CCNPv7 SWITCH Skills-Based Assessment Exam Answers (SBA)

Jul 18, 2021 Last Updated: Jul 18, 2021 Tutorials 1 Comment
Tweet Share Pin it

CCNP v7 SWITCH Skills-Based Assessment INSTRUCTOR VERSION

Topology

CCNPv7 SWITCH Skills-Based Assessment Exam Answers (SBA) 4

Objectives

  • Part 1: Build the physical network topology (optional).
  • Part 2: Configure the switches in the topology according to the diagram and the specifications provided.
  • Part 3: Test the network for connectivity and the configured options.

Exam Overview

This skills-based assessment (SBA) is the final practical exam for Academy training for the course CCNPv7 SWITCH. In Part 1, you build the physical network. In part 2, you configure various features such as trunking, EtherChannel, VTP, VLANs, SVIs, routed links, and HSRP. In Part 3, you create a Tcl script to test IP connectivity and use show commands to verify configured options. This exam combines device configuration and troubleshooting.

Note: This lab uses Cisco Catalyst 3560 and 2960 switches running Cisco IOS 15.0(2)SE6 IP Services and LAN Base images, respectively. The 3560 and 2960 switches are configured with the SDM templates “dual-ipv4-and-ipv6 routing” and “lanbase-routing”, respectively. Depending on the switch model and Cisco IOS Software version, the commands available and output produced might vary from what is shown in this lab. Catalyst 3650 switches (running any Cisco IOS XE release) and Catalyst 2960-Plus switches (running any comparable Cisco IOS image) can be used in place of the Catalyst 3560 switches and the Catalyst 2960 switches.

Required Resources

• 2 switches (Cisco 2960 with the Cisco IOS Release 15.0(2)SE6 C2960-LANBASEK9-M image or comparable)
• 2 switches (Cisco 3560 with the Cisco IOS Release 15.0(2)SE6 C3560-IPSERVICESK9-M image or comparable)
• Ethernet and console cables
• 4 PCs with Windows OS

  • PC C (Connected to DLS1) additionally requires the following software:
    • ManageEngine MibBrowser
    • TFTPD32
    • WinRadius

Instructions

Part 1: Build the Physical Network (Optional)

Connect all devices as shown in the topology. You must use the interfaces specified in diagram, if possible. Clear all previous configurations.

Part 2: Configure the network according to specifications.

a. Shutdown all interfaces on each switch.

b. Configure each switch with a hostname and the enable secret class.

c. Configure trunks and port-channels as shown in the diagram. Issue the no shut command as you go.

1) The connection between DLS1 and DLS2 will be a layer-3 EtherChannel using LACP. DLS1 will use the IP address 10.12.12.1/30 and DLS2 will use 10.12.12.2/30.
2) The Port-channels on interfaces fa0/7 and fa0/8 will use LACP.
3) The Port-channels on interfaces f0/9 and fa0/10 will use PAgP.
4) All trunks will use VLAN 800 as the native VLAN.

d. Configure DLS1, ALS1, and ALS2 to use VTP version 3

1) Use the domain name SWITCHSBA with the password !ssalc
2) Configure DLS1 as the primary server for VLANs.
3) Configure ALS1 and ALS2 as VTP clients.

e. On the primary VLAN server create and name the following VLANs:

VLAN Number VLAN Name VLAN Number VLAN Name
800 NATIVE 434 PARKING
12 EXECUTIVES 123 CUBES
234 GUEST 1010 VOICE
1111 VIDEONET 3456 MANAGEMENT

f. On DLS1, suspend VLAN 434.

g. Configure DLS2 to be a VTP Transparent mode switch using VTP version 2, then locally configure the same VLANs and VLAN names. Suspend VLAN 434

h. On DLS2, create VLAN 567 and name it ACCOUNTING. The Accounting VLAN will NOT be configured or available on any other switch in the network.

i. Configure DLS1 as the spanning tree root for VLANs 1, 12, 434, 800, 1010, 1111, and 3456 and as a secondary root for VLANs 123 and 234

j. Configure DLS2 as the spanning tree root for VLANs 123 and 234 and as a secondary root for VLANs 12, 434, 800, 1010, 1111, and 3456.

k. Configure all trunks so that, with the exception of VLANs 1, 434 and 567, only the VLANs that have been created are allowed to cross the trunk

l. Assign interfaces as access ports to VLANs as follows:

DLS1 DLS2 ALS1 ALS2
Interface Fa0/6 3456 12   / voice 1010 123   / voice 1010 234
Interface Fa0/15 1111 1111 1111 1111
Interfaces F0/16-18 567

m. All unused interfaces will be assigned to the parking lot VLAN and shut down.

n. Configure SVIs on DLS1 and DLS2 in support of all of the VLANs and inter-VLAN routing. Use the following table for subnet assignments:

VLAN VLAN Name Subnet VLAN VLAN Name Subnet
12 EXECUTIVES 10.0.12.0/24 123 CUBES 10.0.123.0/24
234 GUEST 10.0.234.0/24 1010 VOICE 10.10.10.0/24
1111 VIDEONET 10.11.11.0/24 3456 MANAGEMENT 10.34.56.0/24

DLS1 will always use the .252 address and DLS2 will always use the .253 address for IPv4 addresses. VLAN 567 on DLS2 will NOT be supported by routing.

