Sie sind auf Seite 1von 4

Lab 7-3, Voice and Security in a Switched Network - Case Study

Instructor Version Topology Objectives


Plan, design, and implement the International Travel Agency switched network as shown in the diagram and described below. Implement the design on the lab set of switches. Verify that all configurations are operational and functioning according to the guidelines. Note: This lab uses Cisco WS-C2960-24TT-L with the Cisco IOS image c2960-lanbasek9-mz.122-46.SE.bin and Catalyst 3560-24PS with the Cisco IOS image c3560-advipservicesk9-mz.122-46.SE.bin. Other switches (such as 2950 or 3550), and Cisco IOS Software versions can be used if they have comparable capabilities and features. Depending on the switch model and Cisco IOS Software version, the commands available and output produced might vary from what is shown in this lab.

Required Resources

2 switches (Cisco 2960 with the Cisco IOS Release 12.2(46)SE C2960-LANBASEK9-M image or comparable) 2 switches (Cisco 3560 with the Cisco IOS Release 12.2(46)SE C3560-advipservicesk9-mz image or comparable) Console and Ethernet cables

Requirements The International Travel Agency has two distribution switches, DLS1 and DLS2, and two access layer switches, ALS1 and ALS2. Configure the switches as follows: CCNP SWITCH Lab Manual 181 1. Disable the links between the access layer switches.
ALS1 & ALS2 > interface range fa0/11 12 >shut down

2. Place all switches in the VTP domain CISCO and set them all to VTP mode transparent.
ALS1,ALS2 & DLS1,DLS2> vtp domain CISCO > vtp mode transparent

3. Configure all inter-switch links statically as 802.1q trunk links.


DLS1 Interface range fa0/7 12 Switchport trunk encapsulation dot1q Switchport mode trunk no shut DLS2 Interface range fa0/7 12 Switchport trunk encapsulation dot1q Switchport mode trunk No shut

ALS1 Interface range fa0/7 12 Switchport trunk encapsulation dot1q Switchport mode trunk No shut ALS2

Interface range fa0/7 12 Switchport trunk encapsulation dot1q Switchport mode trunk no shut

4. Create VLANs 10 and 200 on all switches. Configure DLS1 and DLS2 SVIs in VLAN 10 and assign addresses in the 172.16.10.0/24 subnet.
ALS1 >vlan 10 >exit >vlan 200 >exit ALS2 >vlan 10 >exit >vlan 200 >exit DLS1 >vlan 10 >exit >vlan 200 >exit >int vlan 10 >ip add 172.16.10.11 255.255.255.0 >no shut DLS2 >vlan 10 >exit >vlan 200 >exit >int vlan 200 >ip add 172.16.10.12 >no shut

255.255.255.0

5. Configure DLS1 and DLS2 to use HSRP on the 172.16.10.0/24 subnet. Make DLS1 the primary gateway, and enable preemption on both switches.
(PRIMARY) DLS1> ip routing >Int vlan 10 >standby 1preempt ip 172.16.10.1 > standby 1preempt >standby 1 priority 150 >exit DLS2> ip routing >Int vlan 10 >standby 1 ip 172.16.10.1 >standby 1preempt

>standby 1 priority 100 >exit

6. Place ports Fa0/15 through Fa0/20 in VLAN 10 on both access layer switches. 7. Enable PortFast on all access ports.
ALS1 >int range fa0/15 20 >switchport mode access >switchport access vlan 10 >spanning-tree portfast >int range fa0/15 20 >switchport mode access >switchport access vlan 10 >spanning-tree portfast

ALS2

8. Enable QoS on all switches involved in the scenario.


>auto qos voip cisco-phone

9. Configure ALS1 Fa0/15 and F0/16 for use with Cisco IP phones with a voice VLAN of 200 and trust the IP phone CoS markings using AutoQoS.
ALS1 > int range fa0/15 16 >switchport mode access >switchport access vlan 10 >switchport voice vlan 200 >auto qos voip cisco-phone > int range fa0/15 16 >switchport mode access >switchport access vlan 10 >switchport voice vlan 200 >auto qos voip cisco-phone ALS1# show mls qos int fa0/15 ALS1# show run interface fa0/15 > mls qos >int range fa0/7 12 >auto qos voip trust > mls qos >int range fa0/7 12 >auto qos voip trust show auto qos interface Show mls qos interface fa0/7

ALS2

Verify:

DLS1

DLS2

Verify:

10. Configure ALS1 Fa0/18 through Fa0/20 for port security. Allow only up to three MAC addresses to be learned on each port and then drop any traffic from other MAC addresses and set the violate mode to Protect. ALS1> int range fa0/18 20
>switchport mode access >switchport port- security >switchport port-security maximum 3 >switchport port-security violation {protect}

11. Configure ALS2 Fa0/18 to only allow the MAC address 1234.1234.1234 and to shut down if a violation occurs.
Notes:
_______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________