You are on page 1of 392

SWITCH

Implementing Cisco
IP Switched Networks
Version 1.0

Fast lane Lab Guide
Version 1.0.4

Fast Lane Institute for Knowledge Transfer GmbH
Oranienburgerstr. 66, 10117 Berlin
www.flane.de info@flane.de

SWITCH

Lab Guide
Overview
This guide presents the instructions and other information concerning the lab activities for the
course. Hints are provided at the end of each lab. Ending configurations for each lab are provided
at the end of the Lab Guide.

Outline
This guide includes these activities:
„

Lab 1-1: New Hire Test

„

Lab 2-1: Design and Implement VLANs, Trunks, and EtherChannel

„

Lab 2-2: Troubleshoot Common VLAN Configuration and Security Issues

„

Lab 2-3: Implement Private VLANs

„

Lab 3-1: Implement Multiple Spanning Tree

„

Lab 3-2: Implement PVRST+

„

Lab 3-3: Troubleshoot Spanning Tree Issues

„

Lab 4-1: Implement Inter-VLAN Routing

„

Lab 4-2: Troubleshoot Inter-VLAN Routing

„

Lab 5-1: Implement High Availability and Reporting in a Network Design

„

Lab 6-1: Implement and Tune HSRP

„

Lab 6-2: Implement VRRP

„

Lab 7-1: Secure Network Switches to Mitigate Security Attacks

„

Lab 8-1: Plan Implementation and Verification of VoIP in a Campus Network

„

Lab 9-1: Integrate Wireless in the Campus

Lab 1-1: New Hire Test
Complete this lab activity to confirm and refresh your skills from Interconnecting Cisco
Networking Devices Part 1 (ICND1) and Interconnecting Cisco Networking Devices Part 2
(ICND2).

Activity Objective
You are a Cisco CCNA®, and you are at a job interview. The hiring manager hands you a packet
of information, leads you to a terminal, and simply says, “Implement this.” Your task is to plan
the implementation, then effectively configure the lab devices as per the given specifications
before verifying that your configuration fulfills the requirements. Carefully read the “Information
Packet Materials” section on the following pages, and proceed through the lab to establish an
implementation requirements list, create an implementation and verification plan, and then
configure the lab devices as per the specifications. Do not forget to verify and document your
verifications, as the job interview results will depend on your implementation of the solution.
After completing this activity, you will be able to meet these objectives:

2

„

Prepare basic configuration templates for your switches

„

Explore the remote lab device connections

„

Deploy configuration templates to your switches

„

Verify your configurations according to the verification plan you created

Implementing Cisco Switched Networks (SWITCH) v1.0

© 2009 Cisco Systems, Inc.

Information Packet Materials
This section contains the information that was given to you by the hiring manager at your
interview, and includes the information needed to accomplish in this activity. Read it carefully.
The Information Packet Materials describe the requirements common to all devices in the
network, along with information specific to each device.

Implementation Policy
The company has a large network. It is clearly stated that some settings must be consistent from
one networking device to the next. The following list details the initial configuration
requirements for all switches that will be connected to the company network. Your configuration
must be consistent with these requirements:
„

All switches must have a hostname. Hostnames are unique and must match the switch
designation on the network diagram displayed in the following pages.

„

Telnet is allowed to all possible vty interfaces and must be configured.

„

Initial console access does not need to be protected by a password. Vty access and the enable
password must be protected by a password.

„

All passwords are “cisco.”

„

Terminal idle timeout must be set to 0 (unlimited).

„

The logging synchronous command should be used so that logging messages appearing on
the console of each switch do not disturb commands that are being entered.

„

Log messages should appear with a time stamp.

„

Time should be configured on the switches to match the current time in your class.

„

Commands entered incorrectly should not cause the switches to attempt to resolve the entry
as a DNS name.

„

Unless stated otherwise, the speed and duplex settings for all interfaces must be left to auto.

„

All unused interfaces must be set to shutdown.

„

All devices must have an IP address so that they can be managed remotely.

„

Client1 is connected to interface fa0/3 on switch ASW1 ( logical port P3 )

„

Client2 is connected to interface fa0/3 on switch ASW2 ( logical port P3 )

© 2009 Cisco Systems, Inc.

Lab Guide

3

Device Information
The table provides the information specific to each device in the network:
Device Name

Role

IP Address

Gateway

VLAN

ASW1

Layer 2 access switch

10.1.1.1/24

10.1.1.251

1

ASW2

Layer 2 access switch

10.1.1.2/24

10.1.1.252

1

DSW1

Layer 3 switch

10.1.1.11/24

10.1.1.251

1

DSW2

Layer 3 switch

10.1.1.22/24

10.1.1.252

1

CSW1

Layer 3 switch

10.1.1.111/24

10.1.1.251

1

CSW2

Layer 3 switch

10.1.1.222/24

10.1.1.252

1

R1

Router

Fa0/0: 10.1.1.251/24

1

R2

Router

Fa0/0: 10.1.1.252/24

1

During the implementation process you must determine, for each switch, which port connects to
which neighbor. The ports represented on each device connection in the Visual Objective are
generic ports. Each port can represent one or several physical interfaces. When implementing
your solution in Task 3, use the “Pod Physical Ports Map” table, available at the end of this Lab
Guide, to document the physical interfaces used in your pod, and report this information on the
large network diagram for this lab (Lab 1-1), which is also available at the end of this Lab Guide.
You will use this information throughout the labs.

4

Implementing Cisco Switched Networks (SWITCH) v1.0

© 2009 Cisco Systems, Inc.

Visual Objective
The figure illustrates what you will accomplish in this activity.

Visual Objective for Lab 1-1: New Hire Test

© 2009 Cisco Systems, Inc. All rights reserved.

SWITCH v1.0—3

You can use the large version of the Visual Objective, which is available at the end of this Lab
Guide, to write notes on the diagram.

© 2009 Cisco Systems, Inc.

Lab Guide

5

line [aux | console | vty] beginningline-number [ending-line-number] Modifies console. and virtual terminal settings. Inc. however.. These default routers are listed in order of preference. copy running-config startupconfig Saves your entries in the configuration file. password password Assigns a password to a terminal or other device on a line. address2 is the next most preferred router. that is. address8] (Optional) Specifies the IP address of the default router for a DHCP client.0 © 2009 Cisco Systems. The IP address should be on the same subnet as the client. clock set hh:mm [:ss] month day year Manually sets the clock on the device. address is the most preferred router. interface range fastethernet | gigabitethernet slot/starting_port ending_port Specifies the range of interfaces (VLANs or physical ports) configured. and so on. logging synchronous Enables synchronous logging of messages. no ip domain-lookup Disables DNS-based hostname-to-address translation on the switch. interface fastethernet | gigabitethernet slot/port Enters interface configuration mode for a Cisco Catalyst switch with a Fast Ethernet or Gigabit Ethernet interface installed. duplex {auto | full | half} Sets the duplex parameter for the interface. login Enables password checking at login. and enters interface-range configuration mode. you can specify up to eight IP addresses in one command line. One IP address is required. 6 Command Description configure terminal Enters global configuration mode. from privileged EXEC mode. interface vlan 1 Enters interface configuration mode. domain-name domain Specifies the domain name for the client. ip address ip address subnet-mask Sets the IP address and subnet mask. exit Exits the current mode. logging console Enables message logging. hostname hostname Manually configures a system name. . Implementing Cisco Switched Networks (SWITCH) v1. enable secret password Sets the privileged EXEC mode command interpreter.. description description Adds a description (up to 240 characters) for an interface. ip default-gateway Defines a default gateway (router) when IP routing is disabled. default-router address [address2 . no shutdown Brings up an interface.Command List The table describes the commands that are used in this activity. aux. exec-timeout 0 0 Sets the idle terminal timeout interval. and enters the VLAN to which the IP information is assigned.

show interfaces fastethernet mod/port switchport Displays administrative and operational status of switching (nonrouting) ports. capabilities. or 1000 to set a specific speed for the interface. telnet ip-address Uses Telnet to connect to an IP address. service timestamps log uptime Enables time stamps on log messages. SFP module ports operate only at 1000 Mb/s. including device type. holdtime settings. If you use the 10. 100. time in milliseconds relative to the local time zone. Enter auto to enable the interface to autonegotiate speed with the connected device. The nonegotiate keyword is available only for SFP module ports. or the 1000 keywords with the auto keyword. 100. Inc. show running-config Verifies your entries. The 1000 keyword is available only for 10/100/1000 Mb/s ports.ping ip-address Sends an ICMP echo request to an IP address. Depending on the options selected. Job Aids These are the job aids for this lab activity: Value Location Blank implementation requirements list Task 1 Blank implementation and verification plan form Task 2 Blank verification notes form Task 3 Alternate resources and solutions form End of this lab Key commands and tools used form End of this lab Implementation requirements hints “Hints” section at the end of this lab Implementation plan hints “Hints” section at the end of this lab Verification plan hints “Hints” section at the end of this lab Solution configuration answer key (step-bystep procedure) Configuration section at the end of this lab © 2009 Cisco Systems. service timestamps log datetime [msec] [localtime][show-timezone] Enables time stamps on log messages. showing the time since the system was rebooted. Lab Guide 7 . speed {10 | 100 | 1000 | auto [10 | 100 | 1000] | nonegotiate} Sets the appropriate speed parameter for the interface: Enter 10. but can be configured not to negotiate if connected to a device that does not support autonegotiation. shutdown Shuts down an interface. and port ID. interface type and number. and the time zone name. the port autonegotiates only at the specified speeds. show cdp neighbors [interface-id] [detail] Displays Cisco Discovery Protocol information about neighbors. the time stamp can include the date. show interfaces status Displays interface status. platform.

etc.0 Information Source © 2009 Cisco Systems. device names. trunk encapsulation types. . password values. use the information provided in the “Hints” section at the end of this lab. the Visual Objective for this lab. Device 8 High-Level Task Implementing Cisco Switched Networks (SWITCH) v1. Include the high-level implementation tasks needed for each device and how to obtain the information required for each task. and the information in the “Implementation Policy” and “Device Information” sections to create an Implementation Requirements list. If you are unsure. Use the following table.). Inc.Task 1: Establish an Implementation Requirements List The first step in your configuration deployment is to create a list of the items needed to configure each device (for example.

Use the following table and the “Information Packet Materials” section to create the Implementation and Verification Plan.Task 2: Create an Implementation and Verification Plan The second step in your configuration deployment is to create a task list that includes each item that must be configured on each device and in what order the items must be configured. The Implementation and Verification Plan is very important because it enables you to ensure that all requirements are properly configured and in the correct order. Use the plan to determine how you will verify that each required item was effectively configured. Inc. You will move to the actual implementation in the next task. Device Implementation Order Values and Items to Implement Verification Method and Expected Results Lab Guide 9 . The task will help you set up configuration checkpoints. If you are unsure. use the information provided in the “Hints” section at the end of this lab. Complete √ © 2009 Cisco Systems.

.Complete √ 10 Device Implementation Order Implementing Cisco Switched Networks (SWITCH) v1. Inc.0 Values and Items to Implement Verification Method and Expected Results © 2009 Cisco Systems.

you are ready to connect to the remote lab. Once your solution is implemented. Your ability to implement the solution according to the specifications given to you by the hiring manager will determine whether or not you get the job. Inc. a network specialist will verify your configuration.Task 3: Implement and Verify Now that you have all of the requirements and have planned the implementation. Lab Guide 11 . Do not forget to save. © 2009 Cisco Systems. verify that your configuration is working and that it fulfills the requirements specified by the hiring manager. You can then implement your solution. Keep in mind that once you leave the company.

Inc.Student Notes Use the following space to document the details that you think are important to remember. .0 © 2009 Cisco Systems. __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 12 Implementing Cisco Switched Networks (SWITCH) v1.

Lab Guide 13 .__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems. Inc.

Possible solutions will be discussed during the debriefing period after the lab. Inc. use the following space to document other possible solutions. __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 14 Implementing Cisco Switched Networks (SWITCH) v1. .0 © 2009 Cisco Systems. For your reference.Alternate Resources and Solutions Other groups may use a solution that is different from yours.

Lab Guide 15 . Inc.__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems.

0 © 2009 Cisco Systems. .Lab 1-1: Key Commands and Tools Used __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 16 Implementing Cisco Switched Networks (SWITCH) v1. Inc.

if you need help. line vty 0 15 password “cisco” Implementation Policy Log in on line vty 0 15 Implementation Policy VLAN 1 IP address Device Information Gateway Device Information Idle timeout set to 0 Implementation Policy Log messages on the console. Lab 1-1 Hint Sheet: New Hire Test Implementation Requirements To facilitate the configuration of your network. “Pod Physical Ports Map” table at the end of this Lab Guide Hostname Visual Objective Enable. Lab Guide 17 . the Task 1 asks you to create an Implementation Requirements list. The following is an example of such a list: Device Implementation Requirement Lab 1-1 Section Containing Hint All switches Neighbor list and connected ports show cdp neighbor in Command List.Hints You are encouraged to complete the labs using your knowledge. this section contains a series of hints to help you complete the lab. Inc. “Pod Physical Ports Map” table at the end of this Lab Guide © 2009 Cisco Systems. The list details the elements needed to develop an implementation plan. However. with a time stamp Implementation Policy Current time in the class Implementation Policy No DNS lookup Implementation Policy Unused interfaces shutdown Show cdp neighbor in Command List.

4 √ Per switch 6 Verify neighbor ports. 2 √ Per switch 2 Configure hostname. 3 √ Per switch 4 Configure switch gateway. Complete Device Implementation Order Values and Items to Implement Step Number √ All 1 Paste Common_Template. 5 √ Per switch 7 Shut down unused ports. The common template could be named “Common_Template. Inc. . you will create an implementation plan.Implementation Plan In Task 2. such as IP addresses or gateways. 7 √ Per switch 9 Verify configuration. copied and pasted as appropriate.0 © 2009 Cisco Systems.” created in a text editor. 6 √ Per switch 8 Verify connectivity to the gateway. One possible approach groups items that are common to all switches in a template and then applies the template to all switches. 8 √ 18 Implementing Cisco Switched Networks (SWITCH) v1. 3 √ Per switch 3 Configure VLAN 1 IP address. You can then configure each switch with items that are unique to each device. and could contain the following items: „ enable secret cisco „ no ip domain-lookup „ line con 0 „ exec-timeout 0 0 „ logging synchronous „ line vty 0 15 „ password cisco „ login „ service timestamp log datetime An example of the implementation plan is shown in this table. 3 √ Per switch 5 Configure current time and date. There are several possible correct solutions.

10 √ Configure default gateway The show running-config command should show the gateway information.Verification Plan Complete Device Values and Items to Implement Verification Method and Expected Results Step Number All Paste Common_Template Verify enable secret. its success shows that the template was successfully implemented. 8 √ Configure VLAN 1 IP address The show ip interface brief command should display the right address. the ping should be successful. As this is the first line of the template. Lab Guide 19 . As an extra verification. its correct value indicates that the first part of the script was pasted properly. 12 √ Shut unused ports Use the show cdp neighbors command to display neighbors and ports. 11 √ Configure time and date Show clock. 7 √ √ © 2009 Cisco Systems. Pings should be successful. 9 √ Configure Hostname Prompt should display the switch name. ping the other switches. 8 √ Paste Common_Template Verify while pasting the template that no error is reported. Inc. You can verify no ip domain lookup by using show running-config or by entering a bogus command and verifying that the switch does not attempt DNS resolution. 6 √ Verify connectivity Ping the default gateway. and show running-config to verify that the other ports are shut. Because this is the last line of the template. 2 √ Paste Common_Template Verify the implementation of no ip domain-lookup.

255. using the configure terminal command.255. Paste the Common_Template file into the console. Inc.0 © 2009 Cisco Systems. „ Access the Switch console.251 end The information in italics is specific to switch ASW1. „ Enter privilege mode. „ Connect to the remote lab. Verify as you paste that no error message is reported.1. Step 4 Configure the current time and date on the switch. using the enable command.1. Use the command clock set. Use the “Device Information” table in the “Information Packet Materials” section to find the relevant name and IP information for each switch.1 255. Step 2 Create a notepad text file named Common_template and containing the lines: „ enable secret cisco „ no ip domain-lookup „ service timestamp log datetime „ line con 0 „ exec-timeout 0 0 „ logging synchronous „ line vty 0 15 „ password cisco „ login Paste the Common_Template file content into the console. Step 3 Configure the switch hostname and IP information. „ Enter configuration mode. for example: clock set 10:06:39 08 Aug 2009 20 Implementing Cisco Switched Networks (SWITCH) v1.1.0 exit ip default-gateway 10. Use these commands. for example in switch ASW1: hostname ASW1 interface VLAN 1 ip address 10. .1.Step-by-Step Procedure Step 1 Connect to the switch interface in configuration mode.

251 type escape sequence to abort.Fas 0/7 R S I WS-C3560. I . Step 6 Shut down all ports except links to neighbors: configure terminal interface range f0/4 – 8 shutdown interface gi0/1 shutdown end This example applies to switch ASW1.Step 5 Verify neighbor and connecting ports using Cisco Discovery Protocol. timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5).251 Step 12 Verify time: show clock 16:26:43. round-trip min/avg/max = 1/3/8 ms Step 8 Verify enable password and hostname (using prompt): ASW1#disable ASW1>enable Password: cisco ASW1# Step 9 Verify no ip domain-lookup.1. switches DSW2 and DSW1. which links to switch DSW2 interface f0/7. 100-byte ICMP Echos to 10. H .545 eastern Sat Jun 6 2009 © 2009 Cisco Systems. or unable to find computer address Step 10 Verify IP address: sh ip interface brie Interface Protocol Vlan1 Step 11 IP-Address OK? Method Status 10.251. P .Router.Host. B .Fas 0/6 In this example. Sending 5. T .1. last line of the template: getmethere Translating "getmethere" % Unknown command or computer name. On each switch.1.1.Trans Bridge.1. The local switch connects to switch DSW1 from interface f0/1. which links to switch DSW1 interface f0/6. The local switch connects to switch DSW2 from interface F0/2.Repeater.Source Route Bridge S . use the show cdp neighbor information command to determine which local interfaces are to remain enabled.Switch.1 YES manual up up Verify gateway: sh run | beg ip default ip default-gateway 10. r .1. Inc. Step 7 Verify connectivity to the gateway: ping 10.1.1.Phone Device ID DSW2 DSW1 Local Intrfce Fas 0/2 Fas 0/1 Holdtme 129 129 Capability Platform Port ID R S I WS-C3560. Lab Guide 21 .IGMP. For example: show cdp neighbors Capability Codes: R . the local switch has two neighbors.

Inc. and EtherChannel Implementing Cisco Switched Networks (SWITCH) v1. . VTP. you found that their requirements were all about link types. and EtherChannels. functional. You realize that they have little understanding about more advanced options such as allowed VLANs. When collecting information about their network infrastructure. to design and configure their branch office Layer 2 network. trunks. pruning. Activity Objective You were hired by NotaRoute. They know that some devices are supposed to be in VLANs and others in trunks. you will be able to meet these objectives: 22 „ Plan a segmented Layer 2 network implementation „ Create a Layer 2 implementation and verification plan „ Implement a full Layer 2 solution including VLANs. You need to configure the existing network equipment to use the devices once they are installed. and reasonably secured network. and EtherChannel Complete this lab activity to practice what you learned in the related module. trunk encapsulation.0 © 2009 Cisco Systems. but later on they intend to implement several servers and additional routers. They provided you with a cabling plan and asked you to help them design and configure a typical solution for their network on a test lab. Your configuration will be used by the customer as a configuration template as additional network equipment is purchased. Their network is not fully ready yet. but that they expect you to guide them and to provide a documented. but this is where their knowledge ends.Lab 2-1: Design and Implement VLANs. After completing this activity. Trunks. Inc.

and the next available port for the WEB server. There will be a hint in a lab. Inc.Required Resources This section contains the information needed to accomplish in this activity. The switches need to be configured completely. You do not need to configure the routers.” — The administrator does not want the pruning feature of VTP to be enabled. The network infrastructure has been installed but not the additional servers or the additional routers. Implementation Policy This deployment builds on Lab 1-1. and describes the requirements common to all devices in the network and the information specific to each device. keep the configuration from Lab 1-1. In other words. If you have not yet completed Lab 1-1 successfully. Your configuration should include the configuration for the switch ports to these devices. when you should replace actual configuration with another one from flash. „ During the conversation. For example. Apply the same logic for the file servers and the additional routers on switches DSW1 and DSW2. you are asked to configure the first available port on switches ASW1 and ASW2 for the FTP server. if the first four ports are already used after Lab 1-1. and add the following requirements. © 2009 Cisco Systems. ( on DSW1 & 2 use int gi0/1 instead of fa0/9 ). and additional routers are to be connected later. A quick call to the local administrator identifies the following elements: „ FTP. Web servers. as they need to send traffic to several of your VLAN subnets. you mentioned VTP and its modes. than in order to prepare for this lab use the alias command “init-2_1” on the switches. the file server will be on the first available port and the additional router on the next available port. — You should name the domain “cisco. Read the information carefully. Lab Guide 23 . Note: With the command “show alias” you can see which alias command can be used for replace the current running config with an appropriate mentioned configuration file from flash. „ Several IP addresses are already configured on the Ethernet interfaces on each router (routers R1 and R2) to your pod. with the following restrictions: — All switches should be in transparent mode. On each switch. The local administrator would like to try VTP. from VLAN database to link type. and asks you to manually prune all unnecessary VLANs from the inter-switch links. On the routers this is a must! Not all network equipment is installed. configure port 5 for the FTP server and port 6 for the web server. For example.

This information is the same as in Lab 1-1: 24 Device Name Role IP Address Gateway VLAN ASW1 Layer 2 access switch 10. group these physical links into logical links wherever possible. while the other only responds to solicitations and does not actively try to create the link.1.252/24 1 Implementing Cisco Switched Networks (SWITCH) v1. „ Client PC in VLAN 3 and client PC in VLAN 4 need to receive their IP address from routers R1 and R2.1.22/24 10.11/24 10. several physical connections exist between some of the switches.1. use only responds function while on all other switches use the active form for virtual link creation.1.1. When there is a grouping of 2 interfaces on the switches DSW1 or DSW2. ASW2 and DSW1. .1. Use the description feature on each virtual link to reflect the devices they connect.1. DSW1.1.1.252 1 DSW1 Layer 3 switch 10. and CSW2 and router R1.1.251 1 DSW2 Layer 3 switch 10.1.251 1 ASW2 Layer 2 access switch 10. and make sure that one end actively tries to negotiate the virtual link creation.1. „ For efficiency.2/24 10. otherwise it makes no sense yet).1.1. create the virtual link unconditionally without using any negotiation protocol.1. Use Cisco Discovery Protocol to determine the links between switches and shut down the ones that are not needed. R1 and R2 are preconfigured.251 1 CSW2 Layer 3 switch 10.1/24 10.222/24 10. and CSW1) and the lower part of the network (switches ASW2.251/24 1 R2 Router Fa0/0: 10.1. DSW1 and DSW2.1.1. the only connection between the upper part of the network (switches ASW1. CSW1 and DSW2. Inc.1. DSW1 and CSW2.Where four 100-Mb/s links are to be grouped.0 © 2009 Cisco Systems.1. Also use the table in the “Device Information” section.111/24 10. In other words. To simplify the network administration.1. DSW2.1. your task is to design the VLAN topology with some additional specifications: „ Although the network topology allows for large redundancy. redundancy is not to be used at this stage. Device Information The table provides the information specific to each switch in the network.1.1. Make sure to disable the links between switches ASW1 and DSW2. CSW1 and router R2. Where two 100-Mb/s links are grouped. use an IEEE grouping protocol. and CSW2) transits through the link between switches CSW1 and CSW2.1.Using this information.1. „ Use VLAN 64 on ASW1 and VLAN 66 on ASW2 including them also in the connecting trunks ( because we need them in other labs.1.1.252 1 CSW1 Layer 3 switch 10.252 1 R1 Router Fa0/0: 10.

Physical Port in Your Lab Lab Guide 25 .The table below provides information about the devices connected or to be connected to the network. Use the space to document the port in your pod to which each device should connect per the above policy and the previous lab information: Device Role Network Location VLAN CLT1 Client station ASW1 P3 3 CLT2 Client station ASW2 P3 4 NR1 Router DSW1 P7 Trunk NR2 Router DSW2 P7 Trunk WEB1 Web Server ASW1 P5 11 WEB2 Web Server ASW2 P5 12 FTP1 FTP Server ASW1 P4 63 FTP2 FTP Server ASW2 P4 64 FILE1 File Server DSW1 P6 65 FILE2 File Server DSW2 P6 66 © 2009 Cisco Systems. Inc.

The following table shows all possible numbering conventions for these link bundles. Bundle Number Should Be: ASW1 ASW2 10 ASW1 DSW1 11 ASW1 DSW2 12 ASW2 ASW1 10 ASW2 DSW1 11 ASW2 DSW2 12 DSW1 ASW1 11 DSW1 ASW2 12 DSW1 DSW2 21 DSW1 CSW1 31 DSW1 CSW2 32 DSW2 ASW1 11 DSW2 ASW2 12 DSW2 DSW1 21 DSW2 CSW1 31 DSW2 CSW2 32 CSW1 DSW1 31 CSW1 DSW2 32 CSW1 CSW2 33 CSW2 DSW1 31 CSW2 DSW2 32 CSW2 CSW1 33 Visual Objective The figure illustrates what you will accomplish in this activity. WEB1.Note: The devices NR1. Inc. NR2. FILE1 and FILE2 do not exist in real. we only simulate. Note that not all of these numbers are needed. You should use Cisco Discovery Protocol to determine which links between switches can be bundled. that these devices are connected! Some links between switches should be bundled together. .0 © 2009 Cisco Systems. FTP1. Once you have determined which links must be bundled. 26 Implementing Cisco Switched Networks (SWITCH) v1. FTP2. use the following table to apply the right bundle number: Device Link To If Used. WEB2.

0—2-51 Lab Guide 27 . All rights reserved. File Server File Server SW ITCH v1. Inc. Trunk. © 2009 Cisco Systems.Lab 2-1: Design and Implement VLANs. Inc. and EtherChannel FTP FTP WWW WWW © 2009 Cisco Systems.

shutdown/no shutdown Shuts down or enables an interface. vtp domain domain-name Sets the VTP domain name. Configuration Commands 28 Command Description interface fastethernet | gigabitethernet slot/port Enters interface configuration mode for a Cisco Catalyst switch with a Fast Ethernet or Gigabit Ethernet interface installed.ending_port Selects a range of interfaces to configure. Active mode places an interface into a negotiating state in which the interface initiates negotiations with other interfaces by sending LACP packets. In on mode.0 © 2009 Cisco Systems. Inc. A channel is formed with another port group in either the passive or active mode. vtp mode [ client | server | transparent ] Sets the VTP mode. show vlan Displays VLAN information. show interface interface-id switchport Displays the switch port configuration of the interface. interface interface-id channel-group channel-groupnumber mode active | passive | on Unconditionally enables Link Aggregation Control Protocol (LACP).Command List The table describes the commands that are used in this activity. a usable EtherChannel exists only when both sides are in the on mode. switchport trunk allowed vlan all | none | add | remove | escept vlan-list Configures the list of VLANs allowed on the trunk. switchport mode access Puts the interface into permanent nontrunking mode and negotiates to convert the link into a nontrunk link. switchport nonegotiate Turns off DTP negotiation. show vtp status Shows the VTP configuration. . switchport mode trunk Puts the interface into permanent trunking mode and negotiates to convert the link into a trunk link.1Q encapsulation on the trunk link. switchport access vlan vlan-id Specifies the default VLAN. switchport trunk encapsulation isl Specifies ISL encapsulation on the trunk link. which is used if the interface stops trunking. Implementing Cisco Switched Networks (SWITCH) v1. the port responds to received LACP packets but does not initiate LACP packet negotiation. show running-config interface interface-id Displays interface-specific configuration information. switchport trunk encapsulation dot1q Specifies 802. When passive mode is enabled. no interface vlan vlan-id type Disables a VLAN interface. show interface trunk Displays the trunk configuration of the interface. name vlan-name Specifies a name for a VLAN for either VLAN database or VLAN configuration mode. interface range fastethernet | gigabitethernet slot/starting_port .

Job Aids These are the job aids for this lab activity: Value Location Blank implementation requirements list Task 1 Blank implementation and verification plan form Task 2 Blank verification notes form Task 3 Alternate resources and solutions form End of this lab Key commands and tools used form End of this lab Implementation requirements hints “Hints” section at the end of this lab Implementation and verification plan hints “Hints” section at the end of this lab Solution configuration answer key (step-bystep procedure) Configuration section at the end of this lab © 2009 Cisco Systems. Lab Guide 29 . Inc.

If you are unsure. the lab Visual Objective. etc. trunk encapsulation types. and the information in the “Implementation Policy” and “Device Information” sections to create an Implementation Requirements list. use the information provided in the “Hints” section at the end of this lab.Task 1: Establish an Implementation Requirements List The first step in your configuration deployment is to create a list of the items needed to configure each device (for example. Inc. allowed VLANs.). Device 30 High-Level Task Information Source Implementing Cisco Switched Networks (SWITCH) v1. VTP role.0 © 2009 Cisco Systems. Use the following table. . Include the highlevel implementation tasks needed for each device and how to obtain the information required for each task.

Inc.Device © 2009 Cisco Systems. High-Level Task Information Source Lab Guide 31 .

Complete √ 32 Device Implementation Order Implementing Cisco Switched Networks (SWITCH) v1.To help you decide on the VLAN implementation. Inc. use the information provided in the “Hints” section at the end of this lab. If you are unsure. use the following table to list the VLANs you will need and determine the devices on which they should be configured: VLAN Number VLAN Name Configure on Switches: Task 2: Create an Implementation and Verification Plan The second step in your configuration deployment is to create a task list that includes each item that must be configured on each device and in what order the items must be configured. Use the following table and the information in the “Required Resources” section to create the Implementation and Verification Plan. . You will move to the actual implementation in the next task.0 Values and Items to Implement Verification Method and Expected Results © 2009 Cisco Systems. The task will help you set up configuration checkpoints. because it enables you to ensure that all requirements are properly configured and in the correct order. Use the plan to determine how you will verify that each required item was effectively configured. The Implementation and Verification Plan is very important.

Inc.Complete √ © 2009 Cisco Systems. Device Implementation Order Values and Items to Implement Verification Method and Expected Results Lab Guide 33 .

Complete

34

Device

Implementation
Order

Implementing Cisco Switched Networks (SWITCH) v1.0

Values and Items to
Implement

Verification Method and
Expected Results

© 2009 Cisco Systems, Inc.

Complete

© 2009 Cisco Systems, Inc.

Device

Implementation
Order

Values and Items to
Implement

Verification Method and
Expected Results

Lab Guide

35

Complete

36

Device

Implementation
Order

Implementing Cisco Switched Networks (SWITCH) v1.0

Values and Items to
Implement

Verification Method and
Expected Results

© 2009 Cisco Systems, Inc.

Task 3: Implement and Verify
Now that you have all of the requirements and have planned the implementation, you are ready to
connect to the remote lab. You can then implement your solution. Do not forget to save. Once
your solution is implemented, verify that your configuration is working and that it fulfills the
requirements specified by the company. Keep in mind that once you leave the company, they will
use your configuration as a white paper to implement their network. The company will apply
your configuration, without modification, to connect any device of the same type as the one you
configured for each port. Use the previous table to document the verifications you conducted to
ensure that your solution is complete. If you are unsure about the verification steps, use the
information provided in the “Hints” section at the end of this lab.

© 2009 Cisco Systems, Inc.

Lab Guide

37

Student Notes
Use the following space to document the details that you think are important to remember.
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
38

Implementing Cisco Switched Networks (SWITCH) v1.0

© 2009 Cisco Systems, Inc.

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________

© 2009 Cisco Systems, Inc.

Lab Guide

39

Alternate Resources and Solutions
Other groups may use a solution that is different from yours. Possible solutions will be discussed
during the debriefing period after the lab. For your reference, use the following space to
document other possible solutions.
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
40

Implementing Cisco Switched Networks (SWITCH) v1.0

© 2009 Cisco Systems, Inc.

__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems. Lab Guide 41 . Inc.

Lab 2-1: Key Commands and Tools Used __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 42 Implementing Cisco Switched Networks (SWITCH) v1. . Inc.0 © 2009 Cisco Systems.

Implementation Policy Second available port in VLAN 12. Implementation Policy. 12. Implementation Policy First available port in VLAN 63. 3. Task 1 asks you to create an Implementation Requirements list. Device Information Allow VLANs 1. Inc. Implementation Policy Link to switch DSW1 in trunk mode (verify EtherChannel). domain “cisco. Device Information Allow VLANs 1. Device Information VTP transparent. 3. 11. Implementation Policy. Implementation Policy. 63 and 65 on trunk. 4.” password “cisco. if you need help. Implementation Policy Second available port in VLAN 11. Device Information Link to switch DSW2 in trunk mode (verify EtherChannel). Lab 2-1 Section Containing Hint Lab Guide 43 . and EtherChannel Implementation Requirements To facilitate the configuration of your network. Implementation Policy.” password “cisco. Device Information Link to switch DSW1 in trunk mode (verify EtherChannel).” password “cisco. Implementation Policy. Device Information VTP transparent. The list details the elements needed to develop an implementation plan.” Implementation Policy Configure and shut port(s) to switch DSW2. Implementation Policy Second available port in trunk. Implementation Policy ASW2 DSW1 © 2009 Cisco Systems. 12. domain “cisco. Implementation Policy. 11.Hints You are encouraged to complete the labs using your knowledge. Device Information Allow VLANs 1. However. 64 and 66 on trunk. 64 and 66 on trunk. Device Information Allow VLANs 1.” Implementation Policy First available port in VLAN 65. Implementation Policy. Implementation Policy . Implementation Policy First available port in VLAN 64. Lab 2-1 Hint Sheet: Design and Implement VLANs.” Implementation Policy Configure and shut port(s) to switch DSW1. Trunks. Implementation Policy Link to switch DSW2 in trunk mode (verify EtherChannel). Implementation Policy Port to client CLT2 in VLAN 4. Implementation Policy VTP transparent domain “cisco. 63 and 65 on trunk. The following is an example of such a list: Device Implementation Requirement ASW1 Port to client CLT1 in VLAN 3. 4. this section contains a series of hints to help you complete the lab.

12. 3. Implementation Policy. Implementation Policy VLANs 1. 3. 11. 63. and 66 allowed on trunk. 3. Device Information VLANs 1. 12. Implementation Policy. 3. 63. 63. domain “cisco. Implementation Policy. 63. 4. 64 and 66 allowed on trunk. Device Information Link to switch ASW2 in trunk mode (verify EtherChannel). Device Information VLANs 1.” password “cisco. Device Information Configure and shut port(s) to switch DSW1. 64. 11. 64. 3. Device Information Implementing Cisco Switched Networks (SWITCH) v1. 11. Implementation Policy. 63. 63 and 65 allowed on trunk. 3. 4. Implementation Policy. 64. Implementation Policy. 11. Implementation Policy. 3. 12.0 © 2009 Cisco Systems. 64. Device Information Link to switch DSW1 in trunk mode (verify EtherChannel).” Implementation Policy First available port in VLAN 66. 12. Implementation Policy Link to switch CSW1 in trunk mode (verify EtherChannel). and 66 allowed on trunk. Implementation Policy Link to switch ASW1 in trunk mode (verify EtherChannel). 63. 12. Implementation Policy. 12. Implementation Policy. 4. 3. Device Information VLANs 1. 63 and 65 allowed on trunk. 65. 11. 11. Device Information Configure and shut port(s) to switch DSW2. 12. 63. Implementation Policy. Device Information VLANs 1. Implementation Policy. and 66 allowed on trunk. 4. Device Information Link to switch DSW2 in trunk mode (verify EtherChannel). Implementation Policy Second available port in trunk. 65. 65. 4. Implementation Policy VTP transparent. Implementation Policy. Implementation Policy. 11. and 66 allowed on trunk. 11. Implementation Policy. Implementation Policy. Implementation Policy.Device DSW2 44 Implementation Requirement Lab 2-1 Section Containing Hint VLANs 1. Device Information Configure and shut port(s) to switch ASW2. 65. 65. Device Information VLANs 1. Device Information VLANs 1. Device Information Link to switch CSW2 in trunk mode (verify EtherChannel). 4. and 66 allowed on trunk. . and 66 allowed on trunk. 65. Device Information Configure and shut port(s) to switch CSW2. Device Information VLANs 3. 65. 4. Device Information Configure and shut port(s) to switch DSW2. Implementation Policy. 12. 64. Implementation Policy Link to switch DSW2 in trunk mode (verify EtherChannel). Implementation Policy. Device Information VLANs 1. and 66 allowed on trunk. Implementation Policy Link to switch ASW1 in trunk mode (verify EtherChannel). 11. Inc. 64. 64. 4.

64. Implementation Policy. 3. Device Information VLANs 1. Implementation Policy. 3. 4. 64 and 66 allowed on trunk. 63. 11. 12. Implementation Policy Link to switch CSW1 in trunk mode (verify EtherChannel). 4. 3. 64. 4. 3. Implementation Policy. 11. Implementation Policy. 11.” Implementation Policy Link to router R1 in trunk. 64. 65 and 66 allowed on trunk. 65. 12. 65. 65. Implementation Policy. 3.” password “cisco. 11. Implementation Policy Link to switch DSW2 in trunk mode (verify EtherChannel). Implementation Policy. Implementation Policy. Device Information Configure and shut port(s) to switch DSW2. 12. 65 and 66 allowed on trunk. 3. Device Information Link to switch CSW2 in trunk mode (verify EtherChannel). 12. domain “cisco. Implementation Policy. 63. 4. Implementation Requirement Lab 2-1 Section Containing Hint Link to switch ASW2 in trunk mode (verify EtherChannel). 11. Implementation Policy. 63. 12. and 66 allowed on trunk.” Implementation Policy Link to router R1 in trunk. 63. 63. Inc. 11. Device Information VTP transparent. Device Information VLANs 1. Device Information Configure and shut port(s) to switch DSW2. and 66 allowed on trunk. 12. Implementation Policy. and 66 allowed on trunk. 63. Visual Objective VLANs 1. 64. Implementation Policy. and 66 allowed on trunk. Device Information Link to router R2 in trunk.Device CSW1 CSW2 © 2009 Cisco Systems.” password “cisco. 65 and 66 allowed on trunk. Implementation Policy. Visual Objective VLANs 1. 3. 64. 11. 3. 4. 4. Device Information Link to switch DSW2 in trunk mode (verify EtherChannel). Device Information Configure and shut port(s) to switch CSW2. Implementation Policy. 12. 11. 4. 65. 64. 63. 64. domain “cisco. 63. 65 and 66 allowed on trunk. Implementation Policy Link to switch DSW1 in trunk mode (verify EtherChannel). Implementation Policy. 64. Device Information VLANs 1. and 66 allowed on trunk. Implementation Policy. Device Information VLANs 1. Device Information Link to switch CSW2 in trunk mode (verify EtherChannel). Device Information VLANs 1. 4. Visual Objective VLANs 1. 4. Device Information Configure and shut port(s) to switch ASW2. 12. Implementation Policy. 12. Implementation Policy. Device Information VLANs 1. Device Information VLANs 1. 3. Implementation Policy VTP transparent. 65. 12. 63. 11. Device Information Lab Guide 45 . 64. 4.

Implementation Policy. 11. 63. Implementation Policy. 3. 4. Implementation Policy. and 66 allowed on trunk. Implementation Policy. 63.0 © 2009 Cisco Systems. . 63. 11. 3. 12. Visual Objective VLANs 1. Device Information VLANs 1. 12. 3. Implementation Policy Link to switch DSW2 in trunk mode (verify EtherChannel). 64. 63. 3. 12. Device Information Implementing Cisco Switched Networks (SWITCH) v1. 11. Device Information Link to switch DSW1 in trunk mode (verify EtherChannel). 64. Implementation Policy. 12. 64. 4. Device Information VLANs 1. 65. Device Information VLANs 1. Inc.Device 46 Implementation Requirement Lab 2-1 Section Containing Hint Link to router R2 in trunk. 4. 11. 4. and 66 allowed on trunk. 65. and 66 allowed on trunk. Device Information Link to switch CSW1 in trunk mode (verify EtherChannel). 65. Device Information Configure and shut port(s) to switch DSW1. 64. 65 and 66 allowed on trunk. Implementation Policy. Implementation Policy.

65. 11. 3. allowed VLANs 1. Shut link down. domain “cisco. show interface trunk 6 6 (Verify if needed and) configure EtherChannel to switch DSW2 on if 4 links. LACP if 2 links. show etherchannel status active or on 5 © 2009 Cisco Systems. 64. 63. the template could contain the following items: „ vtp mode transparent „ vtp domain cisco „ vtp password cisco „ vlan 3. trunk. and DSW2. LACP if 2 links. 11. 3. 4. 12. 63. show run interface to router R2. 4. trunk. 64. The common template could be named “Common_Template. allowed VLANs 1.63-66 You can implement this template on switches CSW1. 63. Shut link down. 8 8 (Verify if needed and) configure EtherChannel to switch DSW1. 3. show interface trunk 4 4 (Verify if needed and) configure EtherChannel to switch CSW2. 65 and 66. show vtp status (shows transparent. and 66. so you may want to configure them manually. 63. allowed VLANs 1. 3. 3. One possible approach groups items that are common to all switches in a template and then applies the template to all switches. 11.12. 11. allowed VLANs 1. 65 and 65. on if 4 links.Implementation and Verification Plan In Task 2. show interface trunk 4 3 Configure trunk link to R2. 4. 12.” password “cisco”) 2 2 Configure trunk link to R1. on if 4 links. 3. Switches ASW1 and ASW2 require specific VLAN configuration. For this lab. 12. you will create an implementation and verification plan. 65 and 66. 4. Complete √ Device Implementation Order Values and Items to Implement Verification Method and Expected Results Step Number CSW1 1 Paste Common_Template. allowed VLANs 1. DSW1. 63. show run interface to switch CSW2. show run interface to router R1.” just like in the previous lab. show etherchannel status active or on 5 7 Configure trunk to switch DSW2. trunk. 64. show etherchannel status active or on 5 5 Configure trunk to switch CSW2. 11 12. There are several possible correct solutions. and 66. 63. 4. 64. 64. and 66. 12. allowed VLANs 1. 64.4. 65 and 66. 65. CSW2. 64. 11. 11. 12. 4. You can then configure each switch with items that are unique to each device. interface mode. trunk allowed VLANs 1. 64. and 66. 12. 63. or EtherChannel links.11. Inc. 3. An example of the Implementation and Verification Plan follows. LACP if 2 links. link shut. 4. 65. allowed VLANs 1. Lab Guide 47 . 12. 63. 4. show run interface to switch DSW2. 3. 11. 65.

on if 4 links. show run interface to switch DSW2. 63. . 65. on if 4 links. 3. allowed VLANs 1. 64. 3. trunk. show run interface to switch CSW2. and 66. 12. show interface trunk 14 Implementing Cisco Switched Networks (SWITCH) v1. Shut link down. 65. LACP if 2 links. 4. allowed VLANs 1. 64. 4. 3. LACP if 2 links. show etherchannel status passive or on 11/12 3 Configure trunk to switch CSW1. 64. allowed VLANs 1. 63. 64. 63. 4. on if 4 links. 11. 3. 12. 64. 64. 3. trunk. 11. 9 9 Configure trunk to switch DSW2. allowed VLANs 1. on if 4 links. 12. and 66. show etherchannel status active or on 9 7 Configure trunk to switch DSW1. 3. show run interface to switch CSW1. 64. and 66.Complete √ Device CSW2 DSW1 48 Implementation Order Values and Items to Implement Verification Method and Expected Results Step Number 9 Configure trunk to switch DSW1. allowed VLANs 1. 65 and 66. allowed 1. 11. 11. domain “cisco. 65. 12. 11. 63. trunk. show interface trunk 9 6 (Verify if needed and) configure EtherChannel to switch DSW1. 3. 3. show etherchannel status active or on 9 5 Configure trunk to switch CSW1. 63. 65 and 66. show interface trunk 9 3 Configure trunk link to R2. Shut link down. 65 and 66. 4.” password “cisco”) 9 2 Configure trunk link to R1. 12. 63. 4. show vtp status (shows transparent. domain “cisco. trunk allowed VLANs 1. 4. 63. show interface trunk 7 1 Paste Common_Template. 4. and 66 9 8 (Verify if needed and) configure EtherChannel to switch DSW2. and 66.” password “cisco”) 10 2 (Verify if needed and) configure EtherChannel to switch CSW1. show etherchannel status active or on. 64. 12. show interface trunk 9 4 (Verify if needed and) configure EtherChannel to switch CSW1. 64. show run interface to switch CSW2. show run interface to router R1. 4. 12. 65. 64. LACP if 2 links. 65. 64. allowed 1. show run interface to switch CSW1.0 © 2009 Cisco Systems. 9 1 Paste Common_Template. trunk. 65 and 66. 11. 12. and 66. 63. 63. 3. 11. 11. 63. and 66. allowed VLANs 1. 63. 12. 4. 64. and 66. LACP if 2 links. 11. 11. 64. 4. and 66. allowed VLANs 1. Shut link down. 4. trunk. 3. 65. link shut. trunk. 63. 11. 12. 65. 4. 11. 12. allowed VLANs 1. show run interface to router R2. 3. 63. 12. allowed VLANs 1. and 66. 65. 63. allowed VLANs 1. 3. change VTP mode to server. 4. 65. 64. 4. 12. 12. allowed VLANs 1. 11. Inc. 3. 65. 11. 3. show vtp status (shows transparent.

allowed VLANs 1. 4. 64. Implementation Order Values and Items to Implement Verification Method and Expected Results Step Number 4 (Verify if needed and) configure EtherChannel to switch CSW2. show interface trunk 16 12 Configure first available port in access mode. on if 4 links. 64. show run interface to switch ASW1.Complete √ Device DSW2 © 2009 Cisco Systems. 65. show run interface to switch DSW2. 64. Activate link. allowed VLANs 1. 4. domain “cisco. trunk. 63. 65. 63. 4. trunk. First available port in access mode. 12. 63. 11. and 66. LACP if 2 links. 63 and 65. 12. show interface trunk 19 1 Paste Common_Template. allowed VLANs 1. 4. trunk. 12. 12. and 66. 65. on if 4 links. and 66. show etherchannel status passive or on 11/12 9 Configure trunk to switch ASW1. 11. LACP if 2 links. show interface trunk 16 10 (Verify if needed and) configure EtherChannel to switch ASW2. 64. on if 4 links. 4. allowed VLANs 1. Second available port in trunk. trunk. allowed VLANs 1. 65. 4. 3. 3. 3. 11. allowed VLANs 1. and 66. 11. 12. 3. allowed VLANs 1. 11. Shut link down. 3. 11. 65. 64. LACP if 2 links. 63 and 65. show etherchannel status passive or on 11/12 11 Configure trunk to switch ASW2. 65. allowed VLANs 1. allowed VLANs 1. and 66. 63. 3. 64 and 66. show run interface to switch CSW2. 11. 65. 2. 12. show etherchannel status passive or on 11/12 7 Configure trunk to switch DSW2. on if 4 links. 12. 3. Shut link down. on if 4 links. 63. and 66. 64. VLAN 65. 3. 12. 64. trunk. Shut link down. 2. LACP if 2 links. 12. show interface trunk 21 Lab Guide 49 . 11. show vtp status (shows transparent. Inc. show run interface to switch CSW2. LACP if 2 links. link shut 13 8 (Verify if needed and) configure EtherChannel to switch ASW1. 4. 63.” password “cisco”) 21 2 (Verify if needed and) configure EtherChannel to switch CSW2. show etherchannel status passive or on 11/12 5 Configure trunk to switch CSW2. 12. 4. show run interface to switch ASW1. 63. allowed VLANs 1. 18 13 Configure second available port in trunk. 63. 11. Activate link. 11. show etherchannel status passive or on 21 3 Configure trunk to switch CSW2. 65. and 66. VLAN 65. and 66. allowed VLANs 1. 64. 3. 3. link shut 15 6 (Verify if needed and) configure EtherChannel to switch DSW2. allowed VLANs 1. 64 and 66.

