CCNPv7 SWITCH

CCNPv7 SWITCH
Skills-Based Assessment
INSTRUCTOR VERSION
Topology
Objectives
Part 1: Build the physical network topology (optional).
Part 2: Configure the switches in the topology according to the diagram and the specifications provided.
Part 3: Test the network for connectivity and the configured options.
Exam Overview
This skills-based assessment (SBA) is the final practical exam for Academy training for the course CCNPv7
SWITCH. In Part 1, you build the physical network. In part 2, you configure various features such as trunking,
EtherChannel, VTP, VLANs, SVIs, routed links, and HSRP. In Part 3, you create a Tcl script to test IP
connectivity and use show commands to verify configured options. This exam combines device configuration
and troubleshooting.
Note: This lab uses Cisco Catalyst 3560 and 2960 switches running Cisco IOS 15.0(2)SE6 IP Services and
LAN Base images, respectively. The 3560 and 2960 switches are configured with the SDM templates “dual-
ipv4-and-ipv6 routing” and “lanbase-routing”, respectively. Depending on the switch model and Cisco IOS
Software version, the commands available and output produced might vary from what is shown in this lab.
Catalyst 3650 switches (running any Cisco IOS XE release) and Catalyst 2960-Plus switches (running any
comparable Cisco IOS image) can be used in place of the Catalyst 3560 switches and the Catalyst 2960
switches..
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 49
CCNPv7 SWITCH Skills Based Assessment
Required Resources
 2 switches (Cisco 2960 with the Cisco IOS Release 15.0(2)SE6 C2960-LANBASEK9-M image or
comparable)
 2 switches (Cisco 3560 with the Cisco IOS Release 15.0(2)SE6 C3560-IPSERVICESK9-M image or
comparable)
 Ethernet and console cables
 4 PCs with Windows OS
o PC C (Connected to DLS1) additionally requires the following software:
 ManageEngine MibBrowser
 TFTPD32
 WinRadius
Part 1: Build the Physical Network (Optional)

Connect all devices as shown in the topology. You must use the interfaces specified in diagram, if
possible. Clear all previous configurations.
Part 2: Configure the network according to specifications.

a. Shutdown all interfaces on each switch.
b. Configure each switch with a hostname and the enable secret class.
c. Configure trunks and port-channels as shown in the diagram. Issue the no shut command as you go.
1) The connection between DLS1 and DLS2 will be a layer-3 EtherChannel using LACP. DLS1 will use
the IP address 10.12.12.1/30 and DLS2 will use 10.12.12.2/30.
2) The Port-channels on interfaces fa0/7 and fa0/8 will use LACP.
3) The Port-channels on interfaces f0/9 and fa0/10 will use PAgP.
4) All trunks will use VLAN 800 as the native VLAN.
d. Configure DLS1, ALS1, and ALS2 to use VTP version 3
1) Use the domain name SWITCHSBA with the password !ssalc
2) Configure DLS1 as the primary server for VLANs.
3) Configure ALS1 and ALS2 as VTP clients.
e. On the primary VLAN server create and name the following VLANs:
VLAN Number VLAN Name VLAN Number VLAN Name
800 NATIVE 434 PARKING
12 EXECUTIVES 123 CUBES
234 GUEST 1010 VOICE
1111 VIDEONET 3456 MANAGEMENT
f. On DLS1, suspend VLAN 434.