Use 10.34.56.101 as the management address on ALS1 and 10.34.56.102 on ALS2.

o. Configure an interface Loopback 0 on both DLS1 and DLS2. This interface will be addressed 1.1.1.1/32 on both switches.

p. Configure HSRP with interface tracking for VLANs 12, 123, 234, 1010, and 1111

1) Use HSRP version 2
2) Create two HSRP groups, aligning VLAN 12, 1010, 1111, and 3456 to the first group and 123 and 234 to the second group.
3) DLS1 will be the primary switch for VLANs 12, 1010, 1111, and 3456; DLS2 will be the primary switch for VLANs 123 and 234.
4) Configure all groups with preemption. Further configure priority to ensure that the primary switch takes over upon recovery.
5) Use the virtual address .254 as the standby address for all VLANs
6) Configure interface tracking so that each group tracks the local interface Loopback 0 interface.

q. Set the correct UTC time, configure DLS1 as an NTP server and then set the correct time zone.

r. Configure DLS2, ALS1, and ALS2 to use the Management network to synchronize time with the NTP server.

s. Configure HOST C with a static IPv6 address of 10.34.56.50/24 and a default-gateway of 10.34.56.254

t. Configure all four switches to use AAA to authenticate VTY lines 0 through 4. The RADIUS server is on HOST C (10.34.56.50) and uses WinRadius with a shared secret key of WinRadius. Ensure aaa new-model is configured. Further ensure that there is a fallback account configured should the RADIUS server not be available.

1) AAA Account: studentaaa password cisco123
2) Local Fallback Account: lastditch password 321ocsic

u. Configure all four switches to use SNMP version 3.

1) The SNMP Server is HOST C at 10.34.56.50
2) SNMP v3 will use PRIV with AES 128 and AUTH with SHA.
3) The community string will be switch-sba
4) The secret key will be cisco123
5) The username will be sbastudent and password will be cisco123

v. Configure DLS1 to be a DHCP server for VLANs 12, 123, and 234

1) Exclude the addresses .251-.254 in each subnet
2) Set the DNS server to 1.1.1.1 for all three pools.
3) Set the default router to the HSRP virtual address for each VLAN

w. Obtain IPv4 addresses on Hosts A, B, and D via DHCP.

Part 3: Test network connectivity and configured options.

a. Create a Tcl script to test connectivity from each distribution layer switch to the addresses you assigned in the topology.

From DLS1:

tclsh
foreach address {
10.12.12.2
10.0.12.253
10.0.123.253
10.0.234.253
10.10.10.253
10.11.11.253
10.34.56.253
10.34.56.101
10.34.56.102
10.34.56.50
10.0.12.254
10.0.123.254
10.0.234.254
10.10.10.254
10.11.11.254
10.34.56.254
} {
ping $address
}

From DLS2:

tclsh
foreach address {
10.12.12.1
10.0.12.252
10.0.123.252
10.0.234.252
10.10.10.252
10.11.11.252
10.34.56.252
10.34.56.101
10.34.56.102
10.34.56.50
10.0.12.254
10.0.123.254
10.0.234.254
10.10.10.254
10.11.11.254
10.34.56.254
} {
ping $address
}

b. What is the show command used to verify that the correct VLANs exist on all switches and contain the correct ports? show vlan brief

DLS1#show vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active
12   EXECUTIVES                       active
123  CUBES                            active
234  GUEST                            active
434  PARKING                          suspended Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/13, Fa0/14, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gi0/1, Gi0/2
800  NATIVE                           active
1002 fddi-default                     act/unsup
1003 trcrf-default                    act/unsup
1004 fddinet-default                  act/unsup
1005 trbrf-default                    act/unsup
1010 VOICE                            active
1111 VIDEONET                         active    Fa0/15
3456 MANAGEMENT                       active    Fa0/6
DLS1#

DLS2#show vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active
12   EXECUTIVES                       active    Fa0/6
123  CUBES                            active
234  GUEST                            active
434  PARKING-LOT                      suspended Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/13, Fa0/14, Fa0/19
                                                Fa0/20, Fa0/21, Fa0/22, Fa0/23
                                                Fa0/24, Gi0/1, Gi0/2
567  ACCOUNTING                       active    Fa0/16, Fa0/17, Fa0/18
800  NATIVE-VLAN                      active
1002 fddi-default                     act/unsup
1003 trcrf-default                    act/unsup
1004 fddinet-default                  act/unsup
1005 trbrf-default                    act/unsup
1010 VOICE                            active    Fa0/6
1111 VIDEONET                         active    Fa0/15
3456 MANAGEMENT                       active
DLS2#


ALS1#show vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/11, Fa0/12
12   EXECUTIVES                       active
123  CUBES                            active    Fa0/6
234  GUEST                            active
434  PARKING                          suspended Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/13, Fa0/14, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gi0/1, Gi0/2
800  NATIVE                           active
1002 fddi-default                     act/unsup
1003 trcrf-default                    act/unsup
1004 fddinet-default                  act/unsup
1005 trbrf-default                    act/unsup
1010 VOICE                            active    Fa0/6
1111 VIDEONET                         active    Fa0/15
3456 MANAGEMENT                       active
ALS1#


ALS2#show vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/11, Fa0/12
12   EXECUTIVES                       active
123  CUBES                            active
234  GUEST                            active    Fa0/6
434  PARKING                          suspended Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/13, Fa0/14, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gi0/1, Gi0/2
800  NATIVE                           active
1002 fddi-default                     act/unsup
1003 trcrf-default                    act/unsup
1004 fddinet-default                  act/unsup
1005 trbrf-default                    act/unsup
1010 VOICE                            active
1111 VIDEONET                         active    Fa0/15
3456 MANAGEMENT                       active
ALS2#

c. What is the show command used to verify that the EtherChannel between DLS1 and ALS1 is configured correctly? (answers may vary around show etherchannel) show etherchannel summary

DLS1#show etherchannel summary
Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator
        M - not in use, minimum links not met
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port


Number of channel-groups in use: 3
Number of aggregators:           3

Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
1      Po1(SU)         LACP      Fa0/7(P)    Fa0/8(P)
4      Po4(SU)         PAgP      Fa0/9(P)    Fa0/10(P)
12     Po12(RU)        LACP      Fa0/11(P)   Fa0/12(P)