12. 4. 4. LACP if 2 links. VLAN 66. 63. on if 4 links. LACP if 2 links. and 65. 64. Second available port in trunk. 12. link shut 21 6 (Verify if needed and) configure EtherChannel to switch DSW1. and 66. 4. LACP if 2 links. 11. trunk. show etherchannel status passive or on 21 11 Configure trunk to switch ASW2. trunk.Complete √ Device ASW1 50 Implementation Order Values and Items to Implement Verification Method and Expected Results Step Number 4 (Verify if needed and) configure EtherChannel to switch CSW1. 11. allowed VLANs 1. on if 4 links. 12. 12. show run interface to switch DSW1. 11. show etherchannel status passive or on 21 7 Configure trunk to switch DSW1.” password “cisco. domain “cisco. 4. Activate link. allowed VLANs 1. allowed VLANs 1. 64. 12. show interface trunk 21 10 (Verify if needed and) configure EtherChannel to switch ASW2. 65. 65. show run interface to switch CSW1. 3. 63. 64. show interface trunk 21 12 Configure first available port in access mode. allowed VLANs 1. 11. show run interface to switch ASW1. 3. and 66. 64 and 66. 4. 3. allowed VLANs 1. allowed VLANs 1. First available port in access mode. 3. show run interface to switch ASW2. allowed VLANs 1. Shut link down. show etherchannel status active or on 23 3 Configure trunk to switch DSW1. and 66. 64 and 66. Shut link down. 12. allowed VLANs 1. trunk.” show vtp status. and 66. trunk. 11. 63. on if 4 links. 11. 3. 4. 64. and 65. 3. allowed VLANs 1. 63. 63 and 65. 63. Inc. allowed VLANs 1. on if 4 links. 63. LACP if 2 links. 11. show etherchannel status passive or on 21 9 Configure trunk to switch ASW1. show run interface to switch DSW1. 64. . show interface trunk 24 Implementing Cisco Switched Networks (SWITCH) v1.” password “cisco” 22 2 (Verify if needed and) configure EtherChannel to switch DSW1. 4. 63 and 65. 21 13 Configure second available port in trunk. 63. link shut 21 8 (Verify if needed and) configure EtherChannel to switch ASW2. 3. show interface trunk 21 1 VTP mode transparent. 3. 65 and 66. 63. 65. trunk.0 © 2009 Cisco Systems. 65. allowed VLANs 1. transparent. 3. 11. 4. 64. on if 4 links. Activate link. 11. domain “cisco. 12. 3. show etherchannel status passive or on 21 5 Configure trunk to switch CSW1. Shut link down. VLAN 66. allowed VLANs 1. 11. LACP if 2 links. 12. 65 and 66.

Activate link. on if 4 links.Complete √ Device ASW2 © 2009 Cisco Systems. allowed VLANs 1. allowed VLANs 1. 3. 4. domain “cisco. 63 and 65. 12. 12. show run interface to first available port. LACP if 2 links. 64 and 66. show etherchannel status active or on 23 5 Configure trunk to switch DSW2. on if 4 links. allowed VLANs 1.” password “cisco. show run interface to second available port. 3. 11. allowed VLANs 1. access VLAN 63 26 8 Second available port in VLAN 11. domain “cisco. show run interface to switch DSW1. Implementation Order Values and Items to Implement Verification Method and Expected Results Step Number 4 (Verify if needed and) configure EtherChannel to switch DSW2. show etherchannel status active or on 29 3 Configure trunk to switch DSW1. 64 and 66.” password “cisco” 28 2 (Verify if needed and) configure EtherChannel to switch DSW1. show run interface to client CLT1. 4. access VLAN 3 25 7 First available port in VLAN 63. show interface trunk 30 6 Port to client CLT2 in VLAN 4. LACP if 2 links. 4. 12. show run interface to first available port. 12. allowed VLANs 1. 64 and 66. show interface trunk 32 8 Second available port in VLAN 12. 4. Inc. Activate link. show run interface to switch DSW2. on if 4 links. show run interface to second available port. 11. access VLAN 4 31 7 First available port in VLAN 64. trunk. allowed VLANs 1. transparent. 64 and 66. access VLAN 64. Shut link down. Activate link. show etherchannel status active or on 29 5 Configure trunk to switch DSW2. Activate link. show interface trunk 24 6 Port to client CLT1 in VLAN 3. trunk. Shut link down. show run interface to switch DSW2.” show vtp status. show interface trunk 30 4 (Verify if needed and) configure EtherChannel to switch DSW2. show run interface to client CLT2. LACP if 2 links. access VLAN 12 33 Lab Guide 51 . access VLAN 11 27 1 VTP mode transparent. trunk. 63 and 65.

Inc. „ Switch CSW1 has two links to switch DSW1 and two links to switch DSW2. . H . determine if EtherChannel is to be configured on links to switches CSW2.Router. T . B .3. Inject the Common_Template file. r .Repeater. using the configure terminal command. „ Verify as you paste that no error message is reported. „ Connect to the remote lab.66 Step 5 52 Using the show cdp neighbor information.63.Switch.12. DSW1. Implementing Cisco Switched Networks (SWITCH) v1. and DSW2: „ Switch CSW1 has 4 links to switch CSW2. enter (taking interface f0/11 as an example): Step 4 interface f0/11 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 1.IGMP.12.4. and switches DSW1 and DSW2 will be the passive side. using the enable command. Use the show cdp neighbor command to check the port to each neighbor: Step 3 CSW1#sh cdp ne Capability Codes: R . and EtherChannel mode on should be used.0 © 2009 Cisco Systems.4.Step-by-Step Procedure Step 1 Connect to switch CSW1 in configuration mode.Phone Device ID R1 R2 DSW1 DSW1 DSW2 DSW2 CSW2 CSW2 CSW2 CSW2 Local Intrfce Fas 0/11 Fas 0/12 Fas 0/2 Fas 0/1 Fas 0/4 Fas 0/3 Fas 0/10 Fas 0/9 Fas 0/8 Fas 0/7 Holdtme 85 85 144 144 148 148 138 138 138 138 Capability R S I R S I S I S I R S I R S I R S I R S I R S I R S I Platform RO-2811RO-2811WS-C3560WS-C3560WS-C3560WS-C3560WS-C3560WS-C3560WS-C3560WS-C3560- Port ID Fas 0/0 Fas 0/1 Fas 0/2 Fas 0/1 Fas 0/4 Fas 0/3 Fas 0/10 Fas 0/9 Fas 0/8 Fas 0/7 For each port to routers R1 and R2. „ Enter configuration mode.11. „ Enter privilege mode.65. EtherChannel mode LACP should be used.64. I .63-66 „ Paste the Common_Template file content into the console. Switch CSW1 will be the active side.11.Trans Bridge.Source Route Bridge S . P . „ Access the Switch console. Step 2 „ Create a notepad text file named Common_template that contains the lines: — vtp mode transparent — vtp domain cisco — vtp password cisco — vlan 3.Host.

65.3.11.11.11.63.64.Step 6 Configure the link to switch CSW2.4.4 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 1.66 channel-group 32 mode active shutdown exit interface port-channel 32 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 1.3.64. r .Repeater.11.12.63.63.3.65. using the show cdp neighbor information and the EtherChannel table from the “Required Resources” section of this lab: interface range f0/7 . using the show cdp neighbor information and the EtherChannel table from the “Required Resources” section of this lab: interface range f0/3 . Step 10 Repeat Steps 1 and 2 on switch DSW1.65. B .12.66 Step 8 Configure the link to switch DSW2.64.64.Source Route Bridge S . Inc.12.65. T . P . I .Host.4.3.66 channel-group 33 mode on exit interface port-channel 33 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 1. Step 11 Use the show cdp neighbor information to discover neighbors: DSW1#sh cdp ne Capability Codes: R .3.63.4.4.4. Local Intrfce Fas 0/6 Fas 0/7 Fas 0/5 Fas 0/4 Fas 0/3 Fas 0/2 Fas 0/1 Holdtme 155 156 130 128 127 163 163 Capability S I S I R S I R S I R S I R S I R S I Platform WS-C2960WS-C2960WS-C3560WS-C3560WS-C3560WS-C3560WS-C3560- Port ID Fas 0/1 Fas 0/2 Fas 0/5 Fas 0/4 Fas 0/3 Fas 0/2 Fas 0/1 Lab Guide 53 .65.66 shutdown Step 9 Repeat Steps 1 to 8 on switch CSW2.63.10 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 1. H .66 Step 7 Configure the link to switch DSW1.Phone Device ID ASW1 ASW2 DSW2 CSW2 CSW2 CSW1 CSW1 © 2009 Cisco Systems.12. using the show cdp neighbor information and the EtherChannel table from the “Required Resources” section of this lab: interface range f0/1 .Router.64.63.12.4.3.11.IGMP.11.2 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 1.Switch.12.65. shutting down the ports to switch DSW1 and leaving the ports to switch DSW2 enabled.64.66 channel-group 31 mode active exit interface port-channel 31 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 1.Trans Bridge.

Inc. using the show cdp neighbor information: interface f0/5 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 1.4 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 1.3.12.4.65.65.11.11. Configure the link to switch DSW2.3.66 channel-group 31 mode passive exit interface port-channel 31 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 1.12.65.3. Switch DSW1 will be the passive side for links to switches CSW1 and CSW2.63.3.4.66 Step 15 Configure the link to switch CSW2.12.4.3.4.12.64.64.63. and DSW2: „ Switch DSW1 has one link to switches ASW1 and ASW2.11.12.65.66 channel-group 32 mode passive shutdown exit interface port-channel 32 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 1.11.66 shutdown Step 14 Configure the link to switch CSW1. „ DSW1 has two links to switch CSW1 and two links to switch CSW2. one link to switch DSW2. DSW1.63. EtherChannel mode LACP should be used. using the show cdp neighbor information and the EtherChannel table from the “Required Resources” section of this lab: interface range f0/3 .63.64. . determine if EtherChannel should be configured on links to switches CSW2.64. EtherChannel should not be used.Step 12 Step 13 Using the show cdp neighbor information.66 shutdown DSW1#sh etherchann Channel-group listing: ---------------------Group: 31 ---------Group state = L2 Ports: 2 Maxports = 8 Port-channels: 1 Max Port-channels = 1 Protocol: Minimum Links: 0 Group: 32 ---------Group state = L2 Ports: 2 Maxports = 8 Port-channels: 1 Max Port-channels = 1 Protocol: Minimum Links: 0 54 Implementing Cisco Switched Networks (SWITCH) v1.65.2 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 1.63.4.11. using the show cdp neighbor information and the EtherChannel table from the “Required Resources” section of this lab: interface range f0/1 .64.0 © 2009 Cisco Systems.

12.64.4.12.65 Step 17 Configure the link to switch ASW2. Step 23 Use the Step 16 model to configure links to switches DSW1 and DSW2. then Steps 11 to 19 on switch DSW2. using the show cdp neighbor information: interface f0/6 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 1. On the EtherChannel link to switch DSW1. Step 24 Configure the link to client CLT1: interface f0/3 switchport mode access switchport access vlan 3 Step 25 Configure the link to the FTP server: interface f0/4 switchport mode access switchport access vlan 63 Step 26 Configure the link to the WEB server: interface f0/5 switchport mode access switchport access vlan 11 © 2009 Cisco Systems.66 Step 18 Configure the link to the file server: interface f0/8 switchport mode access switchport access vlan 65 Step 19 Configure the link to the new router: interface gi0/1 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 1.66 Step 20 Step 21 Repeat Steps 1 and 2.65.64. The file server is in VLAN 66.0.0.63.Step 16 Configure the link to switch ASW1. leaving links to switch CSW2 enabled and links to switch CSW1 shut down. On switch ASW1. using the show cdp neighbor information: interface f0/7 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 1. Lab Guide 55 .3.3.11.63. switch DSW2 is the passive side.11.0 at 0-0-00 00:00:00 Step 22 Repeat Step 11 to discover neighbors. configure the VTP mode.4. ASW1(config)# vtp domain cisco ASW1(config)# vtp mode transparent ASW1(config)# vtp password cisco ASW1# show vtp status VTP Version : running VTP1 (VTP2 capable) Configuration Revision : 0 Maximum VLANs supported locally : 1005 Number of existing VLANs : 17 VTP Operating Mode : Transparent VTP Domain Name : cisco VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xDE 0x86 0x25 0xBD 0x56 0x50 0xDE 0x3E Configuration last modified by 0. Inc.

Step 28 Repeat Step 22 to discover neighbors. Step 30 Configure the link to client CLT2: interface f0/3 switchport mode access switchport access vlan 4 Step 31 Configure the link to the FTP server: interface f0/4 switchport mode access switchport access vlan 64 Step 32 Configure the link to the web server: interface f0/5 switchport mode access switchport access vlan 12 56 Implementing Cisco Switched Networks (SWITCH) v1.Step 27 Repeat Steps 21 on switch ASW2.0 © 2009 Cisco Systems. Inc. . Step 29 Use the Step 16 model to configure links to switches DSW1 and DSW2.

filled in for you and took care of the network. three troubleshooting tickets were waiting for you on your desk. SWITCH v1. one of your team assistants. and tried to improve your configuration on a few points. © 2009 Cisco Systems. Proud of your achievements. while preparing for his CCNA. when you came back. Inc. it seems that the improvements somehow affected Layer 2 connectivity in your network. Everything worked well in the network you configured in the previous lab.0—5 Lab Guide 57 . Unfortunately. Visual Objective for Lab 2-2: Troubleshoot Common VLAN Configuration and Security Issues © 2009 Cisco Systems. He had to face several issues. you decided to take a week off. During that time. All rights reserved.Lab 2-2: Troubleshoot Common VLAN Configuration and Security Issues Complete this lab activity to practice what you learned in the related module. you will be able to meet these objectives: „ Diagnose and resolve Layer 2 connectivity problems „ Diagnose and resolve VLAN and EtherChannel-related problems „ Document troubleshooting progress. In other words. configuration changes. After completing this activity. Inc. Activity Objective There are many issues that can occur when VLANs and trunks are not properly configured. You need to fix the network quickly using the tools you learned in this module. and problem resolution Visual Objective The figure illustrates what you will accomplish in this activity.

ending_port Selects a range of interfaces to configure. Configuration Commands 58 Command Description configure terminal Enters global configuration mode. switchport trunk encapsulation dot1q Specifies 802. Inc. using the default settings of size and response window time. switchport access vlan vlan-id Specifies the default VLAN. shutdown/no shutdown Shuts down or enables an interface. switchport trunk allowed vlan all | none | add | remoce | except vlan-list Configures the list of VLANs allowed on the trunk. name vlan-name Specifies a name for a VLAN for either VLAN database or VLAN configuration mode. show vlan Displays VLAN information. telnet ip-address Starts a terminal emulation program from a PC. . from privileged EXEC mode. switchport nonegotiate Turns off DTP negotiation. ping ip-address Sends an ICMP echo to the designated IP address. no interface vlan vlan-id type Disables a VLAN interface. router. interface fastethernet | gigabitethernet slot/port Enters interface configuration mode for a Cisco Catalyst switch with a Fast Ethernet or Gigabit Ethernet interface installed.Command List The table describes the commands that you will use in this activity. switchport mode access Puts the interface into permanent nontrunking mode and negotiates to convert the link into a nontrunk link. interface range fastethernet | gigabitethernet slot/starting_port . show interface interface-id switchport Displays the switch port configuration of the interface. which is used if the interface stops trunking. or switch that permits you to access network devices remotely over the network. show vtp status Shows the VTP configuration. Implementing Cisco Switched Networks (SWITCH) v1. exit Exits the current mode. switchport mode trunk Puts the interface into permanent trunking mode and negotiates to convert the link into a trunk link. show interface trunk Displays the trunk configuration of the interface.1Q encapsulation on the trunk link. switchport trunk encapsulation isl Specifies ISL encapsulation on the trunk link. enable password password Enters the privileged EXEC mode command interpreter.0 © 2009 Cisco Systems.

A channel is formed with another port group in either the passive or active mode. In on mode. Lab Guide 59 . vtp mode [ client | server | transparent ] Sets the VTP mode. Job Aids These job aids are available to help you complete the lab activity. vtp domain domain-name Sets the VTP domain name in either the VLAN database or configuration mode. „ Trouble Tickets „ Troubleshooting Log © 2009 Cisco Systems. the port responds to received LACP packets but does not initiate LACP packet negotiation. Inc.Command Description interface interface-id channel-group channel-groupnumber mode active | passive | on Unconditionally enables Link Aggregation Control Protocol (LACP). When passive mode is enabled. a usable EtherChannel exists only when both sides are in the on mode. Active mode places an interface into a negotiating state in which the interface initiates negotiations with other interfaces by sending LACP packets. show running-config interface interface-id Displays interface-specific configuration information.

Your assistant asks you for help. A user on PC Client 1 has already started to complain that attempts to access to the network have failed and that the problem must be fixed today. Trouble Ticket B: VLAN 66 Access Problem Your assistant also reports a call on Thursday evening from the File2 Server administrator. The server seems to be operational. Your task is to identify the misconfigured item and solve the issue to recover connectivity between the router R1 interface in VLAN 66 to the router R2 interface in VLAN 66. you are told that “it simply does not work. Each lost minute is extremely expensive. The fact that your assistant is reluctant to tell you exactly what improvements were made when the failure occurred clearly contributes to your doubts. Your assistant complains that hours have already been spent trying to help PC Client 2. anymore. When you returned to work and asked your assistant how things went while you were gone.251. but then tried to verify and improve the other switches on the path and is not sure anymore. The File2 Server team then decided to try to ping from the router R1 interface in VLAN 66 to the router R2 interface in VLAN 66. the fact that the issue started as soon as your assistant started improving the configuration makes you wonder whether there is a configuration issue somewhere on one switch. who could not reach his gateway. When you ask your assistant to describe the exact problem. Luckily. Trouble Ticket C: Gateway Unreachable Your assistant seems to have a number of problems on this Monday morning. 60 Implementing Cisco Switched Networks (SWITCH) v1. The File2 Server team first thought of a hacker attack and removed the File2 server from the network for forensic analysis. The team is convinced that your assistant broke connectivity for this VLAN and asks you to fix the issue immediately.1. and does not believe that the issue has anything to do with the minor improvements your assistant made in the network configuration.66. Your task is to ensure that PC Client 2 can ping router R2. your team still had a similar switch on the shelf and your assistant rushed to the site to replace it. A backup File2 server was installed beyond the switch CSW2 and no devices in the network seem to be able to reach VLAN 66 anymore. Although you trust your assistant.66. router R2.1. the access switch ASW1 failed and your assistant quickly concluded that the power supply had failed and that the switch needed to be replaced. your assistant tells you that all efforts to restore service failed. The ping failed.Trouble Ticket A: Switch Replacement Has Failed Late on Friday afternoon. The router R1 VLAN 66 IP address is 10.252. Inc. Your assistant is convinced that PC Client 2 broke the PC configuration.” Your assistant first thought the issue was a result of his configuration on switch ASW1. .0 © 2009 Cisco Systems. Your task is to diagnose the issues and restore switch ASW1 as a fully functional access switch on the network. and the router R2 VLAN 66 IP address is 10.

and C to resolve the issues. B. assign the primary responsibility for each of the devices to a team member. Together with your team members. or execute unauthorized actions. This means that no other team member should access the console. Lab Guide 61 . without the need for permission from the controlling member. Inc. you are ready to start troubleshooting. This is an example of a possible organization of the teams. afterwards reload all devices with the new configurations in order to prepare the devices for this lab ): „ Trouble Ticket A involves communication issues between switch ASW1 and router R1. assign each team member appropriate roles. and therefore originates in the lower part of the client network. Document your progress in the “Troubleshooting Log” provided below in order to help facilitate efficient communication within the team and to have an overview of your troubleshooting process for reference during the lab debriefing discussions.Instructions As you can see from the troubleshooting tickets. this troubleshooting lab includes three types of issues ( Use for all switches use the alias command “init-2-2” and on the routers use the alias command “init-2_2”. switches ASW2. Once roles have been assigned. work together on Trouble Tickets A. „ Trouble Ticket B involves communication issues between the upper and the lower parts of the client network. such as reloading or debugging. Whichever organizational model you choose. © 2009 Cisco Systems. The team member who has primary responsibility for a device is in control of the console of that device and changes to the device. DSW2. The instructor will provide you with directions to prepare the lab equipment for this lab. and coordinate device access among the team members. Issues affecting the lower part of the lab could be solved by the second team. and therefore originates in the upper part of the client network. A logical way of organizing the workload could be to assign the upper section of the pod (client CLT1-switch ASW1-switch DSW1-switch CSW1-router R1) to one team and the lower part of the pod (client CLT2. After the instructor indicates that the lab is fully prepared. All team members can access all devices via Telnet or SSH for nondisruptive diagnostic action. and CSW2) to a second team. without permission from the controlling team member. The teams will have to work together to resolve issues affecting both the upper and lower section. „ Trouble Ticket C involves communication issues between client CLT2 and router R2. create a troubleshooting plan to divide the work. Responsibilities can be reassigned during later labs if necessary. make changes to the device. Issues affecting the upper part of the lab could be solved by the first team.

Troubleshooting Log Use this log to document your actions and results during the troubleshooting process.0 © 2009 Cisco Systems. . Trouble Ticket 62 Actions and Results Implementing Cisco Switched Networks (SWITCH) v1. Inc.

Actions and Results Lab Guide 63 . Inc.Trouble Ticket © 2009 Cisco Systems.

. Inc.Trouble Ticket 64 Actions and Results Implementing Cisco Switched Networks (SWITCH) v1.0 © 2009 Cisco Systems.

Actions and Results Lab Guide 65 . Inc.Trouble Ticket © 2009 Cisco Systems.

… You have documented your process. Inc. … Switch CSW2 in VLAN 66 can be reached through all trunks.Activity Verification You have completed this lab when you attain the results below. Trouble Ticket B: … You can complete an extended ping from the router R1 interface in VLAN 66 to the router R2 interface in VLAN 66. and any changes that you have made to the device configurations. … Client PCs that are connected to switch ASW1 can ping the gateway router R1. … Client PCs that are connected to switch ASW2 can ping the gateway router R2. your solution.0 © 2009 Cisco Systems. . and any changes that you have made to the device configurations. Trouble Ticket A: … Client PCs that are connected to switch ASW1 can acquire an IP address via DHCP. Implementing Cisco Switched Networks (SWITCH) v1. Trouble Ticket C: 66 … Client PCs that are connected to switch ASW2 can acquire an IP address via DHCP. and any changes that you have made to the device configurations. your solution. … You have documented your process. … Switch CSW2 interfaces in VLAN 66 are properly configured. your solution. … You have documented your process.

This output shows that there is a physical path—Layer 2 and Layer 3 connectivity between switch ASW1 and router R1. that this may also be caused by a host-based firewall that is blocking pings). Client CLT1 is in VLAN 3 and obtains its IP address from router R1. acting as a DHCP server. Pings from switch ASW1 to the router R1 interface in VLAN 1 succeed. though. Inc. You can identify the issue as either a physical connectivity issue between switch ASW1 and client CLT1 or a VLAN issue. Lab Guide 67 . Typical symptoms that could lead you to start examining Layer 2 connectivity would be: „ Failing pings between adjacent devices. Usually. „ Successful pings between hosts in another Layer 2 domain but sharing the same physical path. A ping to router R1 interface in VLAN 3 from the client CLT1 command prompt interface fails. such as two hosts in the same VLAN or a host and its default gateway.Trouble Ticket A: Sample Troubleshooting Flow The following pages illustrate an example of a method that you could follow to diagnose and resolve Trouble Ticket A. you would start troubleshooting the Layer 2 connectivity between devices because you have discovered that there is no Layer 3 connectivity between two adjacent Layer 2 hosts. © 2009 Cisco Systems. such as hosts in another VLAN on the same link. (Keep in mind. Switch ASW1 is in VLAN 1.

the next step is to determine the path that you would expect frames to follow between the affected hosts. You can create VLAN 3 on switch ASW1 from the global configuration mode. You can diagnose Layer 2 problems with this common troubleshooting method: „ Verify Layer 1 and Layer 2 connectivity. Fa0/23 4 VLAN0004 active 11 VLAN0011 active 14 VLAN0014 active 63 VLAN0063 active 1002 fddi-default Fa0/3 act/unsup © 2009 Cisco Systems. and knowledge of your network in general. the interfaces should be down. If the actual traffic path is different from your expected path.Key Clue: ASW1 VLAN Configuration ASW1#sh vlan VLAN Name Status Ports ---.0—7 Once you have determined that the problem is most likely a Layer 2 or Layer 1 problem. Fa0/18. baselines. Determining the expected traffic path beforehand will help you in two ways: It will give you a starting point for gathering information about what is actually happening on the network. client CLT1 cannot communicate with its gateway in VLAN 3.--------. 68 Implementing Cisco Switched Networks (SWITCH) v1. you will want to reduce the scope of the potential failures. Fa0/8. All rights reserved. SWITCH v1. The second step in determining the Layer 2 path is to follow the expected path and verify that the links on the expected path are actually up and forwarding traffic. and it will make it easier to spot abnormal behavior. a useful tool is Cisco Discovery Protocol. Fa0/5 Fa0/6. If the VLAN does not exist. . If Layer 1 connectivity is broken. Inc. Fa0/17. Fa0/10 Fa0/12. Fa0/7. Based on documentation.0 © 2009 Cisco Systems. you should be able to use it to verify all device adjacencies. In this case. Layer 2 connectivity might be involved as the VLAN database on switch ASW1 does not show VLAN 3.-----------------------------1 default active Fa0/2. If Layer 1 connectivity is established but Layer 2 connectivity is broken. Inc. Fa0/4. Unless Cisco Discovery Protocol is disabled. Fa0/9.--------------------------. „ Determine the Layer 2 path. this step may give you clues about the particular links or protocols that are failing and the cause of these failures.

© 2009 Cisco Systems. Current configuration : 189 bytes ! interface FastEthernet0/3 description to CLT1 switchport access vlan 11 switchport mode access End Config terminal Int f0/3 Switchport access vlan 3 % Access VLAN does not exist. You can change it to VLAN 3.0—8 Another key piece of information comes from the previous page. If VLAN 3 has not been created before. All rights reserved. It is said to be active on interface f0/3. Lab Guide 69 . which is the interface to which client CLT1 connects. which displays information about VLAN 11. Trying to ping router R1 from client CLT 1 at this stage would still fail. Inc. but in VLAN 11. SWITCH v1. Inc. You need to examine the issue a little bit further. Verifying the f0/3 interface configuration shows that it is set to access mode.Key Clue: ASW1 Port Configuration CLT1 is supposed to be in VLAN 3 Show running-config interface f0/3 Building configuration. the 2960 platform creates the VLAN automatically as soon as a port is affected to that VLAN.. Creating vlan 3 © 2009 Cisco Systems..

65 switchport mode access ! © 2009 Cisco Systems. B .Key Clue: ASW1 Trunk Configuration ASW1#show run int f0/1 Current configuration : 164 bytes ! interface FastEthernet0/1 description to DSW1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.11. The IP address renews successfully. then you should suspect a Layer 1 issue might be the cause: ASW1#Show cdp neighbors Capability Codes: R . The interface command switchport mode trunk allows you to change the mode back to trunk.3. Switch ASW1 port f0/1 connects to switch DSW1 port f0/6 in this example.0 © 2009 Cisco Systems.0—2-56 The next logical step could be to verify the path from switch ASW1 to switch DSW1. . VLAN 3 information coming from switch ASW1 cannot be received in this mode. and verify the switch DSW1 link to switch ASW1. SW ITCH v1. P .Switch. I . All rights reserved.IGMP. You have resolved Trouble Ticket 1.63. thus proving Layer 2 connectivity between Client 1 and router R1. It is set to access mode in VLAN 65.Phone Device ID DSW1 Local Intrfce Fa 0/1 Holdtme 174 Capability T I Platform Port ID CA 3550 Fa 0/6 Switch DSW1 is recognized. Inc. The trunk configuration is correct on switch ASW1 as shown above. T . 70 Implementing Cisco Switched Networks (SWITCH) v1. the port configuration on switch DSW1 is incorrect. This link is supposed to be a trunk. If you are managing switch ASW1. r . try to renew the IP address. which is to be assigned from router R1.65 switchport mode trunk ! DSW1# show run int f0/6 Current configuration : 344 bytes ! interface FastEthernet0/6 description to ASW1 switchport access vlan 65 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1. H .Router. Inc. If switch ASW1 does not recognize switch DSW1 with Cisco Discovery Protocol.11.63. at least by Cisco Discovery Protocol. As shown above.3.Host.Trans Bridge. Cisco Discovery Protocol is an independent Layer 2 protocol that may recognize neighboring devices even if the link configuration is partly incorrect. The next step could be to verify the switch ASW1-DSW1 link configuration.Repeater. A useful tool to verify neighbor information is Cisco Discovery Protocol. On Client 1.Source Route Bridge S . it is time to inform your team that the issue might also be on switch DSW1.

use the following space to document other possible solutions. Lab Guide 71 . Possible solutions will be discussed during the debriefing period after the lab.Alternate Resources and Solutions Other groups may use a solution that is different from yours. __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems. For your reference. Inc.

Inc. .__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 72 Implementing Cisco Switched Networks (SWITCH) v1.0 © 2009 Cisco Systems.

Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Inc.. Inc.1. Strict.0—10 The first test can be to ping router R2 from the router R1 interface in VLAN 66.251 . All rights reserved. © 2009 Cisco Systems. Record. This issue could be as a result of IP addressing problems on routers R1 or R2 as well as Layer 2 configuration problems.66.251 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose.1.Trouble Ticket B: Sample Troubleshooting Flow The following pages illustrate an example of a method that you could follow to diagnose and resolve Trouble Ticket B. As reported on the troubleshooting ticket. Success rate is 0 percent (0/5) © 2009 Cisco Systems. timeout is 2 seconds: Packet sent with a source address of 10. Sending 5.66. Timestamp. the ping is unsuccessful.1..252 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 10.252.. Lab Guide 73 .66.1.66.. If you approach this problem as a Layer 2 issue. Connectivity Verification: R1 to R2 in VLAN 66 R1#ping Protocol [ip]: Target IP address: 10. 100-byte ICMP Echos to 10. you might begin by looking at the configurations on switch CSW1 or switch CSW2. SWITCH v1.

line protocol is up (connected) …/… The link to R1 is configured properly. along with the switch CSW1 to router R1 and switch CSW2 to router R2 configurations. The configuration should be valid. Inc. the link to router R1 is supposed to be a trunk: Show run int f0/11 Building configuration. 74 Implementing Cisco Switched Networks (SWITCH) v1. . and connected. All rights reserved. as it is on switch CSW1..-------------------------------. at least on switch CSW1. On switch CSW1.Key Clue: CSW2 Links to CSW1 interface FastEthernet0/7 switchport trunk encapsulation dot1q switchport mode trunk shutdown channel-group 33 mode on ! interface FastEthernet0/8 switchport trunk encapsulation dot1q switchport mode trunk shutdown channel-group 33 mode on …/… © 2009 Cisco Systems. Current configuration : 95 bytes ! interface FastEthernet0/11 switchport trunk encapsulation dot1q switchport mode trunk end DSW1#sh int f0/11 FastEthernet0/11 is up.--------. Inc. SWITCH v1.0—11 A logical step is to verify the switch CSW1 to switch CSW2 link configuration. The same verifications could be conducted on switch CSW2.. The next step could be to verify if VLAN 66 is known on CSW1: CSW1#sh vlan VLAN Name Status Ports ---.------------------------------…/… 66 VLAN0066 active …/… VLAN 66 is known.0 © 2009 Cisco Systems. verifying the trunk link to router R2 along with the switch CSW2 VLAN database.

You decide to correct this as follows: CSW1#conf t Enter configuration commands. Inc. passive on switch CSW1 will not create an EtherChannel.In a step-by-step approach.” You can confirm this point by checking the physical connections: Show run interface FastEthernet0/7 switchport trunk encapsulation switchport mode trunk channel-group 33 mode passive ! interface FastEthernet0/8 switchport trunk encapsulation switchport mode trunk channel-group 33 mode passive ! interface FastEthernet0/9 switchport trunk encapsulation switchport mode trunk channel-group 33 mode passive ! interface FastEthernet0/10 switchport trunk encapsulation switchport mode trunk channel-group 33 mode passive dot1q dot1q dot1q dot1q They are obviously in an incorrect mode. The other end (switch CSW2) is still in on mode. © 2009 Cisco Systems. CSW1 (config)#int ran f0/7 . There is more than one issue to solve for this ticket. Lab Guide 75 . one per line. End with CNTL/Z. It shows LACP instead of “on. but the ping will still be unsuccessful. you could verify the link between switches CSW1 and CSW2: CSW1#show etherchannel 33 port-ch Port-channels in the group: --------------------------Port-channel: Po33 (Primary Aggregator) -----------Age of the Port-channel = 0d:00h:45m:07s Logical slot/port = 2/24 Number of ports = 0 HotStandBy port = null Port state = Port-channel Ag-Not-Inuse Protocol = LACP The EtherChannel link is not in use.10 CSW1 (config-if-range)#no channel-gr 33 mo pas CSW1 (config-if-range)#channel-gr 33 mo on CSW1 (config-if-range)#end You then may want to try again to ping router R2 from the router R1 interface in VLAN 66.

. The ping is still unsuccessful. All rights reserved. you may want to reattempt a ping from router R1 to router R2. There is still another part of the issue to solve. Inc.0—4-52 You may then shift your attention to switch CSW2 and verify its connection to switch CSW1. Current configuration : 142 bytes ! interface Port-channel33 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1. SW ITCH v1. Once enabled. 76 Implementing Cisco Switched Networks (SWITCH) v1.0 © 2009 Cisco Systems. Verifying the port configurations show that they are in shutdown state. Inc. CSW2#show etherchannel 33 port-channel Port-channel: Po33 -----------Age of the Port-channel = 0d:00h:00m:49s Logical slot/port = 2/24 Number of ports = 4 GC = 0x00000000 HotStandBy port = null Port state = Port-channel Ag-Inuse Protocol = Ports in the Port-channel: Index Load Port EC state No of bits ------+------+------+------------------+----------0 00 Fa0/7 On 0 0 00 Fa0/8 On 0 0 00 Fa0/9 On 0 0 00 Fa0/10 On 0 Time since last port bundled: 0d:00h:00m:17s Fa0/9 Now that the ports are enabled. a verification of the port channel for these ports shows that the link is up.3. The EtherChannel link does not seem to be operational on this side either.63-65 switchport mode trunk end © 2009 Cisco Systems.11.Key Clue: CSW2 EtherChannel to CSW CSW2#show run int po 33 Building configuration..12.4. .

It is shown here to isolate it from the shutdown issue. It is easy to correct: CSW2#conf t Enter configuration commands.251 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose. one per line. Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort.66.1.252. Sending 5.While verifying the switch CSW2 configuration. You might have seen this issue at an earlier stage. L3SW4(config)#int po 33 L3SW4(config-if)#sw trun all vla ad 66 L3SW4(config-if)#end R1#ping Protocol [ip]: Target IP address: 10. Record. End with CNTL/Z.1.1.66. Lab Guide 77 . Inc.251 !!!!! Success rate is 100 percent (5/5) © 2009 Cisco Systems.66.252 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 10. Timestamp. Strict.1.66. timeout is 2 seconds: Packet sent with a source address of 10. 100-byte ICMP Echos to 10. you may see that VLAN 66 is not allowed on the EtherChannel.

0 © 2009 Cisco Systems. Inc. For your reference. Possible solutions will be discussed during the debriefing period after the lab.Alternate Resources and Solutions Other groups may use a solution that is different from yours. use the following space to document other possible solutions. . __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 78 Implementing Cisco Switched Networks (SWITCH) v1.

Inc.__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems. Lab Guide 79 .

the port is f0/3. ASW2(config)#int f0/1 ASW2(config-if)#sw mo trunk ASW2(config-if)#end After you have made the changes.0—13 A possible first step is to verify the switch ASW2 port to client CLT2 configuration. End with CNTL/Z.Trouble Ticket C: Sample Troubleshooting Flow The following pages illustrate an example of a method that you could follow to diagnose and resolve Trouble Ticket C. have you resolved the issue? Test the solution by trying to renew the client CLT2 IP address. then there are other issues. ASW2(config)#int f0/3 ASW2(config-if)#sw mo ac ASW2(config-if)#end Because the switch ASW2 port configuration was incorrect. Inc. Current configuration : 82 bytes ! interface FastEthernet0/1 switchport access vlan 4 switchport mode access end © 2009 Cisco Systems. Inc. one per line. It should be in access mode in VLAN 4. Key Clue: ASW2 Ports Configuration ASW2#sh run int f0/3 Building configuration. the port is f0/1. In this example. SWITCH v1.. so you need to change it to trunk mode: ASW2#conf t Enter configuration commands. End with CNTL/Z. The port is in trunk mode. In this example.0 © 2009 Cisco Systems. . You obviously correct this mistake as follows: ASW2#conf t Enter configuration commands.. All rights reserved. You notice this time that the port is in access mode. Current configuration : 82 bytes ! interface FastEthernet0/3 switchport access vlan 4 switchport mode trunk end ASW2#sh run int f0/1 Building configuration. If it fails.. 80 Implementing Cisco Switched Networks (SWITCH) v1. one per line. you may also want to verify the port configuration to switch DSW2..

SWITCH v1. but you notice that the IP address is on the wrong VLAN. Inc. CLT2 does obtain an IP address. End with CNTL/Z. All rights reserved. Lab Guide 81 . Client CLT2 has an address in VLAN 1 instead of VLAN 4. The port has been shut down. one per line.. DSW2(config)#int f0/6 DSW2(config-if)#no sh DSW2(config-if)#end When renewing the client CLT2 IP address this time.0—14 Now turn your attention to switch DSW2 and check its connection to switch ASW2.. so you need to re-enable it for communication to switch ASW2: DSW2#conf t Enter configuration commands. © 2009 Cisco Systems.Key Clue: DSW2 Link to ASW2 DSW2#sh run int f0/6 Building configuration. Current configuration : 104 bytes ! interface FastEthernet0/6 switchport trunk encapsulation dot1q switchport mode trunk shutdown end © 2009 Cisco Systems. Inc.

SWITCH v1. Inc. As all the other links are in native VLAN 1.0—15 You have already checked the port configuration for client CLT2 on switch ASW2 and you know it is an access port in VLAN 4. Current configuration : 125 bytes ! interface Port-channel31 switchport trunk encapsulation dot1q switchport trunk native vlan 4 switchport mode trunk end Both links are in native VLAN 4. .0 © 2009 Cisco Systems.. Current configuration : 125 bytes ! interface Port-channel32 switchport trunk encapsulation dot1q switchport trunk native vlan 4 switchport mode trunk end © 2009 Cisco Systems. 82 Implementing Cisco Switched Networks (SWITCH) v1. Checking the port configuration on switch DSW2 to switches CSW1 and CSW2 verifies the problem as a native VLAN issue: DSW2#sh run int po 32 Building configuration. Current configuration : 125 bytes ! interface Port-channel32 switchport trunk encapsulation dot1q switchport trunk native vlan 4 switchport mode trunk end DSW2#sh run int po 31 Building configuration. All rights reserved. The switch DSW1 and DSW2 port configurations show that the ports are in trunking mode and a possible cause might be a native VLAN problem. the DHCP request is forwarded untagged from switch DSW2 to switch CSW2 on VLAN 4. Inc.. and switch CSW2 forwards it to its native VLAN 1 to router R2.Key Clue: Native VLAN DSW2#sh run int po 32 Building configuration.. Changing the native VLAN between switches DSW2 and CSW1 and between switches DSW2 and CSW2 solves the problem....

Alternate Resources and Solutions Other groups may use a solution that is different from yours. Lab Guide 83 . __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems. For your reference. Inc. use the following space to document other possible solutions. Possible solutions will be discussed during the debriefing period after the lab.

0 © 2009 Cisco Systems. Inc.__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 84 Implementing Cisco Switched Networks (SWITCH) v1. .

Lab Guide 85 . Inc.Lab 2-2: Key Commands and Tools Used __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems.

After completing this activity. Because you do not want to keep your routers isolated for the next labs. Verify that the switch CSW1 trunk to router R1 allows VLAN 51. and switch CSW1. reboot switch CSW1 and routers R1 and R2 without saving the configuration. The lab has two routers. Configure a static IP address for each router using the table below: Device Name Interface IP Address VLAN R1 F0/0. and you think that it would be interesting to use them to experiment the isolated VLAN feature.51. Read this information carefully. and describes the requirements common to all devices in the network. use VLANs 501 and 51. Be sure to save before this optional task. Start by configuring switch CSW1 to support VLANs 501 and 51. Implementation Policy Make sure you have saved your configuration before moving to this step.51 10. each of them having a link to switches CSW1 and CSW2. Activity Objective As private VLANs were an interesting part of Module 2. For this task.1/24 51 R2 F0/1. So make sure that you saved before this optional task. and that you reboot the switches you use for this task before moving to the next lab. Inc.Lab 2-3: Implement Private VLANs Complete this lab activity to practice what you learned in the related module. You may want to use the “Hints” section at the end of this lab to verify the steps that are involved in this configuration. 86 Implementing Cisco Switched Networks (SWITCH) v1. . along with information specific to each device. and reboot the switches you use for this task before moving to next lab. convert VLAN 51 to isolated.51 10.2/24 51 Verify that the switch CSW1 link to router R2 is enabled and is in VLAN 51. this feature will have to be removed when moving to Lab 3-1. As you do not want to keep your routers isolated for the next labs. If your configuration is successful. Connect to routers R1 and R2. Once this point is verified. The end of this Lab Guide contains the solution for this task.51.1. Once your configuration is working. you would like to experiment on this feature. Verify that both routers can ping each other from their VLAN 51 interface. you will be able to meet these objectives: „ Plan a segmented private VLAN implementation „ Create a private VLAN implementation and verification plan „ Implement private VLANs Required Resources This section contains the information needed to accomplish in this activity. and create a sub-interface for VLAN 51.1. private VLANs will have to be removed when moving to Lab 3-1.0 © 2009 Cisco Systems. routers R1 and R2 should not be able to ping each other anymore. using VLAN 501 as the primary VLAN.

0—16 Lab Guide 87 . Visual Objective for Lab 2-3: Configure Private VLANs © 2009 Cisco Systems. © 2009 Cisco Systems. Inc.Visual Objective The figure illustrates what you will accomplish in this activity. Inc. SWITCH v1. All rights reserved.

