!!!I used real Cisco 3550 switch *4 and Router * 2 to do this lab. I did not use Dynamips to do this lab.!!!
Scenario:
Digital Technologies Inc (DTI) has a new city office. The design requires main trunks as
EtherChannels, with back up links, trunk ports and access ports using Catalyst 2950 and 3550
switches, and 1800 series routers. Fault tolerant links are required so all links, even those to ISP,
require backup.
Staff at the city office are in the following subnets:
1. Corporate (Manager, Accounts, Secretaries) VLAN 10
2. Sales (Marketing, Sales, Delivery) VLAN 20
3. Servers (attached to DLS 2) VLAN 30
4. Telephony VLAN 150
5. Management (For all switches) VLAN 217
Basic Configuration:
All Router:
enable
configure terminal
!
no ip domain lookup
!
line console 0
logging synchronous
exec-timeout 0 0
!
hostname
All Switches:
enable
configure terminal
!
no ip domain lookup
!
line console 0
logging synchronous
exec-timeout 0 0
!
interface vlan 1
no shutdown
!
hostname
Multiple Instance Spanning Tree (MST) will be used in combination with PortFast and BPDU guard.
For load balancing, DLS 1 will be root for Corporate VLAN, Sales VLAN and Management VLAN, and
DLS 2 will be root for Telephony VLAN and Servers VLAN. Multiple HSRP groups will be implemented
so that DLS 1 is active for VLAN 10, 20 & 217, and DLS 2 is active for VLANs 30 & 150. All VLANs will
have Bachup Router as their standby link.
General Tasks
1. Connect all the network devices according to the network diagram. (Note: No IP Telephones
will be connected at this stage, although all configuration will assume their presence.)