g. Configure DLS2 to be a VTP Transparent mode switch using VTP version 2, then locally configure the
same VLANs and VLAN names. Suspend VLAN 434
h. On DLS2, create VLAN 567 and name it ACCOUNTING. The Accounting VLAN will NOT be configured
or available on any other switch in the network.
i. Configure DLS1 as the spanning tree root for VLANs 1, 12, 434, 800, 1010, 1111, and 3456 and as a
secondary root for VLANs 123 and 234
j. Configure DLS2 as the spanning tree root for VLANs 123 and 234 and as a secondary root for VLANs 12,
434, 800, 1010, 1111, and 3456.
k. Configure all trunks so that, with the exception of VLANs 1, 434 and 567, only the VLANs that have been
created are allowed to cross the trunk
l. Assign interfaces as access ports to VLANs as follows:
DLS1 DLS2 ALS1 ALS2
Interface Fa0/6 3456 12 / voice 1010 123 / voice 1010 234
Interface Fa0/15 1111 1111 1111 1111
Interfaces F0/16-18 567
m. All unused interfaces will be assigned to the parking lot VLAN and shut down.
n. Configure SVIs on DLS1 and DLS2 in support of all of the VLANs and inter-VLAN routing. Use the
following table for subnet assignments:
VLAN VLAN Name Subnet VLAN VLAN Name Subnet
12 EXECUTIVES 10.0.12.0/24 123 CUBES 10.0.123.0/24
234 GUEST 10.0.234.0/24 1010 VOICE 10.10.10.0/24
1111 VIDEONET 10.11.11.0/24 3456 MANAGEMENT 10.34.56.0/24
DLS1 will always use the .252 address and DLS2 will always use the .253 address for IPv4 addresses. VLAN
567 on DLS2 will NOT be supported by routing.
Use 10.34.56.101 as the management address on ALS1 and 10.34.56.102 on ALS2.
o. Configure an interface Loopback 0 on both DLS1 and DLS2. This interface will be addressed 1.1.1.1/32
on both switches.
p. Configure HSRP with interface tracking for VLANs 12, 123, 234, 1010, and 1111
1) Use HSRP version 2

2) Create two HSRP groups, aligning VLAN 12, 1010, 1111, and 3456 to the first group and 123 and
234 to the second group.
3) DLS1 will be the primary switch for VLANs 12, 1010, 1111, and 3456; DLS2 will be the primary switch
for VLANs 123 and 234.
4) Configure all groups with preemption. Further configure priority to ensure that the primary switch
takes over upon recovery.
5) Use the virtual address .254 as the standby address for all VLANs
6) Configure interface tracking so that each group tracks the local interface Loopback 0 interface.
q. Set the correct UTC time, configure DLS1 as an NTP server and then set the correct time zone.
r. Configure DLS2, ALS1, and ALS2 to use the Management network to synchronize time with the NTP
server.
s. Configure HOST C with a static IPv6 address of 10.34.56.50/24 and a default-gateway of 10.34.56.254
t. Configure all four switches to use AAA to authenticate VTY lines 0 through 4. The RADIUS server is on
HOST C (10.34.56.50) and uses WinRadius with a shared secret key of WinRadius. Ensure aaa new-
model is configured. Further ensure that there is a fallback account configured should the RADIUS
server not be available.
1) AAA Account: studentaaa password cisco123
2) Local Fallback Account: lastditch password 321ocsic
u. Configure all four switches to use SNMP version 3.
1) The SNMP Server is HOST C at 10.34.56.50
2) SNMP v3 will use PRIV with AES 128 and AUTH with SHA.
3) The community string will be switch-sba
4) The secret key will be cisco123
5) The username will be sbastudent and password will be cisco123
v. Configure DLS1 to be a DHCP server for VLANs 12, 123, and 234
1) Exclude the addresses .251-.254 in each subnet
2) Set the DNS server to 1.1.1.1 for all three pools.
3) Set the default router to the HSRP virtual address for each VLAN
w. Obtain IPv4 addresses on Hosts A, B, and D via DHCP.
Part 3: Test network connectivity and configured options.

a. Create a Tcl script to test connectivity from each distribution layer switch to the addresses you assigned
in the topology.
From DLS1:
tclsh
foreach address {
10.12.12.2
10.0.12.253
10.0.123.253
10.0.234.253
10.10.10.253
10.11.11.253
10.34.56.253
10.34.56.101
10.34.56.102
10.34.56.50
10.0.12.254
10.0.123.254
10.0.234.254
10.10.10.254
10.11.11.254
10.34.56.254
} {
ping $address
}
From DLS2:
tclsh
foreach address {
10.12.12.1
10.0.12.252
10.0.123.252
10.0.234.252
10.10.10.252
10.11.11.252
10.34.56.252
10.34.56.101
10.34.56.102
10.34.56.50
10.0.12.254
10.0.123.254
10.0.234.254
10.10.10.254
10.11.11.254
10.34.56.254
} {
ping $address
}
b. What is the show command used to verify that the correct VLANs exist on all switches and contain the
correct ports? show vlan brief
DLS1#show vlan brief
VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active
12 EXECUTIVES active
123 CUBES active
234 GUEST active
434 PARKING suspended Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/13, Fa0/14, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
800 NATIVE active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup
1010 VOICE active
1111 VIDEONET active Fa0/15
3456 MANAGEMENT active Fa0/6
DLS1#
DLS2#show vlan brief