Configuration Commands 88 Command Description interface fastethernet | gigabitethernet slot/port Enters interface configuration mode for a Cisco Catalyst switch with a Fast Ethernet or Gigabit Ethernet interface installed. switchport nonegotiate Turns off DTP negotiation.Command List The table describes the commands that are used in this activity. interface range fastethernet | gigabitethernet slot/starting_port . When passive mode is enabled. Inc. Active mode places an interface into a negotiating state in which the interface initiates negotiations with other interfaces by sending LACP packets. switchport trunk encapsulation isl Specifies ISL encapsulation on the trunk link. A channel is formed with another port group in either the passive or active mode. Implementing Cisco Switched Networks (SWITCH) v1. . private-vlan isolated Configures the current VLAN as an isolated VLAN. In on mode. show interface interface-id switchport Displays the switch port configuration of the interface.0 © 2009 Cisco Systems. private-vlan association vlan-list Specifies which secondary VLANs are associated with the primary VLAN. shutdown/no shutdown Shuts down or enables an interface.ending_port Selects a range of interfaces to configure. show vtp status Shows the VTP configuration. show interface trunk Displays the trunk configuration of the interface. interface interface-id channel-group channel-groupnumber mode active | passive | on Unconditionally enables Link Aggregation Control Protocol (LACP). no interface vlan vlan-id type Disables a VLAN interface. switchport mode trunk Puts the interface into permanent trunking mode and negotiates to convert the link into a trunk link. switchport trunk allowed vlan all | none | add | remoce | except vlan-list Configures the list of VLANs allowed on the trunk. a usable EtherChannel exists only when both sides are in the on mode. the port responds to received LACP packets but does not initiate LACP packet negotiation. show vlan Displays VLAN information. switchport mode access Puts the interface into permanent nontrunking mode and negotiates to convert the link into a nontrunk link. switchport trunk encapsulation dot1q Specifies 802.1Q encapsulation on the trunk link. switchport access vlan vlan-id Specifies the default VLAN. which is used if the interface stops trunking. show running-config interface interface-id Displays interface-specific configuration information. private-vlan primary Configures the current VLAN as a primary VLAN. name vlan-name Specifies a name for a VLAN for either VLAN database or VLAN configuration mode.

Lab Guide 89 . Inc.Job Aids These are the job aids for this lab activity: Value Location Blank implementation requirements list Task 1 Blank implementation and verification plan form Task 2 Blank verification notes form Task 3 Alternate resources and solutions form End of this lab Implementation requirements hints “Hints” section at the end of this lab Implementation and verification plan hints “Hints” section at the end of this lab Solution configuration answer key (step-bystep procedure) Configuration section at the end of this lab © 2009 Cisco Systems.

If you are unsure. role. and the information in the “Implementation Policy” and “Device Information” sections to create an Implementation Requirements list. etc.Task 1: Establish an Implementation Requirements List The first step in your configuration deployment is to create a list of the items needed to configure each device (for example.). use the hints information provided at the end of this lab. Device 90 High-Level Task Information Source Implementing Cisco Switched Networks (SWITCH) v1.0 © 2009 Cisco Systems. Include the high-level implementation tasks needed for each device and how to obtain the information required for each task. . for example devices involved. Inc. Use the following table. the Visual Objective for this lab.

use the information provided in the “Hints” section at the end of this lab. Inc. The task will help you set up configuration checkpoints. Use the following table and the “Required Resources” section to create the Implementation and Verification Plan. The Implementation and Verification Plan is very important. Use the plan to determine how you will verify that each required item was effectively configured. You will move to the actual implementation in the next task. If you are unsure. because it enables you to ensure that all requirements are properly configured and in the correct order. Device Implementation Order Values and Items to Implement Verification Method and Expected Results Lab Guide 91 .Task 2: Create an Implementation and Verification Plan The second step in your configuration deployment is to create a task list that includes each item that must be configured on each device and in what order the items must be configured. Complete √ © 2009 Cisco Systems.

0 Values and Items to Implement Verification Method and Expected Results © 2009 Cisco Systems.Complete √ 92 Device Implementation Order Implementing Cisco Switched Networks (SWITCH) v1. Inc. .

use the information provided in the “Hints” section at the end of this lab. The company will apply your configuration. Keep in mind that once you leave the company. Use the previous table to document the verifications you conducted to ensure that your solution is complete. without modification.Task 3: Implement and Verify Now that you have all of the requirements and have planned the implementation. If you are unsure about the verification steps. you are ready to connect to the remote lab and implement your solution. Lab Guide 93 . Do not forget to save. they will use your configuration as a white paper to implement their network. Inc. verify that your configuration is working and fulfills the requirements specified by the company. © 2009 Cisco Systems. Once your solution is implemented. to connect any device of the same type as the one you configured for each port.

. Inc.Student Notes Use the following space to document the details that you think are important to remember. __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 94 Implementing Cisco Switched Networks (SWITCH) v1.0 © 2009 Cisco Systems.

Lab Guide 95 .__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems. Inc.

Alternate Resources and Solutions Other groups may use a solution that is different from yours. Possible solutions will be discussed during the debriefing period after the lab. For your reference. __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 96 Implementing Cisco Switched Networks (SWITCH) v1. . use the following space to document other possible solutions.0 © 2009 Cisco Systems. Inc.

__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems. Lab Guide 97 . Inc.

Inc.0 © 2009 Cisco Systems.Lab 2-3: Key Commands and Tools Used __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 98 Implementing Cisco Switched Networks (SWITCH) v1. .

1. Implementation Policy R1 Configure subinterface to switch CSW1 in VLAN 51.51. show private vlan 7 9 Set VLAN 501 to be primary. show run 9 CSW2 CSW1. Ping should succeed.1. Implementation Policy Allow VLANs 51 and 501 on trunks to R1. set VLAN 51 to be isolated. Ping should fail. There are several possible correct solutions. Implementation Policy Set VLAN 501 as primary and 51 as isolated. show private vlan 7 R1 5 Configure subinterface on link to CSW1 to be 10.Hints You are encouraged to complete the labs using your knowledge.51. Implementation Policy Implementation and Verification Plan In Task 2. R2 © 2009 Cisco Systems. Implementation Policy R2 Configure subinterface to switch CSW1 in VLAN 51. An example of the Implementation and Verification Plan follows.1. Lab 2-3 Hint Sheet: Implement Private VLANs Implementation Requirements To facilitate the configuration of your network. The list details the elements needed to develop an implementation plan. 8 11 Reload without saving. the first task asks you to create an Implementation Requirements list.1. show vlan 1 2 Create VLAN 501. you will create an implementation plan. this section contains a series of hints to help you complete the lab. Inc. The following is an example of such a list: Device Implementation Requirement Lab 2-3 Section Containing Hint CSW1 Create VLAN 51 and 501. 6 10 Try to ping R1 interface 10. Lab Guide 99 . mapped to VLAN 51. show ip interface brief 4 R2 6 Configure subinterface on link to CSW1 to be 10.51. show vlan 1 3 Allow VLAN 51 on the trunk link to R1. However.1. show ip interface brief 5 7 Ping R1 interface 10. Implementation Policy Set link to R2 to VLAN 51.1/24. Complete √ Device Implementation Order Values and Items to Implement Verification Method and Expected Results Step Number CSW1 1 Create VLAN 51.51. show run interface to R2 3 8 After R1 and R2 links are configured successfully.1. if you need help.2/24. R1. show run interface to R1 2 4 Allow VLAN 51 on the trunk link to R2.

Step-by-Step Procedure
Step 1
Create VLANs 51 and 501 on switch CSW1:

Step 2

„

Connect to the remote lab.

„

Access switch CSW1 console.

„

Enter privilege mode, using enable.

„

Enter configuration mode, using configure terminal.

„

Create VLAN 51 using: vlan 51.

„

Create VLAN 501, using: vlan 501.
Allow VLAN 51 support on the trunk links to router R1:

interface f0/11
switchport trunk allowed vlan add 51
Step 3

Set switch CSW1 link to router R2 f0/1 to VLAN 51:
interface f0/12
switchport trunk allowed vlan add 51
no shutdown

Step 4

Configure R1 interface to be 10.1.51.1/24:
interface f0/0.51
encapsulation dot1q 51
ip address 10.1.51.1 255.255.255.0

Step 5

Configure R2 interface to be 10.1.51.2/24:
interface f0/1.51
encapsulation dot1q 51
ip address 10.1.51.2 255.255.255.0
no shutdown

Step 6

Try to ping from router R1 to router R2 or from router R2 to router R1; ping should be
successful:
R2#ping 10.1.51.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.51.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5)

Step 7

Configure VLAN 501 and 51 to be primary and isolated, respectively, on all the involved
switches:
vlan 51
name TestIsolated
private-vlan isolated
vlan 501
name TestIsolated
private-vlan primary
private-vlan association 51

Step 8

Try to ping from router R1 to router R2 or from router R2 to router R1; ping should fail:
R2#ping 10.1.51.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.51.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

100

Implementing Cisco Switched Networks (SWITCH) v1.0

© 2009 Cisco Systems, Inc.

Step 9

Revert your configuration to a state prior to Step 4: reboot routers R1, R2, and switch
CSW1 without saving the configuration.

© 2009 Cisco Systems, Inc.

Lab Guide

101

Lab 3-1: Implement Multiple Spanning Tree
Complete this lab activity to reinforce your understanding of Spanning Tree Protocol
implementation.

Activity Objective
Congratulations! You were chatting about spanning tree with a friend at the cafeteria, and the
head of the local university heard your conversation. She selected you to make a presentation
about spanning tree, and to demonstrate on live equipment, in front of a large audience, how you
would configure the various modes of spanning tree. You decide that preparing for this
presentation could be useful, and that you would use your pod to walk through the different steps
involved and the various spanning tree modes.
In this activity, you will design and implement Multiple Spanning Tree Protocol (MSTP) in a
Layer 2 topology. As you complete the design, you will connect to your remote lab to implement
your solution. After completing this activity, you will be able to meet these objectives:

102

„

Design a spanning tree

„

Create a spanning tree implementation plan

„

Implement a spanning tree according to an implementation plan.

„

Create a spanning tree verification plan

„

Verify the spanning tree according to the verification plan

Implementing Cisco Switched Networks (SWITCH) v1.0

© 2009 Cisco Systems, Inc.

Required Resources
This section contains the information needed to accomplish in this activity, and describes the
requirements common to all devices in the network, along with information specific to each
device. Read this information carefully.
Note: To prepare for the appropriate lab config on the routers, use the alias command
“init-3_1-4_1”.

Implementation Policy
You will observe and configure the functioning of Spanning Tree Protocol (STP) in your
network. The following list details the preparation and configuration requirements for all
switches in the company network. Your configuration must implement all these requirements:
„

In the lab progression, you should observe the existing STP “random” state, and then convert
your configuration to MSTP.

„

Before configuring and enabling spanning tree, verify that the EtherChannels configured in
Lab 2-1 have been be configured properly. Enable the EtherChannel links between switches
CSW1 and DSW2, between switches CSW2 and DSW1, between switches DSW1 and
ASW2, and between switches DSW2 and ASW1. A link must be configured between switch
CSW1 and router R2; a link must also be configured between switch CSW2 and router R1,
but only on the switch side. The router side is already configured. Configure the link between
DSW1 and DSW2.

„

Switch DSW1 is to be the primary root bridge for odd VLANs, and switch DSW2 is to be the
primary root bridge for even VLANs. When instances are used, switch DSW1 is the root for
instance 0 and 1, and switch DSW2 is the root for instance 2. Instance 1 contains the odd
VLANs, and instance 2 contains the even VLANs. One region is enough for your network.
The name of the region must be region1, the revision number must be 1

„

For all VLANs for which switch DSW1 is the primary root, switch DSW2 must be the
secondary root. For all VLANs for which switch DSW2 is the primary root, switch DSW1
must be the secondary root.

„

The “Device Information” section describes the VLANs and corresponding roots.

Device Information
The table provides the Layer 3 reachability information specific to each switch in the network:
Device Name

Role

IP Address

Gateway

VLAN

ASW1

Layer 2 access switch

10.1.1.1/24

10.1.1.251

1

ASW2

Layer 2 access switch

10.1.1.2/24

10.1.1.252

1

DSW1

Layer 3 switch

10.1.1.11/24

10.1.1.251

1

DSW2

Layer 3 switch

10.1.1.22/24

10.1.1.252

1

CSW1

Layer 3 switch

10.1.1.111/24

10.1.1.251

1

CSW2

Layer 3 switch

10.1.1.222/24

10.1.1.252

1

R!

Router

Fa0/0: 10.1.1.251/24

1

R2

Router

Fa0/0: 10.1.1.252/24

1

© 2009 Cisco Systems, Inc.

Lab Guide

103

Links between switches should already be bundled together. The following table shows all
possible numbering conventions for these link bundles. Note that not all of these numbers will be
used:
Device

Link To

Bundle Number Should Be:

ASW1

DSW1

11

ASW1

DSW2

12

ASW2

DSW1

11

ASW2

DSW2

12

DSW1

ASW1

11

DSW1

ASW2

12

DSW1

DSW2

21

DSW1

CSW1

31

DSW1

CSW2

32

DSW2

ASW1

11

DSW2

ASW2

12

DSW2

DSW1

21

DSW2

CSW1

31

DSW2

CSW2

32

CSW1

DSW1

31

CSW1

DSW2

32

CSW1

CSW2

33

CSW2

DSW1

31

CSW2

DSW2

32

CSW2

CSW1

33

VLAN Information

104

VLAN

Root

Backup

Instance
(When Needed)

1

DSW1

DSW2

Instance1

3

DSW1

DSW2

Instance1

4

DSW2

DSW1

Instance2

11

DSW1

DSW2

Instance1

12

DSW2

DSW1

Instance2

63

DSW1

DSW2

Instance1

64

DSW2

DSW1

Instance2

65

DSW1

DSW2

Instance1

66

DSW2

DSW1

Instance2

Implementing Cisco Switched Networks (SWITCH) v1.0

© 2009 Cisco Systems, Inc.

Visual Objective
The figure illustrates what you will accomplish in this activity.

Visual Objective for Lab 3-1: Implement
Multiple Spanning Tree

© 2009 Cisco Systems, Inc. All rights reserved.

SWITCH v1.0—17

Command List
The table describes the commands that you will use in this activity.
Command

Description

instance instance-id vlan vlanrange

Maps VLANs to an MST instance.
For instance-id, the range is 0 to 4094.
For vlan vlan-range, the range is 1 to 4094.

name name

Specifies the configuration name. The name string has a
maximum length of 32 characters and is case sensitive.

revision version

Specifies the configuration revision number. The range is 0 to
65535.

show pending

Shows your configuration by displaying the pending
configuration.

show spanning-tree vlan vlan-id

Displays your entries.

show spanning-tree summary

Displays your entries.

spanning-tree mode {pvst | mst |
rapid-pvst}

Configures spanning tree mode.

spanning-tree mst configuration

© 2009 Cisco Systems, Inc.

„

Select pvst to enable PVST+ (802,1D, the default
setting).

„

Select mst to enable MSTP (and RSTP).

„

Select rapid-pvst to enable rapid PVST+.

Enters MST configuration mode.

Lab Guide

105

Job Aids
These are the job aids for this lab activity:

106

Value

Location

Observe random STP state forms

Task 1

Blank implementation requirements list for
MSTP

Task 2

Blank implementation and verification plan
form for MSTP

Task 3

Blank student notes for MSTP

Task 4

Implementation requirement hints

Hint Section

Implementation hints

Hint Section

Verification hints

Hint Section

Solution configuration answer key

Configuration section at the end of the lab
guide

Implementing Cisco Switched Networks (SWITCH) v1.0

© 2009 Cisco Systems, Inc.

Then. observe and document the random (default) state of the STP on Cisco switches. the control of path between switches was ensured by shutting down the unused ports. and paths between switches. Inc. Lab Guide 107 . In this task. secondary. Use the following table to document the random STP state in your pod. documenting root. you will start by enabling all links between switches and between switches and routers.Task 1: Observing STP Random State In the previous labs. VLAN Root Secondary 1 3 4 11 12 63 64 65 66 © 2009 Cisco Systems.

which path is used to reach the root: VLANs Switch 1. 14.Spanning tree calculation will occur the same way for all VLANs allowed on the same switches. 11. . Inc.0 © 2009 Cisco Systems. Use the following table to determine. for each group of VLANs and from each switch in your network. 12. 63 ASW1 Path to Root ASW1 DSW1 DSW2 CSW1 CSW2 1. 3. 64 ASW2 ASW2 DSW1 DSW2 CSW1 CSW2 108 Implementing Cisco Switched Networks (SWITCH) v1.

Task 2: Create an Implementation Requirements List for MST According to the multivendor policy at the university. for example. The opposite is true for switch DSW2. You need to decide on the number of instances. Device Role MSTP Instance VLANs Lab Guide 109 . To prevent compatibility issues. This model will save CPU cycles by preventing per-VLAN STP processing. you must mark the main requirements for the smooth migration to MST according to the constraints in the “Required Resources” section. and the role of each switch in this new architecture. a set of switches from another vendor may be implemented in the university network. Inc. Use the following table to report each switch role in the new architecture: Device © 2009 Cisco Systems. To achieve this goal. it is to be primary for instance 2 and secondary for instances 0 and 1. you decide to design and migrate the existing random STP configuration toward a multiple-instance STP solution. switch DSW1 will be the primary root switch for instances 0 and 1 and the secondary root for instance 2. You must list the main requirements. the distribution of VLANs among instances.

If you are unsure. use the following table. Inc. and the “Implementation Policy” and “Device Information” sections to create your implementation requirements list. the Visual Objective for this lab. use the information in the “Hints” section at the end of this lab. Device 110 High-Level task Information Source Implementing Cisco Switched Networks (SWITCH) v1. .0 © 2009 Cisco Systems.Once the MST switch roles are clear in your mind.

Device Implementation Order Values and Items to Implement Verification Method and Expected Results Lab Guide 111 . and the previous tasks to prepare your Implementation and Verification plan. The order in which each change should be applied is critical because a successful implementation depends on the order. Inc. It must be a detailed step-by-step list. The actual implementation will be conducted in the next task. If you are unsure. the information from the “Required Resources” section. Use the following table. use the information in the “Hints” section at the end of this lab.Task 3: Create Implementation and Verification Plan It is very important to establish a task list of the needed configurations and the possible verifications for every configuration change. With the help of this list you can define configuration checkpoints. Complete √ © 2009 Cisco Systems.

Inc. .0 Values and Items to Implement Verification Method and Expected Results © 2009 Cisco Systems.Complete √ 112 Device Implementation Order Implementing Cisco Switched Networks (SWITCH) v1.

Device Implementation Order Values and Items to Implement Verification Method and Expected Results Lab Guide 113 . Inc.Complete √ © 2009 Cisco Systems.

Inc.Complete √ 114 Device Implementation Order Implementing Cisco Switched Networks (SWITCH) v1.0 Values and Items to Implement Verification Method and Expected Results © 2009 Cisco Systems. .

Use the previous table to document the verifications you conducted to ensure that your solution is complete. Do not forget to save. Inc. Lab Guide 115 . Once your solution is implemented.Task 4: Implement and Verify Now that you have all of the requirements and have planned the implementation. use the information in the “Hints” section at the end of this lab. you are ready to connect to the remote lab and implement your solution. © 2009 Cisco Systems. If you are unsure about the verification steps. verify that your configuration is working and fulfills the requirements specified in the “Required Resources” section .

__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 116 Implementing Cisco Switched Networks (SWITCH) v1. Inc.Student Notes Use the following space to document the details that you think are important to remember. .0 © 2009 Cisco Systems.

Lab Guide 117 .__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems. Inc.

For your reference. __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 118 Implementing Cisco Switched Networks (SWITCH) v1.Alternate Resources and Solutions Other groups may use a solution that is different from yours.0 © 2009 Cisco Systems. Inc. . Possible solutions will be discussed during the debriefing period after the lab. use the following space to document other possible solutions.

Inc. Lab Guide 119 .__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems.

0 © 2009 Cisco Systems.Lab 3-1: Key Commands and Tools Used __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 120 Implementing Cisco Switched Networks (SWITCH) v1. . Inc.

Inc. Lab 3-1 Hint Sheet: Implement Multiple Spanning Tree Spanning Tree Random State In a random state. The actual configuration in your pod may be different. as the random configuration depends on the actual physical switches that you are using. 4. this section contains a series of hints to help you complete the lab. Lab Guide 121 . 11. 66 © 2009 Cisco Systems. STP could show the following configuration. 64. 12. 3. VLAN Root Secondary 1 CSW1 DSW2 3 CSW1 DSW2 4 CSW1 DSW2 11 CSW1 DSW2 12 CSW1 DSW2 63 CSW1 DSW2 64 CSW1 DSW2 65 CSW1 DSW2 66 CSW1 DSW2 If the random state of spanning tree is the same as described in the above table. 63. If you need a tip.Hints You are encouraged to complete the labs using your knowledge. the path to root could be as follows: VLAN Switch Path to Root 1. 65 ASW1 Fa0/1 ASW1 Fa0/2 DSW1 Po31 DSW2 Po32 CSW1 N/A CSW2 Po33 ASW2 Fa0/1 ASW2 Fa0/2 DSW1 Po31 DSW2 Po32 CSW1 N/A CSW2 Po33 1.

-----------VLAN0001 24577 001f.2721.2721.8680 32 2 20 15 Fa0/5 VLAN0004 24580 001f. CSW1.8600 0 2 20 15 VLAN0063 24639 001f. „ Connect to the remote lab. 11. for example: Step 2 DSW1(config)#interface po 32 DSW1(config-if)# no shutdown DSW1(config-if)#interface fa0/5 DSW1(config-if)# no shutdown DSW1(config-if)# interface fa0/7 DSW1(config-if)# no shutdown Step 3 Repeat the same process on switches DSW2.8600 0 2 20 15 Design an MST Solution for a Layer 2 Network The first task is to decide the role for each device in each instance.8680 32 2 20 15 Fa0/5 VLAN0064 24640 001f. 63. 3. „ Access the Switch console. as per the “Required Resources” section are as follows: Device Device Role MSTP Instance DSW1 Primary root 0 Primary root 1 1. 66 Secondary root 0 Secondary root 1 DSW2 122 Implementing Cisco Switched Networks (SWITCH) v1. 3. 11.2721.2721. „ Enter privilege mode. using the enable command. and CSW2 while using the appropriate interfaces. 64.-----------------.8600 0 2 20 15 VLAN0011 24587 001f. 65 © 2009 Cisco Systems. . Roles.2721.8680 32 2 20 15 Fa0/5 VLAN0003 24579 001f.8680 32 2 20 15 Fa0/5 VLAN0012 24588 001f. Verify the spanning tree root status on all switches.Step-by-Step Procedure Step 1 Connect to the DSW1 switch interface in configuration mode.--.2721. 64. on switch DSW2: Step 4 DSW2#sho spanning-tree root Root Hello Max Fwd Vlan Root ID Cost Time Age Dly Root Port -------------.0 VLANs 1. 66 Primary root 2 4.2721. „ Enter configuration mode.2721.8680 32 2 20 15 Fa0/5 VLAN0066 24642 001f. 65 Secondary root 2 4. Enable previously shut ports. Inc. 12. For example. 63.--. 12.8600 0 2 20 15 VLAN0065 24641 001f.2721.----. using the configure terminal command.--------.

The list details the elements needed to develop an implementation plan. and 2 Implementation Policy Distribution switches Primary and secondary root bridges Implementation Policy Distribution switches VLAN distribution between the root bridge switches Implementation Policy All switches MST Implementation Policy All switches Verification Implementation Policy © 2009 Cisco Systems. The following is an example of such a list: Device Implementation Requirement Lab 3-1 Section Containing Hint Distribution switches MST configuration—region 1. Inc. the first task asks you to create an Implementation Requirements list.1.Implementation Requirements To facilitate the configuration of your network. Lab Guide 123 . instances 0.

1 and 2 Design and Implementation Requirements MST instance 1 assign odd VLANs—1. 66 Design and Implementation Requirements Implementing Cisco Switched Networks (SWITCH) v1. 65 Design and Implementation Requirements MST instance 2 assign even VLANs—4.0 © 2009 Cisco Systems. instance 1 Visual Objective. 3. 12. instances 0. instances 0. 65 Design and Implementation Requirements MST instance 2 assign even VLANs—4. 64. 63. . 64. 11. 65 Design and Implementation Requirements MST instance 2 assign even VLANs—4. 66 Design and Implementation Requirements MST configuration—region1. 64. and 2 Design and Implementation Requirements MST instance 1 assign odd VLANs—1. 66 Design and Implementation Requirements MST configuration—region1. instances 0. 12. Design and Implementation Requirements MST instance 1 assign odd VLANs—1. Design and Implementation Requirements MST configuration—region1. 11. Design and Implementation Requirements MST instance 1 assign odd VLANs—1. instances 0. 65 Design and Implementation Requirements MST instance 2 assign even VLANs—4. 64. 66 Design and Implementation Requirements MST configuration—region1. 66 Design and Implementation Requirements MST primary root for instance 1 Design and Implementation Requirements MST secondary root for instance 2 Design and Implementation Requirements MST configuration—region1.1 and 2 Design and Implementation Requirements MST instance 1 assign odd VLANs—1. 12.Device DSW1 DSW2 ASW1 ASW2 CSW1 CSW2 124 High-Level Task Information Source MST configuration—region1. 11. Design and Implementation Requirements MST configuration—region1. 11. instance 2 Visual Objective. 66 Design and Implementation Requirements MST primary root for instance 2 Design and Implementation Requirements MST secondary root for instance 1 Design and Implementation Requirements MST configuration—region1. 64. 65 Design and Implementation Requirements MST instance 2 assign even VLANs—4. 3. 1.1 and 2 Design and Implementation Requirements MST instance 1 assign odd VLANs—1. 3. instance 2 Visual Objective. 3. 12. 12. 64. 65 Design and Implementation Requirements MST instance 2 assign even VLANs—4. 3. Inc. 12. 63. 63. instance 1 Visual Objective. 11. 11. 63. 63. 63. 3.

63. 64. show pending 2 Assign VLANs 1. 11. and 66 to instance 2. 11. show spanning-tree root 14 Secondary root for instances 0– 1. show pending 4 Assign VLANs 4. Complete √ Device Implementation Order Values and Items to Implement Verification Method and Expected Results DSW1 1 MST instance 1. and 65 to instance 1. show spanning-tree 13 Primary root for instance 2. show pending 9 Assign VLANs 1. show pending 5 Change STP mode to MST. 12. 64. 64. Inc. show pending 18 MST instance 2. and 66 to instance 2. show pending 17 Assign VLANs 1. show spanning-tree root 16 MST instance 1. show pending 10 MST instance 2. show pending 23 MST instance 2. you will create an implementation requirements list. show spanning-tree 6 Primary root for instances 0–1. 63. show pending 20 Change STP mode to MST. show spanning-tree root 8 MST instance 1. show pending 24 Assign VLANs 4. 11. and 66 to instance 2. and 65 to instance 1. Lab Guide 125 . show pending DSW2 ASW1 ASW2 CSW1 © 2009 Cisco Systems. There are several possible correct solutions. 63. show pending 12 Change STP mode to MST. show pending 11 Assign VLANs 4. 3. and 65 to instance 1. show pending 19 Assign VLANs 4. 3. show spanning-tree 26 MST instance 1. You can then configure each switch with items that are unique to each device. 12. 12. 64. show spanning-tree 21 MST instance 1. 12. One possible approach groups items that are common to all switches in a template and then applies the template to all switches. An example of the Implementation and Verification Plan follows. 11. and 65 to instance 1. show pending 25 Change STP mode to MST. show pending 3 MST instance 2. show pending 22 Assign VLANs 1. and 66 to instance 2. 3. 63.Implementation and Verification Plan In task 2. 3. show spanning-tree root 7 Secondary root for instance 2.

show pending 33 MST instance 2. show pending 29 Assign VLANs 4.64. 66 Use the show pending command to check the configuration: Step 6 DSW1(config-mst)#sho pending Pending MST configuration Name [] Revision 1 Instances configured 3 Instance Vlans mapped -------. and 66 to instance 2. and 65 to instance 1. 3. 11. 64. 63. 12. 3. show pending 35 Change STP mode to MST.65 2 4. show pending 34 Assign VLANs 4. 63.63. 12.67-4094 1 1.11.3.11. 12. show pending 28 MST instance 2. 64.Complete √ Device CSW2 Implementation Order Values and Items to Implement Verification Method and Expected Results 27 Assign VLANs 1. Inc. 64.63 and 65 in instance 1: Step 4 DSW1(config-mst)# instance 1 vlan 1.66 ---------------------------------------------------------------------DSW1(config-mst)# Change the STP mode to MST on switch DSW1: Step 7 DSW1(config)# spanning-tree mode mst Configure spanning-tree root primary for instance 0 and for instance 1 on switch Step 8 DSW1: DSW1(config)# spanning-tree mst 0-1 root primary Step 9 Configure spanning-tree root secondary for instance 2 on switch DWS1: DSW1(config)# spanning-tree mst 2 root secondary Step 10 126 Repeat Steps 1 to 7 on switch DSW2: Implementing Cisco Switched Networks (SWITCH) v1. 12.13-62. and 66 in instance 2: Step 5 DSW1(config-mst)# instance 2 vlan 4. show spanning-tree Step-by-Step Procedure Step 1 Enter MST configuration mode on switch DSW1: DSW1(config)# spanning-tree mst configuration Configure region name: Step 2 DSW1(config-mst)# name region1 Configure revision: Step 3 DSW1(config-mst)# revision 1 Put VLANs 1. 63. show spanning-tree 31 MST instance 1. show pending 30 Change STP mode to MST.0 © 2009 Cisco Systems. 11. . show pending 32 Assign VLANs 1.5-10.3. 11. and 66 to instance 2.-----------------------------------------------------------0 2. 65 Put VLANs 4.12. 64. and 65 to instance 1. 3.

Configure spanning-tree root primary for instance 2 on switch DWS2:

Step 11

DSW2(config)# spanning-tree mst 2 root primary

Configure spanning-tree root secondary for instance 0 and for instance 1 on switch

Step 12

DSW2:
DSW2(config)# spanning-tree mst 0-1 root secondary
Step 13

Verify the spanning tree root status on DSW1:
DSW1#sho spanning-tree root

MST Instance
---------------MST0
MST1
MST2
Step 14

Root
Hello Max Fwd
Root ID
Cost
Time Age Dly Root Port
------------------ --------- ----- --- --- --------24576 001f.2721.8680
0
2
20 15
24577 001f.2721.8680
0
2
20 15
24578 001f.2721.8600
200000
2
20 15 Fa0/5

Verify the spanning tree root status on DSW2:
DSW2#sho spanning-tree root

MST Instance
---------------MST0
MST1
MST2

Root
Hello Max Fwd
Root ID
Cost
Time Age Dly Root Port
------------------ --------- ----- --- --- --------24576 001f.2721.8680
0
2
20 15 Fa0/5
24577 001f.2721.8680
200000
2
20 15 Fa0/5
24578 001f.2721.8600
0
2
20 15

Step 15

Repeat Steps 1 to 7 on switch АSW1.

Step 16

Repeat Steps 1 to 7 on switch АSW2.

Step 17

Repeat Steps 1 to 7 on switch CSW1.

Step 18

Repeat Steps 1 to 7 on switch CSW2.

Step 19

Verify spanning-tree root on switch ASW1, ASW2, CSW1 and CSW2..

Step 20

Verify spanning-tree blockedports on switch DSW1:
DSW1#sho spanning-tree blockedports
Name
Blocked Interfaces List
-------------------- -----------------------------------MST2
Po31, Po32
Number of blocked ports (segments) in the system : 2

Step 21

Repeat Step 20 on all the rest of the switches.

© 2009 Cisco Systems, Inc.

Lab Guide

127

Lab 3-2: Implement PVRST+
Complete this lab activity to practice what you learned in the related module.

Activity Objective
Congratulations! Your MSTP configuration was a success. You are asked to give another
presentation focusing on PVRST+. Here again, you decide that preparing for this presentation
could be useful, and that you would use your pod to walk through the different steps involved. In
this activity, you will design and implement Per VLAN Rapid Spanning Tree Plus (PVRST+) in
a Layer 2 topology. As you complete the design, you will connect to your remote lab to
implement your solution. At the end of the lab, you will keep this solution, which is the solution
best adapted to this lab environment. You will then have all the steps required to perform your
live presentation. After completing this activity, you will be able to meet these objectives:
„

Design a migration plan to PVRST+

„

Create a PVRST+ implementation plan

„

Implement PVRST+ according to implementation plan

„

Create a PVRST+ verification plan

„

Verify the PVRST+ spanning tree according to the verification plan

Required Resources
This section contains the information needed to accomplish in this activity, and describes the
requirements common to all devices in the network, along with information specific to each
device. Read this information carefully.

Implementation Policy
You will migrate your configuration to PVRST+. The following list details the preparation and
configuration requirements for all switches in the company network. Your configuration must
implement all these requirements:

128

„

Before configuring and enabling spanning tree, verify that the EtherChannels enabled in Lab
3-1 are still enabled. You need full and redundant connectivity for this lab.

„

Switch DSW1 is to be the primary root bridge for odd VLANs, and switch DSW2 is to be the
primary root bridge for even VLANs.

„

For all VLANs for which switch DSW1 is the primary root, switch DSW2 must be the
secondary root. For all VLANs for which switch DSW2 is the primary root, switch DSW1
must be the secondary root.

„

The “Device Information” section describes the VLANs and corresponding roots.

Implementing Cisco Switched Networks (SWITCH) v1.0

© 2009 Cisco Systems, Inc.

Device Information
The table provides the Layer 3 reachability information specific to each switch in the network:
Device Name

Role

IP Address

Gateway

VLAN

ASW1

Layer 2 access switch

10.1.1.1/24

10.1.1.251

1

ASW2

Layer 2 access switch

10.1.1.2/24

10.1.1.252

1

DSW1

Layer 3 switch

10.1.1.11/24

10.1.1.251

1

DSW2

Layer 3 switch

10.1.1.22/24

10.1.1.252

1

CSW1

Layer 3 switch

10.1.1.111/24

10.1.1.251

1

CSW2

Layer 3 switch

10.1.1.222/24

10.1.1.252

1

R!

Router

Fa0/0: 10.1.1.251/24

1

R2

Router

Fa0/0: 10.1.1.252/24

1

Links between switches should be already be bundled together. The following table shows all
possible numbering conventions for these link bundles. Note that not all of these numbers need to
be used:
Device

Link To

Bundle Number Should Be:

ASW1

DSW1

11

ASW1

DSW2

12

ASW2

DSW1

11

ASW2

DSW2

12

DSW1

ASW1

11

DSW1

ASW2

12

DSW1

DSW2

21

DSW1

CSW1

31

DSW1

CSW2

32

DSW2

ASW1

11

DSW2

ASW2

12

DSW2

DSW1

21

DSW2

CSW1

31

DSW2

CSW2

32

CSW1

DSW1

31

CSW1

DSW2

32

CSW1

CSW2

33

CSW2

DSW1

31

CSW2

DSW2

32

CSW2

CSW1

33

© 2009 Cisco Systems, Inc.

Lab Guide

129

VLAN Information
VLAN

Root

Backup

1

DSW1

DSW2

3

DSW1

DSW2

4

DSW2

DSW1

11

DSW1

DSW2

12

DSW2

DSW1

63

DSW1

DSW2

64

DSW2

DSW1

65

DSW1

DSW2

66

DSW2

DSW1

Visual Objective
The figure illustrates what you will accomplish in this activity.

Visual Objective for Lab 3-2: Implement
PVRST+

© 2009 Cisco Systems, Inc. All rights reserved.

130

Implementing Cisco Switched Networks (SWITCH) v1.0

SWITCH v1.0—18

© 2009 Cisco Systems, Inc.

Command List
The table describes the commands that you will use in this activity.
Command

Description

name name

Specifies the configuration name. The name string has a
maximum length of 32 characters and is case sensitive.

show pending

Shows your configuration by displaying the pending
configuration.

show spanning-tree vlan vlan-id

Displays your entries.

show spanning-tree summary

Displays your entries.

spanning-tree mode {pvst | mst |
rapid-pvst}

Configures spanning-tree mode.
„

spanning-tree vlan vlan-id root
primary [diameter net-diameter
[hello-time seconds]]

spanning-tree vlan vlan-id root
secondary [diameter net-diameter
[hello-time seconds]]

© 2009 Cisco Systems, Inc.

Select pvst to enable PVST+ (802,1D, the default
setting).

„

Select mst to enable MSTP (and RSTP).

„

Select rapid-pvst to enable rapid PVST+

Configures a switch to become the root for the specified VLAN.
„

For vlan-id, you can specify a single VLAN identified by
VLAN ID number, a range of VLANs separated by a
hyphen, or a series of VLANs separated by a comma. The
range is 1 to 4094.

„

(Optional) For diameter net-diameter, specify the
maximum number of switches between any two end
stations. The range is 2 to 7.

„

(Optional) For hello-time seconds, specify the interval in
seconds between the generation of configuration
messages by the root switch. The range is 1 to 10; the
default is 2.

Configures a switch to become the secondary root for the
specified VLAN.
„

For vlan-id, you can specify a single VLAN identified by
VLAN ID number, a range of VLANs separated by a
hyphen, or a series of VLANs separated by a comma. The
range is 1 to 4094.

„

(Optional) For diameter net-diameter, specify the
maximum number of switches between any two end
stations. The range is 2 to 7.

„

(Optional) For hello-time seconds, specify the interval in
seconds between the generation of configuration
messages by the root switch. The range is 1 to 10; the
default is 2.

Lab Guide

131

Job Aids
These are the job aids for this lab activity:
Value

Location

Blank implementation requirements list for
PVRST+

Task 1

Blank implementation and verification plan
form for PVRST+

Task 2

Blank verification notes form

Task 3

Alternate resources and solutions hints

“Hints” section at the end of this lab

Key commands and tolls used form

“Hints” section at the end of this lab

Blank device roles form

132

Implementation requirements hints

“Hints” section at the end of this lab

Implementation and verification plan hints

“Hints” section at the end of this lab

Solution configuration answer key (step-bystep procedure)

Configuration section at the end of this lab

Implementing Cisco Switched Networks (SWITCH) v1.0

© 2009 Cisco Systems, Inc.

Task 1: Create an Implementation Requirements List for
Migration to PVRST+
Your MST configuration should work properly, but you like the idea of enhancing the efficiency
of the convergence in case of a link failure. An efficient technology to achieve this goal is to use
PVRST+. For this reason, you should migrate your network from MST to PVRST+ before
presenting this solution during your next conference. You will need to decide and document the
switch that should be the root for each VLAN. Use the following table and the “Required
Resources” section to complete your Implementation Requirements list:
VLAN

Root

Secondary

1
3
4
11
12
63
64
65
66

© 2009 Cisco Systems, Inc.

Lab Guide

133

Device 134 High-Level Task Implementing Cisco Switched Networks (SWITCH) v1. Use the “Required Resources” section to gather the needed information. Inc. You must make a list of the requirements in order to prepare a detailed implementation and verification plan in the next task. .0 Information Source © 2009 Cisco Systems. If you are unsure.At this point. your lab network has a functioning MST implementation and you are ready to migrate it to PVRST+. use the information in the “Hints” section at the end of this lab.

Device © 2009 Cisco Systems. High-Level Task Information Source Lab Guide 135 . Inc.

Inc.Task 2: Create an Implementation and Verification Plan for Your Solution This is the most important step in the planning process. you must prepare a step-by-step Implementation and Verification plan. . Use the following table to document your steps in the correct order. use the information in the “Hints” section at the end of this lab. Use the plan to verify each item in the implementation. The task will help you set up configuration checkpoints to verify your progress.0 Values and Items to Implement Verification Method and Expected Results © 2009 Cisco Systems. If you are unsure. Complete √ 136 Device Implementation Order Implementing Cisco Switched Networks (SWITCH) v1. Based on the information from the “Required Resources” section and the previous tasks.

Complete √ © 2009 Cisco Systems. Inc. Device Implementation Order Values and Items to Implement Verification Method and Expected Results Lab Guide 137 .

Inc.Complete √ 138 Device Implementation Order Implementing Cisco Switched Networks (SWITCH) v1.0 Values and Items to Implement Verification Method and Expected Results © 2009 Cisco Systems. .

Complete √ © 2009 Cisco Systems. Device Implementation Order Values and Items to Implement Verification Method and Expected Results Lab Guide 139 . Inc.

verify that your configuration is working and fulfills the requirements specified in the “Required Resources” section. If you are unsure about the verification steps. Inc. . Use the previous table to document the verifications you conducted to ensure that your solution is complete.Task 3: Implement and Verify Now that you have all of the requirements and have planned the implementation. You will keep this PVRST+ configuration and use it in subsequent labs. Once your solution is implemented. 140 Implementing Cisco Switched Networks (SWITCH) v1. you are ready to connect to the remote lab and implement your solution. Do not forget to save.0 © 2009 Cisco Systems. use the information in the “Hints” section at the end of this lab.

__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems. Inc. Lab Guide 141 .Student Notes Use the following space to document the details that you think are important to remember.

.__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 142 Implementing Cisco Switched Networks (SWITCH) v1. Inc.0 © 2009 Cisco Systems.

For your reference. Lab Guide 143 . Inc. use the following space to document other possible solutions.Alternate Resources and Solutions Other groups may use a solution that is different from yours. Possible solutions will be discussed during the debriefing period after the lab. __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems.

Inc.0 © 2009 Cisco Systems. .__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 144 Implementing Cisco Switched Networks (SWITCH) v1.

Inc. Lab Guide 145 .Lab 3-2: Key Commands and Tools Used __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems.

64. 12. 65 4. Implementation Policy Distribution switches VLAN distribution between the root bridge switches. 63. this section contains a series of hints to help you complete the lab. 63. 66 DSW2 STP root 4. 64. Design and Implementation Requirements DSW2 spanning-tree mode rapid-pvst Design and Implementation Requirements DSW2 spanning-tree primary root for even VLANs Visual Objective. However. the device roles may be as follows: Device Device Role VLANs Primary VLANs Secondary DSW1 STP root 1. 11.0 © 2009 Cisco Systems. Implementation Policy Distribution switches Primary and secondary root bridge.Hints You are encouraged to complete the labs using your knowledge. The list details the elements needed to develop an implementation plan. 3. Inc. Design and Implementation Requirements ASW1 spanning-tree mode rapid-pvst Design and Implementation Requirements ASW2 spanning-tree mode rapid-pvst Design and Implementation Requirements CSW1 spanning-tree mode rapid-pvst Design and Implementation Requirements CSW2 spanning-tree mode rapid-pvst Design and Implementation Requirements Implementing Cisco Switched Networks (SWITCH) v1. . Design and Implementation Requirements DSW2 spanning-tree secondary root for odd VLANs Visual Objective. Implementation Policy All switches Verification. if you need help. Lab 3-2 Hint Sheet: Implement PVRST+ Design a PVRST+ Solution for a Layer 2 Network When migrating from MSTP to PVRST+. the first task asks you to create an Implementation Requirements list. 11. 66 1. 3. 65 Implementation Requirements To facilitate the configuration of your network. 12. Implementation Policy Device High-Level Task Information Source DSW1 spanning-tree mode rapid-pvst Design and Implementation Requirements DSW1 spanning-tree primary root for odd VLANs Visual Objective. Design and Implementation Requirements DSW1 spanning-tree secondary root for even VLANs Visual Objective. The following is an example of such a list: 146 Device Implementation Requirement Lab 3-2 Section Containing Hint All switches Change STP from MST to Rapid PVST.

Complete √ Device Implementation Order Values and Items to Implement Verification Method and Expected Results DSW1 1 spanning-tree mode rapid-pvst show spanning-tree.64.66 root secondary show spanning-tree vlan 4 no spanning-tree mst configuration show run 5 spanning-tree mode rapid-pvst show spanning-tree 6 spanning-tree vlan 4.66 root primary show spanning-tree root 7 spanning-tree vlan 1.63.64.11. There are several possible correct solutions.12. An example of the Implementation and Verification Plan follows.63. Inc. One possible approach groups items that are common to all switches in a template and then applies the template to all switches.3.12. 2 spanning-tree vlan 1. you will create an implementation and verification plan.Implementation and Verification Plan In Task 2.65 root secondary show spanning-tree vlan 8 no spanning-tree mst configuration show run 9 spanning-tree mode rapid-pvst show spanning-tree 10 no spanning-tree mst configuration show run 11 spanning-tree mode rapid-pvst show spanning-tree 12 no spanning-tree mst configuration show run 13 spanning-tree mode rapid-pvst show spanning-tree 14 no spanning-tree mst configuration show run 15 spanning-tree mode rapid-pvst show spanning-tree 16 no spanning-tree configuration show run DSW2 ASW1 ASW2 CSW1 CSW2 © 2009 Cisco Systems.11.65 show spanning-tree root 3 spanning-tree vlan 4.3. You can then configure each switch with items that are unique to each device. Lab Guide 147 .

Step 10 Repeat Steps 1 and 4 on switch ASW2.66 root secondary Step 4 Remove MST configuration on switch DSW1: DSW1(config)# no spanning-tree mst configuration Step 5 Repeat Step 1 on switch DSW2: Step 6 Configure spanning-tree root primary for VLANs 4. 12.64. 3.65 root secondary Step 8 Repeat Step 4 on switch DSW2. Step 9 Repeat Steps 1 and 4 on switch ASW1.8600 19 2 20 15 Fa0/5 24587 001f. Implementing Cisco Switched Networks (SWITCH) v1.65 root primary Step 3 Configure spanning-tree root secondary for VLANs 4.2721.63.8680 0 2 20 15 24579 001f.0 © 2009 Cisco Systems. and 66 on switch DSW2: DSW2(config)# spanning-tree vlan 4.8600 19 2 20 15 Fa0/5 24641 001f. 3.--------24577 001f.8600 19 2 20 15 Fa0/5 24639 001f.2721. 64 and 66 on switch DSW1: DSW1(config)# spanning-tree vlan 4.3.2721.--.8680 0 2 20 15 24588 001f. 63.Step-by-Step Procedure Step 1 Change STP mode from MST to PVRST+ on switch DSW1: DSW1(config)# spanning-tree mode rapid-pvst Step 2 Configure spanning-tree root primary for VLANs 1. .3. Step 11 Repeat Steps 1 and 4 on switch CSW1. 64. 12.--------. Step 12 Repeat Steps 1 and 4 on switch CSW2.66 Step 7 root primary Configure spanning-tree root secondary for VLANs 1.8680 0 2 20 15 24642 001f.63.2721.2721.----.11. and 65 on switch DSW1: DSW1(config)# spanning-tree vlan 1.12.2721.8680 0 2 20 15 24580 001f. Step 13 Verify spanning-tree root on switch DSW1: DSW1#sho spanning-tree root Vlan ---------------VLAN0001 VLAN0003 VLAN0004 VLAN0011 VLAN0012 VLAN0063 VLAN0064 VLAN0065 VLAN0066 DSW1# Step 14 148 Root Hello Max Fwd Root ID Cost Time Age Dly Root Port -----------------.11. Inc.2721.12.--.8600 19 2 20 15 Fa0/5 Repeat Step 13 on all switches.2721. 63.64. and 65 on switch DSW2: DSW2(config)# spanning-tree vlan 1.2721.8680 0 2 20 15 24640 001f.