2. On DL & AL Switches use ports 3 & 4 to the EtherChannel AL Switches (DLS1 to ALS 1 & DLS 2 to ALS 2).
DLS1(config)#interface range fastEthernet 0/3 - 4
DLS1(config-if-range)#switchport trunk encapsulation dot1q
DLS1(config-if-range)#switchport mode trunk
DLS1(config-if-range)#channel-group 3 mode desirable
ALS1(config)#interface range fastEthernet 0/3 - 4
ALS1(config-if-range)#switchport trunk encapsulation dot1q
ALS1(config-if-range)#switchport mode trunk
ALS1(config-if-range)#channel-group 1 mode desirable
DLS2(config)#interface range fastEthernet 0/3 - 4
DLS2(config-if-range)#switchport trunk encapsulation dot1q
DLS2(config-if-range)#switchport mode trunk
DLS2(config-if-range)#channel-group 4 mode desirable
ALS2(config)#interface range fastEthernet 0/3 - 4
ALS2(config-if-range)#switchport trunk encapsulation dot1q
ALS2(config-if-range)#switchport mode trunk
ALS2(config-if-range)#channel-group 2 mode desirable
DLS1#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
3 Po3(SU) PAgP Fa0/3(P) Fa0/4(P)
DLS1#
DLS2#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
4 Po4(SU) PAgP Fa0/3(P) Fa0/4(P)
DLS2#
3. On DL & AL Switches use ports 5 & 6 as trunk ports between them (DLS 1 to ALS 2 & DLS 2 to ALS 1).
DLS1(config)#interface range fastEthernet 0/5 - 6
DLS1(config-if-range)#switchport trunk encapsulation dot1q
DLS1(config-if-range)#switchport mode trunk
ALS2(config)#interface range fastEthernet 0/5 - 6
ALS2(config-if-range)#switchport trunk encapsulation dot1q
ALS2(config-if-range)#switchport mode trunk
DLS2(config)#interface range fastEthernet 0/5 - 6
DLS2(config-if-range)#switchport trunk encapsulation dot1q
DLS2(config-if-range)#switchport mode trunk
ALS1(config)#interface range fastEthernet 0/5 - 6
ALS1(config-if-range)#switchport trunk encapsulation dot1q
ALS1(config-if-range)#switchport mode trunk
4. Use ports 7 & 8 for the trunk ports between ALS 1 & ALS 2.
ALS1(config)#interface range fastEthernet 0/7 - 8
ALS1(config-if-range)#switchport trunk encapsulation dot1q
ALS1(config-if-range)#switchport mode trunk
ALS2(config)#interface range fastEthernet 0/7 - 8
ALS2(config-if-range)#switchport trunk encapsulation dot1q
ALS2(config-if-range)#switchport mode trunk
5. Use port 7 for the trunk links to ISP (DLS 1 to ISP & DLS 2 to ISP).
DLS1(config)#interface fastEthernet 0/7
DLS1(config-if)#no switchport
DLS1(config-if)#ip address 192.168.1.5 255.255.255.252
DLS1(config-if)#no shutdown
DLS2(config)#interface fastEthernet 0/7
DLS2(config-if)#no switchport
DLS2(config-if)#ip address 192.168.1.9 255.255.255.252
DLS2(config-if)#no shutdown
ISP(config)#interface ethernet 0/0
ISP(config-if)#ip address 192.168.1.6 255.255.255.252
ISP(config-if)#no shutdown
ISP(config)#interface ethernet 0/1
ISP(config-if)#ip address 192.168.1.10 255.255.255.252
ISP(config-if)#no shutdown
ISP#ping 192.168.1.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
ISP#ping 192.168.1.9
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.9, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
6. ALS 1 has the only link to BACKUP Router on port 24
ALS1(config)#interface fastEthernet 0/24
ALS1(config-if)#switchport trunk encapsulation dot1q
ALS1(config-if)#switchport mode trunk
Backup(config)#interface ethernet 0/0
Backup(config-if)#no shutdown
Backup(config)#interface ethernet 0/0.10
Backup(config-subif)#encapsulation dot1Q 10
Backup(config-subif)#ip address 10.1.10.50 255.255.255.0
Backup(config)#interface ethernet 0/0.20
Backup(config-subif)#encapsulation dot1Q 20
Backup(config-subif)#ip address 10.1.20.50 255.255.255.0
Backup(config)#interface ethernet 0/0.30
Backup(config-subif)#encapsulation dot1Q 30
Backup(config-subif)#ip address 10.1.30.50 255.255.255.0
Backup(config)#interface ethernet 0/0.150
Backup(config-subif)#encapsulation dot1Q 150
Backup(config-subif)#ip address 10.1.150.50 255.255.255.0
Backup(config)#interface ethernet 0/0.217
Backup(config-subif)#encapsulation dot1Q 217
Backup(config-subif)#ip address 10.1.217.50 255.255.255.0
Backup#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES unset up up
Ethernet0/0.10 10.1.10.50 YES manual up up
Ethernet0/0.20 10.1.20.50 YES manual up up
Ethernet0/0.30 10.1.30.50 YES manual up up
Ethernet0/0.150 10.1.150.50 YES manual up up
Ethernet0/0.217 10.1.217.50 YES manual up up
Serial0/0 unassigned YES unset administratively down down
Serial0/1 unassigned YES unset administratively down down
Backup#
· On all devices, configure the following:
o vty support with password cisco
DLS1(config)#vtp domain ITCORP
DLS1(config)#vtp password cisco
DLS1(config)#vtp mode server
DLS1(config)#vlan 10
DLS1(config-vlan)#name Corporate
DLS1(config)#vlan 20
DLS1(config-vlan)#name Sales
DLS1(config)#vlan 30
DLS1(config-vlan)#name Servers
DLS1(config)#vlan 150
DLS1(config-vlan)#name Telephony
DLS1(config)#vlan 217
DLS1(config-vlan)#name Management
DLS2(config)#vtp domain ITCORP
DLS2(config)#vtp password cisco
DLS2(config)#vtp mode client
ALS1(config)#vtp domain ITCORP
ALS1(config)#vtp password cisco
ALS1(config)#vtp mode client
ALS2(config)#vtp domain ITCORP
ALS2(config)#vtp password cisco
ALS2(config)#vtp mode client
ALS2#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gi0/1, Gi0/2
10 Corporate active
20 Sales active
30 Servers active
150 Telephony active
217 Management active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
ALS2#
ALS2#show vtp status
VTP Version : running VTP1 (VTP2 capable)
Configuration Revision : 5
Maximum VLANs supported locally : 1005
Number of existing VLANs : 10
VTP Operating Mode : Client
VTP Domain Name : ITCORP
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x99 0xB4 0x7D 0x9B 0x8B 0x90 0x15 0xA1
Configuration last modified by 192.168.1.5 at 3-1-93 00:50:48
ALS2#
o console password cisco
All Router and Switch:
All Router and Switch(config)#line console 0
All Router and Switch(config-line)#password cisco
All Router and Switch(config-line)#logging synchronous
o privileged EXEC mode secret cisco
All Router and Switch:
All Router and Switch(config)#enable secret cisco
o All hostnames
All Router and Switch:
All Router and Switch(config)#hostname *
o Prevent bystanders from reading passwords by configuring all network devices to encrypt the clear text passwords.
All Router and Switch:
All Router and Switch(config)#service password-encryption
VLANs and VTP
DTI requires VLANs and VTP to be configured within the switched network
1. VTP
- Domain ITCORP
- Password cisco
- DLS 1 Server
- All other switches CLIENT
!!!!done
2. Fast EtherChannel is between ALS 1 & DLS 1, and ALS 2 & DLS 2
!!!done
3. Create all required VLANs in the VTP Domain
!!!done
4. Configure Access Ports as follows:
VLAN 10 VLAN 20 VLAN 30 VLAN 150
DLS 1 nil nil nil nil
DLS 2 nil nil fa0/22-24 nil
ALS 1 fa0/10-13 fa0/14-22 nil access ports only
ALS 2 fa0/10-13 fa0/14-22 nil access ports only
DLS2(config)#interface range fastEthernet 0/22 - 24
DLS2(config-if-range)#switchport access vlan 30
DLS2(config-if-range)#switchport mode access
ALS1(config)#interface range fastEthernet 0/10 - 13
ALS1(config-if-range)#switchport access vlan 10
ALS1(config-if-range)#switchport mode access
ALS1(config)#interface range fastEthernet 0/14 - 22
ALS1(config-if-range)#switchport access vlan 20
ALS1(config-if-range)#switchport mode access
ALS2(config)#interface range fastEthernet 0/10 - 13
ALS2(config-if-range)#switchport access vlan 10
ALS2(config-if-range)#switchport mode access
ALS2(config)#interface range fastEthernet 0/14 - 22
ALS2(config-if-range)#switchport access vlan 20
ALS2(config-if-range)#switchport mode access
ALS1#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/9, Fa0/23
Gi0/1, Gi0/2
10 Corporate active Fa0/10, Fa0/11, Fa0/12, Fa0/13
20 Sales active Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22
30 Servers active
150 Telephony active
217 Management active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
ALS1#
ALS2#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/9, Fa0/23
Fa0/24, Gi0/1, Gi0/2
10 Corporate active Fa0/10, Fa0/11, Fa0/12, Fa0/13
20 Sales active Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22
30 Servers active
150 Telephony active
217 Management active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
ALS2#
Spanning-Tree
1. Configure instance 1 for VLANs 10, 20 & 217 with DLS 1 as root bridge, with all other VLANs
being in instance 2 with DLS 2 as root bridge.
