FL Switch 104 LG

SWITCH
Implementing Cisco
IP Switched Networks
Version 1.0
Fast lane Lab Guide

Version 1.0.4
Fast Lane Institute for Knowledge Transfer GmbH

Oranienburgerstr. 66, 10117 Berlin
www.flane.de info@flane.de
SWITCH
Lab Guide
Overview
This guide presents the instructions and other information concerning the lab activities for the
course. Hints are provided at the end of each lab. Ending configurations for each lab are provided
at the end of the Lab Guide.
Outline
This guide includes these activities:
Lab 1-1: New Hire Test
Lab 2-1: Design and Implement VLANs, Trunks, and EtherChannel
Lab 2-2: Troubleshoot Common VLAN Configuration and Security Issues
Lab 2-3: Implement Private VLANs
Lab 3-1: Implement Multiple Spanning Tree
Lab 3-2: Implement PVRST+
Lab 3-3: Troubleshoot Spanning Tree Issues
Lab 4-1: Implement Inter-VLAN Routing
Lab 4-2: Troubleshoot Inter-VLAN Routing
Lab 5-1: Implement High Availability and Reporting in a Network Design
Lab 6-1: Implement and Tune HSRP
Lab 6-2: Implement VRRP
Lab 7-1: Secure Network Switches to Mitigate Security Attacks
Lab 8-1: Plan Implementation and Verification of VoIP in a Campus Network
Lab 9-1: Integrate Wireless in the Campus

Complete this lab activity to confirm and refresh your skills from Interconnecting Cisco
Networking Devices Part 1 (ICND1) and Interconnecting Cisco Networking Devices Part 2
(ICND2).
Activity Objective
You are a Cisco CCNA, and you are at a job interview. The hiring manager hands you a packet
of information, leads you to a terminal, and simply says, Implement this. Your task is to plan
the implementation, then effectively configure the lab devices as per the given specifications
before verifying that your configuration fulfills the requirements. Carefully read the Information
Packet Materials section on the following pages, and proceed through the lab to establish an
implementation requirements list, create an implementation and verification plan, and then
configure the lab devices as per the specifications. Do not forget to verify and document your
verifications, as the job interview results will depend on your implementation of the solution.
After completing this activity, you will be able to meet these objectives:
Prepare basic configuration templates for your switches
Explore the remote lab device connections
Deploy configuration templates to your switches
Verify your configurations according to the verification plan you created
Implementing Cisco Switched Networks (SWITCH) v1.0
2009 Cisco Systems, Inc.
Information Packet Materials

This section contains the information that was given to you by the hiring manager at your
interview, and includes the information needed to accomplish in this activity. Read it carefully.
The Information Packet Materials describe the requirements common to all devices in the
network, along with information specific to each device.
Implementation Policy
The company has a large network. It is clearly stated that some settings must be consistent from
one networking device to the next. The following list details the initial configuration
requirements for all switches that will be connected to the company network. Your configuration
must be consistent with these requirements:
All switches must have a hostname. Hostnames are unique and must match the switch
designation on the network diagram displayed in the following pages.
Telnet is allowed to all possible vty interfaces and must be configured.
Initial console access does not need to be protected by a password. Vty access and the enable
password must be protected by a password.
All passwords are cisco.
Terminal idle timeout must be set to 0 (unlimited).
The logging synchronous command should be used so that logging messages appearing on
the console of each switch do not disturb commands that are being entered.
Log messages should appear with a time stamp.
Time should be configured on the switches to match the current time in your class.
Commands entered incorrectly should not cause the switches to attempt to resolve the entry
as a DNS name.
Unless stated otherwise, the speed and duplex settings for all interfaces must be left to auto.
All unused interfaces must be set to shutdown.
All devices must have an IP address so that they can be managed remotely.
Client1 is connected to interface fa0/3 on switch ASW1 ( logical port P3 )
Client2 is connected to interface fa0/3 on switch ASW2 ( logical port P3 )
Lab Guide
Device Information
The table provides the information specific to each device in the network:
Device Name
Role
IP Address
Gateway
VLAN
ASW1
Layer 2 access switch
10.1.1.1/24
10.1.1.251
ASW2
10.1.1.2/24
10.1.1.252
DSW1
Layer 3 switch
10.1.1.11/24
10.1.1.251
DSW2
Layer 3 switch
10.1.1.22/24
10.1.1.252
CSW1
Layer 3 switch
10.1.1.111/24
10.1.1.251
CSW2
Layer 3 switch
10.1.1.222/24
10.1.1.252
R1
Router
Fa0/0: 10.1.1.251/24
R2
Router
Fa0/0: 10.1.1.252/24
During the implementation process you must determine, for each switch, which port connects to
which neighbor. The ports represented on each device connection in the Visual Objective are
generic ports. Each port can represent one or several physical interfaces. When implementing
your solution in Task 3, use the Pod Physical Ports Map table, available at the end of this Lab
Guide, to document the physical interfaces used in your pod, and report this information on the
large network diagram for this lab (Lab 1-1), which is also available at the end of this Lab Guide.
You will use this information throughout the labs.
Visual Objective
The figure illustrates what you will accomplish in this activity.
Visual Objective for Lab 1-1: New Hire Test
2009 Cisco Systems, Inc. All rights reserved.
SWITCH v1.03
You can use the large version of the Visual Objective, which is available at the end of this Lab
Guide, to write notes on the diagram.
Lab Guide
Command List
The table describes the commands that are used in this activity.
Command
Description
configure terminal
Enters global configuration mode, from privileged EXEC mode.
clock set hh:mm [:ss] month day

year
Manually sets the clock on the device.
copy running-config startupconfig
Saves your entries in the configuration file.
default-router address [address2 ...

address8]
(Optional) Specifies the IP address of the default router for a

DHCP client. The IP address should be on the same subnet as
the client. One IP address is required; however, you can specify
up to eight IP addresses in one command line. These default
routers are listed in order of preference; that is, address is the
most preferred router, address2 is the next most preferred
router, and so on.
description description
Adds a description (up to 240 characters) for an interface.
domain-name domain
Specifies the domain name for the client.
duplex {auto | full | half}
Sets the duplex parameter for the interface.
enable secret password
Sets the privileged EXEC mode command interpreter.
exec-timeout 0 0
Sets the idle terminal timeout interval.
exit
Exits the current mode.
hostname hostname
Manually configures a system name.
interface fastethernet |
gigabitethernet slot/port
Enters interface configuration mode for a Cisco Catalyst switch

with a Fast Ethernet or Gigabit Ethernet interface installed.
interface range fastethernet |

gigabitethernet slot/starting_port ending_port
Specifies the range of interfaces (VLANs or physical ports)

configured, and enters interface-range configuration mode.
interface vlan 1
Enters interface configuration mode, and enters the VLAN to

which the IP information is assigned.
ip address ip address subnet-mask
Sets the IP address and subnet mask.
ip default-gateway
Defines a default gateway (router) when IP routing is disabled.
line [aux | console | vty] beginningline-number [ending-line-number]
Modifies console, aux, and virtual terminal settings.
logging console
Enables message logging.
logging synchronous
Enables synchronous logging of messages.
login
Enables password checking at login.
no ip domain-lookup
Disables DNS-based hostname-to-address translation on the

switch.
no shutdown
Brings up an interface.
password password
Assigns a password to a terminal or other device on a line.
ping ip-address
Sends an ICMP echo request to an IP address.
service timestamps log datetime

[msec] [localtime][show-timezone]
Enables time stamps on log messages. Depending on the

options selected, the time stamp can include the date, time in
milliseconds relative to the local time zone, and the time zone
name.
service timestamps log uptime
Enables time stamps on log messages, showing the time since

the system was rebooted.
show cdp neighbors [interface-id]

[detail]
Displays Cisco Discovery Protocol information about neighbors,

including device type, interface type and number, holdtime
settings, capabilities, platform, and port ID.
show interfaces fastethernet

mod/port switchport
Displays administrative and operational status of switching

(nonrouting) ports.
show interfaces status
Displays interface status.
show running-config
Verifies your entries.
shutdown
Shuts down an interface.
speed {10 | 100 | 1000 | auto [10 |

100 | 1000] | nonegotiate}
Sets the appropriate speed parameter for the interface: Enter

10, 100, or 1000 to set a specific speed for the interface. The
1000 keyword is available only for 10/100/1000 Mb/s ports.
Enter auto to enable the interface to autonegotiate speed with
the connected device. If you use the 10, 100, or the 1000
keywords with the auto keyword, the port autonegotiates only at
the specified speeds. The nonegotiate keyword is available
only for SFP module ports. SFP module ports operate only at
1000 Mb/s, but can be configured not to negotiate if connected
to a device that does not support autonegotiation.
telnet ip-address
Uses Telnet to connect to an IP address.
Job Aids
These are the job aids for this lab activity:
Value
Location
Blank implementation requirements list
Task 1
Blank implementation and verification plan

form
Task 2
Blank verification notes form
Task 3
Alternate resources and solutions form
End of this lab
Key commands and tools used form
End of this lab
Implementation requirements hints
Hints section at the end of this lab
Implementation plan hints
Verification plan hints
Solution configuration answer key (step-bystep procedure)
Configuration section at the end of this lab
Lab Guide
Task 1: Establish an Implementation Requirements List

The first step in your configuration deployment is to create a list of the items needed to configure
each device (for example, device names, password values, trunk encapsulation types, etc.). Use
the following table, the Visual Objective for this lab, and the information in the Implementation
Policy and Device Information sections to create an Implementation Requirements list.
Include the high-level implementation tasks needed for each device and how to obtain the
information required for each task. If you are unsure, use the information provided in the Hints
section at the end of this lab.
Device
High-Level Task
Information Source
Task 2: Create an Implementation and Verification Plan

The second step in your configuration deployment is to create a task list that includes each item
that must be configured on each device and in what order the items must be configured. The
Implementation and Verification Plan is very important because it enables you to ensure that all
requirements are properly configured and in the correct order. The task will help you set up
configuration checkpoints. Use the plan to determine how you will verify that each required item
was effectively configured. You will move to the actual implementation in the next task. Use the
following table and the Information Packet Materials section to create the Implementation and
Verification Plan. If you are unsure, use the information provided in the Hints section at the
end of this lab.
Complete
Device
Implementation
Order
Values and Items to

Implement
Verification Method and

Expected Results
Lab Guide
Complete
10
Device
Implementation
Order
Values and Items to

Implement

Expected Results
Task 3: Implement and Verify

Now that you have all of the requirements and have planned the implementation, you are ready to
connect to the remote lab. You can then implement your solution. Do not forget to save. Once
your solution is implemented, verify that your configuration is working and that it fulfills the
requirements specified by the hiring manager. Keep in mind that once you leave the company, a
network specialist will verify your configuration. Your ability to implement the solution
according to the specifications given to you by the hiring manager will determine whether or not
you get the job.
Lab Guide
11
Student Notes
Use the following space to document the details that you think are important to remember.
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
12
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
13
Alternate Resources and Solutions

Other groups may use a solution that is different from yours. Possible solutions will be discussed
during the debriefing period after the lab. For your reference, use the following space to
document other possible solutions.
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
14
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
15
Lab 1-1: Key Commands and Tools Used

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
16
Hints
You are encouraged to complete the labs using your knowledge. However, if you need help, this
section contains a series of hints to help you complete the lab.
Lab 1-1 Hint Sheet: New Hire Test

Implementation Requirements
To facilitate the configuration of your network, the Task 1 asks you to create an Implementation
Requirements list. The list details the elements needed to develop an implementation plan. The
following is an example of such a list:
Device
Implementation Requirement
Lab 1-1 Section Containing Hint
All
switches
Neighbor list and connected ports
show cdp neighbor in Command List; Pod Physical

Ports Map table at the end of this Lab Guide
Hostname
Visual Objective
Enable, line vty 0 15 password

cisco
Log in on line vty 0 15
VLAN 1 IP address
Device Information
Gateway
Device Information
Idle timeout set to 0
Log messages on the console,

with a time stamp
Current time in the class
No DNS lookup
Unused interfaces shutdown
Show cdp neighbor in Command List; Pod Physical

Ports Map table at the end of this Lab Guide
Lab Guide
17
Implementation Plan
In Task 2, you will create an implementation plan. There are several possible correct solutions.
One possible approach groups items that are common to all switches in a template and then
applies the template to all switches. You can then configure each switch with items that are
unique to each device, such as IP addresses or gateways. The common template could be named
Common_Template, created in a text editor, copied and pasted as appropriate, and could
contain the following items:
enable secret cisco
no ip domain-lookup
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 15
password cisco
login
service timestamp log datetime
An example of the implementation plan is shown in this table.

Complete
Device
Implementation
Order
Values and Items to Implement
Step Number
All
Paste Common_Template.
Per
switch
Configure hostname.
Per
switch
Configure VLAN 1 IP address.
Per
switch
Configure switch gateway.
Per
switch
Configure current time and date.
Per
switch
Verify neighbor ports.
Per
switch
Shut down unused ports.
Per
switch
Verify connectivity to the gateway.
Per
switch
Verify configuration.
18
Verification Plan
Complete
Device
Values and Items to

Implement

Expected Results
Step Number
All
Paste
Common_Template
Verify enable secret. As this

is the first line of the
template, its correct value
indicates that the first part of
the script was pasted
properly.
Paste
Common_Template
Verify while pasting the

template that no error is
reported.
Paste
Common_Template
Verify the implementation of

no ip domain-lookup.
Because this is the last line
of the template, its success
shows that the template was
successfully implemented.
You can verify no ip domain
lookup by using show
running-config or by
entering a bogus command
and verifying that the switch
does not attempt DNS
resolution.
Configure Hostname
Prompt should display the

switch name.
Configure VLAN 1 IP
address
The show ip interface brief

command should display the
right address.
10
Configure default
gateway
The show running-config

command should show the
gateway information.
11
Configure time and

date
Show clock.
12
Shut unused ports
Use the show cdp

neighbors command to
display neighbors and ports,
and show running-config to
verify that the other ports are
shut.
Verify connectivity
Ping the default gateway; the

ping should be successful.
As an extra verification, ping
the other switches. Pings
should be successful.
Lab Guide
19
Step-by-Step Procedure
Step 1
Connect to the switch interface in configuration mode.
Connect to the remote lab.
Access the Switch console.
Enter privilege mode, using the enable command.
Enter configuration mode, using the configure terminal command.

Paste the Common_Template file into the console.
Step 2
Create a notepad text file named Common_template and containing the lines:
enable secret cisco
no ip domain-lookup
service timestamp log datetime
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 15
password cisco
login
Paste the Common_Template file content into the console.

Verify as you paste that no error message is reported.
Step 3
Configure the switch hostname and IP information. Use these commands, for example in
switch ASW1:
hostname ASW1
interface VLAN 1
ip address 10.1.1.1 255.255.255.0
exit
ip default-gateway 10.1.1.251
end
The information in italics is specific to switch ASW1. Use the Device Information table in the
Information Packet Materials section to find the relevant name and IP information for each
switch.
Step 4
Configure the current time and date on the switch. Use the command clock set; for
example:
clock set 10:06:39 08 Aug 2009
20
Step 5
Verify neighbor and connecting ports using Cisco Discovery Protocol. For example:
show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID
DSW2
DSW1
Local Intrfce
Fas 0/2
Fas 0/1
Holdtme
129
129
Capability Platform Port ID

R S I
WS-C3560- Fas 0/7
R S I
WS-C3560- Fas 0/6
In this example, the local switch has two neighbors, switches DSW2 and DSW1. The local
switch connects to switch DSW2 from interface F0/2, which links to switch DSW2 interface f0/7.
The local switch connects to switch DSW1 from interface f0/1, which links to switch DSW1
interface f0/6.
Step 6
Shut down all ports except links to neighbors:

configure terminal
interface range f0/4 8
shutdown
interface gi0/1
shutdown
end
This example applies to switch ASW1. On each switch, use the show cdp neighbor information
command to determine which local interfaces are to remain enabled.
Step 7
Verify connectivity to the gateway:

ping 10.1.1.251
type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.251, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms
Step 8
Verify enable password and hostname (using prompt):

ASW1#disable
ASW1>enable
Password: cisco
ASW1#
Step 9
Verify no ip domain-lookup, last line of the template:

getmethere
Translating "getmethere"
% Unknown command or computer name, or unable to find computer address
Step 10
Verify IP address:
sh ip interface brie
Interface
Protocol
Vlan1
Step 11
IP-Address
OK? Method Status
10.1.1.1
YES manual up
up
Verify gateway:
sh run | beg ip default
Step 12
Verify time:
show clock
16:26:43.545 eastern Sat Jun 6 2009
Lab Guide
21
Lab 2-1: Design and Implement VLANs, Trunks,

and EtherChannel
Complete this lab activity to practice what you learned in the related module.
Activity Objective
You were hired by NotaRoute, Inc. to design and configure their branch office Layer 2 network.
Their network is not fully ready yet, but later on they intend to implement several servers and
additional routers. They know that some devices are supposed to be in VLANs and others in
trunks, but this is where their knowledge ends. They provided you with a cabling plan and asked
you to help them design and configure a typical solution for their network on a test lab. You need
to configure the existing network equipment to use the devices once they are installed. Your
configuration will be used by the customer as a configuration template as additional network
equipment is purchased.
When collecting information about their network infrastructure, you found that their requirements
were all about link types, trunk encapsulation, and EtherChannels. You realize that they have
little understanding about more advanced options such as allowed VLANs, but that they expect
you to guide them and to provide a documented, functional, and reasonably secured network.
22
Plan a segmented Layer 2 network implementation
Create a Layer 2 implementation and verification plan
Implement a full Layer 2 solution including VLANs, trunks, pruning, VTP, and
EtherChannel
Required Resources
This section contains the information needed to accomplish in this activity, and describes the
requirements common to all devices in the network and the information specific to each device.
Read the information carefully.
Note: With the command show alias you can see which alias command can be used for replace
the current running config with an appropriate mentioned configuration file from flash. There
will be a hint in a lab, when you should replace actual configuration with another one from flash.
This deployment builds on Lab 1-1. In other words, keep the configuration from Lab 1-1, and add
the following requirements.
If you have not yet completed Lab 1-1 successfully, than in order to prepare for this lab use
the alias command init-2_1 on the switches. On the routers this is a must!
Not all network equipment is installed. The network infrastructure has been installed but not the
additional servers or the additional routers. Your configuration should include the configuration
for the switch ports to these devices. A quick call to the local administrator identifies the
following elements:
FTP, Web servers, and additional routers are to be connected later. For example, you are
asked to configure the first available port on switches ASW1 and ASW2 for the FTP server,
and the next available port for the WEB server. For example, if the first four ports are already
used after Lab 1-1, configure port 5 for the FTP server and port 6 for the web server. Apply
the same logic for the file servers and the additional routers on switches DSW1 and DSW2.
On each switch, the file server will be on the first available port and the additional router on
the next available port. ( on DSW1 & 2 use int gi0/1 instead of fa0/9 ).
Several IP addresses are already configured on the Ethernet interfaces on each router (routers
R1 and R2) to your pod, as they need to send traffic to several of your VLAN subnets. You
do not need to configure the routers. The switches need to be configured completely, from
VLAN database to link type.
During the conversation, you mentioned VTP and its modes. The local administrator would
like to try VTP, with the following restrictions:
All switches should be in transparent mode.
You should name the domain cisco.
The administrator does not want the pruning feature of VTP to be enabled, and asks
you to manually prune all unnecessary VLANs from the inter-switch links.
Lab Guide
23
Using this information, your task is to design the VLAN topology with some additional
specifications:
Although the network topology allows for large redundancy, redundancy is not to be used at
this stage. Make sure to disable the links between switches ASW1 and DSW2, ASW2 and
DSW1, DSW1 and CSW2, CSW1 and DSW2, DSW1 and DSW2, CSW1 and router R2, and
CSW2 and router R1. In other words, the only connection between the upper part of the
network (switches ASW1, DSW1, and CSW1) and the lower part of the network (switches
ASW2, DSW2, and CSW2) transits through the link between switches CSW1 and CSW2.
Use Cisco Discovery Protocol to determine the links between switches and shut down the
ones that are not needed.
For efficiency, several physical connections exist between some of the switches. To simplify
the network administration, group these physical links into logical links wherever possible.
Where two 100-Mb/s links are grouped, use an IEEE grouping protocol, and make sure that
one end actively tries to negotiate the virtual link creation, while the other only responds to
solicitations and does not actively try to create the link. When there is a grouping of 2
interfaces on the switches DSW1 or DSW2, use only responds function while on all other
switches use the active form for virtual link creation.Where four 100-Mb/s links are to be
grouped, create the virtual link unconditionally without using any negotiation protocol. Use
the description feature on each virtual link to reflect the devices they connect. Also use the
table in the Device Information section.
Client PC in VLAN 3 and client PC in VLAN 4 need to receive their IP address from routers
R1 and R2. R1 and R2 are preconfigured.
Use VLAN 64 on ASW1 and VLAN 66 on ASW2 including them also in the connecting
trunks ( because we need them in other labs, otherwise it makes no sense yet).
Device Information
The table provides the information specific to each switch in the network. This information is the
same as in Lab 1-1:
24
Device Name
Role
IP Address
Gateway
VLAN
ASW1
10.1.1.1/24
10.1.1.251
ASW2
10.1.1.2/24
10.1.1.252
DSW1
Layer 3 switch
10.1.1.11/24
10.1.1.251
DSW2
Layer 3 switch
10.1.1.22/24
10.1.1.252
CSW1
Layer 3 switch
10.1.1.111/24
10.1.1.251
CSW2
Layer 3 switch
10.1.1.222/24
10.1.1.252
R1
Router
Fa0/0: 10.1.1.251/24
R2
Router
Fa0/0: 10.1.1.252/24
The table below provides information about the devices connected or to be connected to the
network. Use the space to document the port in your pod to which each device should connect per
the above policy and the previous lab information:
Device
Role
Network
Location
VLAN
CLT1
Client station
ASW1 P3
CLT2
Client station
ASW2 P3
NR1
Router
DSW1 P7
Trunk
NR2
Router
DSW2 P7
Trunk
WEB1
Web Server
ASW1 P5
11
WEB2
Web Server
ASW2 P5
12
FTP1
FTP Server
ASW1 P4
63
FTP2
FTP Server
ASW2 P4
64
FILE1
File Server
DSW1 P6
65
FILE2
File Server
DSW2 P6
66
Physical Port in Your Lab
Lab Guide
25
Note: The devices NR1, NR2, WEB1, WEB2, FTP1, FTP2, FILE1 and FILE2 do not
exist in real, we only simulate, that these devices are connected!
Some links between switches should be bundled together. The following table shows all possible
numbering conventions for these link bundles. Note that not all of these numbers are needed.
You should use Cisco Discovery Protocol to determine which links between switches can be
bundled. Once you have determined which links must be bundled, use the following table to
apply the right bundle number:
Device
Link To
If Used, Bundle Number Should Be:
ASW1
ASW2
10
ASW1
DSW1
11
ASW1
DSW2
12
ASW2
ASW1
10
ASW2
DSW1
11
ASW2
DSW2
12
DSW1
ASW1
11
DSW1
ASW2
12
DSW1
DSW2
21
DSW1
CSW1
31
DSW1
CSW2
32
DSW2
ASW1
11
DSW2
ASW2
12
DSW2
DSW1
21
DSW2
CSW1
31
DSW2
CSW2
32
CSW1
DSW1
31
CSW1
DSW2
32
CSW1
CSW2
33
CSW2
DSW1
31
CSW2
DSW2
32
CSW2
CSW1
33
Visual Objective
26
Lab 2-1: Design and Implement VLANs,

Trunk, and EtherChannel
FTP
FTP
WWW
WWW
File Server
File Server
SW ITCH v1.02-51
Lab Guide
27
Command List
Configuration Commands
28
Command
Description


gigabitethernet slot/starting_port
- ending_port
Selects a range of interfaces to configure.
name vlan-name
Specifies a name for a VLAN for either VLAN database or VLAN

configuration mode.
no interface vlan vlan-id type
Disables a VLAN interface.
show interface interface-id

switchport
Displays the switch port configuration of the interface.
show interface trunk
Displays the trunk configuration of the interface.
show vlan
Displays VLAN information.
show vtp status
Shows the VTP configuration.
shutdown/no shutdown
Shuts down or enables an interface.
switchport access vlan

vlan-id
Specifies the default VLAN, which is used if the interface stops

trunking.
switchport mode access
Puts the interface into permanent nontrunking mode and

negotiates to convert the link into a nontrunk link.
switchport mode trunk
Puts the interface into permanent trunking mode and negotiates to

convert the link into a trunk link.
switchport nonegotiate
Turns off DTP negotiation.
switchport trunk allowed vlan

all | none | add | remove |
escept vlan-list
Configures the list of VLANs allowed on the trunk.
switchport trunk encapsulation

dot1q
Specifies 802.1Q encapsulation on the trunk link.

isl
Specifies ISL encapsulation on the trunk link.
interface interface-id
channel-group channel-groupnumber mode active | passive |
on
Unconditionally enables Link Aggregation Control Protocol

(LACP). Active mode places an interface into a negotiating state
in which the interface initiates negotiations with other interfaces by
sending LACP packets. A channel is formed with another port
group in either the passive or active mode. When passive mode is
enabled, the port responds to received LACP packets but does
not initiate LACP packet negotiation. In on mode, a usable
EtherChannel exists only when both sides are in the on mode.
show running-config interface

interface-id
Displays interface-specific configuration information.
vtp domain domain-name
Sets the VTP domain name.
vtp mode [ client | server |

transparent ]
Sets the VTP mode.
Job Aids
Value
Location
Task 1

form
Task 2
Task 3
End of this lab
End of this lab
Implementation and verification plan hints
Lab Guide
29

each device (for example, allowed VLANs, VTP role, trunk encapsulation types, etc.). Use the
following table, the lab Visual Objective, and the information in the Implementation Policy and
Device Information sections to create an Implementation Requirements list. Include the highlevel implementation tasks needed for each device and how to obtain the information required for
each task. If you are unsure, use the information provided in the Hints section at the end of this
lab.
Device
30
High-Level Task
Information Source
Device
High-Level Task
Information Source
Lab Guide
31
To help you decide on the VLAN implementation, use the following table to list the VLANs you
will need and determine the devices on which they should be configured:
VLAN
Number
VLAN Name
Configure on Switches:

Implementation and Verification Plan is very important, because it enables you to ensure that all
following table and the information in the Required Resources section to create the
Implementation and Verification Plan. If you are unsure, use the information provided in the
Hints section at the end of this lab.
Complete
32
Device
Implementation
Order
Values and Items to

Implement

Expected Results
Complete
Device
Implementation
Order
Values and Items to

Implement

Expected Results
Lab Guide
33
Complete
34
Device
Implementation
Order
Values and Items to

Implement

Expected Results
Complete
Device
Implementation
Order
Values and Items to

Implement

Expected Results
Lab Guide
35
Complete
36
Device
Implementation
Order
Values and Items to

Implement

Expected Results

connect to the remote lab. You can then implement your solution. Do not forget to save. Once
your solution is implemented, verify that your configuration is working and that it fulfills the
requirements specified by the company. Keep in mind that once you leave the company, they will
use your configuration as a white paper to implement their network. The company will apply
your configuration, without modification, to connect any device of the same type as the one you
configured for each port. Use the previous table to document the verifications you conducted to
ensure that your solution is complete. If you are unsure about the verification steps, use the
information provided in the Hints section at the end of this lab.
Lab Guide
37
Student Notes
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
38
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
39

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
40
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
41

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
42
Hints
Lab 2-1 Hint Sheet: Design and Implement VLANs, Trunks, and EtherChannel
To facilitate the configuration of your network, Task 1 asks you to create an Implementation
Requirements list. The list details the elements needed to develop an implementation plan. The
following is an example of such a list:
Device
ASW1
Port to client CLT1 in VLAN 3.
First available port in VLAN 63.
Second available port in VLAN 11.
Link to switch DSW1 in trunk mode (verify

EtherChannel).
Implementation Policy , Device

Information
Allow VLANs 1, 3, 11, 63 and 65 on trunk.
Implementation Policy, Device

Information

EtherChannel).

Information

Information
VTP transparent, domain cisco, password

cisco.
Configure and shut port(s) to switch DSW2.
Port to client CLT2 in VLAN 4.
Second available port in VLAN 12.

EtherChannel).

Information

Information

EtherChannel).

Information

Information

cisco.
VTP transparent domain cisco, password

cisco.
Second available port in trunk.
ASW2
DSW1
Lab Guide
43
Device
DSW2
44
VLANs 1, 3, 4, 11, 12, 63, 64, 65, and 66 allowed

on trunk.

Information

EtherChannel).

Information

on trunk.

Information
Link to switch ASW1 in trunk mode (verify

EtherChannel).

Information
VLANs 1, 3, 11, 63 and 65 allowed on trunk.

Information

EtherChannel).

Information

Information
Configure and shut port(s) to switch ASW2.
Link to switch CSW1 in trunk mode (verify

EtherChannel).

Information

on trunk.

Information

EtherChannel).

Information

on trunk.

Information
Configure and shut port(s) to switch CSW2.

EtherChannel).

Information

on trunk.

Information

cisco.
Second available port in trunk.

on trunk.

Information

EtherChannel).

Information

on trunk.

Information

EtherChannel).

Information
VLANs 3, 11, 63 and 65 allowed on trunk.

Information
Device
CSW1
CSW2

EtherChannel).

Information

Information
Configure and shut port(s) to switch ASW2.

EtherChannel).

Information

on trunk.

Information

EtherChannel).

Information
VLANs 1, 3, 4, 11, 12, 63, 64, 65 and 66 allowed

on trunk.

Information
Configure and shut port(s) to switch CSW2.

EtherChannel).

Information

on trunk.

Information

cisco.
Link to router R1 in trunk.
Visual Objective

on trunk.

Information
Visual Objective

on trunk.

Information

EtherChannel).

Information

on trunk.

Information

EtherChannel).

Information

on trunk.

Information

EtherChannel).

Information

on trunk.

Information

cisco.
Visual Objective

on trunk.

Information
Lab Guide
45
Device
46
Visual Objective

on trunk.

Information

EtherChannel).

Information

on trunk.

Information

EtherChannel).

Information

on trunk.

Information

EtherChannel).

Information

on trunk.