DLS1#

d. What is the show command used to verify the spanning-tree configuration and root bridge (DLS1 or DLS2) for each VLAN? (answers may vary around show spanning-tree) show spanning-tree root

DLS1#show spanning-tree root

                                        Root    Hello Max Fwd
Vlan                   Root ID          Cost    Time  Age Dly  Root Port
---------------- -------------------- --------- ----- --- ---  ------------
VLAN0012         24588 e840.406f.7280         0    2   20  15
VLAN0123         24699 e840.406f.6e00        24    2   20  15  Po4
VLAN0234         24810 e840.406f.6e00        24    2   20  15  Po4
VLAN0800         25376 e840.406f.7280         0    2   20  15
VLAN1010         25586 e840.406f.7280         0    2   20  15
VLAN1111         25687 e840.406f.7280         0    2   20  15
VLAN3456         28032 e840.406f.7280         0    2   20  15
DLS1#

e. What is the show command used to verify that the correct SVIs exist and that the correct HRSP routers are primary and standby for each VLAN? (answers may vary around show standby) show standby brief

DLS1#show standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Vl12        1    110 P Active  local           10.0.12.253     10.0.12.254
Vl123       2    100 P Standby 10.0.123.253    local           10.0.123.254
Vl234       2    100 P Standby 10.0.234.253    local           10.0.234.254
Vl1010      1    110 P Active  local           10.10.10.253    10.10.10.254
Vl1111      1    110 P Active  local           10.11.11.253    10.11.11.254
Vl3456      1    110 P Active  local           10.34.56.253    10.34.56.254
DLS1#

f. Verify that NTP is working. DLS2, ALS1 and ALS2 should have NTP sync with DLS1.

DLS2#show ntp status
Clock is synchronized, stratum 5, reference is 10.34.56.252

ALS1#show ntp status
Clock is synchronized, stratum 5, reference is 10.34.56.252

ALS2#show ntp status
Clock is synchronized, stratum 5, reference is 10.34.56.252

g. Verify that AAA is working. From HOST C, telnet to each switch and login using the studentaaa account.

Ensure the RADIUS server is running and operational, and telnet to each switch from Host C should be successful.

h. Verify that SNMPv3 is working.

1) From HOST C, use ManageEngine MibBrowser to do a GET of the OID .1.3.6.1.2.1.2.2 (the interface table) from each switch.

CCNPv7 SWITCH Skills-Based Assessment Exam Answers (SBA) 5

2) Run Trap Viewer and enter then exit configuration mode on each switch. You should see traps received in the viewer window.

CCNPv7 SWITCH Skills-Based Assessment Exam Answers (SBA) 6

i. Verify that HSRP is working. From HOST A, start a continuous ping to 1.1.1.1. Then go to DLS2 and shutdown interface loopback 0. When this occurs, DLS2’s interface tracking should fail, causing it to demote itself from being the virtual gateway for VLAN 123. DLS1 will take over, and the still-running ping should show only minor packet loss.

C:\Users\student>ping -t 1.1.1.1

Pinging 1.1.1.1 with 32 bytes of data:
Reply from 1.1.1.1: bytes=32 time=1ms TTL=255
Reply from 1.1.1.1: bytes=32 time=2ms TTL=255
Reply from 1.1.1.1: bytes=32 time=1ms TTL=255
Reply from 1.1.1.1: bytes=32 time=1ms TTL=255
Reply from 1.1.1.1: bytes=32 time=2ms TTL=255
Reply from 1.1.1.1: bytes=32 time=2ms TTL=255
Reply from 1.1.1.1: bytes=32 time=1ms TTL=255
Reply from 1.1.1.1: bytes=32 time=2ms TTL=255
Reply from 1.1.1.1: bytes=32 time=1ms TTL=255
Reply from 1.1.1.1: bytes=32 time=1ms TTL=255
Reply from 10.0.123.253: Destination host unreachable.
Reply from 10.0.123.253: Destination host unreachable.
Reply from 10.0.123.253: Destination host unreachable.
Reply from 1.1.1.1: bytes=32 time=3ms TTL=255

Ping statistics for 1.1.1.1:
    Packets: Sent = 14, Received = 14, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 3ms, Average = 1ms
DLS2(config)#int loop 0
DLS2(config-if)#shut
DLS2(config-if)#
Oct 31 20:05:43.827: %TRACKING-5-STATE: 1 interface Lo0 line-protocol Up->Down
Oct 31 20:05:44.012: %HSRP-5-STATECHANGE: Vlan234 Grp 2 state Active -> Speak
Oct 31 20:05:45.832: %LINK-5-CHANGED: Interface Loopback0, changed state to administratively down
Oct 31 20:05:46.663: %HSRP-5-STATECHANGE: Vlan123 Grp 2 state Active -> Speak
Oct 31 20:05:46.839: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to down
DLS2(config-if)#
Oct 31 20:05:54.062: %HSRP-5-STATECHANGE: Vlan234 Grp 2 state Speak -> Standby
Oct 31 20:05:56.981: %HSRP-5-STATECHANGE: Vlan123 Grp 2 state Speak -> Standby

