!!!I used real Cisco 3550 switch *4 to do this lab. I did not use Dynamips to do this lab.!!!
Instructions
Plan, design, and implement the International Travel Agency switched network
as shown in the diagram and described below. Implement the design on the lab
set of switches. Verify that all configurations are operational and functioning
according to the guidelines.
Scenario
The International Travel Agency has two distribution switches, DLS1 and DLS2, and two access layer switches, ALS1 and ALS2. Configure a group of switches as follows:
Basic Configuration:
All Switches:
enable
configure terminal
!
no ip domain lookup
!
interface vlan 1
no shutdown
!
line console 0
logging synchronous
exec-timeout 0 0
!
hostname
‧ Disable the links between the access layer switches.
DLS1(config)#interface range fastEthernet 0/7 - 12
DLS1(config-if-range)#shutdown
DLS2(config)#interface range fastEthernet 0/7 - 12
DLS2(config-if-range)#shutdown
ALS1(config)#interface range fastEthernet 0/7 - 10
ALS1(config-if-range)#shutdown
ALS2(config)#interface range fastEthernet 0/7 - 10
ALS2(config-if-range)#shutdown
‧ Place all switches in the VTP domain CISCO and set them all to VTP mode transparent.
ALL SWITCH:
ALL SWITCH(config)#vtp domain CISCO
ALL SWITCH(config)#vtp mode transparent
‧ Make sure that all inter-switch links are statically set as 802.1q links.
DLS1(config)#interface range fastEthernet 0/7 - 12
DLS1(config-if-range)#switchport trunk encapsulation dot1q
DLS1(config-if-range)#switchport mode trunk
DLS1(config-if-range)#no shutdown
DLS2(config)#interface range fastEthernet 0/7 - 12
DLS2(config-if-range)#switchport trunk encapsulation dot1q
DLS2(config-if-range)#switchport mode trunk
DLS2(config-if-range)#no shutdown
ALS1(config)#interface range fastEthernet 0/7 - 10
ALS1(config-if-range)#switchport trunk encapsulation dot1q
ALS1(config-if-range)#switchport mode trunk
ALS1(config-if-range)#no shutdown
ALS2(config)#interface range fastEthernet 0/7 - 10
ALS2(config-if-range)#switchport trunk encapsulation dot1q
ALS2(config-if-range)#switchport mode trunk
ALS2(config-if-range)#no shutdown
‧ Create VLANs 10 and 200 on all switches. Give DLS1 and DLS2 SVIs in VLAN 10 and assign addresses in the 172.16.10.0/24 subnet.
ALL SWITCH:
ALL SWITCH(config)#vlan 10,200
DLS1(config)#interface vlan 10
DLS1(config-if)#ip address 172.16.10.10 255.255.255.0
DLS1(config-if)#no shutdown
DLS2(config)#interface vlan 10
DLS2(config-if)#ip address 172.16.10.20 255.255.255.0
DLS2(config-if)#no shutdown
‧ Configure DLS1 and DLS2 to use HSRP on the 172.16.10.0/24 subnet. Make DLS1 the primary gateway, and enable preemption on both switches.
DLS1(config)#interface vlan 10
DLS1(config-if)#standby 10 ip 172.16.10.1
DLS1(config-if)#standby 10 pre
DLS1(config-if)#standby 10 preempt
DLS1(config-if)#standby 10 priority 105
DLS2(config)#interface vlan 10
DLS2(config-if)#standby 10 ip 172.16.10.1
DLS2(config-if)#standby 10 preempt
DLS2(config-if)#standby 10 priority 100
‧ Place ports Fa0/15 through Fa0/20 in VLAN 10 on both access layer switches.
ALS1(config)#interface range fastEthernet 0/15 - 20
ALS1(config-if-range)#switchport access vlan 10
ALS1(config-if-range)#switchport mode access
ALS2(config)#interface range fastEthernet 0/15 - 20
ALS2(config-if-range)#switchport access vlan 10
ALS2(config-if-range)#switchport mode access
‧ Enable PortFast on all access ports.
ALL SWITCH:
ALL SWITCH(config)#spanning-tree portfast default
‧ Enable QoS on all switches involved in the scenario.
ALL SWITCH:
ALL SWITCH(config)#mls qos
‧ Configure ALS1 F0/15 and F0/16 for using Cisco IP phones with a voice VLAN of 200 and trust the IP phone CoSes.