DLS1(config)#spanning-tree mode mst
DLS1(config)#spanning-tree mst configuration
DLS1(config-mst)#name CISCO
DLS1(config-mst)#revision 1
DLS1(config-mst)#instance 1 vlan 10, 20, 217
DLS1(config-mst)#instance 2 vlan 1, 30, 150 ,1002-1005
DLS1(config-mst)#exit
DLS1(config)#spanning-tree mst 1 root primary
DLS1(config)#spanning-tree mst 2 root secondary
DLS2(config)#spanning-tree mode mst
DLS2(config)#spanning-tree mst configuration
DLS2(config-mst)#name CISCO
DLS2(config-mst)#revision 1
DLS2(config-mst)#instance 1 vlan 10,20,217
DLS2(config-mst)#instance 2 vlan 1, 30, 150 ,1002-1005
DLS2(config-mst)#exit
DLS2(config)#spanning-tree mst 1 root secondary
DLS2(config)#spanning-tree mst 2 root primary
ALS1(config)#spanning-tree mode mst
ALS1(config)#spanning-tree mst configuration
ALS1(config-mst)#name CISCO
ALS1(config-mst)#revision 1
ALS1(config-mst)#instance 1 vlan 10, 20, 217
ALS1(config-mst)#instance 2 vlan 1, 30, 150 ,1002-1005
ALS1(config-mst)#exit
ALS2(config)#spanning-tree mode mst
ALS2(config)#spanning-tree mst configuration
ALS2(config-mst)#name CISCO
ALS2(config-mst)#revision 1
ALS2(config-mst)#instance 1 vlan 10,20,217
ALS2(config-mst)#instance 2 vlan 1, 30, 150 ,1002-1005
ALS2(config-mst)#exit
DLS1#show spanning-tree
MST0
Spanning tree enabled protocol mstp
Root ID Priority 32768
Address 000e.d7a6.9c80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 000e.d7a6.9c80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/5 Desg FWD 200000 128.5 P2p
Fa0/6 Desg FWD 200000 128.6 P2p
Po3 Desg FWD 100000 128.65 P2p
MST1
Spanning tree enabled protocol mstp
Root ID Priority 24577
Address 000e.d7a6.9c80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 24577 (priority 24576 sys-id-ext 1)
Address 000e.d7a6.9c80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/5 Desg FWD 200000 128.5 P2p
Fa0/6 Desg FWD 200000 128.6 P2p
Po3 Desg FWD 100000 128.65 P2p
MST2
Spanning tree enabled protocol mstp
Root ID Priority 24578
Address 000e.d7a6.ab00
Cost 300000
Port 65 (Port-channel3)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 28674 (priority 28672 sys-id-ext 2)
Address 000e.d7a6.9c80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/5 Altn BLK 200000 128.5 P2p
Fa0/6 Altn BLK 200000 128.6 P2p
Po3 Root FWD 100000 128.65 P2p
DLS1#
DLS2#show spanning-tree
MST0
Spanning tree enabled protocol mstp
Root ID Priority 32768
Address 000e.d7a6.9c80
Cost 0
Port 5 (FastEthernet0/5)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 000e.d7a6.ab00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/5 Root FWD 200000 128.5 P2p
Fa0/6 Altn BLK 200000 128.6 P2p
Po4 Altn BLK 100000 128.65 P2p
MST1
Spanning tree enabled protocol mstp
Root ID Priority 24577
Address 000e.d7a6.9c80
Cost 300000
Port 5 (FastEthernet0/5)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 28673 (priority 28672 sys-id-ext 1)
Address 000e.d7a6.ab00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/5 Root FWD 200000 128.5 P2p
Fa0/6 Altn BLK 200000 128.6 P2p
Po4 Altn BLK 100000 128.65 P2p
MST2
Spanning tree enabled protocol mstp
Root ID Priority 24578
Address 000e.d7a6.ab00
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 24578 (priority 24576 sys-id-ext 2)
Address 000e.d7a6.ab00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/5 Desg FWD 200000 128.5 P2p
Fa0/6 Desg FWD 200000 128.6 P2p
Po4 Desg FWD 100000 128.65 P2p
DLS2#
2. Configure PortFast on all non trunk ports.
All Router and Switch:
All Router and Switch(config)#spanning-tree portfast bpduguard default
All Router and Switch(config)#spanning-tree portfast default
Inter-VLAN Routing
Enable InterVLAN routing.
DLS1(config)#ip routing
DLS1(config)#interface vlan 10
DLS1(config-if)#ip address 10.1.10.10 255.255.255.0
DLS1(config-if)#interface vlan 20
DLS1(config-if)#ip address 10.1.20.10 255.255.255.0
DLS1(config-if)#interface vlan 30
DLS1(config-if)#ip address 10.1.30.10 255.255.255.0
DLS1(config-if)#interface vlan 150
DLS1(config-if)#ip address 10.1.150.10 255.255.255.0
DLS1(config-if)#interface vlan 217
DLS1(config-if)#ip address 10.1.217.10 255.255.255.0
DLS2(config)#ip routing
DLS2(config)#interface vlan 10
DLS2(config-if)#ip address 10.1.10.20 255.255.255.0
DLS2(config)#interface vlan 20
DLS2(config-if)#ip address 10.1.20.20 255.255.255.0
DLS2(config)#interface vlan 30
DLS2(config-if)#ip address 10.1.30.20 255.255.255.0
DLS2(config)#interface vlan 150
DLS2(config-if)#ip address 10.1.150.20 255.255.255.0
DLS2(config)#interface vlan 217
DLS2(config-if)#ip address 10.1.217.20 255.255.255.0
Configure Backup as a router-on-a-stick.