Device Configurations – INSTRUCTOR VERSION

DLS1

version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname DLS1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$g7F8$JIwayUW08dphq/cbR7/NY0
!
username LASTDITCH password 0 321ocsic
aaa new-model
!
aaa authentication login CENTRAL-AUTH group radius local
!
aaa session-id common
clock timezone CDT -5 0
system mtu routing 1500
ip routing
!
!
ip dhcp pool EXECUTIVES-POOL
 network 10.0.12.0 255.255.255.0
 default-router 10.0.12.254
 dns-server 1.1.1.1
!
ip dhcp pool CUBES-POOL
 network 10.0.123.0 255.255.255.0
 default-router 10.0.123.254
 dns-server 1.1.1.1
!
ip dhcp pool GUEST-POOL
 network 10.0.234.0 255.255.255.0
 default-router 10.0.234.254
 dns-server 1.1.1.1
!
ipv6 unicast-routing
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1,12,434,800,1010,1111,3456 priority 24576
spanning-tree vlan 123,234 priority 28672
!
vlan internal allocation policy ascending
!
track 1 interface Loopback0 line-protocol
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Port-channel1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 800
 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456
 switchport mode trunk
 switchport nonegotiate
!
interface Port-channel4
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 800
 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456
 switchport mode trunk
 switchport nonegotiate
!
interface Port-channel12
 no switchport
 ip address 10.12.12.1 255.255.255.252
!
interface FastEthernet0/1
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/2
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/3
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/5
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/6
 switchport access vlan 3456
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/7
 description member of po1 to ALS1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 800
 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456
 switchport mode trunk
 switchport nonegotiate
 channel-group 1 mode active
!
interface FastEthernet0/8
 description member of po1 to ALS1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 800
 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456
 switchport mode trunk
 switchport nonegotiate
 channel-group 1 mode active
!
interface FastEthernet0/9
 description member of po4 to ALS2
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 800
 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456
 switchport mode trunk
 switchport nonegotiate
 channel-group 4 mode desirable
!
interface FastEthernet0/10
 description member of po4 to ALS2
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 800
 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456
 switchport mode trunk
 switchport nonegotiate
 channel-group 4 mode desirable
!
interface FastEthernet0/11
 no switchport
 no ip address
 channel-group 12 mode active
!
interface FastEthernet0/12
 no switchport
 no ip address
 channel-group 12 mode active
!
interface FastEthernet0/13
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/14
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/15
 switchport access vlan 1111
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/16
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/17
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/18
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/19
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/20
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/21
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/22
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/23
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/24
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface GigabitEthernet0/1
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface GigabitEthernet0/2
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan12
 ip address 10.0.12.252 255.255.255.0
 standby version 2
 standby 1 ip 10.0.12.254
 standby 1 priority 110
 standby 1 preempt
 standby 1 track 1 decrement 30
!
interface Vlan123
 ip address 10.0.123.252 255.255.255.0
 standby version 2
 standby 2 ip 10.0.123.254
 standby 2 preempt
!
interface Vlan234
 ip address 10.0.234.252 255.255.255.0
 standby version 2
 standby 2 ip 10.0.234.254
 standby 2 preempt
!
interface Vlan1010
 ip address 10.10.10.252 255.255.255.0
 standby version 2
 standby 1 ip 10.10.10.254
 standby 1 priority 110
 standby 1 preempt
 standby 1 track 1 decrement 30
!
interface Vlan1111
 ip address 10.11.11.252 255.255.255.0
 standby version 2
 standby 1 ip 10.11.11.254
 standby 1 priority 110
 standby 1 preempt
 standby 1 track 1 decrement 30
!
interface Vlan3456
 ip address 10.34.56.252 255.255.255.0
 standby version 2
 standby 1 ip 10.34.56.254
 standby 1 priority 110
 standby 1 preempt
 standby 1 track 1 decrement 30
!
ip http server
ip http secure-server
!
snmp-server group switch-sba v3 priv
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps flowmon
snmp-server enable traps transceiver all
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps cluster
snmp-server enable traps fru-ctrl
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps power-ethernet police
snmp-server enable traps rep
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps auth-framework sec-violation
snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps bgp
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps event-manager
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps isis
snmp-server enable traps msdp
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps energywise
snmp-server enable traps vstack
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps ipsla
snmp-server enable traps ike policy add
snmp-server enable traps ike policy delete
snmp-server enable traps ike tunnel start
snmp-server enable traps ike tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps mac-notification change move threshold
snmp-server enable traps vlan-membership
snmp-server enable traps errdisable
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
snmp-server host 10.34.56.50 version 3 priv sbastudent
snmp ifmib ifindex persist
!
radius server RADIUS
 address ipv4 10.34.56.50 auth-port 1812 acct-port 1813
 key WinRadius
!
line con 0
line vty 0 4
 password cisco
 login authentication CENTRAL-AUTH
line vty 5 15
!
ntp master 4
end