ALS1(config)#interface range fastEthernet 0/15 - 16
ALS1(config-if-range)#switchport voice vlan 200
ALS1(config-if-range)#auto qos voip cisco-phone
DLS1(config)#interface range fastEthernet 0/7 - 8
DLS1(config-if-range)#auto qos voip trust
DLS2(config)#interface range fastEthernet 0/9 - 10
DLS2(config-if-range)#auto qos voip trust
‧ Configure ALS1 F0/18 through F0/20 for port security. Allow only up to three MAC addresses to be learned on each port and then drop any traffic from other MAC addresses.
ALS1(config)#interface range fastEthernet 0/18 - 20
ALS1(config-if-range)#switchport port-security maximum 3
ALS1(config-if-range)#switchport port-security mac-address sticky
ALS1(config-if-range)#switchport port-security violation restrict
‧ Configure ALS2 F0/18 to only allow the MAC address 1234.1234.1234 and to shut down if a violation occurs.
ALS2(config)#interface fastEthernet 0/18
ALS2(config-if)#switchport port-security maximum 1
ALS2(config-if)#switchport port-security mac-address 1234.1234.1234
ALS2(config-if)#switchport port-security violation shutdown
Final Configurations
DLS1:
hostname DLS1
!
mls qos
!
no ip domain-lookup
!
vtp domain CISCO
vtp mode transparent
!
spanning-tree portfast default
spanning-tree extend system-id
!
vlan 10,200
!
interface FastEthernet0/7
switchport trunk encapsulation dot1q
switchport mode trunk
auto qos voip trust
!
interface FastEthernet0/8
switchport trunk encapsulation dot1q
switchport mode trunk
auto qos voip trust
!
interface FastEthernet0/9
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/10
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/11
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/12
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan1
no shutdown
!
interface Vlan10
ip address 172.16.10.10 255.255.255.0
standby 10 ip 172.16.10.1
standby 10 priority 105
standby 10 preempt
no shutdown
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
DLS2:
hostname DLS2
!
mls qos
!
no ip domain-lookup
!
vtp domain CISCO
vtp mode transparent
!
spanning-tree portfast default
!
vlan 10,200
!
interface FastEthernet0/7
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/8
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/9
switchport trunk encapsulation dot1q
switchport mode trunk
auto qos voip trust
!
interface FastEthernet0/10
switchport trunk encapsulation dot1q
switchport mode trunk
auto qos voip trust
!
interface FastEthernet0/11
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/12
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan1
no shutdown
!
interface Vlan10
ip address 172.16.10.20 255.255.255.0
standby 10 ip 172.16.10.1
standby 10 preempt
no shutdown
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
ASL1:
hostname ALS1
!
mls qos
!
no ip domain-lookup
!
vtp domain CISCO
vtp mode transparent
!
spanning-tree portfast default
spanning-tree extend system-id
!
vlan 10,200
!
interface FastEthernet0/7
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/8
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/9
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/10
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/15
switchport access vlan 10
switchport mode access
switchport voice vlan 200
mls qos trust device cisco-phone
auto qos voip cisco-phone
!
interface FastEthernet0/16
switchport access vlan 10
switchport mode access
switchport voice vlan 200
mls qos trust device cisco-phone
auto qos voip cisco-phone
!
interface FastEthernet0/17
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 10
switchport mode access
switchport port-security maximum 3
switchport port-security violation restrict
switchport port-security mac-address sticky
!
interface FastEthernet0/19
switchport access vlan 10
switchport mode access
switchport port-security maximum 3
switchport port-security violation restrict
switchport port-security mac-address sticky
!
interface FastEthernet0/20
switchport access vlan 10
switchport mode access
switchport port-security maximum 3
switchport port-security violation restrict
switchport port-security mac-address sticky
!
interface Vlan1
no shutdown
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
ALS2:
hostname ALS2
!
mls qos
!
no ip domain-lookup
!
vtp domain CISCO
vtp mode transparent
!
spanning-tree portfast default
spanning-tree extend system-id
!
vlan 10,200
!
interface FastEthernet0/7
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/8
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/9
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/10
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/15
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 10
switchport mode access
switchport port-security mac-address 1234.1234.1234
!
interface FastEthernet0/19
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 10
switchport mode access
!
interface Vlan1
no shutdown
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
Reference:
Cisco Networking Academy
http://www.cisco.com/web/learning/netacad/index.html
CCNP Version 5.0: Building Multilayer Switched Networks
Student Lab Manual
最初發表 / 最後更新: 2008.10.23 / 2018.06.12
0 comments:
張貼留言