---- -------------------------------- --------- -------------------------------
1 default active
12 EXECUTIVES active Fa0/6
123 CUBES active
234 GUEST active
434 PARKING-LOT suspended Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/13, Fa0/14, Fa0/19
Fa0/20, Fa0/21, Fa0/22, Fa0/23
Fa0/24, Gi0/1, Gi0/2
567 ACCOUNTING active Fa0/16, Fa0/17, Fa0/18
800 NATIVE-VLAN active
1010 VOICE active Fa0/6
3456 MANAGEMENT active
DLS2#
ALS1#show vlan brief

---- -------------------------------- --------- -------------------------------
1 default active Fa0/11, Fa0/12
123 CUBES active Fa0/6
234 GUEST active

Fa0/5, Fa0/13, Fa0/14, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
800 NATIVE active
1010 VOICE active Fa0/6
ALS1#
ALS2#show vlan brief

---- -------------------------------- --------- -------------------------------
1 default active Fa0/11, Fa0/12
123 CUBES active
234 GUEST active Fa0/6
Fa0/5, Fa0/13, Fa0/14, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
800 NATIVE active
1010 VOICE active
ALS2#
c. What is the show command used to verify that the EtherChannel between DLS1 and ALS1 is configured
correctly? (answers may vary around show etherchannel) show etherchannel summary
DLS1#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met

u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 3

Number of aggregators: 3
Group Port-channel Protocol Ports

------+-------------+-----------+-----------------------------------------------
1 Po1(SU) LACP Fa0/7(P) Fa0/8(P)
4 Po4(SU) PAgP Fa0/9(P) Fa0/10(P)
12 Po12(RU) LACP Fa0/11(P) Fa0/12(P)
DLS1#
d. What is the show command used to verify the spanning-tree configuration and root bridge (DLS1 or
DLS2) for each VLAN? (answers may vary around show spanning-tree) show spanning-tree root
DLS1#show spanning-tree root
Root Hello Max Fwd

Vlan Root ID Cost Time Age Dly Root Port
---------------- -------------------- --------- ----- --- --- ------------
VLAN0012 24588 e840.406f.7280 0 2 20 15
VLAN0123 24699 e840.406f.6e00 24 2 20 15 Po4
VLAN0234 24810 e840.406f.6e00 24 2 20 15 Po4
VLAN0800 25376 e840.406f.7280 0 2 20 15
VLAN1010 25586 e840.406f.7280 0 2 20 15
VLAN1111 25687 e840.406f.7280 0 2 20 15
VLAN3456 28032 e840.406f.7280 0 2 20 15
DLS1#
e. What is the show command used to verify that the correct SVIs exist and that the correct HRSP routers
are primary and standby for each VLAN? (answers may vary around show standby) show standby
brief
DLS1#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl12 1 110 P Active local 10.0.12.253 10.0.12.254
Vl123 2 100 P Standby 10.0.123.253 local 10.0.123.254
Vl234 2 100 P Standby 10.0.234.253 local 10.0.234.254
Vl1010 1 110 P Active local 10.10.10.253 10.10.10.254
Vl1111 1 110 P Active local 10.11.11.253 10.11.11.254
Vl3456 1 110 P Active local 10.34.56.253 10.34.56.254
DLS1#
f. Verify that NTP is working. DLS2, ALS1 and ALS2 should have NTP sync with DLS1.
DLS2#show ntp status
Clock is synchronized, stratum 5, reference is 10.34.56.252
ALS1#show ntp status

ALS2#show ntp status

g. Verify that AAA is working. From HOST C, telnet to each switch and login using the studentaaa account.
Ensure the RADIUS server is running and operational, and telnet to each switch from Host C should be
successful.
h. Verify that SNMPv3 is working.
1) From HOST C, use ManageEngine MibBrowser to do a GET of the OID .1.3.6.1.2.1.2.2 (the interface
table) from each switch.
2) Run Trap Viewer and enter then exit configuration mode on each switch. You should see traps
received in the viewer window.
i. Verify that HSRP is working. From HOST A, start a continuous ping to 1.1.1.1. Then go to DLS2 and
shutdown interface loopback 0. When this occurs, DLS2’s interface tracking should fail, causing it to
demote itself from being the virtual gateway for VLAN 123. DLS1 will take over, and the still-running ping
should show only minor packet loss.
C:\Users\student>ping -t 1.1.1.1 DLS2(config)#int loop 0