Inc.Lab 3-3: Troubleshooting Spanning Tree Issues Complete this lab activity to practice what you learned in the related module. You should be able to quickly fix the network using the skills learned in this module.0—19 Lab Guide 149 . All rights reserved. © 2009 Cisco Systems. and fix STP problems on your network caused by misconfiguration or design error. After completing this activity. Activity Objective In this activity. you will be able to meet these objectives: „ Develop a work plan to troubleshoot configuration and security issues related to the STP „ Isolate the causes of the problems „ Correct all of the identified spanning tree issues „ Document and report the troubleshooting findings and recommendations Visual Objective The figure illustrates what needs to be accomplished in this activity. SWITCH v1. You should prepare a troubleshooting plan that will guide you in a step-by-step manner in your efforts. Visual Objective for Lab 3-3: Troubleshooting Spanning Tree Issues © 2009 Cisco Systems. Inc. locate. you will analyze.

Command List The table describes the commands that are used in this activity. exit Exits the current mode. show spanning-tree blockedports Shows the ports that are blocked by the spanning tree algorithm. The STP shows that no VLANs are blocked on the root switches. Your task is to identify the misconfigured item(s) and solve the issue(s) to recover connectivity between switches DSW1 and DSW2 and ensure that the STP algorithm is enabling the proper paths. spanning-tree bpdufilter enable Enables BPDU filtering on an interface. Trouble Ticket B: Unstable STP Your assistant reports that ports are in an error-disabled state and that the link between the root switches is down. The IT manager asked your colleague to improve the behavior of the network. interface fastethernet | gigabitethernet slot/port Enters interface configuration mode for a Cisco Catalyst switch with a Fast Ethernet or Gigabit Ethernet interface installed. 150 Implementing Cisco Switched Networks (SWITCH) v1. He made some changes. . spanning-tree bpduguard enable Enables BPSU guard feature on an interface. During your absence. Use on all switches and routers the alias command “init-3-3-B” and reload the devices. enable password password Enters the privileged EXEC mode command interpreter. „ Trouble Tickets „ Troubleshooting Log Trouble Ticket A: Switch Optimization Failed You have been on a vacation for a short period of time. You are asked by the management to quickly correct the situation because the network is very slow. your junior colleague managed the switched network. Your task is to diagnose the issues and restore normal network operation. Inc. Job Aids These job aids are available to help you complete the lab activity. Use on all switches and routers the alias command “init-3-3-A” and reload the devices. and as a result you saw a lot of error messages in the logs of your switches on your return from vacation.0 © 2009 Cisco Systems. Configuration Commands Command Description configure terminal Enters global configuration mode from privileged EXEC mode.

© 2009 Cisco Systems. Because different teams work at different speeds. To prepare the lab for this exercise. If time allows.Instructions As you can see from the troubleshooting tickets. create a troubleshooting plan to divide the work. assign each team member appropriate roles. Lab Guide 151 . ( Use for all switches the alias command “init-3-3-A” and reload afterwards each device with this new config ): „ Ticket two involves problems with switch interfaces the in error-disabled state. Document your progress in the “Troubleshooting Log” section provided below in order to help facilitate efficient communication within the team and to have an overview of your troubleshooting process for reference during the lab debriefing discussions. After the instructor indicates that the lab is fully prepared. you are ready to start troubleshooting. you are ready to start troubleshooting. and coordinate device access among the team members. After the instructor indicates that the lab is fully prepared. ask your instructor if there is time remaining for you to move on to the next ticket. ask your instructor how to initiate Trouble Ticket B. ask your instructor how to initiate Trouble Ticket A. this troubleshooting lab involves two types of issues: „ Ticket one involves error messages on several switches in the lab. Once you fix Trouble Ticket A. Together with your team members. so the whole team must work together to solve each of them. the lab tickets are separated. ( Use for all switches the alias command “init-3-3-B” and reload afterwards each device with this new config ) Each ticket involves several switches. Inc.

Troubleshooting Log Use this log to document your actions and results during the troubleshooting process. Inc.0 © 2009 Cisco Systems. . Trouble Ticket 152 Actions and Results Implementing Cisco Switched Networks (SWITCH) v1.

Inc. Actions and Results Lab Guide 153 .Trouble Ticket © 2009 Cisco Systems.

.0 © 2009 Cisco Systems.Trouble Ticket 154 Actions and Results Implementing Cisco Switched Networks (SWITCH) v1. Inc.

Actions and Results Lab Guide 155 .Trouble Ticket © 2009 Cisco Systems. Inc.

Activity Verification You have completed this lab when you attain the results below. Implementing Cisco Switched Networks (SWITCH) v1. Inc. … Verify that the STP status is the same as it was at the end of Lab 3-1. . … Verify that the appropriate links are up. Trouble Ticket B: 156 … Verify that the STP is blocking the correct VLANs on the root switches. Trouble Ticket A: … Verify that there are no more error log entries being generated on the Layer 3 switches. … Verify there are no ports in error-disabled state. … Verify there are no ports in error-disabled state.0 © 2009 Cisco Systems.

9042. Lab Guide 157 .f904. You can see that the error messages on the three switches are the same—all involve a flapping MAC address of a host on EtherChannels and physical interfaces.bb2f in vlan 1 is flapping between port Po45 and port Po35 *Mar 6 18:10:41.823: %SW_MATM-4-MACFLAP_NOTIF: Host 0022. The natural first task is to access these devices and view the error messages. You discover that the EtherChannels connect the core switch CSW1 with switches DSW1 and DSW2. DSW2 and CSW1 DSW1#show logg *Mar 6 18:10:41.823: %SW_MATM-4-MACFLAP_NOTIF: Host 0022.823: %SW_MATM-4-MACFLAP_NOTIF: Host 0015. Key Clue: Error Logs on DSW1. and CSW1.2700 in vlan 1 is flapping between port Po45 and port Fa0/5 CSW1#show logg *Mar 6 18:10:41. Inc.9042.bb2f in vlan 1 is flapping between port Po45 and port Fa0/5 *Mar 6 18:10:41.823: %SW_MATM-4-MACFLAP_NOTIF: Host 0015.f904.Ticket A: Sample Troubleshooting Flow The following pages illustrate an example of a method that you could follow to diagnose and resolve Trouble Ticket A.2700 in vlan 1 is flapping between port Po35 and port Fa0/5 DSW2#show logg *Mar 6 18:10:41. SWITCH v1. PVRST+. Refer to the Visual Objective and determine what links participate in these PortChannels and interfaces. DSW2. Inc. © 2009 Cisco Systems.823: %SW_MATM-4-MACFLAP_NOTIF: Host 0015.823: %SW_MATM-4-MACFLAP_NOTIF: Host 0022.bb2f in vlan 1 is flapping between port Po35 and port Fa0/5 *Mar 6 18:10:41.0—20 You have information for error log messages on switches DSW1. The next logical step is to check the PVRST+ on the affected interfaces.2700 in vlan 1 is flapping between port Po45 and port Po35 © 2009 Cisco Systems.f904. A switching loop is related to the functioning of the STP. All rights reserved.9042. After this examination. you discover that you have a switching loop. in this case. You also discover that interface Fa 0/5 on both distribution switches act as the connection between them.

------------------------------VLAN0001 Desg FWD 12 128. 158 Implementing Cisco Switched Networks (SWITCH) v1. Inc.-------.Key Clue: Observe STP on Suspicious Ports DSW1#show spanning-tree interface port-channel 32 Vlan Role Sts Cost Prio.0 SW ITCH v1.Nbr Type ------------------.---.--. Inc.0—4-52 © 2009 Cisco Systems. .304 P2p VLAN0065 © 2009 Cisco Systems. All rights reserved.--------.

--.--------. Inc.304 128.-------.--------.304 128. The same unusual information appears on switch CSW2 interface Po33. Po32 and Fa0/5 on DSW1. You see that the STP state for interface Po32 looks normal.6 128. All rights reserved. SW ITCH v1. but the information returned for interface Fa0/5 is more confusing.-------.304 128.--. Key Clue: Observe STP on Suspicious Ports DSW2#show spanning-tree interface port-channel 31 Vlan --------------------------------VLAN0001 VLAN0003 VLAN0004 VLAN0011 VLAN0012 VLAN0063 VLAN0064 VLAN0065 VLAN0066 DSW2# © 2009 Cisco Systems. Proceed to the next switch. Role Sts Cost Prio.304 P2p P2p P2p P2p P2p P2p P2p P2p P2p SWITCH v1. Inc.0—4-52 Lab Guide 159 . Inc.Key Clue: Observe STP on Suspicious Ports DSW1#show spanning-tree interface FastEthernet 0/5 Vlan --------------------------------VLAN0001 VLAN0065 DSW1# Role Sts Cost Prio.6 P2p P2p © 2009 Cisco Systems.304 128. © 2009 Cisco Systems.Nbr Type ---.304 128.Nbr Type ---.304 128. for example.----------------Desg FWD 19 Desg FWD 19 128.----------------Root Desg Desg Desg Desg Desg Desg Root Desg FWD FWD FWD FWD FWD FWD FWD FWD FWD 12 12 12 12 12 12 12 12 12 128.0—4-52 You can verify the STP state for the affected interfaces. All rights reserved.304 128.304 128.

.6 128.6 128.Key Clue: Observe STP on Suspicious Ports DSW2#show spanning-tree interface FastEthernet 0/5 Vlan --------------------------------VLAN0001 VLAN0003 VLAN0004 VLAN0011 VLAN0012 VLAN0063 VLAN0064 VLAN0065 VLAN0066 DSW2# Role Sts Cost Prio. as its state looks different from the others. Po31 and Fa0/5 on DSW2.----------------Desg Desg Desg Desg Desg Desg Desg Desg Desg FWD FWD FWD FWD FWD FWD FWD FWD FWD 19 19 19 19 19 19 19 19 19 128. P2p P2p P2p P2p P2p P2p P2p P2p P2p SW ITCH v1.6 128.6 128.--------. Your next logical step is to analyze interface Fa0/5.-------. 160 Implementing Cisco Switched Networks (SWITCH) v1. Here the situation is the same as it is on switch DSW1. for example.0 © 2009 Cisco Systems.0—4-53 Check the STP state for the affected interfaces.6 128.6 128.6 128. Inc.Nbr Type ---.6 128. All rights reserved.--.6 © 2009 Cisco Systems. Inc.

forward delay 0. hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default Bpdu filter is enabled BPDU: sent 260.7.7. address 001f. received 9 You can see that the BPDU filter feature is enabled on interface Fa0/5. Port Identifier 128. prevents the BPDUs.8680 Designated port id is 128. address 001f. you understand that this is a problem. Inc. Port Identifier 128. address 001f.8680 Designated bridge has priority 24577. designated path cost 0 Timers: message age 0.2721.8680 Designated bridge has priority 24577.2721.0—25 Check the STP for interface Fa0/5 on switch DSW1. Designated root has priority 24577.2721. Lab Guide 161 . © 2009 Cisco Systems. address 001f. All rights reserved. Port priority 128. Port priority 128. Designated root has priority 24577.7. received 9 © 2009 Cisco Systems.7. hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default Bpdu filter is enabled BPDU: sent 260.2721. forward delay 0. designated path cost 0 Timers: message age 0. SWITCH v1. Inc.Key Clue: Observe STP on Suspicious Ports DSW1#sho spanning-tree interface FastEthernet 0/5 detail Port 7 (FastEthernet0/5) of VLAN0001 is designated forwarding Port path cost 19. and is a trunk interface. DSW1#sho spanning-tree interface FastEthernet 0/5 detail Port 7 (FastEthernet0/5) of VLAN0001 is designated forwarding Port path cost 19.8680 Designated port id is 128. Because this is a feature that relates to access ports.

Inc.0 © 2009 Cisco Systems.0—26 Check the configuration of interface Fa0/5 on switch DSW1 to verify that you have identified the problem: DSW1#show run interface fastEthernet 0/5 interface fastEthernet 0/5 spanning-tree bpdufilter enable You have discovered an incorrect configuration issue involving an STP security feature. All rights reserved.Key Clue: Check Why DSW2 Don’t Receive BPDU from DSW1 © 2009 Cisco Systems. Inc. SWITCH v1. . 162 Implementing Cisco Switched Networks (SWITCH) v1.

Inc. Lab Guide 163 . Inc. SWITCH v1. one per line. End with CNTL/Z. DSW1(config)#interface fastEthernet 0/5 DSW1(config-if)#no spanning-tree bpdufilter enable © 2009 Cisco Systems. DSW1(config)#interface fastEthernet 0/5 DSW1(config-if)#no spanning-tree bpdufilter enable © 2009 Cisco Systems. All rights reserved. End with CNTL/Z.0—27 You must correct the configuration: DSW1#conf t Enter configuration commands.Key Clue: Configure DSW1 DSW1#conf t Enter configuration commands. one per line.

7 P2p VLAN0011 Desg FWD 19 128. SWITCH v1.7 P2p VLAN0064 Root FWD 19 128.--.---. All rights reserved. 164 Implementing Cisco Switched Networks (SWITCH) v1. Inc.7 P2p You can also go to the switches again and check that there are no new error messages in their logs. .-------.7 P2p VLAN0004 Root FWD 19 128.7 P2p VLAN0003 Desg FWD 19 128. Inc.0 © 2009 Cisco Systems.Key Clue: Check DSW1 © 2009 Cisco Systems.7 P2p VLAN0066 Root FWD 19 128.7 P2p VLAN0012 Root FWD 19 128.7 P2p VLAN0063 Desg FWD 19 128.--------. Verify that the STP is back to normal and you have corrected the problem: DSW1#sho spanning-tree interface FastEthernet 0/5 Vlan Role Sts Cost Prio. Resolve it using the same method.------------------VLAN0001 Desg FWD 19 128.0—28 The same issue appears on the switch CSW2 interface Po33 link.Nbr Type ------------------.7 P2p VLAN0065 Desg FWD 19 128.

address 001f.7. hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 284.Key Clue: Check DSW1 © 2009 Cisco Systems.8680 Designated bridge has priority 24577. received 12 You can also go to the switches again and check that there are no new error messages in their logs.2721. Inc. Inc.7. Designated root has priority 24577. © 2009 Cisco Systems. Lab Guide 165 .0—29 Verify that the STP state shows that the BPDU filter feature is no longer enabled: DSW1#sho spanning-tree interface FastEthernet 0/5 detail Port 7 (FastEthernet0/5) of VLAN0001 is designated forwarding Port path cost 19.2721. All rights reserved. SWITCH v1. designated path cost 0 Timers: message age 0. Port priority 128. address 001f.8680 Designated port id is 128. Port Identifier 128. forward delay 0.

0 © 2009 Cisco Systems. Inc. . use the following space to document other possible solutions. Possible solutions will be discussed during the debriefing period after the lab. For your reference.Alternate Resources and Solutions Other groups may use a solution that is different from yours. __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 166 Implementing Cisco Switched Networks (SWITCH) v1.

Lab Guide 167 .__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems. Inc.

txload 1/255. reliability 255/255. loopback not set. rxload 1/255 Encapsulation ARPA. All rights reserved.8687) MTU 1500 bytes.2421. BW 100000 Kbit. address is 001f. Inc. line protocol is down (err-disabled) Hardware is Fast Ethernet.2721.Ticket B: Sample Troubleshooting Flow The following pages illustrate an example of a method that you could follow to diagnose and resolve Trouble Ticket B. media type 10/100BaseTX input flow-control is off. DLY 100usec. 168 Implementing Cisco Switched Networks (SWITCH) v1. loopback not set Keepalive set (10 sec) Auto-duplex.-----------------------------------Number of blocked ports (segments) in the system : 6 DSW1# sho int fa 0/5 FastEthernet0/5 is down. Auto-speed. . txload 1/255. media type is 10/100BaseTX input flow-control is off. line protocol is down (err-disabled) Hardware is Fast Ethernet.0 © 2009 Cisco Systems. Auto-speed.0—3-66 Check the reported switches for the blocked port and the STP status. address is 001f.8687 (bia 001f. DLY 1000 usec.2421. Key Clue: STP on DSW1 DSW1#show spanning-tree blockedports Name Blocked Interface List --------------------------------------------------------------------------------Number of blocked ports (segments) in the system : 6 DSW1#show int fa0/5 FastEthernet0/5 is down.8687 (bia 001f. SWITCH v1. Remark: The number of blocked ports can vary. Keepalive set (10sec) Auto-duplex. rxload 1/255 Encapsulation ARPA. reliability 255/255. BW 10000 Kbit. output flow-control is unsupported © 2009 Cisco Systems. On switch DSW1 you find that interface Fa0/5 is in err-disabled state and that the STP is not blocking VLANs: DSW1#sh spanning-tree blockedports Name Blocked Interfaces List -------------------.2721.8687) MTU 1500 bytes. output flow-control is unsupported . Inc.

You will need more information in order to identify the problem.4687) MTU 1500 bytes. It is not blocking VLANs as expected. DLY 100 usec. rxload 1/255 © 2009 Cisco Systems. reliability 255/255.2421. line protocol is down (notconnect) Hardware is Fast Ethernet. DLY 100usec. Port Fa0/5 is in the notconnect state and the STP is not blocking VLANs as expected: DSW2#sho spanning-tree blockedports Name Blocked Interfaces List -------------------. © 2009 Cisco Systems. SWITCH v1. txload 1/255. txload 1/255.0—3-65 You find a similar situation on switch DSW2.2721. Remark: The number of blocked ports can vary.4687 (bia 001f. address is 001f. The first place to look is in the log. line protocol is down (notconnect) Hardware is Fast Ethernet. Inc.8607 (bia 001f. address is 001f. reliability 255/255. BW 100000 Kbit.Key Clue: STP on DSW2 DSW2#show spanning-tree blockedports Name Blocked Interface List --------------------------------------------------------------------------------Number of blocked ports (segments) in the system : 6 DSW2#show int fa0/5 FastEthernet0/5 is down. Inc.2421. rxload 1/255 You have a problem with the STP. BW 100000 Kbit. All rights reserved.-----------------------------------Number of blocked ports (segments) in the system : 6 DSW2#sho int fa 0/5 FastEthernet0/5 is down.8607) MTU 1500 bytes. Lab Guide 169 .2721.

170 Implementing Cisco Switched Networks (SWITCH) v1. in this case the BPDU Guard has put the Fa0/5 in error-disabled state because BPDUs appeared on this interface. you should check the configuration of this interface. A security spanning-tree feature. Because it is normal to have BPDUs sent and received on this interface. Inc.0 © 2009 Cisco Systems.0—32 The log on switch DSW1 clearly shows the problem. All rights reserved.Key Clue: Logs on DSW1 © 2009 Cisco Systems. . Inc. SWITCH v1.

3. Current configuration : 175 bytes ! interface FastEthernet0/5 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.12. All rights reserved.Key Clue: Check Fa0/5 on DSW1 DSW1#sh run int fa0/5 Building configurations .3. You have identified a problem.11.. Inc...4.12. The next steps involve correction of the mistaken configuration and tests to determine if this is the problem. SW ITCH v1.63-66 switchport mode trunk spanning-tree bpduguard enable end You find that the BPDU Guard feature is configured on a trunk port. © 2009 Cisco Systems.11. Current configuration : 175 bytes ! interface FastEthernet0/5 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.0—3-63 Your check of interface Fa0/5 shows the following: DSW1#sho run int Fa0/5 Building configuration. Inc..4. Lab Guide 171 .63-66 switchport mode trunk spanning-tree bpduguard enable end © 2009 Cisco Systems.

8687) © 2009 Cisco Systems. . All rights reserved.2721.0—3-64 Make the needed configuration change: DSW1#conf t Enter configuration commands.0 © 2009 Cisco Systems.8687 (bia 001f.2721. line protocol is up (connected) Hardware is Fast Ethernet.8687) Verify the status of the STP and verify that the correct VLANs are being blocked to be sure that you have fixed the right problem. address is 001f. address is 001f. line protocol is up (connected) Hardware is Fast Ethernet.Key Clue: Disable STP bpduguard Fa0/5 on DSW1 DSW1#conf t Enter configuration commands. Inc. 172 Implementing Cisco Switched Networks (SWITCH) v1.2721. End with CNTL/Z DSW1(config)#int fa0/5 DSW1(config)#no spanning-tree bpduguard enable DSW1(config)#shut DSW1(config)#no shut DSW1(config)#exit DSW1#show int fa0/5 FastEthernet0/5 is up.2721. DSW1(config)#int Fa0/5 DSW1(config-if)#no spanning-tree bpduguard enable DSW1(config-if)#shut DSW1(config-if)#no shut DSW1(config-if)#exit Check the status of the interface: DSW1#sho int Fa0/5 FastEthernet0/5 is up. SW ITCH v1. End with CNTL/Z. one per line. one per line. Inc.8687 (bia 001f.

0—4-53 The checks are successful: DSW1#sho spanning-tree blockedports Name Blocked Interfaces List -------------------. Po32 VLAN0064 Po31. Po32 VLAN0003 Po31. you must document your findings.-----------------------------------VLAN0004 Po31. All rights reserved. Po32 Po31. Po32 Po31. Po32 Number of blocked ports (segments) in the system : 8 DSW2#sho spanning-tree blockedports Name Blocked Interfaces List -------------------. Po32 VLAN0012 Po31. Po32 Number of blocked ports (segments) in the system : 10 © 2009 Cisco Systems. Po32 VLAN0066 Po31. Po32 Number of blocked ports (segments) in the system : 10 Because the verification has been successful. SW ITCH v1.-----------------------------------VLAN0001 Po31. Lab Guide 173 . Po32 Po31. Po32 Number of blocked ports (segments) in the system : 8 DSW2#show spanning-tree blockedports Name -------------------VLAN0001 VLAN0003 VLAN0011 VLAN0063 VLAN0065 Blocked Interfaces List -----------------------------------Po31. Po32 VLAN0011 Po31. Inc. Po32 Po31. Po32 Po31.Key Clue: Check STP DSW1#show spanning-tree blockedports Name -------------------VLAN0004 VLAN0012 VLAN0064 VLAN0066 Blocked Interfaces List -----------------------------------Po31. Po32 Po31. © 2009 Cisco Systems. Po32 VLAN0065 Po31. Inc. Po32 Po31. Po32 VLAN0063 Po31.

For your reference. . Inc.0 © 2009 Cisco Systems. use the following space to document other possible solutions. __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 174 Implementing Cisco Switched Networks (SWITCH) v1.Alternate Resources and Solutions Other groups may use a solution that is different from yours. Possible solutions will be discussed during the debriefing period after the lab.

Inc.__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems. Lab Guide 175 .

Inc.0 © 2009 Cisco Systems. .Lab 3-3: Key Commands and Tools Used __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 176 Implementing Cisco Switched Networks (SWITCH) v1.

thus reducing the possibility of mistakes and risks of operation failures. the demands for expansion. After completing this activity. you will be able to meet these objectives: „ Design a Layer 3 network „ Create an implementation requirements list „ Create a step-by-step implementation and verification plan „ Implement and verify inter-VLAN routing and routing protocols © 2009 Cisco Systems. The specifications given to you by the IT manager clearly include the use of EIGRP as the routing protocol and implementation of separate networks on the links between the Layer 3 switches.Lab 4-1: Implement Inter-VLAN Routing Complete this lab activity to practice what you learned in the related module. The distribution switches must become the new gateways and DHCP servers for your access layer. He insists on using dynamic routing protocol to ease the implementation of new networks. Inc. Lab Guide 177 . better convergence. Activity Objective As the corporate network continues to grow. Once the design is complete. you will connect to your remote lab to implement your solution. and reliability drive your IT manager to ask you for a solution for the migration toward a Layer 3 core and distribution design.

„ Execute the verification plan to ensure IP connectivity.1. and the VLAN 3 IP address will be in 10. The IP addresses for your switches will change. Switch DSW1 will be the default gateway for switches ASW1 and client CLT1. Implementing Cisco Switched Networks (SWITCH) v1. „ Remove DHCP service and subinterfaces from routers R1 and R2. VLAN 1 will no longer have an IP address.0/24 and 10. Your configuration must implement all of these requirements: 178 „ Configure all interfaces between the distribution and core switches to become Layer 3 links. The following list provides details regarding preparation and routing configuration requirements for all switches in the company network.3. „ Set up SVI interfaces for data VLANs on both distribution switches according to the information provided in the “Device Information” section. Implementation Policy You must configure inter-VLAN routing and a routing protocol in your network. Apply this rule to all of your devices. Clients CLT 1 and CLT2 must obtain their IP address from switch DSW1 or switch DSW2. „ Remove the management VLAN 1 IP address on the distribution switches.0/24. along with information specific to each device. „ Configure the links between the core switches and the routers to become Layer 3 links. Refer to the “Device Information” section for information on the IP address that should be used on each switch.1.1. Inc.and core-switches. switch DSW2 will be the default gateway for switch ASW2 and client CLT2. You need to create an SVI for this VLAN. „ Use the networks from the table provided below for the Layer 3 links. „ Configure the interfaces between switches DSW1 and DSW2 to become Layer 3 links.Required Resources This section contains the information needed to accomplish in this activity.0/24. Enable these links. Switch DSW1 must allocate addresses 50 to 99 and DSW2 must allocate addresses 100 to 149 for each scope. because you can manage them via any routed interface or SVI. „ Configure EIGRP AS 10 on the core and distribution switches and the routers.1. .0 © 2009 Cisco Systems. „ Switches DSW1 and DSW2 will be default gateways for the client and the access switches. Read the information carefully. Remove the “ip default-gateway” commands on the distribution. and describes the requirements common to all devices in the network.3. For example.4. if your device VLAN 1 IP address was in 10. „ Configure DHCP services on switches DSW1 and DSW2 for networks 10.0/24.1. „ Change the management VLAN on access switches from VLAN 1 to the first data VLAN (VLAN 3 or VLAN 4 depending on devices).

which is the case here: Device Name Layer 3 Interface IP Address DSW1 Po 31 10.Device Information The table provides the Layer 3 information specific to the devices in the network.6/31 DSW2 Po 31 10.253. Inc.15/31 This table provides IP addressing information regarding the SVI interfaces on the switches: Device SVI IP Address ASW1 VLAN 3 10. Notice that this type of mask is reserved for point-to-point links.14/31 CSW2 Po 32 10.3.2/24 CSW2 VLAN 4 10.1.1.1.1.1.3/31 CSW2 Po 33 10.253.253.1. These subnets use a /31 (255.4.1.5/31 CSW1 Po 31 10.8/31 DSW2 P3 10.13/31 R1 P2 10.253.253.1.255.254) mask.1.1. using RFC 3021 specifications.1/24 DSW2 VLAN 4 10.1.9/31 CSW1 Po 33 10.1.1.4/31 DSW2 Po 32 10.253. © 2009 Cisco Systems.253.1.1.10/24 ASW2 VLAN 4 10.253.3.0/31 DSW1 Po 32 10.4.17/31 R2 P2 10.253.253.253.255.1. Lab Guide 179 .253.18/31 R1 P1 10.253.20/24 DSW1 VLAN 3 10.19/31 R2 P1 10.4.1.1.1.253.10/31 CSW1 P1 10.1.253.1.253.253.3.1.12/31 CSW1 P2 10.1.1.7/31 CSW2 Po 31 10.1/24 CSW1 VLAN 3 10.1.1.253.16/31 CSW2 P2 10.11/31 CSW2 P1 10.2/31 DSW1 P3 10.1/31 CSW1 Po 32 10.253.253.2/24 Visual Objective The figure illustrates what you will accomplish in this activity.

All rights reserved.8 © 2009 Cisco Systems. .0 SW ITCH v1. 180 Implementing Cisco Switched Networks (SWITCH) v1. Inc. Inc.0—4-38 © 2009 Cisco Systems.Lab 4-1: Implementing Inter-VLAN Routing .

„ One IP address is required. however. address2 is the next most preferred router. These default routers are listed in order of preference. „ non-silent—(Optional) Configure the switch port for nonsilent operation when the port is in the auto or desirable mode. enable password password Enters the privileged EXEC mode command interpreter.. In the on mode. interface port-channel port-channelnumber Specify the port-channel logical interface. select one of these keywords: „ auto—Enables PAgP only if a PAgP device is detected. an EtherChannel exists only when a port group in the on mode is connected to another port group in the on mode. and specifies the PAgP or the LACP mode. interface interface-id Specify a physical port. if your switch is connected to a partner that is PAgP capable. but does not start PAgP packet negotiation. domain-name domain Specifies the domain name for the client. Lab Guide 181 . „ passive—Enables LACP on the port and places it into a passive negotiating state in which the port responds to LACP packets that it receives. and enter interface configuration mode. The silent setting is for connections to file servers or packet analyzers. „ desirable—Unconditionally enables PAgP. address is the most preferred router. „ on—Forces the port to channel without PAgP or LACP. (Optional) Specifies the IP address of the default router for a DHCP client. you can specify up to eight IP addresses in one command line. © 2009 Cisco Systems.. Command Description channel-group channel-groupnumber mode {auto [non-silent] | desirable [non-silent] | on} | {active | passive} Assigns the port to a channel group. default-router address [address2 . address8] For mode. Inc.Command List The table describes the commands that are used in this activity. ip address ip-address mask Assigns an IP address and subnet mask to the EtherChannel. and enter interface configuration mode. It places the port into an active negotiating state. ip routing Enables IP routing. but does not start LACP packet negotiation. to attach the port to a channel group. and to use the port for transmission. configure terminal Enters global configuration mode from privileged EXEC mode. If you do not specify non-silent. that is. in which the port starts negotiations with other ports by sending PAgP packets. „ The IP address should be on the same subnet as the client. This setting allows PAgP to operate. in which the port responds to PAgP packets it receives. silent is assumed. It places the port into a passive negotiating state. „ active—Enables LACP only if a LACP device is detected. and so on. It places the port into an active negotiating state in which the port starts negotiations with other ports by sending LACP packets.

enter router configuration mode.Command Description ip dhcp excluded-address lowaddress [high-address] Specifies the IP addresses that the DHCP server should not assign to DHCP clients. . lease {days [hours] [minutes]| infinite} (Optional) Specifies the duration of the lease. ip dhcp pool name Creates a name for the DHCP server address pool and enters DHCP pool configuration mode. network network-number Associates networks with an EIGRP routing process.0 © 2009 Cisco Systems. „ „ The infinite keyword specifies that the duration of the lease is unlimited. The default is a one-day lease. EIGRP sends updates to the interfaces in the specified networks. Inc. router eigrp autonomous-system number Enables an EIGRP routing process. The AS number identifies the routes to other EIGRP routers and tags routing information. show ip eigrp interface Displays the interfaces on which EIGRP is active and information about EIGRP relating to those interfaces. show etherchannel channel-groupnumber detail Shows your entries. show ip protocols Shows your entries. Job Aids These are the job aids for this lab activity: 182 Value Location Blank design requirements list Task 1 Blank implementation requirements list Task 2 Blank implementation and verification plan form Task 3 Blank verification notes form Task 4 Alternate resources and solutions form End of this lab Key commands and tools used form End of this lab Implementation requirements hints “Hints” section at the end of this lab Implementation and verification plan hints “Hints” section at the end of this lab Solution configuration answer key (step-by-step procedure) Configuration section at the end of this lab Implementing Cisco Switched Networks (SWITCH) v1. no ip address Ensures that there is no IP address assigned to the physical port. network network-number [mask | /prefix-length] Specifies the subnet network number and mask of the DHCP address pool. no switchport Places the interface into Layer 3 mode. show ip route Displays the current state of the routing table. no auto-summary (Optional) Disables automatic summarization of subnet routes into network-level routes.

and the changes in VTP. Use the table below to create your design. Inc. You must consider the changes in the links between the core and distribution switches. Complete √ © 2009 Cisco Systems. You must decide on the Inter-VLAN routing and on the use of EIGRP as a routing protocol.Task 1: Create a Layer 3 Design You must create your design for the migration to Layer 3 in the network. (if applicable) Lab Guide 183 . the changes in DHCP. Device SVI Interfaces Layer 3 Interfaces Is the Device a DHCP Server? EIGRP AS No.

use the information in the “Hints” section at the end of this lab. Use the following table. Inc. If you are unsure. .0 Information Source © 2009 Cisco Systems. and the “Implementation Policy” and “Device Information” sections to create your implementation requirements list. Device 184 High-Level Task Implementing Cisco Switched Networks (SWITCH) v1.Task 2: Create an Implementation Requirements List for Inter-VLAN Routing After you have decided on a design. the Visual Objective for this lab. it is time to create a list in which you will document the requirements for the successful implementation.

use the information in the “Hints” section at the end of this lab. You will move to the actual implementation in the next task. The Implementation and Verification Plan is very important. The task will help you set up configuration checkpoints. Complete √ © 2009 Cisco Systems. Device Implementation Order Values and Items to Implement Verification Method and Expected Results Lab Guide 185 . Use the plan to determine how you will verify that each required item was effectively configured.Task 3: Create an Implementation and Verification Plan The next step in your configuration deployment is to create a task list of each item to be configured on each device and in what order it is to be configured. Inc. because it enables you to ensure that all requirements are properly configured and in the correct order. If you are unsure. Use the following table and the “Required Resources” section to create the Implementation and Verification Plan.

verify that your configuration is working and fulfills the requirements specified in the “Required Resources” section. you are ready to connect to the remote lab and implement your solution. 186 Implementing Cisco Switched Networks (SWITCH) v1. Do not forget to save. Once your solution is implemented. Inc.0 © 2009 Cisco Systems. If you are unsure about the verification steps. use the information in the “Hints” section at the end of this lab.Task 4: Implement and Verify Now that you have all of the requirements and have planned the implementation. Use the previous table to document the verifications you conducted to ensure that your solution is complete. .

__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems.Student Notes Use the following space to document the details that you think are important to remember. Inc. Lab Guide 187 .

__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 188 Implementing Cisco Switched Networks (SWITCH) v1.0 © 2009 Cisco Systems. . Inc.

Possible solutions will be discussed during the debriefing period after the lab. use the following space to document other possible solutions.Alternate Resources and Solutions Other groups may use a solution that is different from yours. For your reference. Lab Guide 189 . Inc. __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems.

__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 190 Implementing Cisco Switched Networks (SWITCH) v1. .0 © 2009 Cisco Systems. Inc.

Inc.Lab 4-1: Key Commands and Tools Used __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems. Lab Guide 191 .

0/24 AS 10 DSW2 VLANs 3.1.1.0/24 and 10. P1. . Po32. P2 No AS 10 R1 No P1. P3 Yes.1. 10. P2 No AS 10 CSW2 No Po31. Lab 4-1 Hint Sheet: Implement Inter-VLAN Routing Layer 3 Design Complete √ 192 Device SVI Interfaces Layer 3 Interfaces Is the Device a DHCP Server? EIGRP AS Number (if applicable) ASW1 VLAN 3 No No No ASW2 VLAN 4 No No No DSW1 VLANs 3. if you need help.1. 4 Po31.3. Po32. Po33.0/24 AS 10 CSW1 No Po31.0/24 and 10. Po33. P2 No AS 10 Implementing Cisco Switched Networks (SWITCH) v1. Po32.4. this section contains a series of hints to help you complete the lab.4.3. Po32. 4 Po31. However. P1. P3 Yes.0 © 2009 Cisco Systems. 10. Inc.Hints You are encouraged to complete the labs using your knowledge. P2 No AS 10 R2 No P1.

the first task asks you to create an Implementation Requirements list. Inc. The following is an example of such a list: Device Implementation Requirement Lab 4-1 Section Containing Hint Distribution and core switches Layer 3 links between the distribution and core switches Implementation Policy Distribution switches Layer 3 links between the distribution switches Implementation Policy Core switches Layer 3 links between the core switches Implementation Policy Core switches and routers Layer 3 links between the core switches and routers. The list details the elements needed to develop an implementation plan. Lab Guide 193 .Implementation Requirements To facilitate the configuration of your network. Implementation Policy Distribution switches SVI interfaces Implementation Policy Access and distribution switches Change management VLAN Implementation Policy Distribution switches DHCP server Implementation Policy Distribution and core switches Enable IP routing Implementation Policy Distribution and core switches and routers EIGRPs Implementation Policy All switches and routers Verification Implementation Policy © 2009 Cisco Systems.

Design and Implementation Requirements DSW1 Change the management VLAN. Visual Objective. Design and Implementation Requirements ASW2 Change the management VLAN. Design and Implementation Requirements DSW2 SVI interfaces. Design and Implementation Requirements Implementing Cisco Switched Networks (SWITCH) v1. Visual Objective. Design and Implementation Requirements DSW1 EIGRP. Visual Objective. Design and Implementation Requirements DSW1 Layer 3 links between the distribution switches. Design and Implementation Requirements CSW1 Layer 3 links between the core switches. Design and Implementation Requirements CSW1 EIGRP.194 Device High-Level Task Information Source ASW1 Change the management VLAN. Visual Objective. Visual Objective. Design and Implementation Requirements DSW1 Enable IP routing. Visual Objective. Visual Objective. . Design and Implementation Requirements ASW2 Change the default gateway. Visual Objective. Design and Implementation Requirements DSW2 Layer 3 links between the distribution and core switches.0 © 2009 Cisco Systems. Visual Objective. Visual Objective. Design and Implementation Requirements DSW1 Layer 3 links between the distribution and core switches. Visual Objective. Design and Implementation Requirements DSW1 DHCP server. Design and Implementation Requirements CSW1 Enable IP routing. Visual Objective. Inc. Design and Implementation Requirements DSW1 SVI interfaces. Design and Implementation Requirements CSW1 Layer 3 links between the core switches and router . Design and Implementation Requirements DSW2 Enable IP routing. Design and Implementation Requirements DSW2 Layer 3 links between the distribution switches. Visual Objective. Visual Objective. Design and Implementation Requirements CSW1 Layer 3 links between the distribution and core switches. Visual Objective. Visual Objective. Design and Implementation Requirements DSW2 EIGRP. Visual Objective. Design and Implementation Requirements DSW2 DHCP server. Visual Objective. Visual Objective. Visual Objective. Visual Objective. Design and Implementation Requirements DSW2 Change the management VLAN. Visual Objective. Design and Implementation Requirements ASW1 Change the default gateway. Visual Objective.

Visual Objective. Visual Objective. Lab Guide 195 . Inc. Design and Implementation Requirements CSW2 EIGRP. Visual Objective. Design and Implementation Requirements CSW2 Enable IP routing. Visual Objective. Design and Implementation Requirements CSW2 Layer 3 links between the core switches and routers. Design and Implementation Requirements R1 EIGRP.Device High-Level Task Information Source CSW2 Layer 3 links between the distribution and core switches. Visual Objective. Design and Implementation Requirements R2 EIGRP. Visual Objective. Design and Implementation Requirements © 2009 Cisco Systems. Design and Implementation Requirements R1 Layer 3 links between the core switches and routers. Visual Objective. Design and Implementation Requirements R2 Layer 3 links between the core switches and routers. Visual Objective. Visual Objective. Design and Implementation Requirements CSW2 Layer 3 links between the core switches.

Inc. You can then configure each switch with items that are unique to each device. Complete √ Device Implementation Order Values and Items to Implement Verification Method and Expected Results interface port-channel XX show interface portchannel no switchport ip address DSW1 1 interface range fast no switchport channel-group XX mode on interface port-channel XX no switchport show interface portchannel ip address DSW2 2 interface range fast no switchport channel-group XX mode on interface port-channel XX no switchport show interface portchannel ip address CSW1 3 interface range fast no switchport channel-group XX mode on interface port-channel XX no switchport show interface portchannel ip address CSW2 4 interface range fast no switchport channel-group XX mode on 196 Implementing Cisco Switched Networks (SWITCH) v1. One possible approach groups items that are common to all switches in a template and then applies the template to all switches.0 © 2009 Cisco Systems. you will create an Implementation and Verification Plan. . There are several possible correct solutions.Implementation and Verification Plan In this task. An example of the Implementation and Verification Plan follows.

Y show IP interface brief interface vlan XX show interface vlan xx ip address interface vlan XX show interface vlan xx ip address interface vlan 3 show interface vlan 3 ip address interface vlan 4 show interface vlan 4 ip address interface vlan 1 show interface vlan 1 no ip address interface vlan 1 show interface vlan 1 no ip address ip dhcp excluded-address 10. then 100 to 255 show ip dhcp binding ip dhcp pool vlan3 network 10.49.1 ip dhcp excluded-address 10.0 255.1.1.4.4.1 10.1.1.255.0 DSW1 17 default-router 10.Complete √ Device Implementation Order Values and Items to Implement Verification Method and Expected Results R1 5 interface fa 0/X show interface fa 0/x R1 6 R2 7 R2 8 DSW1 9 DSW2 10 ASW1 11 ASW2 12 ASW1 13 ip default-gateway ASW2 14 ip default-gateway DSW1 15 DSW2 16 ip address No interface f0/0.1.3.4. Inc.3.Y show IP interface brief interface fa 0/X show interface fa 0/x ip address No interface f0/0.3.255.100 to 255 ip dhcp pool vlan4 network 10.3.1.4.255.49.0 255.1 © 2009 Cisco Systems.1.1. then 10. Lab Guide 197 .255.1.1 10.0 default-router 10.4.

1.0.1 10.1.99.1.255.255 R2 28 router eigrp 10 show ip eigrp interfaces no auto-summary show ip route network 10.0 0.0.0 DSW2 18 default-router 10.0.0 255.0 © 2009 Cisco Systems.0 0.0 0.255.4.2 DSW1 19 ip routing show ip route DSW2 20 ip routing show ip route CSW1 21 ip routing show ip route CSW2 22 ip routing show ip route router eigrp 10 show ip eigrp interfaces no auto-summary show ip route DSW1 23 network 10.1. .255 DSW2 24 router eigrp 10 show ip eigrp interfaces no auto-summary show ip route network 10.255.1 10.0.255.1.0.255.255.255 CSW2 26 router eigrp 10 show ip eigrp interfaces no auto-summary show ip route network 10.4.0.1.0 0.255.3.3.0 255.0 0.1.Complete √ Device Implementation Order Values and Items to Implement Verification Method and Expected Results ip dhcp excluded-address 10.0.99. then 150 to 255 ip dhcp pool vlan4 network 10.0.255.0.255.4.3.1.0 default-router 10.255 198 Implementing Cisco Switched Networks (SWITCH) v1.3.1.0.255 CSW1 25 router eigrp 10 show ip eigrp interfaces no auto-summary show ip route network 10.255 R1 27 router eigrp 10 show ip eigrp interfaces no auto-summary show ip route network 10.1.1.4. then 150 to 255 show ip dhcp binding ip dhcp pool vlan3 network 10. Inc.255.0 0.2 ip dhcp excluded-address 10.0.1.1.1.0.

Configure a Layer 3 EtherChannel to switch CSW1 on switch DSW1: DSW1(config)# interface range fa 0/1 – DSW1(config-if)# no switchport DSW1(config)# interface Port-channel31 DSW1(config-if)# no switchport DSW1(config-if)# ip address 10.255. configure a Layer 3 EtherChannel link on switch DSW1 to switch CSW2.1. „ Enter privilege mode. using interface Po32 and interface range f0/1 to f0/2. using interface Po32 and interface range f0/3 to f0/4.254 Step 5 Repeat Step 2 on switch DSW2 to configure a Layer 3 EtherChannel link to switch CSW2.Step-by-Step Procedure Step 1 Connect to the switch DSW1 switch interface in configuration mode: Step 2 „ Connect to the remote lab. Lab Guide 199 .253. „ Enter configuration mode. Step 7 Repeat Step 4 on switch DSW2 to configure a Layer 3 link on f0/5 to switch DSW1. using interface Po31 and interface range f0/3 to f0/4.1. Step 9 Repeat Step 2 on switch CSW1 to configure a Layer 3 EtherChannel link to switch DSW1 using interface Po31 and interface range f0/1 to f0/2.4 255. Step 15 Repeat Step 4 on switch CSW2 to configure a Layer 3 link to router R2 interface f0/11) and a Layer 3 link to router R1 interface f0/12. using the configure terminal command. Step 14 Repeat Step 2 on switch CSW2 to configure a Layer 3 EtherChannel link to switch DSW1 using interface Po31 and interface range f0/3 to f0/4.255. Step 12 Repeat Step 2 on switch CSW2 to configure a Layer 3 EtherChannel link to switch CSW1 using interface Po33 and interface range f0/7 to f0/10. © 2009 Cisco Systems.0 DSW1(config)# interface range fa 0/1 – DSW1(config-if)# channel-group 31 mode DSW1(config-if)# no shutdown 2 255. Step 8 Repeat Step 2 on switch CSW1 to configure a Layer 3 EtherChannel link to switch CSW2 using interface Po33 and interface range f0/7 to f0/10. Step 13 Repeat Step 2 on switch CSW2 to configure a Layer 3 EtherChannel link to switch DSW2 using interface Po32 and interface range f0/1 to f0/2.254 2 passive Step 3 In the same manner as seen in Step 2.255. Step 6 Repeat Step 2 on switch DSW2 to configure a Layer 3 EtherChannel link to switch CSW1. Step 10 Repeat Step 2 on switch CSW1 to configure a Layer 3 EtherChannel link to switch DSW2 using interface Po32 and interface range f0/3 to f0/4. „ Access the Switch console. Inc. Step 11 Repeat Step 4 on switch CSW1 to configure a Layer 3 link to router R1 interface f0/11 and a Layer 3 link to router R2 interface f0/12.255. using the enable command. Step 4 Configure a Layer 3 EtherChannel on fa 0/5 on switch DSW1 to switch DSW2: DSW1(config)# interface fa 0/5 DSW1(config-if)# no switchport DSW1(config-if)# ip address 10.253.

