Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Case Study

    Hochgeladen von

    uglyface007
    44 Ansichten34 Seiten
    Digital technologies has a new city office. The design requires main trunks as EtherChannels, with back up links, trunk ports and access ports using Catalyst 2950 and 3550 switches, and 1800 series routers. For load balancing, DLS 1 will be root for Corporate VLAN, Sales vlan and Management VLAN, and DLS 2 is active for VLANs 30 and 150.

    Originalbeschreibung:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Verfügbare Formate

    DOC, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    Digital technologies has a new city office. The design requires main trunks as EtherChannels, with back up links, trunk ports and access ports using Catalyst 2950 and 3550 switches, and 1800 series routers. For load balancing, DLS 1 will be root for Corporate VLAN, Sales vlan and Management VLAN, and DLS 2 is active for VLANs 30 and 150.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als DOC, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    44 Ansichten34 Seiten

    Case Study

    Hochgeladen von

    uglyface007
    Digital technologies has a new city office. The design requires main trunks as EtherChannels, with back up links, trunk ports and access ports using Catalyst 2950 and 3550 switches, and 1800 series routers. For load balancing, DLS 1 will be root for Corporate VLAN, Sales vlan and Management VLAN, and DLS 2 is active for VLANs 30 and 150.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als DOC, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 34

    !!!I used real Cisco 3550 switch *4 and Router * 2 to do this lab.

    I did not use Dynamips to do this lab.!!!

    Scenario: Digital Technologies Inc (DTI) has a new city office. The design requires main trunks as EtherChannels, with back up links, trunk ports and access ports using Catalyst 2950 and 3550 switches, and 1800 series routers. Fault tolerant links are required so all links, even those to ISP, require backup. Staff at the city office are in the following subnets: 1. Corporate (Manager, Accounts, Secretaries) VLAN 10 2. Sales (Marketing, Sales, Delivery) VLAN 20 3. Servers (attached to DLS 2) VLAN 30 4. Telephony VLAN 150 5. Management (For all switches) VLAN 217

    Basic Configuration: All Router: enable configure terminal ! no ip domain lookup ! line console 0 logging synchronous exec-timeout 0 0 ! hostname All Switches: enable configure terminal ! no ip domain lookup ! line console 0 logging synchronous exec-timeout 0 0 ! interface vlan 1 no shutdown ! hostname

    Multiple Instance Spanning Tree (MST) will be used in combination with PortFast and BPDU guard. For load balancing, DLS 1 will be root for Corporate VLAN, Sales VLAN and Management VLAN, and DLS 2 will be root for Telephony VLAN and Servers VLAN. Multiple HSRP groups will be implemented so that DLS 1 is active for VLAN 10, 20 & 217, and DLS 2 is active for VLANs 30 & 150. All VLANs will have Bachup Router as their standby link. General Tasks 1. Connect all the network devices according to the network diagram. (Note: No IP Telephones will be connected at this stage, although all configuration will assume their presence.) 2. On DL & AL Switches use ports 3 & 4 to the EtherChannel AL Switches (DLS1 to ALS 1 & DLS 2 to ALS 2). DLS1(config)#interface range fastEthernet 0/3 - 4 DLS1(config-if-range)#switchport trunk encapsulation dot1q DLS1(config-if-range)#switchport mode trunk DLS1(config-if-range)#channel-group 3 mode desirable

    ALS1(config)#interface range fastEthernet 0/3 - 4 ALS1(config-if-range)#switchport trunk encapsulation dot1q ALS1(config-if-range)#switchport mode trunk ALS1(config-if-range)#channel-group 1 mode desirable DLS2(config)#interface range fastEthernet 0/3 - 4 DLS2(config-if-range)#switchport trunk encapsulation dot1q DLS2(config-if-range)#switchport mode trunk DLS2(config-if-range)#channel-group 4 mode desirable ALS2(config)#interface range fastEthernet 0/3 - 4 ALS2(config-if-range)#switchport trunk encapsulation dot1q ALS2(config-if-range)#switchport mode trunk ALS2(config-if-range)#channel-group 2 mode desirable DLS1#show etherchannel summary Flags: D - down P - bundled in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator M - not in use, minimum links not met u - unsuitable for bundling w - waiting to be aggregated d - default port

    Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------3 Po3(SU) PAgP Fa0/3(P) Fa0/4(P) DLS1# DLS2#show etherchannel summary Flags: D - down P - bundled in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator M - not in use, minimum links not met u - unsuitable for bundling w - waiting to be aggregated d - default port

    Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------4 Po4(SU) PAgP Fa0/3(P) Fa0/4(P) DLS2#

    3. On DL & AL Switches use ports 5 & 6 as trunk ports between them (DLS 1 to ALS 2 & DLS 2 to ALS 1).

    DLS1(config)#interface range fastEthernet 0/5 - 6 DLS1(config-if-range)#switchport trunk encapsulation dot1q DLS1(config-if-range)#switchport mode trunk ALS2(config)#interface range fastEthernet 0/5 - 6 ALS2(config-if-range)#switchport trunk encapsulation dot1q ALS2(config-if-range)#switchport mode trunk DLS2(config)#interface range fastEthernet 0/5 - 6 DLS2(config-if-range)#switchport trunk encapsulation dot1q DLS2(config-if-range)#switchport mode trunk ALS1(config)#interface range fastEthernet 0/5 - 6 ALS1(config-if-range)#switchport trunk encapsulation dot1q ALS1(config-if-range)#switchport mode trunk

    4. Use ports 7 & 8 for the trunk ports between ALS 1 & ALS 2. ALS1(config)#interface range fastEthernet 0/7 - 8 ALS1(config-if-range)#switchport trunk encapsulation dot1q ALS1(config-if-range)#switchport mode trunk ALS2(config)#interface range fastEthernet 0/7 - 8 ALS2(config-if-range)#switchport trunk encapsulation dot1q ALS2(config-if-range)#switchport mode trunk

