CCNP Switch

CCNP Switch
Lab Manual
(642-813)
Table of Contents
Topics Page#
Virtual Local Area Network (Vlan) 5
Trunk 7
Virtual Trunking Protocol (Vtp) 9
Rapid Spanning Tree Protocol (Rstp) 12
Per Vlan Spanning Tree (Pvst) 14
Port Security 17
Inter Vlan Routing 20
Ether Channel (L2+L3) 25
Multiple Spanning Tree Protocol (Mstp) 27
Hot Standby Routing Protocol (Hsrp) 43
Virtual Router Redundancy Protocol (Vrrp) 49
Gateway Load Balancing Protocol (Glbp) 52
Bpdu Guard 56
Root Guard 57
Dhcp Snooping 61
Vlan Access List (Vacl) 64
CTTC (PVT) Limited CCNP Switch Lab Manual

Copyright
CTTC Professional Development Program.

CCNA Lab Manual (200-120)
Copyright@ CTTC (Pvt.) Limited
Published By
CTTC (PVT) Limited

45-M, Block-6 P.E.C.H.S Karachi-75400 Pakistan.
All rights reserved. No part of this manual may be reproduced or transmitted in any form
or by any means, electronic or mechanical, including photocopying, recording and
information storage or retrieval system without written permission from the publisher,
except for the inclusion of quotation in a review.
Warning and Disclaimer

This manual is designed to provide information about CCNA (200-120). Every effort
Has been made to make this manual as complete and accurate as possible, but no warranty
of fitness is implied.
The information is provided on as basis and CTTC (Pvt.) Limited shall have neither
liability nor responsibility to any person or entity with respect to any loss or damage
Arising from the information contained in this manual.
Authors
Mr. Muddasar Sharif

(Network Engineer)
Mr. Tharpal Das

(Associate Network Engineer)
Reviewed By
Mr. Ahmed Saeed

(Head of Department-Cisco Division)
Approve By
Mr. Farrukh Nizami

(CEO)

LAB: Virtual Local Area Network (VLAN)
OBJECTIVE: Configuring VLAN on Cisco Switches
CTTC_HR>enable
CTTC_HR#vlan database
CTTC_HR(vlan)#vlan 10 name HR
CTTC_HR(vlan)#exit
CTTC_HR#show vlan

How to assign a port in VLAN
CTTC_HR(config)#int fa0/3
CTTC_HR(config-if)#switchport mode access
CTTC_HR(config-if)#switchport access vlan 10
CTTC_HR(config-if)#exit

CTTC_HR# show interface fa0/3 switchport

CTTC_HR>enable
CTTC_HR#configure t
CTTC_HR(config-if)#switchport mode dynamic auto
CTTC_HR(config)#do sh int fa0/2 switchport

LAB: VLAN Trunking Protocol (VTP)
OBJECTIVE: Configuring VTP on Cisco Switches
Configuration CTTC-MKT Switch
Switch(config)#hostname CTTC_MKT
CTTC_MKT(config)#do show vtp status

CTTC_MKT(config)#vtp domain cttc.net
Changing VTP domain name from NULL to cttc.net
CTTC_MKT(config)#vlan 10
CTTC_MKT(config-vlan)#vlan 20
CTTC_MKT(config-vlan)#vlan 30
CTTC_MKT(config-vlan)#exit
CTTC_MKT(config)#do show vtp status
Configuration cttc- sales Switch
CTTC_SALES>enable
CTTC_SALES#show vtp status

CTTC_SALES#configure t
Enter configuration commands, one per line. End with CNTL/Z.
CTTC_SALES(config)#vt
CTTC_SALES(config)#vtp dom
CTTC_SALES(config)#vtp domain cttc.net
Changing VTP domain name from NULL to cttc.net
CTTC_SALES(config)#do show vtp status

LAB: Rapid Spanning Tree Protocol (RSTP)
OBJECTIVE: Configuring RSTP and PVSTP on Cisco Switches
Verify Root Bridge on Switch-1:

CTTC_SALES #show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0002.16EE.8B7E
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Aging Time 20
Interface Role Sts Cost PrioNbr Type

---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.1 P2p

Note:
If the switch is Root Bridge, it will display the message This bridge is the root.

Root ID Address and Bridge ID Address will be same in case of Root Bridge.
Default priority is 32768. VLAN ID (System Extension ID) is added to the default
10

priority. VLAN 1 is the default VLAN so the priority for VLAN 1 is 32769
(32768+1).
Enabling RSTP:
CTTC_SALES (config)#spanning-tree mode rapid-pvst
Note: The above command will be issued on all the switches of the network.
Verify RSTP:
CTTC_SALES #show spanning-tree
VLAN0001
Spanning tree enabled protocol rstp
Aging Time 20
Changing CTTC_HR to Root Bridge:

CTTC_HR(config)#spanning-tree vlan 1 priority 4096
Priority must be in the multiple 4096.

