You are on page 1of 6

CCNPv7 SWITCH

Skills-Based Assessment
Topology

200.200.200.1

Server

VLAN 199:
10.10.199.2
DL
Fa0/
Fa0/
S1
11
Fa0/
6
12

P
o
2

P
o
2

Fa0/
11
Fa0/
12

Fa0/
6

AL

S2

P
o
1

Fa0
/7
Fa0
/8

Fa0
/8
Fa0
/7

P
o
1

Ho
st
A
Stud
VLAN
ent10

VLAN 199:
10.10.199.3
DL

Fa0
/7
Fa0
/8

Fa0
/8
Fa0
/7

VLAN 199
10.10.199.100/24

L3
Po3

Fa0/
11

Fa0/
11

AL

Fa0/
6

VLAN
VLAN
S1 199:
S2 199:
10.10.199.4
All L2 Switch-to-Switch connections
are
10.10.199.5
802.1q trunks using PAgP as the
Etherchannel Negotiation Protocol

Ho
st
B
Faculty
VLAN 30

Objectives
Part 1: Build the physical network topology.
Part 2: Configure the switches in the topology according to the diagram and the specifications provided.
Part 3: Test the network for connectivity and the configured options.

Exam Overview
This skills-based assessment (SBA) is the final practical exam for instructor training for the CCNPv6 SWITCH
course. It is similar to the student version, but differs in how the IP addressing and devices are configured. In
Part 1, you build the physical network. In Part 2, you configure various features such as trunking,
EtherChannel, VTP, VLANs, SVIs, routed links, OSPF, HSRP, port security, and DHCP snooping. In Part 3,

All contents are Copyright © 1992–2010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 1 of 6

bin. You can use other switches (such as 2950 or 3550) and Cisco IOS Software versions if they have comparable capabilities and features. Bind all inter-switch links in an EtherChannel using LACP. 5. 4. Required Resources  2 switches (Cisco 2960 with the Cisco IOS Release 12.SE. if possible.10. Activate ports as necessary in configuration of these interfaces.12246. Clear previous configurations as required. VLAN VLAN Name Subnet 10 Client 10. Part 2: Configure the network according to specifications. This document is Cisco Public Information.0/24 All contents are Copyright © 1992–2015 Cisco Systems.20.10. Shutdown all ports. (See chart in step 6 for subnet information. This exam combines building the network with device configuration and troubleshooting.122-46. 2.2(46)SE C3560-ADVIPSERVICESK9-mz image or comparable)  2 PCs (Windows OS)  Ethernet and console cables Part 1: Build the Physical Network Connect all devices as shown in the topology. 6. Disable trunk negotiation. All rights reserved. Note: This lab uses Cisco WS-C2960-24TT-L switches with the Cisco IOS image c2960-lanbasek9-mz. Set all basic administration passwords and remote login passwords to cisco unless otherwise specified. You must use the interfaces specified in diagram. 1. ensure that unused ports are moved to the Parking_LOT VLAN and are statically configured as access ports. Statically set all other inter-switch links as 802.CCNPv6 SWITCH you create a Tcl script to test IP connectivity and use show commands to verify the configured options.10. Ensure that the NATIVE VLAN is altered to VLAN 777.1Q trunks.SE. Depending on the switch model and Cisco IOS Software version.30. Ensure that the VLAN 1 interface on all switches is not used for administrative management or user traffic . Use the table below to create local VLANs used in the campus network. Configure the Fa0/11-12 link between DLS1 and DLS2 as a Layer 3 EtherChannel and assign a subnet to it.10. and Catalyst 3560-24PS with the Cisco IOS image c3560-advipservicesk9-mz.) Do not use a negotiation protocol. Page 2 of 6 . As a security best practice. the commands available and output produced might vary from what is shown in this lab.bin.2(46)SE C2960-LANBASEK9-M image or comparable)  2 switches (Cisco 3560 with the Cisco IOS Release 12.0/24 30 Server 10. Restrict trunks to only allow VLAN traffic from only VLANs used in this scenario. Place all switches in the VTP domain LAB_TEST with all switches in VTP transparent mode to support local VLANs. 3.0/24 20 VOICE 10. Inc.

12. 11. Exclude the first 10 addresses from each pool. Inc. 14.1/24.1 10. 20. Configure all switches with DHCP snooping on VLAN 10. and configure DLS1 as the backup.10.10.20.200.e. 13.199.1 loopback address using an IP SLA. Configure DLS2 as the active router for VLANs 30 and 199 with a priority value of 120. and configure DLS2 as the backup. 10.2/24 10. Configure DLS1 as a DHCP server for VLAN 10 and DLS2 as DHCP server for the VLAN 30.30.3/24 10. On DLS1.10.2/24 10. VLAN_10_STUDENT. and 30 to guard against DHCP spoofing and man-in-the-middle attacks.10.199.200.2/24 10. Name the pool with VLAN number and name.12.1 10. This document is Cisco Public Information.200. Set the DNS server to the loopback 200. and VLANs 30 and 199 to instance 2. and 199. Page 3 of 6 . 30.20.3/24 10. 20. DLS2 should become the root for instance 2 and the backup root for instance 1.30. 8.10.4 ALS2 10.199.1 address. Reference the chart below for IP address information.10. Configure DLS1 as the active HSRP router for VLANs 10 and 20 with a priority value of 120. each with an IP address and mask.0/30 7. Configure a tracked object on DLS1 to check for reachability of the 200. On ALS1 and ALS2.199.3/24 10.10.30. Configure MSTP on all switches in the region TEST_LAB.200. 30. This loopback address will be used in conjunction with HSRP interface tracking.. and 199.200.CCNPv6 SWITCH VLAN VLAN Name Subnet 199 Management 10.5 HSRP VIP 10.10. DLS1 should relinquish its role to as active router for VLANs 10 and 20. Assign VLANs 10 and 20 to instance 1.10. If reachability is lost.2/24 10.10.10.199.10.1/24 9.3/24 10.1 10. Map the HSRP group number to the VLAN number. All rights reserved.0/24 777 Native_VLAN 900 Parking_LOT L3 Subnet 10.10.20. DLS1 DLS2 ALS1 10. configure SVIs and HSRP to provide gateway redundancy for access layer clients in VLANs 10.10. Create an SVI in VLANs 10.200.199.10. configure the loopback address of 200. i. All contents are Copyright © 1992–2015 Cisco Systems. create an SVI for MGMT VLAN 199 with an IP address from the VLAN 199 subnet assigned in Step 9.10.10.10. Ensure that DLS1 becomes the spanning-tree root for instance 1 and the backup root for instance 2. On DLS1 and DLS2.10.10.