    5. Use port 7 for the trunk links to ISP (DLS 1 to ISP & DLS 2 to ISP). DLS1(config)#interface fastEthernet 0/7 DLS1(config-if)#no switchport DLS1(config-if)#ip address 192.168.1.5 255.255.255.252 DLS1(config-if)#no shutdown DLS2(config)#interface fastEthernet 0/7 DLS2(config-if)#no switchport DLS2(config-if)#ip address 192.168.1.9 255.255.255.252 DLS2(config-if)#no shutdown ISP(config)#interface ethernet 0/0 ISP(config-if)#ip address 192.168.1.6 255.255.255.252 ISP(config-if)#no shutdown ISP(config)#interface ethernet 0/1 ISP(config-if)#ip address 192.168.1.10 255.255.255.252 ISP(config-if)#no shutdown ISP#ping 192.168.1.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.5, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms ISP#ping 192.168.1.9 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.9, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

    6. ALS 1 has the only link to BACKUP Router on port 24 ALS1(config)#interface fastEthernet 0/24 ALS1(config-if)#switchport trunk encapsulation dot1q ALS1(config-if)#switchport mode trunk Backup(config)#interface ethernet 0/0 Backup(config-if)#no shutdown Backup(config)#interface ethernet 0/0.10 Backup(config-subif)#encapsulation dot1Q 10 Backup(config-subif)#ip address 10.1.10.50 255.255.255.0 Backup(config)#interface ethernet 0/0.20 Backup(config-subif)#encapsulation dot1Q 20 Backup(config-subif)#ip address 10.1.20.50 255.255.255.0 Backup(config)#interface ethernet 0/0.30 Backup(config-subif)#encapsulation dot1Q 30 Backup(config-subif)#ip address 10.1.30.50 255.255.255.0 Backup(config)#interface ethernet 0/0.150 Backup(config-subif)#encapsulation dot1Q 150 Backup(config-subif)#ip address 10.1.150.50 255.255.255.0 Backup(config)#interface ethernet 0/0.217 Backup(config-subif)#encapsulation dot1Q 217 Backup(config-subif)#ip address 10.1.217.50 255.255.255.0 Backup#show ip interface brief Interface IP-Address OK? Method Status Ethernet0/0 unassigned YES unset up Ethernet0/0.10 10.1.10.50 YES manual up Ethernet0/0.20 10.1.20.50 YES manual up Ethernet0/0.30 10.1.30.50 YES manual up Ethernet0/0.150 10.1.150.50 YES manual up Ethernet0/0.217 10.1.217.50 YES manual up Serial0/0 unassigned YES unset administratively Serial0/1 unassigned YES unset administratively Backup#

    Protocol up up up up up up down down down down

    On all devices, configure the following: o vty support with password cisco DLS1(config)#vtp domain ITCORP DLS1(config)#vtp password cisco DLS1(config)#vtp mode server DLS1(config)#vlan 10 DLS1(config-vlan)#name Corporate DLS1(config)#vlan 20 DLS1(config-vlan)#name Sales DLS1(config)#vlan 30 DLS1(config-vlan)#name Servers DLS1(config)#vlan 150 DLS1(config-vlan)#name Telephony

    DLS1(config)#vlan 217 DLS1(config-vlan)#name Management DLS2(config)#vtp domain ITCORP DLS2(config)#vtp password cisco DLS2(config)#vtp mode client ALS1(config)#vtp domain ITCORP ALS1(config)#vtp password cisco ALS1(config)#vtp mode client ALS2(config)#vtp domain ITCORP ALS2(config)#vtp password cisco ALS2(config)#vtp mode client ALS2#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/9, Fa0/10 Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/2 10 Corporate active 20 Sales active 30 Servers active 150 Telephony active 217 Management active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup ALS2# ALS2#show vtp status VTP Version : running VTP1 (VTP2 capable) Configuration Revision :5 Maximum VLANs supported locally : 1005 Number of existing VLANs : 10 VTP Operating Mode : Client VTP Domain Name : ITCORP VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x99 0xB4 0x7D 0x9B 0x8B 0x90 0x15 0xA1 Configuration last modified by 192.168.1.5 at 3-1-93 00:50:48 ALS2# o console password cisco All Router and Switch: All Router and Switch(config)#line console 0 All Router and Switch(config-line)#password cisco All Router and Switch(config-line)#logging synchronous o privileged EXEC mode secret cisco All Router and Switch: All Router and Switch(config)#enable secret cisco

    o All hostnames All Router and Switch: All Router and Switch(config)#hostname * o Prevent bystanders from reading passwords by configuring all network devices to encrypt the clear text passwords. All Router and Switch: All Router and Switch(config)#service password-encryption

    VLANs and VTP DTI requires VLANs and VTP to be configured within the switched network 1. VTP - Domain ITCORP - Password cisco - DLS 1 Server - All other switches CLIENT !!!!done

    2. Fast EtherChannel is between ALS 1 & DLS 1, and ALS 2 & DLS 2 !!!done

    3. Create all required VLANs in the VTP Domain !!!done

    4. Configure Access Ports as follows: VLAN 10 VLAN 20 VLAN 30 VLAN 150 DLS 1 nil nil nil nil DLS 2 nil nil fa0/22-24 nil ALS 1 fa0/10-13 fa0/14-22 nil access ports only ALS 2 fa0/10-13 fa0/14-22 nil access ports only

    DLS2(config)#interface range fastEthernet 0/22 - 24 DLS2(config-if-range)#switchport access vlan 30 DLS2(config-if-range)#switchport mode access ALS1(config)#interface range fastEthernet 0/10 - 13 ALS1(config-if-range)#switchport access vlan 10 ALS1(config-if-range)#switchport mode access ALS1(config)#interface range fastEthernet 0/14 - 22 ALS1(config-if-range)#switchport access vlan 20 ALS1(config-if-range)#switchport mode access ALS2(config)#interface range fastEthernet 0/10 - 13 ALS2(config-if-range)#switchport access vlan 10 ALS2(config-if-range)#switchport mode access ALS2(config)#interface range fastEthernet 0/14 - 22 ALS2(config-if-range)#switchport access vlan 20 ALS2(config-if-range)#switchport mode access ALS1#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/9, Fa0/23

    10 Corporate 20 Sales

    30 Servers 150 Telephony 217 Management 1002 fddi-default 1003 token-ring-default 1004 fddinet-default 1005 trnet-default ALS1# ALS2#show vlan brief

    Gi0/1, Gi0/2 active Fa0/10, Fa0/11, Fa0/12, Fa0/13 active Fa0/14, Fa0/15, Fa0/16, Fa0/17 Fa0/18, Fa0/19, Fa0/20, Fa0/21 Fa0/22 active active active act/unsup act/unsup act/unsup act/unsup

    VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/9, Fa0/23 Fa0/24, Gi0/1, Gi0/2 10 Corporate active Fa0/10, Fa0/11, Fa0/12, Fa0/13 20 Sales active Fa0/14, Fa0/15, Fa0/16, Fa0/17 Fa0/18, Fa0/19, Fa0/20, Fa0/21 Fa0/22 30 Servers active 150 Telephony active 217 Management active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup ALS2#

    Spanning-Tree 1. Configure instance 1 for VLANs 10, 20 & 217 with DLS 1 as root bridge, with all other VLANs being in instance 2 with DLS 2 as root bridge. DLS1(config)#spanning-tree mode mst DLS1(config)#spanning-tree mst configuration DLS1(config-mst)#name CISCO DLS1(config-mst)#revision 1 DLS1(config-mst)#instance 1 vlan 10, 20, 217 DLS1(config-mst)#instance 2 vlan 1, 30, 150 ,1002-1005 DLS1(config-mst)#exit DLS1(config)#spanning-tree mst 1 root primary DLS1(config)#spanning-tree mst 2 root secondary DLS2(config)#spanning-tree mode mst DLS2(config)#spanning-tree mst configuration DLS2(config-mst)#name CISCO DLS2(config-mst)#revision 1 DLS2(config-mst)#instance 1 vlan 10,20,217 DLS2(config-mst)#instance 2 vlan 1, 30, 150 ,1002-1005 DLS2(config-mst)#exit DLS2(config)#spanning-tree mst 1 root secondary DLS2(config)#spanning-tree mst 2 root primary ALS1(config)#spanning-tree mode mst ALS1(config)#spanning-tree mst configuration ALS1(config-mst)#name CISCO

    ALS1(config-mst)#revision 1 ALS1(config-mst)#instance 1 vlan 10, 20, 217 ALS1(config-mst)#instance 2 vlan 1, 30, 150 ,1002-1005 ALS1(config-mst)#exit ALS2(config)#spanning-tree mode mst ALS2(config)#spanning-tree mst configuration ALS2(config-mst)#name CISCO ALS2(config-mst)#revision 1 ALS2(config-mst)#instance 1 vlan 10,20,217 ALS2(config-mst)#instance 2 vlan 1, 30, 150 ,1002-1005 ALS2(config-mst)#exit DLS1#show spanning-tree MST0 Spanning tree enabled protocol mstp Root ID Priority 32768 Address 000e.d7a6.9c80 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32768 (priority 32768 sys-id-ext 0) Address 000e.d7a6.9c80 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface ------------------Fa0/5 Fa0/6 Po3 Role Sts Cost Prio.Nbr Type ---- --- --------- -------- -------------------------------Desg FWD 200000 128.5 P2p Desg FWD 200000 128.6 P2p Desg FWD 100000 128.65 P2p

    MST1 Spanning tree enabled protocol mstp Root ID Priority 24577 Address 000e.d7a6.9c80 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 24577 (priority 24576 sys-id-ext 1) Address 000e.d7a6.9c80 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface ------------------Fa0/5 Fa0/6 Po3 Role Sts Cost Prio.Nbr Type ---- --- --------- -------- -------------------------------Desg FWD 200000 128.5 P2p Desg FWD 200000 128.6 P2p Desg FWD 100000 128.65 P2p

    MST2 Spanning tree enabled protocol mstp Root ID Priority 24578 Address 000e.d7a6.ab00 Cost 300000 Port 65 (Port-channel3) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

    Bridge ID Priority 28674 (priority 28672 sys-id-ext 2) Address 000e.d7a6.9c80 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface ------------------Fa0/5 Fa0/6 Po3 DLS1# DLS2#show spanning-tree MST0 Spanning tree enabled protocol mstp Root ID Priority 32768 Address 000e.d7a6.9c80 Cost 0 Port 5 (FastEthernet0/5) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32768 (priority 32768 sys-id-ext 0) Address 000e.d7a6.ab00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface ------------------Fa0/5 Fa0/6 Po4 Role Sts Cost Prio.Nbr Type ---- --- --------- -------- -------------------------------Root FWD 200000 128.5 P2p Altn BLK 200000 128.6 P2p Altn BLK 100000 128.65 P2p Role Sts Cost Prio.Nbr Type ---- --- --------- -------- -------------------------------Altn BLK 200000 128.5 P2p Altn BLK 200000 128.6 P2p Root FWD 100000 128.65 P2p

    MST1 Spanning tree enabled protocol mstp Root ID Priority 24577 Address 000e.d7a6.9c80 Cost 300000 Port 5 (FastEthernet0/5) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 28673 (priority 28672 sys-id-ext 1) Address 000e.d7a6.ab00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface ------------------Fa0/5 Fa0/6 Po4 Role Sts Cost Prio.Nbr Type ---- --- --------- -------- -------------------------------Root FWD 200000 128.5 P2p Altn BLK 200000 128.6 P2p Altn BLK 100000 128.65 P2p

    MST2 Spanning tree enabled protocol mstp Root ID Priority 24578 Address 000e.d7a6.ab00 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

    Bridge ID Priority 24578 (priority 24576 sys-id-ext 2) Address 000e.d7a6.ab00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface ------------------Fa0/5 Fa0/6 Po4 DLS2# Role Sts Cost Prio.Nbr Type ---- --- --------- -------- -------------------------------Desg FWD 200000 128.5 P2p Desg FWD 200000 128.6 P2p Desg FWD 100000 128.65 P2p

    2. Configure PortFast on all non trunk ports. All Router and Switch: All Router and Switch(config)#spanning-tree portfast bpduguard default All Router and Switch(config)#spanning-tree portfast default

    Inter-VLAN Routing Enable InterVLAN routing. DLS1(config)#ip routing DLS1(config)#interface vlan 10 DLS1(config-if)#ip address 10.1.10.10 255.255.255.0 DLS1(config-if)#interface vlan 20 DLS1(config-if)#ip address 10.1.20.10 255.255.255.0 DLS1(config-if)#interface vlan 30 DLS1(config-if)#ip address 10.1.30.10 255.255.255.0 DLS1(config-if)#interface vlan 150 DLS1(config-if)#ip address 10.1.150.10 255.255.255.0 DLS1(config-if)#interface vlan 217 DLS1(config-if)#ip address 10.1.217.10 255.255.255.0 DLS2(config)#ip routing DLS2(config)#interface vlan 10 DLS2(config-if)#ip address 10.1.10.20 255.255.255.0 DLS2(config)#interface vlan 20 DLS2(config-if)#ip address 10.1.20.20 255.255.255.0 DLS2(config)#interface vlan 30 DLS2(config-if)#ip address 10.1.30.20 255.255.255.0 DLS2(config)#interface vlan 150 DLS2(config-if)#ip address 10.1.150.20 255.255.255.0 DLS2(config)#interface vlan 217 DLS2(config-if)#ip address 10.1.217.20 255.255.255.0 Configure Backup as a router-on-a-stick. !!!Done