DLS2(config-if)#shut
Pinging 1.1.1.1 with 32 bytes of data: DLS2(config-if)#
Reply from 1.1.1.1: bytes=32 time=1ms TTL=255 Oct 31 20:05:43.827: %TRACKING-5-STATE: 1 interface Lo0 line-
Reply from 1.1.1.1: bytes=32 time=2ms TTL=255 protocol Up->Down
Reply from 1.1.1.1: bytes=32 time=1ms TTL=255 Oct 31 20:05:44.012: %HSRP-5-STATECHANGE: Vlan234 Grp 2
state Active -> Speak
Reply from 1.1.1.1: bytes=32 time=1ms TTL=255
Oct 31 20:05:45.832: %LINK-5-CHANGED: Interface Loopback0,
Reply from 1.1.1.1: bytes=32 time=2ms TTL=255 changed state to administratively down
Reply from 1.1.1.1: bytes=32 time=2ms TTL=255 Oct 31 20:05:46.663: %HSRP-5-STATECHANGE: Vlan123 Grp 2
Reply from 1.1.1.1: bytes=32 time=1ms TTL=255 state Active -> Speak
Reply from 1.1.1.1: bytes=32 time=2ms TTL=255 Oct 31 20:05:46.839: %LINEPROTO-5-UPDOWN: Line protocol on
Reply from 1.1.1.1: bytes=32 time=1ms TTL=255 Interface Loopback0, changed state to down
Reply from 1.1.1.1: bytes=32 time=1ms TTL=255 DLS2(config-if)#
Reply from 10.0.123.253: Destination host unreachable. Oct 31 20:05:54.062: %HSRP-5-STATECHANGE: Vlan234 Grp 2
state Speak -> Standby
Reply from 10.0.123.253: Destination host unreachable.
Oct 31 20:05:56.981: %HSRP-5-STATECHANGE: Vlan123 Grp 2
Reply from 10.0.123.253: Destination host unreachable. state Speak -> Standby
Reply from 1.1.1.1: bytes=32 time=3ms TTL=255
Ping statistics for 1.1.1.1:

Packets: Sent = 14, Received = 14, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 3ms, Average = 1ms
Device Configurations – INSTRUCTOR VERSION
DLS1
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname DLS1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$g7F8$JIwayUW08dphq/cbR7/NY0
!
username LASTDITCH password 0 321ocsic
aaa new-model
!
aaa authentication login CENTRAL-AUTH group radius local
!
aaa session-id common
clock timezone CDT -5 0
system mtu routing 1500
ip routing
!
!
ip dhcp pool EXECUTIVES-POOL
network 10.0.12.0 255.255.255.0
default-router 10.0.12.254
dns-server 1.1.1.1
!
ip dhcp pool CUBES-POOL
network 10.0.123.0 255.255.255.0
dns-server 1.1.1.1
!
ip dhcp pool GUEST-POOL
network 10.0.234.0 255.255.255.0
dns-server 1.1.1.1
!
ipv6 unicast-routing
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1,12,434,800,1010,1111,3456 priority 24576
spanning-tree vlan 123,234 priority 28672

!
vlan internal allocation policy ascending
!
track 1 interface Loopback0 line-protocol
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport trunk native vlan 800
switchport trunk allowed vlan 12,123,234,800,1010,1111,3456
switchport mode trunk
switchport nonegotiate
!
!
no switchport
ip address 10.12.12.1 255.255.255.252
!
interface FastEthernet0/1
switchport access vlan 434
switchport mode access
shutdown
spanning-tree portfast
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
!
description member of po1 to ALS1
channel-group 1 mode active
!
!
channel-group 4 mode desirable
!
!
no switchport
no ip address
!
no switchport
no ip address
!
shutdown
!
shutdown
!
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
interface GigabitEthernet0/1
shutdown
!
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan12
ip address 10.0.12.252 255.255.255.0