Information
Implementation and Verification Plan

In Task 2, you will create an implementation and verification plan. There are several possible
correct solutions. One possible approach groups items that are common to all switches in a
template and then applies the template to all switches. You can then configure each switch with
items that are unique to each device, interface mode, or EtherChannel links. The common
template could be named Common_Template, just like in the previous lab. For this lab, the
template could contain the following items:
vtp mode transparent
vtp domain cisco
vtp password cisco
vlan 3,4,11,12,63-66
You can implement this template on switches CSW1, CSW2, DSW1, and DSW2. Switches
ASW1 and ASW2 require specific VLAN configuration, so you may want to configure them
manually. An example of the Implementation and Verification Plan follows.
Complete
Device
Implementation
Order
Values and Items to

Implement
Verification Method and Expected

Results
Step
Number
CSW1
show vtp status (shows transparent,

domain cisco, password cisco)
Configure trunk link to R1,

allowed VLANs 1, 3, 4, 11,
12, 63, 64, 65 and 66.
show run interface to router R1,

trunk, allowed VLANs 1, 3, 4, 11, 12,
63, 64, 65 and 65, show interface
trunk

allowed VLANs 1, 3, 4, 11
12, 63, 64, 65, and 66.
Shut link down.

trunk
(Verify if needed and)

configure EtherChannel to
switch CSW2, on if 4 links,
LACP if 2 links.
show etherchannel status active or

on
Configure trunk to switch

CSW2, allowed VLANs 1,
3, 4, 11, 12, 63, 64, 65 and
66.
show run interface to switch CSW2,

63, 64, 65, and 66, show interface
trunk

switch DSW2 on if 4 links,
LACP if 2 links.

on

DSW2, allowed VLANs 1,
3, 4, 11, 12, 63, 64, 65, and
66. Shut link down.
show run interface to switch DSW2,

trunk allowed VLANs 1, 3, 4, 11, 12,
63, 64, 65, and 66, link shut.

switch DSW1, on if 4 links,
LACP if 2 links.

on
Lab Guide
47
Complete
Device
CSW2
DSW1
48
Implementation
Order
Values and Items to

Implement

Results
Step
Number

3, 4, 11, 12, 63, 64, 65, and
66.

trunk, allowed 1, 3, 4, 11, 12, 63, 64,
65, and 66, show interface trunk


12, 63, 64, 65 and 66. Shut
link down.

trunk

12, 63, 64, 65 and 66.

trunk

LACP if 2 links.

on

3, 4, 11, 12, 63, 64, 65, and
66.

trunk

LACP if 2 links.

on

3, 4, 11, 12, 63, 64, 65, and
66. Shut link down.

trunk allowed VLANs 1, 3, 4, 11, 12,
63, 64, 65, and 66

LACP if 2 links.

on.

3, 4, 11, 12, 63, 64, 65, and
66. Shut link down.

trunk, allowed 1, 3, 4, 11, 12, 63, 64,
65, and 66, link shut.
Paste Common_Template,
change VTP mode to
server.

10

LACP if 2 links.
show etherchannel status passive

or on
11/12

3, 4, 11, 12, 63, 64, 65, and
66.

trunk
14
Complete
Device
DSW2
Implementation
Order
Values and Items to

Implement

Results
Step
Number

LACP if 2 links.

or on
11/12

3, 4, 11, 12, 63, 64, 65, and
66. Shut link down.

63, 64, 65, and 66, link shut
15

LACP if 2 links.

or on
11/12

3, 4, 11, 12, 63, 64, 65, and
66. Shut link down.

63, 64, 65, and 66, link shut
13

switch ASW1, on if 4 links,
LACP if 2 links.

or on
11/12

ASW1, allowed VLANs 1,
3, 11, 63 and 65.
show run interface to switch ASW1,

trunk, allowed VLANs 1, 3, 11, 63 and
65, show interface trunk
16
10

LACP if 2 links.

or on
11/12
11

2, 12, 64 and 66. Shut link
down.

16
12
Configure first available

port in access mode, VLAN
65. Activate link.
First available port in access mode,

VLAN 65.
18
13
Configure second available

port in trunk, allowed
VLANs 1, 3, 4, 11, 12, 63,
64, 65, and 66. Activate
link.
Second available port in trunk,

allowed VLANs 1, 3, 4, 11, 12, 63, 64,
65, and 66, show interface trunk
19

21

LACP if 2 links.

or on
21

3, 4, 11, 12, 63, 64, 65, and
66.

trunk
21
Lab Guide
49
Complete
Device
ASW1
50
Implementation
Order
Values and Items to

Implement

Results
Step
Number

LACP if 2 links.

or on
21

3, 4, 11, 12, 63, 64, 65, and
66. Shut link down.

63, 64, 65, and 66, link shut
21

LACP if 2 links.

or on
21

3, 4, 11, 12, 63, 64, 65, and
66. Shut link down.

63, 64, 65 and 66, link shut
21

LACP if 2 links.

or on
21

down.

21
10

LACP if 2 links.

or on
21
11

4, 12, 64 and 66.

21
12
Configure first available

port in access mode, VLAN
66. Activate link.
First available port in access mode,

VLAN 66.
21
13
Configure second available

port in trunk, allowed
VLANs 1, 3, 4, 11, 12, 63,
64, 65, and 66. Activate
link.
Second available port in trunk,

allowed VLANs 1, 3, 4, 11, 12, 63, 64,
65 and 66, show interface trunk
21
VTP mode transparent,

domain cisco, password
cisco.
show vtp status, transparent,

domain cisco, password cisco
22

LACP if 2 links.

on
23

3, 11, 63, and 65.

trunk, allowed VLANs 1, 3, 11, 63,
and 65, show interface trunk
24
Complete
Device
ASW2
Implementation
Order
Values and Items to

Implement

Results
Step
Number

LACP if 2 links.

on
23

down.

24
Port to client CLT1 in VLAN

3.
show run interface to client CLT1,

access VLAN 3
25
First available port in VLAN

63. Activate link.
show run interface to first available

port, access VLAN 63
26
Second available port in

VLAN 11. Activate link.
show run interface to second

available port, access VLAN 11
27
VTP mode transparent,

domain cisco, password
cisco.
show vtp status, transparent,

domain cisco, password cisco
28

LACP if 2 links.

on
29

down.

30

LACP if 2 links.

on
29

4, 12, 64 and 66.

30
Port to client CLT2 in VLAN

4.
show run interface to client CLT2,

access VLAN 4
31
First available port in VLAN

64. Activate link.
show run interface to first available

port, access VLAN 64, show
interface trunk
32
Second available port in

VLAN 12. Activate link.
show run interface to second

available port, access VLAN 12
33
Lab Guide
51
Step 1
Connect to switch CSW1 in configuration mode.

Inject the Common_Template file.
Step 2
Create a notepad text file named Common_template that contains the lines:
vtp mode transparent
vtp domain cisco
vtp password cisco
vlan 3,4,11,12,63-66
Paste the Common_Template file content into the console.
Verify as you paste that no error message is reported.

Use the show cdp neighbor command to check the port to each neighbor:
Step 3
CSW1#sh cdp ne
Device ID
R1
R2
DSW1
DSW1
DSW2
DSW2
CSW2
CSW2
CSW2
CSW2
Local Intrfce
Fas 0/11
Fas 0/12
Fas 0/2
Fas 0/1
Fas 0/4
Fas 0/3
Fas 0/10
Fas 0/9
Fas 0/8
Fas 0/7
Holdtme
85
85
144
144
148
148
138
138
138
138
Capability
R S I
R S I
S I
S I
R S I
R S I
R S I
R S I
R S I
R S I
Platform
RO-2811RO-2811WS-C3560WS-C3560WS-C3560WS-C3560WS-C3560WS-C3560WS-C3560WS-C3560-
Port ID
Fas 0/0
Fas 0/1
Fas 0/2
Fas 0/1
Fas 0/4
Fas 0/3
Fas 0/10
Fas 0/9
Fas 0/8
Fas 0/7
For each port to routers R1 and R2, enter (taking interface f0/11 as an example):
Step 4
interface f0/11
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,3,4,11,12,63,64,65,66
Step 5
52
Using the show cdp neighbor information, determine if EtherChannel is to be

configured on links to switches CSW2, DSW1, and DSW2:
Switch CSW1 has 4 links to switch CSW2, and EtherChannel mode on should be used.
Switch CSW1 has two links to switch DSW1 and two links to switch DSW2, EtherChannel
mode LACP should be used. Switch CSW1 will be the active side, and switches DSW1 and
DSW2 will be the passive side.
Step 6
Configure the link to switch CSW2, using the show cdp neighbor information and the
EtherChannel table from the Required Resources section of this lab:
interface range f0/7 - 10
channel-group 33 mode on
exit
interface port-channel 33
Step 7
Configure the link to switch DSW1, using the show cdp neighbor information and the
channel-group 31 mode active
exit
Step 8
Configure the link to switch DSW2, using the show cdp neighbor information and the
shutdown
exit
shutdown
Step 9
Repeat Steps 1 to 8 on switch CSW2, shutting down the ports to switch DSW1 and
leaving the ports to switch DSW2 enabled.
Step 10
Repeat Steps 1 and 2 on switch DSW1.
Step 11
Use the show cdp neighbor information to discover neighbors:

DSW1#sh cdp ne
Device ID
ASW1
ASW2
DSW2
CSW2
CSW2
CSW1
CSW1
Local Intrfce
Fas 0/6
Fas 0/7
Fas 0/5
Fas 0/4
Fas 0/3
Fas 0/2
Fas 0/1
Holdtme
155
156
130
128
127
163
163
Capability
S I
S I
R S I
R S I
R S I
R S I
R S I
Platform
WS-C2960WS-C2960WS-C3560WS-C3560WS-C3560WS-C3560WS-C3560-
Port ID
Fas 0/1
Fas 0/2
Fas 0/5
Fas 0/4
Fas 0/3
Fas 0/2
Fas 0/1
Lab Guide
53
Step 12
Step 13
Using the show cdp neighbor information, determine if EtherChannel should be

configured on links to switches CSW2, DSW1, and DSW2:
Switch DSW1 has one link to switches ASW1 and ASW2, one link to switch DSW2.
EtherChannel should not be used.
DSW1 has two links to switch CSW1 and two links to switch CSW2. EtherChannel mode
LACP should be used. Switch DSW1 will be the passive side for links to switches CSW1 and
CSW2.
Configure the link to switch DSW2, using the show cdp neighbor information:
interface f0/5
shutdown
Step 14
channel-group 31 mode passive
exit
Step 15
shutdown
exit
shutdown
DSW1#sh etherchann
Channel-group listing:
---------------------Group: 31
---------Group state = L2
Ports: 2
Maxports = 8
Port-channels: 1 Max Port-channels = 1
Protocol:
Minimum Links: 0
Group: 32
---------Group state = L2
Ports: 2
Maxports = 8
Port-channels: 1 Max Port-channels = 1
Protocol:
Minimum Links: 0
54
Step 16
Configure the link to switch ASW1, using the show cdp neighbor information:
interface f0/6
switchport trunk allowed vlan 1,3,11,63,65
Step 17
Configure the link to switch ASW2, using the show cdp neighbor information:
interface f0/7
Step 18
Configure the link to the file server:

interface f0/8
switchport access vlan 65
Step 19
Configure the link to the new router:

interface gi0/1
Step 20
Step 21
Repeat Steps 1 and 2, then Steps 11 to 19 on switch DSW2, leaving links to switch
CSW2 enabled and links to switch CSW1 shut down. On the EtherChannel link to switch DSW1,
switch DSW2 is the passive side. The file server is in VLAN 66.
On switch ASW1, configure the VTP mode.
ASW1(config)# vtp domain cisco
ASW1(config)# vtp mode transparent
ASW1(config)# vtp password cisco
ASW1# show vtp status
VTP Version
: running VTP1 (VTP2 capable)
Configuration Revision
: 0
Maximum VLANs supported locally : 1005
Number of existing VLANs
: 17
VTP Operating Mode
: Transparent
VTP Domain Name
: cisco
VTP Pruning Mode
: Disabled
VTP V2 Mode
: Disabled
VTP Traps Generation
: Disabled
MD5 digest
: 0xDE 0x86 0x25 0xBD 0x56 0x50 0xDE 0x3E
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Step 22
Repeat Step 11 to discover neighbors.
Step 23
Use the Step 16 model to configure links to switches DSW1 and DSW2.
Step 24
Configure the link to client CLT1:

interface f0/3
Step 25
Configure the link to the FTP server:

interface f0/4
Step 26
Configure the link to the WEB server:

interface f0/5
Lab Guide
55
Step 27
Repeat Steps 21 on switch ASW2.
Step 28
Repeat Step 22 to discover neighbors.
Step 29
Use the Step 16 model to configure links to switches DSW1 and DSW2.
Step 30
Configure the link to client CLT2:

interface f0/3
Step 31
Configure the link to the FTP server:

interface f0/4
Step 32
Configure the link to the web server:

interface f0/5
56
Lab 2-2: Troubleshoot Common VLAN

Configuration and Security Issues
Activity Objective
There are many issues that can occur when VLANs and trunks are not properly configured.
Everything worked well in the network you configured in the previous lab. Proud of your
achievements, you decided to take a week off. During that time, one of your team assistants,
while preparing for his CCNA, filled in for you and took care of the network. He had to face
several issues, and tried to improve your configuration on a few points. Unfortunately, it seems
that the improvements somehow affected Layer 2 connectivity in your network. In other words,
when you came back, three troubleshooting tickets were waiting for you on your desk. You need
to fix the network quickly using the tools you learned in this module. After completing this
activity, you will be able to meet these objectives:
Diagnose and resolve Layer 2 connectivity problems
Diagnose and resolve VLAN and EtherChannel-related problems
Document troubleshooting progress, configuration changes, and problem resolution
Visual Objective
Visual Objective for Lab 2-2: Troubleshoot

Common VLAN Configuration and Security
Issues
SWITCH v1.05
Lab Guide
57
Command List
The table describes the commands that you will use in this activity.
58
Command
Description
configure terminal
Enters global configuration mode, from privileged EXEC mode.
enable password password
Enters the privileged EXEC mode command interpreter.
exit


- ending_port
name vlan-name

configuration mode.
ping ip-address
Sends an ICMP echo to the designated IP address, using the

default settings of size and response window time.

switchport
show vlan
show vtp status

vlan-id

trunking.



all | none | add | remoce |
except vlan-list

dot1q

isl
telnet ip-address
Starts a terminal emulation program from a PC, router, or switch

that permits you to access network devices remotely over the
network.
Command
Description
on


interface-id
vtp domain domain-name
Sets the VTP domain name in either the VLAN database or

configuration mode.
vtp mode [ client | server |

transparent ]
Sets the VTP mode.
Job Aids
These job aids are available to help you complete the lab activity.
Trouble Tickets
Troubleshooting Log
Lab Guide
59
Trouble Ticket A: Switch Replacement Has Failed

Late on Friday afternoon, the access switch ASW1 failed and your assistant quickly concluded
that the power supply had failed and that the switch needed to be replaced. Luckily, your team
still had a similar switch on the shelf and your assistant rushed to the site to replace it.
When you returned to work and asked your assistant how things went while you were gone, your
assistant tells you that all efforts to restore service failed. Your assistant asks you for help. When
you ask your assistant to describe the exact problem, you are told that it simply does not work.
Your assistant first thought the issue was a result of his configuration on switch ASW1, but then
tried to verify and improve the other switches on the path and is not sure anymore.
A user on PC Client 1 has already started to complain that attempts to access to the network have
failed and that the problem must be fixed today.
Your task is to diagnose the issues and restore switch ASW1 as a fully functional access switch
on the network.
Trouble Ticket B: VLAN 66 Access Problem

Your assistant also reports a call on Thursday evening from the File2 Server administrator. A
backup File2 server was installed beyond the switch CSW2 and no devices in the network seem
to be able to reach VLAN 66 anymore. The File2 Server team first thought of a hacker attack and
removed the File2 server from the network for forensic analysis. The server seems to be
operational. The File2 Server team then decided to try to ping from the router R1 interface in
VLAN 66 to the router R2 interface in VLAN 66. The ping failed. The team is convinced that
your assistant broke connectivity for this VLAN and asks you to fix the issue immediately. Each
lost minute is extremely expensive.
Your task is to identify the misconfigured item and solve the issue to recover connectivity
between the router R1 interface in VLAN 66 to the router R2 interface in VLAN 66. The router
R1 VLAN 66 IP address is 10.1.66.251, and the router R2 VLAN 66 IP address is 10.1.66.252.
Trouble Ticket C: Gateway Unreachable

Your assistant seems to have a number of problems on this Monday morning. Your assistant
complains that hours have already been spent trying to help PC Client 2, who could not reach his
gateway, router R2, anymore. Your assistant is convinced that PC Client 2 broke the PC
configuration, and does not believe that the issue has anything to do with the minor
improvements your assistant made in the network configuration.
Although you trust your assistant, the fact that the issue started as soon as your assistant started
improving the configuration makes you wonder whether there is a configuration issue somewhere
on one switch. The fact that your assistant is reluctant to tell you exactly what improvements
were made when the failure occurred clearly contributes to your doubts.
Your task is to ensure that PC Client 2 can ping router R2.
60
Instructions
As you can see from the troubleshooting tickets, this troubleshooting lab includes three types of
issues ( Use for all switches use the alias command init-2-2 and on the routers use the
alias command init-2_2, afterwards reload all devices with the new configurations in
order to prepare the devices for this lab ):
Trouble Ticket A involves communication issues between switch ASW1 and router R1, and
therefore originates in the upper part of the client network.
Trouble Ticket C involves communication issues between client CLT2 and router R2, and
therefore originates in the lower part of the client network.
Trouble Ticket B involves communication issues between the upper and the lower parts of
the client network.
Together with your team members, create a troubleshooting plan to divide the work, assign each
team member appropriate roles, and coordinate device access among the team members. A
logical way of organizing the workload could be to assign the upper section of the pod (client
CLT1-switch ASW1-switch DSW1-switch CSW1-router R1) to one team and the lower part of
the pod (client CLT2, switches ASW2, DSW2, and CSW2) to a second team. Issues affecting the
upper part of the lab could be solved by the first team. Issues affecting the lower part of the lab
could be solved by the second team. The teams will have to work together to resolve issues
affecting both the upper and lower section. This is an example of a possible organization of the
teams. Whichever organizational model you choose, assign the primary responsibility for each of
the devices to a team member. The team member who has primary responsibility for a device is
in control of the console of that device and changes to the device. This means that no other team
member should access the console, make changes to the device, or execute unauthorized actions,
such as reloading or debugging, without permission from the controlling team member. All team
members can access all devices via Telnet or SSH for nondisruptive diagnostic action, without
the need for permission from the controlling member. Responsibilities can be reassigned during
later labs if necessary.
Once roles have been assigned, work together on Trouble Tickets A, B, and C to resolve the
issues. Document your progress in the Troubleshooting Log provided below in order to help
facilitate efficient communication within the team and to have an overview of your
troubleshooting process for reference during the lab debriefing discussions.
The instructor will provide you with directions to prepare the lab equipment for this lab. After the
instructor indicates that the lab is fully prepared, you are ready to start troubleshooting.
Lab Guide
61
Troubleshooting Log
Use this log to document your actions and results during the troubleshooting process.
Trouble
Ticket
62
Actions and Results
Trouble
Ticket
Actions and Results
Lab Guide
63
Trouble
Ticket
64
Actions and Results
Trouble
Ticket
Actions and Results
Lab Guide
65
Activity Verification
You have completed this lab when you attain the results below.
Trouble Ticket A:
Client PCs that are connected to switch ASW1 can acquire an IP address via DHCP.
Client PCs that are connected to switch ASW1 can ping the gateway router R1.
You have documented your process, your solution, and any changes that you have made to
the device configurations.
Trouble Ticket B:
You can complete an extended ping from the router R1 interface in VLAN 66 to the router
R2 interface in VLAN 66.
Switch CSW2 in VLAN 66 can be reached through all trunks.
Switch CSW2 interfaces in VLAN 66 are properly configured.
Trouble Ticket C:
66
Client PCs that are connected to switch ASW2 can acquire an IP address via DHCP.
Client PCs that are connected to switch ASW2 can ping the gateway router R2.
Trouble Ticket A: Sample Troubleshooting Flow

The following pages illustrate an example of a method that you could follow to diagnose and
resolve Trouble Ticket A.
Usually, you would start troubleshooting the Layer 2 connectivity between devices because you
have discovered that there is no Layer 3 connectivity between two adjacent Layer 2 hosts, such as
two hosts in the same VLAN or a host and its default gateway. Typical symptoms that could lead
you to start examining Layer 2 connectivity would be:
Failing pings between adjacent devices. (Keep in mind, though, that this may also be caused
by a host-based firewall that is blocking pings).
Successful pings between hosts in another Layer 2 domain but sharing the same physical
path, such as hosts in another VLAN on the same link.
Client CLT1 is in VLAN 3 and obtains its IP address from router R1, acting as a DHCP server. A
ping to router R1 interface in VLAN 3 from the client CLT1 command prompt interface fails.
Switch ASW1 is in VLAN 1. Pings from switch ASW1 to the router R1 interface in VLAN 1
succeed. This output shows that there is a physical pathLayer 2 and Layer 3 connectivity
between switch ASW1 and router R1.
You can identify the issue as either a physical connectivity issue between switch ASW1 and
client CLT1 or a VLAN issue.
Lab Guide
67
Key Clue: ASW1 VLAN Configuration

ASW1#sh vlan
VLAN Name
Status
Ports
---- --------------------------- --------- -----------------------------1
default
active
Fa0/2, Fa0/4, Fa0/5 Fa0/6,

Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/12, Fa0/17, Fa0/18, Fa0/23
VLAN0004
active
11
VLAN0011
active
14
VLAN0014
active
63
VLAN0063
active
1002 fddi-default
Fa0/3
act/unsup
SWITCH v1.07
Once you have determined that the problem is most likely a Layer 2 or Layer 1 problem, you will
want to reduce the scope of the potential failures. You can diagnose Layer 2 problems with this
common troubleshooting method:
Verify Layer 1 and Layer 2 connectivity. If Layer 1 connectivity is broken, the interfaces
should be down. If Layer 1 connectivity is established but Layer 2 connectivity is broken, a
useful tool is Cisco Discovery Protocol. Unless Cisco Discovery Protocol is disabled, you
should be able to use it to verify all device adjacencies.
Determine the Layer 2 path. Based on documentation, baselines, and knowledge of your
network in general, the next step is to determine the path that you would expect frames to
follow between the affected hosts. Determining the expected traffic path beforehand will help
you in two ways: It will give you a starting point for gathering information about what is
actually happening on the network, and it will make it easier to spot abnormal behavior. The
second step in determining the Layer 2 path is to follow the expected path and verify that the
links on the expected path are actually up and forwarding traffic. If the actual traffic path is
different from your expected path, this step may give you clues about the particular links or
protocols that are failing and the cause of these failures.
In this case, Layer 2 connectivity might be involved as the VLAN database on switch ASW1
does not show VLAN 3. If the VLAN does not exist, client CLT1 cannot communicate with its
gateway in VLAN 3. You can create VLAN 3 on switch ASW1 from the global configuration
mode.
68
Key Clue: ASW1 Port Configuration

CLT1 is supposed to be in VLAN 3
Show running-config interface f0/3
Building configuration...
Current configuration : 189 bytes
!
interface FastEthernet0/3
description to CLT1
End
Config terminal
Int f0/3
Switchport access vlan 3
% Access VLAN does not exist. Creating vlan 3
SWITCH v1.08
Another key piece of information comes from the previous page, which displays information
about VLAN 11. It is said to be active on interface f0/3, which is the interface to which client
CLT1 connects. Verifying the f0/3 interface configuration shows that it is set to access mode, but
in VLAN 11.
You can change it to VLAN 3. If VLAN 3 has not been created before, the 2960 platform creates
the VLAN automatically as soon as a port is affected to that VLAN.
Trying to ping router R1 from client CLT 1 at this stage would still fail. You need to examine the
issue a little bit further.
Lab Guide
69
Key Clue: ASW1 Trunk Configuration

ASW1#show run int f0/1
!
description to DSW1
!
DSW1# show run int f0/6
!
description to ASW1
!
SW ITCH v1.02-56
The next logical step could be to verify the path from switch ASW1 to switch DSW1. A useful
tool to verify neighbor information is Cisco Discovery Protocol. If switch ASW1 does not
recognize switch DSW1 with Cisco Discovery Protocol, then you should suspect a Layer 1 issue
might be the cause:
ASW1#Show cdp neighbors
Device ID
DSW1
Local Intrfce
Fa 0/1
Holdtme
174
Capability
T I
Platform Port ID
CA 3550 Fa 0/6
Switch DSW1 is recognized, at least by Cisco Discovery Protocol. Switch ASW1 port f0/1
connects to switch DSW1 port f0/6 in this example. Cisco Discovery Protocol is an independent
Layer 2 protocol that may recognize neighboring devices even if the link configuration is partly
incorrect. The next step could be to verify the switch ASW1-DSW1 link configuration. This link
is supposed to be a trunk.
The trunk configuration is correct on switch ASW1 as shown above. If you are managing switch
ASW1, it is time to inform your team that the issue might also be on switch DSW1, and verify
the switch DSW1 link to switch ASW1.
As shown above, the port configuration on switch DSW1 is incorrect. It is set to access mode in
VLAN 65. VLAN 3 information coming from switch ASW1 cannot be received in this mode.
The interface command switchport mode trunk allows you to change the mode back to trunk.
On Client 1, try to renew the IP address, which is to be assigned from router R1. The IP address
renews successfully, thus proving Layer 2 connectivity between Client 1 and router R1. You have
resolved Trouble Ticket 1.
70

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
71
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
72
Trouble Ticket B: Sample Troubleshooting Flow

resolve Trouble Ticket B.
Connectivity Verification: R1 to R2 in VLAN 66

R1#ping
Protocol [ip]:
Target IP address: 10.1.66.252
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.1.66.251
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Packet sent with a source address of 10.1.66.251
.....
Success rate is 0 percent (0/5)
SWITCH v1.010
The first test can be to ping router R2 from the router R1 interface in VLAN 66. As reported on
the troubleshooting ticket, the ping is unsuccessful. This issue could be as a result of IP
addressing problems on routers R1 or R2 as well as Layer 2 configuration problems. If you
approach this problem as a Layer 2 issue, you might begin by looking at the configurations on
switch CSW1 or switch CSW2.
Lab Guide
73
Key Clue: CSW2 Links to CSW1

shutdown
!
shutdown
/
SWITCH v1.011
A logical step is to verify the switch CSW1 to switch CSW2 link configuration, along with the
switch CSW1 to router R1 and switch CSW2 to router R2 configurations.
On switch CSW1, the link to router R1 is supposed to be a trunk:
Show run int f0/11
!
end
DSW1#sh int f0/11
FastEthernet0/11 is up, line protocol is up (connected)
/
The link to R1 is configured properly, and connected.
The next step could be to verify if VLAN 66 is known on CSW1:
CSW1#sh vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------/
66
VLAN0066
active
/
VLAN 66 is known, at least on switch CSW1. The same verifications could be conducted on
switch CSW2, verifying the trunk link to router R2 along with the switch CSW2 VLAN database.
The configuration should be valid, as it is on switch CSW1.
74
In a step-by-step approach, you could verify the link between switches CSW1 and CSW2:
CSW1#show etherchannel 33 port-ch
Port-channels in the group:
--------------------------Port-channel: Po33
(Primary Aggregator)
-----------Age of the Port-channel

= 0d:00h:45m:07s
Logical slot/port
= 2/24
Number of ports = 0
HotStandBy port = null
Port state
= Port-channel Ag-Not-Inuse
Protocol
=
LACP
The EtherChannel link is not in use. It shows LACP instead of on. You can confirm this point
by checking the physical connections:
Show run
!
!
!
dot1q
dot1q
dot1q
dot1q
They are obviously in an incorrect mode. The other end (switch CSW2) is still in on mode,
passive on switch CSW1 will not create an EtherChannel. You decide to correct this as follows:
CSW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
CSW1 (config)#int ran f0/7 - 10
CSW1 (config-if-range)#no channel-gr 33 mo pas
CSW1 (config-if-range)#channel-gr 33 mo on
CSW1 (config-if-range)#end
You then may want to try again to ping router R2 from the router R1 interface in VLAN 66, but
the ping will still be unsuccessful. There is more than one issue to solve for this ticket.
Lab Guide
75
Key Clue: CSW2 EtherChannel to CSW

CSW2#show run int po 33
!
interface Port-channel33
switchport trunk allowed vlan 1,3,4,11,12,63-65
end
SW ITCH v1.04-52
You may then shift your attention to switch CSW2 and verify its connection to switch CSW1.
The EtherChannel link does not seem to be operational on this side either. Verifying the port
configurations show that they are in shutdown state. Once enabled, a verification of the port
channel for these ports shows that the link is up.
CSW2#show etherchannel 33 port-channel
Port-channel: Po33
-----------Age of the Port-channel
= 0d:00h:00m:49s
Logical slot/port
= 2/24
Number of ports = 4
GC
= 0x00000000
HotStandBy port = null
Port state
= Port-channel Ag-Inuse
Protocol
=
Ports in the Port-channel:
Index
Load
Port
EC state
No of bits
------+------+------+------------------+----------0
00
Fa0/7
On
0
0
00
Fa0/8
On
0
0
00
Fa0/9
On
0
0
00
Fa0/10
On
0
Time since last port bundled:
0d:00h:00m:17s
Fa0/9
Now that the ports are enabled, you may want to reattempt a ping from router R1 to router R2.
The ping is still unsuccessful. There is still another part of the issue to solve.
76
While verifying the switch CSW2 configuration, you may see that VLAN 66 is not allowed on
the EtherChannel. You might have seen this issue at an earlier stage. It is shown here to isolate it
from the shutdown issue. It is easy to correct:
CSW2#conf t
L3SW4(config)#int po 33
L3SW4(config-if)#sw trun all vla ad 66
L3SW4(config-if)#end
R1#ping
Protocol [ip]:
Target IP address: 10.1.66.252
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.1.66.251
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Packet sent with a source address of 10.1.66.251
!!!!!
Lab Guide
77

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
78
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
79
Trouble Ticket C: Sample Troubleshooting Flow

resolve Trouble Ticket C.
Key Clue: ASW2 Ports Configuration

ASW2#sh run int f0/3
!
end
!
end
SWITCH v1.013
A possible first step is to verify the switch ASW2 port to client CLT2 configuration. In this
example, the port is f0/3. The port is in trunk mode. It should be in access mode in VLAN 4. You
obviously correct this mistake as follows:
ASW2#conf t
ASW2(config)#int f0/3
ASW2(config-if)#sw mo ac
ASW2(config-if)#end
Because the switch ASW2 port configuration was incorrect, you may also want to verify the port
configuration to switch DSW2. In this example, the port is f0/1. You notice this time that the port
is in access mode, so you need to change it to trunk mode:
ASW2#conf t
ASW2(config)#int f0/1
ASW2(config-if)#sw mo trunk
ASW2(config-if)#end
After you have made the changes, have you resolved the issue? Test the solution by trying to
renew the client CLT2 IP address. If it fails, then there are other issues.
80
Key Clue: DSW2 Link to ASW2

DSW2#sh run int f0/6
!
shutdown
end
SWITCH v1.014
Now turn your attention to switch DSW2 and check its connection to switch ASW2. The port has
been shut down, so you need to re-enable it for communication to switch ASW2:
DSW2#conf t
DSW2(config)#int f0/6
DSW2(config-if)#no sh
DSW2(config-if)#end
When renewing the client CLT2 IP address this time, CLT2 does obtain an IP address, but you
notice that the IP address is on the wrong VLAN. Client CLT2 has an address in VLAN 1 instead
of VLAN 4.
Lab Guide
81
Key Clue: Native VLAN

DSW2#sh run int po 32
!
switchport trunk native vlan 4
end
SWITCH v1.015
You have already checked the port configuration for client CLT2 on switch ASW2 and you know
it is an access port in VLAN 4. The switch DSW1 and DSW2 port configurations show that the
ports are in trunking mode and a possible cause might be a native VLAN problem. Checking the
port configuration on switch DSW2 to switches CSW1 and CSW2 verifies the problem as a
native VLAN issue:
!
end
!
end
Both links are in native VLAN 4. As all the other links are in native VLAN 1, the DHCP request
is forwarded untagged from switch DSW2 to switch CSW2 on VLAN 4, and switch CSW2
forwards it to its native VLAN 1 to router R2.
Changing the native VLAN between switches DSW2 and CSW1 and between switches DSW2
and CSW2 solves the problem.
82

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
83
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
84

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
85
Lab 2-3: Implement Private VLANs

Activity Objective
As private VLANs were an interesting part of Module 2, you would like to experiment on this
feature. The lab has two routers, each of them having a link to switches CSW1 and CSW2, and
you think that it would be interesting to use them to experiment the isolated VLAN feature.
Because you do not want to keep your routers isolated for the next labs, this feature will have to
be removed when moving to Lab 3-1. So make sure that you saved before this optional task, and
that you reboot the switches you use for this task before moving to the next lab. After completing
this activity, you will be able to meet these objectives:
Plan a segmented private VLAN implementation
Create a private VLAN implementation and verification plan
Implement private VLANs
Required Resources
requirements common to all devices in the network, along with information specific to each
device. Read this information carefully.
Make sure you have saved your configuration before moving to this step. As you do not want to
keep your routers isolated for the next labs, private VLANs will have to be removed when
moving to Lab 3-1. Be sure to save before this optional task, and reboot the switches you use for
this task before moving to next lab.
For this task, use VLANs 501 and 51, and switch CSW1. Start by configuring switch CSW1 to
support VLANs 501 and 51. Connect to routers R1 and R2, and create a sub-interface for VLAN
51. Configure a static IP address for each router using the table below:
Device Name
Interface
IP Address
VLAN
R1
F0/0.51
10.1.51.1/24
51
R2
F0/1.51
10.1.51.2/24
51
Verify that the switch CSW1 link to router R2 is enabled and is in VLAN 51. Verify that the
switch CSW1 trunk to router R1 allows VLAN 51.
Verify that both routers can ping each other from their VLAN 51 interface.
Once this point is verified, convert VLAN 51 to isolated, using VLAN 501 as the primary
VLAN. If your configuration is successful, routers R1 and R2 should not be able to ping each
other anymore.
You may want to use the Hints section at the end of this lab to verify the steps that are involved
in this configuration. The end of this Lab Guide contains the solution for this task. Once your
configuration is working, reboot switch CSW1 and routers R1 and R2 without saving the
configuration.
86
Visual Objective
Visual Objective for Lab 2-3: Configure Private

VLANs
SWITCH v1.016
Lab Guide
87
Command List
88
Command
Description


- ending_port
name vlan-name

configuration mode.
private-vlan association vlan-list
Specifies which secondary VLANs are associated with the primary

VLAN.
private-vlan isolated
Configures the current VLAN as an isolated VLAN.
private-vlan primary
Configures the current VLAN as a primary VLAN.

switchport
show vlan
show vtp status

vlan-id

trunking.



all | none | add | remoce |
except vlan-list

dot1q

isl
on


interface-id
Job Aids
Value
Location
Task 1

form
Task 2
Task 3
End of this lab
Lab Guide
89

each device (for example, for example devices involved, role, etc.). Use the following table, the
Visual Objective for this lab, and the information in the Implementation Policy and Device
Information sections to create an Implementation Requirements list. Include the high-level
implementation tasks needed for each device and how to obtain the information required for each
task. If you are unsure, use the hints information provided at the end of this lab.
Device
90
High-Level Task
Information Source

following table and the Required Resources section to create the Implementation and
end of this lab.
Complete
Device
Implementation
Order
Values and Items to

Implement

Expected Results
Lab Guide
91
Complete
92
Device
Implementation
Order
Values and Items to

Implement

Expected Results

connect to the remote lab and implement your solution. Do not forget to save. Once your solution
is implemented, verify that your configuration is working and fulfills the requirements specified
by the company. Keep in mind that once you leave the company, they will use your configuration
as a white paper to implement their network. The company will apply your configuration, without
modification, to connect any device of the same type as the one you configured for each port. Use
the previous table to document the verifications you conducted to ensure that your solution is
complete. If you are unsure about the verification steps, use the information provided in the
Lab Guide
93
Student Notes
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
94
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
95

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
96
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
97

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
98
Hints
Lab 2-3 Hint Sheet: Implement Private VLANs

To facilitate the configuration of your network, the first task asks you to create an
Implementation Requirements list. The list details the elements needed to develop an
implementation plan. The following is an example of such a list:
Device
CSW1
Create VLAN 51 and 501.
Allow VLANs 51 and 501 on trunks to R1.
Set link to R2 to VLAN 51.
Set VLAN 501 as primary and 51 as isolated.
R1
Configure subinterface to switch CSW1 in VLAN

51.
R2
Configure subinterface to switch CSW1 in VLAN

51.