Note:
To change the root bridge, you can also use the following command:
CTTC_HR(config)#spanning-tree vlan 1 root primary
Verify CTTC_HR as Root Bridge:

CTTC_HR#show spanning-tree
VLAN0001
Spanning tree enabled protocol rstp

Address 000C.CF21.CBC1
Address 000C.CF21.CBC1
Aging Time 20
Enabling Portfast feature on all switches:
CTTC_SALES (config)#spanning-tree portfast default

Note: Above command will be issued to all the switches in the network. By enabling
11

portfast feature on all the switches, will disable the STP process on all non-trunk ports.
It will cause to take less time to change the state to up on all non-trunking ports. To
verify this feature, connect a PC to the switch and the port will be up within 5 seconds.
Per Vlan Spanning Tree (Pvst)

CTTC_HR is a Root Bridge for vlan 10
CTTC_HR>enable
CTTC_HR#configure terminal
CTTC_HR(config)#vlan 10
CTTC_HR(config-vlan)#exit
CTTC_HR(config-if)#switchport mode access
CTTC_HR(config-if)#switchport access vlan 10
CTTC_HR(config)#do show spanning-tree
VLAN0001
Address 000D.BD04.5D93
Cost 19
Port 2(FastEthernet0/2)

Address 00E0.B0C4.4B83
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Altn BLK 19 128.1 P2p
Fa0/2 Root FWD 19 128.2 P2p
VLAN0010

Aging Time 20

---------------- ---- --- --------- -------- --------------------------------
12

CTTC_HR(config)#spanning-tree vlan 10 root primary
VLAN0001
Cost 19

Aging Time 20

---------------- ---- --- --------- -------- --------------------------------
VLAN0010

Aging Time 20

---------------- ---- --- --------- -------- --------------------------------
13

CTTC_FINANCE is a Root Bridge for vlan 20
CTTC_FINANCE>enable
CTTC_FINANCE#configure terminal
CTTC_FINANCE(config-vlan)#vlan 20
CTTC_FINANCE(config-vlan)#exit
CTTC_FINANCE(config)#int fa0/3
CTTC_FINANCE(config-if)#switchport mode access
CTTC_FINANCE(config-if)#switchport access vlan 20
CTTC_FINANCE(config-if)#exit
CTTC_FINANCE(config)#spanning-tree vlan 20 priority 4096
CTTC_FINANCE(config)#do show spanning-tree
VLAN0001
Cost 19

Address 0060.2F37.4B21
Aging Time 20

---------------- ---- --- --------- -------- --------------------------------
VLAN0020

Aging Time 20

---------------- ---- --- --------- -------- --------------------------------
14

LAB: Port Security
OBJECTIVE: To Implement Basic Port Security Features On Cisco Switch
CTTC(config)#interface fa0/1
CTTC(config-if)#switchport mode access
CTTC(config-if)#switchport port-security
CTTC(config-if)#switchport port-security mac-address sticky
CTTC(config-if)#switchport port-security maximum 1
CTTC(config-if)#switchport port-security violation shutdown
CTTC(config-if)#exit
CTTC(config)#interface fa0/2
CTTC(config-if)#switchport mode access
CTTC(config-if)#switchport port-security
CTTC(config-if)#switchport port-security mac-address sticky
CTTC(config-if)#switchport port-security maximum 1
CTTC(config-if)#switchport port-security violation shutdown
15

Verify Port-Security MAC Address:
CTTC#show port-security address
Secure Mac Address Table

-------------------------------------------------------------------------------
Vlan Mac Address Type Ports Remaining Age
(mins)
---- ----------- ---- ----- -------------
1 0060.705E.07CB SecureSticky FastEthernet0/1 -
1 0090.21BD.4810 SecureSticky FastEthernet0/2 -
------------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 1024
Verify Port-Security Interface FastEnthernet Fa0/1:

CTTC#show port-security interface f0/1
Port Security : Enabled

Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 1
Last Source Address:Vlan : 0060.705E.07CB:1
Security Violation Count : 0
Max Addresses value depends upon the model of the device.