    Configure HSRP on DLS1, DLS 2 and Backup. Configure HSRP on DLS1, DLS 2 and Backup Router so that DLS 1 is the active router for VLANs 10, 20 & 217 and DLS 2 is the active router for VLANs 30 & 150, with standby for all VLANs being Backup Router. Include the preempt option in all configuration. Configure HSRP interface tracking so that Backup becomes the active router if the FastEthernet link between DLS 1 or DLS 2 to ISP goes down. DLS1(config)#interface Vlan10 DLS1(config-if)#ip address 10.1.10.10 255.255.255.0 DLS1(config-if)#standby 10 ip 10.1.10.1 DLS1(config-if)#standby 10 priority 105 DLS1(config-if)#standby 10 preempt DLS1(config-if)#standby 10 track FastEthernet0/7 DLS1(config-if)#interface Vlan20 DLS1(config-if)#ip address 10.1.20.10 255.255.255.0 DLS1(config-if)#standby 20 ip 10.1.20.1 DLS1(config-if)#standby 20 priority 105 DLS1(config-if)#standby 20 preempt DLS1(config-if)#standby 20 track FastEthernet0/7 DLS1(config-if)#interface Vlan217 DLS1(config-if)#ip address 10.1.217.10 255.255.255.0 DLS1(config-if)#standby 217 ip 10.1.217.1 DLS1(config-if)#standby 217 priority 105 DLS1(config-if)#standby 217 preempt DLS1(config-if)#standby 217 track FastEthernet0/7 DLS2(config)#interface Vlan30 DLS2(config-if)# ip address 10.1.30.20 255.255.255.0 DLS2(config-if)# standby 30 ip 10.1.30.1 DLS2(config-if)# standby 30 priority 105 DLS2(config-if)# standby 30 preempt DLS2(config-if)# standby 30 track FastEthernet0/7 DLS2(config-if)#interface Vlan150 DLS2(config-if)# ip address 10.1.150.20 255.255.255.0 DLS2(config-if)# standby 150 ip 10.1.150.1 DLS2(config-if)# standby 150 priority 105 DLS2(config-if)# standby 150 preempt DLS2(config-if)# standby 150 track FastEthernet0/7 !!!!Subinterfaces!!!! HSRP groups on subinterfaces must have a group number unique among all other groups on all subinterfaces on the same main interface. This is because subinterfaces do not receive a unique SNMP interface index. If you had two groups with the number N on different subinterfaces, then in the MIB, group N on sub-interface 1 and group N on sub-interface 2 would appear to be the same group. http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094a91.shtml#subinterfaces Backup(config)#interface Ethernet0/0.10 Backup(config-subif)#standby 10 ip 10.1.10.1 Backup(config-subif)#standby 10 preempt Backup(config-subif)#standby 10 priority 100 Backup(config-subif)#standby 10 track Serial0/0 Backup(config)#interface ethernet 0/0.20 Backup(config-subif)#standby 20 ip 10.1.20.1 Backup(config-subif)#standby 20 preempt Backup(config-subif)#standby 20 priority 100 Backup(config-subif)#standby 20 track Serial 0/0

    Backup(config)#interface ethernet 0/0.30 Backup(config-subif)#standby 30 ip 10.1.30.1 Backup(config-subif)#standby 30 preempt Backup(config-subif)#standby 30 priority 100 Backup(config-subif)#standby 30 track Serial 0/0 Backup(config)#interface ethernet 0/0.150 Backup(config-subif)#standby 150 ip 10.1.150.1 Backup(config-subif)#standby 150 preempt Backup(config-subif)#standby 150 priority 100 Backup(config-subif)#standby 150 track Serial 0/0 Backup(config)#interface ethernet 0/0.217 Backup(config-subif)#standby 217 ip 10.1.217.1 Backup(config-subif)#standby 217 preempt Backup(config-subif)#standby 217 priority 100 Backup(config-subif)#standby 217 track Serial 0/0 DLS1#show standby brief P indicates configured to preempt. | Interface Grp Prio P State Active Standby Virtual IP Vl10 10 105 P Active local 10.1.10.50 10.1.10.1 Vl20 20 105 P Active local 10.1.20.50 10.1.20.1 Vl217 217 105 P Active local 10.1.217.50 10.1.217.1 DLS1# DLS2#show standby brief P indicates configured to preempt. | Interface Grp Prio P State Active Standby Virtual IP Vl30 30 105 P Active local 10.1.30.50 10.1.30.1 Vl150 150 105 P Active local 10.1.150.50 10.1.150.1 DLS2# Backup#show standby brief P indicates configured to preempt. | Interface Grp Prio P State Active Standby Et0/0.10 10 90 P Standby 10.1.10.10 local Et0/0.20 20 90 P Standby 10.1.20.10 local Et0/0.30 30 90 P Standby 10.1.30.20 local Et0/0.150 150 90 P Standby 10.1.150.20 local Et0/0.217 217 90 P Standby 10.1.217.10 local Backup#

    Virtual IP 10.1.10.1 10.1.20.1 10.1.30.1 10.1.150.1 10.1.217.1

    Use the following Addresses: - VLAN 10 - 10.1.10.0/24 - VLAN 20 - 10.1.20.0/24 - VLAN 30 - 10.1.30.0/24 - VLAN 150 - 10.1.150.0/24 - VLAN 217 - 10.1.217.0/24 - Interface S0/0/0 on Backup - 192.168.1.0/30 - Interface fa0/7 on DLS 1 - 192.168.1.4/30 - Interface fa0/7 on DLS 2 - 192.168.1.8/30 - Configure valid addresses for the host on ALS 1 (port 15) and the host on ALS 2 (port 20), and server in VLAN 30. - Configure tracking on all links to ISP. ISP(config)#interface serial 0/0 ISP(config-if)#ip address 192.168.1.2 255.255.255.252

