CCNP v7 SWITCH Skills-Based Assessment INSTRUCTOR VERSION
Topology
Objectives
- Part 1: Build the physical network topology (optional).
- Part 2: Configure the switches in the topology according to the diagram and the specifications provided.
- Part 3: Test the network for connectivity and the configured options.
Exam Overview
This skills-based assessment (SBA) is the final practical exam for Academy training for the course CCNPv7 SWITCH. In Part 1, you build the physical network. In part 2, you configure various features such as trunking, EtherChannel, VTP, VLANs, SVIs, routed links, and HSRP. In Part 3, you create a Tcl script to test IP connectivity and use show commands to verify configured options. This exam combines device configuration and troubleshooting.
Note: This lab uses Cisco Catalyst 3560 and 2960 switches running Cisco IOS 15.0(2)SE6 IP Services and LAN Base images, respectively. The 3560 and 2960 switches are configured with the SDM templates “dual-ipv4-and-ipv6 routing” and “lanbase-routing”, respectively. Depending on the switch model and Cisco IOS Software version, the commands available and output produced might vary from what is shown in this lab. Catalyst 3650 switches (running any Cisco IOS XE release) and Catalyst 2960-Plus switches (running any comparable Cisco IOS image) can be used in place of the Catalyst 3560 switches and the Catalyst 2960 switches.
Required Resources
• 2 switches (Cisco 2960 with the Cisco IOS Release 15.0(2)SE6 C2960-LANBASEK9-M image or comparable)
• 2 switches (Cisco 3560 with the Cisco IOS Release 15.0(2)SE6 C3560-IPSERVICESK9-M image or comparable)
• Ethernet and console cables
• 4 PCs with Windows OS
- PC C (Connected to DLS1) additionally requires the following software:
- ManageEngine MibBrowser
- TFTPD32
- WinRadius
Instructions
Part 1: Build the Physical Network (Optional)
Connect all devices as shown in the topology. You must use the interfaces specified in diagram, if possible. Clear all previous configurations.
Part 2: Configure the network according to specifications.
a. Shutdown all interfaces on each switch.
b. Configure each switch with a hostname and the enable secret class.
c. Configure trunks and port-channels as shown in the diagram. Issue the no shut command as you go.
1) The connection between DLS1 and DLS2 will be a layer-3 EtherChannel using LACP. DLS1 will use the IP address 10.12.12.1/30 and DLS2 will use 10.12.12.2/30.
2) The Port-channels on interfaces fa0/7 and fa0/8 will use LACP.
3) The Port-channels on interfaces f0/9 and fa0/10 will use PAgP.
4) All trunks will use VLAN 800 as the native VLAN.
d. Configure DLS1, ALS1, and ALS2 to use VTP version 3
1) Use the domain name SWITCHSBA with the password !ssalc
2) Configure DLS1 as the primary server for VLANs.
3) Configure ALS1 and ALS2 as VTP clients.
e. On the primary VLAN server create and name the following VLANs:
VLAN Number | VLAN Name | VLAN Number | VLAN Name |
---|---|---|---|
800 | NATIVE | 434 | PARKING |
12 | EXECUTIVES | 123 | CUBES |
234 | GUEST | 1010 | VOICE |
1111 | VIDEONET | 3456 | MANAGEMENT |
f. On DLS1, suspend VLAN 434.
g. Configure DLS2 to be a VTP Transparent mode switch using VTP version 2, then locally configure the same VLANs and VLAN names. Suspend VLAN 434
h. On DLS2, create VLAN 567 and name it ACCOUNTING. The Accounting VLAN will NOT be configured or available on any other switch in the network.
i. Configure DLS1 as the spanning tree root for VLANs 1, 12, 434, 800, 1010, 1111, and 3456 and as a secondary root for VLANs 123 and 234
j. Configure DLS2 as the spanning tree root for VLANs 123 and 234 and as a secondary root for VLANs 12, 434, 800, 1010, 1111, and 3456.
k. Configure all trunks so that, with the exception of VLANs 1, 434 and 567, only the VLANs that have been created are allowed to cross the trunk
l. Assign interfaces as access ports to VLANs as follows:
DLS1 | DLS2 | ALS1 | ALS2 | |
---|---|---|---|---|
Interface Fa0/6 | 3456 | 12 / voice 1010 | 123 / voice 1010 | 234 |
Interface Fa0/15 | 1111 | 1111 | 1111 | 1111 |
Interfaces F0/16-18 | 567 |
m. All unused interfaces will be assigned to the parking lot VLAN and shut down.