Note:
Manual MAC address can be entered in port-security instead on using sticky
Violation modes can be set to protect, restrict or shutdown.

command.
16

What happens if violation occurred?
When a new PC is attached to the port on which port-security is enabled then Switch
will take an action which is set in the violation mode.
Verify when violation is occurred:

CTTC#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
-------------------------------------------------------------------------------------------------------------
Fa0/1 1 1 1 Shutdown
Fa0/2 1 1 1 Shutdown
17

LAB: Inter-VLAN Routing
OBJECTIVE: To Implement Inter Vlan Routing On Layer 3 Switch
CONFIGURATION OF CTTC_HR 1:
CTTC_HR#conf t
CTTC_HR(config)#vlan 10,20
CTTC_HR(config-vlan)#exit
CTTC_HR(config)#int vlan 1
CTTC_HR(config-if)#ip address 11.0.0.1 255.0.0.0
CTTC_HR(config-if)#no shut
CTTC_HR(config-if)#int vlan 10
CTTC_HR(config-if)#int vlan 20
CTTC_HR(config)#ip routing
CTTC_HR(config)#do show ip route
18

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 20.0.0.0/8 is directly connected, Vlan20
CONFIGURATION OF CTTC_SALES 2:
CTTC_SALES(config)#VLAN 10
CTTC_SALES(config-vlan)#VLAN 20
CTTC_SALES(config-vlan)#EXIT
CTTC_SALES(config)#int fa0/13
CTTC_SALES(config-if)#switchportport mode access
CTTC_SALES(config-if)#switchport access vlan 20
CTTC_SALES(config-if)#exit
CTTC_SALES(config-if)#switchport mode access
CTTC_SALES(config)#int vlan 1
CTTC_SALES(config-if)#ip address 11.0.0.100 255.0.0.0
CTTC_SALES(config-if)#no shutdown
CTTC_SALES(config)#ip default-gateway 11.0.0.1
NOW DO PING FROM PC1 TO PC2
19

LAB: Inter VLAN Routing (IVR)
Objective: Configuring Router on Stick
Configuring CTTC_SALES
CTTC_SALES(config)#vlan 10
CTTC_SALES(config-vlan)#name HR
CTTC_SALES(config-vlan)#vlan 20
CTTC_SALES(config-vlan)#name Sales
CTTC_SALES(config-vlan)#exit
CTTC_SALES(config)#interface fa0/1
CTTC_SALES(config-if)#switchport mode trunk
20

Configuring CTTC_HR
CTTC_HR(config)#interface fa0/0
CTTC_HR(config-if)#no shutdown
Creating sub-interface for VLAN 10 on CTTC_HR
CTTC_HR(config)#interface fa0/0.10
CTTC_HR(config-subif)#encapsulation dot1Q 10
CTTC_HR(config-subif)#ip address 10.0.0.100 255.0.0.0
CTTC_HR(config-subif)#exit
Creating sub-interface for VLAN 20 on CTTC_HR
CTTC_HR(config)#interface fa0/0.20
CTTC_HR(config-subif)#encapsulation dot1Q 20
CTTC_HR(config-subif)#ip address 20.0.0.100 255.0.0.0
CTTC_HR(config-subif)#exit
21

22

LAB: Ether Channel
OBJECTIVE: Create an Ether Channel on Layer 3 Switch
Configuration on sw1
CTTC_MKT(config)#int range fa0/1-2

CTTC_MKT(config-if-range)#no switchport
CTTC_MKT(config-if-range)#channel-group 1 mode desirable
Configuration on sw2
CTTC_SALES(config-if-range)#exit
CTTC_SALES(config)#int range fa0/1 - 2
CTTC_SALES(config-if-range)#no switchport
CTTC_SALES(config-if-range)#channel-group 1 mode desirable
CTTC_SALES(config)#do show ether summary
Flags: D - down P - bundled in port-channel

I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1

Number of aggregators: 1
Group Port-channel Protocol Ports

------+-------------+-----------+-----------------------------------------------
1 Po1(RU) PAgP Fa0/13(P) Fa0/14(P)
23

LAB: Ether Channel
OBJECTIVE: How to create an ether channel on layer 2 switch
\
Configuration on CTTC_SALES
CTTC_SALES(config)#int range fa0/1-2
CTTC_SALES(config-if-range)#switchport
CTTC_SALES(config-if-range)#channel-group 1 mode active
CTTC_SALES(config-if-range)#exit
CTTC_SALES(config)#int port-channel 1
CTTC_SALES(config-if)#switchport trunk encapsulation dot1q
Configuration on CTTC_MKT
CTTC_MKT(config)#int range fa0/1-2
CTTC_MKT(config-if-range)#switchport
CTTC_MKT(config-if-range)#channel-group 1 mode passive
CTTC_MKT(config-if)#switchport trunk encapsulation dot1q
CTTC_MKT(config-if-range)#exit
CTTC_MKT(config-if)#do show ether summary
Flags: D - down P - bundled in port-channel

I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met

u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1

Number of aggregators: 1
Group Port-channel Protocol Ports

------+-------------+-----------+-----------------------------------------------
1 Po1(SU) LACP Fa0/13(P) Fa0/14(P)
24