    ISP(config-if)#clock rate 64000 ISP(config-if)#no shutdown ISP(config)#interface loopback 0 ISP(config-if)#ip address 200.200.200.200 255.255.255.0 Backup(config)#interface serial 0/0 Backup(config-if)#ip address 192.168.1.1 255.255.255.252 Backup(config-if)#no shutdown ALS1(config)#interface vlan 217 ALS1(config-if)#ip address 10.1.217.30 255.255.255.0 ALS1(config-if)#no shutdown ALS1(config)#ip default-gateway 10.1.217.1 ALS2(config)#interface vlan 217 ALS2(config-if)#ip address 10.1.217.40 255.255.255.0 ALS2(config-if)#no shutdown ALS2(config)#ip default-gateway 10.1.217.1 DLS2(config)#interface fastEthernet 0/22 DLS2(config-if)#switchport access vlan 30 DLS2(config-if)#switchport mode access

    Additional Requirements Configure Port sticky on all access ports, allowing a single user, and shut down if violated. DLS1(config)#interface range fastEthernet 0/1-2 , fastEthernet 0/8 - 24 DLS1(config-if-range)#switchport port-security mac-address sticky DLS1(config-if-range)#switchport port-security maximum 2 DLS1(config-if-range)#switchport port-security violation shutdown DLS1(config)#interface range gigabitEthernet 0/1 - 2 DLS1(config-if-range)#switchport port-security mac-address sticky DLS1(config-if-range)#switchport port-security maximum 2 DLS1(config-if-range)#switchport port-security violation shutdown DLS2(config)#interface range fastEthernet 0/1 - 2 , fastEthernet 0/8 - 24 DLS2(config-if-range)#switchport port-security mac-address sticky DLS2(config-if-range)#switchport port-security maximum 2 DLS2(config-if-range)#switchport port-security violation shutdown DLS2(config)#interface range gigabitEthernet 0/1 - 2 DLS2(config-if-range)#switchport port-security mac-address sticky DLS2(config-if-range)#switchport port-security maximum 2 DLS2(config-if-range)#switchport port-security violation shutdown ALS1(config)#interface range fastEthernet 0/1 - 2 , fastEthernet 0/9 - 14 ALS1(config-if-range)#switchport port-security mac-address sticky ALS1(config-if-range)#switchport port-security maximum 2 ALS1(config-if-range)#switchport port-security violation shutdown ALS1(config)#interface range fastEthernet 0/16 - 23 , gigabitEthernet 0/1 - 2 ALS1(config-if-range)#switchport port-security mac-address sticky ALS1(config-if-range)#switchport port-security maximum 2 ALS1(config-if-range)#switchport port-security violation shutdown ALS2(config)#interface range fastEthernet 0/1 - 2 , fastEthernet 0/9 - 19 ALS2(config-if-range)#switchport port-security mac-address sticky

    ALS2(config-if-range)#switchport port-security maximum 2 ALS2(config-if-range)#switchport port-security violation shutdown ALS2(config)#interface range fastEthernet 0/21 - 24 , gigabitEthernet 0/1 - 2 ALS2(config-if-range)#switchport port-security mac-address sticky ALS2(config-if-range)#switchport port-security maximum 2 ALS2(config-if-range)#switchport port-security violation shutdown

    Enable BPDU guard on all appropriate interfaces. !!!Done spanning-tree portfast bpduguard default

    Configure Portfast an all appropriate ports. !!!Done spanning-tree portfast default

    Place any ports not attached to a VLAN into VLAN 43 and place these interfaces in shutdown mode. DLS1(config)#vlan 43 DLS1(config-vlan)#name nouse DLS1(config)#spanning-tree mst configuration DLS1(config-mst)#instance 2 vlan 1, 30, 43, 150, 1002-1005 DLS1(config-mst)#exit DLS1(config)#interface range fastEthernet 0/1-2 , fastEthernet 0/8 - 24 DLS1(config-if-range)#switchport access vlan 43 DLS1(config-if-range)#shutdown DLS1(config)#interface range gigabitEthernet 0/1 - 2 DLS1(config-if-range)#switchport access vlan 43 DLS1(config-if-range)#shutdown DLS2(config)#spanning-tree mst configuration DLS2(config-mst)#instance 2 vlan 1, 30, 43, 150, 1002-1005 DLS2(config-mst)#exit DLS2(config)#interface range fastEthernet 0/1 - 2 , fastEthernet 0/8 - 21 DLS2(config-if-range)#switchport access vlan 43 DLS2(config-if-range)#shutdown DLS2(config)#interface range gigabitEthernet 0/1 - 2 DLS2(config-if-range)#switchport access vlan 43 DLS2(config-if-range)#shutdown ALS1(config)#spanning-tree mst configuration ALS1(config-mst)#instance 2 vlan 1, 30, 43, 150, 1002-1005 ALS1(config-mst)#exit ALS1(config)#interface range fastEthernet 0/1 - 2 , fastEthernet 0/9 ALS1(config-if-range)#switchport access vlan 43 ALS1(config-if-range)#shutdown ALS1(config)#interface range fastEthernet 0/23 , gigabitEthernet 0/1 - 2 ALS1(config-if-range)#switchport access vlan 43 ALS1(config-if-range)#shutdown

    ALS2(config)#spanning-tree mst configuration ALS2(config-mst)#instance 2 vlan 1, 30, 43, 150, 1002-1005 ALS2(config-mst)#exit ALS2(config)#interface range fastEthernet 0/1 - 2 , fastEthernet 0/9 ALS2(config-if-range)#switchport access vlan 43 ALS2(config-if-range)#shutdown ALS2(config)#interface range fastEthernet 0/23 - 24 , gigabitEthernet 0/1 - 2 ALS2(config-if-range)#switchport access vlan 43 ALS2(config-if-range)#shutdown