n. Configure SVIs on DLS1 and DLS2 in support of all of the VLANs and inter-VLAN routing. Use the following table for subnet assignments:
VLAN | VLAN Name | Subnet | VLAN | VLAN Name | Subnet |
---|---|---|---|---|---|
12 | EXECUTIVES | 10.0.12.0/24 | 123 | CUBES | 10.0.123.0/24 |
234 | GUEST | 10.0.234.0/24 | 1010 | VOICE | 10.10.10.0/24 |
1111 | VIDEONET | 10.11.11.0/24 | 3456 | MANAGEMENT | 10.34.56.0/24 |
DLS1 will always use the .252 address and DLS2 will always use the .253 address for IPv4 addresses. VLAN 567 on DLS2 will NOT be supported by routing.
Use 10.34.56.101 as the management address on ALS1 and 10.34.56.102 on ALS2.
o. Configure an interface Loopback 0 on both DLS1 and DLS2. This interface will be addressed 1.1.1.1/32 on both switches.
p. Configure HSRP with interface tracking for VLANs 12, 123, 234, 1010, and 1111
1) Use HSRP version 2
2) Create two HSRP groups, aligning VLAN 12, 1010, 1111, and 3456 to the first group and 123 and 234 to the second group.
3) DLS1 will be the primary switch for VLANs 12, 1010, 1111, and 3456; DLS2 will be the primary switch for VLANs 123 and 234.
4) Configure all groups with preemption. Further configure priority to ensure that the primary switch takes over upon recovery.
5) Use the virtual address .254 as the standby address for all VLANs
6) Configure interface tracking so that each group tracks the local interface Loopback 0 interface.
q. Set the correct UTC time, configure DLS1 as an NTP server and then set the correct time zone.
r. Configure DLS2, ALS1, and ALS2 to use the Management network to synchronize time with the NTP server.
s. Configure HOST C with a static IPv6 address of 10.34.56.50/24 and a default-gateway of 10.34.56.254
t. Configure all four switches to use AAA to authenticate VTY lines 0 through 4. The RADIUS server is on HOST C (10.34.56.50) and uses WinRadius with a shared secret key of WinRadius. Ensure aaa new-model
is configured. Further ensure that there is a fallback account configured should the RADIUS server not be available.
1) AAA Account: studentaaa password cisco123
2) Local Fallback Account: lastditch password 321ocsic
u. Configure all four switches to use SNMP version 3.
1) The SNMP Server is HOST C at 10.34.56.50
2) SNMP v3 will use PRIV with AES 128 and AUTH with SHA.
3) The community string will be switch-sba
4) The secret key will be cisco123
5) The username will be sbastudent and password will be cisco123
v. Configure DLS1 to be a DHCP server for VLANs 12, 123, and 234
1) Exclude the addresses .251-.254 in each subnet
2) Set the DNS server to 1.1.1.1 for all three pools.
3) Set the default router to the HSRP virtual address for each VLAN
w. Obtain IPv4 addresses on Hosts A, B, and D via DHCP.
Part 3: Test network connectivity and configured options.
a. Create a Tcl script to test connectivity from each distribution layer switch to the addresses you assigned in the topology.