1.4.3.255.Step 16 Configure router R1 interfaces to switches CSW1 and CSW2: R1(config)# interface f0/0 R1(config-if)# ip address 10.1 to 10.19 255.255. excluding 10.3 R1(config-if)# no interface f0/0.1.1.255.255 DSW1(config)# ip dhcp excluded-address 10.1.3.1.1 Step 24 Repeat Steps 23 and 24 on switch ASW2. Step 22 On switch ASW1.0 255.1 R1(config-if)# no interface f0/0. move the management IP address from VLAN 1 to VLAN 3: ASW1(config)# interface vlan1 ASW1(config-if)# no ip address ASW1(config-if)# interface Vlan3 ASW1(config-if)# ip address 10.1.1 Step 26 Step 27 Repeat Step 26 on switch DWS2.100 10.1.1.13 255.1.3. and CSW2.1.1.1.253.0 DSW1(dhcp-config)# default-router 10.0 © 2009 Cisco Systems.1. .253.3.255.1. Enable IP routing on switch DSW1: DSW1(config)# ip routing 200 Step 28 Repeat Step 28 on switches DWS2.3.255.3.99 then 10.4 R1(config-if)# interface f0/1 R1(config-if)# ip address 10. Step 29 Configure EIGRP on switch DSW1: Implementing Cisco Switched Networks (SWITCH) v1.255.1.150 to 10. Configure an SVI interface on switch DSW1: DSW1(config)# interface vlan3 DSW1(config-if)# ip address 10.99 then 10.1.4.255.255.0 DSW1(dhcp-config)# default-router 10.4.3.3.4.1 DSW1(config)# ip dhcp pool vlan4 DSW1(dhcp-config)# network 10.1. and 10.1.3.1. Inc.254 R1(config-if)# no shutdown R1(config-if)# no interface f0/0.4.4.49 DSW1(config)# ip dhcp excluded-address 10. Step 25 Configure the DHCP server on switch DWS1: DSW1(config)# ip dhcp excluded-address 10.4. CSW1.100 10.1.4.1.255 DSW1(config)# ip dhcp pool vlan3 DSW1(dhcp-config)# network 10.0 255.3.1 255. Default-router address for pool vlan3 is 10.1 10.1.4.1.49 DSW1(config)# ip dhcp excluded-address 10.255. Step 20 Shutdown SVI interface on switch CSW1: CSW1(config)# interface vlan1 CSW1(config)# no ip address CSW1(config-if)# shutdown Step 21 Repeat Step 20 on switch CSW2.255.3.150 to 10.255.1 to 10.3.1 10.255.0 DSW1(config-if)# no shutdown DSW1(config)# interface vlan1 DSW1(config)# no ip address DSW1(config-if)# shutdown Step 19 Repeat Step 18 on switch DSW2 to configure SVI VLAN 4.0 ASW1(config-if)# no shutdown Step 23 Change the default gateway on switch ASW1: ASW1(config)# ip default-gateway 10.1.10 255.255.4.1. Remove all subinterfaces.1 and for pool4 10.255.1.4.1.254 R1(config-if)# no shutdown Step 17 Step 18 Repeat Step 16 on router R2 to configure its interfaces to switches CSW2 and CSW1.1.3.3.

01:59:55.0/8 is variably subnetted. E2 .IS-IS level-2 ia .1. and CSW2 Step 31 Verify that you have reachability to all subnets. * .1.255 Step 30 Repeat Step 30 on switches DWS2.1.1. EX .253. Port-channel32 10. Vlan3 10.253.1.253. Port-channel31 10.1. B .253.16/31 [90/30720] via 10. M .1. Port-channel32 [90/18176] via 10.ODR.1.1.OSPF inter area N1 .12/31 [90/30720] via 10.1.IS-IS summary.OSPF NSSA external type 2 E1 .3.1. Port-channel31 10.18/31 [90/30720] via 10.0.253. 01:59:53. 01:59:53.255. O . Port-channel31 Repeat Step 30 on routers R1 and R2.253. © 2009 Cisco Systems. Port-channel32 10.1.mobile. on DSW1: DSW1#sh ip route Codes: C .253.OSPF NSSA external type 1.candidate default.static.14/31 [90/30720] via 10. 01:59:49. Port-channel31 10.4/31 is directly connected.1. Port-channel32 10.253.3. 2 masks 10.10/31 [90/17920] via 10.EIGRP. 01:59:49.1.1. Port-channel31 10. L2 . N2 . FastEthernet0/5 10. L1 . Lab Guide 201 .253.253.1.1.3. For example. R . S . 01:59:49.0.RIP.0 0.253. 01:59:53.253. 01:59:49. su .BGP D .1.1. U .1.3.1. 01:59:53.DSW1(config)# router eigrp 10 DSW1(config-router)# network 10.1.253.connected.OSPF external type 2 i . 12 subnets.IS-IS.OSPF.1. P . Inc.1.IS-IS level-1.3.1.253.per-user static route o .IS-IS inter area.0/24 is directly connected.1.0/24 [90/18176] via 10.8/31 [90/17920] via 10.253.0. Port-channel32 10.0.periodic downloaded static route Gateway of last resort is not set C D D D D C C C D D D D Step 32 10.6/31 [90/17920] via 10.1.4.OSPF external type 1.1. Port-channel31 10.253.253.253.253. CSW1. IA .3.253.2/31 is directly connected.EIGRP external. Port-channel32 [90/17920] via 10. 01:59:49.0/31 is directly connected.

After this activity. you must analyze. caused by misconfiguration or incorrect design.Lab 4-2: Troubleshooting Inter-VLAN Routing Complete this lab activity to practice what you learned in the related module. and fix Layer 3 problems in your network. Visual Objective for Lab 4-2: Troubleshooting Inter-VLAN Routing © 2009 Cisco Systems. Inc. 202 Implementing Cisco Switched Networks (SWITCH) v1. Activity Objective In this activity.0—37 © 2009 Cisco Systems. . All rights reserved. locate. Inc. you will be able to meet these objectives: „ Develop a work plan to troubleshoot configuration and inter-VLAN routing issues „ Isolate the causes of the problems „ Correct all of the identified routing issues „ Test the corrections made „ Document and report the troubleshooting findings and recommendations Visual Objective The figure illustrates what needs to be accomplished in this activity.0 SWITCH v1.

show ip eigrp interface Displays the interfaces on which EIGRP is active and information about EIGRP relating to those interfaces. Lab Guide 203 . enable password password Enters the privileged EXEC mode command interpreter. show ip route Display the current state of the routing table. „ Trouble Tickets „ Troubleshooting Log © 2009 Cisco Systems. no auto-summary (Optional) Disable automatic summarization of subnet routes into network-level routes. and enter router configuration mode. router eigrp autonomous-system number Enable an EIGRP routing process. show ip protocols Verify your entries. Job Aids These job aids are available to help you complete the lab activity. Inc. EIGRP sends updates to the interfaces in the specified networks. Configuration Commands Command Description configure terminal Enters global configuration mode from privileged EXEC mode.Command List The table describes the commands that are used in this activity. network network-number Associate networks with an EIGRP routing process. show ip eigrp neighbors Display eigrp neighbors information show interfaces interface-id trunk Display the trunk configuration of the interface. The AS number identifies the routes to other EIGRP routers and tags routing information.

and coordinate device access among the team members. Trouble Ticket B: Troubleshoot EIGRP on Layer 3 Switches You conducted tests regarding EIGRP on the new network and determine that some switches do not seem to have the same routing table as others. Inc. During your investigations you determine. After the instructor indicates that the lab is fully prepared. and that clients in all VLANs can ping router R1 and R2 IP addresses in all VLANs. At this point. Instructions As you see from the troubleshooting tickets. You check the routers and see that everything is normal. To prepare the lab for this exercise use the instructions above or ask your instructor how to initiate Trouble Ticket A. who has being playing with the network management system in the morning. from the log of the RADIUS server. ( Use for all switches the alias command “init-4-2-C” and reload afterwards each device with this new configuration ). You must correct this problem quickly because the normal operation of the network must be restored. so the whole team must work together to solve the problems on each switch. logged to several switches and made some reconfigurations. you do not even care who is responsible. . Verify that all routes are seen by all switches.Trouble Ticket A: Missing Routes on Some Switches After the lunch break you find out that some end users are not able to connect to router R1 or R2. the IT manager. Together with your team members. you are ready to start troubleshooting. Verify your switches and make sure the routing works properly. you just want to fix the problem because clients do not have connectivity. Someone has made changes on the devices. which is a continuing problem in the company. „ Trouble Ticket B involves problems with the routing protocol. looks a bit nervous. create a troubleshooting plan to divide the work. ( Use for all switches the alias command “init-4-2-B”and reload afterwards each device with this new configuration ) . the tickets in this lab are separated. on the routers init-4_2-5_1 and reload afterwards each device with this new configuration ).0 © 2009 Cisco Systems. Trouble Ticket C: Disappearing Routes and VLANs You are again in serious trouble. Because different teams work at different speeds. This is an unusual situation. 204 Implementing Cisco Switched Networks (SWITCH) v1. Each ticket involves several switches. „ Trouble Ticket C involves problems with trunk misconfiguration. You must investigate and find out where you have a problem and what it is. Verify that all routes are visible on all your switches. You wonder if this created the issue. this troubleshooting lab contains three types of issues: „ Trouble Ticket A involves lost connectivity problems to a specific subnet. A colleague of yours. assign appropriate roles to each team member. and that the switches exchange routes. that your boss. Document your progress in the Troubleshooting Log provided below to help facilitate efficient communication within the team and to have an overview of your troubleshooting process for reference during the lab debriefing discussions. He confesses that he has tried to manage the switches. ( Use for all switches the alias command “init-4-2-A”.

use the instructions above or ask your instructor how to initiate Trouble Ticket B. you are ready to start troubleshooting.Once you fix the issue in Trouble Ticket A. if time allows. Lab Guide 205 . © 2009 Cisco Systems. ask your instructor if time is left for you to move on to the next ticket. After the instructor indicates that the lab is fully prepared. Inc. If time allows. Repeat the same process for Trouble Ticket C.

Inc.Troubleshooting Log Use this log to document your actions and results during the troubleshooting process. Trouble Ticket 206 Actions and Results Implementing Cisco Switched Networks (SWITCH) v1.0 © 2009 Cisco Systems. .

Trouble Ticket © 2009 Cisco Systems. Actions and Results Lab Guide 207 . Inc.

0 © 2009 Cisco Systems. . Inc.Trouble Ticket 208 Actions and Results Implementing Cisco Switched Networks (SWITCH) v1.

Trouble Ticket © 2009 Cisco Systems. Inc. Actions and Results Lab Guide 209 .

Trouble Ticket B: … Verify that Layer 3 switches have EIGRP adjacencies with each other. Trouble Ticket C: … 210 Verify that Client CLT1 and Client CLT2 can ping all network devices. .Activity Verification You have completed this lab when you attain the results below. Trouble Ticket A: … Verify that Client CLT1 and Client CLT2 can ping all network devices.0 © 2009 Cisco Systems. Inc. Implementing Cisco Switched Networks (SWITCH) v1.

Inc.Trouble Ticket A: Sample Troubleshooting Flow The following pages illustrate an example of a method that you could follow to diagnose and resolve Trouble Ticket A. Lab Guide 211 . because you can reach the distribution switch DSW1. verify that you can successfully ping the gateway. which is the DSW1 switch. When you try to ping to a core switch from client CLT1. The same situation occurs for connections from client CLT2 to switches DSW2 and CSW2: pings to switch DSW2 work. Inc. These simple tests lead you to conclude that you do not have connectivity to the core switches and the servers beyond them. If you do not have the path to this device. This leads you to check the routing on the Layer 3 distribution switches DSW1 and DSW2. the ping fails. which is your default gateway. SW ITCH v1. This is most likely due to a routing problem. but pings to switch CSW2 fail. © 2009 Cisco Systems. © 2009 Cisco Systems. As you have been able to connect previously. the first possibility is eliminated. This means that you have connectivity to the gateway. All rights reserved.0—2-57 First. you are also missing the route to the device. This can indicate one of two things—you are not allowed to connect or you do not have a path to this device.

Inc. You conclude that you have no working routing protocol EIGRP. which were configured in the previous lab. The example in the figure shows only the display on switch DSW1 because the steps and work on switch DSW2 are the same.0—39 Your troubleshooting work continues on switches DSW1 and DSW2.Key Clue: DSW1 Routing Configuration (Cont.0 © 2009 Cisco Systems. You verify the routing protocols. 212 Implementing Cisco Switched Networks (SWITCH) v1. .) Check routing protocols on DSW1 DSW1#sh ip protocols *** IP Routing is NSF aware *** DSW1# © 2009 Cisco Systems. All rights reserved. Inc. and find out whether the EIGRP is working properly. SWITCH v1.

DSW1#sh ip route Default gateway is not set Host Gateway ICMP redirect cache is empty Last Use Total Uses Interface You see that the routing table is empty. Inc. Lab Guide 213 . SWITCH v1. © 2009 Cisco Systems.Key Clue: DSW1 Routing Configuration (Cont. Because this is a Layer 3 switch. where you can turn the routing functionality on and off. Inc. All rights reserved.0—40 Your next step is to verify the routes on the switch. Your conclusion is that the routes at all.) © 2009 Cisco Systems. you proceed to configure the ip routing to enable it.

one per line. go into configuration mode and issue the following commands: DSW1#conf t Enter configuration commands. All rights reserved. Inc.0.255 The ip routing command enables the Layer 3 functionality on a Layer 3 switch and afterwards you can enable EIGRP routing.) © 2009 Cisco Systems. DSW1(config)#ip routing DSW1(config)#router eigrp 10 DSW1(config)#network 10.0 © 2009 Cisco Systems.1.255. . Inc. 214 Implementing Cisco Switched Networks (SWITCH) v1. End with CNTL/Z.0—41 To fix the problem.0 0.Key Clue: DSW1 Routing Configuration (Cont.0. SWITCH v1.

IS-IS level-1. 00:05:59. EX .IS-IS level-1. Port-channel32 D 10.OSPF external type 1.periodic downloaded static route Gateway of last resort is not set 10. EX .253. N2 . Inc.3.0.16/31 [90/30720] via 10. 00:05:59.IS-IS inter area. L1 . After pinging the default gateway.0.RIP.OSPF external type 2 i .3. P . S .3.253. try to connect to one of the core switches and a router. E2 .4/31 is directly connected.253. Port-channel32 Everything is now correct on the switch.OSPF NSSA external type 1.per-user static route o .1.OSPF NSSA external type 2 E1 .IS-IS. Port-channel32 C 10. M . L2 . O . U .1.EIGRP. B .253. Check the routing table again: show ip route Codes: C .OSPF.OSPF inter area N1 . S . su .253.mobile. Lab Guide 215 .1. U . Try to release and renew the IP address.0—2-56 Verify that you have accurately identified the problem and that your solution is correct.OSPF external type 1.253.1.connected. Vlan3 D 10.1. Port-channel32 D 10.IS-IS inter area.3.0/24 is directly connected. IA .per-user static route o .RIP.0/24 is directly connected. For the next verification.connected. E2 .1. Inc. 3 masks C 10. try a ping to the default gateway.IS-IS level-2 ia . O .static. Port-channel32 D 10.253.BGP D . © 2009 Cisco Systems.0/31 is directly connected.) Check routing table on DSW1 DSW1#sh ip route Codes: C .1. FastEthernet0/5 C 10. 2 masks C 10.253.static. Port-channel31 © 2009 Cisco Systems. SW ITCH v1.4. 00:05:59.0.IS-IS summary.mobile.1. go on the client CLT1 and carry out the same tests you performed on switch DSW1. L2 .1.OSPF.OSPF NSSA external type 1.1. * .BGP D .periodic downloaded static route Gateway of last resort is not set 10. Port-channel31 C 10.ODR.1.1. * .1.candidate default. 3d21h. 3d21h.1. M . Vlan3 D 10.253. 00:05:59.candidate default. su .IS-IS level-2 ia . Port-channel31 [90/18176] via 10.0/24 [90/18176] via 10.3.0/8 is variably subnetted.3. N2 .1.Key Clue: DSW1 Routing Configuration (cont.1.9. After successfully acquiring the network settings.253. L1 . R .OSPF inter area N1 . P .1.1.OSPF external type 2 i . Port-channel32 [90/18176] via 10.EIGRP.253.253.1. 00:05:59.0. 12 subnets.18/31 [90/30720] via 10.3. IA .253.IS-IS. 17 subnets.6/31 [90/17920] via 10.EIGRP external.EIGRP external.ODR. B .OSPF NSSA external type 2 E1 .0/24 [90/18176] via 10. All rights reserved.IS-IS summary.2/31 is directly connected. R .0/8 is variably subnetted.

0 © 2009 Cisco Systems. __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 216 Implementing Cisco Switched Networks (SWITCH) v1.Alternate Resources and Solutions Other groups may use a solution that is different from yours. Possible solutions will be discussed during the debriefing period after the lab. use the following space to document other possible solutions. Inc. For your reference. .

Inc.__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems. Lab Guide 217 .

253. everything is normal. This leads you to the conclusion that there must be differences in the EIGRP configurations of the two core switches.253.8 1116 0 3 Po32 CSW2#show ip eigrp neighbors EIGRP-IPv4 Neighbors for AS(10) H Address Interface RTO Q Seq Cnt 2 200 1 200 0 200 Num 10.253. . When you check the status of the EIGRP. Your verification shows that the EIGRP neighbor table contains not all expected neighbors.19 0 121 10. 218 Implementing Cisco Switched Networks (SWITCH) v1. When you check the neighbor table on switch CSW2. your logical next step is to log in to switch CSW1 and check the routing.1. Inc. you also see similar differences.253. SWITCH v1. Key Clue: EIGRP on CSW1 and CSW2 CSW1#show ip eigrp neighbors EIGRP-IPv4 Neighbors for AS(20) H Address Interface RTO Q Seq Cnt Num 0 10.. The routing configuration on switches CSW1 and CSW2 must be identical because they provide routing redundancy in the network. Inc.1.0 © 2009 Cisco Systems.1.1.2 0 55 10. When you examine switches DSW1 and DSW2. All rights reserved.Trouble Ticket B: Sample Troubleshooting Flow The following pages illustrate an example of a method that you could follow to diagnose and resolve Trouble Ticket B.17 0 117 Hold Uptime SRTT (sec) (ms) 12 00:01:34 186 Hold Uptime SRTT (sec) (ms) Po31 14 00:45:50 3 Fa0/12 12 01:17:19 1 Fa0/11 14 02:15:47 1 © 2009 Cisco Systems. you see no neighborship to CSW1.0—4-52 After you analyze the preliminary data.

253.17 Fa0/12 14 00:32:20 1 200 0 41 4 10. After the correction of the problem. one per line.253. CSW1(config)#no router eigrp 20 CSW1(config)#router eigrp 10 CSW1(config-router)#network 10.0.0 Po31 12 00:00:30 14 200 0 15 CSW1# © 2009 Cisco Systems. End with CNTL/Z.1.Key Clue: EIGRP Reconfiguration on CSW1 CSW1#conf t Enter configuration commands. Inc.253.8 Po32 13 00:00:30 14 200 0 3 10.0. © 2009 Cisco Systems.1.11 Po33 10 00:32:22 1 200 0 49 You find that the EIGRP AS number is incorrect.1.13 Fa0/11 12 00:00:30 12 200 0 28 1 10.1.0 0.0 0.1.255 CSW1#show ip eigrp neighbors EIGRP-IPv4:(10) neighbors for process 10 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 1 10.255. Lab Guide 219 .11 Po33 12 00:00:30 9 200 0 18 65 2 10.0 Po31 13 00:32:44 196 1176 0 283 3 10.253.1. Correct the issue in the same way on switch DSW2. CSW1(config)#no router eigrp 20 CSW1(config)#router eigrp 10 CSW1(config-router)# network 10.15 Fa0/12 13 00:00:30 12 200 0 28 0 10.15 Fa0/11 11 00:32:10 13 200 0 40 2 10. End with CNTL/Z.4 Po32 10 00:32:18 1 200 0 49 5 10.255 CSW1(config-router)#^Z CSW1# CSW1#show ip eigrp neighbors EIGRP-IPv4 Neighbors for AS(10) H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 4 10.1.1.0.0.1. All rights reserved.253. Inc. your next step is to correct the configuration on switch CSW1: CSW1#conf t Enter configuration commands.1.253.253.253. verify that the EIGRP is back to normal.1.253. SW ITCH v1.0—2-56 After you find the differences in the EIGRP configurations.1.255.253. one per line.

__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 220 Implementing Cisco Switched Networks (SWITCH) v1. For your reference.Alternate Resources and Solutions Other groups may use a solution that is different from yours. Inc.0 © 2009 Cisco Systems. . use the following space to document other possible solutions. Possible solutions will be discussed during the debriefing period after the lab.

Inc.__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems. Lab Guide 221 .

0—45 You find a problem with client CLT1 connectivity.11-12.3-4.50 Type escape sequence to abort. 222 Implementing Cisco Switched Networks (SWITCH) v1. timeout is 2 seconds: . When you check the trunk configuration on the interface pointing to the ASW1 switch..3.50. and client CLT2 has the same issue.11-12. you see that there is a failure. you can confirm that all VLANs are present. Inc.1q trunking 1 Port Fa0/6 Vlans allowed on trunk 1. Between client CLT1 and switch DSW1 there is only the ASW1 switch. Sending 5. check the connectivity to client CLT1 from switch DSW1. SWITCH v1. The client CLT 2 connectivity is solved by using the same process.11-12. This flow shows how to solve the client CLT1 connectivity issue.3-4.. 100-byte ICMP Echos to 10.1.14.3-4.Trouble Ticket C: Sample Troubleshooting Flow The following pages illustrate an example of a method that you could follow to diagnose and resolve Trouble Ticket B. Again. To exclude deeper network problems.63-66 Port Fa0/6 Vlans in spanning tree forwarding state and not pruned 1.3.. The logical next step is to verify the links between these two switches. . Success rate is 0 percent (0/5) DSW1# DSW1#show interfaces FastEthernet 0/6 trunk Port vlan Fa0/6 Mode Encapsulation Status Native on 802.0 © 2009 Cisco Systems.1.63-66 © 2009 Cisco Systems. All rights reserved. Inc..63-66 Port Fa0/6 Vlans allowed and active in management domain 1. Key Clue: DSW1 to PC1 Connectivity DSW1#ping 10.

63.Key Clue: ASW1 Trunk to DSW1 ASW1#sh interface FastEthernet 0/1 trunk Port Mode Native vlan Fa0/1 on Encapsulation Status 802.65 Port Fa0/1 Vlans allowed and active in management domain 1.65 Port pruned Fa0/1 ASW1# Vlans in spanning tree forwarding state and not © 2009 Cisco Systems. All rights reserved. check the trunk configuration on the interfaces pointing to switch DSW1. 1.63.63. which is the VLAN where client CLT1 resides. Inc. © 2009 Cisco Systems. you find that VLAN 4.11. Inc. is absent. To finish the check that you started on switch DSW1. which is the client CLT2 VLAN.0—4-52 Next. is also absent from the switch ASW2 trunk to switch DSW2. Lab Guide 223 . concentrate on the ASW1 switch because the evidence indicates that the problem must be on that switch.11. You find out that VLAN 3.11. When checking switch ASW2.65 SWITCH v1.1q trunking 1 Port Fa0/1 Vlans allowed on trunk 1.

3. Inc.65 Port Fa0/1 Vlans allowed and active in management domain 1.3. one per line.11.11. Inc.1q trunking 1 Port Vlans allowed on trunk Fa0/1 1-4094 Port Vlans allowed and active in management domain Fa0/1 1.11.0 © 2009 Cisco Systems.65 © 2009 Cisco Systems.65 In the same way. ASW1(config)#interface range fastEthernet 0/1 . one per line.3.63. . add VLAN 4 to the switch ASW2 trunk to switch DSW2.0—4-52 To fix the problem. SWITCH v1.Key Clue: Configure ASW1 ASW1#conf t Enter configuration commands.63.3.65 Port pruned Fa0/1 ASW1# Vlans in spanning tree forwarding state and not 1. End with CNTL/Z.1q trunking 1 Port Fa0/1 Vlans allowed on trunk 1. All rights reserved.63.2 ASW1(config-if)# switchport trunk allowed vlan add 3 After the changes are made. End with CNTL/Z ASW1(config)# interface range FastEthernet 0/1 – 2 ASW1(config-if)# switch trunk allowed vlan add 3 ASW1#sh interface FastEthernet 0/1 trunk Port Mode Native vlan Fa0/1 on Encapsulation Status 802.11. verify that they are correct: ASW1#show interfaces fastEthernet 0/1 trunk Port Mode Encapsulation Status Native vlan Fa0/1 on 802. 224 Implementing Cisco Switched Networks (SWITCH) v1.63. allow the needed VLANs on both interfaces to point to switches DSW1 and DSW2: ASW1#conf t Enter configuration commands.

__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems.Alternate Resources and Solutions Other groups may use a solution that is different from yours. use the following space to document other possible solutions. For your reference. Inc. Lab Guide 225 . Possible solutions will be discussed during the debriefing period after the lab.

Inc.0 © 2009 Cisco Systems.__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 226 Implementing Cisco Switched Networks (SWITCH) v1. .

Lab Guide 227 .Lab 4-2: Key Commands and Tools Used __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems. Inc.

To respond to the need for monitoring the network state. Once the design is complete. . This is why a solution is needed that implements logs from different devices that are gathered in a single place. After completing this activity. Inc. you will configure your switches to send information to a syslog and an SNMP server. In this lab. and an IP SLA solution „ Create an implementation requirements list „ Create a step-by-step implementation and verification plan „ Implement and verify your solution Implementing Cisco Switched Networks (SWITCH) v1. you will implement such a solution. you will be able to meet these objectives: 228 „ Design a high availability solution consisting of a syslog. SNMP reporting.0 © 2009 Cisco Systems. you will also implement an IP SLA-based solution. you will connect to your remote lab to implement your solution. Activity Objective The dynamics of administering a large network often prevent a daily verification of the state and activity on each device. To achieve this goal.Lab 5-1: Implementing High Availability and Reporting in a Network Design Complete this lab activity to confirm your knowledge on the topics of high availability and reporting.

and CSW2. and CSW1 should probe switch ASW1. Read this information carefully. „ Configure switches ASW2. „ On all switches and routers. In both cases you should use the default SNMP version with Read-only community. Lab Guide 229 . and switch CSW2 should probe switch ASW2. CSW1. DSW2. DSW1. VLAN membership. Configure your routers to send relevant server information on configuration changes to the SNMP server. and interface status that has been changed to error-disable to the SNMP server. Switch ASW1 should probe switch CSW1. CSW2. and router R1 to send syslog information to client CLT1. and describes the requirements common to all devices in the network. © 2009 Cisco Systems. Switch ASW2 should probe switch CSW2. CSW1. „ Execute the verification plan to ensure IP connectivity. DSW2. „ Configure ICMP probes for the IP SLA between switches ASW2 and CSW2. and router R1 to send SNMP traps to client CLT1. DSW1. and router R2 to send syslog information to client CLT2. CSW1. „ Configure switches ASW2. Implementation Policy You must configure SNMP. The following list details preparation and configuration requirements for all switches in the company network. Configure ICMP probes for the IP SLA between switches ASW1 and CSW1.Required Resources This section contains the information needed to accomplish in this activity. Your configuration must implement all requirements: „ Configure switches ASW1. „ Configure switches ASW1. configure the level of syslog messages to be informational. syslog. „ Configure IP SLA on switches ASW1. Inc. and IP SLA in your network. ASW2. CSW2 and router R2 to send SNMP traps to client CLT2. along with information specific to each device. „ Configure your switches to send relevant server information concerning configuration changes.

syslog.Device Information The table provides information about SNMP. and IP SLA: Device Name Send to Syslog? Syslog Server Send to SNMP Server? SNMP Server IP SLA To Switch ASW1 Yes CLT1 Yes CLT1 CSW1 ASW2 Yes CLT2 Yes CLT2 CSW2 DSW1 Yes CLT1 Yes CLT1 — DSW2 Yes CLT2 Yes CLT2 — CSW1 Yes CLT1 Yes CLT1 ASW1 CSW2 Yes CLT2 Yes CLT2 ASW2 R1 Yes CLT1 Yes CLT1 — R2 Yes CLT2 Yes CLT2 — Visual Objective The figure illustrates what you will accomplish in this activity. . All rights reserved.0 SWITCH v1. Inc. 230 Implementing Cisco Switched Networks (SWITCH) v1. Inc.0—48 © 2009 Cisco Systems. Visual Objective for Lab 5-1: Implement HA in a Network Design © 2009 Cisco Systems.

„ For access-list-number. Inc. IP SLAs choose the IP address nearest to the destination. „ The deny keyword denies access if the conditions are matched.Command List The table describes the commands that are used in this activity. „ (Optional) source-interface interface-id—Specify the source interface for the operation. repeating the command as many times as necessary. Command Description access-list access-list-number {deny | permit} source [source-wildcard] If you specified an IP standard access list number in the previous step. „ (Optional) For source-wildcard. © 2009 Cisco Systems. then create the list. frequency seconds (Optional) Set the rate at which a specified IP SLA operation repeats. enter the IP address of the SNMP managers that are permitted to use the community string to gain access to the agent. enter the access list number specified in previous step. „ For source. enter the wildcard bits in dotted decimal notation to be applied to the source. Place ones in the bit positions that you want to ignore. The range is from 1 to 604800 seconds. icmp-echo {destination-ip-address | destination-hostname} [source-ip {ipaddress | hostname} | sourceinterface interface-id] Configure the IP SLA operation as an ICMP echo operation and enter ICMP echo configuration mode. „ (Optional) source-ip {ip-address | hostname}—Specify the source IP address or hostname. „ destination-ip-address | destination-hostname—Specify the destination IP address or hostname. When a source IP address or hostname is not specified. the default is 60 seconds. The permit keyword permits access if the conditions are matched. Lab Guide 231 .

„ operation-number—Enter the Cisco IOS IP SLA entry number. specify the name or IP address of the host to be used as the syslog server. If no month is entered. Note The IP address and port number must match those configured on the source device for the IP SLA operation. — Enter pending to select no information collection until a start time is selected. minute. The range is from 0 to 2147483647. and day of the month. The range is 0 to 2073600 seconds. The optional keywords have these meanings: „ tcp-connect—Enable the responder for TCP connect operations. „ udp-echo—Enable the responder for User Datagram Protocol (UDP) echo or jitter operations. — Enter after hh:mm:ss to show that the operation should start after the entered time has elapsed. „ port port-number—Enter the destination port number.0 © 2009 Cisco Systems. enter the hour. 232 Implementing Cisco Switched Networks (SWITCH) v1. The default is 3600 seconds (1 hour). „ (Optional) life—Set the operation to run indefinitely (forever) or for a specific number of seconds. — Enter now to start the operation immediately. ip sla operation-number Create a IP SLA operation. the default is the current month. For host. second (in 24-hour notation). „ (Optional) start-time—Enter the time for the operation to begin collecting information: — To start at a specific time. logging buffered [size] Log messages to an internal buffer on the switch. „ (Optional) ageout seconds—Enter the number of seconds to keep the operation in memory when it is not actively collecting information.Command Description ip sla monitor schedule operationnumber [life {forever | seconds}] [start-time {hh:mm [:ss] [month day | day month] | pending | now | after hh:mm:ss] [ageout seconds] [recurring] Configure the scheduling parameters for an individual IP SLA operation. . Inc. „ ipaddress ip-address—Enter the destination IP address. „ (Optional) recurring—Set the operation to automatically run every day. ip sla responder {tcp-connect | udp-echo} ipaddress ip-address port port-number Configure the switch as an IP SLA responder. logging host Log messages to a UNIX syslog server host. and enter IP SLA configuration mode. the default is 0 seconds (never ages out).

specify the view record accessible to the community. Configure a name for either the local or remote copy of SNMP. „ (Optional) For limit number-of-buffers. „ Enable synchronous logging of messages. Messages with a severity level equal to or higher than this value are printed asynchronously. The default is 20. „ (Optional) For level severity-level.Command Description line [console | vty] line-number [ending-line-number] Specify the line to be configured for synchronous logging of messages. logging synchronous [level [severity-level | all] | limit number-ofbuffers] „ Use the console keyword for configurations that occur through the switch console port. no logging console Disable message logging. The range is 0 to 2147483647. For example. enter an IP standard access list numbered from 1 to 99 and 1300 to 1999. you can enter this: snmp-server engineID local 1234. show ip sla configuration [operation-number] (Optional) Display configuration values. By default. The default is 2. specify the ip-address of the device that contains the remote copy of SNMP and the optional User Datagram Protocol (UDP) port on the remote device. „ The engineid-string is a 24-character ID string with the name of the copy of SNMP. show snmp Displays SNMP statistics. You need not specify the entire 24-character engine ID if it has trailing zeros. „ (Optional) For view. including all defaults for all IP SLA operations or a specified operation. The default is 162. Low numbers mean greater severity and high numbers mean lesser severity. You can configure one or more community strings of any length. snmp-server community string [view view-name] [ro | rw] [accesslist-number] Configure the community string. show ip sla statistics Displays information about the IP SLA tests. „ (Optional) For access-list-number. „ Use the line vty line-number command to specify which vty lines are to have synchronous logging enabled. show ip sla responder Verify the IP SLA responder configuration on the device. the community string permits read-only access to all objects. specify the message severity level. The range of line numbers is from 0 to 15. „ For string. Inc. „ (Optional) Specify either read-only (ro) if you want authorized management stations to retrieve MIB objects. Specify only the portion of the engine ID up to the point where only zeros remain in the value. Lab Guide 233 . specify the number of buffers to be queued for the terminal after which new messages are dropped. or specify read-write (rw) if you want authorized management stations to retrieve and modify MIB objects. „ (Optional) Specifying level all means that all messages are printed asynchronously regardless of the severity level. „ If you select remote. specify a string that acts like a password and permits access to the SNMP protocol. to configure an engine ID of 123400000000000000000000. snmp-server engineID {local engineid-string | remote ip-address [udp-port port-number] engineidstring} © 2009 Cisco Systems. You use a vty connection for configurations that occur through a Telnet session.

„ Priv—Enables Data Encryption Standard (DES) packet encryption (also called privacy). 2c. This is the default if no keyword is specified. or trap. „ Specify a security model: — v1 is the least secure of the possible security models. specify the name or Internet address of the host (the targeted recipient). „ (Optional) Enter access access-list with a string (not to exceed 64 characters) that is the name of the access list. enter snmp-server enable traps. select authentication level auth. Inc. enter the password-like community string sent with the notification operation. noauth. „ (Optional) Enter traps (the default) to send SNMP traps to the host. enter the SNMPv3 username. specify the name of the group. requires you to select an authentication level: „ Auth—Enables the Message Digest 5 (MD5) and the Secure Hash Algorithm (SHA) packet authentication.Command Description snmp-server group groupname {v1 | v2c | v3 {auth | noauth | priv}} [read readview] [write writeview] [notify notifyview] [access access-list] Configure a new SNMP group on the remote device. „ (Optional) Enter notify notifyview with a string (not to exceed 64 characters) that is the name of the view in which you specify a notify. For groupname. „ (Optional) Specify the SNMP version (1. when version 1 or version 2c is specified. [informs | traps] [version {1 | 2c | 3 {auth | noauth | priv}}] communitystring [notification-type] „ For host-addr. snmp-server host host-addr Specify the recipient of an SNMP trap operation. SNMPv1 does not support informs. . snmp-server enable traps notification-types 234 „ Enable the switch to send traps or informs and specifies the type of notifications to be sent. or 3). „ Noauth—Enables the noAuthNoPriv security level. — v3.0 © 2009 Cisco Systems. — v2c is the second least secure model. When version 3 is specified. the most secure. „ (Optional) Enter informs to send SNMP informs to the host. inform. „ (Optional) Enter read readview with a string (not to exceed 64 characters) that is the name of the view in which you can only view the contents of the agent. „ (Optional) Enter write writeview with a string (not to exceed 64 characters) that is the name of the view in which you enter data and configure the contents of the agent. It allows transmission of informs and integers twice the normal width. „ For community-string. or priv. Implementing Cisco Switched Networks (SWITCH) v1. „ (Optional) For Version 3. „ (Optional) For notification-type.

When a port number is not specified. The range is 1 to 6000. Job Aids These are the job aids for this lab activity: Value Location Blank implementation requirements list Task 1 Blank implementation and verification plan form Task 2 Blank verification notes form Task 3 Alternate resources and solutions form End of this lab Key commands and tools used form End of this lab Implementation requirements hints “Hints” section at the end of this lab Implementation and verification plan hints “Hints” section at the end of this lab Solution configuration answer key (step-by-step procedure) Configuration section at the end of this lab © 2009 Cisco Systems. „ (Optional) control—Enable or disable sending of IP SLA control messages to the IP SLA responder. IP SLAs choose the IP address nearest to the destination. „ destination-ip-address | destination-hostname—Specify the destination IP address or hostname. The range is 1 to 6000. the default value is 20 ms. IP SLAs choose an available port. When a source IP address or hostname is not specified. Inc.Command Description udp-jitter {destination-ip-address | destination-hostname} destinationport [source-ip {ip-address | hostname}] [source-port portnumber] [control {enable | disable}] [num-packets number-of-packets] [interval interpacket-interval] Configure the IP SLA operation as a UDP jitter operation. „ (Optional) interval inter-packet-interval—Enter the interval between sending packets in milliseconds. Lab Guide 235 . „ (Optional) source-port port-number—Specify the source port number in the range from 1 to 65535. „ destination-port—Specify the destination port number in the range from 1 to 65535. „ (Optional) num-packets number-of-packets—Enter the number of packets to be generated. IP SLA control messages are sent to the destination device to establish a connection with the IP SLA responder. By default. the default is 10. „ (Optional) source-ip {ip-address | hostname}—Specify the source IP address or hostname. and enter UDP jitter configuration mode.

Task 1: Create an Implementation Requirement List for High Availability and Reporting After you have analyzed the information in the “Required Resources” section. the Visual Objective for this lab. . Device 236 High-Level Task Implementing Cisco Switched Networks (SWITCH) v1. your first task is to create a list where you will document the requirements for a successful implementation. Inc.0 Information Source © 2009 Cisco Systems. Use the following table. use the information provided in the “Hints” section at the end of this lab. If you are unsure. and the “Implementation Policy” and “Device Information” sections to create your implementation requirements list.

You will move to the actual implementation in the next task.Task 2: Create an Implementation and Verification Plan The second step in your configuration deployment is to create a task list that includes each item that must be configured on each device and in what order the items must be configured. Inc. The task will help you set up configuration checkpoints. use the information provided in the “Hints” section at the end of this lab. Use the following table and the “Required Resources” section to create the Implementation and Verification Plan. Complete √ © 2009 Cisco Systems. Use the plan to determine how you will verify that each required item was effectively configured. The Implementation and Verification Plan is very important. Device Implementation Order Values and Items to Implement Verification Method and Expected Results Lab Guide 237 . because it enables you to ensure that all requirements are properly configured and in the correct order. If you are unsure.

verify that your configuration is working and fulfills the requirements specified.Task 3: Implement and Verify Now that you have all of the requirements and have planned the implementation. Once your solution is implemented. 238 Implementing Cisco Switched Networks (SWITCH) v1. . Use the previous table to document the verifications you conducted to ensure that your solution is complete. if you need help. Inc. this section contains a series of hints to help you complete the lab. However. you are ready to connect to the remote lab and implement your solution.0 © 2009 Cisco Systems. Do not forget to save.

Student Notes Use the following space to document the details that you think are important to remember. Inc. Lab Guide 239 . __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems.

0 © 2009 Cisco Systems. Inc.__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 240 Implementing Cisco Switched Networks (SWITCH) v1. .

use the following space to document other possible solutions.Alternate Resources and Solutions Other groups may use a solution that is different from yours. For your reference. Inc. Lab Guide 241 . __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems. Possible solutions will be discussed during the debriefing period after the lab.

__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 242 Implementing Cisco Switched Networks (SWITCH) v1.0 © 2009 Cisco Systems. . Inc.

Inc. Lab Guide 243 .Lab 5-1: Key Commands and Tools Used __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems.

0 © 2009 Cisco Systems. this section contains a series of hints to help you complete the lab. if you need help. The list details the elements needed to develop an implementation plan. Design and Implementation Requirements DSW2 Syslog server Visual Objective. Design and Implementation Requirements CSW2 SNMP Visual Objective. Design and Implementation Requirements CSW2 Syslog server Visual Objective. Lab 5-1 Hint Sheet: Implementing High Availability and Reporting in a Network Design Implementation Requirements To facilitate the configuration of your network.Hints You are encouraged to complete the labs using your knowledge. Design and Implementation Requirements R2 SNMP Visual Objective. Design and Implementation Requirements R1 SNMP Visual Objective. the first task asks you to create an Implementation Requirements list. Design and Implementation Requirements CSW1 SNMP Visual Objective. Design and Implementation Requirements R2 Syslog server Visual Objective. Design and Implementation Requirements R1 Syslog server Visual Objective. Design and Implementation Requirements CSW1 IP SLA Visual Objective. Design and Implementation Requirements CSW2 IP SLA Visual Objective. However. Inc. Design and Implementation Requirements DSW1 SNMP Visual Objective. The following is an example of such a list: Device Implementation Requirement All switches and routers Syslog server Implementation Policy All switches and routers SNMP Implementation Policy ASW1 and CSW1 IP SLA Implementation Policy ASW2 and CSW2 IP SLA Implementation Policy All switches and routers Verification Implementation Policy Device 244 High-Level Task Lab 5-1 Section Containing Hint Information Source ASW1 Syslog server Visual Objective. Design and Implementation Requirements ASW2 IP SLA Visual Objective. . Design and Implementation Requirements ASW1 IP SLA Visual Objective. Design and Implementation Requirements DSW1 Syslog server Visual Objective. Design and Implementation Requirements ASW2 Syslog server Visual Objective. Design and Implementation Requirements ASW2 SNMP Visual Objective. Design and Implementation Requirements CSW1 Syslog server Visual Objective. Design and Implementation Requirements Implementing Cisco Switched Networks (SWITCH) v1. Design and Implementation Requirements ASW1 SNMP Visual Objective. Design and Implementation Requirements DSW2 SNMP Visual Objective.

50 show logging CSW1 15 logging traps informational show logging CSW2 16 logging on show logging CSW2 17 logging 10. There are several possible correct solutions.1. An example of the Implementation and Verification Plan follows.1.Implementation and Verification Plan In the Task 2.3.4.3.4. you will create an Implementation and Verification Plan.1. Inc.100 show logging CSW2 18 logging traps informational show logging ASW1 19 snmp-server enable traps errdisable show snmp ASW1 20 snmp-server enable traps config show snmp ASW1 21 snmp-server enable traps vlan-membership show snmp ASW1 23 snmp-server community ciscor ro show snmp ASW1 24 snmp-server host 10.100 show logging ASW2 6 logging traps informational show logging DSW1 7 logging on show logging DSW1 8 logging 10. You can then configure each switch with items that are unique to each device.1. Complete √ © 2009 Cisco Systems.1. One possible approach groups items that are common to all switches in a template and then applies the template to all switches.1.1.3.100 show logging DSW2 12 logging traps informational show logging CSW1 13 logging on show logging CSW1 14 logging 10.4. Device Implementation Order Values and Items to Implement Verification Method and Expected Results ASW1 1 logging on show logging ASW1 2 logging 10.50 traps ciscor show snmp Lab Guide 245 .50 show logging DSW1 9 logging traps informational show logging DSW2 10 logging on show logging DSW2 11 logging 10.50 show logging ASW1 3 logging traps informational show logging ASW2 4 logging on show logging ASW2 5 logging 10.3.

0 © 2009 Cisco Systems.50 traps ciscor show snmp 35 snmp-server enable traps errdisable show snmp 36 snmp-server enable traps config show snmp 37 snmp-server enable traps vlan-membership show snmp 38 snmp-server community ciscor ro show snmp 39 snmp-server host 10.50 traps ciscor show snmp 45 snmp-server enable traps errdisable show snmp 46 snmp-server enable traps config show snmp 47 snmp-server enable traps vlan-membership show snmp DSW1 DSW1 DSW1 DSW1 DSW1 DSW2 DSW2 DSW2 DSW2 DSW2 CSW1 CSW1 CSW1 CSW1 CSW1 CSW2 CSW2 CSW2 246 Implementing Cisco Switched Networks (SWITCH) v1.3.3.Complete √ Device Implementation Order Values and Items to Implement Verification Method and Expected Results ASW2 25 snmp-server enable traps errdisable show snmp ASW2 26 snmp-server enable traps config show snmp ASW2 27 snmp-server enable traps vlan-membership show snmp ASW2 28 snmp-server community ciscor ro show snmp ASW2 29 snmp-server host 10.4. Inc.1.1.100 traps ciscor show snmp 30 snmp-server enable traps errdisable show snmp 31 snmp-server enable traps config show snmp 32 snmp-server enable traps vlan-membership show snmp 33 snmp-server community ciscor ro show snmp 34 snmp-server host 10.100 traps ciscor show snmp 40 snmp-server enable traps errdisable show snmp 41 snmp-server enable traps config show snmp 42 snmp-server enable traps vlan-membership show snmp 43 snmp-server community ciscor ro show snmp 44 snmp-server host 10.1.4.1. .