    Configure IP routing on DLS1 and DLS2, and use EIGRP, with automatic summarization disabled. DLS1(config)#router eigrp 1 DLS1(config-router)#no auto-summary DLS1(config-router)#network 10.0.0.0 DLS1(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.6 DLS2(config)#router eigrp 1 DLS2(config-router)#no auto-summary DLS2(config-router)#network 10.0.0.0 DLS2(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.10 Backup(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.2 ISP(config)#ip route 10.0.0.0 255.0.0.0 192.168.1.5 ISP(config)#ip route 10.0.0.0 255.0.0.0 192.168.1.9 10 ISP(config)#ip route 10.0.0.0 255.0.0.0 192.168.1.1 15 DLS1#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is 192.168.1.6 to network 0.0.0.0 10.0.0.0/24 is subnetted, 5 subnets 10.1.10.0 is directly connected, Vlan10 10.1.30.0 is directly connected, Vlan30 10.1.20.0 is directly connected, Vlan20 10.1.150.0 is directly connected, Vlan150 10.1.217.0 is directly connected, Vlan217 192.168.1.0/30 is subnetted, 1 subnets C 192.168.1.4 is directly connected, FastEthernet0/7 S* 0.0.0.0/0 [1/0] via 192.168.1.6 DLS1# DLS1#ping 200.200.200.200 C C C C C Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 200.200.200.200, timeout is 2 seconds: !!!!!

    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms DLS1# DLS2#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is 192.168.1.10 to network 0.0.0.0 10.0.0.0/24 is subnetted, 5 subnets 10.1.10.0 is directly connected, Vlan10 10.1.30.0 is directly connected, Vlan30 10.1.20.0 is directly connected, Vlan20 10.1.150.0 is directly connected, Vlan150 10.1.217.0 is directly connected, Vlan217 192.168.1.0/30 is subnetted, 1 subnets C 192.168.1.8 is directly connected, FastEthernet0/7 S* 0.0.0.0/0 [1/0] via 192.168.1.10 DLS2# DLS2#ping 200.200.200.200 C C C C C Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 200.200.200.200, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms DLS2# ALS1#show ip route Default gateway is 10.1.217.1 Host Gateway Last Use ICMP redirect cache is empty ALS1# ALS1#ping 200.200.200.200 Total Uses Interface

    Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 200.200.200.200, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms ALS1# ALS2#show ip route Default gateway is 10.1.217.1 Host Gateway Last Use ICMP redirect cache is empty ALS2# ALS2#ping 200.200.200.200 Total Uses Interface

    Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 200.200.200.200, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/202/1000 ms ALS2#

    Backup#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is 192.168.1.2 to network 0.0.0.0 10.0.0.0/24 is subnetted, 5 subnets 10.1.10.0 is directly connected, Ethernet0/0.10 10.1.30.0 is directly connected, Ethernet0/0.30 10.1.20.0 is directly connected, Ethernet0/0.20 10.1.150.0 is directly connected, Ethernet0/0.150 10.1.217.0 is directly connected, Ethernet0/0.217 192.168.1.0/30 is subnetted, 1 subnets C 192.168.1.0 is directly connected, Serial0/0 S* 0.0.0.0/0 [1/0] via 192.168.1.2 Backup# Backup#ping 200.200.200.200 C C C C C Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 200.200.200.200, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/29 ms Backup# ISP#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set C S 200.200.200.0/24 is directly connected, Loopback0 10.0.0.0/8 [1/0] via 192.168.1.5 192.168.1.0/30 is subnetted, 3 subnets C 192.168.1.8 is directly connected, Ethernet0/1 C 192.168.1.0 is directly connected, Serial0/0 C 192.168.1.4 is directly connected, Ethernet0/0 ISP#

    Enable QoS globally on all switches. DLS1(config)#mls qos DLS1(config)#interface range fastEthernet 0/3 - 6 DLS1(config-if-range)#auto qos voip trust DLS2(config)#mls qos DLS2(config)#interface range fastEthernet 0/3 - 6 DLS2(config-if-range)#auto qos voip trust On ALS1 and ALS2, configure access ports to trust Cisco IP phones for QoS. Use VLAN 150 as the voice VLAN.

    ALS1(config)#interface fastEthernet 0/15 ALS1(config-if)#switchport access vlan 20 ALS1(config-if)#switchport voice vlan 150 ALS1(config-if)#auto qos voip cisco-phone ALS2(config)#interface fastEthernet 0/20 ALS2(config-if)#switchport access vlan 20 ALS2(config-if)#switchport voice vlan 150 ALS2(config-if)#auto qos voip cisco-phone Final Configurations DLS1: service password-encryption ! hostname DLS1 ! enable secret cisco ! mls qos ! ip routing ! no ip domain-lookup ! spanning-tree mode mst spanning-tree portfast default spanning-tree portfast bpduguard default ! spanning-tree mst configuration name CISCO revision 1 instance 1 vlan 10, 20, 217 instance 2 vlan 1, 30, 43, 150, 1002-1005 ! spanning-tree mst 1 priority 24576 spanning-tree mst 2 priority 28672 ! interface Port-channel3 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/1 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface FastEthernet0/2 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface FastEthernet0/3 switchport trunk encapsulation dot1q switchport mode trunk auto qos voip trust channel-group 3 mode desirable !

    interface FastEthernet0/4 switchport trunk encapsulation dot1q switchport mode trunk auto qos voip trust channel-group 3 mode desirable ! interface FastEthernet0/5 switchport trunk encapsulation dot1q switchport mode trunk auto qos voip trust ! interface FastEthernet0/6 switchport trunk encapsulation dot1q switchport mode trunk auto qos voip trust ! interface FastEthernet0/7 no switchport ip address 192.168.1.5 255.255.255.252 ! interface FastEthernet0/8 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface FastEthernet0/9 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface FastEthernet0/10 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface FastEthernet0/11 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface FastEthernet0/12 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface FastEthernet0/13 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky

    shutdown ! interface FastEthernet0/14 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address shutdown ! interface FastEthernet0/15 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address shutdown ! interface FastEthernet0/16 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address shutdown ! interface FastEthernet0/17 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address shutdown ! interface FastEthernet0/18 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address shutdown ! interface FastEthernet0/19 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address shutdown ! interface FastEthernet0/20 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address shutdown ! interface FastEthernet0/21 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address shutdown ! interface FastEthernet0/22 switchport access vlan 43

    sticky

    sticky

    sticky

    sticky

    sticky

    sticky

    sticky

    sticky

    switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface FastEthernet0/23 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface FastEthernet0/24 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface GigabitEthernet0/1 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface GigabitEthernet0/2 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface Vlan1 no ip address ! interface Vlan10 ip address 10.1.10.10 255.255.255.0 standby 10 ip 10.1.10.1 standby 10 priority 105 standby 10 preempt standby 10 track FastEthernet0/7 ! interface Vlan20 ip address 10.1.20.10 255.255.255.0 standby 20 ip 10.1.20.1 standby 20 priority 105 standby 20 preempt standby 20 track FastEthernet0/7 ! interface Vlan30 ip address 10.1.30.10 255.255.255.0 ! interface Vlan150 ip address 10.1.150.10 255.255.255.0 ! interface Vlan217 ip address 10.1.217.10 255.255.255.0 standby 217 ip 10.1.217.1 standby 217 priority 105

    standby 217 preempt standby 217 track FastEthernet0/7 ! ! router eigrp 1 no auto-summary network 10.0.0.0 ! ip route 0.0.0.0 0.0.0.0 192.168.1.6 ! line con 0 exec-timeout 0 0 password cisco logging synchronous ! end