From DLS1: tclsh foreach address { 10.12.12.2 10.0.12.253 10.0.123.253 10.0.234.253 10.10.10.253 10.11.11.253 10.34.56.253 10.34.56.101 10.34.56.102 10.34.56.50 10.0.12.254 10.0.123.254 10.0.234.254 10.10.10.254 10.11.11.254 10.34.56.254 } { ping $address } From DLS2: tclsh foreach address { 10.12.12.1 10.0.12.252 10.0.123.252 10.0.234.252 10.10.10.252 10.11.11.252 10.34.56.252 10.34.56.101 10.34.56.102 10.34.56.50 10.0.12.254 10.0.123.254 10.0.234.254 10.10.10.254 10.11.11.254 10.34.56.254 } { ping $address }
b. What is the show command used to verify that the correct VLANs exist on all switches and contain the correct ports? show vlan brief
DLS1#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active 12 EXECUTIVES active 123 CUBES active 234 GUEST active 434 PARKING suspended Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/13, Fa0/14, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gi0/1, Gi0/2 800 NATIVE active 1002 fddi-default act/unsup 1003 trcrf-default act/unsup 1004 fddinet-default act/unsup 1005 trbrf-default act/unsup 1010 VOICE active 1111 VIDEONET active Fa0/15 3456 MANAGEMENT active Fa0/6 DLS1# DLS2#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active 12 EXECUTIVES active Fa0/6 123 CUBES active 234 GUEST active 434 PARKING-LOT suspended Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/13, Fa0/14, Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gi0/1, Gi0/2 567 ACCOUNTING active Fa0/16, Fa0/17, Fa0/18 800 NATIVE-VLAN active 1002 fddi-default act/unsup 1003 trcrf-default act/unsup 1004 fddinet-default act/unsup 1005 trbrf-default act/unsup 1010 VOICE active Fa0/6 1111 VIDEONET active Fa0/15 3456 MANAGEMENT active DLS2# ALS1#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/11, Fa0/12 12 EXECUTIVES active 123 CUBES active Fa0/6 234 GUEST active 434 PARKING suspended Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/13, Fa0/14, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gi0/1, Gi0/2 800 NATIVE active 1002 fddi-default act/unsup 1003 trcrf-default act/unsup 1004 fddinet-default act/unsup 1005 trbrf-default act/unsup 1010 VOICE active Fa0/6 1111 VIDEONET active Fa0/15 3456 MANAGEMENT active ALS1# ALS2#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/11, Fa0/12 12 EXECUTIVES active 123 CUBES active 234 GUEST active Fa0/6 434 PARKING suspended Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/13, Fa0/14, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gi0/1, Gi0/2 800 NATIVE active 1002 fddi-default act/unsup 1003 trcrf-default act/unsup 1004 fddinet-default act/unsup 1005 trbrf-default act/unsup 1010 VOICE active 1111 VIDEONET active Fa0/15 3456 MANAGEMENT active ALS2#
c. What is the show command used to verify that the EtherChannel between DLS1 and ALS1 is configured correctly? (answers may vary around show etherchannel) show etherchannel summary
DLS1#show etherchannel summary Flags: D - down P - bundled in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator M - not in use, minimum links not met u - unsuitable for bundling w - waiting to be aggregated d - default port Number of channel-groups in use: 3 Number of aggregators: 3 Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------- 1 Po1(SU) LACP Fa0/7(P) Fa0/8(P) 4 Po4(SU) PAgP Fa0/9(P) Fa0/10(P) 12 Po12(RU) LACP Fa0/11(P) Fa0/12(P) DLS1#
d. What is the show command used to verify the spanning-tree configuration and root bridge (DLS1 or DLS2) for each VLAN? (answers may vary around show spanning-tree) show spanning-tree root
DLS1#show spanning-tree root Root Hello Max Fwd Vlan Root ID Cost Time Age Dly Root Port ---------------- -------------------- --------- ----- --- --- ------------ VLAN0012 24588 e840.406f.7280 0 2 20 15 VLAN0123 24699 e840.406f.6e00 24 2 20 15 Po4 VLAN0234 24810 e840.406f.6e00 24 2 20 15 Po4 VLAN0800 25376 e840.406f.7280 0 2 20 15 VLAN1010 25586 e840.406f.7280 0 2 20 15 VLAN1111 25687 e840.406f.7280 0 2 20 15 VLAN3456 28032 e840.406f.7280 0 2 20 15 DLS1#
e. What is the show command used to verify that the correct SVIs exist and that the correct HRSP routers are primary and standby for each VLAN? (answers may vary around show standby) show standby brief
DLS1#show standby brief P indicates configured to preempt. | Interface Grp Pri P State Active Standby Virtual IP Vl12 1 110 P Active local 10.0.12.253 10.0.12.254 Vl123 2 100 P Standby 10.0.123.253 local 10.0.123.254 Vl234 2 100 P Standby 10.0.234.253 local 10.0.234.254 Vl1010 1 110 P Active local 10.10.10.253 10.10.10.254 Vl1111 1 110 P Active local 10.11.11.253 10.11.11.254 Vl3456 1 110 P Active local 10.34.56.253 10.34.56.254 DLS1#
f. Verify that NTP is working. DLS2, ALS1 and ALS2 should have NTP sync with DLS1.
DLS2#show ntp status Clock is synchronized, stratum 5, reference is 10.34.56.252 ALS1#show ntp status Clock is synchronized, stratum 5, reference is 10.34.56.252 ALS2#show ntp status Clock is synchronized, stratum 5, reference is 10.34.56.252
g. Verify that AAA is working. From HOST C, telnet to each switch and login using the studentaaa account.