!!!Done
Configure HSRP on DLS1, DLS 2 and Backup.
Configure HSRP on DLS1, DLS 2 and Backup Router so that DLS 1 is the active router for
VLANs 10, 20 & 217 and DLS 2 is the active router for VLANs 30 & 150, with standby for all
VLANs being Backup Router. Include the preempt option in all configuration.
Configure HSRP interface tracking so that Backup becomes the active router if the
FastEthernet link between DLS 1 or DLS 2 to ISP goes down.
DLS1(config)#interface Vlan10
DLS1(config-if)#ip address 10.1.10.10 255.255.255.0
DLS1(config-if)#standby 10 ip 10.1.10.1
DLS1(config-if)#standby 10 priority 105
DLS1(config-if)#standby 10 preempt
DLS1(config-if)#standby 10 track FastEthernet0/7
DLS1(config-if)#interface Vlan20
DLS1(config-if)#ip address 10.1.20.10 255.255.255.0
DLS1(config-if)#standby 20 ip 10.1.20.1
DLS1(config-if)#standby 20 priority 105
DLS1(config-if)#standby 20 preempt
DLS1(config-if)#standby 20 track FastEthernet0/7
DLS1(config-if)#interface Vlan217
DLS1(config-if)#ip address 10.1.217.10 255.255.255.0
DLS1(config-if)#standby 217 ip 10.1.217.1
DLS1(config-if)#standby 217 priority 105
DLS1(config-if)#standby 217 preempt
DLS1(config-if)#standby 217 track FastEthernet0/7
DLS2(config)#interface Vlan30
DLS2(config-if)# ip address 10.1.30.20 255.255.255.0
DLS2(config-if)# standby 30 ip 10.1.30.1
DLS2(config-if)# standby 30 priority 105
DLS2(config-if)# standby 30 preempt
DLS2(config-if)# standby 30 track FastEthernet0/7
DLS2(config-if)#interface Vlan150
DLS2(config-if)# ip address 10.1.150.20 255.255.255.0
DLS2(config-if)# standby 150 ip 10.1.150.1
DLS2(config-if)# standby 150 priority 105
DLS2(config-if)# standby 150 preempt
DLS2(config-if)# standby 150 track FastEthernet0/7
!!!!Subinterfaces!!!!
HSRP groups on subinterfaces must have a group number unique among all other groups on all subinterfaces on the same main interface. This is because subinterfaces do not receive a unique SNMP interface index. If you had two groups with the number N on different subinterfaces, then in the MIB, group N on sub-interface 1 and group N on sub-interface 2 would appear to be the same group.
http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094a91.shtml#subinterfaces
Backup(config)#interface Ethernet0/0.10
Backup(config-subif)#standby 10 ip 10.1.10.1
Backup(config-subif)#standby 10 preempt
Backup(config-subif)#standby 10 priority 100
Backup(config-subif)#standby 10 track Serial0/0
Backup(config)#interface ethernet 0/0.20
Backup(config-subif)#standby 20 ip 10.1.20.1
Backup(config-subif)#standby 20 preempt
Backup(config-subif)#standby 20 priority 100
Backup(config-subif)#standby 20 track Serial 0/0
Backup(config)#interface ethernet 0/0.30
Backup(config-subif)#standby 30 ip 10.1.30.1
Backup(config-subif)#standby 30 preempt
Backup(config-subif)#standby 30 priority 100
Backup(config-subif)#standby 30 track Serial 0/0
Backup(config)#interface ethernet 0/0.150
Backup(config-subif)#standby 150 ip 10.1.150.1
Backup(config-subif)#standby 150 preempt
Backup(config-subif)#standby 150 priority 100
Backup(config-subif)#standby 150 track Serial 0/0
Backup(config)#interface ethernet 0/0.217
Backup(config-subif)#standby 217 ip 10.1.217.1
Backup(config-subif)#standby 217 preempt
Backup(config-subif)#standby 217 priority 100
Backup(config-subif)#standby 217 track Serial 0/0
DLS1#show standby brief
P indicates configured to preempt.
|
Interface Grp Prio P State Active Standby Virtual IP
Vl10 10 105 P Active local 10.1.10.50 10.1.10.1
Vl20 20 105 P Active local 10.1.20.50 10.1.20.1
Vl217 217 105 P Active local 10.1.217.50 10.1.217.1
DLS1#
DLS2#show standby brief
P indicates configured to preempt.
|
Interface Grp Prio P State Active Standby Virtual IP
Vl30 30 105 P Active local 10.1.30.50 10.1.30.1
Vl150 150 105 P Active local 10.1.150.50 10.1.150.1
DLS2#
Backup#show standby brief
P indicates configured to preempt.