    DLS2: service password-encryption ! hostname DLS2 ! enable secret cisco ! mls qos ! ip routing ! no ip domain-lookup ! spanning-tree mode mst spanning-tree portfast default spanning-tree portfast bpduguard default ! spanning-tree mst configuration name CISCO revision 1 instance 1 vlan 10, 20, 217 instance 2 vlan 1, 30, 43, 150, 1002-1005 ! spanning-tree mst 1 priority 28672 spanning-tree mst 2 priority 24576 ! interface Port-channel4 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/1 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface FastEthernet0/2 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown

    ! interface FastEthernet0/3 switchport trunk encapsulation dot1q switchport mode trunk auto qos voip trust channel-group 4 mode desirable ! interface FastEthernet0/4 switchport trunk encapsulation dot1q switchport mode trunk auto qos voip trust channel-group 4 mode desirable ! interface FastEthernet0/5 switchport trunk encapsulation dot1q switchport mode trunk auto qos voip trust ! interface FastEthernet0/6 switchport trunk encapsulation dot1q switchport mode trunk auto qos voip trust ! interface FastEthernet0/7 no switchport ip address 192.168.1.9 255.255.255.252 ! interface FastEthernet0/8 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface FastEthernet0/9 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface FastEthernet0/10 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface FastEthernet0/11 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface FastEthernet0/12 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky

    shutdown ! interface FastEthernet0/13 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address shutdown ! interface FastEthernet0/14 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address shutdown ! interface FastEthernet0/15 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address shutdown ! interface FastEthernet0/16 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address shutdown ! interface FastEthernet0/17 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address shutdown ! interface FastEthernet0/18 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address shutdown ! interface FastEthernet0/19 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address shutdown ! interface FastEthernet0/20 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address shutdown ! interface FastEthernet0/21 switchport access vlan 43

    sticky

    sticky

    sticky

    sticky

    sticky

    sticky

    sticky

    sticky

    switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface FastEthernet0/22 switchport access vlan 30 switchport mode access switchport port-security maximum 2 switchport port-security mac-address sticky ! interface FastEthernet0/23 switchport access vlan 30 switchport mode access switchport port-security maximum 2 switchport port-security mac-address sticky ! interface FastEthernet0/24 switchport access vlan 30 switchport mode access switchport port-security maximum 2 switchport port-security mac-address sticky ! interface GigabitEthernet0/1 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface GigabitEthernet0/2 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface Vlan1 no ip address ! interface Vlan10 ip address 10.1.10.20 255.255.255.0 ! interface Vlan20 ip address 10.1.20.20 255.255.255.0 ! interface Vlan30 ip address 10.1.30.20 255.255.255.0 standby 30 ip 10.1.30.1 standby 30 priority 105 standby 30 preempt standby 30 track FastEthernet0/7 ! interface Vlan50 ip address 10.1.50.20 255.255.255.0 ! interface Vlan150 ip address 10.1.150.20 255.255.255.0 standby 150 ip 10.1.150.1 standby 150 priority 105

    standby 150 preempt standby 150 track FastEthernet0/7 ! interface Vlan217 ip address 10.1.217.20 255.255.255.0 ! ! router eigrp 1 no auto-summary network 10.0.0.0 ! ip route 0.0.0.0 0.0.0.0 192.168.1.10 ! line con 0 exec-timeout 0 0 password cisco logging synchronous ! end

    ASL1: service password-encryption ! hostname ALS1 ! enable secret cisco ! no ip domain-lookup ! mls qos ! spanning-tree mode mst spanning-tree portfast default spanning-tree portfast bpduguard default ! spanning-tree mst configuration name CISCO revision 1 instance 1 vlan 10, 20, 217 instance 2 vlan 1, 30, 43, 150, 1002-1005 ! interface Port-channel1 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/1 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface FastEthernet0/2 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface FastEthernet0/3

    switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode desirable ! interface FastEthernet0/4 switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode desirable ! interface FastEthernet0/5 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/6 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/7 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/8 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/9 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface FastEthernet0/10 switchport access vlan 10 switchport mode access switchport port-security maximum 2 switchport port-security mac-address sticky ! interface FastEthernet0/11 switchport access vlan 10 switchport mode access switchport port-security maximum 2 switchport port-security mac-address sticky ! interface FastEthernet0/12 switchport access vlan 10 switchport mode access switchport port-security maximum 2 switchport port-security mac-address sticky ! interface FastEthernet0/13 switchport access vlan 10 switchport mode access switchport port-security maximum 2 switchport port-security mac-address sticky ! interface FastEthernet0/14 switchport access vlan 20 switchport mode access switchport port-security maximum 2

    switchport port-security mac-address sticky ! interface FastEthernet0/15 switchport access vlan 20 switchport mode access switchport voice vlan 150 mls qos trust device cisco-phone auto qos voip cisco-phone ! interface FastEthernet0/16 switchport access vlan 20 switchport mode access switchport port-security maximum 2 switchport port-security mac-address sticky ! interface FastEthernet0/17 switchport access vlan 20 switchport mode access switchport port-security maximum 2 switchport port-security mac-address sticky ! interface FastEthernet0/18 switchport access vlan 20 switchport mode access switchport port-security maximum 2 switchport port-security mac-address sticky ! interface FastEthernet0/19 switchport access vlan 20 switchport mode access switchport port-security maximum 2 switchport port-security mac-address sticky ! interface FastEthernet0/20 switchport access vlan 20 switchport mode access switchport port-security maximum 2 switchport port-security mac-address sticky ! interface FastEthernet0/21 switchport access vlan 20 switchport mode access switchport port-security maximum 2 switchport port-security mac-address sticky ! interface FastEthernet0/22 switchport access vlan 20 switchport mode access switchport port-security maximum 2 switchport port-security mac-address sticky ! interface FastEthernet0/23 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface FastEthernet0/24 switchport trunk encapsulation dot1q

    switchport mode trunk ! interface GigabitEthernet0/1 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface GigabitEthernet0/2 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface Vlan1 no ip address ! interface Vlan217 ip address 10.1.217.30 255.255.255.0 ! ip default-gateway 10.1.217.1 ! line con 0 exec-timeout 0 0 password cisco logging synchronous ! end