LAB: Multiple spanning tree protocol (MSTP)
OBJECTIVE: How to configure MSTP and show its effect
CONFIGURATION ON CTTC_MKT
CTTC_MKT>
CTTC_MKT>enable
CTTC_MKT#conf terminal
CTTC_MKT(config)#vlan 10,20,30,40,50,60,70,80
CTTC_MKT#show vlan
VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/5, Fa0/6, Fa0/7, Fa0/8,
Fa0/9, Fa0/10Fa0/11, Fa0/12, Fa0/13,
Fa0/14,Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24,
Gi0/1, Gi0/2
10 VLAN0010 active
20 VLAN0020 active
30 VLAN0030 active
40 VLAN0040 active
50 VLAN0050 active
60 VLAN0060 active
70 VLAN0070 active
80 VLAN0080 active
50 enet 100050 1500 - - - - - 0 0
60 enet 100060 1500 - - - - - 0 0
70 enet 100070 1500 - - - - - 0 0
80 enet 100080 1500 - - - - - 0 0
90 enet 100090 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
25

CTTC_MKT# show spanning-tree
VLAN0001
Address 000b.be53.a400

Aging Time 300

------------------- ---- --- --------- -------- --------------------------------
VLAN0010

Aging Time 300

------------------- ---- --- --------- -------- --------------------------------
26

VLAN0020

Aging Time 300

------------------- ---- --- --------- -------- --------------------------------
VLAN0030

Aging Time 300

------------------- ---- --- --------- -------- --------------------------------
27

VLAN0040


Aging Time 300

------------------- ---- --- --------- -------- --------------------------------
VLAN0050

Aging Time 300

------------------- ---- --- --------- -------- --------------------------------
28

VLAN0060

Aging Time 300

------------------- ---- --- --------- -------- --------------------------------
VLAN0070

Aging Time 300

------------------- ---- --- --------- -------- --------------------------------
29

VLAN0080

Aging Time 300

------------------- ---- --- --------- -------- --------------------------------
VLAN0090

Aging Time 300

------------------- ---- --- --------- -------- --------------------------------
30

VLAN0100

Aging Time 300

------------------- ---- --- --------- -------- --------------------------------
VLAN0110

Aging Time 300

------------------- ---- --- --------- -------- --------------------------------
Fa0/3 Desg LRN 19 128.3 P2p
31

VLAN0120

Aging Time 300

------------------- ---- --- --------- -------- --------------------------------
ENABLING MST
CTTC_MKT#configure t
CTTC_MKT(config)#spanning-tree mode mst
CTTC_MKT(config)#do show spanning-tree
MST0
Spanning tree enabled protocol mstp


------------------- ---- --- --------- -------- --------------------------------
Fa0/3 Desg FWD 200000 128.3 P2p
Fa0/4 Desg FWD 200000 128.4 P2p
32

CTTC_MKT(config)#spanning-tree mst configuration
CTTC_MKT(config-mst)#name cisco
CTTC_MKT(config-mst)#revision 1
CTTC_MKT(config-mst)#instance 1 vlan
CTTC_MKT(config-mst)#instance 1 vlan 10-50
CTTC_MKT(config-mst)#instance 2 vlan 60-120
CTTC_MKT(config-mst)#show current
Current MST configuration

Name []
Revision 0 Instances configured 1
Instance Vlans mapped

-------- ---------------------------------------------------------------------
0 1-4094
-------------------------------------------------------------------------------
CTTC_MKT(config-mst)#show pending
Pending MST configuration

Name [cisco]

-------- ---------------------------------------------------------------------
0 1-9,51-59,121-4094
1 10-50
2 60-120
CTTC_MKT(config-mst)#exit
CTTC_MKT(config)#do show spanning-treen mst conf
Name [cisco]

-------- ---------------------------------------------------------------------
0 1-9,51-59,121-4094
1 10-50
2 60-120
33

CTTC_MKT(config)#do show spanning-tree
MST0


------------------- ---- --- --------- -------- --------------------------------
Fa0/3 Desg FWD 200000 128.3 P2p
Fa0/4 Desg FWD 200000 128.4 P2p
MST1


------------------- ---- --- --------- -------- --------------------------------
Fa0/3 Desg FWD 200000 128.3 P2p
Fa0/4 Desg FWD 200000 128.4 P2p
34

MST2


------------------- ---- --- --------- -------- --------------------------------
Fa0/3 Desg FWD 200000 128.3 P2p
Fa0/4 Desg FWD 200000 128.4 P2p
CONFIGURATION ON CTTC_SALES
CTTC_SALES(config)#vlan 10 ,20,30,40,50,60,70,80,90,100,110,120
CTTC_SALES(config-vlan)#exit
CTTC_SALES(config)# do show vlan