|
Interface Grp Prio P State Active Standby Virtual IP
Et0/0.10 10 90 P Standby 10.1.10.10 local 10.1.10.1
Et0/0.20 20 90 P Standby 10.1.20.10 local 10.1.20.1
Et0/0.30 30 90 P Standby 10.1.30.20 local 10.1.30.1
Et0/0.150 150 90 P Standby 10.1.150.20 local 10.1.150.1
Et0/0.217 217 90 P Standby 10.1.217.10 local 10.1.217.1
Backup#
Use the following Addresses:
- VLAN 10 - 10.1.10.0/24
- VLAN 20 - 10.1.20.0/24
- VLAN 30 - 10.1.30.0/24
- VLAN 150 - 10.1.150.0/24
- VLAN 217 - 10.1.217.0/24
- Interface S0/0/0 on Backup - 192.168.1.0/30
- Interface fa0/7 on DLS 1 - 192.168.1.4/30
- Interface fa0/7 on DLS 2 - 192.168.1.8/30
- Configure valid addresses for the host on ALS 1 (port 15) and the host on ALS 2
(port 20), and server in VLAN 30.
- Configure tracking on all links to ISP.
ISP(config)#interface serial 0/0
ISP(config-if)#ip address 192.168.1.2 255.255.255.252
ISP(config-if)#clock rate 64000
ISP(config-if)#no shutdown
ISP(config)#interface loopback 0
ISP(config-if)#ip address 200.200.200.200 255.255.255.0
Backup(config)#interface serial 0/0
Backup(config-if)#ip address 192.168.1.1 255.255.255.252
Backup(config-if)#no shutdown
ALS1(config)#interface vlan 217
ALS1(config-if)#ip address 10.1.217.30 255.255.255.0
ALS1(config-if)#no shutdown
ALS1(config)#ip default-gateway 10.1.217.1
ALS2(config)#interface vlan 217
ALS2(config-if)#ip address 10.1.217.40 255.255.255.0
ALS2(config-if)#no shutdown
ALS2(config)#ip default-gateway 10.1.217.1
DLS2(config)#interface fastEthernet 0/22
DLS2(config-if)#switchport access vlan 30
DLS2(config-if)#switchport mode access
Additional Requirements
· Configure Port sticky on all access ports, allowing a single user, and shut down if violated.
DLS1(config)#interface range fastEthernet 0/1-2 , fastEthernet 0/8 - 24
DLS1(config-if-range)#switchport port-security mac-address sticky
DLS1(config-if-range)#switchport port-security maximum 2
DLS1(config-if-range)#switchport port-security violation shutdown
DLS1(config)#interface range gigabitEthernet 0/1 - 2
DLS1(config-if-range)#switchport port-security mac-address sticky
DLS1(config-if-range)#switchport port-security maximum 2
DLS1(config-if-range)#switchport port-security violation shutdown
DLS2(config)#interface range fastEthernet 0/1 - 2 , fastEthernet 0/8 - 24
DLS2(config-if-range)#switchport port-security mac-address sticky
DLS2(config-if-range)#switchport port-security maximum 2
DLS2(config-if-range)#switchport port-security violation shutdown
DLS2(config)#interface range gigabitEthernet 0/1 - 2
DLS2(config-if-range)#switchport port-security mac-address sticky
DLS2(config-if-range)#switchport port-security maximum 2
DLS2(config-if-range)#switchport port-security violation shutdown
ALS1(config)#interface range fastEthernet 0/1 - 2 , fastEthernet 0/9 - 14
ALS1(config-if-range)#switchport port-security mac-address sticky
ALS1(config-if-range)#switchport port-security maximum 2
ALS1(config-if-range)#switchport port-security violation shutdown
ALS1(config)#interface range fastEthernet 0/16 - 23 , gigabitEthernet 0/1 - 2
ALS1(config-if-range)#switchport port-security mac-address sticky
ALS1(config-if-range)#switchport port-security maximum 2
ALS1(config-if-range)#switchport port-security violation shutdown
ALS2(config)#interface range fastEthernet 0/1 - 2 , fastEthernet 0/9 - 19
ALS2(config-if-range)#switchport port-security mac-address sticky
ALS2(config-if-range)#switchport port-security maximum 2
ALS2(config-if-range)#switchport port-security violation shutdown
ALS2(config)#interface range fastEthernet 0/21 - 24 , gigabitEthernet 0/1 - 2
ALS2(config-if-range)#switchport port-security mac-address sticky
ALS2(config-if-range)#switchport port-security maximum 2
ALS2(config-if-range)#switchport port-security violation shutdown
· Enable BPDU guard on all appropriate interfaces.
!!!Done
spanning-tree portfast bpduguard default
· Configure Portfast an all appropriate ports.
!!!Done
spanning-tree portfast default
· Place any ports not attached to a VLAN into VLAN 43 and place these interfaces in shutdown mode.