standby version 2
standby 1 ip 10.0.12.254
standby 1 priority 110
standby 1 preempt
standby 1 track 1 decrement 30
!
interface Vlan123
ip address 10.0.123.252 255.255.255.0
standby version 2
standby 2 ip 10.0.123.254
standby 2 preempt
!
interface Vlan234
ip address 10.0.234.252 255.255.255.0
standby version 2
standby 2 ip 10.0.234.254
standby 2 preempt
!
interface Vlan1010
ip address 10.10.10.252 255.255.255.0
standby version 2
standby 1 ip 10.10.10.254
standby 1 preempt
!
interface Vlan1111
ip address 10.11.11.252 255.255.255.0
standby version 2
standby 1 ip 10.11.11.254
standby 1 preempt
!
interface Vlan3456
ip address 10.34.56.252 255.255.255.0
standby version 2
standby 1 ip 10.34.56.254
standby 1 preempt
!
ip http server
ip http secure-server
!
snmp-server group switch-sba v3 priv
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps flowmon
snmp-server enable traps transceiver all

snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps cluster
snmp-server enable traps fru-ctrl
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps power-ethernet police
snmp-server enable traps rep
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps auth-framework sec-violation
snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-
vlan
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps bgp
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change
inconsistency
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps event-manager
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps isis
snmp-server enable traps msdp
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps energywise
snmp-server enable traps vstack
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps ipsla
snmp-server enable traps ike policy add
snmp-server enable traps ike policy delete
snmp-server enable traps ike tunnel start

snmp-server enable traps ike tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps mac-notification change move threshold
snmp-server enable traps vlan-membership
snmp-server enable traps errdisable
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
snmp-server host 10.34.56.50 version 3 priv sbastudent
snmp ifmib ifindex persist
!
radius server RADIUS
address ipv4 10.34.56.50 auth-port 1812 acct-port 1813
key WinRadius
!
line con 0
line vty 0 4
password cisco
login authentication CENTRAL-AUTH
line vty 5 15
!
ntp master 4
end
DLS2
version 15.0
no service pad
!
hostname DLS2
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$STz1$voB57usiW/YyJn7SLSSc70
!
aaa new-model
!
!

!
vtp mode transparent
ip routing
!
!
spanning-tree vlan 1,12,434,800,1010,3456 priority 28672
spanning-tree vlan 123,234 priority 24576
!
!
vlan 12
name EXECUTIVES
!
vlan 123
name CUBES
!
vlan 234
name GUEST
!
vlan 434
name PARKING-LOT
state suspend
!
vlan 567
name ACCOUNTING
!
vlan 800
name NATIVE-VLAN
!
vlan 1010
name VOICE
!
vlan 1111
name VIDEONET
!
vlan 3456
name MANAGEMENT
!
track 1 interface Loopback0 line-protocol
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
!
!
no switchport
ip address 10.12.12.2 255.255.255.252
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
switchport voice vlan 1010
!
!
!
!
!
no switchport
no ip address
!
no switchport
no ip address
!
shutdown
!
shutdown
!
!
!
!
!
shutdown
!
shutdown
!

shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan12
ip address 10.0.12.253 255.255.255.0
standby version 2
standby 1 ip 10.0.12.254
standby 1 preempt
!
interface Vlan123
ip address 10.0.123.253 255.255.255.0
standby version 2
standby 2 ip 10.0.123.254
standby 2 preempt
!
interface Vlan234
ip address 10.0.234.253 255.255.255.0
standby version 2
standby 2 ip 10.0.234.254
standby 2 preempt
!
interface Vlan1010
ip address 10.10.10.253 255.255.255.0
standby version 2
standby 1 ip 10.10.10.254
standby 1 preempt
!
interface Vlan1111
ip address 10.11.11.253 255.255.255.0
standby version 2
standby 1 ip 10.11.11.254
standby 1 preempt
!
interface Vlan3456
ip address 10.34.56.253 255.255.255.0
standby version 2
standby 1 ip 10.34.56.254
standby 1 preempt
!
ip http server
!
snmp-server enable traps flowmon
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa

snmp-server enable traps rep
vlan
snmp-server enable traps bgp
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change
inconsistency
snmp-server enable traps event-manager
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps isis
snmp-server enable traps msdp
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps ipsla
snmp-server enable traps ike policy add
snmp-server enable traps ike policy delete
snmp-server enable traps ike tunnel start
snmp-server enable traps ike tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down