---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24, Gi0/1, Gi0/2
10 VLAN0010 active
20 VLAN0020 active
30 VLAN0030 active
40 VLAN0040 active
50 VLAN0050 active
60 VLAN0060 active
70 VLAN0070 active
80 VLAN0080 active
90 VLAN0090 active
100 VLAN0100 active
110 VLAN0110 active
120 VLAN0120 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup

---- -------------------------------- --------- -------------------------------
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
35

VLAN Type SAID MTU Parent RingNoBridgeNoStpBrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
40 enet 100040 1500 - - - - - 0 0
50 enet 100050 1500 - - - - - 0 0
60 enet 100060 1500 - - - - - 0 0
70 enet 100070 1500 - - - - - 0 0
80 enet 100080 1500 - - - - - 0 0
90 enet 100090 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
110 enet 100110 1500 - - - - - 0 0
120 enet 100120 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
VLAN Type SAID MTU Parent RingNoBridgeNoStpBrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1004 fdnet 101004 1500 - - - ieee - 0 0
CTTC_SALES(config)#do show spanning-tree
VLAN0001
Cost 19
Port 4 (FastEthernet0/4)

Address 000f.2468.0500
Aging Time 300

------------------- ---- --- --------- -------- --------------------------------
36

VLAN0010
Cost 19

Address 000f.2468.0500
Aging Time 300

------------------- ---- --- --------- -------- --------------------------------
VLAN0020
Cost 19

Address 000f.2468.0500
Aging Time 300

------------------- ---- --- --------- -------- --------------------------------
OUTPUT CONTINUE.
37

CTTC_SALES(config)#spanning-tree mode mst
MST0
Cost 200000

Address 000f.2468.0500

------------------- ---- --- --------- -------- --------------------------------
Fa0/3 Altn BLK 200000 128.3 P2p Bound(RSTP)
Fa0/4 Root FWD 200000 128.4 P2p Bound(RSTP)

Aging Time 300

------------------- ---- --- --------- -------- --------------------------------
CTTC_SALES(config)#spanning-tree mode mst

CTTC_SALES(config)#spanning-tree mst configuration
CTTC_SALES(config-mst)#name cisco
CTTC_SALES(config-mst)#revision 1
CTTC_SALES(config-mst)#instance 1 vlan 10-50
CTTC_SALES(config-mst)#instance 2 vlan 60-120
CTTC_SALES(config-mst)#exit
CTTC_SALES(config)#spanning-tree mst 1 root primary
38

MST0

Cost 0

Address 000f.2468.0500

------------------- ---- --- --------- -------- --------------------------------
Fa0/3 Altn BLK 200000 128.3 P2p
Fa0/4 Root FWD 200000 128.4 P2p
MST1

Address 000f.2468.0500

Address 000f.2468.0500

------------------- ---- --- --------- -------- --------------------------------
Fa0/3 Desg FWD 200000 128.3 P2p
Fa0/4 Desg FWD 200000 128.4 P2p
39

MST2
Cost 200000

Address 000f.2468.0500

------------------- ---- --- --------- -------- --------------------------------
Fa0/3 Altn BLK 200000 128.3 P2p
Fa0/4 Root FWD 200000 128.4 P2p
CTTC_SALES(config)#do show spanning-tree mst conf
Name [cisco]
-------- ---------------------------------------------------------------------
0 1-9,51-59,121-4094
1 10-50
2 60-120
40

LAB: Hot Standby Redundancy Protocol (HSRP)
OBJECTIVE: Configure HSRP on Cisco Routers
CONFIGURATION ON CTTC_WAN:
CTTC_WAN>
CTTC_WAN>enable
CTTC_WAN#configure t
CTTC_WAN(config)#int f0/1
CTTC_WAN(config-if)#ip address 12.0.0.1 255.0.0.0
CTTC_WAN(config-if)#no shutdown
CTTC_WAN(config-if)#exit
41

CONFIGURATION ON CTTC_SALES :
CTTC_SALES>en
CTTC_SALES#configure terminal
CTTC_SALES(config-if)#no shut
CTTC_SALES(config-if)#standby 1 ip 10.0.0.100
CTTC_SALES(config-if)#standby 1 preempt
CTTC_SALES(config-if)#do sh standby
FastEthernet0/1 - Group 1
State is Standby
7 state changes, last state change 00:00:12
Virtual IP address is 10.0.0.100
Active virtual MAC address is 0000.0c07.ac01
CTTC_SALES(config-if)#int fa0/1
CTTC_SALES(config-if)#standby 1 priority 110
State is Active
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.920 secs
Preemption enabled
Active switch is local
Standby switch is unknown
Priority 110 (configured 110)
IP redundancy name is "hsrp-Fa0/1-1" (default)
42