DLS2

version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname DLS2
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$STz1$voB57usiW/YyJn7SLSSc70
!
username LASTDITCH password 0 321ocsic
aaa new-model
!
!
aaa authentication login CENTRAL-AUTH group radius local
!
aaa session-id common
clock timezone CDT -5 0
system mtu routing 1500
vtp mode transparent
ip routing
!
ipv6 unicast-routing
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1,12,434,800,1010,3456 priority 28672
spanning-tree vlan 123,234 priority 24576
!
vlan internal allocation policy ascending
!
vlan 12
 name EXECUTIVES
!
vlan 123
 name CUBES
!
vlan 234
 name GUEST
!
vlan 434
 name PARKING-LOT
 state suspend
!
vlan 567
 name ACCOUNTING
!
vlan 800
 name NATIVE-VLAN
!
vlan 1010
 name VOICE
!
vlan 1111
 name VIDEONET
!
vlan 3456
 name MANAGEMENT
!
track 1 interface Loopback0 line-protocol
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Port-channel2
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 800
 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456
 switchport mode trunk
 switchport nonegotiate
!
interface Port-channel3
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 800
 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456
 switchport mode trunk
 switchport nonegotiate
!
interface Port-channel12
 no switchport
 ip address 10.12.12.2 255.255.255.252
!
interface FastEthernet0/1
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/2
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/3
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/5
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/6
 switchport access vlan 12
 switchport mode access
 switchport voice vlan 1010
 spanning-tree portfast
!
interface FastEthernet0/7
 description member of po1 to ALS2
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 800
 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456
 switchport mode trunk
 switchport nonegotiate
 channel-group 2 mode active
!
interface FastEthernet0/8
 description member of po1 to ALS2
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 800
 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456
 switchport mode trunk
 switchport nonegotiate
 channel-group 2 mode active
!
interface FastEthernet0/9
 description member of po3 to ALS1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 800
 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456
 switchport mode trunk
 switchport nonegotiate
 channel-group 3 mode desirable
!
interface FastEthernet0/10
 description member of po3 to ALS1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 800
 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456
 switchport mode trunk
 switchport nonegotiate
 channel-group 3 mode desirable
!
interface FastEthernet0/11
 no switchport
 no ip address
 channel-group 12 mode active
!
interface FastEthernet0/12
 no switchport
 no ip address
 channel-group 12 mode active
!
interface FastEthernet0/13
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/14
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/15
 switchport access vlan 1111
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/16
 switchport access vlan 567
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/17
 switchport access vlan 567
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/18
 switchport access vlan 567
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/19
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/20
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/21
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/22
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/23
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/24
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface GigabitEthernet0/1
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface GigabitEthernet0/2
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan12
 ip address 10.0.12.253 255.255.255.0
 standby version 2
 standby 1 ip 10.0.12.254
 standby 1 preempt
!
interface Vlan123
 ip address 10.0.123.253 255.255.255.0
 standby version 2
 standby 2 ip 10.0.123.254
 standby 2 priority 110
 standby 2 preempt
 standby 2 track 1 decrement 30
!
interface Vlan234
 ip address 10.0.234.253 255.255.255.0
 standby version 2
 standby 2 ip 10.0.234.254
 standby 2 priority 110
 standby 2 preempt
 standby 2 track 1 decrement 30
!
interface Vlan1010
 ip address 10.10.10.253 255.255.255.0
 standby version 2
 standby 1 ip 10.10.10.254
 standby 1 preempt
!
interface Vlan1111
 ip address 10.11.11.253 255.255.255.0
 standby version 2
 standby 1 ip 10.11.11.254
 standby 1 preempt
!
interface Vlan3456
 ip address 10.34.56.253 255.255.255.0
 standby version 2
 standby 1 ip 10.34.56.254
 standby 1 preempt
!
ip http server
ip http secure-server
!
snmp-server group switch-sba v3 priv
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps flowmon
snmp-server enable traps transceiver all
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps cluster
snmp-server enable traps fru-ctrl
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps power-ethernet police
snmp-server enable traps rep
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps auth-framework sec-violation
snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps bgp
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps event-manager
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps isis
snmp-server enable traps msdp
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps energywise
snmp-server enable traps vstack
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps ipsla
snmp-server enable traps ike policy add
snmp-server enable traps ike policy delete
snmp-server enable traps ike tunnel start
snmp-server enable traps ike tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps mac-notification change move threshold
snmp-server enable traps vlan-membership
snmp-server enable traps errdisable
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
snmp-server host 10.34.56.50 version 3 priv sbastudent
snmp ifmib ifindex persist
!
radius server RADIUS
 address ipv4 10.34.56.50 auth-port 1812 acct-port 1813
 key WinRadius
!
line con 0
line vty 0 4
 password cisco
 login authentication CENTRAL-AUTH
line vty 5 15
!
ntp server 10.34.56.252
end

ALS1

version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ALS1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$VwMl$v0PIRGNyxK2mzGdov1V9e/
!
username LASTDITCH password 0 321ocsic
aaa new-model
!
aaa authentication login CENTRAL-AUTH group radius local
!
aaa session-id common
clock timezone CDT -5 0
system mtu routing 1500
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface Port-channel1
 switchport trunk native vlan 800
 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456
 switchport mode trunk
 switchport nonegotiate
!
interface Port-channel3
 switchport trunk native vlan 800
 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456
 switchport mode trunk
 switchport nonegotiate
!
interface FastEthernet0/1
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/2
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/3
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/5
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/6
 switchport access vlan 123
 switchport mode access
 switchport voice vlan 1010
 spanning-tree portfast
!
interface FastEthernet0/7
 description member of po1 to DLS1
 switchport trunk native vlan 800
 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456
 switchport mode trunk
 switchport nonegotiate
 channel-group 1 mode active
!
interface FastEthernet0/8
 description member of po1 to DLS1
 switchport trunk native vlan 800
 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456
 switchport mode trunk
 switchport nonegotiate
 channel-group 1 mode active
!
interface FastEthernet0/9
 description member of po 3 to DLS2
 switchport trunk native vlan 800
 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456
 switchport mode trunk
 switchport nonegotiate
 channel-group 3 mode desirable
!
interface FastEthernet0/10
 description member of po 3 to DLS2
 switchport trunk native vlan 800
 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456
 switchport mode trunk
 switchport nonegotiate
 channel-group 3 mode desirable
!
interface FastEthernet0/11
 shutdown
!
interface FastEthernet0/12
 shutdown
!
interface FastEthernet0/13
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/14
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/15
 switchport access vlan 1111
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/16
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/17
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/18
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/19
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/20
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/21
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/22
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/23
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/24
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface GigabitEthernet0/1
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface GigabitEthernet0/2
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface Vlan1
 no ip address
!
interface Vlan3456
 ip address 10.34.56.101 255.255.255.0
!
ip default-gateway 10.34.56.254
ip http server
ip http secure-server
!
snmp-server group switch-sba v3 priv
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps transceiver all
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps cluster
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps auth-framework sec-violation
snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps power-ethernet police
snmp-server enable traps fru-ctrl
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps energywise
snmp-server enable traps vstack
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps mac-notification change move threshold
snmp-server enable traps vlan-membership
snmp-server enable traps errdisable
snmp-server host 10.34.56.50 version 3 priv sbastudent
snmp ifmib ifindex persist
!
radius server RADIUS
 address ipv4 10.34.56.50 auth-port 1812 acct-port 1813
 key WinRadius
!
line con 0
line vty 0 4
 password cisco
 login authentication CENTRAL-AUTH
line vty 5 15
!
ntp server 10.34.56.252
end