1. Inc.1 show ip sla configuration CSW1 64 ip sla schedule 1 life forever start-time now show ip sla statistics CSW2 65 Ip sla 1 show ip sla configuration CSW2 66 Icmp-echo 10. Lab Guide 247 .1.4.1.1.1.253.Complete √ Device Implementation Order Values and Items to Implement Verification Method and Expected Results 48 snmp-server community ciscor ro show snmp 49 snmp-server host 10.100 traps ciscor show snmp ASW1 56 Ip sla 1 show ip sla configuration ASW1 57 Icmp-echo 10.1 show ip sla configuration ASW1 58 ip sla schedule 1 life forever start-time now show ip sla statistics ASW2 59 Ip sla 1 show ip sla configuration ASW2 60 Icmp-echo 10.4.50 traps ciscor show snmp 53 snmp-server enable traps config show snmp 54 snmp-server community ciscor ro show snmp 55 snmp-server host 10.3.1.1.4.3.2 show ip sla configuration CSW2 67 ip sla schedule 1 life forever start-time now show ip sla statistics CSW2 CSW2 R1 R1 R1 R2 R2 R2 © 2009 Cisco Systems.253.7 show ip sla configuration ASW2 61 ip sla schedule 1 life forever start-time now show ip sla statistics CSW1 62 Ip sla 1 show ip sla configuration CSW1 63 Icmp-echo 10.100 traps ciscor show snmp 50 snmp-server enable traps config show snmp 51 snmp-server community ciscor ro show snmp 52 snmp-server host 10.

using the configure terminal command. 150 message lines logged.51 (udp port 514. „ Enter configuration mode. and CSW2. xml disabled. for example. 0 messages rate-limited.50 traps ciscor ASW1(config)# snmp-server enable traps errdisable ASW1(config)# snmp-server enable traps config ASW1(config)# snmp-server enable traps vlan-membership 248 Implementing Cisco Switched Networks (SWITCH) v1.50 ASW1(config)# logging trap informational Step 3 Repeat Steps 1 and 2 on switches ASW2. 0 message lines rate-limited. DSW1. 0 messages logged. encryption disabled.1.1. filtering disabled Exception Logging: size (4096 bytes) Count and timestamp logging messages: disabled File logging: disabled Persistent logging: disabled Trap logging: level informational. audit disabled. „ Enter privilege mode.3. „ Access the Switch console. Console logging: disabled Monitor logging: level debugging. . filtering disabled) No Active Message Discriminator. xml disabled. Inc. DSW2. and on routers R1 and R2 using the appropriate IP addresses of the syslog server. 0 message lines dropped-by-MD.Step-by-Step Procedure Step 1 Connect to the ASW1 switch interface in configuration mode: Step 2 „ Connect to the remote lab. 1000 message lines logged Logging to 10. link up). 0 flushes. CSW1.1. on switch DSW1: DSW1#show logging Syslog logging: enabled (0 messages dropped.0 © 2009 Cisco Systems. filtering disabled Buffer logging: level debugging. using the enable command. sequence number disabled filtering disabled Step 4 Configure SNMP on switch ASW1: ASW1(config)# snmp-server community ciscor ro ASW1(config)# snmp-server host 10. xml disabled. 1022 messages logged. Verify the syslog server configuration.3. No Inactive Message Discriminator. Configure the syslog server on switch ASW1: ASW1(config)# logging on ASW1(config)# logging 10. 0 overruns.3. authentication disabled. xml disabled.

on CSW1: CSW1#show snmp Chassis: FDO1310X136 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get-request PDUs 0 Get-next PDUs 0 Set-request PDUs 0 Input queue packet drops (Maximum queue size 1000) 5 SNMP packets output 0 Too big errors (Maximum packet size 1500) 0 No such name errors 0 Bad values errors 0 General errors 0 Response PDUs 5 Trap PDUs SNMP global trap: disabled SNMP logging: enabled Logging to 10.231 eastern Fri Mar 5 1993 Latest operation return code: OK Number of successes: 290 Number of failures: 0 Operation time to live: Forever © 2009 Cisco Systems.1. CSW1. Lab Guide 249 . 0/10. On routers R1 and R2. Inc.1. DSW1. Verify the SNMP configuration. SNMP agent enabled Step 6 Configure IP SLA on switch ASW1: ASW1(config)# ip sla 1 ASW1(config-ip-sla)#icmp-echo 10. 5 sent. for example.3. and CSW2 with the appropriate IP addresses. Verify that the IP SLA test is running: CSW1#show ip sla statistics Round Trip Time (RTT) for Index 1 Latest RTT: 1 ms Latest operation start time: *22:24:34. DSW2. ASW2.162. repeat Step 4 without errdisable and without vlan-membership.1 ASW1(config)# ip sla schedule 1 life forever start-time now Step 7 Repeat Step 6 on switches CSW1.51. and CSW2.253.Step 5 Repeat Step 4 on switches ASW2. 0 dropped.

You like the idea because you do not want to take unnecessary risks. you will connect to your remote lab to implement your solution. Inc. You dig deep into the documentation and find out about the existence of a protocol called Hot Standby Router Protocol (HSRP). you realize the need to create a design. but asks you to demonstrate HSRP in a step-by-step manner so he can understand the various features and how it really works. . and perform the reconfiguration. After an informal discussion with your IT manager. Activity Objective The Cisco account manager for your company has become a friend of yours. you will be able to meet these objectives: 250 „ Design an HSRP solution „ Create an implementation requirements list „ Create a step-by-step implementation and verification plan „ Implement and verify your solution Implementing Cisco Switched Networks (SWITCH) v1. he tells you to proceed with the project. implementation plan..0 © 2009 Cisco Systems. As you leave him.Lab 6-1: Implement and Tune HSRP Complete this lab activity to practice what you learned in the related module. Once the design is complete. while having a friendly chat with him and an engineer from Cisco. After completing this activity. the engineer mentioned the need for a network to have a redundancy mechanism implemented. Once.

Implementation Policy You must configure HSRP in your network. The loss of connectivity to these interfaces will decrement the priority of switch DSW1 by 30. use the alias command ”init-6_1-6_2” ). then reenabling the link. © 2009 Cisco Systems. The loss of connectivity to these interfaces will decrement the priority of switch DSW1 by 30.Required Resources This section contains the information needed to accomplish in this activity. without tracking. switches DSW1 and DSW2 will be the default gateways for the clients. implement the preempt feature and test. — Once this has been tested. Inc. along with information specific to each device. The following list details preparation and configuration requirements for all switches in the company network. Test by shutting down the link to the primary HSRP router. — Once you have tested this. and without priority. without preempt. „ Switch DSW2 will be the primary HSRP router on VLAN 4 and the secondary HSRP router on VLAN 3. „ The primary HSRP on switch DSW1 will track interfaces Po31 and Po32. Your configuration must implement all these requirements: „ You must implement two HSRP solutions: one offering first-hop redundancy for client CLT1 in VLAN 3. implement tracking and priority. ( To prepare the routers for this lab. „ Switch DSW1 will be the primary HSRP router on VLAN 3 and the secondary HSRP router on VLAN 4. Read the information carefully. and describes the requirements common to all devices in the network. „ Preempt should be configured so that each Layer 3 switch tries to become primary whenever possible. „ For both cases. „ The primary HSRP on switch DSW2 will track interfaces Po31 and Po32. proceed in the following order: — Start by implementing HSRP in both VLANs. „ In your implementation. Lab Guide 251 . and one offering first-hop redundancy for client CLT2 in VLAN 4.

4.1 CSW1 No — — — CSW2 No — — — R1 No — — — R2 No — — — Visual Objective The figure illustrates what you will accomplish in this activity.3 10.Device Information The table provides information about IP addresses: Device Name HSRP IP Address VLAN 3 IP Address VLAN 4 HSRP IP Address ASW1 No — — — ASW2 No — — — DSW1 Yes 10.3. Inc.3.1.1.1 DSW2 Yes 10. Inc.1.2 10.0 SWITCH v1.4.3.1. . 252 Implementing Cisco Switched Networks (SWITCH) v1. Visual Objective for Lab 6-1: Implement and Tune HSRP © 2009 Cisco Systems.0—49 © 2009 Cisco Systems.2 10. All rights reserved.1.3 10.1.4.

Lab Guide 253 . „ (Optional) group-number—The group number to which the command applies. „ (Optional) group-number—The group number to which the command applies. Sets a priority value used in choosing the active router. The range is 0 to 3600 (1 hour). Command Description configure terminal Enters global configuration mode from privileged EXEC mode. „ type—Enter the interface type (combined with the interface number) that is tracked.Command List The table describes the commands that are used in this activity. „ (Optional on all but one interface) ip-address—The virtual IP address of the hot standby router interface. with the next highest as the standby router. the primary IP addresses are compared and the higher IP address is the active router. Inc. „ number—Enter the interface number (combined with the interface type) that is tracked. Creates (or enables) the HSRP group using its number and virtual IP address. „ (Optional) group-number—The group number on the interface for which HSRP is being enabled. „ 2— Select HSRPv2. „ (Optional) delay—Set to cause the local router to postpone taking over the active role for the shown number of seconds. The highest number represents the highest priority. interface interface-id Enters interface configuration mode. The range is 1 to 255. „ (Optional) preempt—Select so that when the local router has a higher priority than the active router. it assumes control as the active router. the default is 0 (no delay before taking over). „ (Optional) secondary—The IP address is a secondary hot standby router interface. standby version {1 | 2} (Optional) Configures the HSRP version on the interface. „ (Optional) interface-priority—Enter the amount by which the hot standby priority for the router is decremented or incremented when the interface goes down or comes back up. standby [group-number] ip [ipaddress [secondary]] standby [group-number] priority priority [preempt [delay delay]] standby [group-number] track type number [interface-priority] show standby [interface-id [group]] © 2009 Cisco Systems. you do not need to enter a group number. the default is 0. Configures an interface to track other interfaces so that if one of the other interfaces goes down. The default value is 10. „ 1— Select HSRPv1. the default priority is 100. If there is only one HSRP group. the device's hot standby priority is lowered. Verify the configuration. it can be learned on the other interfaces. and enters the Layer 3 interface on which you want to enable HSRP. You must enter the virtual IP address for at least one of the interfaces. The range is 0 to 255. If neither router is designated as a secondary or standby router and no priorities are set.

0 © 2009 Cisco Systems.Job Aids These are the job aids for this lab activity: 254 Value Location Blank implementation requirements list Task 1 Blank implementation and verification plan form Task 2 Blank verification notes form Task 3 Alternate resources and solutions form End of this lab Key command and tools used form End of this lab Implementation requirements hints “Hints” section at the end of this lab Implementation and verification plan hints “Hints” section at the end of this lab Solution configuration answer key (step-by-step procedure) Configuration section at the end of this lab Implementing Cisco Switched Networks (SWITCH) v1. . Inc.

the Visual Objective at the beginning of this lab. and the “Implementation Policy” and “Device Information” sections to create your implementation requirements list. If you are unsure. use the information provided in the “Hints” section at the end of this lab. High-Level Task Information Source Lab Guide 255 . your first task is to create a list where you will document the requirements for a successful implementation. Inc. Device © 2009 Cisco Systems.Task 1: Create an Implementation Requirements List for HSRP Configuration After you have analyzed the information in the “Required Resources” section. Use the following table.

The Implementation and Verification Plan is very important. Inc. Use the following table and the “Required Resources” section to create the Implementation and Verification Plan.0 Verification Method and Expected Results © 2009 Cisco Systems. If you are unsure. The task will help you set up configuration checkpoints. Use the plan to determine how you will verify that each required item was effectively configured. . use the information provided in the “Hints” section at the end of this lab. Complete √ 256 Device Implemen -tation Order Values and Items to Implement Implementing Cisco Switched Networks (SWITCH) v1. You will move to the actual implementation in the next task.Task 2: Create an Implementation and Verification Plan The second step in your configuration deployment is to create a task list that includes each item that must be configured on each device and in what order the items must be configured. because it enables you to ensure that all requirements are properly configured and in the correct order.

you are ready to connect to the remote lab and implement your solution. Once your solution is implemented. without tracking. do not forget to follow the implementation order in the “Required Resources” section: „ Start by implementing HSRP in both VLANs. use the information provided in the “Hints” section at the end of this lab. „ Once you have tested this. Inc. implement the preempt feature and test. then re-enabling the link. Use the previous table to document the verifications you conducted to ensure that your solution is complete. Test by shutting down the link to the primary HSRP router. Do not forget to save. Lab Guide 257 . If you are unsure about the verification steps. During your implementation. verify that your configuration is working and fulfills the requirements specified. © 2009 Cisco Systems. „ Once you have tested this. and without priority. without preempt. implement tracking and priority.Task 3: Implement and Verify Now that you have all of the requirements and have planned the implementation.

__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 258 Implementing Cisco Switched Networks (SWITCH) v1.Student Notes Use the following space to document the details that you think are important to remember.0 © 2009 Cisco Systems. . Inc.

__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems. Inc. Lab Guide 259 .

For your reference. Possible solutions will be discussed during the debriefing period after the lab. use the following space to document other possible solutions. Inc. .0 © 2009 Cisco Systems. __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 260 Implementing Cisco Switched Networks (SWITCH) v1.Alternate Resources and Solutions Other groups may use a solution that is different from yours.

__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems. Inc. Lab Guide 261 .

0 © 2009 Cisco Systems.Lab 6-1: Key Commands and Tools Used __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 262 Implementing Cisco Switched Networks (SWITCH) v1. . Inc.

if you need help. The following is an example of such a list: Device Implementation Requirement Lab 6-1 Section Containing Hint DSW1 HSRP Implementation Policy DSW2 HSRP Implementation Policy Device High-Level Task Information Source DSW1 HSRP on VLAN 3 and VLAN 4. this section contains a series of hints to help you complete the lab. Lab 6-1 Hint Sheet: Implement and Tune HSRP This solution provides the final configuration with preempt. Lab Guide 263 . priority. However. the first task asks you to create an Implementation Requirements list. Inc.Hints You are encouraged to complete the labs using your knowledge. Implementation Requirements To facilitate the configuration of your network. Design and Implementation Requirements DSW2 HSRP on VLAN 3 and VLAN 4. Design and Implementation Requirements © 2009 Cisco Systems. primary on VLAN 4 and secondary on VLAN 3 Visual Objective. primary on VLAN 3 and secondary on VLAN 4 Visual Objective. The list details the elements needed to develop an implementation plan. and tracking.

2 255. For this lab.0 DSW2 14 standby 3 ip 10. Inc.1.2 255.1.4.3. you create an Implementation and Verification Plan.3.1.Implementation and Verification Plan In Task 3.1.255.1.4.255.0 DSW2 18 standby 4 ip 10.255.4. There are several possible correct solutions.1 DSW1 4 standby 3 priority 120 DSW1 5 standby 3 preempt 6 standby 3 track Portchannel31 30 DSW1 7 standby 3 track Portchannel32 30 DSW1 8 interface vlan 4 DSW1 9 ip address 10.0 © 2009 Cisco Systems.255.1.0 DSW1 3 standby 3 ip 10. the template could contain the following items: Complete √ Device DSW1 Implementation Order Values and Items to Implement 1 interface vlan 3 2 ip address 10.255.255.255.3 255.1 DSW2 15 standby 3 preempt DSW2 16 interface vlan 4 17 ip address 10.3.3. One possible approach groups items that are common to all switches in a template and then applies the template to all switches.255.1 DSW2 19 standby 4 priority 120 DSW2 20 standby 4 preempt 21 standby 4 track Portchannel31 30 22 standby 4 track Portchannel32 30 DSW1 DSW1 DSW2 DSW2 DSW2 DSW2 Verification Method and Expected Results show interface vlan 3 show standby show interface vlan 4 show standby show interface vlan 3 show standby show interface vlan 4 show standby Step-by-Step Procedure Step 1 Connect to the switch DSW1 switch interface in configuration mode 264 „ Connect to the remote lab.1.0 DSW1 10 standby 4 ip 10.1 DSW1 11 standby 4 preempt DSW2 12 interface vlan 3 13 ip address 10. „ Access the Switch console. Implementing Cisco Switched Networks (SWITCH) v1.4.1. .3 255.

1.1. hold time 10 sec Next hello sent in 1.Group 63 State is Active Virtual IP address is 10.63.4.1.ac3f Local virtual MAC address is 0000. using the configure terminal command.200 sec) Priority 120 (configured 120) Track interface Port-channel31 state Up decrement 30 Track interface Port-channel32 state Up decrement 30 Group name is "hsrp-Vl63-63" (default) Vlan64 . Inc. using the enable command. Step 5 Configure HSRP on VLAN 3 on switch DSW2: DSW2(config)# interface Vlan3 DSW2(config)# ip address 10.1.2 255.3.3 255. Lab Guide 265 .0c07.4. priority 90 (expires in 11.1 DSW2(config-if)# standby 3 preempt Step 6 Configure HSRP on VLAN 4 on switch DSW2: DSW2(config)# interface Vlan4 DSW2(config)# ip address 10.3.4.0 DSW1(config-if)# standby 3 ip 10.Step 2 „ Enter privilege mode. priority 120 (expires in 9.1.254 Active virtual MAC address is 0000. hold time 10 sec Next hello sent in 0.664 secs Preemption enabled Active router is local Standby router is 10.63.2.Group 64 State is Standby Virtual IP address is 10.255. „ Enter configuration mode.254 Active virtual MAC address is 0000.ac40 Local virtual MAC address is 0000.4.64.255.0c07.255.1.255.255.ac40 (v1 default) Hello time 3 sec.0 DSW1(config-if)# standby 4 ip 10.1. for example on switch DSW1: DSW1#show standby Vlan63 .0c07.3. Configure HSRP on VLAN 3 on switch DSW1: DSW1(config)# interface Vlan3 DSW1(config-if)# ip address 10.1.1.255.3 255.2 255.1 DSW1(config-if)# standby 3 priority 120 DSW1(config-if)# standby 3 preempt DSW1(config-if)# standby 3 track Port-channel31 30 DSW1(config-if)# standby 3 track Port-channel32 30 Step 3 Configure HSRP on VLAN 4 on switch DSW1: DSW1(config)# interface Vlan4 DSW1(config-if)# ip address 10.255.ac3f (v1 default) Hello time 3 sec.1.255.1 DSW2(config-if)# standby 4 priority 120 DSW2(config-if)# standby 4 preempt DSW2(config-if)# standby 4 track Port-channel31 30 DSW2(config-if)# standby 4 track Port-channel32 30 Step 7 Verify HSRP configuration and priorities.0c07.1.1.3.232 sec) Standby router is local Priority 90 (configured 90) Group name is "hsrp-Vl64-64" (default) © 2009 Cisco Systems.0 DSW2(config-if)# standby 3 ip 10.1.688 secs Preemption enabled Active router is 10.1 DSW1(config-if)# standby 4 preempt Step 4 Repeat Step 1 on switch DSW2.0 DSW2(config-if)# standby 4 ip 10.64.

Read the information carefully. „ Router R1 will be the master on group 1 and the backup on group 2. make the needed configuration changes. To prevent any future connectivity issue. Activity Objective In the previous labs. Your configuration must implement all these requirements: 266 „ Use the IP addresses shown in the following “Device Information” section. you notice that the two routers in your aggregation layer are not in a redundant mode of operation.0 © 2009 Cisco Systems. and describes the requirements common to all devices in the network. „ Configure switch CSW1 so that its interfaces to routers R1 and R2 are set to access mode in VLAN 10. „ Router R2 interface Fa0/0 will be in VRRP group 2 and Fa0/1 will be in VRRP group 1. Inc. you will be able to meet these objectives: „ Design a VRRP solution „ Create an implementation requirements list „ Create a step-by-step implementation and verification plan „ Implement and verify your solution Required Resources This section contains the information needed to accomplish in this activity. „ On switch CSW1. along with information specific to each device. „ Router R1 interface Fa0/0 will be in VRRP group 1 and Fa0/1 will be in VRRP group 2. „ Router R2 will be the master on group 2 and the backup on group 1..Lab 6-2: Implementing VRRP Complete this lab activity to practice what you learned in the related module. „ On switch CSW2. . Implementing Cisco Switched Networks (SWITCH) v1. You have to prepare an implementation plan. Implementation Policy You must configure VRRP in your network. a standardized solution supported by your Cisco equipment. create a switch virtual interface (SVI) for VLAN 10. „ Configure switch CSW2 so that its interfaces to routers R1 and R2 are set to access mode in VLAN 20. and test according to a verification plan. After completing this activity. you designed and implemented a redundant network for its core layer. which may lead to unexpected problems. you decide to implement the Virtual Router Redundancy Protocol (VRRP). The following lists details preparation and configuration requirements for all switches in the company network. As you analyze the network. in your network. create an SVI for VLAN 20.

253.253.1.27 10.1.Device Information The table provides information about IP addresses.30 10.253.1.34 R2 - - 10.253. © 2009 Cisco Systems.1.33 - - - R1 - - 10.253.253.253.1.34 10.0—50 Lab Guide 267 .1.253.1.1. Inc. SWITCH v1. Inc.1. Visual Objective for Lab 6-2: Implementing VRRP © 2009 Cisco Systems.25 - - - - CSW2 - 10. All rights reserved.253.253.26 10.36 10.35 10.1. All masks are /29: Device Name IP Address VLAN 10 IP Address VLAN 20 IP Address Fa0/0 VRRP IP Address Fa0/0 IP Address Fa0/1 VRRP IP Address Fa0/1 ASW1 - - - - - ASW2 - - - - - DSW1 - - - - - DSW2 - - - - - CSW1 10.30 Visual Objective The figure illustrates what you will accomplish in this activity.

vrrp group priority level Sets the priority level of the router within a VRRP group. interface type number Enters interface configuration mode. •After you identify a primary IP address. you can use the vrrp ip command again with the secondary keyword to indicate additional IP addresses supported by this group.0 © 2009 Cisco Systems. vrrp group preempt [delay minimum seconds] Configures the router to take over as virtual router master for a VRRP group if it has a higher priority than the current virtual router master. Inc.Command List The table describes the commands that are used in this activity. regardless of the setting of this command. vrrp group ip ip-address [secondary ] Enables VRRP on an interface. „ vrrp group timers learn The router that is the IP address owner will preempt. when it is acting as virtual router backup for a VRRP group. Job Aids These are the job aids for this lab activity: 268 Value Location Blank implementation requirements list Task 1 Blank implementation and verification plan form Task 2 Blank verification notes form Task 3 Alternate resources and solutions form End of this lab Key Commands and tools used form End of this lab Implementation requirements hints “Hints” section at the end of this lab Implementation and verification plan hints “Hints” section at the end of this lab Solution configuration answer key (step-by-step procedure) Configuration section at the end of this lab Implementing Cisco Switched Networks (SWITCH) v1. „ „ vrrp group timers advertise [msec] interval Configures the interval between successive advertisements by the virtual router master in a VRRP group. The default interval value is 1 second. Command Description configure terminal Enters global configuration mode from privileged EXEC mode. to learn the advertisement interval used by the virtual router master. The default delay period is 0 seconds. vrrp group description text Assigns a text description to the VRRP group. . The unit of the interval is in seconds unless the msec keyword is specified. Configures the router. ip address ip-address mask Configures an IP address for an interface.

High-Level Task Information Source Lab Guide 269 . the Visual Objective for this lab. use the information provided in the “Hints” section at the end of this lab.Task 1: Create an Implementation Requirement List for VRRP Configuration After you have analyzed the information in the “Required Resources” section. Use the following table. Inc. Device © 2009 Cisco Systems. If you are unsure. and the “Implementation Policy” and “Device Information” sections to create your implementation requirement list. your first task is to create a list where you will document the requirements for a successful implementation.

because it enables you to ensure that all requirements are properly configured and in the correct order. use the information provided in the “Hints” section at the end of this lab. Use the following table and the “Required Resources” section to create the Implementation and Verification Plan. Inc. The Implementation and Verification Plan is very important. Complete √ 270 Device Implemen -tation Order Values and Items to Implement Implementing Cisco Switched Networks (SWITCH) v1. If you are unsure. Use the plan to determine how you will verify that each required item was effectively configured.Task 2: Create an Implementation and Verification Plan The second step in your configuration deployment is to create a task list that includes each item that must be configured on each device and in what order the items must be configured.0 Verification Method and Expected Results © 2009 Cisco Systems. You will move to the actual implementation in the next task. The task will help you set up configuration checkpoints. .

Lab Guide 271 . Use the previous table to document the verifications you conducted to ensure that your solution is complete. verify that your configuration is working and fulfills the requirements specified. If you are unsure about the verification steps. Once your solution is implemented. you are ready to connect to the remote lab and implement your solution. Do not forget to save. use the information provided in the “Hints” section at the end of this lab. © 2009 Cisco Systems. Inc.Task 3: Implement and Verify Now that you have all of the requirements and have planned the implementation.

0 © 2009 Cisco Systems. . __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 272 Implementing Cisco Switched Networks (SWITCH) v1. Inc.Student Notes Use the following space to document the details that you think are important to remember.

Inc.__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems. Lab Guide 273 .

use the following space to document other possible solutions.Alternate Resources and Solutions Other groups may use a solution that is different from yours. Inc. . __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 274 Implementing Cisco Switched Networks (SWITCH) v1. Possible solutions will be discussed during the debriefing period after the lab. For your reference.0 © 2009 Cisco Systems.

Lab Guide 275 . Inc.__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems.

0 © 2009 Cisco Systems. Inc. .Lab 6-2: Key Commands and Tools Used __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 276 Implementing Cisco Switched Networks (SWITCH) v1.

this section contains a series of hints to help you complete the lab. Design and Implementation Requirements CSW2 Access ports Visual Objective. The list details the elements needed to develop an implementation plan. if you need help. Inc. Design and Implementation Requirements R1 VRRP Visual Objective. Design and Implementation Requirements CSW1 SVI Visual Objective. Design and Implementation Requirements © 2009 Cisco Systems. the first task asks you to create an Implementation Requirements list. Lab 6-2 Hint Sheet: Implementing VRRP Implementation Requirements To facilitate the configuration of your network. However. Design and Implementation Requirements R2 VRRP Visual Objective.Hints You are encouraged to complete the labs using your knowledge. Lab Guide 277 . The following is an example of such a list: Device Implementation Requirement Lab 6-2 Section Containing Hint CSW1 Access ports Implementation Policy CSW1 SVI Implementation Policy CSW2 Access ports Implementation Policy CSW2 SVI Implementation Policy R1 VRRP Implementation Policy R2 VRRP Implementation Policy Device High-Level Task Information Source CSW1 Access ports Visual Objective. Design and Implementation Requirements CSW2 SVI Visual Objective.

1.253.255.253. the template could contain the following items: Complete √ Device Implemen -tation Order Values and Items to Implement CSW1 1 interface range FastEthernet0/11-12 CSW1 2 switchport CSW1 3 switchport mode access CSW1 4 switchport access vlan10 CSW1 5 interface Vlan10 6 ip address 10. Inc. One possible approach groups items that are common to all switches in a template and then applies the template to all switches.1.33 255.248 R2 25 vrrp 2 ip 10.1. you create an Implementation and Verification Plan.253.255.34 show vrrp 23 interface FastEthernet0/0 show interface fa0/0 R2 24 ip address 10.253.255.1.25 255.253.248 CSW2 7 interface range FastEthernet0/11-12 CSW2 8 switchport CSW2 9 switchport mode access CSW2 10 switchport access vlan20 CSW2 11 interface Vlan20 12 ip address 10.255.34 R2 26 vrrp 2 priority 120 R2 27 interface FastEthernet0/1 CSW1 CSW2 R2 R2 R2 278 28 29 Verification Method and Expected Results show vlan show interface vlan10 show vlan show interface vlan20 show interface fa0/0 show vrrp ip address 10.255.248 R1 15 vrrp 1 ip 10.255. .0 © 2009 Cisco Systems. There are several possible correct solutions.248 R1 13 interface FastEthernet0/0 R1 14 ip address 10.253.1.253.1.255.255.Implementation and Verification Plan In Task 2.1.35 255.248 show interface fa0/1 vrrp 1 ip 10. For this lab.30 R1 16 vrrp 1 priority 120 show vrrp R1 17 interface FastEthernet0/1 show interface fa0/1 R1 18 ip address 10.253.30 show vrrp Implementing Cisco Switched Networks (SWITCH) v1.248 R1 19 vrrp 2 ip 10.1.255.36 255.1.27 255.1.26 255.253.253.255.255.255.

5e00.253. using the configure terminal command. on R2: R2#show vrrp FastEthernet0/0 .253.25 255.1.1. Step 5 Configure VRRP on Fa0/0 on router R1: R1(config)# interface FastEthernet0/0 R1(config-if)# ip address 10.Step-by-Step Procedure Step 1 Connect to the switch CSW1 switch interface in configuration mode: Step 2 „ Connect to the remote lab.34 Virtual MAC address is 0000.1.Group 1 State is Backup Virtual IP address is 10.000 sec Master Down interval is 3. „ Enter privilege mode. Lab Guide 279 .255.0101 Advertisement interval is 1.253.30 R1(config-if)# vrrp 1 priority 120 Step 6 Configure VRRP on Fa0/1 on router R1: R1(config)# interface FastEthernet0/1 R1(config-if)# ip address 10.255.12 CSW1(config-if)# switchport CSW1(config-if)# switchport mode access CSW1(config-if)# switchport access vlan 10 Step 3 Configure SVI on switch CSW1: CSW1(config)# interface Vlan10 CSW1(config-if)# ip address 10. using the enable command.253.1.253.1.253. priority is 120 Master Advertisement interval is 1.34 Step 7 Repeat Steps 5 and 6 on router R2.Group 2 State is Master Virtual IP address is 10. Configure access ports on switch CSW1: CSW1(config)# interface range FastEthernet0/11 .27 255.1.253. Inc.000 sec Preemption enabled Priority is 100 Master Router is 10. Verify VRRP configuration and priorities.255. priority is 120 Master Advertisement interval is 1. „ Enter configuration mode.000 sec Preemption enabled Priority is 120 Master Router is 10.1.35 (local).253.248 R1(config-if)# vrrp 2 ip 10.414 sec FastEthernet0/1 .1.36 255.414 sec © 2009 Cisco Systems.0102 Advertisement interval is 1.27.255. „ Access the Switch console.30 Virtual MAC address is 0000.5e00.1.000 sec Master Down interval is 3.253. for example.248 Step 4 Repeat Steps from 1 to 3 on switch CSW2.255.248 R1(config-if)# vrrp 1 ip 10.255.

. As all the end users rely on DHCP to acquire IP addresses and network settings. . After completing this activity. you find that one of the major services running is the DHCP service. operations. The second important step is to manage the network traffic with VLAN access lists. you will be able to meet these objectives: 280 „ Perform a baseline assessment of network switch security settings „ Identify possible threats. As a first step. you think of how to protect the operation of your Spanning Tree Protocol (STP). reducing the risks of unwanted topology changes. you decide to secure the DHCP service operation in your network. Activity Objective In a meeting with the IT manager. but you lack mechanisms to protect your client PCs. settings. After you have taken care of end-user security. points of attack. As you analyzed the corporate network and its services. you discussed the current status of the corporate network and its future development. You must also guard against possible ARP table exploits. you must implement the required set of port-based security measures.Lab 7-1: Secure Network Switches to Mitigate Security Attacks Complete this lab activity to practice what you learned in the related module. You agreed to analyze your security needs and risks in front of the network. You have agreed that you currently have a very good network infrastructure. and maintenance Implementing Cisco Switched Networks (SWITCH) v1.0 © 2009 Cisco Systems. and vulnerability points in the network „ Write an implementation plan to implement security measures on network switches „ Write a plan to test and verify security threat mitigation measures for VLANs „ Configure port security and other switch security features „ Configure a VLAN access control list (VACL) „ Verify the correct implementation of security measures „ Document the switch and VLAN security plan. Inc. When protected. the STP is a stable operation.

respectively). „ Use VACLs on switches DSW1 and DSW2 to ban clients PC1 and PC2 from performing Telnet sessions to any destination. Port security should be configured to limit the maximum MAC addresses on a port to 1. „ Protect the root bridge switches from other switches becoming roots. and describes the requirements common to all devices in the network. „ Protect the alternate and root ports from becoming designated. Lab Guide 281 . use the alias command ”init-7_1-9_1” ). „ On both ASW switches.Required Resources This section contains the information needed to accomplish in this activity. but permit any other traffic. Implementation Policy You must configure security in your network. „ Globally protect the access ports on all switches from receiving bridge protocol data units (BPDUs) by using BPDU guard. Violation should set the port to error-disable and send a trap. Your configuration must implement all these requirements: „ Port security should be configured on switches ASW1 and ASW2 ports to client PC ports (to clients CLT1 and CLT2. The following list details the preparation and configuration requirements for all switches in the company network. along with information specific to each device. set loopguard to be enabled by default. Inc. © 2009 Cisco Systems. „ Protect the DHCP service with DHCP snooping on the ASW switches. „ Port security on switches ASW1 should allow only CLT1 and ASW2 should dynamically learn the MAC address. „ Protect ARP with ARP snooping on switches DSW1 and DSW2. Read the information carefully. ( To prepare the routers for this lab.

The source is the source address of the network or host from which the packet is being sent specified as: „ The 32-bit quantity in dotted-decimal format.0.Visual Objective The figure illustrates what you will accomplish in this activity. Inc. SWITCH v1.0. You do not need to enter a source-wildcard.0 © 2009 Cisco Systems. „ The keyword any as an abbreviation for source and source-wildcard of 0. 282 Implementing Cisco Switched Networks (SWITCH) v1.255. access-list access-list-number {deny | permit} source [source-wildcard] [log] Defines a standard IPv4 access list by using a source address and wildcard. Inc.0 255. (Optional) Enter log to cause an informational logging message about the packet that matches the entry to be sent to the console. All rights reserved. (Optional) The source-wildcard applies wildcard bits to the source.255. Command Description configure terminal Enters global configuration mode from privileged EXEC mode. . „ The keyword host as an abbreviation for source and source-wildcard of source 0. Enter deny or permit to specify whether to deny or permit access if conditions are matched.0.255. Visual Objective for Lab 7-1: Secure Network Switches to Mitigate Security Attacks © 2009 Cisco Systems. The access-list-number is a decimal number from 1 to 99 or 1300 to 1999.0—51 Command List The table describes the commands that are used in this activity.0.0.

use the keyword ip.255. tcp. pcp. ƒ tos—Enter to match by type of service level. ƒ The keyword host for a single host 0. esp. or an integer in the range 0 to 255 representing an IP protocol number. ƒ time-range—defines a time and date during which the access list is valid ƒ dscp—Enter to match packets with the DSCP value specified by a number from 0 to 63. nos. flash-override (4).0 255. Inc. The destination is the network or host number to which the packet is sent. network (7).Command Description access-list access-list-number Defines an extended IPv4 access list and the access conditions. The source-wildcard applies wildcard bits to the source. ospf.0. max-throughput (4). ƒ log—Enter to create an informational logging message to be sent to the console about the packet that matches the entry or log-input to include the input interface in the log entry. destination. max-reliability (2). eigrp. Defines a standard IPv4 access list using a name. min-delay (8). and destination-wildcard can be specified as: ƒ The 32-bit quantity in dotted-decimal format. specified by a number from 0 to 15 or a name: normal (0). For protocol.0. Enter deny or permit to specify whether to deny or permit access if conditions are matched. and UDP). specifies one or more conditions denied or permitted to decide if the packet is forwarded or dropped. critical (5). {deny | permit} protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [fragments] [log] [log-input] [timerange time-range-name] [dscp dscp] The access-list-number is a decimal number from 100 to 199 or 2000 to 2699. ƒ The keyword any for 0. flash (3). ip.255 (any host). priority (1).0. The destination-wildcard applies wildcard bits to the destination. immediate (2).0. To match any Internet protocol (including ICMP. source-wildcard. igrp. enter the name or number of an IP protocol: ahp.255. ipinip.icmp. or use the question mark (?) to see a list of available values. deny {source [source-wildcard] | host source | any} [log] or In access-list configuration mode. and enter access-list configuration mode. permit {source [source-wildcard] | host source | any} [log] © 2009 Cisco Systems. The other keywords are optional and have these meanings: ip access-list standard name ƒ precedence—Enter to match packets with a precedence level specified as a number from 0 to 7 or by name: routine (0). ƒ fragments—Enter to check noninitial fragments.0. Lab Guide 283 . internet (6). The source is the number of the network or host from which the packet is sent. Source. igmp. TCP. or udp. gre. The name can be a number from 1 to 99. pim.

0 © 2009 Cisco Systems. specify a single VLAN identified by VLAN ID number. 284 mac access-list extended name Defines an extended MAC access list using a name. The range is 1 to 4094. ƒ aarp | amber | dec-spanning | decnet-iv | diagnostic | dsm | etype-6000 | etype-8042 | lat | lavc-sca | mopconsole | mop-dump | msdos | mumps | netbios | vinesecho |vines-ip | xns-idp—A non-IP protocol. The range is 1 to 4094. all interfaces are untrusted. also referred to as a binding table. show access-lists [number | name] Shows the access list configuration.Command Description ip access-list extended name Defines an extended IPv4 access list using a name. ƒ lsap lsap mask—An LSAP number of a packet with IEEE 802. You can use the no keyword to configure an interface to receive messages from an untrusted client. or octal with optional mask of do not care bits. a source MAC address with a mask. Specify the same VLAN ID for both switches. dynamic ARP inspection is disabled on all VLANs. ip arp inspection trust Configures the connection between the switches as trusted. a range of VLANs separated by a hyphen. Implementing Cisco Switched Networks (SWITCH) v1. enter access-list configuration mode. specify to permit or deny any source MAC address. hexadecimal. or a series of VLANs separated by a comma. For vlan-range. destination MAC address with a mask. {deny | permit} {any | host source MAC address | source MAC address mask} {any | host destination MAC address | destination MAC address mask} [type mask | lsap lsap mask | aarp | amber | dec-spanning | decnet-iv | diagnostic | dsm | etype6000 | etype-8042 | lat | lavc-sca | mop-console | mop-dump | msdos | mumps | netbios | vines-echo |vines-ip | xns-idp | 0-65535] [cos cos] In extended MAC access-list configuration mode. or a specific host source MAC address and any destination MAC address. ip arp inspection vlan vlan-range Enables dynamic ARP inspection on a per-VLAN basis. show ip dhcp snooping Displays the DHCP snooping configuration for a switch. show ip dhcp snooping binding Displays only the dynamically configured bindings in the DHCP snooping binding database. Inc. {deny | permit} protocol source source-wildcard In access-list configuration mode.1Q cost-of-service number from 0 to 7 used to set priority. . or a specific destination MAC address. hexadecimal. ip dhcp snooping vlan vlan-range Enables DHCP snooping on a VLAN or range of VLANs. By default. ip dhcp snooping trust (Optional) Configures the interface as trusted or untrusted. (Optional) You can also enter these options: ƒ type mask—An arbitrary EtherType number of a packet with Ethernet II or SNAP encapsulation in decimal. destination destination-wildcard [precedence precedence] [tos tos] [fragments] [log] [log-input] [timerange time-range-name] ip dhcp snooping Enables DHCP snooping globally. ƒ cos cos—An IEEE 802. By default. The name can be a number from 100 to 199. The default setting is untrusted. specifies the conditions allowed or denied.2 encapsulation in decimal. or octal with an optional mask of do not care bits applied to the EtherType before testing for a match.

such as one of these: „ protect—When the number of port secure MAC addresses reaches the maximum limit allowed on the port. and the port LED turns off. and the violation counter increments. show ip dhcp snooping statistics Displays the DHCP snooping statistics in summary or detail form. BPDU guard is disabled. „ shutdown vlan—Use to set the security violation mode per VLAN. loop guard is disabled. and the violation counter increments. By default. An SNMP trap is sent. packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses to drop below the maximum value or increase the number of maximum allowable addresses. Inc. show ip arp inspection vlan vlanrange Verifies the dynamic ARP inspection configuration. root guard is disabled on all interfaces. a syslog message is logged.Command Description show ip dhcp snooping database Displays the DHCP snooping binding database status and statistics. spanning-tree loopguard default switchport port-security [violation {protect | restrict | shutdown | shutdown vlan}] © 2009 Cisco Systems. the VLAN is error disabled instead of the entire port when a violation occurs. Lab Guide 285 . „ restrict—When the number of secure MAC addresses reaches the limit allowed on the port. packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses or increase the number of maximum allowable addresses. (Optional) Sets the violation mode or the action to be taken when a security violation is detected. spanning-tree portfast bpduguard default Globally enables BPDU guard. show ip arp inspection statistics vlan vlan-range Checks the dynamic ARP inspection statistics. a syslog message is logged. show port-security Verifies your entries. By default. An SNMP trap is sent. In this mode. „ shutdown—The interface is error disabled when a violation occurs. spanning-tree guard root Enables root guard on the interface. Enables loop guard. You are not notified that a security violation has occurred. By default. show ip arp inspection interfaces Verifies the dynamic ARP inspection configuration.

action {drop | forward} (Optional) Sets the action for the map entry. IP packets are matched against standard or extended IP access lists. If you configure fewer secure MAC addresses than the maximum. specify the VLAN as a voice VLAN. (Optional) vlan—set a per-VLAN maximum value. the native VLAN is used. 30). If you do not specify a VLAN ID. the remaining MAC addresses are dynamically learned. 286 Implementing Cisco Switched Networks (SWITCH) v1. „ access—On an access port. the remaining MAC addresses are dynamically learned. You can use this command to enter the maximum number of secure MAC addresses. „ voice—On an access port. Spaces around the comma and hyphen are optional. Note that packets are only matched against access lists of the correct protocol type. specify the VLAN as an access VLAN. or a string of VLAN IDs (12. Non-IP packets are only matched against named MAC extended access lists. 22. the native VLAN is used. If you do not specify a VLAN ID. a consecutive list (10– 22). The default is to forward. switchport port-security macaddress sticky (Optional) Enables sticky learning on the interface. specify the VLAN as a voice VLAN. (Optional) vlan—set a per-VLAN maximum value. match {ip | mac} address {name | number} [name | number] Matches the packet (using either the IP or MAC address) against one or more standard or extended access lists. Inc. „ voice—On an access port. If you configure fewer secure MAC addresses than the maximum. The number is the sequence number of the entry within the map. The list can be a single VLAN ID (22). are converted to sticky secure MAC addresses. vlan access-map name [number] Creates a VLAN map. „ access—On an access port. and are added to the running configuration. you can specify the VLAN ID and the MAC address.Command Description switchport port-security [macaddress mac-address [vlan {vlan-id | {access | voice}}] (Optional) Enters a secure MAC address for the interface. vlan filter mapname vlan-list list Applies the VLAN map to one or more VLAN IDs. and gives it a name and (optionally) a number. Enter one of these options after you enter the vlan keyword: „ vlan-id—On a trunk port. specify the VLAN ID and the MAC address. Enter one of these options after you enter the vlan keyword: „ vlan-id—On a trunk port. specify the VLAN as an access VLAN.0 © 2009 Cisco Systems. . switchport port-security macaddress sticky [mac-address | vlan {vlan-id | {access | voice}}] (Optional) Enters a sticky secure MAC address. repeating the command as many times as necessary.

Job Aids These are the job aids for this lab activity: Value Location Blank implementation requirements list Task 1 Blank implementation and verification plan form Task 2 Blank verification notes form Task 3 Alternate resources and solutions form End of this lab Key commands and tools used form End of this lab Implementation requirements hints “Hints” section at the end of this lab Implementation and verification plan hints “Hints” section at the end of this lab Solution configuration answer key (step-bystep procedure) Configuration section at the end of this lab © 2009 Cisco Systems. Inc. Lab Guide 287 .

Use the following table. and the “Implementation Policy” and “Device Information” sections to create your implementation requirement list. your first task is to create a list where you will document the requirements for a successful implementation. . If you are unsure. Device 288 High-Level Task Implementing Cisco Switched Networks (SWITCH) v1.Task 1: Create an Implementation Requirements List for Security Configuration After you have analyzed the information in the Required Resources” section.0 Information Source © 2009 Cisco Systems. the Visual Objective for this lab. use the information provided in the “Hints” section at the end of this lab. Inc.

Inc. Use the following table and the “Required Resources” section to create the Implementation and Verification Plan. The task will help you set up configuration checkpoints. You will move to the actual implementation in the next task. The Implementation and Verification Plan is very important. because it enables you to ensure that all requirements are properly configured and in the correct order. use the information provided in the “Hints” section at the end of this lab. Use the plan to determine how you will verify that each required item was effectively configured.Task 2: Create an Implementation and Verification Plan The second step in your configuration deployment is to create a task list that includes each item that must be configured on each device and in what order the items must be configured. If you are unsure. Device Implementation Order Values and Items to Implement Verification Method and Expected Results Lab Guide 289 . Complete √ © 2009 Cisco Systems.

Once your solution is implemented. If you are unsure about the verification steps. you are ready to connect to the remote lab and implement your solution. verify that your configuration is working and fulfills the requirements specified. Do not forget to save. .0 © 2009 Cisco Systems. Inc. Use the previous table to document the verifications you conducted to ensure that your solution is complete.Task 3: Implement and Verify Now that you have all of the requirements and have planned the implementation. use the information provided in the “Hints” section at the end of this lab. 290 Implementing Cisco Switched Networks (SWITCH) v1.

Lab Guide 291 . __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems.Student Notes Use the following space to document the details that you think are important to remember. Inc.

Inc.0 © 2009 Cisco Systems. .__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 292 Implementing Cisco Switched Networks (SWITCH) v1.