CHANGING DEFAULT TIMERS
CTTC_SALES(config-if)#standby 1 timers 1 4
State is Active
Preemption enabled
Standby switch is 10.0.0.2, priority 100 (expires in 3.796 sec)
Priority 110 (configured 110)
TO SHOW HOW TRACK COMMAND WORKS

CTTC_SALES(config-if)#shutdown
State is Init (interface down)
Active virtual MAC address is unknown
Preemption enabled
Active switch is unknown
Priority 100 (default 100)
Track interface FastEthernet0/0 state Up decrement 20
43

CONFIGURATION ON CTTC_MKT:
CTTC_MKT>en
CTTC_MKT#configure terminal
CTTC_MKT(config-if)#int f0/1
CTTC_MKT(config-if)#ip address 12.0.0.2 255.0.0.0
CTTC_MKT(config-if)#no shut
CTTC_MKT(config-if)#exit
CTTC_MKT(config)#int fa0/0
CTTC_MKT(config-if)#standby 1 ip 10.0.0.100
CTTC_MKT(config-if)#standby 1 preempt
CTTC_MKT(config-if)#exit
CTTC_MKT(config)#do show standby
State is Active
Local virtual MAC address is 0000.0c07.ac01 (default)
Preemption disabled
44

AFTER CHANGING PRIORITY ON CTTC_SALES
CTTC_MKT(config-if)#do show standby
State is Standby
Preemption enabled
Active switch is 10.0.0.1, priority 100 (expires in 9.716 sec)
Standby switch is local
State is Standby
Preemption enabled
45

CHANGING THE DEFAULT TIMERS
CTTC_MKT(config-if)#standby 1 timers 1 4
CTTC_MKT(config-if)#do show standbY
State is Standby
Preemption enabled
SHOWING HOW TRACKS WORK

State is Active
Preemption enabled
46

Virtual Router Redundancy Protocol (VRRP)
OBJECTIVE: How to configure VRRP and to show its results
CONFIGURATION ON CTTC_WAN:
CTTC_WAN>
CTTC_WAN>enable
47

CONFIGURATION ON CTTC_SALES:
CTTC_SALES(config)#
CTTC_SALES(config-if)#vrrp 1 ip 10.0.0.100
CTTC_SALES(config-if)#
CTTC_SALES(config-if)#do sh vrrp
State is Backup
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master SWITCH is 10.0.0.2, priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 2.849 sec)
AFTER CONFIGURING PRIORITY AND PREEMT COMMAND:

CTTC_SALES(config-if)#vrrp 1 preempt
CTTC_SALES(config-if)#vrrp 1 priority 140
CTTC_SALES(config-if)#do sh vrrp
State is Master
Preemption enabled
Priority is 140
Master SWITCH is 10.0.0.1 (local), priority is 140
Master Down interval is 3.453 sec
48

CONFIGURATION ON CTTC_MKT:
CTTC_MKT(config-if)#vrrp 1 ip 10.0.0.100
CTTC_MKT(config-if)#do show vrrp
State is Master
Preemption enabled
Priority is 100
Master SWITCH is 10.0.0.2 (local), priority is 100
Master Down interval is 3.609 sec
CTTC_MKT(config-if)#vrrp 1 preempt
AFTER CONFIGURING PRIORITY AND PREEMT COMMAND:

CTTC_MKT(config-if)#do show vrrp
State is Backup
Preemption enabled
Priority is 100
Master SWITCH is 10.0.0.1, priority is 140
Master Down interval is 3.609 sec (expires in 3.317 sec)
49

Gateway Load Balancing Protocol (GLBP)
OBJECTIVE: How to configure GLBP and show its results
CONFIGURATION ON CTTC_WAN
CTTC_WAN>enable
50

CTTC_SALES(config)#int fa 0/1
CTTC_SALES(config-if)#glbp 1 ip 10.0.0.100
51

CTTC_SALES (config-if)#do show glbp
State is Init (interface down)
Redirect time 600 sec, forwarder time-out 14400 sec
Preemption disabled
Active is unknown
Standby is unknown
Priority 100 (default)
Weighting 100 (default 100), thresholds: lower 1, upper 100
Load balancing: round-robin
Group members:
0007.0e3d.79c5 (10.0.0.1) local
There are no forwarders
CTTC_SALES(config-if)#do sh glbp
State is Speak
Preemption disabled
Active is 10.0.0.2, priority 100 (expires in 9.776 sec)
Standby is unknown
Group members:
0007.0e3d.79c5 (10.0.0.1) local
0008.a379.d660 (10.0.0.2)
There are 2 forwarders (0 active)
Forwarder 1
State is Listen
MAC address is 0007.b400.0101 (learnt)
Owner ID is 0008.a379.d660
Time to live: 14399.776 sec (maximum 14400 sec)
Preemption enabled, min delay 30 sec
Active is 10.0.0.2 (primary), weighting 100 (expires in 9.776 sec)
Forwarder 2
State is Listen
MAC address is 0007.b400.0102 (default)
Owner ID is 0007.0e3d.79c5
Preemption enabled, min delay 30 sec (18 secs remaining)
Active is 10.0.0.2 (secondary), weighting 100 (expires in 7.348 sec)
CTTC_SALES(config-if)#glbp 1 preempt
52