    ALS2: service password-encryption ! hostname ALS2 ! enable secret cisco ! mls qos ! no ip domain-lookup ! spanning-tree mode mst spanning-tree portfast default spanning-tree portfast bpduguard default ! spanning-tree mst configuration name CISCO revision 1 instance 1 vlan 10, 20, 217 instance 2 vlan 1, 30, 43, 150, 1002-1005 ! interface Port-channel2 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/1 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2

    switchport port-security mac-address sticky shutdown ! interface FastEthernet0/2 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface FastEthernet0/3 switchport trunk encapsulation dot1q switchport mode trunk channel-group 2 mode desirable ! interface FastEthernet0/4 switchport trunk encapsulation dot1q switchport mode trunk channel-group 2 mode desirable ! interface FastEthernet0/5 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/6 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/7 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/8 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/9 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface FastEthernet0/10 switchport access vlan 10 switchport mode access switchport port-security maximum 2 switchport port-security mac-address sticky ! interface FastEthernet0/11 switchport access vlan 10 switchport mode access switchport port-security maximum 2 switchport port-security mac-address sticky ! interface FastEthernet0/12 switchport access vlan 10 switchport mode access switchport port-security maximum 2 switchport port-security mac-address sticky

    ! interface FastEthernet0/13 switchport access vlan 10 switchport mode access switchport port-security maximum 2 switchport port-security mac-address ! interface FastEthernet0/14 switchport access vlan 20 switchport mode access switchport port-security maximum 2 switchport port-security mac-address ! interface FastEthernet0/15 switchport access vlan 20 switchport mode access switchport port-security maximum 2 switchport port-security mac-address ! interface FastEthernet0/16 switchport access vlan 20 switchport mode access switchport port-security maximum 2 switchport port-security mac-address ! interface FastEthernet0/17 switchport access vlan 20 switchport mode access switchport port-security maximum 2 switchport port-security mac-address ! interface FastEthernet0/18 switchport access vlan 20 switchport mode access switchport port-security maximum 2 switchport port-security mac-address ! interface FastEthernet0/19 switchport access vlan 20 switchport mode access switchport port-security maximum 2 switchport port-security mac-address ! interface FastEthernet0/20 switchport access vlan 20 switchport mode access switchport voice vlan 150 mls qos trust device cisco-phone auto qos voip cisco-phone ! interface FastEthernet0/21 switchport access vlan 20 switchport mode access switchport port-security maximum 2 switchport port-security mac-address ! interface FastEthernet0/22 switchport access vlan 20 switchport mode access switchport port-security maximum 2

    sticky

    sticky

    sticky

    sticky

    sticky

    sticky

    sticky

    sticky

    switchport port-security mac-address sticky ! interface FastEthernet0/23 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface FastEthernet0/24 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface GigabitEthernet0/1 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface GigabitEthernet0/2 switchport access vlan 43 switchport mode dynamic desirable switchport port-security maximum 2 switchport port-security mac-address sticky shutdown ! interface Vlan1 no ip address ! interface Vlan217 ip address 10.1.217.40 255.255.255.0 ! ip default-gateway 10.1.217.1 ! line con 0 exec-timeout 0 0 password cisco logging synchronous ! end

    Backup: service password-encryption ! hostname Backup ! enable secret 5 cisco ! no ip domain lookup ! interface Ethernet0/0 no ip address no shutdown ! interface Ethernet0/0.10 encapsulation dot1Q 10

    ip address 10.1.10.50 255.255.255.0 standby 10 ip 10.1.10.1 standby 10 preempt standby 10 track Serial0/0 ! interface Ethernet0/0.20 encapsulation dot1Q 20 ip address 10.1.20.50 255.255.255.0 standby 20 ip 10.1.20.1 standby 20 preempt standby 20 track Serial0/0 ! interface Ethernet0/0.30 encapsulation dot1Q 30 ip address 10.1.30.50 255.255.255.0 standby 30 ip 10.1.30.1 standby 30 preempt standby 30 track Serial0/0 ! interface Ethernet0/0.150 encapsulation dot1Q 150 ip address 10.1.150.50 255.255.255.0 standby 150 ip 10.1.150.1 standby 150 preempt standby 150 track Serial0/0 ! interface Ethernet0/0.217 encapsulation dot1Q 217 ip address 10.1.217.50 255.255.255.0 standby 217 ip 10.1.217.1 standby 217 preempt standby 217 track Serial0/0 ! interface Serial0/0 ip address 192.168.1.1 255.255.255.252 no shutdown ! ip route 0.0.0.0 0.0.0.0 192.168.1.2 ! line con 0 exec-timeout 0 0 password cisco logging synchronous line aux 0 line vty 0 4 login ! end

    ISP: service password-encryption ! hostname ISP ! enable secret cisco ! ip subnet-zero ! no ip domain lookup !

    interface Loopback0 ip address 200.200.200.200 255.255.255.0 ! interface Ethernet0/0 ip address 192.168.1.6 255.255.255.252 no shutdown ! interface Serial0/0 ip address 192.168.1.2 255.255.255.252 clock rate 64000 no shutdown ! interface Ethernet0/1 ip address 192.168.1.10 255.255.255.252 no shutdown ! ip route 10.0.0.0 255.0.0.0 192.168.1.5 ip route 10.0.0.0 255.0.0.0 192.168.1.9 10 ip route 10.0.0.0 255.0.0.0 192.168.1.1 15 ! line con 0 exec-timeout 0 0 password cisco logging synchronous ! end

    Das könnte Ihnen auch gefallen