In Task 2, you will create an implementation plan. There are several possible correct solutions.
An example of the Implementation and Verification Plan follows.
Complete
Device
Implementation
Order

Expected Results
Step
Number
CSW1
Create VLAN 51.
show vlan
Create VLAN 501.
show vlan
Allow VLAN 51 on the trunk link to R1.
show run interface to R1
Allow VLAN 51 on the trunk link to R2.
show run interface to R2
After R1 and R2 links are configured

successfully, set VLAN 51 to be
isolated.
show private vlan
Set VLAN 501 to be primary, mapped

to VLAN 51.
show private vlan
R1
Configure subinterface on link to

CSW1 to be 10.1.51.1/24.
show ip interface brief
R2
Configure subinterface on link to

CSW1 to be 10.1.51.2/24.
Ping R1 interface 10.1.51.1.
Ping should succeed.
10
Try to ping R1 interface 10.1.51.1.
Ping should fail.
11
Reload without saving.
show run
CSW2
CSW1,
R1, R2
Lab Guide
99
Step 1
Create VLANs 51 and 501 on switch CSW1:
Step 2
Access switch CSW1 console.
Enter privilege mode, using enable.
Enter configuration mode, using configure terminal.
Create VLAN 51 using: vlan 51.
Create VLAN 501, using: vlan 501.

Allow VLAN 51 support on the trunk links to router R1:
interface f0/11
switchport trunk allowed vlan add 51
Step 3
Set switch CSW1 link to router R2 f0/1 to VLAN 51:

interface f0/12
no shutdown
Step 4
Configure R1 interface to be 10.1.51.1/24:

interface f0/0.51
encapsulation dot1q 51
ip address 10.1.51.1 255.255.255.0
Step 5
Configure R2 interface to be 10.1.51.2/24:

interface f0/1.51
ip address 10.1.51.2 255.255.255.0
no shutdown
Step 6
Try to ping from router R1 to router R2 or from router R2 to router R1; ping should be
successful:
R2#ping 10.1.51.1
!!!!!
Step 7
Configure VLAN 501 and 51 to be primary and isolated, respectively, on all the involved
switches:
vlan 51
name TestIsolated
vlan 501
name TestIsolated
private-vlan association 51
Step 8
Try to ping from router R1 to router R2 or from router R2 to router R1; ping should fail:
R2#ping 10.1.51.1
.....
100
Step 9
Revert your configuration to a state prior to Step 4: reboot routers R1, R2, and switch
CSW1 without saving the configuration.
Lab Guide
101

Complete this lab activity to reinforce your understanding of Spanning Tree Protocol
implementation.
Activity Objective
Congratulations! You were chatting about spanning tree with a friend at the cafeteria, and the
head of the local university heard your conversation. She selected you to make a presentation
about spanning tree, and to demonstrate on live equipment, in front of a large audience, how you
would configure the various modes of spanning tree. You decide that preparing for this
presentation could be useful, and that you would use your pod to walk through the different steps
involved and the various spanning tree modes.
In this activity, you will design and implement Multiple Spanning Tree Protocol (MSTP) in a
Layer 2 topology. As you complete the design, you will connect to your remote lab to implement
your solution. After completing this activity, you will be able to meet these objectives:
102
Design a spanning tree
Create a spanning tree implementation plan
Implement a spanning tree according to an implementation plan.
Create a spanning tree verification plan
Verify the spanning tree according to the verification plan
Required Resources
Note: To prepare for the appropriate lab config on the routers, use the alias command
init-3_1-4_1.
You will observe and configure the functioning of Spanning Tree Protocol (STP) in your
network. The following list details the preparation and configuration requirements for all
switches in the company network. Your configuration must implement all these requirements:
In the lab progression, you should observe the existing STP random state, and then convert
your configuration to MSTP.
Before configuring and enabling spanning tree, verify that the EtherChannels configured in
Lab 2-1 have been be configured properly. Enable the EtherChannel links between switches
CSW1 and DSW2, between switches CSW2 and DSW1, between switches DSW1 and
ASW2, and between switches DSW2 and ASW1. A link must be configured between switch
CSW1 and router R2; a link must also be configured between switch CSW2 and router R1,
but only on the switch side. The router side is already configured. Configure the link between
DSW1 and DSW2.
Switch DSW1 is to be the primary root bridge for odd VLANs, and switch DSW2 is to be the
primary root bridge for even VLANs. When instances are used, switch DSW1 is the root for
instance 0 and 1, and switch DSW2 is the root for instance 2. Instance 1 contains the odd
VLANs, and instance 2 contains the even VLANs. One region is enough for your network.
The name of the region must be region1, the revision number must be 1
For all VLANs for which switch DSW1 is the primary root, switch DSW2 must be the
secondary root. For all VLANs for which switch DSW2 is the primary root, switch DSW1
must be the secondary root.
The Device Information section describes the VLANs and corresponding roots.
Device Information
The table provides the Layer 3 reachability information specific to each switch in the network:
Device Name
Role
IP Address
Gateway
VLAN
ASW1
10.1.1.1/24
10.1.1.251
ASW2
10.1.1.2/24
10.1.1.252
DSW1
Layer 3 switch
10.1.1.11/24
10.1.1.251
DSW2
Layer 3 switch
10.1.1.22/24
10.1.1.252
CSW1
Layer 3 switch
10.1.1.111/24
10.1.1.251
CSW2
Layer 3 switch
10.1.1.222/24
10.1.1.252
R!
Router
Fa0/0: 10.1.1.251/24
R2
Router
Fa0/0: 10.1.1.252/24
Lab Guide
103
Links between switches should already be bundled together. The following table shows all
possible numbering conventions for these link bundles. Note that not all of these numbers will be
used:
Device
Link To
Bundle Number Should Be:
ASW1
DSW1
11
ASW1
DSW2
12
ASW2
DSW1
11
ASW2
DSW2
12
DSW1
ASW1
11
DSW1
ASW2
12
DSW1
DSW2
21
DSW1
CSW1
31
DSW1
CSW2
32
DSW2
ASW1
11
DSW2
ASW2
12
DSW2
DSW1
21
DSW2
CSW1
31
DSW2
CSW2
32
CSW1
DSW1
31
CSW1
DSW2
32
CSW1
CSW2
33
CSW2
DSW1
31
CSW2
DSW2
32
CSW2
CSW1
33
VLAN Information
104
VLAN
Root
Backup
Instance
(When Needed)
DSW1
DSW2
Instance1
DSW1
DSW2
Instance1
DSW2
DSW1
Instance2
11
DSW1
DSW2
Instance1
12
DSW2
DSW1
Instance2
63
DSW1
DSW2
Instance1
64
DSW2
DSW1
Instance2
65
DSW1
DSW2
Instance1
66
DSW2
DSW1
Instance2
Visual Objective
Visual Objective for Lab 3-1: Implement

Multiple Spanning Tree
SWITCH v1.017
Command List
Command
Description
instance instance-id vlan vlanrange
Maps VLANs to an MST instance.

For instance-id, the range is 0 to 4094.
For vlan vlan-range, the range is 1 to 4094.
name name
Specifies the configuration name. The name string has a

maximum length of 32 characters and is case sensitive.
revision version
Specifies the configuration revision number. The range is 0 to

65535.
show pending
Shows your configuration by displaying the pending

configuration.
show spanning-tree vlan vlan-id
Displays your entries.
show spanning-tree summary
spanning-tree mode {pvst | mst |

rapid-pvst}
Configures spanning tree mode.
spanning-tree mst configuration
Select pvst to enable PVST+ (802,1D, the default

setting).
Select mst to enable MSTP (and RSTP).
Select rapid-pvst to enable rapid PVST+.
Enters MST configuration mode.
Lab Guide
105
Job Aids
106
Value
Location
Observe random STP state forms
Task 1
Blank implementation requirements list for

MSTP
Task 2

form for MSTP
Task 3
Blank student notes for MSTP
Task 4
Implementation requirement hints
Hint Section
Implementation hints
Hint Section
Verification hints
Hint Section
Solution configuration answer key
Configuration section at the end of the lab

guide
Task 1: Observing STP Random State

In the previous labs, the control of path between switches was ensured by shutting down the
unused ports. In this task, you will start by enabling all links between switches and between
switches and routers. Then, observe and document the random (default) state of the STP on Cisco
switches, documenting root, secondary, and paths between switches. Use the following table to
document the random STP state in your pod.
VLAN
Root
Secondary
1
3
4
11
12
63
64
65
66
Lab Guide
107
Spanning tree calculation will occur the same way for all VLANs allowed on the same switches.
Use the following table to determine, for each group of VLANs and from each switch in your
network, which path is used to reach the root:
VLANs
Switch
1, 3, 11, 63
ASW1
Path to Root
ASW1
DSW1
DSW2
CSW1
CSW2
1, 14, 12, 64
ASW2
ASW2
DSW1
DSW2
CSW1
CSW2
108
Task 2: Create an Implementation Requirements List for MST

According to the multivendor policy at the university, a set of switches from another vendor may
be implemented in the university network. To prevent compatibility issues, you decide to design
and migrate the existing random STP configuration toward a multiple-instance STP solution.
This model will save CPU cycles by preventing per-VLAN STP processing. To achieve this goal,
you must mark the main requirements for the smooth migration to MST according to the
constraints in the Required Resources section. You need to decide on the number of instances,
the distribution of VLANs among instances, and the role of each switch in this new architecture.
You must list the main requirements; for example, switch DSW1 will be the primary root switch
for instances 0 and 1 and the secondary root for instance 2. The opposite is true for switch
DSW2; it is to be primary for instance 2 and secondary for instances 0 and 1.
Use the following table to report each switch role in the new architecture:
Device
Device Role
MSTP Instance
VLANs
Lab Guide
109
Once the MST switch roles are clear in your mind, use the following table, the Visual Objective
for this lab, and the Implementation Policy and Device Information sections to create your
implementation requirements list. If you are unsure, use the information in the Hints section at
the end of this lab.
Device
110
High-Level task
Information Source
Task 3: Create Implementation and Verification Plan

It is very important to establish a task list of the needed configurations and the possible
verifications for every configuration change. It must be a detailed step-by-step list. The order in
which each change should be applied is critical because a successful implementation depends on
the order. With the help of this list you can define configuration checkpoints. The actual
implementation will be conducted in the next task. Use the following table, the information from
the Required Resources section, and the previous tasks to prepare your Implementation and
Verification plan. If you are unsure, use the information in the Hints section at the end of this
lab.
Complete
Device
Implementation
Order
Values and Items to

Implement

Expected Results
Lab Guide
111
Complete
112
Device
Implementation
Order
Values and Items to

Implement

Expected Results
Complete
Device
Implementation
Order
Values and Items to

Implement

Expected Results
Lab Guide
113
Complete
114
Device
Implementation
Order
Values and Items to

Implement

Expected Results

in the Required Resources section . Use the previous table to document the verifications you
conducted to ensure that your solution is complete. If you are unsure about the verification steps,
use the information in the Hints section at the end of this lab.
Lab Guide
115
Student Notes
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
116
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
117

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
118
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
119

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
120
Hints
You are encouraged to complete the labs using your knowledge. If you need a tip, this section
contains a series of hints to help you complete the lab.
Lab 3-1 Hint Sheet: Implement Multiple Spanning Tree

Spanning Tree Random State
In a random state, STP could show the following configuration. The actual configuration in your
pod may be different, as the random configuration depends on the actual physical switches that
you are using.
VLAN
Root
Secondary
CSW1
DSW2
CSW1
DSW2
CSW1
DSW2
11
CSW1
DSW2
12
CSW1
DSW2
63
CSW1
DSW2
64
CSW1
DSW2
65
CSW1
DSW2
66
CSW1
DSW2
If the random state of spanning tree is the same as described in the above table, the path to root
could be as follows:
VLAN
Switch
Path to Root
1, 3, 11, 63, 65
ASW1
Fa0/1
ASW1
Fa0/2
DSW1
Po31
DSW2
Po32
CSW1
N/A
CSW2
Po33
ASW2
Fa0/1
ASW2
Fa0/2
DSW1
Po31
DSW2
Po32
CSW1
N/A
CSW2
Po33
1, 4, 12, 64, 66
Lab Guide
121
Step 1
Connect to the DSW1 switch interface in configuration mode.

Enable previously shut ports, for example:
Step 2
DSW1(config)#interface po 32
DSW1(config-if)# no shutdown
DSW1(config-if)#interface fa0/5
DSW1(config-if)# interface fa0/7
Step 3
Repeat the same process on switches DSW2, CSW1, and CSW2 while using the
appropriate interfaces.
Verify the spanning tree root status on all switches. For example, on switch DSW2:
Step 4
DSW2#sho spanning-tree root

Root
Hello Max Fwd
Vlan
Root ID
Cost
Time Age Dly
Root Port
-------------- ------------------ --------- ----- --- --- -----------VLAN0001
24577 001f.2721.8680
32
2
20 15 Fa0/5
VLAN0003
24579 001f.2721.8680
32
2
20 15 Fa0/5
VLAN0004
24580 001f.2721.8600
0
2
20 15
VLAN0011
24587 001f.2721.8680
32
2
20 15 Fa0/5
VLAN0012
24588 001f.2721.8600
0
2
20 15
VLAN0063
24639 001f.2721.8680
32
2
20 15 Fa0/5
VLAN0064
24640 001f.2721.8600
0
2
20 15
VLAN0065
24641 001f.2721.8680
32
2
20 15 Fa0/5
VLAN0066
24642 001f.2721.8600
0
2
20 15
Design an MST Solution for a Layer 2 Network

The first task is to decide the role for each device in each instance. Roles, as per the Required
Resources section are as follows:
Device
Device Role
MSTP Instance
DSW1
Primary root
Primary root
1, 3, 11, 63, 65
Secondary root
4, 12, 64, 66
Primary root
4, 12, 64, 66
Secondary root
Secondary root
DSW2
122
VLANs
1, 3, 11, 63, 65
Device
Distribution
switches
MST configurationregion 1,
instances 0,1, and 2
Distribution
switches
Primary and secondary root bridges
Distribution
switches
VLAN distribution between the root

bridge switches
All
switches
MST
All
switches
Verification
Lab Guide
123
Device
DSW1
DSW2
ASW1
ASW2
CSW1
CSW2
124
High-Level Task
Information Source
MST configurationregion1, instance 1
Visual Objective, Design and Implementation

Requirements

Requirements
MST instance 1 assign odd VLANs1, 3,

11, 63, 65
Design and Implementation Requirements
MST instance 2 assign even VLANs4,

12, 64, 66
MST primary root for instance 1
MST secondary root for instance 2

Requirements

Requirements

11, 63, 65

12, 64, 66
MST primary root for instance 2
MST secondary root for instance 1
MST configurationregion1, instances

0,1 and 2

11, 63, 65

12, 64, 66
MST configurationregion1, instances 0,

1, and 2

11, 63, 65

12, 64, 66

0,1 and 2

11, 63, 65

12, 64, 66

0,1 and 2

11, 63, 65

12, 64, 66

In task 2, you will create an implementation requirements list. There are several possible correct
solutions. One possible approach groups items that are common to all switches in a template and
then applies the template to all switches. You can then configure each switch with items that are
unique to each device. An example of the Implementation and Verification Plan follows.
Complete
Device
Implementation
Order
Values and Items to

Implement
Verification Method
and Expected Results
DSW1
MST instance 1.
show pending
Assign VLANs 1, 3, 11, 63, and

65 to instance 1.
show pending
MST instance 2.
show pending
Assign VLANs 4, 12, 64, and 66

to instance 2.
show pending
Change STP mode to MST.
show spanning-tree
Primary root for instances 01.
show spanning-tree
root
Secondary root for instance 2.
show spanning-tree
root
MST instance 1.
show pending

65 to instance 1.
show pending
10
MST instance 2.
show pending
11

to instance 2.
show pending
12
show spanning-tree
13
Primary root for instance 2.
show spanning-tree
root
14
Secondary root for instances 0

1.
show spanning-tree
root
16
MST instance 1.
show pending
17

65 to instance 1.
show pending
18
MST instance 2.
show pending
19

to instance 2.
show pending
20
show spanning-tree
21
MST instance 1.
show pending
22

65 to instance 1.
show pending
23
MST instance 2.
show pending
24

to instance 2.
show pending
25
show spanning-tree
26
MST instance 1.
show pending
DSW2
ASW1
ASW2
CSW1
Lab Guide
125
Complete
Device
CSW2
Implementation
Order
Values and Items to

Implement
Verification Method
27

65 to instance 1.
show pending
28
MST instance 2.
show pending
29

to instance 2.
show pending
30
show spanning-tree
31
MST instance 1.
show pending
32

65 to instance 1.
show pending
33
MST instance 2.
show pending
34

to instance 2.
show pending
35
show spanning-tree
Step 1
Enter MST configuration mode on switch DSW1:
DSW1(config)# spanning-tree mst configuration
Configure region name:
Step 2
DSW1(config-mst)# name region1
Configure revision:
Step 3
DSW1(config-mst)# revision 1
Put VLANs 1,3,11,63 and 65 in instance 1:
Step 4
DSW1(config-mst)# instance 1 vlan 1, 3, 11, 63, 65
Put VLANs 4, 12, 64, and 66 in instance 2:
Step 5
DSW1(config-mst)# instance 2 vlan 4, 12, 64, 66
Use the show pending command to check the configuration:
Step 6
DSW1(config-mst)#sho pending
Pending MST configuration
Name
[]
Revision 1
Instances configured 3
Instance Vlans mapped
-------- -----------------------------------------------------------0
2,5-10,13-62,67-4094
1
1,3,11,63,65
2
4,12,64,66
---------------------------------------------------------------------DSW1(config-mst)#
Change the STP mode to MST on switch DSW1:
Step 7
DSW1(config)# spanning-tree mode mst
Configure spanning-tree root primary for instance 0 and for instance 1 on switch
Step 8
DSW1:
DSW1(config)# spanning-tree mst 0-1 root primary
Step 9
Configure spanning-tree root secondary for instance 2 on switch DWS1:

DSW1(config)# spanning-tree mst 2 root secondary
Step 10
126
Repeat Steps 1 to 7 on switch DSW2:
Configure spanning-tree root primary for instance 2 on switch DWS2:
Step 11
DSW2(config)# spanning-tree mst 2 root primary
Configure spanning-tree root secondary for instance 0 and for instance 1 on switch
Step 12
DSW2:
DSW2(config)# spanning-tree mst 0-1 root secondary
Step 13
Verify the spanning tree root status on DSW1:

MST Instance
---------------MST0
MST1
MST2
Step 14
Root
Hello Max Fwd
Root ID
Cost
Time Age Dly Root Port
------------------ --------- ----- --- --- --------24576 001f.2721.8680
0
2
20 15
24577 001f.2721.8680
0
2
20 15
24578 001f.2721.8600
200000
2
20 15 Fa0/5
Verify the spanning tree root status on DSW2:

MST Instance
---------------MST0
MST1
MST2
Root
Hello Max Fwd
Root ID
Cost
------------------ --------- ----- --- --- --------24576 001f.2721.8680
0
2
20 15 Fa0/5
24577 001f.2721.8680
200000
2
20 15 Fa0/5
24578 001f.2721.8600
0
2
20 15
Step 15
Repeat Steps 1 to 7 on switch SW1.
Step 16
Repeat Steps 1 to 7 on switch SW2.
Step 17
Repeat Steps 1 to 7 on switch CSW1.
Step 18
Repeat Steps 1 to 7 on switch CSW2.
Step 19
Verify spanning-tree root on switch ASW1, ASW2, CSW1 and CSW2..
Step 20
Verify spanning-tree blockedports on switch DSW1:

DSW1#sho spanning-tree blockedports
Name
Blocked Interfaces List
-------------------- -----------------------------------MST2
Po31, Po32
Number of blocked ports (segments) in the system : 2
Step 21
Repeat Step 20 on all the rest of the switches.
Lab Guide
127

Activity Objective
Congratulations! Your MSTP configuration was a success. You are asked to give another
presentation focusing on PVRST+. Here again, you decide that preparing for this presentation
could be useful, and that you would use your pod to walk through the different steps involved. In
this activity, you will design and implement Per VLAN Rapid Spanning Tree Plus (PVRST+) in
a Layer 2 topology. As you complete the design, you will connect to your remote lab to
implement your solution. At the end of the lab, you will keep this solution, which is the solution
best adapted to this lab environment. You will then have all the steps required to perform your
live presentation. After completing this activity, you will be able to meet these objectives:
Design a migration plan to PVRST+
Create a PVRST+ implementation plan
Implement PVRST+ according to implementation plan
Create a PVRST+ verification plan
Verify the PVRST+ spanning tree according to the verification plan
Required Resources
You will migrate your configuration to PVRST+. The following list details the preparation and
configuration requirements for all switches in the company network. Your configuration must
implement all these requirements:
128
Before configuring and enabling spanning tree, verify that the EtherChannels enabled in Lab
3-1 are still enabled. You need full and redundant connectivity for this lab.
Switch DSW1 is to be the primary root bridge for odd VLANs, and switch DSW2 is to be the
primary root bridge for even VLANs.
For all VLANs for which switch DSW1 is the primary root, switch DSW2 must be the
secondary root. For all VLANs for which switch DSW2 is the primary root, switch DSW1
must be the secondary root.
The Device Information section describes the VLANs and corresponding roots.
Device Information
The table provides the Layer 3 reachability information specific to each switch in the network:
Device Name
Role
IP Address
Gateway
VLAN
ASW1
10.1.1.1/24
10.1.1.251
ASW2
10.1.1.2/24
10.1.1.252
DSW1
Layer 3 switch
10.1.1.11/24
10.1.1.251
DSW2
Layer 3 switch
10.1.1.22/24
10.1.1.252
CSW1
Layer 3 switch
10.1.1.111/24
10.1.1.251
CSW2
Layer 3 switch
10.1.1.222/24
10.1.1.252
R!
Router
Fa0/0: 10.1.1.251/24
R2
Router
Fa0/0: 10.1.1.252/24
Links between switches should be already be bundled together. The following table shows all
possible numbering conventions for these link bundles. Note that not all of these numbers need to
be used:
Device
Link To
Bundle Number Should Be:
ASW1
DSW1
11
ASW1
DSW2
12
ASW2
DSW1
11
ASW2
DSW2
12
DSW1
ASW1
11
DSW1
ASW2
12
DSW1
DSW2
21
DSW1
CSW1
31
DSW1
CSW2
32
DSW2
ASW1
11
DSW2
ASW2
12
DSW2
DSW1
21
DSW2
CSW1
31
DSW2
CSW2
32
CSW1
DSW1
31
CSW1
DSW2
32
CSW1
CSW2
33
CSW2
DSW1
31
CSW2
DSW2
32
CSW2
CSW1
33
Lab Guide
129
VLAN Information
VLAN
Root
Backup
DSW1
DSW2
DSW1
DSW2
DSW2
DSW1
11
DSW1
DSW2
12
DSW2
DSW1
63
DSW1
DSW2
64
DSW2
DSW1
65
DSW1
DSW2
66
DSW2
DSW1
Visual Objective

PVRST+
130
SWITCH v1.018
Command List
Command
Description
name name
Specifies the configuration name. The name string has a

maximum length of 32 characters and is case sensitive.
show pending
Shows your configuration by displaying the pending

configuration.
show spanning-tree vlan vlan-id
show spanning-tree summary
spanning-tree mode {pvst | mst |

rapid-pvst}
Configures spanning-tree mode.
spanning-tree vlan vlan-id root

primary [diameter net-diameter
[hello-time seconds]]
spanning-tree vlan vlan-id root

secondary [diameter net-diameter
[hello-time seconds]]
Select pvst to enable PVST+ (802,1D, the default

setting).
Select mst to enable MSTP (and RSTP).
Select rapid-pvst to enable rapid PVST+
Configures a switch to become the root for the specified VLAN.
For vlan-id, you can specify a single VLAN identified by

VLAN ID number, a range of VLANs separated by a
hyphen, or a series of VLANs separated by a comma. The
range is 1 to 4094.
(Optional) For diameter net-diameter, specify the

maximum number of switches between any two end
stations. The range is 2 to 7.
(Optional) For hello-time seconds, specify the interval in

seconds between the generation of configuration
messages by the root switch. The range is 1 to 10; the
default is 2.
Configures a switch to become the secondary root for the

specified VLAN.
For vlan-id, you can specify a single VLAN identified by

VLAN ID number, a range of VLANs separated by a
hyphen, or a series of VLANs separated by a comma. The
range is 1 to 4094.
(Optional) For diameter net-diameter, specify the

maximum number of switches between any two end
stations. The range is 2 to 7.
(Optional) For hello-time seconds, specify the interval in

seconds between the generation of configuration
messages by the root switch. The range is 1 to 10; the
default is 2.
Lab Guide
131
Job Aids
Value
Location
Blank implementation requirements list for

PVRST+
Task 1

form for PVRST+
Task 2
Task 3
Alternate resources and solutions hints
Key commands and tolls used form
Blank device roles form
132
Task 1: Create an Implementation Requirements List for

Migration to PVRST+
Your MST configuration should work properly, but you like the idea of enhancing the efficiency
of the convergence in case of a link failure. An efficient technology to achieve this goal is to use
PVRST+. For this reason, you should migrate your network from MST to PVRST+ before
presenting this solution during your next conference. You will need to decide and document the
switch that should be the root for each VLAN. Use the following table and the Required
Resources section to complete your Implementation Requirements list:
VLAN
Root
Secondary
1
3
4
11
12
63
64
65
66
Lab Guide
133
At this point, your lab network has a functioning MST implementation and you are ready to
migrate it to PVRST+. You must make a list of the requirements in order to prepare a detailed
implementation and verification plan in the next task. Use the Required Resources section to
gather the needed information. If you are unsure, use the information in the Hints section at the
end of this lab.
Device
134
High-Level Task
Information Source
Device
High-Level Task
Information Source
Lab Guide
135
Task 2: Create an Implementation and Verification Plan for Your

Solution
This is the most important step in the planning process. Based on the information from the
Required Resources section and the previous tasks, you must prepare a step-by-step
Implementation and Verification plan. The task will help you set up configuration checkpoints to
verify your progress. Use the plan to verify each item in the implementation. Use the following
table to document your steps in the correct order. If you are unsure, use the information in the
Complete
136
Device
Implementation
Order
Values and Items to

Implement

Expected Results
Complete
Device
Implementation
Order
Values and Items to

Implement

Expected Results
Lab Guide
137
Complete
138
Device
Implementation
Order
Values and Items to

Implement

Expected Results
Complete
Device
Implementation
Order
Values and Items to

Implement

Expected Results
Lab Guide
139

connect to the remote lab and implement your solution. Do not forget to save. You will keep this
PVRST+ configuration and use it in subsequent labs.
Once your solution is implemented, verify that your configuration is working and fulfills the
requirements specified in the Required Resources section. Use the previous table to document
the verifications you conducted to ensure that your solution is complete. If you are unsure about
the verification steps, use the information in the Hints section at the end of this lab.
140
Student Notes
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
141
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
142

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
143
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
144

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
145
Hints
Lab 3-2 Hint Sheet: Implement PVRST+

Design a PVRST+ Solution for a Layer 2 Network
When migrating from MSTP to PVRST+, the device roles may be as follows:
Device
Device Role
VLANs Primary
VLANs Secondary
DSW1
STP root
1, 3, 11, 63, 65
4, 12, 64, 66
DSW2
STP root
4, 12, 64, 66
1, 3, 11, 63, 65
146
Device
All
switches
Change STP from MST to Rapid