CONFIGURATION ON CTTC_MKT
CTTC_MKT#configure terminal
CTTC_MKT(config)#int s0/1
CTTC_MKT(config-if)#int fa0/0
CTTC_MKT(config-if)#glbp 1 ip 10.0.0.100
CTTC_MKT(config-if)#do show glbp
State is Active
Preemption disabled
Active is local
Standby is unknown
There are 2 forwarders (1 active)
Forwarder 1
State is Active
1 state change, last state change 00:00:42
MAC address is 0007.b400.0101 (default)
Owner ID is 0008.a379.d660
Redirection enabled
Active is local, weighting 100
Forwarder 2
State is Disabled
MAC address is 0007.b400.0102 (learnt)
Owner ID is 0007.0e3d.79c5
Redirection enabled, 598.924 sec remaining (maximum 600 sec)
Time to live: 14398.924 sec (maximum 14400 sec)
Active is 10.0.0.1 (primary), weighting 100 (expires in 8.924 sec)
53

LAB: Bridge Protocol Data Unit Guard
CONFIGURATION ON CTTC_HR
CTTC_HR(config)interface fa0/20
CTTC_HR(config-if)#spanning-tree bpduguard enable
After connecting interface fa0/20 with switch cttc_SALES int fa0/20
CTTC_HR (config-if)#do show spanning-tree
54

CTTC_SALES(config)interface fa0/20
CTTC_SALES(config-if)#spanning-tree bpduguard enable
After connecting interface fa0/20 with switch cttc_HR int fa0/20
CTTC_SALES (config-if)#do show spanning-tree
55

LAB: Root Guard
OBJECTIVE: To show the impact of root guard
CTTC_HR>enable
CTTC_HR#configure terminal
CTTC_HR(config)#spanning-tree vlan 1 priority 12288
VLAN0001
Address 000f.2468.0500
Cost 19

Address 000e.d741.2200
Aging Time 15

------------------- ---- --- --------- -------- --------------------------------
Fa0/6 Root FWD19 128.6 P2p
Fa0/16 Desg FWD 19 128.16 P2p
56

CTTC_HR(config-if)#int fa0/16
CTTC_HR(config-if)#spanning-tree guard root
*Mar 1 00:35:51.807: %SPANTREE-2-ROOTGUARD_CONFIG_CHANGE: Root guard enabled on

port FastEthernet0/16.
*Mar 1 00:36:30.523: %SPANTREE-2-ROOTGUARD_BLOCK: Root guard blocking por
Configuration on CTTC_SALES
CTTC_SALES(config)#spanning-tree vlan 1 priority 8192

VLAN0001
Address 000f.2468.0500

Address 000f.2468.0500
Aging Time 15

------------------- ---- --- --------- -------- --------------------------------
Fa0/16 Desg FWD 19 128.16 P2p
CTTC_SALES(config-if)#int fa0/16
CTTC_SALES(config-if)#spanning-tree guard root
*Mar 1 00:30:31.535: %SPANTREE-2-ROOTGUARD_CONFIG_CHANGE: Root guard enabled on

port FastEthernet0/16.xit
*Mar 1 00:30:47.523: %SPANTREE-2-ROOTGUARD_BLOCK: Root guard blocking port
FastEthernet0/16 on VLAN0001.
57

CONFIGURATION ON CTTC_FINANCE
CTTC_FINANCE(config)#do show spanning-tree
VLAN0001
Address 000f.2468.0500
Cost 19

Aging Time 15

------------------- ---- --- --------- -------- --------------------------------
Fa0/19 Root FWD 19 128.19 P2p
Fa0/20 Altn BLK 19 128.20 P2p
Changing priority on CTTC_FINANCE
CTTC_FINANCE(config)#spanning-tree vlan 1 priority 0

CTTC_FINANCE#show spanning-tree
VLAN0001
Root ID Priority 1

Aging Time 300

------------------- ---- --- --------- -------- --------------------------------
Fa0/19 Desg FWD 19 128.19 P2p
Fa0/20 Desg FWD 19 128.20 P2p
58

LAB: DHCP SNOOPING
OBJECTIVE: To Show the Effect Of Dhcp Snooping By Trusting And Un-