DLS1(config)#vlan 43
DLS1(config-vlan)#name nouse
DLS1(config)#spanning-tree mst configuration
DLS1(config-mst)#instance 2 vlan 1, 30, 43, 150, 1002-1005
DLS1(config-mst)#exit
DLS1(config)#interface range fastEthernet 0/1-2 , fastEthernet 0/8 - 24
DLS1(config-if-range)#switchport access vlan 43
DLS1(config-if-range)#shutdown
DLS1(config)#interface range gigabitEthernet 0/1 - 2
DLS1(config-if-range)#switchport access vlan 43
DLS1(config-if-range)#shutdown
DLS2(config)#spanning-tree mst configuration
DLS2(config-mst)#instance 2 vlan 1, 30, 43, 150, 1002-1005
DLS2(config-mst)#exit
DLS2(config)#interface range fastEthernet 0/1 - 2 , fastEthernet 0/8 - 21
DLS2(config-if-range)#switchport access vlan 43
DLS2(config-if-range)#shutdown
DLS2(config)#interface range gigabitEthernet 0/1 - 2
DLS2(config-if-range)#switchport access vlan 43
DLS2(config-if-range)#shutdown
ALS1(config)#spanning-tree mst configuration
ALS1(config-mst)#instance 2 vlan 1, 30, 43, 150, 1002-1005
ALS1(config-mst)#exit
ALS1(config)#interface range fastEthernet 0/1 - 2 , fastEthernet 0/9
ALS1(config-if-range)#switchport access vlan 43
ALS1(config-if-range)#shutdown
ALS1(config)#interface range fastEthernet 0/23 , gigabitEthernet 0/1 - 2
ALS1(config-if-range)#switchport access vlan 43
ALS1(config-if-range)#shutdown
ALS2(config)#spanning-tree mst configuration
ALS2(config-mst)#instance 2 vlan 1, 30, 43, 150, 1002-1005
ALS2(config-mst)#exit
ALS2(config)#interface range fastEthernet 0/1 - 2 , fastEthernet 0/9
ALS2(config-if-range)#switchport access vlan 43
ALS2(config-if-range)#shutdown
ALS2(config)#interface range fastEthernet 0/23 - 24 , gigabitEthernet 0/1 - 2
ALS2(config-if-range)#switchport access vlan 43
ALS2(config-if-range)#shutdown
· Configure IP routing on DLS1 and DLS2, and use EIGRP, with automatic summarization
disabled.
DLS1(config)#router eigrp 1
DLS1(config-router)#no auto-summary
DLS1(config-router)#network 10.0.0.0
DLS1(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.6
DLS2(config)#router eigrp 1
DLS2(config-router)#no auto-summary
DLS2(config-router)#network 10.0.0.0
DLS2(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.10
Backup(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.2
ISP(config)#ip route 10.0.0.0 255.0.0.0 192.168.1.5
ISP(config)#ip route 10.0.0.0 255.0.0.0 192.168.1.9 10
ISP(config)#ip route 10.0.0.0 255.0.0.0 192.168.1.1 15
DLS1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.1.6 to network 0.0.0.0
10.0.0.0/24 is subnetted, 5 subnets
C 10.1.10.0 is directly connected, Vlan10
C 10.1.30.0 is directly connected, Vlan30
C 10.1.20.0 is directly connected, Vlan20
C 10.1.150.0 is directly connected, Vlan150
C 10.1.217.0 is directly connected, Vlan217
192.168.1.0/30 is subnetted, 1 subnets
C 192.168.1.4 is directly connected, FastEthernet0/7
S* 0.0.0.0/0 [1/0] via 192.168.1.6
DLS1#
DLS1#ping 200.200.200.200
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.200.200.200, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
DLS1#
DLS2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.1.10 to network 0.0.0.0
10.0.0.0/24 is subnetted, 5 subnets
C 10.1.10.0 is directly connected, Vlan10
C 10.1.30.0 is directly connected, Vlan30
C 10.1.20.0 is directly connected, Vlan20
C 10.1.150.0 is directly connected, Vlan150
C 10.1.217.0 is directly connected, Vlan217
192.168.1.0/30 is subnetted, 1 subnets
C 192.168.1.8 is directly connected, FastEthernet0/7
S* 0.0.0.0/0 [1/0] via 192.168.1.10
DLS2#
DLS2#ping 200.200.200.200
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.200.200.200, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
DLS2#
ALS1#show ip route
Default gateway is 10.1.217.1
Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty
ALS1#
ALS1#ping 200.200.200.200
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.200.200.200, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
ALS1#
ALS2#show ip route
Default gateway is 10.1.217.1
Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty
ALS2#
ALS2#ping 200.200.200.200
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.200.200.200, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/202/1000 ms
ALS2#
Backup#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.1.2 to network 0.0.0.0
10.0.0.0/24 is subnetted, 5 subnets
C 10.1.10.0 is directly connected, Ethernet0/0.10
C 10.1.30.0 is directly connected, Ethernet0/0.30
C 10.1.20.0 is directly connected, Ethernet0/0.20
C 10.1.150.0 is directly connected, Ethernet0/0.150
C 10.1.217.0 is directly connected, Ethernet0/0.217
192.168.1.0/30 is subnetted, 1 subnets
C 192.168.1.0 is directly connected, Serial0/0
S* 0.0.0.0/0 [1/0] via 192.168.1.2
Backup#
Backup#ping 200.200.200.200
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.200.200.200, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/29 ms
Backup#
ISP#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 200.200.200.0/24 is directly connected, Loopback0
S 10.0.0.0/8 [1/0] via 192.168.1.5
192.168.1.0/30 is subnetted, 3 subnets
C 192.168.1.8 is directly connected, Ethernet0/1
C 192.168.1.0 is directly connected, Serial0/0
C 192.168.1.4 is directly connected, Ethernet0/0
ISP#
· Enable QoS globally on all switches.
DLS1(config)#mls qos
DLS1(config)#interface range fastEthernet 0/3 - 6
DLS1(config-if-range)#auto qos voip trust
DLS2(config)#mls qos
DLS2(config)#interface range fastEthernet 0/3 - 6
DLS2(config-if-range)#auto qos voip trust
· On ALS1 and ALS2, configure access ports to trust Cisco IP phones for QoS. Use VLAN 150 as
the voice VLAN.