ALS2

version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ALS2
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$RfCM$nrsQv/Oo05Kjhf66QDIse.
!
username LASTDITCH password 0 321ocsic
aaa new-model
!
aaa authentication login CENTRAL-AUTH group radius local
!
aaa session-id common
clock timezone CDT -5 0
system mtu routing 1500
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface Port-channel2
 switchport trunk native vlan 800
 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456
 switchport mode trunk
 switchport nonegotiate
!
interface Port-channel4
 switchport trunk native vlan 800
 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456
 switchport mode trunk
 switchport nonegotiate
!
interface FastEthernet0/1
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/2
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/3
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/5
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/6
 switchport access vlan 234
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/7
 description member of po2 to DLS2
 switchport trunk native vlan 800
 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456
 switchport mode trunk
 switchport nonegotiate
 channel-group 2 mode active
!
interface FastEthernet0/8
 description member of po2 to DLS2
 switchport trunk native vlan 800
 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456
 switchport mode trunk
 switchport nonegotiate
 channel-group 2 mode active
!
interface FastEthernet0/9
 description member of po 4 to DLS1
 switchport trunk native vlan 800
 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456
 switchport mode trunk
 switchport nonegotiate
 channel-group 4 mode desirable
!
interface FastEthernet0/10
 description member of po 4 to DLS1
 switchport trunk native vlan 800
 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456
 switchport mode trunk
 switchport nonegotiate
 channel-group 4 mode desirable
!
interface FastEthernet0/11
 shutdown
!
interface FastEthernet0/12
 shutdown
!
interface FastEthernet0/13
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/14
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/15
 switchport access vlan 1111
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/16
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/17
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/18
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/19
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/20
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/21
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/22
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/23
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface FastEthernet0/24
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface GigabitEthernet0/1
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface GigabitEthernet0/2
 switchport access vlan 434
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface Vlan1
 no ip address
!
interface Vlan3456
 ip address 10.34.56.102 255.255.255.0
!
ip default-gateway 10.34.56.254
ip http server
ip http secure-server
!
snmp-server group switch-sba v3 priv
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps transceiver all
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps cluster
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps auth-framework sec-violation
snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps power-ethernet police
snmp-server enable traps fru-ctrl
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps energywise
snmp-server enable traps vstack
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps mac-notification change move threshold
snmp-server enable traps vlan-membership
snmp-server enable traps errdisable
snmp-server host 10.34.56.50 version 3 priv sbastudent
snmp ifmib ifindex persist
!
radius server RADIUS
 address ipv4 10.34.56.50 auth-port 1812 acct-port 1813
 key WinRadius
!
line con 0
line vty 0 4
 password cisco
 login authentication CENTRAL-AUTH
line vty 5 15
!
ntp server 10.34.56.252
end