__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems.Alternate Resources and Solutions Other groups may use a solution that is different from yours. Lab Guide 293 . Possible solutions will be discussed during the debriefing period after the lab. use the following space to document other possible solutions. For your reference. Inc.

__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 294 Implementing Cisco Switched Networks (SWITCH) v1.0 © 2009 Cisco Systems. Inc. .

Inc.Lab 7-1: Key Commands and Tools Used __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems. Lab Guide 295 .

Inc. the first task asks you to create an Implementation Requirements list. The list details the elements needed to develop an implementation plan.0 Lab 7-1 Section Containing Hint © 2009 Cisco Systems. The following is an example of such a list: 296 Device Implementation Requirement ASW1 Port security Implementation Policy ASW2 Port security Implementation Policy DSW1 VACL Implementation Policy DSW2 VACL Implementation Policy DSW1 Root guard Implementation Policy DSW2 Root guard Implementation Policy ASW1 Port fast BPDU guard Implementation Policy ASW2 Port fast BPDU guard Implementation Policy DSW1 Port fast BPDU guard Implementation Policy DSW2 Port fast BPDU guard Implementation Policy ASW1 Loop guard Implementation Policy ASW2 Loop guard Implementation Policy DSW1 Loop guard Implementation Policy DSW2 Loop guard Implementation Policy ASW1 DHCP snooping Implementation Policy ASW2 DHCP snooping Implementation Policy DSW1 ARP snooping Implementation Policy DSW2 ARP snooping Implementation Policy Implementing Cisco Switched Networks (SWITCH) v1. Lab 7-1 Hint Sheet: Secure Network Switches to Mitigate Security Attacks Implementation Requirements To facilitate the configuration of your network.Hints You are encouraged to complete the labs using your knowledge. . this section contains a series of hints to help you complete the lab. If you need help.

Design and Implementation Requirements ASW1 Loop guard Visual Objective. Design and Implementation Requirements DSW2 ARP snooping Visual Objective. Design and Implementation Requirements DSW1 ARP snooping Visual Objective. Inc. Design and Implementation Requirements ASW2 Port fast BPDU guard Visual Objective. Design and Implementation Requirements ASW1 DHCP snooping Visual Objective. Design and Implementation Requirements DSW2 Loop guard Visual Objective. Design and Implementation Requirements ASW2 Port security Visual Objective. Design and Implementation Requirements DSW2 Port fast BPDU guard Visual Objective.Device High-Level Task Information Source ASW1 Port security Visual Objective. Design and Implementation Requirements DSW1 Port fast BPDU guard Visual Objective. Design and Implementation Requirements DSW2 Root guard Visual Objective. Lab Guide 297 . Design and Implementation Requirements ASW2 DHCP snooping Visual Objective. Design and Implementation Requirements ASW2 Loop guard Visual Objective. Design and Implementation Requirements DSW1 Root guard Visual Objective. Design and Implementation Requirements ASW1 Port fast BPDU guard Visual Objective. Design and Implementation Requirements © 2009 Cisco Systems. Design and Implementation Requirements DSW1 VACL Visual Objective. Design and Implementation Requirements DSW1 Loop guard Visual Objective. Design and Implementation Requirements DSW2 VACL Visual Objective.

One possible approach groups items that are common to all switches in a template and then applies the template to all switches. you create an Implementation and Verification Plan.0 © 2009 Cisco Systems. There are several possible correct solutions. Inc. .Implementation and Verification Plan In this task. For this lab. the template could contain the following items: 298 Implementing Cisco Switched Networks (SWITCH) v1.

5684.3a29 ASW2 6 interface FastEthernet0/3 ASW2 7 switchport port-security ASW2 8 switchport port-security violation shutdown ASW2 9 switchport port-security macaddress sticky DSW1 10 ip access-list extended NOTEL DSW1 11 permit tcp any any eq telnet DSW1 12 vlan access-map TEST 10 DSW1 13 action drop DSW1 14 match ip address NOTEL DSW1 15 vlan access-map TEST 20 DSW1 16 action forward 17 vlan filter TEST vlan-list 3-4 DSW2 18 ip access-list extended NOTEL DSW2 19 permit tcp any any eq telnet DSW2 20 vlan access-map TEST 10 DSW2 21 action drop DSW2 22 match ip address NOTEL DSW2 23 vlan access-map TEST 20 DSW2 24 action forward 25 Verification Method and Expected Results show mac addresstable interface fa0/3 DSW1 DSW2 © 2009 Cisco Systems. Inc.Complete √ Device Implementation Order ASW1 1 ASW1 2 interface FastEthernet0/3 ASW1 3 switchport port-security ASW1 4 switchport port-security violation shutdown ASW1 5 switchport port-security macaddress 0050. Values and Items to Implement vlan filter TEST vlan-list 3-4 show port-security interface fastEthernet 0/3 show port-security interface fastEthernet 0/3 show access-list Attempts to use Telnet from client CLT1 and client CT2 to switches does not work show access-list Attempts to use Telnet from client CLT1 and client CT2 to switches does not work Lab Guide 299 .

7 DSW2 51 ip arp inspection trust Implementing Cisco Switched Networks (SWITCH) v1.7 DSW1 49 ip arp inspection trust DSW2 50 interface range FastEthernet0/6 .Complete √ 300 Device Implementation Order Values and Items to Implement DSW1 26 interface range FastEthernet0/5-6 DSW1 27 spanning-tree guard root DSW2 28 interface range FastEthernet0/5-6 DSW2 29 spanning-tree guard root ASW1 30 spanning-tree portfast bpduguard default ASW2 31 spanning-tree portfast bpduguard default DSW1 32 spanning-tree portfast bpduguard default DSW2 33 spanning-tree portfast bpduguard default ASW1 34 spanning-tree loopguard default ASW2 35 spanning-tree loopguard default DSW1 36 spanning-tree loopguard default DSW2 37 spanning-tree loopguard default ASW1 38 ip dhcp snooping ASW1 39 ip dhcp snooping vlan 1-4094 ASW1 40 interface range FastEthernet0/1-2 ASW1 41 ip dhcp snooping trust ASW2 42 ip dhcp snooping ASW2 43 ip dhcp snooping vlan 1-4094 ASW2 44 interface range FastEthernet0/1-2 ASW2 45 ip dhcp snooping trust DSW1 46 ip arp inspection vlan 1-4094 DSW2 47 ip arp inspection vlan 1-4094 DSW1 48 interface range FastEthernet0/6 .0 Verification Method and Expected Results show ip dhcp snooping show ip dhcp snooping binding show ip arp inspection statistics vlan 3 show ip arp inspection statistics vlan 4 © 2009 Cisco Systems. Inc. .

„ Enter configuration mode.Step-by-Step Procedure Step 1 Connect to the switch ASW1 switch interface in configuration mode: Step 2 „ Connect to the remote lab. using the enable command. Inc. „ Enter privilege mode.3a29 ASW1(config-if)# switchport port-security violation shutdown Step 3 Configure port security on switch ASW2: ASW2#sho mac address-table interface FastEthernet 0/3 ASW2(config)#interface FastEthernet0/3 ASW2(config-if)# switchport port-security ASW2(config-if)# switchport port-security mac-address sticky ASW2(config-if)# switchport port-security violation shutdown ASW2(config-if)# end ASW2# show port-security interface f0/3 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 0 Sticky MAC Addresses : 1 Last Source Address:Vlan : 0050. Configure port security on switch ASW1: ASW1#sho mac address-table interface FastEthernet 0/3 ASW1(config)#interface FastEthernet0/3 ASW1(config-if)# switchport port-security ASW1(config-if)# switchport port-security mac-address 0050. „ Access the Switch console.5684. Lab Guide 301 .5684. using the configure terminal command.32ac:4 Security Violation Count : 0 Step 4 Configure VACL on switch DSW1: DSW1(config)#ip access-list extended NOTEL DSW1(config-ext-nacl)# permit tcp any any eq telnet DSW1(config)#vlan access-map TEST 10 DSW1(config-access-map)# action drop DSW1(config-access-map)#match ip address NOTEL DSW1(config)#vlan access-map TEST 20 DSW1(config-access-map)# action forward DSW1(config)#vlan filter TEST vlan-list 3-4 DSW1(config)# end DSW1# show access-lists Extended IP access list NOTEL 10 permit tcp any any eq telnet DSW1#show vlan access-map Vlan access-map "TEST" 10 Match clauses: ip address: NOTEL Action: drop Vlan access-map "TEST" 20 Match clauses: Action: forward © 2009 Cisco Systems.

Step 12 Configure ARP inspection on switch DSW1: DSW1(config)# ip arp inspection vlan 1-4094 DSW1(config)# interface range FastEthernet0/5 . Inc. and DSW2.11-12. Step 8 Configure root guard on switch DSW1: DSW1(config)# interface FastEthernet0/5 DSW1(config-if)# spanning-tree guard root Step 9 Repeat Step 8 on switch DSW2. Step 6 Configure STP security on switch ASW1: ASW1(config)# spanning-tree portfast bpduguard default ASW1(config)# spanning-tree loopguard default Step 7 Repeat step 6 on switches ASW2.4. Step 10 Configure DHCP snooping on switch ASW1: ASW1(config)# ip dhcp snooping ASW1(config)# ip dhcp snooping vlan 1-4094 ASW1(config)# interface range FastEthernet0/1 .0 © 2009 Cisco Systems.2 ASW1(config-if)# ip dhcp snooping trust ASW1#show ip dhcp snooping Switch DHCP snooping is enabled DHCP snooping is configured on following VLANs: 1-4094 DHCP snooping is operational on following VLANs: 1.63-66 DHCP snooping is configured on the following L3 Interfaces: Insertion of option 82 is enabled circuit-id format: vlan-mod-port remote-id format: MAC Option 82 on untrusted port is not allowed Verification of hwaddr field is enabled Verification of giaddr field is enabled DHCP snooping trust/rate is configured on the following Interfaces: Interface -----------------------FastEthernet0/1 FastEthernet0/2 Trusted ------yes yes Rate limit (pps) ---------------unlimited unlimited Step 11 Repeat Step 10 on switch ASW2.7 DSW1(config-if)# ip arp inspection trust DSW1#sho ip arp inspection Source Mac Validation : Disabled Destination Mac Validation : Disabled IP Address Validation : Disabled 302 Implementing Cisco Switched Networks (SWITCH) v1. . DSW1.Step 5 Repeat Step 4 on switch DSW2.

Lab Guide 303 . Inc.Vlan ---1 2 3 4 5 6 7 8 9 10 11 12 Configuration ------------Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Vlan Configuration ---------------…/… (long output ommited) Vlan Dest MAC Failures -------------------4088 0 4089 0 4090 0 4091 0 4092 0 4093 0 4094 0 Step 13 Operation --------Active Inactive Active Active Inactive Inactive Inactive Inactive Inactive Inactive Active Active ACL Match --------- Static ACL ---------- Operation --------- ACL Match --------- Static ACL ---------- IP Validation Failures ---------------------0 0 0 0 0 0 0 Invalid Protocol Data --------------------0 0 0 0 0 0 0 Repeat Step 12 on switch DSW2. © 2009 Cisco Systems.

Inc. You will have to design the voice VLANs. Your task is to make the needed changes and prepare the network for the future project in such a way that it will work without interruption. Your assignment is to prepare the wired infrastructure for this addition. After completing this activity. An email from the voice consultant informs you that the voice part of the implementation will be externalized.0 © 2009 Cisco Systems. you will be able to meet these objectives: 304 „ Gather information regarding the implementation of VoIP „ Prepare an implementation requirements list for VoIP readiness „ Prepare an implementation and verification plan „ Implement and verify the VoIP readiness plan Implementing Cisco Switched Networks (SWITCH) v1. A list of the planned voice equipment is attached to the voice consultant email. Activity Objective You receive information from the IT manager that a VoIP solution is expected to be implemented in the near future. DHCP. and high availability features to prepare the network. Your first task is to analyze the information and create a plan for the needed steps to prepare the network for the implementation of the voice solution.Lab 8-1: Plan Implementation and Verification of VoIP in a Campus Network Complete this lab activity to practice what you learned in the related module. Cisco AutoQoS. .

and VLAN 64 DHCP clients to Cisco Unified Communications Manager Express unit 2 IP address. The following lists details preparation and configuration requirements for all switches in the company network.149. Some Power over Ethernet (PoE) switches will be added to your network at a later date. „ You should configure option 150 in each DHCP scope and point VLAN 63 DHCP clients to the Cisco Unified Communications Manager Express unit 1 IP address.99. Refer to the “Device Information” table and configure each port accordingly.100 to .50 to . Inc. „ Power adapters were ordered along with the phones. Switch DSW1 should be the primary gateway with a priority of 120. Lab Guide 305 . „ Class of service (CoS) values sent by IP phones and PCs connected to them should be trusted. trunk ports between switches. Use the Task 2 section to make sure that you know how to plan and configure PoE to support IP phones where needed. „ Switches DSW1 and DSW2 should be DHCP servers for voice VLAN (VLAN 63 and VLAN 64). Make sure that both Cisco Unified Communications Manager Express unit IP addresses are excluded from the DHCP scopes. „ HSRP should be configured on switches DSW1 and DSW2 for voice VLAN (VLAN 63 and VLAN 64). switch DSW1 will distribute addresses . you must allow a voice VLAN (VLAN 63 on switch ASW1 and VLAN 64 on switch ASW2) and a data VLAN (VLAN 3 on switch ASW1 and VLAN 4 on switch ASW2). „ You should configure Cisco AutoQoS on access ports to IP phones. „ Cisco Unified Communications Manager Express units will be connected to switches DSW1 and DSW2 as per the “Device Information” section information. Both switches DSW1 and DSW2 should preempt. and describes the requirements common to all devices in the network. „ The Cisco Unified Communications Manager Express unit on switch DSW1 must be in voice VLAN 63. „ Verify that routing is properly configured to allow communication between these various VLANs. Implementation Policy You must integrate voice in your network. © 2009 Cisco Systems. and access ports to Cisco Unified Communications Manager Express units. and the Cisco Unified Communications Manager Express unit on switch DSW2 must be in voice VLAN 64.Required Resources This section contains the information needed to accomplish in this activity. and switch DSW2 will distribute addresses . Read the information carefully. „ For every switch port that connects an IP phone. Loss of connectivity to either core switch should decrease the priority by 30. along with information specific to each device. Both switches DSW1 and DSW2 should track their links to switches CSW1 and CSW2. Your configuration must implement all these requirements: „ IP phones will be connected to switches ASW1 and ASW2. For each voice VLAN.

1.12/24 DSW2 P6 Network Diagram Visual Objective for Lab 8-1: Plan Implementation of VoIP in a Campus Network © 2009 Cisco Systems. .Device Information The table provides information about device locations: Device Role IP Address Network Location IP phone 1 IP phone DHCP assigned ASW1 P4 IP phone 2 IP phone DHCP assigned ASW1 P5 IP phone 3 IP phone DHCP assigned ASW2 P4 IP phone 4 IP phone DHCP assigned ASW2 P5 Cisco Unified Communications Manager Express unit 1 Cisco Unified Communications Manager Express 10. 306 Implementing Cisco Switched Networks (SWITCH) v1. Inc.11/24 DSW1 P6 Cisco Unified Communications Manager Express unit 2 Cisco Unified Communications Manager Express 10.64.63.1.0—52 © 2009 Cisco Systems. Inc. All rights reserved.0 SWITCH v1.

default-router ip-address (Optional) Specifies the router that the IP phones will use to send or receive IP traffic that is external to their local subnet. Inc. Lab Guide 307 . and specifies that the port is connected to a trusted router or switch. By default. Command Description mls qos Enables QoS on the switch auto qos voip cisco-phone Enables AutoQoS on the port. mls qos trust cos Configures the interface to classify incoming traffic packets by using the packet CoS value. The default is a one-day lease. and specifies that the port is connected to a Cisco IP phone. ip dhcp pool pool-name Creates a name for the DHCP server address pool and enters DHCP pool configuration mode.Command List The table describes the commands that are used in this activity. cdp enable Enables Cisco Discovery Protocol globally. it is enabled. auto qos voip trust Enables AutoQoS on the port. option 150 ip ip-address Specifies the TFTP server address from which the Cisco Unified IP phone downloads the image configuration file. „ „ © 2009 Cisco Systems. interface fastethernet | gigabitethernet slot/port Enters interface configuration mode for a Cisco Catalyst switch with a Fast Ethernet or Gigabit Ethernet interface installed. ip helper-address address Enables forwarding and specifies the destination address for forwarding UDP broadcast packets. the port default CoS value is used. The QoS labels of incoming packets are trusted only when the Cisco IP phone is detected. lease {days [hours] [minutes]| infinite} (Optional) Specifies the duration of the lease. network ip-address [mask | /prefixlength] Specifies the IP address of the DHCP address pool to be configured. For untagged packets. interface range fastethernet | gigabitethernet slot/starting_port ending_port Selects a range of interfaces to configure. The infinite keyword specifies that the duration of the lease is unlimited. „ This is the address of your Cisco Unified Communications Manager Express router. including BOOTP.

Sets the priority of data traffic received from the Cisco IP phone access port: „ cos value—Configure the phone to override the priority received from the PC or the attached device with the specified CoS value. . Verify your entries. the Cisco IP phone forwards the voice traffic with an IEEE 802. the Cisco IP phone forwards the voice traffic with an IEEE 802.1p priority tagging for voice traffic and to use the default native VLAN (VLAN 0) to carry all traffic. with 7 as the highest priority. By default.1Q priority of 5. Valid VLAN IDs are 1 to 4094. The default priority is cos 0. Job Aids These are the job aids for this lab activity: 308 Value Location Blank implementation requirements list Task 1 Blank implementation and verification plan form Task 2 Blank verification notes form Task 3 Alternate resources and solutions form End of this lab Key commands and tools used form End of this lab Implementation requirements hints “Hints” section at the end of this lab Implementation and verification plan hints “Hints” section at the end of this lab Solution configuration answer key (step-by-step procedure) Configuration section at the end of this lab Implementing Cisco Switched Networks (SWITCH) v1. Inc. „ trust—Configure the phone access port to trust the priority received from the PC or the attached device.Command Description switchport voice vlan {vlan-id | dot1p | none | untagged}} Configures how the Cisco IP Phone carries voice traffic: switchport priority extend {cos value | trust} show interfaces interface-id switchport „ vlan-id—Configure the phone to forward all voice traffic through the specified VLAN. The value is a number from 0 to 7. „ dot1p—Configure the phone to use IEEE 802. „ none—Allow the phone to use its own configuration to send untagged voice traffic. By default. „ untagged—Configure the phone to send untagged voice traffic.0 © 2009 Cisco Systems.1p priority of 5.

If you are unsure.Task 1: Create an Implementation Requirements List for VoIP Integration in the Campus After you have analyzed the information in the “Required Resources” section. Inc. use the information provided in the “Hints” section at the end of this lab. High-Level Task Information Source Lab Guide 309 . the Visual Objective for this lab. and the “Implementation Policy” and “Device Information” sections to create your implementation requirements list. your first task is to create a list where you will document the requirements for a successful implementation. Device © 2009 Cisco Systems. Use the following table.

use the information provided in the “Hints” section at the end of this lab. The task will help you set up configuration checkpoints. You will move to the actual implementation in the next task. The Implementation and Verification Plan is very important. Complete √ 310 Device Implementation Order Implementing Cisco Switched Networks (SWITCH) v1. Inc.Task 2: Create an Implementation and Verification Plan The second step in your configuration deployment is to create a task list that includes each item that must be configured on each device and in what order the items must be configured.0 Values and Items to Implement Verification Method and Expected Results © 2009 Cisco Systems. If you are unsure. Use the plan to determine how you will verify that each required item was effectively configured. . Use the following table and the “Required Resources” section to create the Implementation and Verification Plan. because it enables you to ensure that all requirements are properly configured and in the correct order.

Device Implementation Order Values and Items to Implement Verification Method and Expected Results Lab Guide 311 . Inc.Complete √ © 2009 Cisco Systems.

PoE configuration: PoE switches will be added later to your network.0 © 2009 Cisco Systems. Are other PoE devices likely to be installed in the network? _______________________________________________________________________ _______________________________________________________________________ 5. Document the steps and commands required to configure PoE on switch ports to IP phones: _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 312 Implementing Cisco Switched Networks (SWITCH) v1. Are all PoE devices equal (requiring the same power from the PoE switch)? _______________________________________________________________________ _______________________________________________________________________ 4. Inc. . How will the phones be powered? _______________________________________________________________________ _______________________________________________________________________ 2. Answer the following questions: 1. Are all PoE switches the same? _______________________________________________________________________ _______________________________________________________________________ 3.

If you are unsure about the verification steps. Once your solution is implemented. use the information provided in the “Hints” section at the end of this lab.Task 3: Implement and Verify Now that you have all of the requirements and have planned the implementation. Do not forget to save. verify that your configuration is working and fulfills the requirements specified. Lab Guide 313 . Inc. Use the previous table to document the verifications you conducted to ensure that your solution is complete. © 2009 Cisco Systems. you are ready to connect to the remote lab and implement your solution.

Student Notes Use the following space to document the details that you think are important to remember. Inc.0 © 2009 Cisco Systems. __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 314 Implementing Cisco Switched Networks (SWITCH) v1. .

Inc.__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems. Lab Guide 315 .

For your reference.0 © 2009 Cisco Systems. Inc. __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 316 Implementing Cisco Switched Networks (SWITCH) v1. Possible solutions will be discussed during the debriefing period after the lab. . use the following space to document other possible solutions.Alternate Resources and Solutions Other groups may use a solution that is different from yours.

Inc. Lab Guide 317 .__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ © 2009 Cisco Systems.

0 © 2009 Cisco Systems. Inc.Lab 8-1: Key Commands and Tools Used __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 318 Implementing Cisco Switched Networks (SWITCH) v1. .

Lab 8-1 Hint Sheet: Plan Implementation and Verification of VoIP in a Campus Network Implementation Requirements To facilitate the configuration of your network. this section contains a series of hints to help you complete the lab. If you need help. The list details the elements needed to develop an implementation plan. Lab 8-1 Section Containing Hint Lab Guide 319 . the first task asks you to create an Implementation Requirements list.Hints You are encouraged to complete the labs using your knowledge. Inc. The following is an example of such a list: Device Implementation Requirement ASW1 IP Phone 1 Implementation Policy ASW1 IP Phone 2 Implementation Policy ASW2 IP Phone 3 Implementation Policy ASW2 IP Phone 4 Implementation Policy DSW1 Cisco Unified Communications Manager Express unit 1 Implementation Policy DSW1 HSRP Implementation Policy DSW1 DHCP Implementation Policy DSW2 HSRP Implementation Policy DSW2 Cisco Unified Communications Manager Express unit 2 Implementation Policy DSW2 DHCP Implementation Policy All switches Cisco AutoQoS Implementation Policy © 2009 Cisco Systems.

Design and Implementation Requirements ASW2 IP Phone 4 Visual Objective. Design and Implementation Requirements Implementing Cisco Switched Networks (SWITCH) v1. Design and Implementation Requirements DSW2 DHCP Visual Objective. Design and Implementation Requirements All switches Cisco AutoQoS Visual Objective. Design and Implementation Requirements DSW1 DHCP Visual Objective. Design and Implementation Requirements DSW1 HSRP Visual Objective. . Design and Implementation Requirements DSW2 Cisco Unified Communications Manager Express unit 2 Visual Objective.0 © 2009 Cisco Systems. Design and Implementation Requirements DSW1 Cisco Unified Communications Manager Express unit 1 Visual Objective. Design and Implementation Requirements ASW1 IP Phone 2 Visual Objective.Device 320 High-Level Task Information Source ASW1 IP Phone 1 Visual Objective. Inc. Design and Implementation Requirements ASW2 IP Phone 3 Visual Objective. Design and Implementation Requirements DSW2 HSRP Visual Objective.

There are several possible correct solutions. Inc. you create an Implementation and Verification Plan. One possible approach groups items that are common to all switches in a template and then applies the template to all switches. Verification Method and Expected Results mls qos trust cos ASW1 7 mls qos trust device cisco-phone sh interface Fa0/4 ASW1 8 auto qos voip cisco-phone sh mls qos int f 0/4 ASW2 9 mls qos ASW2 10 interface range FastEthernet0/4-5 ASW2 11 switchport mode access ASW2 12 switchport access vlan 4 ASW2 13 switchport voice vlan 64 ASW2 14 switchport priority extend trust ASW2 15 mls qos trust cos ASW2 16 mls qos trust device cisco-phone sh interface Fa0/4 ASW2 17 auto qos voip cisco-phone sh mls qos int f 0/4 DSW1 18 mls qos DSW1 19 interface Fastethernet 0/8 DSW1 20 switchport mode access Lab Guide 321 .Implementation and Verification Plan In this task. For this lab. the template could contain the following items: Complete √ Device Implementation Order Values and Items to Implement ASM1 1 mls qos ASW1 2 interface range FastEthernet0/4-5 ASW1 3 switchport mode access ASW1 4 switchport access vlan 3 ASW1 5 switchport voice vlan 63 ASW1 6 switchport priority extend trust ASW1 © 2009 Cisco Systems.

1.1.63.1.64.64.49 DSW1 27 ip dhcp excluded-address 10.49 DSW1 29 ip dhcp excluded-address 10.0 © 2009 Cisco Systems.1.63.64.0 DSW1 37 default-router 10.1.99 DSW2 41 ip dhcp excluded-address 10.1.255.1.1 DSW1 33 option 150 ip 10.64.64.1.1.63.1 10.63.Complete √ 322 Device Implementation Order Values and Items to Implement DSW1 21 switchport access vlan 63 DSW2 22 mls qos DSW2 23 interface Fastethernet 0/8 DSW2 24 switchport mode access DSW2 25 switchport access vlan 64 DSW1 26 ip dhcp excluded-address 10.150 10.0 255.255.63.12 DSW1 34 lease 8 DSW1 35 DSW1 36 network 10.1.1 10.0 255.255 DSW2 44 Verification Method and Expected Results ip dhcp pool vlan63 show ip dhcp pool ip dhcp pool vlan64 show ip dhcp pool ip dhcp pool vlan63 Implementing Cisco Switched Networks (SWITCH) v1.63.99 DSW2 43 ip dhcp excluded-address 10.255.64.1.12 DSW1 39 lease 8 DSW2 40 ip dhcp excluded-address 10.0 DSW1 32 default-router 10. .64.100 10.63.255 DSW2 42 ip dhcp excluded-address 10.11 10.1.63.1.63.1 DSW1 38 option 150 ip 10.1.1.255.1 10.1.1 10.150 10.64.255 DSW1 28 ip dhcp excluded-address 10.64.1.1.1. Inc.64.1.1.63.100 10.1.64.255 DSW1 30 DSW1 31 network 10.63.64.1.63.11 10.1.

255.63.3 255.255.1.64. Inc.64.1.0 DSW1 56 standby 63 ip 10.1.255.1 DSW1 64 standby 64 priority 90 DSW1 65 standby 64 preempt DSW1 66 standby 64 track Port-channel31 30 DSW1 67 standby 64 track Port-channel32 30 DSW1 DSW1 © 2009 Cisco Systems.255.1.64.1.64.1.64.0 DSW2 46 default-router 10.12 DSW2 48 lease 8 DSW2 49 DSW2 50 network 10.63.1 DSW1 57 standby 63 priority 120 DSW1 58 standby 63 preempt DSW1 59 standby 63 track Port-channel31 30 DSW1 60 standby 63 track Port-channel32 30 DSW1 61 interface Vlan 64 62 ip address 10.0 255.63.63.0 255.0 DSW2 51 default-router 10.11 10.1.255.12 DSW2 53 lease 8 DSW1 54 interface Vlan 63 55 ip address 10.1 DSW2 47 option 150 ip 10.63.255.63.3 255.1.1.11 10.255.1.63. Verification Method and Expected Results show ip dhcp pool ip dhcp pool vlan64 show ip dhcp pool sh interface Vlan 63 / show ip interface brief sh stanby sh interfave vlan 64 / show ip interface brief Lab Guide 323 .1 DSW2 52 option 150 ip 10.1.0 DSW1 63 standby 64 ip 10.1.Complete √ Device Implementation Order Values and Items to Implement DSW2 45 network 10.255.

64.0 DSW2 70 standby 63 ip 10.2 255.1.64. Inc.1 DSW2 78 standby 64 priority 120 DSW2 79 standby 64 track Port-channel31 30 DSW2 80 standby 64 track Port-channel32 30 DSW2 81 ASW1 82 ASW1 83 ASW2 84 ASW2 85 DSW1 86 interface range FastEthernet0/1-2 DSW1 87 no channel-group 31 mode passive DSW1 88 auto qos voip trust DSW1 89 channel-group 31 mode passive DSW2 DSW2 324 standby 64 preempt sh stanby sh interface vlan 64 / show ip interface brief Sh standby interface range FastEthernet0/1-2 auto qos voip trust interface range FastEthernet0/1-2 auto qos voip trust Implementing Cisco Switched Networks (SWITCH) v1.Complete √ Device Implementation Order Values and Items to Implement Verification Method and Expected Results 68 interface Vlan 63 sh interface Vlan 63 / show ip interface brief DSW2 69 ip address 10.0 © 2009 Cisco Systems. .255.63.255.1.2 255.255.1 DSW2 71 standby 63 track Port-channel31 30 DSW2 72 standby 63 track Port-channel32 30 DSW2 73 standby 63 preempt DSW2 73 standby 63 priority 90 75 interface Vlan 64 DSW2 76 ip address 10.255.0 DSW2 77 standby 64 ip 10.63.1.1.

use the same procedure on all other. © 2009 Cisco Systems. DSW2 90 interface range FastEthernet0/1-2 DSW2 91 no channel-group 32 mode passive DSW2 92 auto qos voip trust DSW2 93 channel-group 31 mode passive Not for all PortChannel documented. mls qos CSW2 99 CSW2 100 CSW2 101 no channel-group 32 mode active CSW2 102 auto qos voip trust CSW2 103 channel-group 32 mode active interface range FastEthernet0/1-2 Not for all PortChannel documented. Inc. use the same procedure on all other. use the same procedure on all other. Lab Guide 325 . mls qos CSW1 94 CSW1 95 CSW1 96 no channel-group 31 mode active CSW1 97 auto qos voip trust CSW1 98 channel-group 31 mode active interface range FastEthernet0/1-2 Not for all PortChannel documented.Complete √ Device Implementation Order Values and Items to Implement Verification Method and Expected Results Not for all PortChannel documented. use the same procedure on all other.

use the command sequence ( on the PODs not possible due to the lack of a PoE switch ): Switch(config)# interface FastEthernet0/1 Switch(config-if)# power inline auto 326 Implementing Cisco Switched Networks (SWITCH) v1. How will the phones be powered? With AC power cords at first. . some high power.0 © 2009 Cisco Systems. some only have power for a number of ports. on interface f0/1. Some provide standard PoE. some can negotiate. PoE will be needed later. and so on. although the list is not clearly stated in this lab. IP phones use standard PoE. Are all PoE switches the same? No. and there are many differences between models. Are all PoE devices equal (requiring the same power from the PoE switch)? No. 3. some use more. Are other PoE devices likely to be installed in the network? Very likely. To enable this feature. for example. 4.PoE configuration: 1. Some use less power. Many devices use PoE. 2. Inc. negotiation can take place or not.

1.0 255.12 DSW1(dhcp-config)# lease 8 Step 7 Repeat Step 6 on switch DSW2 with parameters specific to switch DSW2.1.64.63.255.1.64.1. Step 3 Configure Cisco Unified Communications Manager Express unit interface on switch Step 4 DSW1: DSW1(config)# interface FastEthernet0/8 DSW1(config-if)# switchport mode access DSW1(config-if)# switchport access vlan 63 DSW1(config-if)# no shut Step 5 Repeat Step 10 on switch DSW2.1.Step-by-Step Procedure Step 1 Connect to the switch ASW1 switch interface in configuration mode: „ Connect to the remote lab.0 DSW1(dhcp-config)# default-router 10.255.63. Configure IP phone ports on switch ASW1: Step 2 ASW1(config)# interface range FastEthernet0/4 .1.63.63. using the enable command. „ Enter configuration mode.1 10.1 DSW1(dhcp-config)# option 150 ip 10.1. Lab Guide 327 .64.63.63.63.0 DSW1(dhcp-config)# default-router 10.1.64.255 DSW1(config)# ip dhcp pool vlan64 DSW1(dhcp-config)# network 10. © 2009 Cisco Systems.1.255.49 DSW1(config)# ip dhcp excluded-address 10. „ Access the Switch console. using the configure terminal command. „ Enter privilege mode.1.1.64.100 10.63.1. Step 6 Configure the DHCP pool for voice VLAN 63 and VLAN 64 on switch DSW1: DSW1(config)# ip dhcp excluded-address 10.11 10.64.1.100 10.49 DSW1(config)# ip dhcp excluded-address 10.12 DSW1(dhcp-config)# lease 8 DSW1(config)# ip dhcp excluded-address 10.1.64.11 10.1.255 DSW1(config)# ip dhcp pool vlan63 DSW1(dhcp-config)# network 10.5 ASW1(config-if)# switchport mode access ASW1(config-if)# switchport access vlan 3 ASW1(config-if)# switchport voice vlan 63 ASW1(config-if)# switchport priority extend trust ASW1(config-if)# mls qos trust device cisco-phone ASW1(config-if)# mls qos trust cos ASW1(config-if)# auto qos voip cisco-phone Repeat Steps 1 and 2 on switch ASW2.0 255.64.1 10.1 DSW1(dhcp-config)# option 150 ip 10.255.1. Inc.

255.255.1.3..255.255. .1.0 © 2009 Cisco Systems.1 DSW1(config-if)# standby 63 priority 120 DSW1(config-if)# standby 63 preempt DSW1(config-if)# standby 63 track Port-channel31 30 DSW1(config-if)# standby 63 track Port-channel32 30 DSW1(config)# interface Vlan 64 DSW1(config-if)# ip address 10.0 DSW1(config-if)# standby 63 ip 10.63.63.0 DSW1(config-if)# standby 64 ip 10.1.63. Step 10 Configure QoS at the interface level on switch ASW1: ASW1(config)# interface range FastEthernet0/1-2 ASW1(config-if)# auto qos voip trust ASW1#sh mls qos QoS is enabled QoS ip packet dscp rewrite is enabled ASW1#sh mls qos int f0/1 FastEthernet0/1 trust state: trust cos trust mode: trust cos trust enabled flag: ena COS override: dis default COS: 0 DSCP Mutation Map: Default DSCP Mutation Map Trust device: none qos mode: port-based ASW1#sh run int f0/1 Building configuration.3 255.1.11.65 switchport mode trunk srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust cos auto qos voip trust ip dhcp snooping trust end Step 11 328 Repeat Step 10 on switch ASW2..3 255. Current configuration : 225 bytes ! interface FastEthernet0/1 switchport trunk allowed vlan 1. Inc.64.Step 8 Configure interface VLAN 63 and VLAN 64 on switch DSW1: DSW1(config)# interface Vlan 63 DSW1(config-if)# ip address 10.1 DSW1(config-if)# standby 64 priority 90 DSW1(config-if)# standby 64 preempt DSW1(config-if)# standby 64 track Port-channel31 30 DSW1(config-if)# standby 64 track Port-channel32 30 Step 9 Repeat Step 8 on switch DSW2 with parameters specific to switch DSW2. Implementing Cisco Switched Networks (SWITCH) v1.64.

Inc. © 2009 Cisco Systems.Step 12 Configure trunk interfaces and Port-Channels for QoS on switch DSW1 ( Attention: Must be configured before assigning an interface to Port-Cannel. here as an example for two interfaces belonging to a Port-Channel and four trunk ports:: DSW1(config)# interface range FastEthernet0/5-8 DSW1(config-if)# auto qos voip trust DSW1(config-if)# interface range FastEthernet0/1-2 DSW1(config-if)# no channel-group 31 mode passive DSW1(config-if)# auto qos voip trust DSW1(config-if)# channel-group 31 mode passive DSW1#sh mls qos QoS is enabled QoS ip packet dscp rewrite is enabled DSW1#sh mls qos int f0/7 FastEthernet0/7 trust state: trust cos trust mode: trust cos trust enabled flag: ena COS override: dis default COS: 0 DSCP Mutation Map: Default DSCP Mutation Map Trust device: none qos mode: port-based DSW1#sh auto qos FastEthernet0/1 auto qos voip trust FastEthernet0/2 auto qos voip trust FastEthernet0/3 auto qos voip trust FastEthernet0/4 auto qos voip trust FastEthernet0/5 auto qos voip trust FastEthernet0/6 auto qos voip trust FastEthernet0/7 auto qos voip trust FastEthernet0/8 auto qos voip trust Step 13 Step 14 Repeat Step 12 on switch DSW2. otherwise an error will occur ). here as an example for 2 interfaces belonging to a Port-Channel: CSW1(config)# mls qos CSW1(config)#interface range FastEthernet0/1-2 CSW1(config)#no channel-group 2 mode on CSW1(config-if)# auto qos voip trust CSW1(config)#channel-group 2 mode on Step 15 Repeat Step 14 on switch CSW2. otherwise an error will occur ). Lab Guide 329 . Configure trunk interfaces for QoS on switch CSW1 ( Attention: Must be configured before assigning an interface to Port-Cannel.

wireless capabilities should be added to the existing network. your IT manager informed you that. An email from the wireless consultant informs you that the wireless part of the implementation will be externalized. Your assignment is to prepare the wired infrastructure for this wireless addition. Your first task is to analyze the information and make a plan for the needed steps to prepare the network for the implementation of the wireless solution. Activity Objective During a daily morning meeting.0 © 2009 Cisco Systems. After completing this activity. Inc. You must prepare the switched network for a wireless integration that will take place next month. .Lab 9-1: Integrating Wireless in the Campus Complete this lab activity to practice what you learned in the related module. after voice. A list of the planned wireless equipment is attached to the wireless consultant’s email. you will be able to meet these objectives: 330 „ Identify the requirements for implementing wireless structure in a network „ Prepare an implementation plan for wireless integration „ Prepare the switched network for integration of wireless equipment „ Verify that the switched network was properly provisioned Implementing Cisco Switched Networks (SWITCH) v1.

Refer to the “Device Information” section and configure each port accordingly. „ The Lightweight AP (LAP) on switch ASW1 must be in the AP VLAN (VLAN 11). These access points need enhanced PoE. 1250 IEEE 802. The Lightweight AP (LAP) on switch ASW2 must be in the AP VLAN (VLAN 12). even if the port is a trunk.3at to support these access points where needed. Ports to these APs should be in the forward state as soon as the AP is switched on. Ports to the Cisco 2106 WLCs should be in the forward state as soon as the controller is switched on.Required Resources This section contains the information needed to accomplish in this activity. The following lists details preparation and configuration requirements for all switches in the company network. „ In the future. The Cisco Wireless Control System on switch DSW2 must be in VLAN 4. along with information specific to each device. Lab Guide 331 . and describes the requirements common to all devices in the network. with all VLANs (wired and wireless) allowed on the trunk. HREAP are specific types of controller-based access points. For the autonomous AP on switch ASW2. „ The Cisco 2106 WLC will be connected with one port in a trunk mode. „ WCS and WLC will be connected to switches DSW1 and DSW2 per the “Device Information” section.11n access points will be added to your network. „ One Hybrid Remote Edge Access Point (HREAP) must be connected to each access switch. „ For the autonomous AP on switch ASW1. you must allow the voice VLAN (VLAN 64) and data VLAN (VLAN 4). © 2009 Cisco Systems. Read the information carefully. HREAP on switch ASW1 must service the voice VLAN (VLAN 63) and data VLAN (VLAN 3). apply the appropriate QoS policy. allow the voice VLAN (VLAN 63) and data VLAN (VLAN 3). „ The Cisco Wireless Control System on switch DSW1 must be in VLAN 3. HREAP on switch ASW2 must service the voice VLAN (VLAN 64) and data VLAN (VLAN 4). Use Task 2 to make sure that you know how to configure IEEE 802. Inc. The configuration of the switch port to the HREAP AP is similar to the configuration of a port to an autonomous AP. Your configuration must implement all these requirements: „ Several standard Cisco 1240 series access points will be connected to switches ASW1 and ASW2. Implementation Policy You must integrate wireless in your network. „ On ports to the LAPs and on ports to the Cisco WLCs. The first series of access points to be installed will use AC power adapters.

0—53 © 2009 Cisco Systems. Inc. All rights reserved. 332 Implementing Cisco Switched Networks (SWITCH) v1. Visual Objective for Lab 9-1: Integrating Wireless in the Campus © 2009 Cisco Systems. Inc. .0 SWITCH v1.Device Information The table provides information about device locations: Device Role Network Location AP1 Autonomous AP ASW1 P4 AP2 HREAP ASW1 P5 AP3 Lightweight AP ASW1 P6 AP4 Autonomous AP ASW2 P4 AP5 HREAP ASW2 P5 AP6 Lightweight AP ASW2 P6 WLC1 Cisco 2106 Wireless LAN Controller DSW1 P7 WCS1 Cisco Wireless Control System DSW1 P6 WLC2 Cisco 2106 Wireless LAN Controller DSW2 P7 WCS2 Cisco Wireless Control System DSW2 P6 Visual Objective The figure illustrates what you will accomplish in this activity.

show interface trunk Displays the trunk configuration of the interface. interface range fastethernet | gigabitethernet slot/starting_port ending_port Selects a range of interfaces to configure. show vlan Displays VLAN information. or enter an existing VLAN ID to modify that VLAN. © 2009 Cisco Systems. which is used if the interface stops trunking. Enter a new VLAN ID to create a VLAN. switchport mode trunk Puts the interface into permanent trunking mode and negotiates to convert the link into a trunk link.1Q encapsulation on the trunk link. switchport nonegotiate Turns off DTP negotiation. switchport trunk encapsulation dot1q Specifies 802. switchport trunk allowed vlan all | none | add | remoce | except vlan-list Configures the list of VLANs allowed on the trunk. Lab Guide 333 .Command List The table describes the commands that are used in this activity. Inc. show interface interface-id switchport Displays the switch port configuration of the interface. switchport access vlan vlan-id Specifies the default VLAN. and enter config-vlan mode. name vlan-name Specifies a name for a VLAN for either VLAN database or VLAN configuration mode. Command Description interface fastethernet | gigabitethernet slot/port Enters interface configuration mode for a Cisco Catalyst switch with a Fast Ethernet or Gigabit Ethernet interface installed. shutdown/no shutdown Shuts down or enables an interface. switchport mode access Puts the interface into permanent nontrunking mode and negotiates to convert the link into a nontrunk link. vlan vlan-id Enters a VLAN ID.

Job Aids These are the job aids for this lab activity: 334 Value Location Blank implementation requirements list Task 1 Blank implementation and verification plan form Task 2 Blank verification notes form Task 3 Alternate resources and solutions form End of this lab Key commands and tools used form End of this lab Implementation requirements hints “Hints” section at the end of this lab Implementation and verification plan hints “Hints” section at the end of this lab Solution configuration answer key (step-bystep procedure) Configuration section at the end of this lab Implementing Cisco Switched Networks (SWITCH) v1. . Inc.0 © 2009 Cisco Systems.

your first task is to create a list where you will document the requirements for a successful implementation. and the “Implementation Policy” and “Device Information” sections to create your implementation requirements list.Task 1: Create an Implementation Requirements List for Wireless Integration in the Campus After you have analyzed the information in the “Required Resources” section. If you are unsure. High-Level Task Information Source Lab Guide 335 . Use the following table. Inc. Device © 2009 Cisco Systems. use the information provided in the “Hints” section at the end of this lab. the Visual Objective for this lab.

because it enables you to ensure that all requirements are properly configured and in the correct order. The task will help you set up configuration checkpoints. . If you are unsure.Task 2: Create an Implementation and Verification Plan The second step in your configuration deployment is to create a task list that includes each item that must be configured on each device and in what order the items must be configured.0 Verification Method and Expected Results © 2009 Cisco Systems. The Implementation and Verification Plan is very important. Use the plan to determine how you will verify that each required item was effectively configured. Inc. use the information provided in the “Hints” section at the end of this lab. Use the following table and the “Required Resources” section to create the Implementation and Verification Plan. You will move to the actual implementation in the next task. Complete √ 336 Device Implementation Order Values and Items to Implement Implementing Cisco Switched Networks (SWITCH) v1.

Complete

© 2009 Cisco Systems, Inc.

Device

Implementation
Order

Values and Items to Implement

Verification Method and
Expected Results

Lab Guide

337

Enhanced PoE configuration: Later on, Cisco Aironet Series 1250 Access Points and enhanced
PoE (802.3at) switches will be added to your network.
Answer the following questions:
1. How will the first APs be powered?
__________________________________________________________________________
__________________________________________________________________________
2. Can you use the same PoE switch for both the first APs and the future Cisco Aironet 1250
Series APs?
__________________________________________________________________________
__________________________________________________________________________
3. Can the Cisco Aironet 1250 Series APs be powered from a standard 802.3af switch or do
they need a special switch?
__________________________________________________________________________
__________________________________________________________________________
4. Document the steps required to configure PoE on switch ports to these access points:
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________

338

Implementing Cisco Switched Networks (SWITCH) v1.0

© 2009 Cisco Systems, Inc.

Task 3: Implement and Verify
Now that you have all of the requirements and have planned the implementation, you are ready to
connect to the remote lab and implement your solution. Do not forget to save. Once your solution
is implemented, verify that your configuration is working and fulfills the requirements specified.
Use the previous table to document the verifications you conducted to ensure that your solution is
complete. If you are unsure about the verification steps, use the information provided in the
“Hints” section at the end of this lab.

© 2009 Cisco Systems, Inc.

Lab Guide

339

Student Notes
Use the following space to document the details that you think are important to remember.
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
340

Implementing Cisco Switched Networks (SWITCH) v1.0

© 2009 Cisco Systems, Inc.