ALS1(config)#interface fastEthernet 0/15
ALS1(config-if)#switchport access vlan 20
ALS1(config-if)#switchport voice vlan 150
ALS1(config-if)#auto qos voip cisco-phone
ALS2(config)#interface fastEthernet 0/20
ALS2(config-if)#switchport access vlan 20
ALS2(config-if)#switchport voice vlan 150
ALS2(config-if)#auto qos voip cisco-phone
Final Configurations
DLS1:
service password-encryption
!
hostname DLS1
!
enable secret cisco
!
mls qos
!
ip routing
!
no ip domain-lookup
!
spanning-tree mode mst
spanning-tree portfast default
spanning-tree portfast bpduguard default
!
spanning-tree mst configuration
name CISCO
revision 1
instance 1 vlan 10, 20, 217
instance 2 vlan 1, 30, 43, 150, 1002-1005
!
spanning-tree mst 1 priority 24576
spanning-tree mst 2 priority 28672
!
interface Port-channel3
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/1
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/2
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
auto qos voip trust
channel-group 3 mode desirable
!
interface FastEthernet0/4
switchport trunk encapsulation dot1q
switchport mode trunk
auto qos voip trust
channel-group 3 mode desirable
!
interface FastEthernet0/5
switchport trunk encapsulation dot1q
switchport mode trunk
auto qos voip trust
!
interface FastEthernet0/6
switchport trunk encapsulation dot1q
switchport mode trunk
auto qos voip trust
!
interface FastEthernet0/7
no switchport
ip address 192.168.1.5 255.255.255.252
!
interface FastEthernet0/8
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/9
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/10
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/11
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/12
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/13
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/14
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/15
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/16
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/17
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/18
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/19
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/20
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/21
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/22
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/23
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/24
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface GigabitEthernet0/1
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface GigabitEthernet0/2
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 10.1.10.10 255.255.255.0
standby 10 ip 10.1.10.1
standby 10 priority 105
standby 10 preempt
standby 10 track FastEthernet0/7
!
interface Vlan20
ip address 10.1.20.10 255.255.255.0
standby 20 ip 10.1.20.1
standby 20 priority 105
standby 20 preempt
standby 20 track FastEthernet0/7
!
interface Vlan30
ip address 10.1.30.10 255.255.255.0
!
interface Vlan150
ip address 10.1.150.10 255.255.255.0
!
interface Vlan217
ip address 10.1.217.10 255.255.255.0
standby 217 ip 10.1.217.1
standby 217 priority 105
standby 217 preempt
standby 217 track FastEthernet0/7
!
!
router eigrp 1
no auto-summary
network 10.0.0.0
!
ip route 0.0.0.0 0.0.0.0 192.168.1.6
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
!
end
DLS2:
service password-encryption
!
hostname DLS2
!
enable secret cisco
!
mls qos
!
ip routing
!
no ip domain-lookup
!
spanning-tree mode mst
spanning-tree portfast default
spanning-tree portfast bpduguard default
!
spanning-tree mst configuration
name CISCO
revision 1
instance 1 vlan 10, 20, 217
instance 2 vlan 1, 30, 43, 150, 1002-1005
!
spanning-tree mst 1 priority 28672
spanning-tree mst 2 priority 24576
!
interface Port-channel4
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/1
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/2
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
auto qos voip trust
channel-group 4 mode desirable
!
interface FastEthernet0/4
switchport trunk encapsulation dot1q
switchport mode trunk
auto qos voip trust
channel-group 4 mode desirable
!
interface FastEthernet0/5
switchport trunk encapsulation dot1q
switchport mode trunk
auto qos voip trust
!
interface FastEthernet0/6
switchport trunk encapsulation dot1q
switchport mode trunk
auto qos voip trust
!
interface FastEthernet0/7
no switchport
ip address 192.168.1.9 255.255.255.252
!
interface FastEthernet0/8
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/9
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/10
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/11
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/12
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/13
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/14
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/15
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/16
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/17
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/18
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/19
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/20
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/21
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/22
switchport access vlan 30
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface FastEthernet0/23
switchport access vlan 30
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface FastEthernet0/24
switchport access vlan 30
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface GigabitEthernet0/1
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface GigabitEthernet0/2
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 10.1.10.20 255.255.255.0
!
interface Vlan20
ip address 10.1.20.20 255.255.255.0
!
interface Vlan30
ip address 10.1.30.20 255.255.255.0
standby 30 ip 10.1.30.1
standby 30 priority 105
standby 30 preempt
standby 30 track FastEthernet0/7
!
interface Vlan50
ip address 10.1.50.20 255.255.255.0
!
interface Vlan150
ip address 10.1.150.20 255.255.255.0
standby 150 ip 10.1.150.1
standby 150 priority 105
standby 150 preempt
standby 150 track FastEthernet0/7
!
interface Vlan217
ip address 10.1.217.20 255.255.255.0
!
