Virtual IP addvess is 10.1.253.34 Virtual MAC address is 000.520.0102 Advertisement interval is 1,000 sec Preemption enabled Priority is 100 Master Router is 10.1,253.35, priority is 150 Master Advertisement interval is 1.000 sec Master Down interval is 3.509 sec (expires in 3.389 sec} (© 2009 Cisco Systems. Ine Lab Guide 383On router R2: interface FastEthernet 0/0 chow vexp FastEtherneto/1 - State is Backup Virtual IP addvess is 10.1.253.30 Virtual MAC address is 000.520.0101 Advertisement interval is 1,000 sec Preemption enabled Priority ie 100 Master Router is 10.1.253.27, priority ie 150 Master Advertisement interval is 1.000 sec Master Down interval is 3.509 sec (expires in 3.217 sec] FastEtherneto/0 - G state is Master Virtual IP address is 10.1.253.34 Virtual VAC address is 0000. 5e00.0102 Advertisement interval ie 1.000 sec Preemption enabled Priority ie 150 Master Router is 10.1,253.35 (local), priority is 150 Master Advertisement interval is 1.000 sec Master Down interval ia 2.414 sec Lab 7-1: Secure Network Switches to Mitigate Secu On switch ASWL spanning-tree portfast bpduguard default spanning-tree loopguard default coup 2 p dhep snooping ghep snooping vlan 1-4094 ip arp inspection vlan 1-4094 nterface range FastEthernet0/1 - 2 hep snooping trust ce Fast Ethernet 0/3 port-security ation restrict ‘address 0050. 5584.3a29 On switch ASW2: epanning-tree port fast bp spanning-tree loopgua: duguard default fault ip dhep snooping hep snooping vlan 1-4094 364 Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neip arp inspection vlan 1-4094 interface range FastEtherneto/1 - 2 ip dnep snooping trust interface FastEtheret0/3 switchport port-security switchport port-security mac-address sticky On switch DSWI: ip access-list extended NOTEL permit tep any any eq telnet vlan access-nap TEST 10 action drop match ip address NOTEL vlan access-nap TEST 20 action forward vlan filter TEST vlan-list 2-3 ip arp inspection vlan 1-4094 spanning-tree portfast bpduguard default spanning-tree loopguard default interface FastEtherneto/5 spanning-tree guard root ip arp inspection trust interface range FastEtherneto/6 - 7 ip arp inspection trust On switch DSW2: ip access-list extended NOTEL permit tep any any eq telnet vlan access-nap TEST 10 action drop Match ip address NOTED vlan access-nap TEST 20 action forward vlan filter TEST vlan-list 2-3 spanning-tree portfast bpduguard default spanning-tree loopguard default ip arp inspection vlan 1-4084 interface FastEtherneto/5 spanning-tree guard root ip arp inspection trust interface range FastEtherneto/6 - 7 ip arp inspection trust (© 2009 Cisco Systems. Ine Lab Guide 365Lab 8-1: Plan Implementation and Verification of VoIP in a Campus Network On switches ASWI and ASW2: interface FastEthernet0/1 switchport mode trunk switchport trunk allowed vlan 3,4,12,12,63-65 err-queue bandwidth share 10 10.60 20 priority-queue out mls qos trust decp auto gos voip trust interface FastEthernet 0/2 switchport mode trunk switchport trunk allowed vlan 3,4,12,12,63-65 err-queue bandwidth share 10 10.60 20 priority-queue out mls qos trust decp auto gos voip trust interface FastEthernet0/14 switchport mode access switchport access vlan 3 switchport voice vlan 63 switchport