!
key WinRadius
!
line con 0
line vty 0 4
password cisco
line vty 5 15
!
ntp server 10.34.56.252
end
ALS1
version 15.0
no service pad
!
hostname ALS1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$VwMl$v0PIRGNyxK2mzGdov1V9e/
!
aaa new-model
!
!
!
!
!
!
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
!
description member of po1 to DLS1
!
!
description member of po 3 to DLS2
!
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
interface Vlan1
no ip address
!
interface Vlan3456
ip address 10.34.56.101 255.255.255.0
!
ip default-gateway 10.34.56.254
ip http server
!
vlan

!
key WinRadius
!
line con 0
line vty 0 4
password cisco
line vty 5 15
!
ntp server 10.34.56.252
end
ALS2
version 15.0
no service pad
!
hostname ALS2
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$RfCM$nrsQv/Oo05Kjhf66QDIse.
!
aaa new-model
!
!
!
!
!
!
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!

!
!
!
!
!
shutdown
!
shutdown
!
shutdown
!

shutdown
!
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
interface Vlan1
no ip address
!
interface Vlan3456
ip address 10.34.56.102 255.255.255.0
!
ip http server
!

vlan
!
key WinRadius
!
line con 0
line vty 0 4
password cisco
line vty 5 15
!
ntp server 10.34.56.252
end
Device Configuration Scripts – INSTRUCTOR VERSION
DLS1
en
conf t
hostname DLS1
enable secret class
line vty 0 4
password cisco
login
! this will be over-ridden later by AAA
exit
int ran f0/1-24, g0/1-2
shutdown
exit
int ran f0/11-12
no switchport
no shut
exit
interface port-channel 12
ip address 10.12.12.1 255.255.255.252
exit
int ran f0/7-10
no shut
exit
int ran f0/7-8
desc member of po1 to ALS1
exit
int ran f0/9-10
exit
vtp domain SWITCHSBA
vtp ver 3
vtp password c1sc0abc
end
!
! SET AS PRIMARY FOR VLAN
!
vtp primary vlan
!
!
conf t
vlan 800
name NATIVE
exit
vlan 434
name PARKING
state suspend
exit
vlan 12
name EXECUTIVES
exit
vlan 123
name CUBES
exit
vlan 234
name GUEST
exit
vlan 1010
name VOICE
exit
vlan 1111
name VIDEONET
exit
vlan 3456
name MANAGEMENT
exit
spanning-tree vlan 1,12,434,800,1010,1111,3456 root primary
spanning-tree vlan 123,234 root secondary
exit
ip routing
int vlan 12
ip address 10.0.12.252 255.255.255.0
no sh
exit
int vlan 123
ip address 10.0.123.252 255.255.255.0
no sh
exit
int vlan 234
ip address 10.0.234.252 255.255.255.0
no sh
exit
int vlan 1010
ip add 10.10.10.252 255.255.255.0

no shut
exit
int vlan 1111
ip add 10.11.11.252 255.255.255.0
no sh
exit
int vlan 3456
ip address 10.34.56.252 255.255.255.0
no shut
exit
int loop 0
ip address 1.1.1.1 255.255.255.255
no shut
exit
!
interface f0/6
switchport host
no shut
exit
int f0/15
swi host
swi ac v 1111
no sh
exit
int ran f0/1-5, f0/13-14, f0/16-24, g0/1-2
swi host
swi ac v 434
shut
exit
!
! HSRP & TRACKING COMMANDS BELOW
! NOTE: DLS1 primary for 12 and 1010 and 1111 and 3456, DLS2 primary for 123 and 234
!
int vlan 12
standby ver 2
standby 1 ip 10.0.12.254
standby 1 preempt
standby 1 track loop 0 30
exit
int vlan 123
stand ver 2
stand 2 ip 10.0.123.254
standby 2 preempt
exit
int vlan 234
stand ver 2
stand 2 ip 10.0.234.254
stand 2 preempt
exit
int vlan 1010
stand ver 2
stand 1 ip 10.10.10.254
stand 1 preempt
stand 1 pri 110
exit
int vlan 1111
stand ver 2
stand 1 ip 10.11.11.254
stand 1 preempt
stand 1 pri 110
exit
int vlan 3456
stand ver 2
stand 1 ip 10.34.56.254
stand 1 preempt
stand 1 pri 110
exit
!
!
! HSRP & TRACKING COMMANDS ABOVE
! NTP & CLOCK COMMANDS BELOW
!
do clock set 19:00:00 31 Oct 2014
clock timezone CDT -5
ntp master 4
!
! NTP & CLOCK COMMANDS ABOVE
! COMMANDS FOR AAA BELOW
!
username LASTDITCH password 321ocsic
aaa new-model
key WinRadius
exit
line vty 0 4
exit
! COMMANDS FOR AAA ABOVE
!
! SNMP COMMANDS BELOW