PVST.
Distribution
switches
Primary and secondary root bridge.
Distribution
switches
VLAN distribution between the root

bridge switches.
All
switches
Verification.
Device
High-Level Task
Information Source
DSW1
spanning-tree mode rapid-pvst
DSW1
spanning-tree primary root for odd

VLANs

Requirements
DSW1
spanning-tree secondary root for even

VLANs

Requirements
DSW2
DSW2
spanning-tree primary root for even

VLANs

Requirements
DSW2
spanning-tree secondary root for odd

VLANs

Requirements
ASW1
ASW2
CSW1
CSW2

In Task 2, you will create an implementation and verification plan. There are several possible
items that are unique to each device. An example of the Implementation and Verification Plan
follows.
Complete
Device
Implementation
Order
Values and Items to

Implement

Expected Results
DSW1
spanning-tree mode
rapid-pvst
show spanning-tree.
spanning-tree vlan
1,3,11,63,65
show spanning-tree root
spanning-tree vlan
4,12,64,66 root
secondary
show spanning-tree vlan
no spanning-tree mst
configuration
show run
spanning-tree mode
rapid-pvst
show spanning-tree
spanning-tree vlan
4,12,64,66 root primary
show spanning-tree root
spanning-tree vlan
1,3,11,63,65 root
secondary
show spanning-tree vlan
configuration
show run
spanning-tree mode
rapid-pvst
show spanning-tree
10
configuration
show run
11
spanning-tree mode
rapid-pvst
show spanning-tree
12
configuration
show run
13
spanning-tree mode
rapid-pvst
show spanning-tree
14
configuration
show run
15
spanning-tree mode
rapid-pvst
show spanning-tree
16
no spanning-tree
configuration
show run
DSW2
ASW1
ASW2
CSW1
CSW2
Lab Guide
147
Step 1
Change STP mode from MST to PVRST+ on switch DSW1:
DSW1(config)# spanning-tree mode rapid-pvst
Step 2
Configure spanning-tree root primary for VLANs 1, 3, 63, and 65 on switch DSW1:
DSW1(config)# spanning-tree vlan 1,3,11,63,65 root primary
Step 3
Configure spanning-tree root secondary for VLANs 4, 12, 64 and 66 on switch DSW1:
DSW1(config)# spanning-tree vlan 4,12,64,66 root secondary
Step 4
Remove MST configuration on switch DSW1:

DSW1(config)# no spanning-tree mst configuration
Step 5
Repeat Step 1 on switch DSW2:
Step 6
Configure spanning-tree root primary for VLANs 4, 12, 64, and 66 on switch DSW2:
DSW2(config)# spanning-tree vlan 4,12,64,66
Step 7
root primary
Configure spanning-tree root secondary for VLANs 1, 3, 63, and 65 on switch DSW2:
DSW2(config)# spanning-tree vlan 1,3,11,63,65 root secondary
Step 8
Repeat Step 4 on switch DSW2.
Step 9
Repeat Steps 1 and 4 on switch ASW1.
Step 10
Step 11
Repeat Steps 1 and 4 on switch CSW1.
Step 12
Repeat Steps 1 and 4 on switch CSW2.
Step 13
Verify spanning-tree root on switch DSW1:

Vlan
---------------VLAN0001
VLAN0003
VLAN0004
VLAN0011
VLAN0012
VLAN0063
VLAN0064
VLAN0065
VLAN0066
DSW1#
Step 14
148
Root
Hello Max Fwd
Root ID
Cost
------------------ --------- ----- --- --- --------24577 001f.2721.8680
0
2
20 15
24579 001f.2721.8680
0
2
20 15
24580 001f.2721.8600
19
2
20 15 Fa0/5
24587 001f.2721.8680
0
2
20 15
24588 001f.2721.8600
19
2
20 15 Fa0/5
24639 001f.2721.8680
0
2
20 15
24640 001f.2721.8600
19
2
20 15 Fa0/5
24641 001f.2721.8680
0
2
20 15
24642 001f.2721.8600
19
2
20 15 Fa0/5
Repeat Step 13 on all switches.
Lab 3-3: Troubleshooting Spanning Tree Issues

Activity Objective
In this activity, you will analyze, locate, and fix STP problems on your network caused by
misconfiguration or design error. You should prepare a troubleshooting plan that will guide you
in a step-by-step manner in your efforts. You should be able to quickly fix the network using the
skills learned in this module. After completing this activity, you will be able to meet these
objectives:
Develop a work plan to troubleshoot configuration and security issues related to the STP
Isolate the causes of the problems
Correct all of the identified spanning tree issues
Document and report the troubleshooting findings and recommendations
Visual Objective
The figure illustrates what needs to be accomplished in this activity.
Visual Objective for Lab 3-3: Troubleshooting

Spanning Tree Issues
SWITCH v1.019
Lab Guide
149
Command List
Command
Description
configure terminal
Enters global configuration mode from privileged EXEC mode,

spanning-tree bpdufilter enable
Enables BPDU filtering on an interface.
spanning-tree bpduguard
enable
Enables BPSU guard feature on an interface.
show spanning-tree
blockedports
Shows the ports that are blocked by the spanning tree algorithm.
exit
Job Aids
Trouble Tickets
Troubleshooting Log
Trouble Ticket A: Switch Optimization Failed

You have been on a vacation for a short period of time. During your absence, your junior
colleague managed the switched network. The IT manager asked your colleague to improve the
behavior of the network. He made some changes, and as a result you saw a lot of error messages
in the logs of your switches on your return from vacation. You are asked by the management to
quickly correct the situation because the network is very slow. Use on all switches and routers
the alias command init-3-3-A and reload the devices.
Your task is to diagnose the issues and restore normal network operation.
Trouble Ticket B: Unstable STP

Your assistant reports that ports are in an error-disabled state and that the link between the root
switches is down. The STP shows that no VLANs are blocked on the root switches. Your task is
to identify the misconfigured item(s) and solve the issue(s) to recover connectivity between
switches DSW1 and DSW2 and ensure that the STP algorithm is enabling the proper paths. Use
on all switches and routers the alias command init-3-3-B and reload the devices.
150
Instructions
As you can see from the troubleshooting tickets, this troubleshooting lab involves two types of
issues:
Ticket one involves error messages on several switches in the lab. ( Use for all switches the
alias command init-3-3-A and reload afterwards each device with this new config ):
Ticket two involves problems with switch interfaces the in error-disabled state. ( Use for all
switches the alias command init-3-3-B and reload afterwards each device with this
new config )
Each ticket involves several switches, so the whole team must work together to solve each of
them. Together with your team members, create a troubleshooting plan to divide the work, assign
each team member appropriate roles, and coordinate device access among the team members.
Document your progress in the Troubleshooting Log section provided below in order to help
facilitate efficient communication within the team and to have an overview of your
Because different teams work at different speeds, the lab tickets are separated. To prepare the lab
for this exercise, ask your instructor how to initiate Trouble Ticket A. After the instructor
indicates that the lab is fully prepared, you are ready to start troubleshooting.
Once you fix Trouble Ticket A, ask your instructor if there is time remaining for you to move on
to the next ticket. If time allows, ask your instructor how to initiate Trouble Ticket B. After the
instructor indicates that the lab is fully prepared, you are ready to start troubleshooting.
Lab Guide
151
Troubleshooting Log
Trouble
Ticket
152
Actions and Results
Trouble
Ticket
Actions and Results
Lab Guide
153
Trouble
Ticket
154
Actions and Results
Trouble
Ticket
Actions and Results
Lab Guide
155
Trouble Ticket A:
Verify that there are no more error log entries being generated on the Layer 3 switches.
Verify there are no ports in error-disabled state.
Verify that the STP status is the same as it was at the end of Lab 3-1.
Trouble Ticket B:
156
Verify that the STP is blocking the correct VLANs on the root switches.
Verify that the appropriate links are up.
Verify there are no ports in error-disabled state.
Ticket A: Sample Troubleshooting Flow

Key Clue: Error Logs on DSW1, DSW2 and

CSW1
DSW1#show logg
*Mar 6 18:10:41.823: %SW_MATM-4-MACFLAP_NOTIF: Host 0015.f904.bb2f in
vlan 1 is flapping between port Po35 and port Fa0/5
*Mar 6 18:10:41.823: %SW_MATM-4-MACFLAP_NOTIF: Host 0022.9042.2700 in
DSW2#show logg
CSW1#show logg
vlan 1 is flapping between port Po45 and port Po35
vlan 1 is flapping between port Po45 and port Po35
SWITCH v1.020
You have information for error log messages on switches DSW1, DSW2, and CSW1.
The natural first task is to access these devices and view the error messages.
You can see that the error messages on the three switches are the sameall involve a flapping
MAC address of a host on EtherChannels and physical interfaces.
Refer to the Visual Objective and determine what links participate in these PortChannels and
interfaces.
You discover that the EtherChannels connect the core switch CSW1 with switches DSW1 and
DSW2. You also discover that interface Fa 0/5 on both distribution switches act as the connection
between them. After this examination, you discover that you have a switching loop.
A switching loop is related to the functioning of the STP; in this case, PVRST+.
The next logical step is to check the PVRST+ on the affected interfaces.
Lab Guide
157
Key Clue: Observe STP on Suspicious Ports

DSW1#show spanning-tree interface port-channel 32
Vlan
Role Sts Cost
Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------VLAN0001
Desg FWD 12
128.304 P2p
VLAN0065
158
SW ITCH v1.04-52

DSW1#show spanning-tree interface FastEthernet 0/5
Vlan
--------------------------------VLAN0001
VLAN0065
DSW1#
Role Sts Cost

Prio.Nbr Type
---- --- --------- -------- ----------------Desg FWD 19
Desg FWD 19
128.6
128.6
P2p
P2p
SW ITCH v1.04-52
You can verify the STP state for the affected interfaces; for example, Po32 and Fa0/5 on DSW1.
You see that the STP state for interface Po32 looks normal, but the information returned for
interface Fa0/5 is more confusing. The same unusual information appears on switch CSW2
interface Po33.
Proceed to the next switch.

DSW2#show spanning-tree interface port-channel 31
Vlan
--------------------------------VLAN0001
VLAN0003
VLAN0004
VLAN0011
VLAN0012
VLAN0063
VLAN0064
VLAN0065
VLAN0066
DSW2#
Role Sts Cost

Prio.Nbr Type
---- --- --------- -------- ----------------Root
Desg
Desg
Desg
Desg
Desg
Desg
Root
Desg
FWD
FWD
FWD
FWD
FWD
FWD
FWD
FWD
FWD
12
12
12
12
12
12
12
12
12
128.304
128.304
128.304
128.304
128.304
128.304
128.304
128.304
128.304
P2p
P2p
P2p
P2p
P2p
P2p
P2p
P2p
P2p
SWITCH v1.04-52
Lab Guide
159

DSW2#show spanning-tree interface FastEthernet 0/5
Vlan
--------------------------------VLAN0001
VLAN0003
VLAN0004
VLAN0011
VLAN0012
VLAN0063
VLAN0064
VLAN0065
VLAN0066
DSW2#
Role Sts Cost

Prio.Nbr Type
---- --- --------- -------- ----------------Desg
Desg
Desg
Desg
Desg
Desg
Desg
Desg
Desg
FWD
FWD
FWD
FWD
FWD
FWD
FWD
FWD
FWD
19
19
19
19
19
19
19
19
19
128.6
128.6
128.6
128.6
128.6
128.6
128.6
128.6
128.6
P2p
P2p
P2p
P2p
P2p
P2p
P2p
P2p
P2p
SW ITCH v1.04-53
Check the STP state for the affected interfaces; for example, Po31 and Fa0/5 on DSW2.
Here the situation is the same as it is on switch DSW1.
Your next logical step is to analyze interface Fa0/5, as its state looks different from the others.
160

DSW1#sho spanning-tree interface FastEthernet 0/5 detail
Port 7 (FastEthernet0/5) of VLAN0001 is designated forwarding
Port path cost 19, Port priority 128, Port Identifier 128.7.
Designated root has priority 24577, address 001f.2721.8680
Designated bridge has priority 24577, address 001f.2721.8680
Designated port id is 128.7, designated path cost 0
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
Bpdu filter is enabled
BPDU: sent 260, received 9
SWITCH v1.025
Check the STP for interface Fa0/5 on switch DSW1.

Bpdu filter is enabled
You can see that the BPDU filter feature is enabled on interface Fa0/5.
Because this is a feature that relates to access ports, prevents the BPDUs, and is a trunk interface,
you understand that this is a problem.
Lab Guide
161
Key Clue: Check Why DSW2 Dont Receive

BPDU from DSW1
SWITCH v1.026
Check the configuration of interface Fa0/5 on switch DSW1 to verify that you have identified the
problem:
DSW1#show run interface fastEthernet 0/5
interface fastEthernet 0/5
spanning-tree bpdufilter enable
You have discovered an incorrect configuration issue involving an STP security feature.
162
Key Clue: Configure DSW1
DSW1#conf t
Enter configuration commands, one per line.
End with CNTL/Z.
DSW1(config)#interface fastEthernet 0/5

DSW1(config-if)#no spanning-tree bpdufilter enable
SWITCH v1.027
You must correct the configuration:

DSW1#conf t
DSW1(config)#interface fastEthernet 0/5
DSW1(config-if)#no spanning-tree bpdufilter enable
Lab Guide
163
Key Clue: Check DSW1
SWITCH v1.028
The same issue appears on the switch CSW2 interface Po33 link. Resolve it using the same
method.
Verify that the STP is back to normal and you have corrected the problem:
DSW1#sho spanning-tree interface FastEthernet 0/5
Vlan
Role Sts Cost
Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------VLAN0001
Desg FWD 19
128.7
P2p
VLAN0003
Desg FWD 19
128.7
P2p
VLAN0004
Root FWD 19
128.7
P2p
VLAN0011
Desg FWD 19
128.7
P2p
VLAN0012
Root FWD 19
128.7
P2p
VLAN0063
Desg FWD 19
128.7
P2p
VLAN0064
Root FWD 19
128.7
P2p
VLAN0065
Desg FWD 19
128.7
P2p
VLAN0066
Root FWD 19
128.7
P2p
You can also go to the switches again and check that there are no new error messages in their
logs.
164
Key Clue: Check DSW1
SWITCH v1.029
Verify that the STP state shows that the BPDU filter feature is no longer enabled:
You can also go to the switches again and check that there are no new error messages in their
logs.
Lab Guide
165

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
166
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
167
Ticket B: Sample Troubleshooting Flow

Key Clue: STP on DSW1

DSW1#show spanning-tree blockedports
Name
Blocked Interface List
--------------------------------------------------------------------------------Number of blocked ports (segments) in the system : 6

DSW1#show int fa0/5
FastEthernet0/5 is down, line protocol is down (err-disabled)
Hardware is Fast Ethernet, address is 001f.2421.8687 (bia 001f.2421.8687)
MTU 1500 bytes, BW 100000 Kbit, DLY 100usec, reliability 255/255, txload 1/255,
rxload 1/255
Encapsulation ARPA, loopback not set, Keepalive set (10sec)
Auto-duplex, Auto-speed, media type 10/100BaseTX
input flow-control is off, output flow-control is unsupported
SWITCH v1.03-66
Check the reported switches for the blocked port and the STP status.
On switch DSW1 you find that interface Fa0/5 is in err-disabled state and that the STP is not
blocking VLANs:
DSW1#sh spanning-tree blockedports
Name
-------------------- -----------------------------------Number of blocked ports (segments) in the system : 6
DSW1#
sho int fa 0/5
FastEthernet0/5 is down, line protocol is down (err-disabled)
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex, Auto-speed, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
.
Remark: The number of blocked ports can vary.
168
Key Clue: STP on DSW2

Name
Blocked Interface List
--------------------------------------------------------------------------------Number of blocked ports (segments) in the system : 6

DSW2#show int fa0/5
FastEthernet0/5 is down, line protocol is down (notconnect)
MTU 1500 bytes, BW 100000 Kbit, DLY 100usec, reliability 255/255, txload 1/255,
rxload 1/255
SWITCH v1.03-65
You find a similar situation on switch DSW2. Port Fa0/5 is in the notconnect state and the STP is
not blocking VLANs as expected:
Name
-------------------- -----------------------------------Number of blocked ports (segments) in the system : 6
DSW2#sho int fa 0/5
FastEthernet0/5 is down, line protocol is down (notconnect)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
You have a problem with the STP. It is not blocking VLANs as expected.
You will need more information in order to identify the problem. The first place to look is in the
log.
Remark: The number of blocked ports can vary.
Lab Guide
169
Key Clue: Logs on DSW1
SWITCH v1.032
The log on switch DSW1 clearly shows the problem. A security spanning-tree feature, in this
case the BPDU Guard has put the Fa0/5 in error-disabled state because BPDUs appeared on this
interface.
Because it is normal to have BPDUs sent and received on this interface, you should check the
configuration of this interface.
170
Key Clue: Check Fa0/5 on DSW1

DSW1#sh run int fa0/5
Building configurations ...
!
spanning-tree bpduguard enable
end
SW ITCH v1.03-63
Your check of interface Fa0/5 shows the following:

DSW1#sho run int Fa0/5
!
spanning-tree bpduguard enable
end
You find that the BPDU Guard feature is configured on a trunk port.
You have identified a problem.
The next steps involve correction of the mistaken configuration and tests to determine if this is
the problem.
Lab Guide
171
Key Clue: Disable STP bpduguard Fa0/5 on

DSW1
DSW1#conf t
Enter configuration commands, one per line. End with CNTL/Z
DSW1(config)#int fa0/5
DSW1(config)#no spanning-tree bpduguard enable
DSW1(config)#shut
DSW1(config)#no shut
DSW1(config)#exit
DSW1#show int fa0/5
SW ITCH v1.03-64
Make the needed configuration change:

DSW1#conf t
DSW1(config)#int Fa0/5
DSW1(config-if)#no spanning-tree bpduguard enable
DSW1(config-if)#shut
DSW1(config-if)#no shut
DSW1(config-if)#exit
Check the status of the interface:

DSW1#sho int Fa0/5
Verify the status of the STP and verify that the correct VLANs are being blocked to be sure that
you have fixed the right problem.
172
Key Clue: Check STP

Name
-------------------VLAN0004
VLAN0012
VLAN0064
VLAN0066

-----------------------------------Po31, Po32
Po31, Po32
Po31, Po32
Po31, Po32

Name
-------------------VLAN0001
VLAN0003
VLAN0011
VLAN0063
VLAN0065

-----------------------------------Po31, Po32
Po31, Po32
Po31, Po32
Po31, Po32
Po31, Po32

SW ITCH v1.04-53
The checks are successful:

Name
-------------------- -----------------------------------VLAN0004
Po31, Po32
VLAN0012
Po31, Po32
VLAN0064
Po31, Po32
VLAN0066
Po31, Po32
Name
-------------------- -----------------------------------VLAN0001
Po31, Po32
VLAN0003
Po31, Po32
VLAN0011
Po31, Po32
VLAN0063
Po31, Po32
VLAN0065
Po31, Po32
Because the verification has been successful, you must document your findings.
Lab Guide
173

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
174
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
175

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
176

Activity Objective
As the corporate network continues to grow, the demands for expansion, better convergence, and
reliability drive your IT manager to ask you for a solution for the migration toward a Layer 3 core
and distribution design. He insists on using dynamic routing protocol to ease the implementation
of new networks, thus reducing the possibility of mistakes and risks of operation failures. The
specifications given to you by the IT manager clearly include the use of EIGRP as the routing
protocol and implementation of separate networks on the links between the Layer 3 switches. The
distribution switches must become the new gateways and DHCP servers for your access layer.
Once the design is complete, you will connect to your remote lab to implement your solution.
Design a Layer 3 network
Create an implementation requirements list
Create a step-by-step implementation and verification plan
Implement and verify inter-VLAN routing and routing protocols
Lab Guide
177
Required Resources
device. Read the information carefully.
You must configure inter-VLAN routing and a routing protocol in your network. The following
list provides details regarding preparation and routing configuration requirements for all switches
in the company network. Your configuration must implement all of these requirements:
178
Configure all interfaces between the distribution and core switches to become Layer 3 links.
Configure the interfaces between switches DSW1 and DSW2 to become Layer 3 links.
Enable these links.
Configure the links between the core switches and the routers to become Layer 3 links.
Use the networks from the table provided below for the Layer 3 links.
Set up SVI interfaces for data VLANs on both distribution switches according to the
information provided in the Device Information section.
Change the management VLAN on access switches from VLAN 1 to the first data VLAN
(VLAN 3 or VLAN 4 depending on devices). You need to create an SVI for this VLAN. The
IP addresses for your switches will change. For example, if your device VLAN 1 IP address
was in 10.1.1.0/24, VLAN 1 will no longer have an IP address, and the VLAN 3 IP address
will be in 10.1.3.0/24. Apply this rule to all of your devices. Refer to the Device
Information section for information on the IP address that should be used on each switch.
Remove the management VLAN 1 IP address on the distribution switches, because you can
manage them via any routed interface or SVI. Remove the ip default-gateway commands
on the distribution- and core-switches.
Switches DSW1 and DSW2 will be default gateways for the client and the access switches.
Switch DSW1 will be the default gateway for switches ASW1 and client CLT1, switch
DSW2 will be the default gateway for switch ASW2 and client CLT2.
Configure DHCP services on switches DSW1 and DSW2 for networks 10.1.3.0/24 and
10.1.4.0/24. Switch DSW1 must allocate addresses 50 to 99 and DSW2 must allocate
addresses 100 to 149 for each scope. Clients CLT 1 and CLT2 must obtain their IP address
from switch DSW1 or switch DSW2.
Remove DHCP service and subinterfaces from routers R1 and R2.
Configure EIGRP AS 10 on the core and distribution switches and the routers.
Execute the verification plan to ensure IP connectivity.
Device Information
The table provides the Layer 3 information specific to the devices in the network. These subnets
use a /31 (255.255.255.254) mask, using RFC 3021 specifications. Notice that this type of mask
is reserved for point-to-point links, which is the case here:
Device Name
Layer 3 Interface
IP Address
DSW1
Po 31
10.1.253.0/31
DSW1
Po 32
10.1.253.2/31
DSW1
P3
10.1.253.4/31
DSW2
Po 32
10.1.253.6/31
DSW2
Po 31
10.1.253.8/31
DSW2
P3
10.1.253.5/31
CSW1
Po 31
10.1.253.1/31
CSW1
Po 32
10.1.253.9/31
CSW1
Po 33
10.1.253.10/31
CSW1
P1
10.1.253.12/31
CSW1
P2
10.1.253.14/31
CSW2
Po 32
10.1.253.7/31
CSW2
Po 31
10.1.253.3/31
CSW2
Po 33
10.1.253.11/31
CSW2
P1
10.1.253.16/31
CSW2
P2
10.1.253.18/31
R1
P1
10.1.253.13/31
R1
P2
10.1.253.19/31
R2
P1
10.1.253.17/31
R2
P2
10.1.253.15/31
This table provides IP addressing information regarding the SVI interfaces on the switches:
Device
SVI
IP Address
ASW1
VLAN 3
10.1.3.10/24
ASW2
VLAN 4
10.1.4.20/24
DSW1
VLAN 3
10.1.3.1/24
DSW2
VLAN 4
10.1.4.1/24
CSW1
VLAN 3
10.1.3.2/24
CSW2
VLAN 4
10.1.4.2/24
Visual Objective
Lab Guide
179
Lab 4-1: Implementing Inter-VLAN Routing
.8
180
SW ITCH v1.04-38
Command List
Command
Description
channel-group channel-groupnumber mode {auto [non-silent] |

desirable [non-silent] | on} | {active
| passive}
Assigns the port to a channel group, and specifies the PAgP or

the LACP mode.
default-router address [address2 ...

address8]
For mode, select one of these keywords:
autoEnables PAgP only if a PAgP device is detected. It

places the port into a passive negotiating state, in which
the port responds to PAgP packets it receives, but does not
start PAgP packet negotiation.
desirableUnconditionally enables PAgP. It places the

port into an active negotiating state, in which the port starts
negotiations with other ports by sending PAgP packets.
onForces the port to channel without PAgP or LACP. In

the on mode, an EtherChannel exists only when a port
group in the on mode is connected to another port group in
the on mode.
non-silent(Optional) Configure the switch port for

nonsilent operation when the port is in the auto or desirable
mode, if your switch is connected to a partner that is PAgP
capable. If you do not specify non-silent, silent is assumed.
The silent setting is for connections to file servers or packet
analyzers. This setting allows PAgP to operate, to attach
the port to a channel group, and to use the port for
transmission.
activeEnables LACP only if a LACP device is detected.

It places the port into an active negotiating state in which
the port starts negotiations with other ports by sending
LACP packets.
passiveEnables LACP on the port and places it into a

passive negotiating state in which the port responds to
LACP packets that it receives, but does not start LACP
packet negotiation.
(Optional) Specifies the IP address of the default router for a

DHCP client.
The IP address should be on the same subnet as the

client.
One IP address is required; however, you can specify up

to eight IP addresses in one command line. These default
routers are listed in order of preference; that is, address is
the most preferred router, address2 is the next most
preferred router, and so on.
domain-name domain
Specifies the domain name for the client.
configure terminal
Enters global configuration mode from privileged EXEC mode.
Specify a physical port, and enter interface configuration mode.
interface port-channel port-channelnumber
Specify the port-channel logical interface, and enter interface

configuration mode.
ip address ip-address mask
Assigns an IP address and subnet mask to the EtherChannel.
ip routing
Enables IP routing.
Lab Guide
181
Command
Description
ip dhcp excluded-address lowaddress [high-address]
Specifies the IP addresses that the DHCP server should not

assign to DHCP clients.
ip dhcp pool name
Creates a name for the DHCP server address pool and enters
DHCP pool configuration mode.
lease {days [hours] [minutes]|

infinite}
(Optional) Specifies the duration of the lease.

The default is a one-day lease.
The infinite keyword specifies that the duration of the

lease is unlimited.
network network-number [mask |

/prefix-length]
Specifies the subnet network number and mask of the DHCP

address pool.
network network-number
Associates networks with an EIGRP routing process. EIGRP

sends updates to the interfaces in the specified networks.
no auto-summary
(Optional) Disables automatic summarization of subnet routes

into network-level routes.
no ip address
Ensures that there is no IP address assigned to the physical

port.
no switchport
Places the interface into Layer 3 mode.
router eigrp autonomous-system

number
Enables an EIGRP routing process; enter router configuration

mode. The AS number identifies the routes to other EIGRP
routers and tags routing information.
show etherchannel channel-groupnumber detail
Shows your entries.
show ip eigrp interface
Displays the interfaces on which EIGRP is active and

information about EIGRP relating to those interfaces.
show ip protocols
Shows your entries.
show ip route
Displays the current state of the routing table.
Job Aids
182
Value
Location
Blank design requirements list
Task 1
Task 2
Blank implementation and verification plan form
Task 3
Task 4
End of this lab
End of this lab
Solution configuration answer key (step-by-step

procedure)
Task 1: Create a Layer 3 Design

You must create your design for the migration to Layer 3 in the network. You must decide on the
Inter-VLAN routing and on the use of EIGRP as a routing protocol. You must consider the
changes in the links between the core and distribution switches, the changes in DHCP, and the
changes in VTP. Use the table below to create your design.
Complete
Device
SVI Interfaces
Layer 3
Interfaces
Is the Device a
DHCP Server?
EIGRP AS No.
(if applicable)
Lab Guide
183

Inter-VLAN Routing
After you have decided on a design, it is time to create a list in which you will document the
requirements for the successful implementation. Use the following table, the Visual Objective for
this lab, and the Implementation Policy and Device Information sections to create your
implementation requirements list. If you are unsure, use the information in the Hints section at
the end of this lab.
Device
184
High-Level Task
Information Source

The next step in your configuration deployment is to create a task list of each item to be configured
on each device and in what order it is to be configured. The Implementation and Verification Plan
is very important, because it enables you to ensure that all requirements are properly configured
and in the correct order. The task will help you set up configuration checkpoints. Use the plan to
determine how you will verify that each required item was effectively configured. You will move
to the actual implementation in the next task. Use the following table and the Required Resources
section to create the Implementation and Verification Plan. If you are unsure, use the information in
the Hints section at the end of this lab.
Complete
Device
Implementation
Order
Values and Items to

Implement

Expected Results
Lab Guide
185

in the Required Resources section. Use the previous table to document the verifications you
conducted to ensure that your solution is complete. If you are unsure about the verification steps,
use the information in the Hints section at the end of this lab.
186
Student Notes
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
187
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
188

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
189
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
190

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
191
Hints
Lab 4-1 Hint Sheet: Implement Inter-VLAN Routing

Layer 3 Design
Complete
192
Device
SVI
Interfaces
Layer 3 Interfaces
Is the Device
a DHCP
Server?
EIGRP AS
Number (if
applicable)
ASW1
VLAN 3
No
No
No
ASW2
VLAN 4
No
No
No
DSW1
VLANs 3, 4
Po31, Po32, P3
Yes,
10.1.3.0/24
and
10.1.4.0/24
AS 10
DSW2
VLANs 3, 4
Po31, Po32, P3
Yes,
10.1.3.0/24
and
10.1.4.0/24
AS 10
CSW1
No
Po31, Po32, Po33,

P1, P2
No
AS 10
CSW2
No
Po31, Po32, Po33,

P1, P2
No
AS 10
R1
No
P1, P2
No
AS 10
R2
No
P1, P2
No
AS 10
Device
Distribution and core

switches
Layer 3 links between the distribution

and core switches
Distribution switches

switches
Core switches
Layer 3 links between the core

switches
Core switches and

routers

switches and routers.
SVI interfaces
Access and distribution

switches
Change management VLAN
DHCP server

switches
Enable IP routing

switches and routers
EIGRPs
All switches and routers
Verification
Lab Guide
193
194
Device
High-Level Task
Information Source
ASW1
Change the management VLAN.

Requirements
ASW1
Change the default gateway.

Requirements
ASW2

Requirements
ASW2
Change the default gateway.

Requirements
DSW1

and core switches.

Requirements
DSW1

switches.

Requirements
DSW1
SVI interfaces.

Requirements
DSW1

Requirements
DSW1
DHCP server.

Requirements
DSW1
Enable IP routing.

Requirements
DSW1
EIGRP.

Requirements
DSW2

and core switches.

Requirements
DSW2

switches.

Requirements
DSW2
SVI interfaces.

Requirements
DSW2

Requirements
DSW2
DHCP server.

Requirements
DSW2
Enable IP routing.

Requirements
DSW2
EIGRP.

Requirements
CSW1

and core switches.

Requirements
CSW1

switches.

Requirements
CSW1
Layer 3 links between the core switches

and router .

Requirements
CSW1
Enable IP routing.

Requirements
CSW1
EIGRP.

Requirements
Device
High-Level Task
Information Source
CSW2

and core switches.

Requirements
CSW2

switches.

Requirements
CSW2

and routers.

Requirements
CSW2
Enable IP routing.

Requirements
CSW2
EIGRP.

Requirements
R1

and routers.

Requirements
R1
EIGRP.

Requirements
R2

and routers.

Requirements
R2
EIGRP.