priority extend trust srr-queue bandwidth share 10 10 60 20 priority-queue out 108 trust device cisco-phone mls qos trust cos auto gos voip cise service-policy i interface FastEthernet0/15 switchport mor switchport access vlan 3 switchport voice vlan 63 switchport priority extend trust srr-queue bandwidth share 10 10 60 20 riority-queue out mls qos trust device cisco-phone mls qos trust cos auto qos voip cisco-phone service-policy input Autogo: -CiscoPhone -CiscoPhone 366 Implementing Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, neOn switch DSWI: ip dhop excluded-address 10.1.63.1 10.1.63.49 ip dhcp excluded-address 10.1.63.100 10.1.63.255 ip dhop excluded-address 10.1.64.1 10.1.64.49 ip dhcp excluded-address 10.1.64-100 10.1.64.255 ip dhcp pool vian63 network 10.1.63.0 255.255.255.0 default-routér i0.1.63.1 option 150 ip 10.1.63.11 10.1.64.12 Lease @ ip dhop pool viané4 network 10.1.64.0 255.255.255.0 default-router 10.1.64.1 option 150 ip 10.1.63.11 10.1.64.12 lease 8 interface FastEthernet0/5 switchport mode trunk switchport trunk allowed vlan 3,4,11,12,63-65 srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust deep auto gos voip trust interface FastEthernet0/6 switchport mode trunk switchport trunk allowed vlan 3,4,11,12,63-65 srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust dscp auto gos voip trust interface FastEthernet0/7 switchport mode trunk switchport trunk allowed vlan 3,4,11,12,63-65 srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust decp auto gos voip trust interface FastEtherneto/15 switchport mode access switchport access vlan 63 srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust dscp auto gos voip trust no shut interface Vian 62 ip address 10.1.63.3 255.255.255.0 standby 63 ip 10.1.63.1 standby 63 priority 120 standby 63 preempt standby 63 track Port-channel31 30 standby 63 track Port-channel32 30 interface Vian 64 ip address 10.1.64.3 255.255.255.0 standby 64 ip 10.1.64.1 standby 64 priority 120 standby 64 preempt standby 64 track Port-channel31 30 standby 64 track Port-channel32 30 (© 2009 Cisco Systems. Ine Lab Guide 387On switch DSW: ip dhop excluded-address 10.1.63.1 10.1.63.99 ip dhcp excluded-address 10.1.63.150 10.1.63.255 ip dhop excluded-address 10.1.64.1 10.1.64.99 ip dhcp excluded-address 10.1.64-150 10.1.64.255 ip dhcp pool vian63 network 10.1.63.0 255.255.255.0 default-routér i0.1.63.1 option 150 ip 10.1.63.11 10.1.63.12 Lease @ ip dhop pool viané4 network 10.1.64.0 255.255.255.0 default-router 10.1.64.1 option 150 ip 10.1.63.11 10.1.64.12 lease 8 interface FastEthernet 0/5 switchport mode trunk switchport trunk allowed vlan 3,4,11,12,63-65 srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust dscp auto gos voip trust interface FastEthernet 0/6 switchport mode trunk switchport trunk allowed vlan 3,4,11,12,63-65 srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust dscp auto gos voip trust interface FastEthernet 0/7 switchport mode trunk switchport trunk allowed vlan 3,4,11,12,63-65 srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust decp auto gos voip trust interface FastBtherneto/15 Switchport mode access switchport access vlan 63 srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust dscp auto gos voip