snmp-server user sbastudent switch-sba v3 auth sha cisco123 priv aes 128 cisco123
snmp-server ifindex persist
snmp-server enable traps
!
! SNMP COMMANDS ABOVE
! DHCP COMMANDS BELOW
!
ip dhcp pool EXECUTIVES-POOL
network 10.0.12.0 255.255.255.0
dns-server 1.1.1.1
exit
ip dhcp pool CUBES-POOL
network 10.0.123.0 255.255.255.0
dns-server 1.1.1.1
exit
ip dhcp pool GUEST-POOL
network 10.0.234.0 255.255.255.0
dns-server 1.1.1.1
exit
DLS2
en
conf t
hostname DLS2
enable secret class
line vty 0 4
password cisco
login
exit
int ran f0/1-24, g0/1-2
shutdown
exit
int ran f0/11-12
no switchport
no shut
exit
ip address 10.12.12.2 255.255.255.252
exit
int ran f0/7-10

no shut
exit
int ran f0/7-8
exit
int ran f0/9-10
exit
vtp ver 2
vtp mode transparent
spanning-tree vlan 1,12,123,234,434,800,1010,3456 root secondary
spanning-tree vlan 123,234 root primary
vlan 800
name NATIVE-VLAN
exit
vlan 434
name PARKING-LOT
state suspend
exit
vlan 12
name EXECUTIVES
exit
vlan 123
name CUBES
exit
vlan 234
name GUEST
exit
vlan 1010
name VOICE
exit
vlan 1111
name VIDEONET
exit
vlan 3456
name MANAGEMENT
exit
vlan 567
name ACCOUNTING
exit
exit
exit
ip routing
! multicast routing?
int vlan 12
ip address 10.0.12.253 255.255.255.0
no sh
exit
int vlan 123
ip address 10.0.123.253 255.255.255.0
no sh
exit
int vlan 234
ip address 10.0.234.253 255.255.255.0
no sh
exit
int vlan 1010
ip add 10.10.10.253 255.255.255.0
no shut
exit
int vlan 1111
ip add 10.11.11.253 255.255.255.0
no shut
exit
int vlan 3456
ip address 10.34.56.253 255.255.255.0
no shut
exit
int loop 0
ip address 1.1.1.1 255.255.255.255
no shut
exit
!
interface f0/6
switchport host
no shut
exit
int f0/15
swi host
swi ac v 1111
no sh
exit
int ran f0/16-18
swi host
swi ac v 567
no shut
exit
int ran f0/1-5, f0/13-14, f0/19-24, g0/1-2
swi host
swi ac v 434
shut
exit
!
! HSRP & TRACKING COMMANDS BELOW
! NOTE: DLS1 primary for 12 and 1010 and 1111 and 3456, DLS2 primary for 123 and 234
!
int vlan 12
standby ver 2
standby 1 ip 10.0.12.254
standby 1 preempt
exit
int vlan 123
stand ver 2
stand 2 ip 10.0.123.254
standby 2 preempt
exit
int vlan 234
stand ver 2
stand 2 ip 10.0.234.254
stand 2 preempt
exit
int vlan 1010
stand ver 2
stand 1 ip 10.10.10.254
stand 1 preempt
exit
int vlan 1111
stand ver 2
stand 1 ip 10.11.11.254
stand 1 preempt
exit
int vlan 3456
stand ver 2
stand 1 ip 10.34.56.254
stand 1 preempt
exit
!
!
! HSRP & TRACKING COMMANDS ABOVE
!
do clock set 19:00:00 31 Oct 2014
ntp server 10.34.56.252
!
!
aaa new-model
key WinRadius
exit
line vty 0 4
exit
!
!
exit
ALS1
en
conf t
hostname ALS1
ena sec class
line vty 0 4
passw cisco
login
exit
int ran f0/1-24, g0/1-2
shutdown
exit
int ran f0/7-10
swi mo tru
swi tr nat v 800
swi non
no shut
exit
int ran f0/7-8
desc member of po1 to DLS1
no shut
exit
int ran f0/9-10
desc member of po 3 to DLS2
no shut
exit
int vlan 3456
ip address 10.34.56.101 255.255.255.0
no shut
exit