Device Configuration Scripts – INSTRUCTOR VERSION

DLS1

en
conf t
hostname DLS1
enable secret class
line vty 0 4
password cisco
login
! this will be over-ridden later by AAA
exit
int ran f0/1-24, g0/1-2
shutdown
exit
int ran f0/11-12
no switchport
channel-group 12 mode active
no shut
exit
interface port-channel 12
ip address 10.12.12.1 255.255.255.252
exit
int ran f0/7-10
switchport trunk encapsulation dot1q
switchport trunk native vlan 800
switchport mode trunk
switchport nonegotiate
no shut
exit
int ran f0/7-8
desc member of po1 to ALS1
channel-group 1 mode active
exit
int ran f0/9-10
desc member of po4 to ALS2
channel-group 4 mode desirable
exit
vtp domain SWITCHSBA
vtp ver 3
vtp password c1sc0abc
end
!
! SET AS PRIMARY FOR VLAN
!
vtp primary vlan
!
!
conf t
vlan 800
name NATIVE
exit
vlan 434
name PARKING
state suspend
exit
vlan 12
name EXECUTIVES
exit
vlan 123
name CUBES
exit
vlan 234
name GUEST
exit
vlan 1010
name VOICE
exit
vlan 1111
name VIDEONET
exit
vlan 3456
name MANAGEMENT
exit
spanning-tree vlan 1,12,434,800,1010,1111,3456 root primary
spanning-tree vlan 123,234 root secondary
interface port-channel 1
switchport trunk  allowed vlan 12,123,234,800,1010,1111,3456
exit
interface port-channel 4
switchport trunk  allowed vlan 12,123,234,800,1010,1111,3456
ip routing
ipv6 unicast-routing
int vlan 12
ip address 10.0.12.252 255.255.255.0
no sh
exit
int vlan 123
ip address 10.0.123.252 255.255.255.0
no sh
exit
int vlan 234
ip address 10.0.234.252 255.255.255.0
no sh
exit
int vlan 1010
ip add 10.10.10.252 255.255.255.0
no shut
exit
int vlan 1111
ip add 10.11.11.252 255.255.255.0
no sh
exit
int vlan 3456
ip address 10.34.56.252 255.255.255.0
no shut
exit
int loop 0
ip address 1.1.1.1 255.255.255.255
no shut
exit
!
interface f0/6
switchport host
switchport access vlan 3456
no shut
exit
int f0/15
swi host
swi ac v 1111
no sh
exit
int ran f0/1-5, f0/13-14, f0/16-24, g0/1-2
swi host
swi ac v 434
shut
exit
!
! HSRP & TRACKING COMMANDS BELOW
! NOTE: DLS1 primary for 12 and 1010 and 1111 and 3456, DLS2 primary for 123 and 234
!
int vlan 12
standby ver 2
standby 1 ip 10.0.12.254
standby 1 preempt
standby 1 priority 110
standby 1 track loop 0 30
exit
int vlan 123
stand ver 2
stand 2 ip 10.0.123.254
standby 2 preempt
exit
int vlan 234
stand ver 2
stand 2 ip 10.0.234.254
stand 2 preempt
exit
int vlan 1010
stand ver 2
stand 1 ip 10.10.10.254
stand 1 preempt
stand 1 pri 110
standby 1 track loop 0 30
exit
int vlan 1111
stand ver 2
stand 1 ip 10.11.11.254
stand 1 preempt
stand 1 pri 110
standby 1 track loop 0 30
exit
int vlan 3456
stand ver 2
stand 1 ip 10.34.56.254
stand 1 preempt
stand 1 pri 110
standby 1 track loop 0 30
exit
!
!
! HSRP & TRACKING COMMANDS ABOVE
! NTP & CLOCK COMMANDS BELOW
!
do clock set 19:00:00 31 Oct 2014
clock timezone CDT -5
ntp master 4
!
! NTP & CLOCK COMMANDS ABOVE
! COMMANDS FOR AAA BELOW
!
username LASTDITCH password 321ocsic
aaa new-model
radius server RADIUS
address ipv4 10.34.56.50 auth-port 1812 acct-port 1813
key WinRadius
exit
aaa authentication login CENTRAL-AUTH group radius local
line vty 0 4
login authentication CENTRAL-AUTH
exit
! COMMANDS FOR AAA ABOVE
!
! SNMP COMMANDS BELOW
snmp-server group switch-sba v3 priv
snmp-server user sbastudent switch-sba v3 auth sha cisco123 priv aes 128 cisco123
snmp-server host 10.34.56.50 version 3 priv sbastudent
snmp-server ifindex persist
snmp-server enable traps
!
! SNMP COMMANDS ABOVE
! DHCP COMMANDS BELOW
!
ip dhcp pool EXECUTIVES-POOL
network 10.0.12.0 255.255.255.0
default-router 10.0.12.254
dns-server 1.1.1.1
exit
ip dhcp pool CUBES-POOL
network 10.0.123.0 255.255.255.0
default-router 10.0.123.254
dns-server 1.1.1.1
exit
ip dhcp pool GUEST-POOL
network 10.0.234.0 255.255.255.0
default-router 10.0.234.254
dns-server 1.1.1.1
exit

DLS2

en
conf t
hostname DLS2
enable secret class
line vty 0 4
password cisco
login
! this will be over-ridden later by AAA
exit
int ran f0/1-24, g0/1-2
shutdown
exit
int ran f0/11-12
no switchport
channel-group 12 mode active
no shut
exit
interface port-channel 12
ip address 10.12.12.2 255.255.255.252
exit
int ran f0/7-10
switchport trunk encapsulation dot1q
switchport trunk native vlan 800
switchport mode trunk
switchport nonegotiate
no shut
exit
int ran f0/7-8
desc member of po1 to ALS2
channel-group 2 mode active
exit
int ran f0/9-10
desc member of po3 to ALS1
channel-group 3 mode desirable
exit
vtp ver 2
vtp mode transparent
spanning-tree vlan 1,12,123,234,434,800,1010,3456 root secondary
spanning-tree vlan 123,234 root primary
vlan 800
name NATIVE-VLAN
exit
vlan 434
name PARKING-LOT
state suspend
exit
vlan 12
name EXECUTIVES
exit
vlan 123
name CUBES
exit
vlan 234
name GUEST
exit
vlan 1010
name VOICE
exit
vlan 1111
name VIDEONET
exit
vlan 3456
name MANAGEMENT
exit
vlan 567
name ACCOUNTING
exit
interface port-channel 2
switchport trunk allowed vlan 12,123,234,800,1010,1111,3456
exit
interface port-channel 3
switchport trunk allowed vlan 12,123,234,800,1010,1111,3456
exit
ip routing
ipv6 unicast-routing
! multicast routing?
int vlan 12
ip address 10.0.12.253 255.255.255.0
no sh
exit
int vlan 123
ip address 10.0.123.253 255.255.255.0
no sh
exit
int vlan 234
ip address 10.0.234.253 255.255.255.0
no sh
exit
int vlan 1010
ip add 10.10.10.253 255.255.255.0
no shut
exit
int vlan 1111
ip add 10.11.11.253 255.255.255.0
no shut
exit
int vlan 3456
ip address 10.34.56.253 255.255.255.0
no shut
exit
int loop 0
ip address 1.1.1.1 255.255.255.255
no shut
exit
!
interface f0/6
switchport host
switchport access vlan 12
switchport voice vlan 1010
no shut
exit
int f0/15
swi host
swi ac v 1111
no sh
exit
int ran f0/16-18
swi host
swi ac v 567
no shut
exit
int ran f0/1-5, f0/13-14, f0/19-24, g0/1-2
swi host
swi ac v 434
shut
exit
!
! HSRP & TRACKING COMMANDS BELOW
! NOTE: DLS1 primary for 12 and 1010 and 1111 and 3456, DLS2 primary for 123 and 234
!
int vlan 12
standby ver 2
standby 1 ip 10.0.12.254
standby 1 preempt
exit
int vlan 123
stand ver 2
stand 2 ip 10.0.123.254
standby 2 preempt
standby 2 priority 110
standby 2 track loop 0 30
exit
int vlan 234
stand ver 2
stand 2 ip 10.0.234.254
stand 2 preempt
standby 2 priority 110
standby 2 track loop 0 30
exit
int vlan 1010
stand ver 2
stand 1 ip 10.10.10.254
stand 1 preempt
exit
int vlan 1111
stand ver 2
stand 1 ip 10.11.11.254
stand 1 preempt
exit
int vlan 3456
stand ver 2
stand 1 ip 10.34.56.254
stand 1 preempt
exit
!
!
! HSRP & TRACKING COMMANDS ABOVE
!
do clock set 19:00:00 31 Oct 2014
clock timezone CDT -5
ntp server 10.34.56.252
!
! COMMANDS FOR AAA BELOW
!
username LASTDITCH password 321ocsic
aaa new-model
radius server RADIUS
address ipv4 10.34.56.50 auth-port 1812 acct-port 1813
key WinRadius
exit
aaa authentication login CENTRAL-AUTH group radius local
line vty 0 4
login authentication CENTRAL-AUTH
exit
! COMMANDS FOR AAA ABOVE
!
! SNMP COMMANDS BELOW
snmp-server group switch-sba v3 priv
snmp-server user sbastudent switch-sba v3 auth sha cisco123 priv aes 128 cisco123
snmp-server host 10.34.56.50 version 3 priv sbastudent
snmp-server ifindex persist
snmp-server enable traps
! SNMP COMMANDS ABOVE
!
exit