Requirements
Lab Guide
195

In this task, you will create an Implementation and Verification Plan. There are several possible
follows.
Complete
Device
Implementation
Order

Expected Results
interface port-channel XX
show interface portchannel
no switchport
ip address
DSW1
1
interface range fast
no switchport
channel-group XX mode on
no switchport
ip address
DSW2
2
no switchport
no switchport
ip address
CSW1
3
no switchport
no switchport
ip address
CSW2
4
no switchport
196
Complete
Device
Implementation
Order

Expected Results
R1
interface fa 0/X
show interface fa 0/x
R1
R2
R2
DSW1
DSW2
10
ASW1
11
ASW2
12
ASW1
13
ip default-gateway
ASW2
14
ip default-gateway
DSW1
15
DSW2
16
ip address
No interface f0/0.Y
show IP interface brief
interface fa 0/X
show interface fa 0/x
ip address
No interface f0/0.Y
show IP interface brief
interface vlan XX
show interface vlan xx
ip address
interface vlan XX
show interface vlan xx
ip address
interface vlan 3
show interface vlan 3
ip address
interface vlan 4
ip address
interface vlan 1
no ip address
interface vlan 1
no ip address
ip dhcp excluded-address
10.1.3.1 10.1.3.49, then 100 to
255
show ip dhcp binding
ip dhcp pool vlan3

network 10.1.3.0
255.255.255.0
DSW1
17
default-router 10.1.3.1
10.1.4.1 10.1.4.49, then
10.1.4.100 to 255
ip dhcp pool vlan4
network 10.1.4.0
255.255.255.0
Lab Guide
197
Complete
Device
Implementation
Order

Expected Results
10.1.3.1 10.1.3.99, then 150 to
255
show ip dhcp binding
ip dhcp pool vlan3

network 10.1.3.0
255.255.255.0
DSW2
18
10.1.4.1 10.1.4.99, then 150 to
255
ip dhcp pool vlan4
network 10.1.4.0
255.255.255.0
DSW1
19
ip routing
show ip route
DSW2
20
ip routing
show ip route
CSW1
21
ip routing
show ip route
CSW2
22
ip routing
show ip route
router eigrp 10
show ip eigrp interfaces
no auto-summary
show ip route
DSW1
23
network 10.1.0.0 0.0.255.255
DSW2
24
router eigrp 10
no auto-summary
show ip route
network 10.1.0.0 0.0.255.255
CSW1
25
router eigrp 10
no auto-summary
show ip route
network 10.1.0.0 0.0.255.255
CSW2
26
router eigrp 10
no auto-summary
show ip route
network 10.1.0.0 0.0.255.255
R1
27
router eigrp 10
no auto-summary
show ip route
network 10.1.0.0 0.0.255.255
R2
28
router eigrp 10
no auto-summary
show ip route
network 10.1.0.0 0.0.255.255
198
Step 1
Connect to the switch DSW1 switch interface in configuration mode:
Step 2

Configure a Layer 3 EtherChannel to switch CSW1 on switch DSW1:
DSW1(config)# interface range fa 0/1

DSW1(config-if)# no switchport
DSW1(config)# interface Port-channel31
DSW1(config-if)# ip address 10.1.253.0
DSW1(config)# interface range fa 0/1
DSW1(config-if)# channel-group 31 mode
255.255.255.254
2
passive
Step 3
In the same manner as seen in Step 2, configure a Layer 3 EtherChannel link on switch
DSW1 to switch CSW2, using interface Po32 and interface range f0/3 to f0/4.
Step 4
Configure a Layer 3 EtherChannel on fa 0/5 on switch DSW1 to switch DSW2:

DSW1(config)# interface fa 0/5
DSW1(config-if)# ip address 10.1.253.4 255.255.255.254
Step 5
Repeat Step 2 on switch DSW2 to configure a Layer 3 EtherChannel link to switch

CSW2, using interface Po32 and interface range f0/1 to f0/2.
Step 6
Repeat Step 2 on switch DSW2 to configure a Layer 3 EtherChannel link to switch

CSW1, using interface Po31 and interface range f0/3 to f0/4.
Step 7
Repeat Step 4 on switch DSW2 to configure a Layer 3 link on f0/5 to switch DSW1.
Step 8
Repeat Step 2 on switch CSW1 to configure a Layer 3 EtherChannel link to switch

CSW2 using interface Po33 and interface range f0/7 to f0/10.
Step 9

DSW1 using interface Po31 and interface range f0/1 to f0/2.
Step 10

Step 11
Repeat Step 4 on switch CSW1 to configure a Layer 3 link to router R1 interface f0/11
and a Layer 3 link to router R2 interface f0/12.
Step 12

CSW1 using interface Po33 and interface range f0/7 to f0/10.
Step 13

Step 14

Step 15
Repeat Step 4 on switch CSW2 to configure a Layer 3 link to router R2 interface f0/11)
and a Layer 3 link to router R1 interface f0/12.
Lab Guide
199
Step 16
Configure router R1 interfaces to switches CSW1 and CSW2:

R1(config)# interface f0/0
R1(config-if)# ip address 10.1.253.13 255.255.255.254
R1(config-if)# no shutdown
R1(config-if)# no interface f0/0.1
R1(config-if)# interface f0/1
R1(config-if)# no shutdown
Step 17
Step 18
Repeat Step 16 on router R2 to configure its interfaces to switches CSW2 and CSW1.
Remove all subinterfaces.
Configure an SVI interface on switch DSW1:
DSW1(config)# interface vlan3
DSW1(config)# interface vlan1
DSW1(config)# no ip address
DSW1(config-if)# shutdown
Step 19
Repeat Step 18 on switch DSW2 to configure SVI VLAN 4.
Step 20
Shutdown SVI interface on switch CSW1:

CSW1(config)# interface vlan1
CSW1(config)# no ip address
CSW1(config-if)# shutdown
Step 21
Repeat Step 20 on switch CSW2.
Step 22
On switch ASW1, move the management IP address from VLAN 1 to VLAN 3:

ASW1(config)# interface vlan1
ASW1(config-if)# no ip address
ASW1(config-if)# interface Vlan3
ASW1(config-if)# ip address 10.1.3.10 255.255.255.0
ASW1(config-if)# no shutdown
Step 23
Change the default gateway on switch ASW1:

ASW1(config)# ip default-gateway 10.1.3.1
Step 24
Step 25
Configure the DHCP server on switch DWS1:

DSW1(config)# ip dhcp excluded-address 10.1.3.1 10.1.3.49
DSW1(config)# ip dhcp pool vlan3
DSW1(dhcp-config)# network 10.1.3.0 255.255.255.0
DSW1(dhcp-config)# default-router 10.1.3.1
Step 26
Step 27
Repeat Step 26 on switch DWS2, excluding 10.1.3.1 to 10.1.3.99 then 10.1.3.150 to

10.1.3.255, and 10.1.4.1 to 10.1.4.99 then 10.1.4.150 to 10.1.4.255. Default-router address for
pool vlan3 is 10.1.3.1 and for pool4 10.1.4.1.
Enable IP routing on switch DSW1:
DSW1(config)# ip routing
200
Step 28
Repeat Step 28 on switches DWS2, CSW1, and CSW2.
Step 29
Configure EIGRP on switch DSW1:
DSW1(config)# router eigrp 10

DSW1(config-router)# network 10.1.0.0 0.0.255.255
Step 30
Repeat Step 30 on switches DWS2, CSW1, and CSW2
Step 31
Verify that you have reachability to all subnets. For example, on DSW1:
DSW1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C
D
D
D
D
C
C
C
D
D
D
D
Step 32
10.0.0.0/8 is variably subnetted, 12 subnets, 2 masks

10.1.3.0/24 is directly connected, Vlan3
10.1.4.0/24 [90/18176] via 10.1.253.3, 01:59:49, Port-channel32
[90/18176] via 10.1.253.1, 01:59:49, Port-channel31
10.1.253.18/31 [90/30720] via 10.1.253.3, 01:59:49, Port-channel32
10.1.253.16/31 [90/30720] via 10.1.253.3, 01:59:49, Port-channel32
10.1.253.6/31 [90/17920] via 10.1.253.3, 01:59:49, Port-channel32
10.1.253.4/31 is directly connected, FastEthernet0/5
10.1.253.2/31 is directly connected, Port-channel32
10.1.253.14/31 [90/30720] via 10.1.253.1, 01:59:53, Port-channel31
10.1.253.12/31 [90/30720] via 10.1.253.1, 01:59:53, Port-channel31
10.1.253.10/31 [90/17920] via 10.1.253.3, 01:59:53, Port-channel32
[90/17920] via 10.1.253.1, 01:59:53, Port-channel31
10.1.253.8/31 [90/17920] via 10.1.253.1, 01:59:55, Port-channel31
Repeat Step 30 on routers R1 and R2.
Lab Guide
201
Lab 4-2: Troubleshooting Inter-VLAN Routing

Activity Objective
In this activity, you must analyze, locate, and fix Layer 3 problems in your network, caused by
misconfiguration or incorrect design. After this activity, you will be able to meet these objectives:
Develop a work plan to troubleshoot configuration and inter-VLAN routing issues
Isolate the causes of the problems
Correct all of the identified routing issues
Test the corrections made
Document and report the troubleshooting findings and recommendations
Visual Objective
The figure illustrates what needs to be accomplished in this activity.

Inter-VLAN Routing
202
SWITCH v1.037
Command List
Command
Description
configure terminal
router eigrp autonomous-system

number
Enable an EIGRP routing process, and enter router

configuration mode. The AS number identifies the routes to
other EIGRP routers and tags routing information.
network network-number
Associate networks with an EIGRP routing process. EIGRP

sends updates to the interfaces in the specified networks.
no auto-summary
(Optional) Disable automatic summarization of subnet routes

into network-level routes.
show ip protocols
Verify your entries.
show ip eigrp interface
Displays the interfaces on which EIGRP is active and

information about EIGRP relating to those interfaces.
show ip route
Display the current state of the routing table.
show ip eigrp neighbors
Display eigrp neighbors information
show interfaces interface-id trunk
Display the trunk configuration of the interface.
Job Aids
Trouble Tickets
Troubleshooting Log
Lab Guide
203
Trouble Ticket A: Missing Routes on Some Switches

After the lunch break you find out that some end users are not able to connect to router R1 or R2.
A colleague of yours, who has being playing with the network management system in the
morning, looks a bit nervous. He confesses that he has tried to manage the switches. You must
correct this problem quickly because the normal operation of the network must be restored.
Verify that all routes are visible on all your switches.
Trouble Ticket B: Troubleshoot EIGRP on Layer 3 Switches

You conducted tests regarding EIGRP on the new network and determine that some switches do
not seem to have the same routing table as others. This is an unusual situation. You must
investigate and find out where you have a problem and what it is. During your investigations you
determine, from the log of the RADIUS server, that your boss, the IT manager, logged to several
switches and made some reconfigurations. You wonder if this created the issue. Verify your
switches and make sure the routing works properly, and that the switches exchange routes.
Trouble Ticket C: Disappearing Routes and VLANs

You are again in serious trouble. Someone has made changes on the devices, which is a
continuing problem in the company. At this point, you do not even care who is responsible; you
just want to fix the problem because clients do not have connectivity. You check the routers and
see that everything is normal. Verify that all routes are seen by all switches, and that clients in all
VLANs can ping router R1 and R2 IP addresses in all VLANs.
Instructions
As you see from the troubleshooting tickets, this troubleshooting lab contains three types of
issues:
Trouble Ticket A involves lost connectivity problems to a specific subnet. ( Use for all
switches the alias command init-4-2-A, on the routers init-4_2-5_1 and reload
afterwards each device with this new configuration ).
Trouble Ticket B involves problems with the routing protocol. ( Use for all switches the
alias command init-4-2-Band reload afterwards each device with this new
configuration ) .
Trouble Ticket C involves problems with trunk misconfiguration. ( Use for all switches the
alias command init-4-2-C and reload afterwards each device with this new
configuration ).
Each ticket involves several switches, so the whole team must work together to solve the
problems on each switch. Together with your team members, create a troubleshooting plan to
divide the work, assign appropriate roles to each team member, and coordinate device access
among the team members. Document your progress in the Troubleshooting Log provided below
to help facilitate efficient communication within the team and to have an overview of your
Because different teams work at different speeds, the tickets in this lab are separated. To prepare
the lab for this exercise use the instructions above or ask your instructor how to initiate Trouble
Ticket A. After the instructor indicates that the lab is fully prepared, you are ready to start
troubleshooting.
204
Once you fix the issue in Trouble Ticket A, ask your instructor if time is left for you to move on
to the next ticket. If time allows, use the instructions above or ask your instructor how to initiate
Trouble Ticket B. After the instructor indicates that the lab is fully prepared, you are ready to
start troubleshooting.
Repeat the same process for Trouble Ticket C, if time allows.
Lab Guide
205
Troubleshooting Log
Trouble
Ticket
206
Actions and Results
Trouble
Ticket
Actions and Results
Lab Guide
207
Trouble
Ticket
208
Actions and Results
Trouble
Ticket
Actions and Results
Lab Guide
209
Trouble Ticket A:
Verify that Client CLT1 and Client CLT2 can ping all network devices.
Trouble Ticket B:
Verify that Layer 3 switches have EIGRP adjacencies with each other.
Trouble Ticket C:
210
Verify that Client CLT1 and Client CLT2 can ping all network devices.
Trouble Ticket A: Sample Troubleshooting Flow

SW ITCH v1.02-57
First, verify that you can successfully ping the gateway. This means that you have connectivity to
the gateway, which is the DSW1 switch.
When you try to ping to a core switch from client CLT1, the ping fails. This can indicate one of
two thingsyou are not allowed to connect or you do not have a path to this device. As you have
been able to connect previously, the first possibility is eliminated. If you do not have the path to
this device, you are also missing the route to the device.
These simple tests lead you to conclude that you do not have connectivity to the core switches
and the servers beyond them. This is most likely due to a routing problem, because you can reach
the distribution switch DSW1, which is your default gateway.
The same situation occurs for connections from client CLT2 to switches DSW2 and CSW2:
pings to switch DSW2 work, but pings to switch CSW2 fail.
This leads you to check the routing on the Layer 3 distribution switches DSW1 and DSW2.
Lab Guide
211
Key Clue: DSW1 Routing Configuration (Cont.)

Check routing protocols on DSW1
DSW1#sh ip protocols
*** IP Routing is NSF aware ***
DSW1#
SWITCH v1.039
Your troubleshooting work continues on switches DSW1 and DSW2. The example in the figure
shows only the display on switch DSW1 because the steps and work on switch DSW2 are the
same.
You verify the routing protocols, which were configured in the previous lab, and find out whether
the EIGRP is working properly.
You conclude that you have no working routing protocol EIGRP.
212
SWITCH v1.040
Your next step is to verify the routes on the switch.

DSW1#sh ip route
Default gateway is not set
Host
Gateway
ICMP redirect cache is empty
Last Use
Total Uses
Interface
You see that the routing table is empty.

Your conclusion is that the routes at all. Because this is a Layer 3 switch, where you can turn the
routing functionality on and off, you proceed to configure the ip routing to enable it.
Lab Guide
213
SWITCH v1.041
To fix the problem, go into configuration mode and issue the following commands:
DSW1#conf t
DSW1(config)#ip routing
DSW1(config)#router eigrp 10
DSW1(config)#network 10.1.0.0 0.0.255.255
The ip routing command enables the Layer 3 functionality on a Layer 3 switch and afterwards
you can enable EIGRP routing.
214
Key Clue: DSW1 Routing Configuration (cont.)

Check routing table on DSW1
DSW1#sh ip route
C
10.1.4.0/24 [90/18176] via 10.1.253.3, 00:05:59, Port-channel32
10.1.253.18/31 [90/30720] via 10.1.253.3, 00:05:59, Port-channel32
10.1.253.16/31 [90/30720] via 10.1.253.3, 00:05:59, Port-channel32
10.1.253.6/31 [90/17920] via 10.1.253.3, 00:05:59, Port-channel32
[90/18176] via 10.1.253.1, 00:05:59, Port-channel31
10.1.253.4/31 is directly connected, FastEthernet0/5
SW ITCH v1.02-56
Verify that you have accurately identified the problem and that your solution is correct. Check
the routing table again:
show ip route
C
D
10.1.1.0/24 [90/18176] via 10.1.253.9, 3d21h, Port-channel31
[90/18176] via 10.1.253.3, 3d21h, Port-channel32
Everything is now correct on the switch.

For the next verification, go on the client CLT1 and carry out the same tests you performed on
switch DSW1. Try to release and renew the IP address. After successfully acquiring the network
settings, try a ping to the default gateway. After pinging the default gateway, try to connect to
one of the core switches and a router.
Lab Guide
215

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
216
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
217
Trouble Ticket B: Sample Troubleshooting Flow

Key Clue: EIGRP on CSW1 and CSW2

CSW1#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(20)
H
Address
Interface
RTO Q Seq
Cnt Num
0
10.1.253.8
1116 0 3
Po32

H
Address
Interface
RTO Q Seq
Cnt
2
200
1
200
0
200
Num
10.1.253.2
0 55
10.1.253.19
0 121
10.1.253.17
0 117
Hold Uptime
SRTT
(sec)
(ms)
12 00:01:34
186
Hold Uptime
SRTT
(sec)
(ms)
Po31
14 00:45:50
Fa0/12
12 01:17:19
Fa0/11
14 02:15:47
SWITCH v1.04-52
After you analyze the preliminary data, your logical next step is to log in to switch CSW1 and
check the routing.
Your verification shows that the EIGRP neighbor table contains not all expected neighbors..
When you check the status of the EIGRP, everything is normal.
The routing configuration on switches CSW1 and CSW2 must be identical because they provide
routing redundancy in the network. When you check the neighbor table on switch CSW2, you see
no neighborship to CSW1.
This leads you to the conclusion that there must be differences in the EIGRP configurations of
the two core switches.
When you examine switches DSW1 and DSW2, you also see similar differences.
218
Key Clue: EIGRP Reconfiguration on CSW1

CSW1#conf t
CSW1(config)#no router eigrp 20
CSW1(config)#router eigrp 10
CSW1(config-router)#network 10.1.0.0 0.0.255.255
CSW1(config-router)#^Z
CSW1#
H Address
Interface
Hold Uptime SRTT RTO Q Seq

(sec)
(ms)
Cnt Num
4 10.1.253.8
Po32
13 00:00:30
14
200
3 10.1.253.11
Po33
12 00:00:30
200
18
65
2 10.1.253.13
Fa0/11
12 00:00:30
12
200
28
1 10.1.253.15
Fa0/12
13 00:00:30
12
200
28
0 10.1.253.0
Po31
12 00:00:30
14
200
15
CSW1#
SW ITCH v1.02-56
After you find the differences in the EIGRP configurations, your next step is to correct the
configuration on switch CSW1:
CSW1#conf t
CSW1(config)#no router eigrp 20
CSW1(config)#router eigrp 10
CSW1(config-router)# network 10.1.0.0 0.0.255.255
EIGRP-IPv4:(10) neighbors for process 10
H
Address
Interface
Hold Uptime
SRTT RTO Q Seq
(sec)
(ms)
Cnt Num
1
10.1.253.0
Po31
13 00:32:44 196 1176 0 283
3
10.1.253.15
Fa0/11
11 00:32:10 13
200 0 40
2
10.1.253.17
Fa0/12
14 00:32:20 1
200 0 41
4
10.1.253.4
Po32
10 00:32:18 1
200 0 49
5
10.1.253.11
Po33
10 00:32:22 1
200 0 49
You find that the EIGRP AS number is incorrect.

Correct the issue in the same way on switch DSW2.
After the correction of the problem, verify that the EIGRP is back to normal.
Lab Guide
219

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
220
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
221
Trouble Ticket C: Sample Troubleshooting Flow

Key Clue: DSW1 to PC1 Connectivity

DSW1#ping 10.1.3.50
.....
DSW1#
DSW1#show interfaces FastEthernet 0/6 trunk

Port
vlan
Fa0/6
Mode
Encapsulation
Status
Native
on
802.1q
trunking
Port
Fa0/6
Vlans allowed on trunk

1,3-4,11-12,14,63-66
Port
Fa0/6
Vlans allowed and active in management domain

1,3-4,11-12,63-66
Port
Fa0/6
Vlans in spanning tree forwarding state and not pruned

1,3-4,11-12,63-66
SWITCH v1.045
You find a problem with client CLT1 connectivity, and client CLT2 has the same issue.
This flow shows how to solve the client CLT1 connectivity issue. The client CLT 2 connectivity
is solved by using the same process.
To exclude deeper network problems, check the connectivity to client CLT1 from switch DSW1.
Again, you see that there is a failure.
Between client CLT1 and switch DSW1 there is only the ASW1 switch. The logical next step is
to verify the links between these two switches.
When you check the trunk configuration on the interface pointing to the ASW1 switch, you can
confirm that all VLANs are present.
222
Key Clue: ASW1 Trunk to DSW1

ASW1#sh interface FastEthernet 0/1 trunk
Port
Mode
Native vlan
Fa0/1
on
Encapsulation
Status
802.1q
trunking
Port
Fa0/1

1,11,63,65
Port
Fa0/1

1,11,63,65
Port
pruned
Fa0/1
ASW1#
Vlans in spanning tree forwarding state and not
1,11,63,65
SWITCH v1.04-52
Next, concentrate on the ASW1 switch because the evidence indicates that the problem must be
on that switch.
To finish the check that you started on switch DSW1, check the trunk configuration on the
interfaces pointing to switch DSW1.
You find out that VLAN 3, which is the VLAN where client CLT1 resides, is absent.
When checking switch ASW2, you find that VLAN 4, which is the client CLT2 VLAN, is also
absent from the switch ASW2 trunk to switch DSW2.
Lab Guide
223
Key Clue: Configure ASW1

ASW1#conf t
Enter configuration commands, one per line. End with CNTL/Z
ASW1(config)# interface range FastEthernet 0/1 2
ASW1(config-if)# switch trunk allowed vlan add 3
ASW1#sh interface FastEthernet 0/1 trunk
Port
Mode
Native vlan
Fa0/1
on
Encapsulation
Status
802.1q
trunking
Port
Fa0/1

1,3,11,63,65
Port
Fa0/1

1,3,11,63,65
Port
pruned
Fa0/1
ASW1#
Vlans in spanning tree forwarding state and not

1,3,11,63,65
SWITCH v1.04-52
To fix the problem, allow the needed VLANs on both interfaces to point to switches DSW1 and
DSW2:
ASW1#conf t
ASW1(config)#interface range fastEthernet 0/1 - 2
ASW1(config-if)# switchport trunk allowed vlan add 3
After the changes are made, verify that they are correct:
ASW1#show interfaces fastEthernet 0/1 trunk
Port
Mode
Encapsulation Status
Native vlan
Fa0/1
on
802.1q
trunking
1
Port
Fa0/1
1-4094
Port
Fa0/1
1,3,11,63,65
In the same way, add VLAN 4 to the switch ASW2 trunk to switch DSW2.
224

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
225
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
226

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
227
Lab 5-1: Implementing High Availability and

Reporting in a Network Design
Complete this lab activity to confirm your knowledge on the topics of high availability and
reporting.
Activity Objective
The dynamics of administering a large network often prevent a daily verification of the state and
activity on each device. This is why a solution is needed that implements logs from different
devices that are gathered in a single place. In this lab, you will implement such a solution. To
achieve this goal, you will configure your switches to send information to a syslog and an SNMP
server. To respond to the need for monitoring the network state, you will also implement an IP
SLA-based solution. Once the design is complete, you will connect to your remote lab to
implement your solution. After completing this activity, you will be able to meet these objectives:
228
Design a high availability solution consisting of a syslog, SNMP reporting, and an IP SLA
solution
Implement and verify your solution
Required Resources
You must configure SNMP, syslog, and IP SLA in your network. The following list details
preparation and configuration requirements for all switches in the company network. Your
configuration must implement all requirements:
Configure switches ASW1, DSW1, CSW1, and router R1 to send syslog information to client
CLT1.
Configure switches ASW2, DSW2, CSW2, and router R2 to send syslog information to client
CLT2.
On all switches and routers, configure the level of syslog messages to be informational.
Configure switches ASW1, DSW1, CSW1, and router R1 to send SNMP traps to client
CLT1.
Configure switches ASW2, DSW2, CSW2 and router R2 to send SNMP traps to client
CLT2.
Configure your switches to send relevant server information concerning configuration

changes, VLAN membership, and interface status that has been changed to error-disable to
the SNMP server. Configure your routers to send relevant server information on
configuration changes to the SNMP server. In both cases you should use the default SNMP
version with Read-only community.
Configure IP SLA on switches ASW1, ASW2, CSW1, and CSW2. Configure ICMP probes
for the IP SLA between switches ASW1 and CSW1. Switch ASW1 should probe switch
CSW1, and CSW1 should probe switch ASW1.
Configure ICMP probes for the IP SLA between switches ASW2 and CSW2. Switch ASW2
should probe switch CSW2, and switch CSW2 should probe switch ASW2.
Execute the verification plan to ensure IP connectivity.
Lab Guide
229
Device Information
The table provides information about SNMP, syslog, and IP SLA:
Device Name
Send to
Syslog?
Syslog
Server
Send to
SNMP
Server?
SNMP
Server
IP SLA To
Switch
ASW1
Yes
CLT1
Yes
CLT1
CSW1
ASW2
Yes
CLT2
Yes
CLT2
CSW2
DSW1
Yes
CLT1
Yes
CLT1
DSW2
Yes
CLT2
Yes
CLT2
CSW1
Yes
CLT1
Yes
CLT1
ASW1
CSW2
Yes
CLT2
Yes
CLT2
ASW2
R1
Yes
CLT1
Yes
CLT1
R2
Yes
CLT2
Yes
CLT2
Visual Objective
Visual Objective for Lab 5-1: Implement HA in

a Network Design
230
SWITCH v1.048
Command List
Command
Description
access-list access-list-number {deny

| permit} source [source-wildcard]
If you specified an IP standard access list number in the

previous step, then create the list, repeating the command as
many times as necessary.
For access-list-number, enter the access list number

specified in previous step.
The deny keyword denies access if the conditions are

matched. The permit keyword permits access if the
conditions are matched.
For source, enter the IP address of the SNMP managers

that are permitted to use the community string to gain
access to the agent.
(Optional) For source-wildcard, enter the wildcard bits in

dotted decimal notation to be applied to the source. Place
ones in the bit positions that you want to ignore.
frequency seconds
(Optional) Set the rate at which a specified IP SLA operation

repeats. The range is from 1 to 604800 seconds; the default is
60 seconds.
icmp-echo {destination-ip-address |
destination-hostname} [source-ip {ipaddress | hostname} | sourceinterface interface-id]
Configure the IP SLA operation as an ICMP echo operation and

enter ICMP echo configuration mode.
destination-ip-address | destination-hostnameSpecify
the destination IP address or hostname.
(Optional) source-ip {ip-address | hostname}Specify

the source IP address or hostname. When a source IP
address or hostname is not specified, IP SLAs choose the
IP address nearest to the destination.
(Optional) source-interface interface-idSpecify the

source interface for the operation.
Lab Guide
231
Command
Description
ip sla monitor schedule operationnumber [life {forever | seconds}]

[start-time {hh:mm [:ss] [month day |
day month] | pending | now | after
hh:mm:ss] [ageout seconds]
[recurring]
Configure the scheduling parameters for an individual IP SLA

operation.
operation-numberEnter the Cisco IOS IP SLA entry

number.
(Optional) lifeSet the operation to run indefinitely

(forever) or for a specific number of seconds. The range is
from 0 to 2147483647. The default is 3600 seconds (1
hour).
(Optional) start-timeEnter the time for the operation to

begin collecting information:
To start at a specific time, enter the hour, minute,
second (in 24-hour notation), and day of the month. If
no month is entered, the default is the current month.
Enter pending to select no information collection until

a start time is selected.
Enter now to start the operation immediately.

Enter after hh:mm:ss to show that the operation
should start after the entered time has elapsed.
(Optional) ageout secondsEnter the number of

seconds to keep the operation in memory when it is not
actively collecting information. The range is 0 to 2073600
seconds; the default is 0 seconds (never ages out).
(Optional) recurringSet the operation to automatically

run every day.
ip sla operation-number
Create a IP SLA operation, and enter IP SLA configuration

mode.
ip sla responder {tcp-connect |

udp-echo} ipaddress ip-address
port port-number
Configure the switch as an IP SLA responder.

The optional keywords have these meanings:
tcp-connectEnable the responder for TCP connect

operations.
udp-echoEnable the responder for User Datagram

Protocol (UDP) echo or jitter operations.
ipaddress ip-addressEnter the destination IP address.
port port-numberEnter the destination port number.
Note The IP address and port number must match those

configured on the source device for the IP SLA operation.
logging buffered [size]
Log messages to an internal buffer on the switch.
logging host
Log messages to a UNIX syslog server host.

For host, specify the name or IP address of the host to be used
as the syslog server.
232
Command
Description
line [console | vty] line-number

[ending-line-number]
Specify the line to be configured for synchronous logging of

messages.
logging synchronous [level

[severity-level | all] | limit number-ofbuffers]
Use the console keyword for configurations that occur

through the switch console port.
Use the line vty line-number command to specify which

vty lines are to have synchronous logging enabled. You
use a vty connection for configurations that occur through a
Telnet session. The range of line numbers is from 0 to 15.
Enable synchronous logging of messages.
(Optional) For level severity-level, specify the message

severity level. Messages with a severity level equal to or
higher than this value are printed asynchronously. Low
numbers mean greater severity and high numbers mean
lesser severity. The default is 2.
(Optional) Specifying level all means that all messages

are printed asynchronously regardless of the severity level.
(Optional) For limit number-of-buffers, specify the

number of buffers to be queued for the terminal after which
new messages are dropped. The range is 0 to
2147483647. The default is 20.
no logging console
Disable message logging.
show ip sla responder
Verify the IP SLA responder configuration on the device.
show ip sla statistics
Displays information about the IP SLA tests.
show ip sla configuration

[operation-number]
(Optional) Display configuration values, including all defaults for

all IP SLA operations or a specified operation.
show snmp
Displays SNMP statistics.
snmp-server community string

[view view-name] [ro | rw] [accesslist-number]
Configure the community string.
snmp-server engineID {local

engineid-string | remote ip-address
[udp-port port-number] engineidstring}
For string, specify a string that acts like a password and

permits access to the SNMP protocol. You can configure
one or more community strings of any length.
(Optional) For view, specify the view record accessible to

the community.
(Optional) Specify either read-only (ro) if you want

authorized management stations to retrieve MIB objects, or
specify read-write (rw) if you want authorized management
stations to retrieve and modify MIB objects. By default, the
community string permits read-only access to all objects.
(Optional) For access-list-number, enter an IP standard

access list numbered from 1 to 99 and 1300 to 1999.
Configure a name for either the local or remote copy of SNMP.
The engineid-string is a 24-character ID string with the

name of the copy of SNMP. You need not specify the entire
24-character engine ID if it has trailing zeros. Specify only
the portion of the engine ID up to the point where only
zeros remain in the value. For example, to configure an
engine ID of 123400000000000000000000, you can enter
this: snmp-server engineID local 1234.
If you select remote, specify the ip-address of the device

that contains the remote copy of SNMP and the optional
User Datagram Protocol (UDP) port on the remote device.
The default is 162.
Lab Guide
233
Command
Description
snmp-server group groupname {v1 |

v2c | v3 {auth | noauth | priv}} [read
readview] [write writeview] [notify
notifyview] [access access-list]
Configure a new SNMP group on the remote device.