!
router eigrp 1
no auto-summary
network 10.0.0.0
!
ip route 0.0.0.0 0.0.0.0 192.168.1.10
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
!
end
ASL1:
service password-encryption
!
hostname ALS1
!
enable secret cisco
!
no ip domain-lookup
!
mls qos
!
spanning-tree mode mst
spanning-tree portfast default
spanning-tree portfast bpduguard default
!
spanning-tree mst configuration
name CISCO
revision 1
instance 1 vlan 10, 20, 217
instance 2 vlan 1, 30, 43, 150, 1002-1005
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/1
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/2
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode desirable
!
interface FastEthernet0/4
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode desirable
!
interface FastEthernet0/5
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/6
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/7
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/8
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/9
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/10
switchport access vlan 10
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface FastEthernet0/11
switchport access vlan 10
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface FastEthernet0/12
switchport access vlan 10
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface FastEthernet0/13
switchport access vlan 10
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface FastEthernet0/14
switchport access vlan 20
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface FastEthernet0/15
switchport access vlan 20
switchport mode access
switchport voice vlan 150
mls qos trust device cisco-phone
auto qos voip cisco-phone
!
interface FastEthernet0/16
switchport access vlan 20
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface FastEthernet0/17
switchport access vlan 20
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface FastEthernet0/18
switchport access vlan 20
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface FastEthernet0/19
switchport access vlan 20
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface FastEthernet0/20
switchport access vlan 20
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface FastEthernet0/21
switchport access vlan 20
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface FastEthernet0/22
switchport access vlan 20
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface FastEthernet0/23
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/1
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface GigabitEthernet0/2
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface Vlan1
no ip address
!
interface Vlan217
ip address 10.1.217.30 255.255.255.0
!
ip default-gateway 10.1.217.1
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
!
end
ALS2:
service password-encryption
!
hostname ALS2
!
enable secret cisco
!
mls qos
!
no ip domain-lookup
!
spanning-tree mode mst
spanning-tree portfast default
spanning-tree portfast bpduguard default
!
spanning-tree mst configuration
name CISCO
revision 1
instance 1 vlan 10, 20, 217
instance 2 vlan 1, 30, 43, 150, 1002-1005
!
interface Port-channel2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/1
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/2
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode desirable
!
interface FastEthernet0/4
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode desirable
!
interface FastEthernet0/5
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/6
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/7
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/8
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/9
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/10
switchport access vlan 10
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface FastEthernet0/11
switchport access vlan 10
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface FastEthernet0/12
switchport access vlan 10
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface FastEthernet0/13
switchport access vlan 10
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface FastEthernet0/14
switchport access vlan 20
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface FastEthernet0/15
switchport access vlan 20
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface FastEthernet0/16
switchport access vlan 20
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface FastEthernet0/17
switchport access vlan 20
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface FastEthernet0/18
switchport access vlan 20
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface FastEthernet0/19
switchport access vlan 20
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface FastEthernet0/20
switchport access vlan 20
switchport mode access
switchport voice vlan 150
mls qos trust device cisco-phone
auto qos voip cisco-phone
!
interface FastEthernet0/21
switchport access vlan 20
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface FastEthernet0/22
switchport access vlan 20
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
!
interface FastEthernet0/23
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface FastEthernet0/24
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface GigabitEthernet0/1
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface GigabitEthernet0/2
switchport access vlan 43
switchport mode dynamic desirable
switchport port-security maximum 2
switchport port-security mac-address sticky
shutdown
!
interface Vlan1
no ip address
!
interface Vlan217
ip address 10.1.217.40 255.255.255.0
!
ip default-gateway 10.1.217.1
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
!
end
Backup:
service password-encryption
!
hostname Backup
!
enable secret 5 cisco
!
no ip domain lookup
!
interface Ethernet0/0
no ip address
no shutdown
!
interface Ethernet0/0.10
encapsulation dot1Q 10
ip address 10.1.10.50 255.255.255.0
standby 10 ip 10.1.10.1
standby 10 preempt
standby 10 track Serial0/0
!
interface Ethernet0/0.20
encapsulation dot1Q 20
ip address 10.1.20.50 255.255.255.0
standby 20 ip 10.1.20.1
standby 20 preempt
standby 20 track Serial0/0
!
interface Ethernet0/0.30
encapsulation dot1Q 30
ip address 10.1.30.50 255.255.255.0
standby 30 ip 10.1.30.1
standby 30 preempt
standby 30 track Serial0/0
!
interface Ethernet0/0.150
encapsulation dot1Q 150
ip address 10.1.150.50 255.255.255.0
standby 150 ip 10.1.150.1
standby 150 preempt
standby 150 track Serial0/0
!
interface Ethernet0/0.217
encapsulation dot1Q 217
ip address 10.1.217.50 255.255.255.0
standby 217 ip 10.1.217.1
standby 217 preempt
standby 217 track Serial0/0
!
interface Serial0/0
ip address 192.168.1.1 255.255.255.252
no shutdown
!
ip route 0.0.0.0 0.0.0.0 192.168.1.2
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
line aux 0
line vty 0 4
login
!
end
ISP:
service password-encryption
!
hostname ISP
!
enable secret cisco
!
ip subnet-zero
!
no ip domain lookup
!
interface Loopback0
ip address 200.200.200.200 255.255.255.0
!
interface Ethernet0/0
ip address 192.168.1.6 255.255.255.252
no shutdown
!
interface Serial0/0
ip address 192.168.1.2 255.255.255.252
clock rate 64000
no shutdown
!
interface Ethernet0/1
ip address 192.168.1.10 255.255.255.252
no shutdown
!
ip route 10.0.0.0 255.0.0.0 192.168.1.5
ip route 10.0.0.0 255.0.0.0 192.168.1.9 10
ip route 10.0.0.0 255.0.0.0 192.168.1.1 15
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
!
end
Reference:
Cisco Networking Academy
http://www.cisco.com/web/learning/netacad/index.html
CCNP Version 5.0: Building Multilayer Switched Networks
Student Lab Manual
最初發表 / 最後更新: 2008.10.24 / 2018.06.12
0 comments:
張貼留言