Trusting The Port
CTTC_HR>enable
CTTC_HR#conf igure terminal
CTTC_HR(config)#ipdhcp pool cttc_pool
CTTC_HR(dhcp-config)#network 192.168.1.0 255.255.255.0
CTTC_HR(dhcp-config)#default-router 192.168.1.1
CTTC_HR(dhcp-config)#exit
CTTC_HR(config)#ipdhcp excluded-address 192.168.1.1 192.168.1.5
59

Note: After implementing the command ip dhcp snooping
CTTC_SALES(config)#ip dhcp snooping

CTTC_SALES(config)#interface fastethernet 0/20
60

CTTC_SALES(config-if)#ip dhcp snooping trust
61

LAB: VLAN Access Control List (VACL)
OBJECTI VE: To Show How VlAN Access List Works By Blocking the
Communication between Two Clients of the Same VLAN
Configuration on CTTC_HR
CTTC_HR>enable
CTTC_HR#conf igure terminal
CTTC_HR(config)#access-list 100 permit ip host 10.0.0.5 host 10.0.0.12
CTTC_HR(config)#vlan access-map block
CTTC_HR(config)#vlan access-map block 10
CTTC_HR(config-access-map)#match ip address 100
CTTC_HR(config-access-map)#action drop
CTTC_HR(config-access-map)#vlan access-map block 20
CTTC_HR(config-access-map)#action forward
CTTC_HR(config-access-map)#exit
CTTC_HR(config)#vlan filter block vlan-list 1
CTTC_HR(config)#exit
62

63

CCNP Switch

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

CCNP Switch

Enviado por

Direitos autorais:

Formatos disponíveis

CCNP Switch

CTTC (PVT) Limited CCNP Switch Lab Manual

CTTC Professional Development Program.

CTTC (PVT) Limited

Warning and Disclaimer

Mr. Muddasar Sharif

Mr. Tharpal Das

Mr. Ahmed Saeed

Mr. Farrukh Nizami

CTTC (PVT) Limited CCNP Switch Lab Manual

OBJECTIVE: Configuring VLAN on Cisco Switches

CTTC (PVT) Limited CCNP Switch Lab Manual

CTTC (PVT) Limited CCNP Switch Lab Manual

CTTC (PVT) Limited CCNP Switch Lab Manual

CTTC_HR(config)#do sh int fa0/2 switchport

CTTC (PVT) Limited CCNP Switch Lab Manual

OBJECTIVE: Configuring VTP on Cisco Switches

Configuration CTTC-MKT Switch

CTTC_MKT(config)#do show vtp status

CTTC (PVT) Limited CCNP Switch Lab Manual

Configuration cttc- sales Switch

CTTC (PVT) Limited CCNP Switch Lab Manual

CTTC (PVT) Limited CCNP Switch Lab Manual

OBJECTIVE: Configuring RSTP and PVSTP on Cisco Switches

Verify Root Bridge on Switch-1:

Interface Role Sts Cost PrioNbr Type

CTTC (PVT) Limited CCNP Switch Lab Manual

Changing CTTC_HR to Root Bridge:

Priority must be in the multiple 4096.

CTTC_HR(config)#spanning-tree vlan 1 root primary

Verify CTTC_HR as Root Bridge:

Root ID Priority 24577

Enabling Portfast feature on all switches:

CTTC_SALES (config)#spanning-tree portfast default

CTTC (PVT) Limited CCNP Switch Lab Manual

Per Vlan Spanning Tree (Pvst)

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Interface Role Sts Cost Prio.Nbr Type

Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)

Interface Role Sts Cost Prio.Nbr Type

CTTC (PVT) Limited CCNP Switch Lab Manual

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Interface Role Sts Cost Prio.Nbr Type

Bridge ID Priority 24586 (priority 24576 sys-id-ext 10)

Interface Role Sts Cost Prio.Nbr Type

CTTC (PVT) Limited CCNP Switch Lab Manual

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Interface Role Sts Cost Prio.Nbr Type

Bridge ID Priority 32788 (priority 32768 sys-id-ext 20)

Interface Role Sts Cost Prio.Nbr Type

CTTC (PVT) Limited CCNP Switch Lab Manual

OBJECTIVE: To Implement Basic Port Security Features On Cisco Switch

CTTC (PVT) Limited CCNP Switch Lab Manual

CTTC#show port-security address

Secure Mac Address Table

Verify Port-Security Interface FastEnthernet Fa0/1:

Port Security : Enabled

Max Addresses value depends upon the model of the device.

Manual MAC address can be entered in port-security instead on using sticky

Violation modes can be set to protect, restrict or shutdown.

CTTC (PVT) Limited CCNP Switch Lab Manual

Verify when violation is occurred:

CTTC (PVT) Limited CCNP Switch Lab Manual

OBJECTIVE: To Implement Inter Vlan Routing On Layer 3 Switch