For groupname, specify the name of the group.
Specify a security model:
v1 is the least secure of the possible security models.
v2c is the second least secure model. It allows

transmission of informs and integers twice the normal
width.
v3, the most secure, requires you to select an

authentication level:
AuthEnables the Message Digest 5 (MD5) and the

Secure Hash Algorithm (SHA) packet authentication.
NoauthEnables the noAuthNoPriv security level. This

is the default if no keyword is specified.
PrivEnables Data Encryption Standard (DES) packet

encryption (also called privacy).
(Optional) Enter read readview with a string (not to

exceed 64 characters) that is the name of the view in which
you can only view the contents of the agent.
(Optional) Enter write writeview with a string (not to

you enter data and configure the contents of the agent.
(Optional) Enter notify notifyview with a string (not to

you specify a notify, inform, or trap.
(Optional) Enter access access-list with a string (not to

exceed 64 characters) that is the name of the access list.
snmp-server host host-addr
Specify the recipient of an SNMP trap operation.
[informs | traps] [version {1 | 2c | 3

{auth | noauth | priv}}] communitystring [notification-type]
For host-addr, specify the name or Internet address of the

host (the targeted recipient).
(Optional) Enter informs to send SNMP informs to the

host.
(Optional) Enter traps (the default) to send SNMP traps

to the host.
(Optional) Specify the SNMP version (1, 2c, or 3).

SNMPv1 does not support informs.
(Optional) For Version 3, select authentication level auth,

noauth, or priv.
For community-string, when version 1 or version 2c is

specified, enter the password-like community string sent
with the notification operation. When version 3 is specified,
enter the SNMPv3 username.
(Optional) For notification-type, enter snmp-server enable

traps.
snmp-server enable traps

notification-types
234
Enable the switch to send traps or informs and specifies the

type of notifications to be sent.
Command
Description
udp-jitter {destination-ip-address |
destination-hostname} destinationport [source-ip {ip-address |
hostname}] [source-port portnumber] [control {enable | disable}]
[num-packets number-of-packets]
[interval interpacket-interval]
Configure the IP SLA operation as a UDP jitter operation, and

enter UDP jitter configuration mode.
destination-ip-address | destination-hostnameSpecify
the destination IP address or hostname.
destination-portSpecify the destination port number in

the range from 1 to 65535.
(Optional) source-ip {ip-address | hostname}Specify

the source IP address or hostname. When a source IP
address or hostname is not specified, IP SLAs choose the
IP address nearest to the destination.
(Optional) source-port port-numberSpecify the source

port number in the range from 1 to 65535. When a port
number is not specified, IP SLAs choose an available port.
(Optional) controlEnable or disable sending of IP SLA

control messages to the IP SLA responder. By default, IP
SLA control messages are sent to the destination device to
establish a connection with the IP SLA responder.
(Optional) num-packets number-of-packetsEnter the

number of packets to be generated. The range is 1 to 6000;
the default is 10.
(Optional) interval inter-packet-intervalEnter the

interval between sending packets in milliseconds. The
range is 1 to 6000; the default value is 20 ms.
Job Aids
Value
Location
Task 1
Task 2
Task 3
End of this lab
End of this lab

procedure)
Lab Guide
235
Task 1: Create an Implementation Requirement List for High

Availability and Reporting
After you have analyzed the information in the Required Resources section, your first task is to
create a list where you will document the requirements for a successful implementation. Use the
following table, the Visual Objective for this lab, and the Implementation Policy and Device
Information sections to create your implementation requirements list. If you are unsure, use the
Device
236
High-Level Task
Information Source

end of this lab.
Complete
Device
Implementation Order
Values and Items to

Implement

Expected Results
Lab Guide
237

is implemented, verify that your configuration is working and fulfills the requirements specified.
Use the previous table to document the verifications you conducted to ensure that your solution is
complete. However, if you need help, this section contains a series of hints to help you complete
the lab.
238
Student Notes
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
239
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
240

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
241
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
242

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
243
Hints
Lab 5-1 Hint Sheet: Implementing High Availability and Reporting in a Network Design
Device
Syslog server
SNMP
ASW1 and CSW1
IP SLA
ASW2 and CSW2
IP SLA
Verification
Device
244
High-Level Task
Information Source
ASW1
Syslog server
Visual Objective, Design and Implementation Requirements
ASW1
SNMP
ASW1
IP SLA
ASW2
Syslog server
ASW2
SNMP
ASW2
IP SLA
DSW1
Syslog server
DSW1
SNMP
DSW2
Syslog server
DSW2
SNMP
CSW1
Syslog server
CSW1
SNMP
CSW1
IP SLA
CSW2
Syslog server
CSW2
SNMP
CSW2
IP SLA
R1
Syslog server
R1
SNMP
R2
Syslog server
R2
SNMP

In the Task 2, you will create an Implementation and Verification Plan. There are several
possible correct solutions. One possible approach groups items that are common to all switches in
a template and then applies the template to all switches. You can then configure each switch with
follows.
Complete
Device
Implementation
Order
Values and Items to

Implement

Expected Results
ASW1
logging on
show logging
ASW1
logging 10.1.3.50
show logging
ASW1
logging traps
informational
show logging
ASW2
logging on
show logging
ASW2
logging 10.1.4.100
show logging
ASW2
logging traps
informational
show logging
DSW1
logging on
show logging
DSW1
logging 10.1.3.50
show logging
DSW1
logging traps
informational
show logging
DSW2
10
logging on
show logging
DSW2
11
logging 10.1.4.100
show logging
DSW2
12
logging traps
informational
show logging
CSW1
13
logging on
show logging
CSW1
14
logging 10.1.3.50
show logging
CSW1
15
logging traps
informational
show logging
CSW2
16
logging on
show logging
CSW2
17
logging 10.1.4.100
show logging
CSW2
18
logging traps
informational
show logging
ASW1
19
snmp-server enable
traps errdisable
show snmp
ASW1
20
snmp-server enable
traps config
show snmp
ASW1
21
snmp-server enable
traps vlan-membership
show snmp
ASW1
23
snmp-server
community ciscor ro
show snmp
ASW1
24
snmp-server host
10.1.3.50 traps ciscor
show snmp
Lab Guide
245
Complete
Device
Implementation
Order
Values and Items to

Implement

Expected Results
ASW2
25
snmp-server enable
traps errdisable
show snmp
ASW2
26
snmp-server enable
traps config
show snmp
ASW2
27
snmp-server enable
show snmp
ASW2
28
snmp-server
community ciscor ro
show snmp
ASW2
29
snmp-server host
show snmp
30
snmp-server enable
traps errdisable
show snmp
31
snmp-server enable
traps config
show snmp
32
snmp-server enable
show snmp
33
snmp-server
community ciscor ro
show snmp
34
snmp-server host
show snmp
35
snmp-server enable
traps errdisable
show snmp
36
snmp-server enable
traps config
show snmp
37
snmp-server enable
show snmp
38
snmp-server
community ciscor ro
show snmp
39
snmp-server host
show snmp
40
snmp-server enable
traps errdisable
show snmp
41
snmp-server enable
traps config
show snmp
42
snmp-server enable
show snmp
43
snmp-server
community ciscor ro
show snmp
44
snmp-server host
show snmp
45
snmp-server enable
traps errdisable
show snmp
46
snmp-server enable
traps config
show snmp
47
snmp-server enable
show snmp
DSW1
DSW1
DSW1
DSW1
DSW1
DSW2
DSW2
DSW2
DSW2
DSW2
CSW1
CSW1
CSW1
CSW1
CSW1
CSW2
CSW2
CSW2
246
Complete
Device
Implementation
Order
Values and Items to

Implement

Expected Results
48
snmp-server
community ciscor ro
show snmp
49
snmp-server host
show snmp
50
snmp-server enable
traps config
show snmp
51
snmp-server
community ciscor ro
show snmp
52
snmp-server host
show snmp
53
snmp-server enable
traps config
show snmp
54
snmp-server
community ciscor ro
show snmp
55
snmp-server host
show snmp
ASW1
56
Ip sla 1
ASW1
57
Icmp-echo 10.1.253.1
ASW1
58
ip sla schedule 1 life

forever start-time now
ASW2
59
Ip sla 1
ASW2
60
Icmp-echo 10.1.253.7
ASW2
61

CSW1
62
Ip sla 1
CSW1
63
Icmp-echo 10.1.3.1
CSW1
64

CSW2
65
Ip sla 1
CSW2
66
Icmp-echo 10.1.4.2
CSW2
67

CSW2
CSW2
R1
R1
R1
R2
R2
R2
Lab Guide
247
Step 1
Connect to the ASW1 switch interface in configuration mode:
Step 2

Configure the syslog server on switch ASW1:
ASW1(config)# logging on
ASW1(config)# logging 10.1.3.50
ASW1(config)# logging trap informational
Step 3
Repeat Steps 1 and 2 on switches ASW2, DSW1, DSW2, CSW1, and CSW2, and on
routers R1 and R2 using the appropriate IP addresses of the syslog server. Verify the syslog
server configuration; for example, on switch DSW1:
DSW1#show logging
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0
flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: disabled

Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 1022 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
File logging: disabled
Persistent logging: disabled
Trap logging: level informational, 1000 message lines logged
Logging to 10.1.3.51 (udp port 514, audit disabled,
authentication disabled, encryption disabled, link up),
150 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Step 4
Configure SNMP on switch ASW1:

ASW1(config)# snmp-server community ciscor ro
ASW1(config)# snmp-server host 10.1.3.50 traps ciscor
ASW1(config)# snmp-server enable traps errdisable
ASW1(config)# snmp-server enable traps config
ASW1(config)# snmp-server enable traps vlan-membership
248
Step 5
Repeat Step 4 on switches ASW2, DSW1, DSW2, CSW1, and CSW2. On routers R1 and
R2, repeat Step 4 without errdisable and without vlan-membership. Verify the SNMP
configuration; for example, on CSW1:
CSW1#show snmp
Chassis: FDO1310X136
0 SNMP packets input
0 Bad SNMP version errors
0 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
0 Number of requested variables
0 Number of altered variables
0 Get-request PDUs
0 Get-next PDUs
0 Set-request PDUs
0 Input queue packet drops (Maximum queue size 1000)
5 SNMP packets output
0 Too big errors (Maximum packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
0 Response PDUs
5 Trap PDUs
SNMP global trap: disabled
SNMP logging: enabled
Logging to 10.1.3.51.162, 0/10, 5 sent, 0 dropped.
SNMP agent enabled
Step 6
Configure IP SLA on switch ASW1:

ASW1(config)# ip sla 1
ASW1(config-ip-sla)#icmp-echo 10.1.253.1
ASW1(config)# ip sla schedule 1 life forever start-time now
Step 7
Repeat Step 6 on switches CSW1, ASW2, and CSW2 with the appropriate IP addresses.
Verify that the IP SLA test is running:
CSW1#show ip sla statistics
Round Trip Time (RTT) for
Index 1
Latest RTT: 1 ms
Latest operation start time: *22:24:34.231 eastern Fri Mar 5 1993
Latest operation return code: OK
Number of successes: 290
Number of failures: 0
Operation time to live: Forever
Lab Guide
249

Complete this lab activity to practice what you learned in the related module..
Activity Objective
The Cisco account manager for your company has become a friend of yours. Once, while having
a friendly chat with him and an engineer from Cisco, the engineer mentioned the need for a
network to have a redundancy mechanism implemented. You like the idea because you do not
want to take unnecessary risks. You dig deep into the documentation and find out about the
existence of a protocol called Hot Standby Router Protocol (HSRP). After an informal discussion
with your IT manager, he tells you to proceed with the project, but asks you to demonstrate
HSRP in a step-by-step manner so he can understand the various features and how it really
works. As you leave him, you realize the need to create a design, implementation plan, and
perform the reconfiguration. Once the design is complete, you will connect to your remote lab to
implement your solution. After completing this activity, you will be able to meet these objectives:
250
Design an HSRP solution
Required Resources
device. Read the information carefully. ( To prepare the routers for this lab, use the alias
command init-6_1-6_2 ).
You must configure HSRP in your network. The following list details preparation and
You must implement two HSRP solutions: one offering first-hop redundancy for client CLT1
in VLAN 3, and one offering first-hop redundancy for client CLT2 in VLAN 4.
For both cases, switches DSW1 and DSW2 will be the default gateways for the clients.
Switch DSW1 will be the primary HSRP router on VLAN 3 and the secondary HSRP router
on VLAN 4.
Switch DSW2 will be the primary HSRP router on VLAN 4 and the secondary HSRP router
on VLAN 3.
The primary HSRP on switch DSW1 will track interfaces Po31 and Po32. The loss of
connectivity to these interfaces will decrement the priority of switch DSW1 by 30.
The primary HSRP on switch DSW2 will track interfaces Po31 and Po32. The loss of
connectivity to these interfaces will decrement the priority of switch DSW1 by 30.
Preempt should be configured so that each Layer 3 switch tries to become primary whenever
possible.
In your implementation, proceed in the following order:
Start by implementing HSRP in both VLANs, without preempt, without tracking, and
without priority. Test by shutting down the link to the primary HSRP router, then reenabling the link.
Once this has been tested, implement the preempt feature and test.
Once you have tested this, implement tracking and priority.
Lab Guide
251
Device Information
The table provides information about IP addresses:
Device Name
HSRP
IP Address
VLAN 3
IP Address
VLAN 4
HSRP IP Address
ASW1
No
ASW2
No
DSW1
Yes
10.1.3.3
10.1.4.3
10.1.3.1
DSW2
Yes
10.1.3.2
10.1.4.2
10.1.4.1
CSW1
No
CSW2
No
R1
No
R2
No
Visual Objective
Visual Objective for Lab 6-1: Implement and

Tune HSRP
252
SWITCH v1.049
Command List
Command
Description
configure terminal
Enters global configuration mode from privileged EXEC mode,
Enters interface configuration mode, and enters the Layer 3

interface on which you want to enable HSRP.
standby version {1 | 2}
(Optional) Configures the HSRP version on the interface.
standby [group-number] ip [ipaddress [secondary]]
standby [group-number] priority

priority [preempt [delay delay]]
standby [group-number] track type

number [interface-priority]
show standby [interface-id [group]]
1 Select HSRPv1.
2 Select HSRPv2.
Creates (or enables) the HSRP group using its number and
virtual IP address.
(Optional) group-numberThe group number on the

interface for which HSRP is being enabled. The range is 0
to 255; the default is 0. If there is only one HSRP group,
you do not need to enter a group number.
(Optional on all but one interface) ip-addressThe virtual

IP address of the hot standby router interface. You must
enter the virtual IP address for at least one of the
interfaces; it can be learned on the other interfaces.
(Optional) secondaryThe IP address is a secondary

hot standby router interface. If neither router is designated
as a secondary or standby router and no priorities are set,
the primary IP addresses are compared and the higher IP
address is the active router, with the next highest as the
standby router.
Sets a priority value used in choosing the active router. The

range is 1 to 255; the default priority is 100. The highest number
represents the highest priority.
(Optional) group-numberThe group number to which

the command applies.
(Optional) preemptSelect so that when the local router

has a higher priority than the active router, it assumes
control as the active router.
(Optional) delaySet to cause the local router to

postpone taking over the active role for the shown number
of seconds. The range is 0 to 3600 (1 hour); the default is 0
(no delay before taking over).
Configures an interface to track other interfaces so that if one of

the other interfaces goes down, the device's hot standby priority
is lowered.
(Optional) group-numberThe group number to which

the command applies.
typeEnter the interface type (combined with the

interface number) that is tracked.
numberEnter the interface number (combined with the

interface type) that is tracked.
(Optional) interface-priorityEnter the amount by which

the hot standby priority for the router is decremented or
incremented when the interface goes down or comes back
up. The default value is 10.
Verify the configuration.
Lab Guide
253
Job Aids
254
Value
Location
Task 1
Task 2
Task 3
End of this lab
Key command and tools used form
End of this lab

procedure)
Configuration section at the end of this

lab
Task 1: Create an Implementation Requirements List for HSRP

Configuration
following table, the Visual Objective at the beginning of this lab, and the Implementation
Policy and Device Information sections to create your implementation requirements list. If
you are unsure, use the information provided in the Hints section at the end of this lab.
Device
High-Level Task
Information Source
Lab Guide
255

end of this lab.
Complete
256
Device
Implemen
-tation
Order
Values and Items to

Implement

Expected Results

connect to the remote lab and implement your solution. Do not forget to save.
During your implementation, do not forget to follow the implementation order in the Required
Resources section:
Start by implementing HSRP in both VLANs, without preempt, without tracking, and
without priority. Test by shutting down the link to the primary HSRP router, then re-enabling
the link.
Once you have tested this, implement the preempt feature and test.
Once you have tested this, implement tracking and priority.
Once your solution is implemented, verify that your configuration is working and fulfills the
requirements specified. Use the previous table to document the verifications you conducted to
ensure that your solution is complete. If you are unsure about the verification steps, use the
Lab Guide
257
Student Notes
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
258
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
259

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
260
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
261

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
262
Hints
Lab 6-1 Hint Sheet: Implement and Tune HSRP

This solution provides the final configuration with preempt, priority, and tracking.
Device
DSW1
HSRP
DSW2
HSRP
Device
High-Level Task
Information Source
DSW1
HSRP on VLAN 3 and VLAN 4, primary on

VLAN 3 and secondary on VLAN 4
Visual Objective, Design and

DSW2
HSRP on VLAN 3 and VLAN 4, primary on

VLAN 4 and secondary on VLAN 3

Lab Guide
263

In Task 3, you create an Implementation and Verification Plan. There are several possible correct
then applies the template to all switches. For this lab, the template could contain the following
items:
Complete
Device
DSW1
Values and Items to

Implement
interface vlan 3
ip address 10.1.3.3
255.255.255.0
DSW1
standby 3 ip 10.1.3.1
DSW1
standby 3 priority 120
DSW1
standby 3 preempt
standby 3 track Portchannel31 30
DSW1
DSW1
interface vlan 4
DSW1
ip address 10.1.4.3
255.255.255.0
DSW1
10
DSW1
11
standby 4 preempt
DSW2
12
interface vlan 3
13
ip address 10.1.3.2
255.255.255.0
DSW2
14
DSW2
15
standby 3 preempt
DSW2
16
interface vlan 4
17
ip address 10.1.4.2
255.255.255.0
DSW2
18
DSW2
19
DSW2
20
standby 4 preempt
21
22
DSW1
DSW1
DSW2
DSW2
DSW2
DSW2

Expected Results
show standby
show standby
show standby
show standby
Step 1
Connect to the switch DSW1 switch interface in configuration mode
264
Step 2

Configure HSRP on VLAN 3 on switch DSW1:
DSW1(config)# interface Vlan3

DSW1(config-if)# standby 3 ip 10.1.3.1
DSW1(config-if)# standby 3 priority 120
DSW1(config-if)# standby 3 preempt
DSW1(config-if)# standby 3 track Port-channel31 30
Step 3

Step 4
Step 5

DSW2(config)# ip address 10.1.3.2 255.255.255.0
Step 6

DSW2(config)# ip address 10.1.4.2 255.255.255.0
Step 7
Verify HSRP configuration and priorities, for example on switch DSW1:

DSW1#show standby
Vlan63 - Group 63
State is Active
Virtual IP address is 10.1.63.254
Active virtual MAC address is 0000.0c07.ac3f
Local virtual MAC address is 0000.0c07.ac3f (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.664 secs
Preemption enabled
Active router is local
Standby router is 10.1.63.2, priority 90 (expires in 11.200 sec)
Priority 120 (configured 120)
Track interface Port-channel31 state Up decrement 30
Track interface Port-channel32 state Up decrement 30
Group name is "hsrp-Vl63-63" (default)
Vlan64 - Group 64
State is Standby
Active virtual MAC address is 0000.0c07.ac40
Local virtual MAC address is 0000.0c07.ac40 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.688 secs
Preemption enabled
Active router is 10.1.64.1, priority 120 (expires in 9.232 sec)
Standby router is local
Priority 90 (configured 90)
Group name is "hsrp-Vl64-64" (default)
Lab Guide
265
Lab 6-2: Implementing VRRP

Activity Objective
In the previous labs, you designed and implemented a redundant network for its core layer. As
you analyze the network, you notice that the two routers in your aggregation layer are not in a
redundant mode of operation, which may lead to unexpected problems. To prevent any future
connectivity issue, you decide to implement the Virtual Router Redundancy Protocol (VRRP), a
standardized solution supported by your Cisco equipment, in your network. You have to prepare
an implementation plan, make the needed configuration changes, and test according to a
verification plan. After completing this activity, you will be able to meet these objectives:
Design a VRRP solution
Required Resources
You must configure VRRP in your network. The following lists details preparation and
266
Use the IP addresses shown in the following Device Information section.
Configure switch CSW1 so that its interfaces to routers R1 and R2 are set to access mode in
VLAN 10.
Configure switch CSW2 so that its interfaces to routers R1 and R2 are set to access mode in
VLAN 20.
On switch CSW1, create a switch virtual interface (SVI) for VLAN 10.
On switch CSW2, create an SVI for VLAN 20.
Router R1 interface Fa0/0 will be in VRRP group 1 and Fa0/1 will be in VRRP group 2.
Router R2 interface Fa0/0 will be in VRRP group 2 and Fa0/1 will be in VRRP group 1.
Router R1 will be the master on group 1 and the backup on group 2.
Router R2 will be the master on group 2 and the backup on group 1.
Device Information
The table provides information about IP addresses. All masks are /29:
Device
Name
IP Address
VLAN 10
IP Address
VLAN 20
IP Address
Fa0/0
VRRP IP
Address
Fa0/0
IP Address
Fa0/1
VRRP IP
Address
Fa0/1
ASW1
ASW2
DSW1
DSW2
CSW1
10.1.253.25
CSW2
10.1.253.33
R1
10.1.253.27
10.1.253.30
10.1.253.36
10.1.253.34
R2
10.1.253.35
10.1.253.34
10.1.253.26
10.1.253.30
Visual Objective
Visual Objective for Lab 6-2: Implementing

VRRP
SWITCH v1.050
Lab Guide
267
Command List
Command
Description
configure terminal
interface type number
Enters interface configuration mode.
ip address ip-address mask
Configures an IP address for an interface.
vrrp group ip ip-address [secondary

]
Enables VRRP on an interface.

After you identify a primary IP address, you can use the vrrp ip
command again with the secondary keyword to indicate
additional IP addresses supported by this group.
vrrp group description text
Assigns a text description to the VRRP group.
vrrp group priority level
Sets the priority level of the router within a VRRP group.
vrrp group preempt [delay

minimum seconds]
Configures the router to take over as virtual router master for a

VRRP group if it has a higher priority than the current virtual
router master.
The default delay period is 0 seconds.
vrrp group timers advertise [msec]

interval
Configures the interval between successive advertisements by

the virtual router master in a VRRP group.
vrrp group timers learn
The router that is the IP address owner will preempt,

regardless of the setting of this command.
The unit of the interval is in seconds unless the msec

keyword is specified. The default interval value is 1 second.
Configures the router, when it is acting as virtual router backup

for a VRRP group, to learn the advertisement interval used by
the virtual router master.
Job Aids
268
Value
Location
Task 1
Task 2
Task 3
End of this lab
Key Commands and tools used form
End of this lab

procedure)
Configuration section at the end of this

lab
Task 1: Create an Implementation Requirement List for VRRP

Configuration
Information sections to create your implementation requirement list. If you are unsure, use the
Device
High-Level Task
Information Source
Lab Guide
269

end of this lab.
Complete
270
Device
Implemen
-tation
Order

Results

Lab Guide
271
Student Notes
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
272
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
273

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
274
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
275

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
276
Hints
Lab 6-2 Hint Sheet: Implementing VRRP

Device
CSW1
Access ports
CSW1
SVI
CSW2
Access ports
CSW2
SVI
R1
VRRP
R2
VRRP
Device
High-Level Task
Information Source
CSW1
Access ports

Requirements
CSW1
SVI

Requirements
CSW2
Access ports

Requirements
CSW2
SVI

Requirements
R1
VRRP

Requirements
R2
VRRP

Requirements
Lab Guide
277

In Task 2, you create an Implementation and Verification Plan. There are several possible correct
then applies the template to all switches. For this lab, the template could contain the following
items:
Complete
Device
Implemen
-tation
Order
CSW1
interface range FastEthernet0/11-12
CSW1
switchport
CSW1
CSW1
switchport access vlan10
CSW1
interface Vlan10
ip address 10.1.253.25 255.255.255.248
CSW2
CSW2
switchport
CSW2
CSW2
10
switchport access vlan20
CSW2
11
interface Vlan20
12
ip address 10.1.253.33 255.255.255.248
R1
13
R1
14
ip address 10.1.253.27 255.255.255.248
R1
15
vrrp 1 ip 10.1.253.30
R1
16
vrrp 1 priority 120
show vrrp
R1
17
show interface
fa0/1
R1
18
ip address 10.1.253.36 255.255.255.248
R1
19
vrrp 2 ip 10.1.253.34
show vrrp
23
show interface
fa0/0
R2
24
ip address 10.1.253.35 255.255.255.248
R2
25
vrrp 2 ip 10.1.253.34
R2
26
vrrp 2 priority 120
R2
27
CSW1
CSW2
R2
R2
R2
278
28
29
Verification
Method and
Expected
Results
show vlan
show interface
vlan10
show vlan
show interface
vlan20
show interface
fa0/0
show vrrp
ip address 10.1.253.26 255.255.255.248
show interface
fa0/1
vrrp 1 ip 10.1.253.30
show vrrp
Step 1
Connect to the switch CSW1 switch interface in configuration mode:
Step 2

Configure access ports on switch CSW1:
CSW1(config)# interface range FastEthernet0/11 - 12

CSW1(config-if)# switchport
CSW1(config-if)# switchport mode access
CSW1(config-if)# switchport access vlan 10
Step 3
Configure SVI on switch CSW1:

CSW1(config)# interface Vlan10
CSW1(config-if)# ip address 10.1.253.25 255.255.255.248
Step 4
Repeat Steps from 1 to 3 on switch CSW2.
Step 5
Configure VRRP on Fa0/0 on router R1:

R1(config)# interface FastEthernet0/0
R1(config-if)# vrrp 1 ip 10.1.253.30
R1(config-if)# vrrp 1 priority 120
Step 6
Configure VRRP on Fa0/1 on router R1:

R1(config)# interface FastEthernet0/1
R1(config-if)# vrrp 2 ip 10.1.253.34
Step 7
Repeat Steps 5 and 6 on router R2. Verify VRRP configuration and priorities; for
example, on R2:
R2#show vrrp
FastEthernet0/0 - Group 2
State is Master
Virtual MAC address is 0000.5e00.0102
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 120
Master Router is 10.1.253.35 (local), priority is 120
Master Advertisement interval is 1.000 sec
Master Down interval is 3.414 sec
State is Backup
Preemption enabled
Priority is 100
Master Router is 10.1.253.27, priority is 120
Lab Guide
279
Lab 7-1: Secure Network Switches to Mitigate

Security Attacks
Activity Objective
In a meeting with the IT manager, you discussed the current status of the corporate network and
its future development. You have agreed that you currently have a very good network
infrastructure, but you lack mechanisms to protect your client PCs. You agreed to analyze your
security needs and risks in front of the network. As a first step, you must implement the required
set of port-based security measures. The second important step is to manage the network traffic
with VLAN access lists. After you have taken care of end-user security, you think of how to
protect the operation of your Spanning Tree Protocol (STP). When protected, the STP is a stable
operation, reducing the risks of unwanted topology changes. As you analyzed the corporate
network and its services, you find that one of the major services running is the DHCP service. As
all the end users rely on DHCP to acquire IP addresses and network settings, you decide to secure
the DHCP service operation in your network. You must also guard against possible ARP table
exploits.
280
Perform a baseline assessment of network switch security settings
Identify possible threats, points of attack, and vulnerability points in the network
Write an implementation plan to implement security measures on network switches
Write a plan to test and verify security threat mitigation measures for VLANs
Configure port security and other switch security features
Configure a VLAN access control list (VACL)
Verify the correct implementation of security measures
Document the switch and VLAN security plan, settings, operations, and maintenance
Required Resources
device. Read the information carefully. ( To prepare the routers for this lab, use the alias
command init-7_1-9_1 ).
You must configure security in your network. The following list details the preparation and
Port security should be configured on switches ASW1 and ASW2 ports to client PC ports (to
clients CLT1 and CLT2, respectively). Port security should be configured to limit the
maximum MAC addresses on a port to 1.
Port security on switches ASW1 should allow only CLT1 and ASW2 should dynamically
learn the MAC address. Violation should set the port to error-disable and send a trap.
On both ASW switches, set loopguard to be enabled by default.
Use VACLs on switches DSW1 and DSW2 to ban clients PC1 and PC2 from performing
Telnet sessions to any destination, but permit any other traffic.
Protect the root bridge switches from other switches becoming roots.
Globally protect the access ports on all switches from receiving bridge protocol data units
(BPDUs) by using BPDU guard.
Protect the alternate and root ports from becoming designated.
Protect the DHCP service with DHCP snooping on the ASW switches.
Protect ARP with ARP snooping on switches DSW1 and DSW2.
Lab Guide
281
Visual Objective
Visual Objective for Lab 7-1: Secure Network

Switches to Mitigate Security Attacks
SWITCH v1.051
Command List
Command
Description
configure terminal
access-list access-list-number {deny

| permit} source [source-wildcard]
[log]
Defines a standard IPv4 access list by using a source address

and wildcard.
The access-list-number is a decimal number from 1 to 99 or
1300 to 1999.
Enter deny or permit to specify whether to deny or permit
access if conditions are matched.
The source is the source address of the network or host from
which the packet is being sent specified as:
The 32-bit quantity in dotted-decimal format.
The keyword any as an abbreviation for source and

source-wildcard of 0.0.0.0 255.255.255.255. You do not
need to enter a source-wildcard.
The keyword host as an abbreviation for source and

source-wildcard of source 0.0.0.0.
(Optional) The source-wildcard applies wildcard bits to the

source.
(Optional) Enter log to cause an informational logging message
about the packet that matches the entry to be sent to the
console.
282
Command
Description
access-list access-list-number
Defines an extended IPv4 access list and the access

conditions.
{deny | permit} protocol

source source-wildcard
destination destination-wildcard
[precedence precedence] [tos tos]
[fragments] [log] [log-input] [timerange time-range-name] [dscp dscp]
The access-list-number is a decimal number from 100 to 199 or

2000 to 2699.
Enter deny or permit to specify whether to deny or permit
access if conditions are matched.
For protocol, enter the name or number of an IP protocol: ahp,
eigrp, esp, gre,icmp, igmp, igrp, ip, ipinip, nos, ospf, pcp,
pim, tcp, or udp, or an integer in the range 0 to 255
representing an IP protocol number. To match any Internet
protocol (including ICMP, TCP, and UDP), use the keyword ip.
The source is the number of the network or host from which the
packet is sent.
The source-wildcard applies wildcard bits to the source.
The destination is the network or host number to which the
packet is sent.
The destination-wildcard applies wildcard bits to the destination.
Source, source-wildcard, destination, and destination-wildcard
can be specified as:
The 32-bit quantity in dotted-decimal format.
The keyword any for 0.0.0.0 255.255.255.255 (any host).
The keyword host for a single host 0.0.0.0.
The other keywords are optional and have these meanings:
ip access-list standard name
precedenceEnter to match packets with a precedence

level specified as a number from 0 to 7 or by name: routine
(0), priority (1), immediate (2), flash (3), flash-override
(4), critical (5), internet (6), network (7).
fragmentsEnter to check noninitial fragments.
tosEnter to match by type of service level, specified by a

number from 0 to 15 or a name: normal (0), max-reliability
(2), max-throughput (4), min-delay (8).
logEnter to create an informational logging message to

be sent to the console about the packet that matches the
entry or log-input to include the input interface in the log
entry.
time-rangedefines a time and date during which the

access list is valid
dscpEnter to match packets with the DSCP value

specified by a number from 0 to 63, or use the question
mark (?) to see a list of available values.
Defines a standard IPv4 access list using a name, and enter

access-list configuration mode.
The name can be a number from 1 to 99.
deny {source [source-wildcard] |

host source | any} [log]
or
In access-list configuration mode, specifies one or more

conditions denied or permitted to decide if the packet is
forwarded or dropped.
permit {source [source-wildcard] |

host source | any} [log]
Lab Guide
283
Command
Description
ip access-list extended name
Defines an extended IPv4 access list using a name; enter

access-list configuration mode.
The name can be a number from 100 to 199.
{deny | permit} protocol

source source-wildcard
In access-list configuration mode, specifies the conditions

allowed or denied.
destination destination-wildcard
[precedence precedence] [tos tos]
[fragments] [log] [log-input] [timerange time-range-name]
ip dhcp snooping
Enables DHCP snooping globally.
ip dhcp snooping vlan vlan-range
Enables DHCP snooping on a VLAN or range of VLANs. The

range is 1 to 4094.
ip dhcp snooping trust
(Optional) Configures the interface as trusted or untrusted. You

can use the no keyword to configure an interface to receive
messages from an untrusted client. The default setting is
untrusted.
ip arp inspection vlan vlan-range
Enables dynamic ARP inspection on a per-VLAN basis. By

default, dynamic ARP inspection is disabled on all VLANs.
For vlan-range, specify a single VLAN identified by VLAN ID
number, a range of VLANs separated by a hyphen, or a series
of VLANs separated by a comma. The range is 1 to 4094.
Specify the same VLAN ID for both switches.
ip arp inspection trust
Configures the connection between the switches as trusted.