vtp ver 3
vtp mo client
!
!
aaa new-model
key WinRadius
exit
line vty 0 4
exit
!
!
!
int f0/6
switchport host

no shut
exit
int f0/15
swi host
swi ac v 1111
no sh
exit
int ran f0/1-5, f0/13-14, f0/16-24, g0/1-2
swi host
swi ac v 434
shut
exit
do clock set 19:00:00 31 Oct 2014
ntp server 10.34.56.252
end
ALS2
en
conf t
hostname ALS2
ena sec class
line vty 0 4
passw cisco
login
exit
int ran f0/1-24, g0/1-2
shutdown
exit
int ran f0/7-10
swi mo tru
swi tr nat v 800
swi non
no shut
exit
int ran f0/7-8
desc member of po2 to DLS2
no shut
exit
int ran f0/9-10
desc member of po 4 to DLS1

no shut
exit
int vlan 3456
ip add 10.34.56.102 255.255.255.0
no shut
exit
vtp ver 3
vtp mo client
!
!
aaa new-model
key WinRadius
exit
line vty 0 4
exit
!

!
int f0/6
switchport host
no shut
exit
int f0/15
swi host
swi ac v 1111
no sh
exit
int ran f0/1-5, f0/13-14, f0/16-24, g0/1-2
swi host
swi ac v 434
shut
exit
!
do clock set 19:00:00 31 Oct 2014
ntp server 10.34.56.252
end

CCNPv7 SWITCH - SBA Version A - INSTRUCTOR

Uploaded by

Copyright:

Available Formats

CCNPv7 SWITCH - SBA Version A - INSTRUCTOR

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CCNPv7 SWITCH - SBA Version A - INSTRUCTOR

Uploaded by

Copyright:

Available Formats

Part 1: Build the Physical Network (Optional)

Part 2: Configure the network according to specifications.

VLAN Number VLAN Name VLAN Number VLAN Name

800 NATIVE 434 PARKING

12 EXECUTIVES 123 CUBES

234 GUEST 1010 VOICE

1111 VIDEONET 3456 MANAGEMENT

f. On DLS1, suspend VLAN 434.

DLS1 DLS2 ALS1 ALS2

Interface Fa0/6 3456 12 / voice 1010 123 / voice 1010 234

Interface Fa0/15 1111 1111 1111 1111

Interfaces F0/16-18 567

VLAN VLAN Name Subnet VLAN VLAN Name Subnet

12 EXECUTIVES 10.0.12.0/24 123 CUBES 10.0.123.0/24

234 GUEST 10.0.234.0/24 1010 VOICE 10.10.10.0/24

1111 VIDEONET 10.11.11.0/24 3456 MANAGEMENT 10.34.56.0/24

1) Use HSRP version 2

Part 3: Test network connectivity and configured options.

VLAN Name Status Ports

DLS2#show vlan brief

VLAN Name Status Ports

ALS1#show vlan brief

VLAN Name Status Ports

234 GUEST active

ALS2#show vlan brief

VLAN Name Status Ports

M - not in use, minimum links not met

Number of channel-groups in use: 3

Group Port-channel Protocol Ports

DLS1#show spanning-tree root

Root Hello Max Fwd

ALS1#show ntp status

ALS2#show ntp status

C:\Users\student>ping -t 1.1.1.1 DLS2(config)#int loop 0

Ping statistics for 1.1.1.1:

Device Configurations – INSTRUCTOR VERSION

spanning-tree vlan 123,234 priority 28672

ip address 10.0.12.252 255.255.255.0

snmp-server enable traps transceiver all

snmp-server enable traps ike tunnel start

aaa authentication login CENTRAL-AUTH group radius local

switchport mode access

snmp-server enable traps cluster

snmp ifmib ifindex persist

snmp-server enable traps config-ctid

switchport access vlan 234

switchport access vlan 434

snmp-server enable traps port-security

Device Configuration Scripts – INSTRUCTOR VERSION

ip add 10.10.10.252 255.255.255.0

snmp-server group switch-sba v3 priv

int ran f0/7-10

vtp domain SWITCHSBA

switchport access vlan 123

channel-group 4 mode desirable

! SNMP COMMANDS BELOW

You might also like