ALS1

en
conf t
hostname ALS1
ena sec class
line vty 0 4
passw cisco
login
! this will be over-ridden later by AAA
exit
int ran f0/1-24, g0/1-2
shutdown
exit
int ran f0/7-10
swi mo tru
swi tr nat v 800
swi non
no shut
exit
int ran f0/7-8
desc member of po1 to DLS1
channel-group 1 mode active
switchport trunk  allowed vlan 12,123,234,800,1010,1111,3456
no shut
exit
int ran f0/9-10
desc member of po 3 to DLS2
channel-group 3 mode desirable
switchport trunk  allowed vlan 12,123,234,800,1010,1111,3456
no shut
exit
int vlan 3456
ip address 10.34.56.101 255.255.255.0
no shut
exit
ip default-gateway 10.34.56.254

vtp domain SWITCHSBA
vtp ver 3
vtp mo client
vtp password c1sc0abc
!
! COMMANDS FOR AAA BELOW
!
username LASTDITCH password 321ocsic
aaa new-model
radius server RADIUS
address ipv4 10.34.56.50 auth-port 1812 acct-port 1813
key WinRadius
exit
aaa authentication login CENTRAL-AUTH group radius local
line vty 0 4
login authentication CENTRAL-AUTH
exit
! COMMANDS FOR AAA ABOVE
!
!
! SNMP COMMANDS BELOW
snmp-server group switch-sba v3 priv
snmp-server user sbastudent switch-sba v3 auth sha cisco123 priv aes 128 cisco123
snmp-server host 10.34.56.50 version 3 priv sbastudent
snmp-server ifindex persist
snmp-server enable traps
! SNMP COMMANDS ABOVE
!
int f0/6
switchport host
switchport access vlan 123
switchport voice vlan 1010
no shut
exit
int f0/15
swi host
swi ac v 1111
no sh
exit
int ran f0/1-5, f0/13-14, f0/16-24, g0/1-2
swi host
swi ac v 434
shut
exit
do clock set 19:00:00 31 Oct 2014
clock timezone CDT -5
ntp server 10.34.56.252
end

ALS2

en
conf t
hostname ALS2
ena sec class
line vty 0 4
passw cisco
login
! this will be over-ridden later by AAA
exit
int ran f0/1-24, g0/1-2
shutdown
exit
int ran f0/7-10
swi mo tru
swi tr nat v 800
swi non
no shut
exit
int ran f0/7-8
desc member of po2 to DLS2
channel-group 2 mode active
switchport trunk  allowed vlan 12,123,234,800,1010,1111,3456
no shut
exit
int ran f0/9-10
desc member of po 4 to DLS1
channel-group 4 mode desirable
switchport trunk  allowed vlan 12,123,234,800,1010,1111,3456
no shut
exit
int vlan 3456
ip add 10.34.56.102 255.255.255.0
no shut
exit
ip default-gateway 10.34.56.254
vtp domain SWITCHSBA
vtp ver 3
vtp mo client
vtp password c1sc0abc
!
! COMMANDS FOR AAA BELOW
!
username LASTDITCH password 321ocsic
aaa new-model
radius server RADIUS
address ipv4 10.34.56.50 auth-port 1812 acct-port 1813
key WinRadius
exit
aaa authentication login CENTRAL-AUTH group radius local
line vty 0 4
login authentication CENTRAL-AUTH
exit
! COMMANDS FOR AAA ABOVE
!

! SNMP COMMANDS BELOW
snmp-server group switch-sba v3 priv
snmp-server user sbastudent switch-sba v3 auth sha cisco123 priv aes 128 cisco123
snmp-server host 10.34.56.50 version 3 priv sbastudent
snmp-server ifindex persist
snmp-server enable traps
! SNMP COMMANDS ABOVE
!
int f0/6
switchport host
switchport access vlan 234
no shut
exit
int f0/15
swi host
swi ac v 1111
no sh
exit
int ran f0/1-5, f0/13-14, f0/16-24, g0/1-2
swi host
swi ac v 434
shut
exit
!
do clock set 19:00:00 31 Oct 2014
clock timezone CDT -5
ntp server 10.34.56.252
end

 

 

 

Subscribe
Notify of
guest

1 Comment
Inline Feedbacks
View all comments
Dheeraj
Dheeraj
2 years ago

Thanks

Reply
1
0
Would love your thoughts, please comment.x
()
x