199.10. Configure Fa0/6 with a rate limit of 10 pps to prevent DHCP starvation attacks.199. Configure remote login on all switching devices using SSH version 2.199.10. 20. tclsh foreach address { 10. Configure all switching devices to synchronize using NTP with authentication. Shut down the port if a violation occurs.10.30.10.30. All rights reserved.10.20.10. configure port Fa0/6 as an access port in FACULTY VLAN 30. Restrict remote login on the VTY lines to only allow the management VLAN using the SSH protocol.2 10. Ensure the clocks are accurate on all devices.2 10. configure port Fa0/6 with port security.2 10.30.10.4 10. a. 23.0/16. 17. On ALS1.10. Hard code the router-id on both devices.1 10.10.2.10. Note: The Cisco IOS Software for the access layer switches used in this SBA does not support Tcl scripting. 22.3 10.10. specify the HSRP gateway address of VLAN 199 as the default gateway.3 10. 21. 25. Configure client PC-A and PC-B to obtain an IP address from the DHCP server.10.1.12.1 10.1 and DLS2 should use 2.3 10. and use OSPF to advertise 10.20. Ensure that the routing information is only exchanged over the layer 3 EtherChannel.2.199.10.2 10.2.11 (Obtain the IP from PC-A IP address) 10.12 (Obtain the IP from PC-B IP address) All contents are Copyright © 1992–2015 Cisco Systems. On ALS2.10.10.1 10. On ALS1.10.20. Set the auto recovery period to 30 seconds. 16.2 10. configure Fa0/6 as an access port using a MACRO and configure the the CLIENT to have access to VLAN 10. Enable PortFast on all access layer switch ports. DLS1 should be set as the NTP master. For ALS1 and ALS2. Configure IP routing on DLS1 and DLS2.10. Part 3: Test network connectivity and configured options. 24.10. On ALS1.30.10. 19.10. Page 4 of 6 .CCNPv6 SWITCH 15. 18. enable error disable autorecovery for the switchport in the event of a port security violation. Create a Tcl script to test connectivity from each distribution layer switch to the addresses you assigned in the topology. DLS1 should use 1.199. Inc.10.1 10.10. Allow up to two MAC addresses to be learned for IP phone support. Enable sticky learning.10.1.3 10. This document is Cisco Public Information.5 10. Use a NTP password of s3cureNTP.1 10.12.

What is the command used to verify the traced route from client PC-A to server PC-B. Initiate a continuous ping from the student VLAN PC. This document is Cisco Public Information. All rights reserved. Verify the routing configuration. DLS1 should relinquish the HSRP active role. Test the HSRP configuration by shutting down the loopback interface on DLS1. Inc. What is the show command used to verify that the correct SVIs exist and that the correct HRSP routers are primary and standby for each VLAN?___________________________________________ f._____________ i. The host on the student VLAN should see minimal disruption.CCNPv6 SWITCH } { ping $address } b. What is the show command used to verify that the correct VLANs exist on all switches and contain the correct ports? _____________________________________________________________________ c. Are DLS1 and DLS2 only neighboring across the Po3 interface? What is the appropriate show command to verify. What is the command used to verify the IP SLA configuration? _______________________________ g. Page 5 of 6 . What is the command used to verify that client PC-A can ping server PC-B?_____________________ h. Verify the result j. Exam Notes: __________________________________________________________________________________ __________________________________________________________________________________ __________________________________________________________________________________ __________________________________________________________________________________ __________________________________________________________________________________ __________________________________________________________________________________ __________________________________________________________________________________ __________________________________________________________________________________ __________________________________________________________________________________ __________________________________________________________________________________ __________________________________________________________________________________ __________________________________________________________________________________ __________________________________________________________________________________ __________________________________________________________________________________ __________________________________________________________________________________ All contents are Copyright © 1992–2015 Cisco Systems. What is the show command used to verify the spanning-tree configuration and root bridge (DLS1 or DLS2) for each VLAN?_______________________________________________________________ e. What is the show command used to verify that the EtherChannel between switches is configured correctly?_________________________________________________________________________ d.

Page 6 of 6 . This document is Cisco Public Information. Inc.CCNPv6 SWITCH __________________________________________________________________________________ __________________________________________________________________________________ __________________________________________________________________________________ All contents are Copyright © 1992–2015 Cisco Systems. All rights reserved.