trust no shut interface Vian 63 ip address 10.1.63.2 255.255.255.0 standby 63 ip 10.1.63.1 standby 63 priority 120 standby 63 preempt standby 63 track Port-channel31 30 standby 63 track Port-channel32 30 interface Vian 64 ip address 10.1.64.2 255.255.255.0 standby 64 ip 10.1.64.1 standby 64 priority 120 standby 64 preempt standby 64 track Port-channel31 30 standby 64 track Port-channel32 30 368 Implementina Cisco Switched Networks (SWITCH) v1.0 (@ 2009 Cisco Systems, IneOn switches CSWI and CSW2: interface FastEthernet0/1 no switchport no ip address srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust dscp auto gos voip trust channel-group 31 mode on interface FastEthernet0/2 no switchport no ip address srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust dscp auto gos voip trust channel-group 31 mode on interface FastEthemet0/3 no switchport no ip address srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust dscp auto gos voip trust channel-group 32 mode on interface FastEthernet0/4 no switchport no ip address srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust dscp auto gos voip trust channel-group 32 mode on (© 2009 Cisco Systems. Ine Lab Guide 369Lab 9-1 Integrating Wireless in the Campu: ‘On ASWI: interface FastBtherneto/11 description API switchport trunk allowed vlan 4,63 switchport mode trunk interface FastBtherneto/12 description AP2 switchport trunk allowed vlan 4,63 switchport mode trunk interface FastBtherneto/13 description AP3 switchport access vlan 11 switchport mode access spanning-tree portfast mis gos trust dscp On ASW2: interface FastBtherneto/11 description AP4 switchport trunk allowed vlan 4,63 switchport mode trunk interface FastBtherneto/12 description APS switchport trunk allowed vlan 4,63 switchport mode trunk interface FastBtherneto/13 description APS switchport access vlan 11 switchport mode access spanning-tree portfast mls gos trust dscp On DSWI: mis qos interface FastBtherneto/11 description WLCL switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,4,11,63 switchport mode trunk channel-group 11 mode on spanning-tree portfast trunk mls qos trust cos interface FastBtherneto/12 description WCS1 switchport mode access switchport access vlan 3 370 Implementina Cisco Switched Networks (SWITCH) v1.0 (@ 2009 Cisco Systems, IneOn DSW2: mis qos interface FastBtherneto/11 description WLC2 switchport trunk encapsulation dotiq switchport trunk allowed vlan 1,4,11,63 switchport mode trunk channel-group 11 mode on spanning-tree portfast trunk mis qos trust cos interface FastEtherneto/12 description WCS2 switchport mode access switchport access vlan 4 (© 2009 Cisco Systems. Ine Lab Guide 371Pod Physical Ports Map During the implementation process, you must determine, for each switch, the port that connects to each neighbor. The ports represented on each device connection in the Visual Objective are generic ports, Each port can represent one or several physical interfaces. Use the following, table to document the physical interfaces used in your pod. You will use this information throughout the labs: Physical Port in Your Pod Port Name on the Map Pt Pa P3 Pa Ps Pt Pa P3 Pa Ps Pt Pa Pt Pa S/slslslslsigisl/gieis 2/6/8/8|6|4\e|8|8|@|alzlzlele é z z i 2 = i 2 5 i : 2yrl|@l/e&prle&l|e&lale |e lel ek&lale|elale 2/8/88 /2/2/218/ 2/2) 2) 2] a]2\ ela] 372 __Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, nesuogneg }S8 11H MON 1-1 qe] 104 aatjoafqo Jensip Lab 1-1 Visual Objective 373 Lab Guide (© 2009 Cisco Systems. Inezwei bauatig jeuueyoseu) pue ‘syund, ‘SNY TA JUawWa;duy| pue uBisagq :1-7 qe 10} aaijoalqo jensiA Lab 2-1 Visual Objective (@ 2009 Cisco Systems, Ine Implementing Cisco Switched Networks (SWITCH) v1.0 374sonss| Ayunoag pue uonesinByuoy NY TA UoWWOD yooysa|qnosl :2-Z qe] 40} aanoal[qo jensip Lab 2-2 Visual Objective 375 Lab Guide (© 2009 Cisco Systems. IneLab 2-3 Visual Objective jyuswajduy :¢- z zwar, wag SNVA 818Alld ge7] 103 aajoalqo jensi, (@ 2009 Cisco Systems, Ine Implementing Cisco Switched Networks (SWITCH) v1.0 37699 'r9 ZL 'PSNYTAZ eoURISUl 99 '€9 ‘LL ‘e“L SNVIA | eouersut ‘uonein6yuoo 1SWV | eoueisu} Alepucsag. Z e0ueIsu) 100%) ‘euoqyoeg so isa Z eoueysuy Atepuoses, 1 20ue3suI 004 a1), Buluueds ajdninw juawa|du] :}-¢ qe] 40} aajoafqo jensiA Lab 3-1 Visual Objective 377 Lab Guide (© 2009 Cisco Systems. IneLab 3-2 Visual Objective zwei, L weg, ‘suoqyeg, imso. iwisa NYA 26pug 100% AesLooag, ®RYTA eBpUC :00u, Ucnesnfqios +isund +LSYAd yuawa|duy :z-¢ qe] 10} aaljoalqo jensip (@ 2009 Cisco Systems, Ine Implementing Cisco Switched Networks (SWITCH) v1.0 378aes aigesips9.ul "ye Bunn soanss| 9011) Buluueds jooysajqnoly :€-€ Ge] 40) aaoa![qo JensiA Lab 3-3 Visual Objective 378 Lab Guide (© 2009 Cisco Systems. IneLab 4-1 Visual Objective sjouers .¢/ ‘Momyeu 9232 VOL veg JOH 229g JOH euatey zuefey Buynoy NV TA-~49}U] juawajduy :}-~7 qe 10} aanoalqo jensipA (© 2009 Cisco Systems, ne Implementing Cisco Switched Networks (SWITCH) v1.0 380sougns [oy 4aweUC'eSz IL Souepunpa. oN ‘aunepoee zauelic bawattc Souepunpa. on 1940 zu0he7 Buynoy NVTA-493u| yOoysa|qno4l :Z-7 qe 404 anyoalqo jensiA Lab 4-2 Visual Objective 381 Lab Guide (© 2009 Cisco Systems. IneLab 5-1 Visual Objective AOI VS dl YH HUT ISA, aso 7 oso ns / ashe NOI VIS di UUM UT SAL, AWS / Bojshg uBIsog YJOM}JON e ul Burioday pue Ayiqepeny ybIH yuawa|duy] :}-G qe] 10} aAdafqoc jensiA (@ 2009 Cisco Systems, Ine Implementing Cisco Switched Networks (SWITCH) v1.0 382Lab 6-1 Visual Objective i) Visual Objective for Lab 6-1: Implement and Tune HSRP (© 2009 Cisco Systems. Ine Lab Guide 383Lab 6-2 Visual Objective reese OL Ry sd_n wD . - 9 > ~~ SN “(O sucayneg ha ee z we, aa sl Lawany dyuyA jyuaweajdul| :7-9 qe7] 10} aaljoalqo jensip (@ 2009 Cisco Systems, Ine Implementing Cisco Switched Networks (SWITCH) v1.0 364uapapid Buyoods dey pLe d9-40 Lcmpareld ¥eRY ALS euye) Aua9 -70¥\ ‘Aunoeg og 2euyor Aua9 “104, ‘Aanoeg og syoeny Aynoag azeBiIIW 0} SOYdHIMS YIOMJON @4N9S :}-Z qe] 104 BADalqGO JeNsIA Lab 7-1 Visual Objective 385 Lab Guide (© 2009 Cisco Systems. IneYIOMJON SNdwey e ul dIOA JO UOHeDYLAA Pue UOHe}UDWA|dU] URI, :1-8 Ge7 40) dAtDafqo JeNsiA Lab 8-1 Visual Objective (@ 2009 Cisco Systems, Ine Implementing Cisco Switched Networks (SWITCH) v1.0 386om som dv dvauH dv YIOMJON SNdwey ay} Ul SSAjaJINA ajyesBayu] : 1-6 qe] 10} aADafqo jensi~p Lab 9-1 Visual Objective 387 Lab Guide (© 2009 Cisco Systems. Ine388 Implementina Cisco Switched Networks (SWITCH) v1.0 (© 2009 Cisco Systems, ne