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________

© 2009 Cisco Systems, Inc.

Lab Guide

341

Alternate Resources and Solutions
Other groups may use a solution that is different from yours. Possible solutions will be discussed
during the debriefing period after the lab. For your reference, use the following space to
document other possible solutions.
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
342

Implementing Cisco Switched Networks (SWITCH) v1.0

© 2009 Cisco Systems, Inc.

__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________

© 2009 Cisco Systems, Inc.

Lab Guide

343

. Inc.Lab 9-1: Key Commands and Tools Used __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ 344 Implementing Cisco Switched Networks (SWITCH) v1.0 © 2009 Cisco Systems.

Design and Implementation Requirements DSW2 WCS2 Visual Objective. The following is an example of such a list: Device Implementation Requirement Lab 9-1 Section Containing Hint ASW1 AP1 Implementation Policy ASW1 AP2 Implementation Policy ASW1 AP3 Implementation Policy ASW2 AP4 Implementation Policy ASW2 AP5 Implementation Policy ASW2 AP6 Implementation Policy DSW1 WLC1 Implementation Policy DSW1 WCS1 Implementation Policy DSW2 WLC2 Implementation Policy DSW2 WCS2 Implementation Policy Device High-Level Task Information Source ASW1 AP2 Visual Objective. The list details the elements needed to develop an implementation plan. Design and Implementation Requirements DSW1 WCS1 Visual Objective. Design and Implementation Requirements ASW2 AP6 Visual Objective. the first task asks you to create an Implementation Requirements list. Design and Implementation Requirements DSW2 WLC2 Visual Objective. Design and Implementation Requirements ASW1 AP3 Visual Objective. this section contains a series of hints to help you complete the lab. Design and Implementation Requirements ASW2 AP5 Visual Objective. Design and Implementation Requirements ASW2 AP4 Visual Objective. Inc. Lab Guide 345 . Lab 9-1 Hint Sheet: Integrating Wireless in the Campus Implementation Requirements To facilitate the configuration of your network. If you need help.Hints You are encouraged to complete the labs using your knowledge. Design and Implementation Requirements © 2009 Cisco Systems. Design and Implementation Requirements DSW1 WLC1 Visual Objective.

0 Verification Method and Expected Results sh interface Fa0/5 trunk show vlan sh interface Fa0/4 trunk sh interface Fa0/5 trunk show vlan © 2009 Cisco Systems. There are several possible correct solutions.Implementation and Verification Plan In this task. you create an Implementation and Verification Plan. the template could contain the following items: Complete √ Device Implementation Order Values and Items to Implement ASW1 1 interface FastEthernet0/4 ASW1 2 switchport mode trunk 3 switchport trunk allowed vlan 3. . Inc.63 ASW1 7 mls qos trust dscp ASW1 8 interface FastEthernet0/6 ASW1 9 switchport mode access ASW1 10 switchport access vlan 11 ASW1 11 spanning-tree portfast ASW1 12 mls qos trust dscp ASW2 13 interface FastEthernet0/4 ASW2 14 switchport mode trunk 15 switchport trunk allowed vlan 4.64 ASW2 20 mls qos trust dscp ASW2 21 interface FastEthernet0/6 ASW2 22 switchport mode access ASW2 23 switchport access vlan 12 ASW2 24 spanning-tree portfast ASW2 25 mls qos trust dscp ASW2 26 interface f0/1 ASW2 27 switchport trunk allowed vlan add 12 ASW1 ASW2 ASW2 346 Implementing Cisco Switched Networks (SWITCH) v1. For this lab. One possible approach groups items that are common to all switches in a template and then applies the template to all switches.63 sh interface Fa0/4 trunk mls qos trust cos show mls qos ASW1 ASW1 ASW1 4 interface FastEthernet0/5 ASW1 5 switchport mode trunk 6 switchport trunk allowed vlan 3.64 ASW2 16 mls qos trust cos ASW2 17 interface FastEthernet0/5 ASW2 18 switchport mode trunk 19 switchport trunk allowed vlan 4.

Provides enhanced power .12. so no PoE is required yet. Lab Guide 347 .64 DSW2 41 spanning-tree portfast DSW2 42 mls qos trust cos DSW2 43 interface GigabitEthernet0/1 DSW2 44 switchport mode access DSW2 45 switchport access vlan 4 DSW1 DSW2 Verification Method and Expected Results sh interface Fa0/8 trunk show vlan sh interface Fa0/8 trunk show vlan Enhanced PoE configuration: 1.11.63 DSW1 32 spanning-tree portfast DSW1 33 mls qos trust cos DSW1 34 interface GigabitEthernet0/1 DSW1 35 switchport mode access DSW1 36 switchport access vlan 3 DSW2 37 interface FastEthernet0/11 DSW2 38 switchport trunk encapsulation dot1q DSW2 39 switchport mode trunk 40 switchport trunk allowed vlan 4.Complete √ Device Implementation Order Values and Items to Implement DSW1 28 interface FastEthernet0/8 DSW1 29 switchport trunk encapsulation dot1q DSW1 30 switchport mode trunk 31 switchport trunk allowed vlan 3. as per the “Required Resources” section. if the switch: .Has enough power resources available © 2009 Cisco Systems. Inc. How will the first APs be powered? Using AC power adapters. 2. Can you use the same PoE switch for both the first APs and the future Cisco Aironet 1250 Series APs? Yes.

„ Access the Switch console.3. but is enough for most other APs. This is done. „ Enter privilege mode. you need to allow 20 W.63 ASW1(config-if)# interface f0/4 ASW1(config-if)# mls qos trust cos ASW1(config-if)# interface f0/5 ASW1(config-if)# mls qos trust dscp ASW1(config-if)# interface FastEthernet0/6 ASW1(config-if)# switchport mode access ASW1(config-if)# switchport access vlan 11 ASW1(config-if)# spanning-tree portfast ASW1(config-if)# mls qos trust dscp Step 3 Repeat Steps 1 and 2 on switch ASW2. Step 4 Configure WLC1 on switch DSW1: DSW1(config)# mls qos DSW1(config)# interface FastEthernet0/8 DSW1(config-if)# switchport mode trunk DSW1(config-if)# switchport trunk allowed vlan 4. which is not enough for the Cisco Aironet 1250 Series AP. Again. for example. Can the Cisco Aironet 1250Series APs be powered from a standard 802. Enhanced PoE is configured at the port level. Implementing Cisco Switched Networks (SWITCH) v1. using the enable command. The Cisco Aironet 1250 Series AP needs a switch that provides enhanced power. For the Cisco Aironet 1250 Series AP. „ Enter configuration mode.5 ASW1(config-if)# switchport mode trunk ASW1(config-if)# switchport trunk allowed vlan 4. on interface g0/1 (Cisco Aironet 1250 Series APs require gigabit interfaces). Inc. the PODs do not have a PoE-Switch with that capability: Switch(config)# interface gigabitEthernet0/1 Switch(config-if)# power inline port maximum 20000 Step-by-Step Procedure Step 1 Connect to the ASW1 switch interface in configuration mode: Step 2 „ Connect to the remote lab. Configure the AP on switch ASW1: ASW1(config)# interface range FastEthernet0/4 . using the configure terminal command.63 DSW1(config-if)# spanning-tree portfast trunk DSW1(config-if)# mls qos trust cos Step 5 Configure WCS1 on switch DSW1: DSW1(config)# interface GigabitEthernet0/1 DSW1(config-if)# switchport mode access DSW1(config-if)# switchport access vlan 3 Step 6 348 Repeat Steps 4 and 5 on switch DSW2.3af specification. .0 © 2009 Cisco Systems.11.3af switch or do they need a special switch? The standard switch provides 15 W max. as per the 802.

Inc.2 no service pad service timestamps debug datetime msec service timestamps log datetime no service password-encryption ! hostname ASW1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$mTdi$ALXy4V.. Lab Guide 349 . Current configuration : 2689 bytes ! version 12..TkqEcTuB6TNYZm0 ! no aaa new-model system mtu routing 1500 ip subnet-zero ! ! no ip domain-lookup ! spanning-tree mode pvst spanning-tree etherchannel guard misconfig spanning-tree extend system-id ! vlan internal allocation policy ascending ! interface FastEthernet0/1 description Link to DSW1 ! interface FastEthernet0/2 description Link to DSW2 ! interface FastEthernet0/3 description Link to CTL1 ! interface FastEthernet0/4 shutdown ! interface FastEthernet0/5 shutdown ! interface FastEthernet0/6 shutdown ! interface FastEthernet0/7 shutdown ! interface FastEthernet0/8 shutdown ! interface GigabitEthernet0/1 shutdown © 2009 Cisco Systems.Ending Configurations Lab 1-1: New Hire Test Your configuration should be similar to the following example. On switch ASW1: ASW1#show running-config Building configuration.

cfg force alias exec init-4-1 configure replace flash:/switch/lab_4_1.cfg force alias exec init-2-2 configure replace flash:/switch/lab_2_2.cfg force alias exec init-3-3-A configure replace flash:/switch/lab_3_3_A.251 ip http server no ip http secure-server ! control-plane ! alias exec init-2-1 configure replace flash:/switch/lab_2_1.0 © 2009 Cisco Systems.cfg force alias exec init-4-2-C configure replace flash:/switch/lab_4_2_C.cfg force alias exec init-8-1 configure replace flash:/switch/lab_8_1.! interface Vlan1 ip address 10.1.1 255.255. All the items that you configured should be there.cfg force alias exec init-4-2-A configure replace flash:/switch/lab_4_2_A.1.cfg force alias exec init-9-1 configure replace flash:/switch/lab_9_1.cfg force alias exec init-3-1 configure replace flash:/switch/lab_3_1.cfg force alias exec init-5-1 configure replace flash:/switch/lab_5_1. others were pasted by your instructor before the beginning of the class.0 no ip route-cache ! ip default-gateway 10.cfg force alias exec init-6-1 configure replace flash:/switch/lab_6_1. . 350 Implementing Cisco Switched Networks (SWITCH) v1.cfg force ! line con 0 exec-timeout 0 0 logging synchronous line vty 0 4 password cisco logging synchronous login line vty 5 15 password cisco logging synchronous login ! end The switch automatically generated some of these configuration lines. Inc.cfg force alias exec init-3-3-B configure replace flash:/switch/lab_3_3_B.cfg force alias exec init-6-2 configure replace flash:/switch/lab_6_2.1. Other Switches: Repeat the same process on the other switches.cfg force alias exec init-3-2 configure replace flash:/switch/lab_3_2.1.cfg force alias exec init-4-2-B configure replace flash:/switch/lab_4_2_B. changing the values that are different on each switch.255.cfg force alias exec init-7-1 configure replace flash:/switch/lab_7_1.

3.3. Trunks.12. and EtherChannel Your configuration should be similar to the following. Only the configuration sections relevant to this lab are displayed.65 switchport mode trunk ! interface FastEthernet0/2 description Trunk to DSW2 switchport trunk allowed vlan 1.64.11.63.11.66 switchport mode access ! interface FastEthernet0/2 description Trunk to DSW1 switchport trunk allowed vlan 1. On switch ASW1: ASW1#sh run ! interface FastEthernet0/1 description Trunk to DSW1 switchport trunk allowed vlan 1.4.12. Lab Guide 351 .Lab 2-1 Design and Implement VLANs.4.66 switchport mode trunk shutdown ! interface FastEthernet0/3 description Port to CTL2 switchport access vlan 4 switchport mode trunk ! interface FastEthernet0/4 description Port to FTP2 switchport access vlan 64 ! interface FastEthernet0/5 description Port to WEB2 © 2009 Cisco Systems.63.65 switchport mode trunk shutdown ! interface FastEthernet0/3 description Port to CLT1 switchport access vlan 11 switchport mode access ! interface FastEthernet0/4 description Port to FTP1 switchport access vlan 63 ! interface FastEthernet0/5 description Port to WEB1 switchport access vlan 11 !On switch ASW2: ASW2#sh run ! interface FastEthernet0/1 description Trunk to DSW2 switchport trunk allowed vlan 1. Inc.64.

3.0 © 2009 Cisco Systems.12.11.11.12.11.3.switchport access vlan 12 On switch DSW1: DSW1#sh run ! interface Port-channel31 description PortChannel trunk to CSW1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.3.4.63.11.4.3.11.63-66 switchport mode trunk channel-group 31 mode passive ! interface FastEthernet0/3 description Link to CSW2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.64.3.12.4.4.4.12.3.4.12.12.63-66 switchport mode trunk shutdown ! interface FastEthernet0/1 description Link to CSW1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.3.63-66 switchport mode trunk channel-group 31 mode passive ! interface FastEthernet0/2 description Link to CSW1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.63-66 switchport mode trunk ! interface Port-channel32 description PortChannel trunk to CSW2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.66 switchport mode trunk 352 Implementing Cisco Switched Networks (SWITCH) v1.12.4.12.4.63-66 switchport mode trunk shutdown ! interface FastEthernet0/6 description Trunk to ASW1 switchport access vlan 65 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1. Inc.3.63-66 switchport mode trunk shutdown channel-group 32 mode passive ! interface FastEthernet0/5 description Trunk to DSW2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.11.11.63-66 switchport mode trunk shutdown channel-group 32 mode passive ! interface FastEthernet0/4 description Link to CSW2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.65 switchport mode access ! interface FastEthernet0/7 description Trunk to ASW2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1. .11.

3.63-66 switchport mode trunk channel-group 32 mode passive ! interface FastEthernet0/2 description Link to CSW2 switchport trunk encapsulation dot1q switchport trunk native vlan 4 switchport trunk allowed vlan 1.12.3.11.4.12.4.12.11.12.3.11.12.4.11.3. Inc.4.3.63-66 switchport mode trunk ! ! On switch DSW2: DSW2#sh run ! interface Port-channel31 description PortChannel trunk to CSW1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.4.12.shutdown ! interface FastEthernet0/8 description Port to FILE1 switchport access vlan 65 ! interface GigabitEthernet0/1 description Port to NR1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.11.4.63-66 switchport mode trunk shutdown ! interface Port-channel32 description PortChannel Trunk to CSW2 switchport trunk encapsulation dot1q switchport trunk native vlan 4 switchport trunk allowed vlan 1.11.12.12.63-66 switchport mode trunk ! interface FastEthernet0/1 description Link to CSW2 switchport trunk encapsulation dot1q switchport trunk native vlan 4 switchport trunk allowed vlan 1.3.63-66 switchport mode trunk shutdown channel-group 31 mode passive ! interface FastEthernet0/5 description Trunk to DSW1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.3.63-66 switchport mode trunk shutdown channel-group 31 mode passive ! interface FastEthernet0/4 description Link to CSW1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.11.11. Lab Guide 353 .63-66 switchport mode trunk © 2009 Cisco Systems.63-66 switchport mode trunk channel-group 32 mode passive ! interface FastEthernet0/3 description Link to CSW1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.4.3.4.

4.3.11.12.12.4.11.3.4.4. .64.63-66 switchport mode trunk channel-group 31 mode active ! interface FastEthernet0/3 description Link to DSW2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.63.4.11.12.11.11.63-66 switchport mode trunk ! interface FastEthernet0/1 description Link to DSW1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.63-66 switchport mode trunk ! interface Port-channel32 description PortChannel trunk to DSW2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.11.3.4.3.3.12.63-66 switchport mode trunk shutdown 354 Implementing Cisco Switched Networks (SWITCH) v1.3.4.3.11.66 switchport mode trunk shutdown ! interface FastEthernet0/7 description Trunk to ASW1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.12.63-66 switchport mode trunk channel-group 31 mode active ! interface FastEthernet0/2 description Link to DSW1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.0 © 2009 Cisco Systems. Inc.11.4.12.12.65 switchport mode trunk shutdown ! interface FastEthernet0/8 description Port to FILE2 switchport access vlan 66 ! interface GigabitEthernet0/1 description Port to NR2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.3.63-66 switchport mode trunk On switch CSW1: CSW1#sh run ! interface Port-channel31 description PortChannel trunk to DSW1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.63-66 switchport mode trunk shutdown ! interface Port-channel33 description PortChannel trunk to CSW2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.12.shutdown ! interface FastEthernet0/6 description Trunk to ASW2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.

4.4.63-66 switchport mode trunk ! interface Port-channel33 description PortChannel trunk to CSW1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.63-66 switchport mode trunk shutdown ! interface Port-channel32 description PortChannel trunk to DSW2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.11.11.12.4.11.63-65 switchport mode trunk ! interface FastEthernet0/1 description Link to DSW2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.3.3.3.63-66 switchport mode trunk channel-group 32 mode active ! interface FastEthernet0/3 description Link to DSW1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.4.12.3.63-66 switchport mode trunk shutdown channel-group 32 mode active On switch CSW2: CSW2#sh run ! interface Port-channel31 description PortChannel trunk to DSW1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.3.3.12.12.11.12. Inc.11.12.4.63-66 switchport mode trunk shutdown channel-group 31 mode active © 2009 Cisco Systems.3.4.12. Lab Guide 355 .3.12.11.11.4.4.63-66 switchport mode trunk shutdown channel-group 31 mode active ! interface FastEthernet0/4 description Link to DSW1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.11.63-66 switchport mode trunk channel-group 32 mode active ! interface FastEthernet0/2 description Link to DSW2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.channel-group 32 mode active ! interface FastEthernet0/4 description Link to DSW2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.

255.255.0 © 2009 Cisco Systems.0 no shutdown Switch CSW1: vlan 51. .0 Router R2: interface f0/1. Inc.1.51 encapsulation dot1q 51 ip address 10.51.51 ip address 10.255. Only the configuration sections relevant to this lab are displayed.255.501 ! vlan 501 private-vlan primary private-vlan association 51 vlan 51 name TestIsolated private-vlan isolated ! interface f0/11 switchport trunk allowed vlan add 51 ! interface f0/12 switchport trunk allowed vlan add 51 no shutdown 356 Implementing Cisco Switched Networks (SWITCH) v1.51.1. Router R1: interface f0/0.2 255.Lab 2-3 Implement Private VLANs Your configuration should be similar to the following.1 255.

12. Inc.4.63-66 switchport mode trunk On switch DSW2: interface Port-channel31 description PortChannel trunk to CSW1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.63-66 switchport mode trunk ! interface Port-channel32 description PortChannel trunk to DSW2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.11.11.3.12.4.12.3.3.12.63-66 switchport mode trunk ! interface FastEthernet0/1 description Link to CSW2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.11.4.11. Lab Guide 357 .11.3.63-66 switchport mode trunk ! interface Port-channel32 description PortChannel trunk to CSW2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.4.3.3.12.12.4.Lab 3-1: Implement Multiple Spanning Tree Ending configurations for Task 1: On switch DSW1: interface Port-channel31 description PortChannel trunk to CSW1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.3.12.63-66 switchport mode trunk shutdown ! interface Port-channel32 description PortChannel Trunk to CSW2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.12.3.11.63-66 switchport mode trunk ! interface FastEthernet0/1 description Link to CSW1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.3.4.63-66 switchport mode trunk channel-group 32 mode passive © 2009 Cisco Systems.63-66 switchport mode trunk ! interface Port-channel33 description PortChannel trunk to CSW2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.4.63-66 switchport mode trunk channel-group 31 mode passive On switch CSW1: interface Port-channel31 description PortChannel trunk to DSW1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.11.11.12.11.4.4.

12.63-66 switchport mode trunk ! interface Port-channel33 description PortChannel trunk to CSW1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1. 12. 65 instance 2 vlan 4.4.2721.On switch CSW2: interface Port-channel31 description PortChannel trunk to DSW1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.Nbr -------128. .11.296 128.3.8680 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID 358 Priority Address Hello Time Forward Delay 15 sec Type ---------------------P2p P2p P2p P2p P2p Forward Delay 15 sec 24577 (priority 24576 sys-id-ext 1) 001f. 66 ! spanning-tree mst 0-1 priority 24576 spanning-tree mst 2 priority 28672 ! DSW1#sho spanning-tree MST0 Spanning tree enabled protocol mstp Root ID Priority 24576 Address 001f. 63.11.12.7 128. 64.4.2721.63-66 switchport mode trunk Ending Configurations for MST MSTP on switch DSW1: ! spanning-tree mst configuration name region1 revision 1 instance 1 vlan 1.63-66 switchport mode trunk shutdown ! interface Port-channel32 description PortChannel trunk to DSW2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1.3.12.8 128.2721.0 © 2009 Cisco Systems.8680 2 sec Max Age 20 sec Forward Delay 15 sec Sts --FWD FWD FWD FWD FWD Cost --------200000 200000 200000 100000 100000 Prio.4.8680 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Interface ------------------Fa0/5 Fa0/6 Fa0/7 Po31 Po32 Role ---Desg Desg Desg Desg Desg 24576 (priority 24576 sys-id-ext 0) 001f.2721.8680 2 sec Max Age 20 sec Forward Delay 15 sec Implementing Cisco Switched Networks (SWITCH) v1. 11. 3.3.304 MST1 Spanning tree enabled protocol mstp Root ID Priority 24577 Address 001f.11.9 128. Inc.

304 Type ------------------------P2p P2p P2p P2p P2p DSW1# MST on switch DSW2: ! spanning-tree mst configuration name region1 revision 1 instance 1 vlan 1. Inc.8680 2 sec Max Age 20 sec Forward Delay 15 sec Sts --FWD FWD FWD FWD BLK Cost --------200000 200000 200000 100000 100000 Prio.8 128.9 128.8600 Cost 200000 Port 7 (FastEthernet0/5) Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Interface ------------------Fa0/5 Fa0/6 Fa0/7 Po31 Po32 Role ---Root Desg Desg Desg Altn Type -----------------------P2p P2p P2p P2p P2p Forward Delay 15 sec 28674 (priority 28672 sys-id-ext 2) 001f.304 MST2 Spanning tree enabled protocol mstp Root ID Priority 24578 Address 001f.Interface ------------------Fa0/5 Fa0/6 Fa0/7 Po31 Po32 Role ---Desg Desg Desg Desg Desg Sts --FWD FWD FWD FWD FWD Cost --------200000 200000 200000 100000 100000 Prio.2721.7 128.8 128.2721.304 Type -------------------------P2p P2p P2p P2p P2p Lab Guide 359 .8680 Cost 0 Port 7 (FastEthernet0/5) Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Interface ------------------Fa0/5 Fa0/6 Fa0/7 Po31 Po32 © 2009 Cisco Systems. 3. 65 instance 2 vlan 4.296 128.2721.9 128.Nbr -------128.9 128.7 128.Nbr -------128. Role ---Root Desg Desg Altn Altn Forward Delay 15 sec 28672 (priority 28672 sys-id-ext 0) 001f.2721. 64.Nbr -------128. 11.8600 2 sec Max Age 20 sec Forward Delay 15 sec Sts --FWD FWD FWD BLK BLK Cost --------200000 200000 200000 100000 100000 Prio. 66 ! spanning-tree mst 0-1 priority 28672 spanning-tree mst 2 priority 24576 ! DSW2#sho spanning-tree MST0 Spanning tree enabled protocol mstp Root ID Priority 24576 Address 001f.7 128. 63.296 128. 12.8 128.296 128.

304 MST2 Spanning tree enabled protocol mstp Root ID Priority 24578 Address 001f.8680 Cost 200000 Port 7 (FastEthernet0/5) Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Interface ------------------Fa0/5 Fa0/6 Fa0/7 Po31 Po32 Role ---Root Desg Desg Altn Altn 28673 (priority 28672 sys-id-ext 1) 001f.8600 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Priority Address Hello Time Interface ------------------Fa0/5 Fa0/6 Fa0/7 Po31 Po32 Role ---Desg Desg Desg Desg Desg Forward Delay 15 sec Type ------------------------P2p P2p P2p P2p P2p Forward Delay 15 sec 24578 (priority 24576 sys-id-ext 2) 001f.7 128. 64.2721. CSW1. 12.296 128.9 128. .2721.8 128. 66 360 Implementing Cisco Switched Networks (SWITCH) v1. 11.8600 2 sec Max Age 20 sec Forward Delay 15 sec Sts --FWD FWD FWD FWD FWD Cost --------200000 200000 200000 100000 100000 Prio. and CSW2: spanning-tree mst configuration name region1 revision 1 instance 1 vlan 1.7 128.2721.9 128.Nbr -------128.8 128.296 128. 63. 65 instance 2 vlan 4. 3.8600 2 sec Max Age 20 sec Forward Delay 15 sec Sts --FWD FWD FWD BLK BLK Cost --------200000 200000 200000 100000 100000 Prio.0 © 2009 Cisco Systems.MST1 Spanning tree enabled protocol mstp Root ID Priority 24577 Address 001f.2721.Nbr -------128. ASW2. Inc.304 Type -------------------------P2p P2p P2p P2p P2p DSW2# MST on switches ASW1.

1 On switches DSW1 and DSW2: ip routing ! interface Port-channel31 description PortChannel trunk to CSW1 no switchport ip address 10.1.254 no ip route-cache ! interface Port-channel32 description PortChannel trunk to CSW2 no switchport ip address 10.0.0 ip default-gateway 10.255.4 255.10 255.2 255.1. Inc.3.3.255. Lab Guide 361 .254 no ip route-cache ! interface FastEthernet0/1 description Link to CSW1 no switchport no ip address no ip route-cache channel-group 31 mode passive ! interface FastEthernet0/2 description Link to CSW1 no switchport no ip address no ip route-cache channel-group 31 mode passive ! interface FastEthernet0/3 description Link to CSW2 no switchport no ip address no ip route-cache channel-group 32 mode passive ! interface FastEthernet0/4 description Link to CSW2 no switchport no ip address no ip route-cache channel-group 32 mode passive ! interface FastEthernet0/5 description Trunk to DSW2 no switchport ip address 10.1.0 255.0.255.1.253.253.255.1.0 0.255.255.255 © 2009 Cisco Systems.1.254 no ip route-cache ! router eigrp 10 network 10.Lab 3-2: Implement PVRST+ PVRST+ on all switches on your pod spanning-tree mode rapid-pvst Lab 4-1: Implement Inter-VLAN Routing On switches ASW1 and ASW2: interface Vlan3 ip address 10.253.255.255.255.

253.255.254 ! interface Port-channel32 description PortChannel trunk to DSW2 no switchport ip address 10.253.9 255.1.253. Inc. .1.255.255.254 ! interface FastEthernet0/1 description Link to DSW1 no switchport no ip address channel-group 31 mode active ! interface FastEthernet0/2 description Link to DSW1 no switchport no ip address channel-group 31 mode active ! interface FastEthernet0/3 description Link to DSW2 no switchport no ip address channel-group 32 mode active ! interface FastEthernet0/4 description Link to DSW2 no switchport no ip address channel-group 32 mode active ! interface FastEthernet0/5 shutdown ! interface FastEthernet0/6 shutdown ! interface FastEthernet0/7 description Link to CSW2 no switchport no ip address channel-group 33 mode on ! interface FastEthernet0/8 description Link to CSW2 no switchport no ip address channel-group 33 mode on ! interface FastEthernet0/9 description Link to CSW2 no switchport no ip address channel-group 33 mode on ! interface FastEthernet0/10 description Link to CSW2 no switchport 362 Implementing Cisco Switched Networks (SWITCH) v1.255.On switches CSW1 and CSW2: interface Port-channel31 description PortChannel trunk to DSW1 no switchport ip address 10.255.1 255.255.0 © 2009 Cisco Systems.254 ! interface Port-channel33 description PortChannel trunk to CSW2 no switchport ip address 10.10 255.1.

254 ! router eigrp 10 network 10.255 On routers R1 and R2: interface FastEthernet0/0 description Link to CSW1 ip address 10.255.255.253.253.no ip address channel-group 33 mode on ! interface FastEthernet0/11 description Trunk to R1 no switchport ip address 10.254 duplex auto speed auto ! interface FastEthernet0/1 description Link to CSW2 ip address 10.255.255.0 0.1.14 255.1.1.0.19 255.255.1.253.255.254 ! interface FastEthernet0/12 description Trunk to R2 no switchport ip address 10.1.255.13 255.1.0 0.255.253. Lab Guide 363 .254 duplex auto speed auto ! router eigrp 10 network 10.0.0.0.12 255.255 © 2009 Cisco Systems. Inc.255.255.

2 255.3.1.4.3 255.10 ip sla schedule 1 life forever start-time now logging 10.4.0 standby 4 ip 10.1.4.255.255.1.0 standby 3 ip 10.255.0 standby 4 ip 10.1.3.1 standby 3 priority 120 standby 3 preempt standby 3 track Port-channel31 30 standby 3 track Port-channel32 30 ! interface Vlan4 ip address 10.2 255. Inc.0 standby 3 ip 10.4.255.3.255.1.1 standby 4 preempt On switch DSW2: interface Vlan3 ip address 10.3.1 standby 3 preempt ! interface Vlan4 ip address 10.50 traps ciscor snmp-server enable traps config snmp-server enable traps vlan-membership snmp-server enable traps errdisable On switch DSW2: logging 10.100 traps ciscor snmp-server enable traps config snmp-server enable traps vlan-membership snmp-server enable traps errdisable Lab 6-1: Implement and Tune HSRP On switch DSW1: interface Vlan3 ip address 10.50 logging trap informational snmp-server community ciscor ro snmp-server host 10.1 standby 4 priority 120 standby 4 preempt standby 4 track Port-channel31 30 standby 4 track Port-channel32 30 364 Implementing Cisco Switched Networks (SWITCH) v1. .1.3.1.1.1.3.255.3.0 © 2009 Cisco Systems.4.255.1.255.Lab 5-1: Implementing High Availability and Reporting in a Network Design On switch CSW1: ip sla 1 icmp-echo 10.1.100 logging trap informational snmp-server community ciscor ro snmp-server host 10.1.1.3 255.4.

Inc.000 sec Preemption enabled Priority is 150 Master Router is 10.5e00.414 sec FastEthernet0/1 .253.253.253.253.248 On switch CSW2: interface FastEthernet0/11 description Trunk to R2 switchport access vlan 20 switchport mode access ! interface FastEthernet0/12 description Trunk to R1 switchport access vlan 20 switchport mode access ! interface Vlan20 ip address 10.253.34 Virtual MAC address is 0000.33 255.Group 2 State is Backup Virtual IP address is 10.1. Lab Guide 365 .253.248 duplex auto speed auto vrrp 1 ip 10.Lab 6-2: Implementing VRRP On switch CSW1: interface FastEthernet0/11 description Trunk to R1 switchport access vlan 10 switchport mode access ! interface FastEthernet0/12 description Trunk to R2 switchport access vlan 10 switchport mode access ! interface Vlan10 ip address 10.000 sec Master Down interval is 3.000 sec Preemption enabled Priority is 100 © 2009 Cisco Systems.255.1.27 (local).255.255.Group 1 State is Master Virtual IP address is 10.5e00.255.34 R1# show vrrp FastEthernet0/0 .36 255.1.253.30 Virtual MAC address is 0000.255.1.1.255.27 255.0102 Advertisement interval is 1. priority is 150 Master Advertisement interval is 1.253.1.1.248 On router R1: interface FastEthernet0/0 description Link to CSW1 ip address 10.1.25 255.255.253.30 vrrp 1 priority 120 ! interface FastEthernet0/1 description Link to CSW2 ip address 10.248 duplex auto speed auto vrrp 2 ip 10.0101 Advertisement interval is 1.1.255.

253.000 sec Preemption enabled Priority is 100 Master Router is 10.35.248 duplex auto speed auto vrrp 1 ip 10.253.1.Master Router is 10.3a29 On switch ASW2: spanning-tree portfast bpduguard default spanning-tree loopguard default 366 Implementing Cisco Switched Networks (SWITCH) v1. .255.27.1.000 sec Master Down interval is 3.1.253.Group 1 State is Backup Virtual IP address is 10.253.35 255.1.5e00.000 sec Preemption enabled Priority is 150 Master Router is 10.30 Virtual MAC address is 0000.255.389 sec) On router R2: interface FastEthernet0/0 description Link to CSW2 ip address 10. Inc.248 duplex auto speed auto vrrp 2 ip 10. priority is 150 Master Advertisement interval is 1.1.5684. priority is 150 Master Advertisement interval is 1.5e00.255.217 sec) FastEthernet0/0 .1.30 R2# show vrrp FastEthernet0/1 .414 sec Lab 7-1: Secure Network Switches to Mitigate Security Attacks On switch ASW1: spanning-tree portfast bpduguard default spanning-tree loopguard default ! ip dhcp snooping ip dhcp snooping vlan 1-4094 ! ip arp inspection vlan 1-4094 ! interface range FastEthernet0/1 .253.0102 Advertisement interval is 1.253.0101 Advertisement interval is 1.253.Group 2 State is Master Virtual IP address is 10.253.35 (local).1.609 sec (expires in 3.609 sec (expires in 3.000 sec Master Down interval is 3.0 © 2009 Cisco Systems.000 sec Master Down interval is 3. priority is 150 Master Advertisement interval is 1.255.26 255.1.2 ip dhcp snooping trust ! interface FastEthernet0/3 switchport port-security switchport port-security violation restrict switchport port-security mac-address 0050.34 Virtual MAC address is 0000.34 vrrp 2 priority 120 ! interface FastEthernet0/1 description Link to CSW1 ip address 10.1.253.

5692.7 ip arp inspection trust On switch DSW2: ip access-list extended NOTEL permit tcp any any eq telnet ! vlan access-map TEST 10 action drop match ip address NOTEL vlan access-map TEST 20 action forward ! vlan filter TEST vlan-list 2-3 ! spanning-tree portfast bpduguard default spanning-tree loopguard default ! ip arp inspection vlan 1-4094 ! interface FastEthernet0/5 spanning-tree guard root ip arp inspection trust ! interface range FastEthernet0/6 .! ip dhcp snooping ip dhcp snooping vlan 1-4094 ! ip arp inspection vlan 1-4094 ! interface range FastEthernet0/1 . Inc. Lab Guide 367 .3032 On switch DSW1: ip access-list extended NOTEL permit tcp any any eq telnet ! vlan access-map TEST 10 action drop match ip address NOTEL vlan access-map TEST 20 action forward ! vlan filter TEST vlan-list 2-3 ! ip arp inspection vlan 1-4094 ! spanning-tree portfast bpduguard default spanning-tree loopguard default ! interface FastEthernet0/5 spanning-tree guard root ip arp inspection trust ! interface range FastEthernet0/6 .2 ip dhcp snooping trust ! interface FastEthernet0/3 description Port to CTL2 switchport port-security switchport port-security mac-address sticky switchport port-security mac-address sticky 0050.7 ip arp inspection trust © 2009 Cisco Systems.

0 © 2009 Cisco Systems.11. .4. Inc.11.63-66 srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust dscp auto qos voip trust ! interface FastEthernet0/2 switchport mode trunk switchport trunk allowed vlan 3.Lab 8-1: Plan Implementation and Verification of VoIP in a Campus Network On switches ASW1 and ASW2: interface FastEthernet0/1 switchport mode trunk switchport trunk allowed vlan 3.4.12.63-66 srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust dscp auto qos voip trust ! interface FastEthernet0/14 switchport mode access switchport access vlan 3 switchport voice vlan 63 switchport priority extend trust srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust device cisco-phone mls qos trust cos auto qos voip cisco-phone service-policy input AutoQoS-Police-CiscoPhone ! interface FastEthernet0/15 switchport mode access switchport access vlan 3 switchport voice vlan 63 switchport priority extend trust srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust device cisco-phone mls qos trust cos auto qos voip cisco-phone service-policy input AutoQoS-Police-CiscoPhone 368 Implementing Cisco Switched Networks (SWITCH) v1.12.

12.1.11.63. Inc.255.12.1.63.1.0 default-router 10.11 10.1.49 ip dhcp excluded-address 10.63-66 srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust dscp auto qos voip trust ! interface FastEthernet0/15 switchport mode access switchport access vlan 63 srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust dscp auto qos voip trust ! © 2009 Cisco Systems.4.12 lease 8 ! interface FastEthernet0/5 switchport mode trunk switchport trunk allowed vlan 3.1.64.63.1.1.4.1 10.63-66 srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust dscp auto qos voip trust ! interface FastEthernet0/7 switchport mode trunk switchport trunk allowed vlan 3.0 default-router 10.1.255.4.1.0 255.64.63.On switch DSW1: ip dhcp excluded-address 10.1.100 10.64.12.63-66 srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust dscp auto qos voip trust ! interface FastEthernet0/6 switchport mode trunk switchport trunk allowed vlan 3.11 10.63.64.64.255 ip dhcp excluded-address 10.11.255.1. Lab Guide 369 .63.255.1.1 10.49 ip dhcp excluded-address 10.64.0 255.63.1.1.1.11.64.255 ! ip dhcp pool vlan63 network 10.12 lease 8 ! ip dhcp pool vlan64 network 10.1 option 150 ip 10.63.1 option 150 ip 10.1.64.100 10.

64.1.63.63-66 srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust dscp auto qos voip trust ! 370 Implementing Cisco Switched Networks (SWITCH) v1.255 ip dhcp excluded-address 10.1.11.64.1.11 10.12 lease 8 ! ip dhcp pool vlan64 network 10.1.63-66 srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust dscp auto qos voip trust ! interface FastEthernet0/7 switchport mode trunk switchport trunk allowed vlan 3.1.63.63.11.63.1.1.255.63. .1 option 150 ip 10.1.1.1 10.0 default-router 10.150 10.64.11.1.99 ! ip dhcp pool vlan63 network 10.255.4. Inc.1.255 ip dhcp excluded-address 10.12 lease 8 ! interface FastEthernet0/5 switchport mode trunk switchport trunk allowed vlan 3.12.1.12.12.64.1.63.99 ip dhcp excluded-address 10.0 default-router 10.1 10.63.255.0 255.0 255.150 10.63.64.1.63-66 srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust dscp auto qos voip trust ! interface FastEthernet0/6 switchport mode trunk switchport trunk allowed vlan 3.63.255.4.1 option 150 ip 10.64.On switch DSW2: ip dhcp excluded-address 10.0 © 2009 Cisco Systems.1.64.4.1.11 10.

10 10 60 20 10 10 60 20 10 10 60 20 10 10 60 20 Lab Guide 371 . Inc.On switches CSW1 and CSW2: interface FastEthernet0/1 no switchport no ip address srr-queue bandwidth share priority-queue out mls qos trust dscp auto qos voip trust channel-group 31 mode on ! interface FastEthernet0/2 no switchport no ip address srr-queue bandwidth share priority-queue out mls qos trust dscp auto qos voip trust channel-group 31 mode on ! interface FastEthernet0/3 no switchport no ip address srr-queue bandwidth share priority-queue out mls qos trust dscp auto qos voip trust channel-group 32 mode on ! interface FastEthernet0/4 no switchport no ip address srr-queue bandwidth share priority-queue out mls qos trust dscp auto qos voip trust channel-group 32 mode on © 2009 Cisco Systems.

64 switchport mode trunk mls qos trust cos ! interface FastEthernet0/05 description AP5 switchport trunk allowed vlan 4.Lab 9-1 Integrating Wireless in the Campus: On ASW1: interface FastEthernet0/04 description AP1 switchport trunk allowed vlan 3.63 switchport mode trunk mls qos trust cos ! interface FastEthernet0/06 description AP3 switchport access vlan 11 switchport mode access spanning-tree portfast mls qos trust dscp On ASW2: interface FastEthernet0/04 description AP4 switchport trunk allowed vlan 4.63 switchport mode trunk mls qos trust cos ! interface FastEthernet0/05 description AP2 switchport trunk allowed vlan 3. Inc.0 © 2009 Cisco Systems. .64 switchport mode trunk mls qos trust cos ! interface FastEthernet0/06 description AP6 switchport access vlan 12 switchport mode access spanning-tree portfast mls qos trust dscp 372 Implementing Cisco Switched Networks (SWITCH) v1.

64 switchport mode trunk spanning-tree portfast trunk mls qos trust cos ! interface GigabitEthernet0/1 description WLC2 switchport mode access switchport access vlan 4 spanning-tree portfast mls qos trust cos © 2009 Cisco Systems.63 switchport mode trunk spanning-tree portfast trunk mls qos trust cos ! interface GigabitEthernet0/1 description WLC1 switchport mode access switchport access vlan 3 spanning-tree portfast mls qos trust cos On DSW2: mls qos ! interface FastEthernet0/08 description WCS2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 4.12. Inc.11. Lab Guide 373 .On DSW1: mls qos ! interface FastEthernet0/08 description WCS1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 3.

0 P4 P5 DSW2 DSW2 Physical port in your pod CSW1 Port Name on the map Device Device Port Name on the map Physical port in your pod During the implementation process. Each port can represent one or several physical interfaces. All rights reserved. Use the following table to document the physical interfaces used in your pod. . Inc. The ports represented on each device connection in the Visual Objective are generic ports. 374 Implementing Cisco Switched Networks (SWITCH) v1. Inc. for each switch.Pod Physical Ports Map P2 R2 P3 DSW2 P1 R2 P2 DSW2 P2 R1 P1 DSW2 P1 R1 P5 DSW1 P5 CSW2 P4 DSW1 P4 CSW2 P3 DSW1 P3 CSW2 P2 DSW1 P2 CSW2 P1 DSW1 P1 CSW2 P3 ASW2 P5 CSW1 P2 ASW2 P4 CSW1 P1 ASW2 P3 CSW1 P3 ASW1 P2 CSW1 P2 ASW1 P1 P1 ASW1 © 2009 Cisco Systems. you must determine.0—1 © 2009 Cisco Systems. You will use this information throughout the labs: SWITCH v1. the port that connects to each neighbor.

SWITCH v1. © 2009 Cisco Systems. Inc. All rights reserved. Inc.0—2 Lab Guide 375 .Visual Objective for Lab 1-1: New Hire Test Lab 1-1 Network Diagram © 2009 Cisco Systems.

376 Implementing Cisco Switched Networks (SWITCH) v1. All rights reserved.Visual Objective for Lab 2-1: Design and Implement VLANs.0 SWITCH v1. Trunk and EtherChannel Lab 2-1 Network Diagram © 2009 Cisco Systems. . Inc. Inc.0—3 © 2009 Cisco Systems.

SWITCH v1. Inc.Visual Objective for Lab 2-2: Troubleshoot Common VLAN Configuration and Security Issues Lab 2-2 Network Diagram © 2009 Cisco Systems. © 2009 Cisco Systems.0—4 Lab Guide 377 . All rights reserved. Inc.

Visual Objective for Lab 2-3: Configure Private VLANs Lab 2-3 Network Diagram © 2009 Cisco Systems.0 SWITCH v1. Inc. All rights reserved.0—5 © 2009 Cisco Systems. 378 Implementing Cisco Switched Networks (SWITCH) v1. . Inc.

All rights reserved. Inc.Lab 3-1: Implement Multiple Spanning Tree Lab 3-1 Network Diagram © 2009 Cisco Systems. SWITCH v1. © 2009 Cisco Systems. Inc.0—3-5 Lab Guide 379 .

0 SWITCH v1. . Inc.0—7 © 2009 Cisco Systems. Inc.Visual Objective for Lab 3-2: Implement PVRST+ Lab 3-2 Network Diagram © 2009 Cisco Systems. All rights reserved. 380 Implementing Cisco Switched Networks (SWITCH) v1.

© 2009 Cisco Systems. Inc. All rights reserved.Visual Objective for Lab 3-3: Troubleshooting Spanning Tree Issues Lab 3-3 Network Diagram © 2009 Cisco Systems. Inc.0—8 Lab Guide 381 . SWITCH v1.

382 Implementing Cisco Switched Networks (SWITCH) v1. Inc.0 SW ITCH v1. Inc.Lab 4-1: Implementing Inter-VLAN Routing Lab 4-1 Network Diagram © 2009 Cisco Systems.0—3-8 © 2009 Cisco Systems. All rights reserved. .

Visual Objective for Lab 4-2: Troubleshooting Inter-VLAN Routing Lab 4-2 Network Diagram © 2009 Cisco Systems. © 2009 Cisco Systems.0—10 Lab Guide 383 . Inc. All rights reserved. Inc. SWITCH v1.

All rights reserved.0—11 © 2009 Cisco Systems.0 SWITCH v1. . Inc. Inc.Visual Objective for Lab 5-1: Implement HA in a Network Design Lab 5-1 Network Diagram © 2009 Cisco Systems. 384 Implementing Cisco Switched Networks (SWITCH) v1.

0—12 Lab Guide 385 . © 2009 Cisco Systems. Inc.Visual Objective for Lab 6-1: Implement and Tune HSRP Lab 6-1 Network Diagram © 2009 Cisco Systems. All rights reserved. Inc. SWITCH v1.

All rights reserved.0 SWITCH v1. .0—13 © 2009 Cisco Systems. Inc. 386 Implementing Cisco Switched Networks (SWITCH) v1.Visual Objective for Lab 6-2: Implementing VRRP Lab 6-2 Network Diagram © 2009 Cisco Systems. Inc.

Visual Objective for Lab 7-1: Secure Network Switches to Mitigate Security Attacks Lab 7-1 Network Diagram © 2009 Cisco Systems. Inc.0—14 Lab Guide 387 . Inc. © 2009 Cisco Systems. All rights reserved. SWITCH v1.

Inc.0—15 © 2009 Cisco Systems.0 SWITCH v1. 388 Implementing Cisco Switched Networks (SWITCH) v1. All rights reserved.Visual Objective for Lab 8-1: Plan Implementation of VoIP in a Campus Network Lab 8-1 Network Diagram © 2009 Cisco Systems. . Inc.

Visual Objective for Lab 9-1: Integrating Wireless in the Campus Lab 9-1 Network Diagram © 2009 Cisco Systems.0—16 Lab Guide 389 . © 2009 Cisco Systems. Inc. SWITCH v1. Inc. All rights reserved.

390 Implementing Cisco Switched Networks (SWITCH) v1.0 © 2009 Cisco Systems. . Inc.