By default, all interfaces are untrusted.
284
mac access-list extended name
Defines an extended MAC access list using a name.
{deny | permit} {any | host source

MAC address | source MAC address
mask} {any | host destination MAC
address | destination MAC address
mask} [type mask | lsap lsap mask |
aarp | amber | dec-spanning |
decnet-iv | diagnostic | dsm | etype6000 | etype-8042 | lat | lavc-sca |
mop-console | mop-dump | msdos |
mumps | netbios | vines-echo
|vines-ip | xns-idp | 0-65535] [cos
cos]
In extended MAC access-list configuration mode, specify to

permit or deny any source MAC address, a source MAC
address with a mask, or a specific host source MAC address
and any destination MAC address, destination MAC address
with a mask, or a specific destination MAC address.
(Optional) You can also enter these options:
type maskAn arbitrary EtherType number of a packet with

Ethernet II or SNAP encapsulation in decimal, hexadecimal,
or octal with an optional mask of do not care bits applied to
the EtherType before testing for a match.
lsap lsap maskAn LSAP number of a packet with IEEE

802.2 encapsulation in decimal, hexadecimal, or octal with
optional mask of do not care bits.
aarp | amber | dec-spanning | decnet-iv | diagnostic |

dsm | etype-6000 | etype-8042 | lat | lavc-sca | mopconsole | mop-dump | msdos | mumps | netbios | vinesecho |vines-ip | xns-idpA non-IP protocol.
cos cosAn IEEE 802.1Q cost-of-service number from 0

to 7 used to set priority.
show access-lists [number | name]
Shows the access list configuration.
show ip dhcp snooping
Displays the DHCP snooping configuration for a switch.
show ip dhcp snooping binding
Displays only the dynamically configured bindings in the DHCP

snooping binding database; also referred to as a binding table.
Command
Description
show ip dhcp snooping database
Displays the DHCP snooping binding database status and

statistics.
show ip dhcp snooping statistics
Displays the DHCP snooping statistics in summary or detail

form.
show ip arp inspection interfaces
Verifies the dynamic ARP inspection configuration.
show ip arp inspection vlan vlanrange
Verifies the dynamic ARP inspection configuration.
show ip arp inspection statistics

vlan vlan-range
Checks the dynamic ARP inspection statistics.
show port-security
Verifies your entries.
spanning-tree portfast bpduguard

default
Globally enables BPDU guard.
spanning-tree guard root
Enables root guard on the interface.
By default, BPDU guard is disabled.
By default, root guard is disabled on all interfaces.

spanning-tree loopguard default
switchport port-security [violation
{protect | restrict | shutdown |
shutdown vlan}]
Enables loop guard.

By default, loop guard is disabled.
(Optional) Sets the violation mode or the action to be taken
when a security violation is detected, such as one of these:
protectWhen the number of port secure MAC

addresses reaches the maximum limit allowed on the port,
packets with unknown source addresses are dropped until
you remove a sufficient number of secure MAC addresses
to drop below the maximum value or increase the number
of maximum allowable addresses. You are not notified that
a security violation has occurred.
restrictWhen the number of secure MAC addresses

reaches the limit allowed on the port, packets with unknown
source addresses are dropped until you remove a sufficient
number of secure MAC addresses or increase the number
of maximum allowable addresses. An SNMP trap is sent, a
syslog message is logged, and the violation counter
increments.
shutdownThe interface is error disabled when a

violation occurs, and the port LED turns off. An SNMP trap
is sent, a syslog message is logged, and the violation
counter increments.
shutdown vlanUse to set the security violation mode

per VLAN. In this mode, the VLAN is error disabled instead
of the entire port when a violation occurs.
Lab Guide
285
Command
Description
switchport port-security [macaddress mac-address [vlan {vlan-id |

{access | voice}}]
(Optional) Enters a secure MAC address for the interface. You

can use this command to enter the maximum number of secure
MAC addresses. If you configure fewer secure MAC addresses
than the maximum, the remaining MAC addresses are
dynamically learned.
(Optional) vlanset a per-VLAN maximum value.
Enter one of these options after you enter the vlan keyword:
vlan-idOn a trunk port, you can specify the VLAN ID

and the MAC address. If you do not specify a VLAN ID, the
native VLAN is used.
accessOn an access port, specify the VLAN as an

access VLAN.
voiceOn an access port, specify the VLAN as a voice

VLAN.
switchport port-security macaddress sticky
(Optional) Enables sticky learning on the interface.
switchport port-security macaddress sticky [mac-address | vlan

{vlan-id | {access | voice}}]
(Optional) Enters a sticky secure MAC address, repeating the

command as many times as necessary. If you configure fewer
secure MAC addresses than the maximum, the remaining MAC
addresses are dynamically learned, are converted to sticky
secure MAC addresses, and are added to the running
configuration.
(Optional) vlanset a per-VLAN maximum value.
Enter one of these options after you enter the vlan keyword:
vlan-idOn a trunk port, specify the VLAN ID and the

MAC address. If you do not specify a VLAN ID, the native
VLAN is used.
accessOn an access port, specify the VLAN as an

access VLAN.
voiceOn an access port, specify the VLAN as a voice

VLAN.
vlan access-map name [number]
Creates a VLAN map, and gives it a name and (optionally) a

number. The number is the sequence number of the entry
within the map.
action {drop | forward}
(Optional) Sets the action for the map entry. The default is to
forward.
match {ip | mac} address {name |

number} [name | number]
Matches the packet (using either the IP or MAC address)

against one or more standard or extended access lists. Note
that packets are only matched against access lists of the correct
protocol type. IP packets are matched against standard or
extended IP access lists. Non-IP packets are only matched
against named MAC extended access lists.
vlan filter mapname vlan-list list
Applies the VLAN map to one or more VLAN IDs.

The list can be a single VLAN ID (22), a consecutive list (10
22), or a string of VLAN IDs (12, 22, 30). Spaces around the
comma and hyphen are optional.
286
Job Aids
Value
Location
Task 1

form
Task 2
Task 3
End of this lab
End of this lab
Lab Guide
287
Task 1: Create an Implementation Requirements List for Security

Configuration
Information sections to create your implementation requirement list. If you are unsure, use the
Device
288
High-Level Task
Information Source

end of this lab.
Complete
Device
Values and Items to

Implement

Expected Results
Lab Guide
289

290
Student Notes
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
291
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
292

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
293
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
294

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
295
Hints
You are encouraged to complete the labs using your knowledge. If you need help, this section
Lab 7-1 Hint Sheet: Secure Network Switches to Mitigate Security Attacks
296
Device
ASW1
Port security
ASW2
Port security
DSW1
VACL
DSW2
VACL
DSW1
Root guard
DSW2
Root guard
ASW1
Port fast BPDU guard
ASW2
DSW1
DSW2
ASW1
Loop guard
ASW2
Loop guard
DSW1
Loop guard
DSW2
Loop guard
ASW1
DHCP snooping
ASW2
DHCP snooping
DSW1
ARP snooping
DSW2
ARP snooping
Device
High-Level Task
Information Source
ASW1
Port security

Requirements
ASW2
Port security

Requirements
DSW1
VACL

Requirements
DSW2
VACL

Requirements
DSW1
Root guard

Requirements
DSW2
Root guard

Requirements
ASW1

Requirements
ASW2

Requirements
DSW1

Requirements
DSW2

Requirements
ASW1
Loop guard

Requirements
ASW2
Loop guard

Requirements
DSW1
Loop guard

Requirements
DSW2
Loop guard

Requirements
ASW1
DHCP snooping

Requirements
ASW2
DHCP snooping

Requirements
DSW1
ARP snooping

Requirements
DSW2
ARP snooping

Requirements
Lab Guide
297

In this task, you create an Implementation and Verification Plan. There are several possible
template and then applies the template to all switches. For this lab, the template could contain the
following items:
298
Complete
Device
Implementation
Order
ASW1
ASW1
ASW1
switchport port-security
ASW1
switchport port-security violation

shutdown
ASW1
switchport port-security macaddress 0050.5684.3a29
ASW2
ASW2
ASW2
switchport port-security violation

shutdown
ASW2
switchport port-security macaddress sticky
DSW1
10
ip access-list extended NOTEL
DSW1
11
permit tcp any any eq telnet
DSW1
12
vlan access-map TEST 10
DSW1
13
action drop
DSW1
14
match ip address NOTEL
DSW1
15
DSW1
16
action forward
17
vlan filter TEST vlan-list 3-4
DSW2
18
DSW2
19
DSW2
20
DSW2
21
action drop
DSW2
22
DSW2
23
DSW2
24
action forward
25
Verification Method
show mac addresstable interface fa0/3
DSW1
DSW2
show port-security
interface fastEthernet
0/3
show port-security
interface fastEthernet
0/3
show access-list
Attempts to use Telnet

from client CLT1 and
client CT2 to switches
does not work
show access-list
Attempts to use Telnet

from client CLT1 and
client CT2 to switches
does not work
Lab Guide
299
Complete
300
Device
Implementation
Order
DSW1
26
DSW1
27
DSW2
28
DSW2
29
ASW1
30

default
ASW2
31

default
DSW1
32

default
DSW2
33

default
ASW1
34
ASW2
35
DSW1
36
DSW2
37
ASW1
38
ip dhcp snooping
ASW1
39
ip dhcp snooping vlan 1-4094
ASW1
40
ASW1
41
ASW2
42
ip dhcp snooping
ASW2
43
ASW2
44
ASW2
45
DSW1
46
ip arp inspection vlan 1-4094
DSW2
47
DSW1
48
interface range FastEthernet0/6 - 7
DSW1
49
DSW2
50
DSW2
51
Verification Method
show ip dhcp
snooping
show ip dhcp
snooping binding
show ip arp
inspection statistics
vlan 3
show ip arp
inspection statistics
vlan 4
Step 1
Connect to the switch ASW1 switch interface in configuration mode:
Step 2

Configure port security on switch ASW1:
ASW1#sho mac address-table interface FastEthernet 0/3

ASW1(config)#interface FastEthernet0/3
ASW1(config-if)# switchport port-security
ASW1(config-if)# switchport port-security mac-address 0050.5684.3a29
ASW1(config-if)# switchport port-security violation shutdown
Step 3
Configure port security on switch ASW2:

ASW2#sho mac address-table interface FastEthernet 0/3
ASW2(config)#interface FastEthernet0/3
ASW2(config-if)# switchport port-security
ASW2(config-if)# switchport port-security mac-address sticky
ASW2(config-if)# switchport port-security violation shutdown
ASW2(config-if)# end
ASW2# show port-security interface f0/3
Port Security
: Enabled
Port Status
: Secure-up
Violation Mode
: Shutdown
Aging Time
: 0 mins
Aging Type
: Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses
: 1
Total MAC Addresses
: 1
Configured MAC Addresses
: 0
Sticky MAC Addresses
: 1
Last Source Address:Vlan
: 0050.5684.32ac:4
Security Violation Count
: 0
Step 4
Configure VACL on switch DSW1:

DSW1(config)#ip access-list extended NOTEL
DSW1(config-ext-nacl)# permit tcp any any eq telnet
DSW1(config)#vlan access-map TEST 10
DSW1(config-access-map)# action drop
DSW1(config-access-map)#match ip address NOTEL
DSW1(config)#vlan access-map TEST 20
DSW1(config-access-map)# action forward
DSW1(config)#vlan filter TEST vlan-list 3-4
DSW1(config)# end
DSW1# show access-lists
Extended IP access list NOTEL
10 permit tcp any any eq telnet
DSW1#show vlan access-map
Vlan access-map "TEST" 10
Match clauses:
ip address: NOTEL
Action:
drop
Vlan access-map "TEST" 20
Match clauses:
Action:
forward
Lab Guide
301
Step 5
Step 6
Configure STP security on switch ASW1:

ASW1(config)# spanning-tree portfast bpduguard default
ASW1(config)# spanning-tree loopguard default
Step 7
Repeat step 6 on switches ASW2, DSW1, and DSW2.
Step 8
Configure root guard on switch DSW1:

DSW1(config)# interface FastEthernet0/5
DSW1(config-if)# spanning-tree guard root
Step 9
Step 10
Configure DHCP snooping on switch ASW1:

ASW1(config)# ip dhcp snooping
ASW1(config)# ip dhcp snooping vlan 1-4094
ASW1(config)# interface range FastEthernet0/1 - 2
ASW1(config-if)# ip dhcp snooping trust
ASW1#show ip dhcp snooping
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:
1-4094
DHCP snooping is operational on following VLANs:
1,4,11-12,63-66
DHCP snooping is configured on the following L3 Interfaces:
Insertion of option 82 is enabled
circuit-id format: vlan-mod-port
remote-id format: MAC
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Verification of giaddr field is enabled
DHCP snooping trust/rate is configured on the following Interfaces:
Interface
-----------------------FastEthernet0/1
FastEthernet0/2
Trusted
------yes
yes
Rate limit (pps)

---------------unlimited
unlimited
Step 11
Repeat Step 10 on switch ASW2.
Step 12
Configure ARP inspection on switch DSW1:

DSW1(config)# ip arp inspection vlan 1-4094
DSW1(config)# interface range FastEthernet0/5 - 7
DSW1(config-if)# ip arp inspection trust
DSW1#sho ip arp inspection
Source Mac Validation
: Disabled
Destination Mac Validation : Disabled
IP Address Validation
: Disabled
302
Vlan
---1
2
3
4
5
6
7
8
9
10
11
12
Configuration
------------Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Vlan
Configuration
---------------/ (long output ommited)
Vlan
Dest MAC Failures
-------------------4088
0
4089
0
4090
0
4091
0
4092
0
4093
0
4094
0
Step 13
Operation
--------Active
Inactive
Active
Active
Inactive
Inactive
Inactive
Inactive
Inactive
Inactive
Active
Active
ACL Match
---------
Static ACL
----------
Operation
---------
ACL Match
---------
Static ACL
----------
IP Validation Failures
---------------------0
0
0
0
0
0
0
Invalid Protocol Data

--------------------0
0
0
0
0
0
0
Lab Guide
303
Lab 8-1: Plan Implementation and Verification of

VoIP in a Campus Network
Activity Objective
You receive information from the IT manager that a VoIP solution is expected to be implemented
in the near future. Your task is to make the needed changes and prepare the network for the future
project in such a way that it will work without interruption. An email from the voice consultant
informs you that the voice part of the implementation will be externalized. A list of the planned
voice equipment is attached to the voice consultant email. Your assignment is to prepare the
wired infrastructure for this addition. You will have to design the voice VLANs, Cisco AutoQoS,
DHCP, and high availability features to prepare the network. Your first task is to analyze the
information and create a plan for the needed steps to prepare the network for the implementation
of the voice solution.
304
Gather information regarding the implementation of VoIP
Prepare an implementation requirements list for VoIP readiness
Prepare an implementation and verification plan
Implement and verify the VoIP readiness plan
Required Resources
You must integrate voice in your network. The following lists details preparation and
IP phones will be connected to switches ASW1 and ASW2. Refer to the Device
Information table and configure each port accordingly.
For every switch port that connects an IP phone, you must allow a voice VLAN (VLAN 63
on switch ASW1 and VLAN 64 on switch ASW2) and a data VLAN (VLAN 3 on switch
ASW1 and VLAN 4 on switch ASW2).
Cisco Unified Communications Manager Express units will be connected to switches DSW1
and DSW2 as per the Device Information section information.
The Cisco Unified Communications Manager Express unit on switch DSW1 must be in voice
VLAN 63, and the Cisco Unified Communications Manager Express unit on switch DSW2
must be in voice VLAN 64.
HSRP should be configured on switches DSW1 and DSW2 for voice VLAN (VLAN 63 and
VLAN 64). Switch DSW1 should be the primary gateway with a priority of 120. Both
switches DSW1 and DSW2 should preempt. Both switches DSW1 and DSW2 should track
their links to switches CSW1 and CSW2. Loss of connectivity to either core switch should
decrease the priority by 30.
Switches DSW1 and DSW2 should be DHCP servers for voice VLAN (VLAN 63 and
VLAN 64). For each voice VLAN, switch DSW1 will distribute addresses .50 to .99, and
switch DSW2 will distribute addresses .100 to .149.
You should configure option 150 in each DHCP scope and point VLAN 63 DHCP clients to
the Cisco Unified Communications Manager Express unit 1 IP address, and VLAN 64 DHCP
clients to Cisco Unified Communications Manager Express unit 2 IP address. Make sure that
both Cisco Unified Communications Manager Express unit IP addresses are excluded from
the DHCP scopes.
Verify that routing is properly configured to allow communication between these various
VLANs.
You should configure Cisco AutoQoS on access ports to IP phones, trunk ports between
switches, and access ports to Cisco Unified Communications Manager Express units.
Class of service (CoS) values sent by IP phones and PCs connected to them should be trusted.
Power adapters were ordered along with the phones. Some Power over Ethernet (PoE)
switches will be added to your network at a later date. Use the Task 2 section to make sure
that you know how to plan and configure PoE to support IP phones where needed.
Lab Guide
305
Device Information
The table provides information about device locations:
Device
Role
IP Address
Network Location
IP phone 1
IP phone
DHCP assigned
ASW1 P4
IP phone 2
IP phone
DHCP assigned
ASW1 P5
IP phone 3
IP phone
DHCP assigned
ASW2 P4
IP phone 4
IP phone
DHCP assigned
ASW2 P5
Cisco Unified
Communications
Manager
Express unit 1
Cisco Unified
Communications
Manager Express
10.1.63.11/24
DSW1 P6
Cisco Unified
Communications
Manager
Express unit 2
Cisco Unified
Communications
Manager Express
10.1.64.12/24
DSW2 P6
Network Diagram
Visual Objective for Lab 8-1: Plan

Implementation of VoIP in a Campus Network
306
SWITCH v1.052
Command List
Command
Description
mls qos
Enables QoS on the switch
auto qos voip cisco-phone
Enables AutoQoS on the port, and specifies that the port is

connected to a Cisco IP phone.
The QoS labels of incoming packets are trusted only when the
Cisco IP phone is detected.
auto qos voip trust
Enables AutoQoS on the port, and specifies that the port is

connected to a trusted router or switch.
cdp enable
Enables Cisco Discovery Protocol globally. By default, it is

enabled.
mls qos trust cos
Configures the interface to classify incoming traffic packets by

using the packet CoS value. For untagged packets, the port
default CoS value is used.


ip helper-address address
Enables forwarding and specifies the destination address for

forwarding UDP broadcast packets, including BOOTP.
ip dhcp pool pool-name
Creates a name for the DHCP server address pool and enters
DHCP pool configuration mode.
network ip-address [mask | /prefixlength]
Specifies the IP address of the DHCP address pool to be

configured.
option 150 ip ip-address
Specifies the TFTP server address from which the

Cisco Unified IP phone downloads the image configuration file.
This is the address of your

Cisco Unified Communications Manager Express router.
default-router ip-address
(Optional) Specifies the router that the IP phones will use to

send or receive IP traffic that is external to their local subnet.
lease {days [hours] [minutes]|

infinite}
(Optional) Specifies the duration of the lease.
The default is a one-day lease.

The infinite keyword specifies that the duration of the
lease is unlimited.
Lab Guide
307
Command
Description
switchport voice vlan {vlan-id |

dot1p | none | untagged}}
Configures how the Cisco IP Phone carries voice traffic:
switchport priority extend

{cos value | trust}
show interfaces interface-id

switchport
vlan-idConfigure the phone to forward all voice traffic

through the specified VLAN. By default, the Cisco IP phone
forwards the voice traffic with an IEEE 802.1Q priority of 5.
Valid VLAN IDs are 1 to 4094.
dot1pConfigure the phone to use IEEE 802.1p priority

tagging for voice traffic and to use the default native VLAN
(VLAN 0) to carry all traffic. By default, the Cisco IP phone
forwards the voice traffic with an IEEE 802.1p priority of 5.
noneAllow the phone to use its own configuration to

send untagged voice traffic.
untaggedConfigure the phone to send untagged voice

traffic.
Sets the priority of data traffic received from the Cisco IP phone
access port:
cos valueConfigure the phone to override the priority

received from the PC or the attached device with the
specified CoS value. The value is a number from 0 to 7,
with 7 as the highest priority. The default priority is cos 0.
trustConfigure the phone access port to trust the

priority received from the PC or the attached device.
Verify your entries.
Job Aids
308
Value
Location
Task 1
Task 2
Task 3
End of this lab
End of this lab

procedure)
Task 1: Create an Implementation Requirements List for VoIP

Integration in the Campus
Device
High-Level Task
Information Source
Lab Guide
309

end of this lab.
Complete
310
Device
Values and Items to

Implement

Expected Results
Complete
Device
Values and Items to

Implement

Expected Results
Lab Guide
311
PoE configuration: PoE switches will be added later to your network. Answer the following
questions:
1. How will the phones be powered?
_______________________________________________________________________
_______________________________________________________________________
2.
Are all PoE switches the same?

_______________________________________________________________________
_______________________________________________________________________
3.
Are all PoE devices equal (requiring the same power from the PoE switch)?
_______________________________________________________________________
_______________________________________________________________________
4. Are other PoE devices likely to be installed in the network?

_______________________________________________________________________
_______________________________________________________________________
5. Document the steps and commands required to configure PoE on switch ports to IP phones:
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
312

Lab Guide
313
Student Notes
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
314
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
315

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
316
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
317

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
318
Hints
Lab 8-1 Hint Sheet: Plan Implementation and Verification of VoIP in a Campus
Network
Device
ASW1
IP Phone 1
ASW1
IP Phone 2
ASW2
IP Phone 3
ASW2
IP Phone 4
DSW1
Cisco Unified Communications Manager

Express unit 1
DSW1
HSRP
DSW1
DHCP
DSW2
HSRP
DSW2
Cisco Unified Communications Manager

Express unit 2
DSW2
DHCP
All switches
Cisco AutoQoS
Lab Guide
319
Device
320
High-Level Task
Information Source
ASW1
IP Phone 1

Requirements
ASW1
IP Phone 2

Requirements
ASW2
IP Phone 3

Requirements
ASW2
IP Phone 4

Requirements
DSW1
Cisco Unified Communications

Manager Express unit 1

Requirements
DSW2
Cisco Unified Communications

Manager Express unit 2

Requirements
DSW1
HSRP

Requirements
DSW2
HSRP

Requirements
DSW1
DHCP

Requirements
DSW2
DHCP

Requirements
All
switches
Cisco AutoQoS

Requirements

following items:
Complete
Device
Implementation
Order
ASM1
mls qos
ASW1
ASW1
ASW1
ASW1
switchport voice vlan 63
ASW1
switchport priority extend trust
ASW1
Verification Method
mls qos trust cos
ASW1
mls qos trust device cisco-phone
sh interface Fa0/4
ASW1
sh mls qos int f 0/4
ASW2
mls qos
ASW2
10
ASW2
11
ASW2
12
ASW2
13
ASW2
14
ASW2
15
mls qos trust cos
ASW2
16
sh interface Fa0/4
ASW2
17
sh mls qos int f 0/4
DSW1
18
mls qos
DSW1
19
interface Fastethernet 0/8
DSW1
20
Lab Guide
321
Complete
322
Device
Implementation
Order
DSW1
21
DSW2
22
mls qos
DSW2
23
interface Fastethernet 0/8
DSW2
24
DSW2
25
DSW1
26
ip dhcp excluded-address 10.1.63.1

10.1.63.49
DSW1
27
10.1.63.100 10.1.63.255
DSW1
28

10.1.64.49
DSW1
29
10.1.64.100 10.1.64.255
DSW1
30
DSW1
31
network 10.1.63.0 255.255.255.0
DSW1
32
DSW1
33
option 150 ip 10.1.63.11 10.1.64.12
DSW1
34
lease 8
DSW1
35
DSW1
36
network 10.1.64.0 255.255.255.0
DSW1
37
DSW1
38
option 150 ip 10.1.63.11 10.1.64.12
DSW1
39
lease 8
DSW2
40

10.1.63.99
DSW2
41
10.1.63.150 10.1.63.255
DSW2
42

10.1.64.99
DSW2
43
10.1.64.150 10.1.64.255
DSW2
44
Verification Method
ip dhcp pool vlan63
show ip dhcp pool
ip dhcp pool vlan64
show ip dhcp pool
ip dhcp pool vlan63
Complete
Device
Implementation
Order
DSW2
45
network 10.1.63.0 255.255.255.0
DSW2
46
DSW2
47
option 150 ip 10.1.63.11 10.1.63.12
DSW2
48
lease 8
DSW2
49
DSW2
50
network 10.1.64.0 255.255.255.0
DSW2
51
DSW2
52
option 150 ip 10.1.63.11 10.1.64.12
DSW2
53
lease 8
DSW1
54
interface Vlan 63
55
ip address 10.1.63.3 255.255.255.0
DSW1
56
standby 63 ip 10.1.63.1
DSW1
57
DSW1
58
standby 63 preempt
DSW1
59
standby 63 track Port-channel31 30
DSW1
60
DSW1
61
interface Vlan 64
62
ip address 10.1.64.3 255.255.255.0
DSW1
63
standby 64 ip 10.1.64.1
DSW1
64
DSW1
65
standby 64 preempt
DSW1
66
DSW1
67
DSW1
DSW1
Verification Method
show ip dhcp pool
ip dhcp pool vlan64
show ip dhcp pool
sh interface Vlan 63 /
sh stanby
sh interfave vlan 64 /
Lab Guide
323
Complete
Device
Implementation
Order
Verification Method
68
interface Vlan 63
sh interface Vlan 63 /
DSW2
69
ip address 10.1.63.2 255.255.255.0
DSW2
70
standby 63 ip 10.1.63.1
DSW2
71
DSW2
72
DSW2
73
standby 63 preempt
DSW2
73
75
interface Vlan 64
DSW2
76
ip address 10.1.64.2 255.255.255.0
DSW2
77
standby 64 ip 10.1.64.1
DSW2
78
DSW2
79
DSW2
80
DSW2
81
ASW1
82
ASW1
83
ASW2
84
ASW2
85
DSW1
86
DSW1
87
no channel-group 31 mode passive
DSW1
88
auto qos voip trust
DSW1
89
DSW2
DSW2
324
standby 64 preempt
sh stanby
sh interface vlan 64 /
Sh standby

auto qos voip trust
auto qos voip trust
Complete
Device
Implementation
Order
Verification Method
Not for all PortChannel

documented, use the
same procedure on all
other.
DSW2
90
DSW2
91
no channel-group 32 mode passive
DSW2
92
auto qos voip trust
DSW2
93

documented, use the
other.
mls qos
CSW1
94
CSW1
95
CSW1
96
no channel-group 31 mode active
CSW1
97
auto qos voip trust
CSW1
98

documented, use the
other.
mls qos
CSW2
99
CSW2
100
CSW2
101
no channel-group 32 mode active
CSW2
102
auto qos voip trust
CSW2
103

documented, use the
other.
Lab Guide
325
PoE configuration:
1. How will the phones be powered?
With AC power cords at first; PoE will be needed later.
2. Are all PoE switches the same?
No. Some provide standard PoE, some high power, some only have power for a number
of ports, and so on; negotiation can take place or not; and there are many differences
between models.
3. Are all PoE devices equal (requiring the same power from the PoE switch)?
No. Some use less power, some use more, some can negotiate.
4. Are other PoE devices likely to be installed in the network?
Very likely. Many devices use PoE, although the list is not clearly stated in this lab.
IP phones use standard PoE. To enable this feature, for example, on interface f0/1, use the
command sequence ( on the PODs not possible due to the lack of a PoE switch ):
Switch(config)# interface FastEthernet0/1
Switch(config-if)# power inline auto
326
Step 1
Connect to the switch ASW1 switch interface in configuration mode:

Configure IP phone ports on switch ASW1:
Step 2

ASW1(config-if)# switchport mode access
ASW1(config-if)# switchport access vlan 3
ASW1(config-if)# switchport voice vlan 63
ASW1(config-if)# switchport priority extend trust
ASW1(config-if)# mls qos trust device cisco-phone
ASW1(config-if)# mls qos trust cos
ASW1(config-if)# auto qos voip cisco-phone
Step 3
Configure Cisco Unified Communications Manager Express unit interface on switch
Step 4
DSW1:
DSW1(config-if)# switchport mode access
DSW1(config-if)# switchport access vlan 63
DSW1(config-if)# no shut
Step 5
Step 6
Configure the DHCP pool for voice VLAN 63 and VLAN 64 on switch DSW1:
DSW1(dhcp-config)# option 150 ip 10.1.63.11 10.1.64.12
DSW1(dhcp-config)# lease 8
DSW1(dhcp-config)# option 150 ip 10.1.63.11 10.1.64.12
DSW1(dhcp-config)# lease 8
Step 7
Repeat Step 6 on switch DSW2 with parameters specific to switch DSW2.
Lab Guide
327
Step 8
Configure interface VLAN 63 and VLAN 64 on switch DSW1:

DSW1(config)# interface Vlan 63
DSW1(config)# interface Vlan 64
Step 9
Repeat Step 8 on switch DSW2 with parameters specific to switch DSW2.
Step 10
Configure QoS at the interface level on switch ASW1:

ASW1(config)# interface range FastEthernet0/1-2
ASW1(config-if)# auto qos voip trust
ASW1#sh mls qos
QoS is enabled
QoS ip packet dscp rewrite is enabled
ASW1#sh mls qos int f0/1
FastEthernet0/1
trust state: trust cos
trust mode: trust cos
trust enabled flag: ena
COS override: dis
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
Trust device: none
qos mode: port-based
!
srr-queue bandwidth share 10 10 60 20
priority-queue out
mls qos trust cos
auto qos voip trust
end
Step 11
328
Repeat Step 10 on switch ASW2.
Step 12
Configure trunk interfaces and Port-Channels for QoS on switch DSW1 ( Attention:
Must be configured before assigning an interface to Port-Cannel, otherwise an error will occur ),
here as an example for two interfaces belonging to a Port-Channel and four trunk ports::
DSW1(config)# interface range FastEthernet0/5-8
DSW1(config-if)# auto qos voip trust
DSW1(config-if)# interface range FastEthernet0/1-2
DSW1(config-if)# no channel-group 31 mode passive
DSW1(config-if)# auto qos voip trust
DSW1(config-if)# channel-group 31 mode passive
DSW1#sh mls qos
QoS is enabled
QoS ip packet dscp rewrite is enabled
DSW1#sh mls qos int f0/7
FastEthernet0/7
trust state: trust cos
trust mode: trust cos
trust enabled flag: ena
COS override: dis
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
Trust device: none
qos mode: port-based
DSW1#sh auto qos
FastEthernet0/1
auto qos voip trust
FastEthernet0/2
auto qos voip trust
FastEthernet0/3
auto qos voip trust
FastEthernet0/4
auto qos voip trust
FastEthernet0/5
auto qos voip trust
FastEthernet0/6
auto qos voip trust
FastEthernet0/7
auto qos voip trust
FastEthernet0/8
auto qos voip trust
Step 13
Step 14

Configure trunk interfaces for QoS on switch CSW1 ( Attention: Must be configured
before assigning an interface to Port-Cannel, otherwise an error will occur ), here as an example
for 2 interfaces belonging to a Port-Channel:
CSW1(config)# mls qos
CSW1(config)#interface range FastEthernet0/1-2
CSW1(config)#no channel-group 2 mode on
CSW1(config-if)# auto qos voip trust
CSW1(config)#channel-group 2 mode on
Step 15
Repeat Step 14 on switch CSW2.
Lab Guide
329
Lab 9-1: Integrating Wireless in the Campus

Activity Objective
During a daily morning meeting, your IT manager informed you that, after voice, wireless
capabilities should be added to the existing network. You must prepare the switched network for
a wireless integration that will take place next month. An email from the wireless consultant
informs you that the wireless part of the implementation will be externalized. A list of the
planned wireless equipment is attached to the wireless consultants email. Your assignment is to
prepare the wired infrastructure for this wireless addition. Your first task is to analyze the
information and make a plan for the needed steps to prepare the network for the implementation
of the wireless solution.
330
Identify the requirements for implementing wireless structure in a network
Prepare an implementation plan for wireless integration
Prepare the switched network for integration of wireless equipment
Verify that the switched network was properly provisioned
Required Resources
You must integrate wireless in your network. The following lists details preparation and
Several standard Cisco 1240 series access points will be connected to switches ASW1 and
ASW2. Refer to the Device Information section and configure each port accordingly.
WCS and WLC will be connected to switches DSW1 and DSW2 per the Device
Information section.
For the autonomous AP on switch ASW1, allow the voice VLAN (VLAN 63) and data
VLAN (VLAN 3). For the autonomous AP on switch ASW2, you must allow the voice
VLAN (VLAN 64) and data VLAN (VLAN 4).
One Hybrid Remote Edge Access Point (HREAP) must be connected to each access switch.
HREAP are specific types of controller-based access points. HREAP on switch ASW1 must
service the voice VLAN (VLAN 63) and data VLAN (VLAN 3). HREAP on switch ASW2
must service the voice VLAN (VLAN 64) and data VLAN (VLAN 4). The configuration of
the switch port to the HREAP AP is similar to the configuration of a port to an autonomous
AP.
The Lightweight AP (LAP) on switch ASW1 must be in the AP VLAN (VLAN 11). The
Lightweight AP (LAP) on switch ASW2 must be in the AP VLAN (VLAN 12). Ports to
these APs should be in the forward state as soon as the AP is switched on.
The Cisco Wireless Control System on switch DSW1 must be in VLAN 3. The Cisco
Wireless Control System on switch DSW2 must be in VLAN 4.
The Cisco 2106 WLC will be connected with one port in a trunk mode, with all VLANs
(wired and wireless) allowed on the trunk. Ports to the Cisco 2106 WLCs should be in the
forward state as soon as the controller is switched on, even if the port is a trunk.
On ports to the LAPs and on ports to the Cisco WLCs, apply the appropriate QoS policy.
In the future, 1250 IEEE 802.11n access points will be added to your network. These access
points need enhanced PoE. Use Task 2 to make sure that you know how to configure IEEE
802.3at to support these access points where needed. The first series of access points to be
installed will use AC power adapters.
Lab Guide
331
Device Information
The table provides information about device locations:
Device
Role
Network Location
AP1
Autonomous AP
ASW1 P4
AP2
HREAP
ASW1 P5
AP3
Lightweight AP
ASW1 P6
AP4
Autonomous AP
ASW2 P4
AP5
HREAP
ASW2 P5
AP6
Lightweight AP
ASW2 P6
WLC1
Cisco 2106 Wireless LAN

Controller
DSW1 P7
WCS1
Cisco Wireless Control System
DSW1 P6
WLC2
Cisco 2106 Wireless LAN

Controller
DSW2 P7
WCS2
Cisco Wireless Control System
DSW2 P6
Visual Objective
Visual Objective for Lab 9-1: Integrating

Wireless in the Campus
332
SWITCH v1.053
Command List
Command
Description


name vlan-name
Specifies a name for a VLAN for either VLAN database or

VLAN configuration mode.

switchport
show vlan

vlan-id

trunking.

Puts the interface into permanent trunking mode and negotiates

to convert the link into a trunk link.

all | none | add | remoce | except
vlan-list

dot1q
vlan vlan-id
Enters a VLAN ID, and enter config-vlan mode. Enter a new

VLAN ID to create a VLAN, or enter an existing VLAN ID to
modify that VLAN.
Lab Guide
333
Job Aids
334
Value
Location
Task 1

form
Task 2
Task 3
End of this lab
End of this lab

Wireless Integration in the Campus
Device
High-Level Task
Information Source
Lab Guide
335

end of this lab.
Complete
336
Device
Implementation
Order

Expected Results
Complete
Device
Implementation
Order

Expected Results
Lab Guide
337
Enhanced PoE configuration: Later on, Cisco Aironet Series 1250 Access Points and enhanced
PoE (802.3at) switches will be added to your network.
Answer the following questions:
1. How will the first APs be powered?
__________________________________________________________________________
__________________________________________________________________________
2. Can you use the same PoE switch for both the first APs and the future Cisco Aironet 1250
Series APs?
__________________________________________________________________________
__________________________________________________________________________
3. Can the Cisco Aironet 1250 Series APs be powered from a standard 802.3af switch or do
they need a special switch?
__________________________________________________________________________
__________________________________________________________________________
4. Document the steps required to configure PoE on switch ports to these access points:
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
338

Lab Guide
339
Student Notes
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
340
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
341

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
342
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Lab Guide
343

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
344
Hints
Lab 9-1 Hint Sheet: Integrating Wireless in the Campus

Device
ASW1
AP1
ASW1
AP2
ASW1
AP3
ASW2
AP4
ASW2
AP5
ASW2
AP6
DSW1
WLC1
DSW1
WCS1
DSW2
WLC2
DSW2
WCS2
Device
High-Level Task
Information Source
ASW1
AP2

ASW1
AP3

ASW2
AP4

ASW2
AP5

ASW2
AP6

DSW1
WLC1

DSW1
WCS1

DSW2
WLC2

DSW2
WCS2

Lab Guide
345

following items:
Complete
Device
Implementation
Order
ASW1
ASW1
switchport trunk allowed vlan 3,63
sh interface
Fa0/4 trunk
mls qos trust cos
show mls qos
ASW1
ASW1
ASW1
ASW1
ASW1
mls qos trust dscp
ASW1
ASW1
ASW1
10
ASW1
11
spanning-tree portfast
ASW1
12
mls qos trust dscp
ASW2
13
ASW2
14
15
ASW2
16
mls qos trust cos
ASW2
17
ASW2
18
19
ASW2
20
mls qos trust dscp
ASW2
21
ASW2
22
ASW2
23
ASW2
24
ASW2
25
mls qos trust dscp
ASW2
26
interface f0/1
ASW2
27
ASW1
ASW2
ASW2
346
Verification
Method and
Expected
Results
sh interface
Fa0/5 trunk
show vlan
sh interface
Fa0/4 trunk
sh interface
Fa0/5 trunk
show vlan
Complete
Device
Implementation
Order
DSW1
28
DSW1
29
DSW1
30
31
switchport trunk allowed vlan 3,11,63
DSW1
32
DSW1
33
mls qos trust cos
DSW1
34
interface GigabitEthernet0/1
DSW1
35
DSW1
36
DSW2
37
DSW2
38
DSW2
39
40
DSW2
41
DSW2
42
mls qos trust cos
DSW2
43
DSW2
44
DSW2
45
DSW1
DSW2
Verification
Method and
Expected
Results
sh interface
Fa0/8 trunk
show vlan
sh interface
Fa0/8 trunk
show vlan
Enhanced PoE configuration:

1. How will the first APs be powered?
Using AC power adapters, as per the Required Resources section, so no PoE is
required yet.
2. Can you use the same PoE switch for both the first APs and the future Cisco Aironet 1250
Series APs?
Yes, if the switch:
- Provides enhanced power
- Has enough power resources available
Lab Guide
347
3. Can the Cisco Aironet 1250Series APs be powered from a standard 802.3af switch or do they
need a special switch?
The standard switch provides 15 W max, as per the 802.3af specification, which is not
enough for the Cisco Aironet 1250 Series AP, but is enough for most other APs. The
Cisco Aironet 1250 Series AP needs a switch that provides enhanced power.
Enhanced PoE is configured at the port level. For the Cisco Aironet 1250 Series AP, you need to
allow 20 W. This is done, for example, on interface g0/1 (Cisco Aironet 1250 Series APs require
gigabit interfaces). Again, the PODs do not have a PoE-Switch with that capability:
Switch(config)# interface gigabitEthernet0/1
Switch(config-if)# power inline port maximum 20000
Step 1
Connect to the ASW1 switch interface in configuration mode:
Step 2

Configure the AP on switch ASW1:

ASW1(config-if)# switchport mode trunk
ASW1(config-if)# switchport trunk allowed vlan 4,63
ASW1(config-if)# interface f0/4
ASW1(config-if)# mls qos trust cos
ASW1(config-if)# interface f0/5
ASW1(config-if)# mls qos trust dscp
ASW1(config-if)# interface FastEthernet0/6
ASW1(config-if)# switchport mode access
ASW1(config-if)# switchport access vlan 11
ASW1(config-if)# spanning-tree portfast
ASW1(config-if)# mls qos trust dscp
Step 3
Step 4
Configure WLC1 on switch DSW1:

DSW1(config)# mls qos
DSW1(config-if)# switchport mode trunk
DSW1(config-if)# switchport trunk allowed vlan 4,11,63
DSW1(config-if)# spanning-tree portfast trunk
DSW1(config-if)# mls qos trust cos
Step 5
Configure WCS1 on switch DSW1:

DSW1(config)# interface GigabitEthernet0/1
DSW1(config-if)# switchport mode access
DSW1(config-if)# switchport access vlan 3
Step 6
348
Repeat Steps 4 and 5 on switch DSW2.
Ending Configurations
Your configuration should be similar to the following example.
On switch ASW1:
ASW1#show running-config
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime
no service password-encryption
!
hostname ASW1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$mTdi$ALXy4V.TkqEcTuB6TNYZm0
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
no ip domain-lookup
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
description Link to DSW1
!
!
description Link to CTL1
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
Lab Guide
349
!
interface Vlan1
ip address 10.1.1.1 255.255.255.0
no ip route-cache
!
ip http server
no ip http secure-server
!
control-plane
!
alias exec init-2-1 configure replace flash:/switch/lab_2_1.cfg force
alias exec init-3-3-A configure replace flash:/switch/lab_3_3_A.cfg force
alias exec init-3-3-B configure replace flash:/switch/lab_3_3_B.cfg force
alias exec init-4-2-A configure replace flash:/switch/lab_4_2_A.cfg force
alias exec init-4-2-B configure replace flash:/switch/lab_4_2_B.cfg force
alias exec init-4-2-C configure replace flash:/switch/lab_4_2_C.cfg force
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
password cisco
logging synchronous
login
line vty 5 15
password cisco
logging synchronous
login
!
end
The switch automatically generated some of these configuration lines; others were pasted by your
instructor before the beginning of the class. All the items that you configured should be there.
Other Switches:
Repeat the same process on the other switches, changing the values that are different on each
switch.
350
Lab 2-1 Design and Implement VLANs, Trunks, and

EtherChannel
Your configuration should be similar to the following. Only the configuration sections relevant to
this lab are displayed.
On switch ASW1:
ASW1#sh run
!
description Trunk to DSW1
!
shutdown
!
description Port to CLT1
!
description Port to FTP1
!
description Port to WEB1
!On switch ASW2:

ASW2#sh run
!
!
shutdown
!
description Port to CTL2
!
description Port to FTP2
!
description Port to WEB2
Lab Guide
351
On switch DSW1:
DSW1#sh run
!
description PortChannel trunk to CSW1
!
shutdown
!
description Link to CSW1
!
!
shutdown
!
shutdown
!
shutdown
!
description Trunk to ASW1
!
352
shutdown
!
description Port to FILE1
!
description Port to NR1
!
!
On switch DSW2:
DSW2#sh run
!
shutdown
!
description PortChannel Trunk to CSW2
!
!
!
shutdown
!
shutdown
!
Lab Guide
353
shutdown
!
shutdown
!
shutdown
!
description Port to FILE2
!
description Port to NR2
On switch CSW1:
CSW1#sh run
!
description PortChannel trunk to DSW1
!
shutdown
!
!
!
!
shutdown
354

!
shutdown
On switch CSW2:
CSW2#sh run
!
shutdown
!
!
!
!
!
shutdown
!
shutdown
Lab Guide
355
Lab 2-3 Implement Private VLANs

Your configuration should be similar to the following. Only the configuration sections relevant to
this lab are displayed.
Router R1:
interface f0/0.51
ip address 10.1.51.1 255.255.255.0
Router R2:
interface f0/1.51
ip address 10.1.51.2 255.255.255.0
no shutdown
Switch CSW1:
vlan 51,501
!
vlan 501
private-vlan association 51
vlan 51
name TestIsolated
!
interface f0/11
!
interface f0/12
no shutdown
356

Ending configurations for Task 1:
On switch DSW1:
!
!
On switch CSW1:
!
!
On switch DSW2:
shutdown
!
description PortChannel Trunk to CSW2
!
Lab Guide
357
On switch CSW2:
shutdown
!
!
Ending Configurations for MST

MSTP on switch DSW1:
!
name region1
revision 1
instance 1 vlan 1, 3, 11, 63, 65
instance 2 vlan 4, 12, 64, 66
!
spanning-tree mst 0-1 priority 24576
spanning-tree mst 2 priority 28672
!
DSW1#sho spanning-tree
MST0
Spanning tree enabled protocol mstp
Root ID
Priority
24576
Address
001f.2721.8680
This bridge is the root
Hello Time
2 sec Max Age 20 sec
Bridge ID
Priority
Address
Hello Time
Interface
------------------Fa0/5
Fa0/6
Fa0/7
Po31
Po32
Role
---Desg
Desg
Desg
Desg
Desg
24576 (priority 24576 sys-id-ext 0)

001f.2721.8680
2 sec Max Age 20 sec Forward Delay 15 sec
Sts
--FWD
FWD
FWD
FWD
FWD
Cost
--------200000
200000
200000
100000
100000
Prio.Nbr
-------128.7
128.8
128.9
128.296
128.304
MST1
Root ID
Priority
24577
Address
001f.2721.8680
Hello Time
Bridge ID
358
Priority
Address
Hello Time
Forward Delay 15 sec
Type
---------------------P2p
P2p
P2p
P2p
P2p

001f.2721.8680
Interface
------------------Fa0/5
Fa0/6
Fa0/7
Po31
Po32
Role
---Desg
Desg
Desg
Desg
Desg
Sts
--FWD
FWD
FWD
FWD
FWD
Cost
--------200000
200000
200000
100000
100000
Prio.Nbr
-------128.7
128.8
128.9
128.296
128.304
MST2
Root ID
Priority
24578
Address
001f.2721.8600
Cost
200000
Port
7 (FastEthernet0/5)
Hello Time
Bridge ID
Priority
Address
Hello Time
Interface
------------------Fa0/5
Fa0/6
Fa0/7
Po31
Po32
Role
---Root
Desg
Desg
Desg
Altn
Type
-----------------------P2p
P2p
P2p
P2p
P2p

001f.2721.8680
Sts
--FWD
FWD
FWD
FWD
BLK
Cost
--------200000
200000
200000
100000
100000
Prio.Nbr
-------128.7
128.8
128.9
128.296
128.304
Type
------------------------P2p
P2p
P2p
P2p
P2p
DSW1#
MST on switch DSW2:

!
name region1
revision 1
instance 1 vlan 1, 3, 11, 63, 65
!
spanning-tree mst 0-1 priority 28672
spanning-tree mst 2 priority 24576
!
DSW2#sho spanning-tree
MST0
Root ID
Priority
24576
Address
001f.2721.8680
Cost
0
Port
7 (FastEthernet0/5)
Hello Time
Bridge ID
Priority
Address
Hello Time
Interface
------------------Fa0/5
Fa0/6
Fa0/7
Po31
Po32
Role
---Root
Desg
Desg
Altn
Altn

001f.2721.8600
Sts
--FWD
FWD
FWD
BLK
BLK
Cost
--------200000
200000
200000
100000
100000
Prio.Nbr
-------128.7
128.8
128.9
128.296
128.304
Type
-------------------------P2p
P2p
P2p
P2p
P2p
Lab Guide
359
MST1
Root ID
Priority
24577
Address
001f.2721.8680
Cost
200000
Port
7 (FastEthernet0/5)
Hello Time
Bridge ID
Priority
Address
Hello Time
Interface
------------------Fa0/5
Fa0/6
Fa0/7
Po31
Po32
Role
---Root
Desg
Desg
Altn
Altn

001f.2721.8600
Sts
--FWD
FWD
FWD
BLK
BLK
Cost
--------200000
200000
200000
100000
100000
Prio.Nbr
-------128.7
128.8
128.9
128.296
128.304
MST2
Root ID
Priority
24578
Address
001f.2721.8600
Hello Time
Bridge ID
Priority
Address
Hello Time
Interface
------------------Fa0/5
Fa0/6
Fa0/7
Po31
Po32
Role
---Desg
Desg
Desg
Desg
Desg
Type
------------------------P2p
P2p
P2p
P2p
P2p

001f.2721.8600
Sts
--FWD
FWD
FWD
FWD
FWD
Cost
--------200000
200000
200000
100000
100000
Prio.Nbr
-------128.7
128.8
128.9
128.296
128.304
Type
-------------------------P2p
P2p
P2p
P2p
P2p
DSW2#
MST on switches ASW1, ASW2, CSW1, and CSW2:

name region1
revision 1
instance 1 vlan 1, 3, 11, 63, 65
360

PVRST+
on all switches on your pod

On switches ASW1 and ASW2:
interface Vlan3
ip address 10.1.3.10 255.255.255.0
On switches DSW1 and DSW2:

ip routing
!
no switchport
ip address 10.1.253.0 255.255.255.254
no ip route-cache
!
no switchport
ip address 10.1.253.2 255.255.255.254
no ip route-cache
!
no switchport
no ip address
no ip route-cache
!
no switchport
no ip address
no ip route-cache
!
no switchport
no ip address
no ip route-cache
!
no switchport
no ip address
no ip route-cache
!
no switchport
ip address 10.1.253.4 255.255.255.254
no ip route-cache
!
router eigrp 10
network 10.1.0.0 0.0.255.255
Lab Guide
361
On switches CSW1 and CSW2:

no switchport
ip address 10.1.253.1 255.255.255.254
!
no switchport
ip address 10.1.253.9 255.255.255.254
!
no switchport
ip address 10.1.253.10 255.255.255.254
!
no switchport
no ip address
!
no switchport
no ip address
!
no switchport
no ip address
!
no switchport
no ip address
!
shutdown
!
shutdown
!
no switchport
no ip address
!
no switchport
no ip address
!
no switchport
no ip address
!
no switchport
362
no ip address
!
description Trunk to R1
no switchport
ip address 10.1.253.12 255.255.255.254
!
no switchport
ip address 10.1.253.14 255.255.255.254
!
router eigrp 10
network 10.1.0.0 0.0.255.255
On routers R1 and R2:

ip address 10.1.253.13 255.255.255.254
duplex auto
speed auto
!
ip address 10.1.253.19 255.255.255.254
duplex auto
speed auto
!
router eigrp 10
network 10.1.0.0 0.0.255.255
Lab Guide
363
Lab 5-1: Implementing High Availability and Reporting in a

Network Design
On switch CSW1:
ip sla 1
icmp-echo 10.1.3.10
ip sla schedule 1 life forever start-time now
logging 10.1.3.50
logging trap informational
snmp-server community ciscor ro
snmp-server host 10.1.3.50 traps ciscor
snmp-server enable traps config
snmp-server enable traps vlan-membership
snmp-server enable traps errdisable
On switch DSW2:
logging 10.1.4.100
logging trap informational
snmp-server community ciscor ro
snmp-server host 10.1.4.100 traps ciscor
snmp-server enable traps config
snmp-server enable traps vlan-membership
snmp-server enable traps errdisable

On switch DSW1:
interface Vlan3
ip address 10.1.3.3 255.255.255.0
standby 3 preempt
!
interface Vlan4
ip address 10.1.4.3 255.255.255.0
standby 4 preempt
On switch DSW2:
interface Vlan3
ip address 10.1.3.2 255.255.255.0
standby 3 preempt
!
interface Vlan4
ip address 10.1.4.2 255.255.255.0
standby 4 preempt
364
Lab 6-2: Implementing VRRP

On switch CSW1:
!
!
interface Vlan10
ip address 10.1.253.25 255.255.255.248
On switch CSW2:
!
!
interface Vlan20
ip address 10.1.253.33 255.255.255.248
On router R1:
ip address 10.1.253.27 255.255.255.248
duplex auto
speed auto
vrrp 1 ip 10.1.253.30
vrrp 1 priority 120
!
ip address 10.1.253.36 255.255.255.248
duplex auto
speed auto
vrrp 2 ip 10.1.253.34
R1# show vrrp
State is Master
Preemption enabled
Priority is 150
State is Backup
Preemption enabled
Priority is 100
Lab Guide
365

Master Down interval is 3.609 sec (expires in 3.389 sec)
On router R2:
ip address 10.1.253.35 255.255.255.248
duplex auto
speed auto
vrrp 2 ip 10.1.253.34
vrrp 2 priority 120
!
ip address 10.1.253.26 255.255.255.248
duplex auto
speed auto
vrrp 1 ip 10.1.253.30
R2# show vrrp
State is Backup
Preemption enabled
Priority is 100
Master Down interval is 3.609 sec (expires in 3.217 sec)
State is Master
Preemption enabled
Priority is 150
Lab 7-1: Secure Network Switches to Mitigate Security Attacks

On switch ASW1:
spanning-tree portfast bpduguard default
!
ip dhcp snooping
!
!
!
switchport port-security violation restrict
switchport port-security mac-address 0050.5684.3a29
On switch ASW2:
366
!
ip dhcp snooping
!
!
!
description Port to CTL2
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0050.5692.3032
On switch DSW1:
!
action drop
action forward
!
!
!
!
!
On switch DSW2:
!
action drop
action forward
!
!
!
!
!
Lab Guide
367
Lab 8-1: Plan Implementation and Verification of VoIP in a

Campus Network
On switches ASW1 and ASW2:
switchport trunk allowed vlan 3,4,11,12,63-66
priority-queue out
mls qos trust dscp
auto qos voip trust
!
priority-queue out
mls qos trust dscp
auto qos voip trust
!
priority-queue out
mls qos trust cos
service-policy input AutoQoS-Police-CiscoPhone
!
priority-queue out
mls qos trust cos
service-policy input AutoQoS-Police-CiscoPhone
368
On switch DSW1:
ip dhcp excluded-address 10.1.63.1 10.1.63.49
!
ip dhcp pool vlan63
network 10.1.63.0 255.255.255.0
option 150 ip 10.1.63.11 10.1.64.12
lease 8
!
ip dhcp pool vlan64
network 10.1.64.0 255.255.255.0
option 150 ip 10.1.63.11 10.1.64.12
lease 8
!
priority-queue out
mls qos trust dscp
auto qos voip trust
!
priority-queue out
mls qos trust dscp
auto qos voip trust
!
priority-queue out
mls qos trust dscp
auto qos voip trust
!
priority-queue out
mls qos trust dscp
auto qos voip trust
!
Lab Guide
369
On switch DSW2:
!
ip dhcp pool vlan63
network 10.1.63.0 255.255.255.0
option 150 ip 10.1.63.11 10.1.63.12
lease 8
!
ip dhcp pool vlan64
network 10.1.64.0 255.255.255.0
option 150 ip 10.1.63.11 10.1.64.12
lease 8
!
priority-queue out
mls qos trust dscp
auto qos voip trust
!
priority-queue out
mls qos trust dscp
auto qos voip trust
!
priority-queue out
mls qos trust dscp
auto qos voip trust
!
370
On switches CSW1 and CSW2:

no switchport
no ip address
srr-queue bandwidth share
priority-queue out
mls qos trust dscp
auto qos voip trust
!
no switchport
no ip address
priority-queue out
mls qos trust dscp
auto qos voip trust
!
no switchport
no ip address
priority-queue out
mls qos trust dscp
auto qos voip trust
!
no switchport
no ip address
priority-queue out
mls qos trust dscp
auto qos voip trust
10 10 60 20
10 10 60 20
10 10 60 20
10 10 60 20
Lab Guide
371
Lab 9-1 Integrating Wireless in the Campus:

On ASW1:
description AP1
mls qos trust cos
!
description AP2
mls qos trust cos
!
description AP3
mls qos trust dscp
On ASW2:
description AP4
mls qos trust cos
!
description AP5
mls qos trust cos
!
description AP6
mls qos trust dscp
372
On DSW1:
mls qos
!
description WCS1
spanning-tree portfast trunk
mls qos trust cos
!
description WLC1
mls qos trust cos
On DSW2:
mls qos
!
description WCS2
spanning-tree portfast trunk
mls qos trust cos
!
description WLC2
mls qos trust cos
Lab Guide
373
Pod Physical Ports Map
P2
R2
P3
DSW2
P1
R2
P2
DSW2
P2
R1
P1
DSW2
P1
R1
P5
DSW1
P5
CSW2
P4
DSW1
P4
CSW2
P3
DSW1
P3
CSW2
P2
DSW1
P2
CSW2
P1
DSW1
P1
CSW2
P3
ASW2
P5
CSW1
P2
ASW2
P4
CSW1
P1
ASW2
P3
CSW1
P3
ASW1
P2
CSW1
P2
ASW1
P1
P1
ASW1
374
P4
P5
DSW2
DSW2
Physical port in your pod
CSW1
Port Name on the map
Device
Device
Port Name on the map
Physical port in your pod
During the implementation process, you must determine, for each switch, the port that connects
to each neighbor. The ports represented on each device connection in the Visual Objective are
generic ports. Each port can represent one or several physical interfaces. Use the following table
to document the physical interfaces used in your pod. You will use this information throughout
the labs:
SWITCH v1.01
Visual Objective for Lab 1-1: New Hire Test
Lab 1-1 Network Diagram
SWITCH v1.02
Lab Guide
375
Visual Objective for Lab 2-1: Design and

Implement VLANs, Trunk and EtherChannel
376
SWITCH v1.03
Visual Objective for Lab 2-2: Troubleshoot

Common VLAN Configuration and Security
Issues
SWITCH v1.04
Lab Guide
377
Visual Objective for Lab 2-3: Configure Private

VLANs
378
SWITCH v1.05
SWITCH v1.03-5
Lab Guide
379

PVRST+
380
SWITCH v1.07

Spanning Tree Issues
SWITCH v1.08
Lab Guide
381
Lab 4-1: Implementing Inter-VLAN Routing
382
SW ITCH v1.03-8

Inter-VLAN Routing
SWITCH v1.010
Lab Guide
383
Visual Objective for Lab 5-1: Implement HA in

a Network Design
384
SWITCH v1.011
Visual Objective for Lab 6-1: Implement and

Tune HSRP
SWITCH v1.012
Lab Guide
385
Visual Objective for Lab 6-2: Implementing

VRRP
386
SWITCH v1.013
Visual Objective for Lab 7-1: Secure Network

Switches to Mitigate Security Attacks
SWITCH v1.014
Lab Guide
387
Visual Objective for Lab 8-1: Plan

Implementation of VoIP in a Campus Network
388
SWITCH v1.015
Visual Objective for Lab 9-1: Integrating

Wireless in the Campus
SWITCH v1.016
Lab Guide
389
390

FL Switch 104 LG

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

FL Switch 104 LG

Hochgeladen von

Copyright:

Verfügbare Formate

SWITCH

Fast lane Lab Guide

Fast Lane Institute for Knowledge Transfer GmbH

Lab 1-1: New Hire Test

Lab 2-1: Design and Implement VLANs, Trunks, and EtherChannel

Lab 2-2: Troubleshoot Common VLAN Configuration and Security Issues

Lab 2-3: Implement Private VLANs

Lab 3-1: Implement Multiple Spanning Tree

Lab 3-2: Implement PVRST+

Lab 3-3: Troubleshoot Spanning Tree Issues

Lab 4-1: Implement Inter-VLAN Routing

Lab 4-2: Troubleshoot Inter-VLAN Routing

Lab 5-1: Implement High Availability and Reporting in a Network Design

Lab 6-1: Implement and Tune HSRP

Lab 6-2: Implement VRRP

Lab 7-1: Secure Network Switches to Mitigate Security Attacks

Lab 8-1: Plan Implementation and Verification of VoIP in a Campus Network

Lab 9-1: Integrate Wireless in the Campus

Lab 1-1: New Hire Test

Prepare basic configuration templates for your switches

Explore the remote lab device connections

Deploy configuration templates to your switches

Verify your configurations according to the verification plan you created

Implementing Cisco Switched Networks (SWITCH) v1.0

2009 Cisco Systems, Inc.

Information Packet Materials

Telnet is allowed to all possible vty interfaces and must be configured.

All passwords are cisco.

Terminal idle timeout must be set to 0 (unlimited).

Log messages should appear with a time stamp.

All unused interfaces must be set to shutdown.

Client1 is connected to interface fa0/3 on switch ASW1 ( logical port P3 )

Client2 is connected to interface fa0/3 on switch ASW2 ( logical port P3 )

2009 Cisco Systems, Inc.

Layer 2 access switch

Layer 2 access switch

Implementing Cisco Switched Networks (SWITCH) v1.0

2009 Cisco Systems, Inc.

Visual Objective for Lab 1-1: New Hire Test

2009 Cisco Systems, Inc. All rights reserved.

2009 Cisco Systems, Inc.

Enters global configuration mode, from privileged EXEC mode.

clock set hh:mm [:ss] month day

Manually sets the clock on the device.

copy running-config startupconfig

Saves your entries in the configuration file.

default-router address [address2 ...

(Optional) Specifies the IP address of the default router for a

Adds a description (up to 240 characters) for an interface.

Specifies the domain name for the client.

duplex {auto | full | half}

Sets the duplex parameter for the interface.

enable secret password

Sets the privileged EXEC mode command interpreter.

Sets the idle terminal timeout interval.

Exits the current mode.

Manually configures a system name.

Enters interface configuration mode for a Cisco Catalyst switch

interface range fastethernet |

Specifies the range of interfaces (VLANs or physical ports)

Enters interface configuration mode, and enters the VLAN to

ip address ip address subnet-mask

Sets the IP address and subnet mask.