Ensure the RADIUS server is running and operational, and telnet to each switch from Host C should be successful.
h. Verify that SNMPv3 is working.
1) From HOST C, use ManageEngine MibBrowser to do a GET of the OID .1.3.6.1.2.1.2.2 (the interface table) from each switch.
2) Run Trap Viewer and enter then exit configuration mode on each switch. You should see traps received in the viewer window.
i. Verify that HSRP is working. From HOST A, start a continuous ping to 1.1.1.1. Then go to DLS2 and shutdown interface loopback 0. When this occurs, DLS2’s interface tracking should fail, causing it to demote itself from being the virtual gateway for VLAN 123. DLS1 will take over, and the still-running ping should show only minor packet loss.
C:\Users\student>ping -t 1.1.1.1 Pinging 1.1.1.1 with 32 bytes of data: Reply from 1.1.1.1: bytes=32 time=1ms TTL=255 Reply from 1.1.1.1: bytes=32 time=2ms TTL=255 Reply from 1.1.1.1: bytes=32 time=1ms TTL=255 Reply from 1.1.1.1: bytes=32 time=1ms TTL=255 Reply from 1.1.1.1: bytes=32 time=2ms TTL=255 Reply from 1.1.1.1: bytes=32 time=2ms TTL=255 Reply from 1.1.1.1: bytes=32 time=1ms TTL=255 Reply from 1.1.1.1: bytes=32 time=2ms TTL=255 Reply from 1.1.1.1: bytes=32 time=1ms TTL=255 Reply from 1.1.1.1: bytes=32 time=1ms TTL=255 Reply from 10.0.123.253: Destination host unreachable. Reply from 10.0.123.253: Destination host unreachable. Reply from 10.0.123.253: Destination host unreachable. Reply from 1.1.1.1: bytes=32 time=3ms TTL=255 Ping statistics for 1.1.1.1: Packets: Sent = 14, Received = 14, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 3ms, Average = 1ms DLS2(config)#int loop 0 DLS2(config-if)#shut DLS2(config-if)# Oct 31 20:05:43.827: %TRACKING-5-STATE: 1 interface Lo0 line-protocol Up->Down Oct 31 20:05:44.012: %HSRP-5-STATECHANGE: Vlan234 Grp 2 state Active -> Speak Oct 31 20:05:45.832: %LINK-5-CHANGED: Interface Loopback0, changed state to administratively down Oct 31 20:05:46.663: %HSRP-5-STATECHANGE: Vlan123 Grp 2 state Active -> Speak Oct 31 20:05:46.839: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to down DLS2(config-if)# Oct 31 20:05:54.062: %HSRP-5-STATECHANGE: Vlan234 Grp 2 state Speak -> Standby Oct 31 20:05:56.981: %HSRP-5-STATECHANGE: Vlan123 Grp 2 state Speak -> Standby
Device Configurations – INSTRUCTOR VERSION
DLS1
version 15.0 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname DLS1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$g7F8$JIwayUW08dphq/cbR7/NY0 ! username LASTDITCH password 0 321ocsic aaa new-model ! aaa authentication login CENTRAL-AUTH group radius local ! aaa session-id common clock timezone CDT -5 0 system mtu routing 1500 ip routing ! ! ip dhcp pool EXECUTIVES-POOL network 10.0.12.0 255.255.255.0 default-router 10.0.12.254 dns-server 1.1.1.1 ! ip dhcp pool CUBES-POOL network 10.0.123.0 255.255.255.0 default-router 10.0.123.254 dns-server 1.1.1.1 ! ip dhcp pool GUEST-POOL network 10.0.234.0 255.255.255.0 default-router 10.0.234.254 dns-server 1.1.1.1 ! ipv6 unicast-routing ! spanning-tree mode pvst spanning-tree extend system-id spanning-tree vlan 1,12,434,800,1010,1111,3456 priority 24576 spanning-tree vlan 123,234 priority 28672 ! vlan internal allocation policy ascending ! track 1 interface Loopback0 line-protocol ! interface Loopback0 ip address 1.1.1.1 255.255.255.255 ! interface Port-channel1 switchport trunk encapsulation dot1q switchport trunk native vlan 800 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 switchport mode trunk switchport nonegotiate ! interface Port-channel4 switchport trunk encapsulation dot1q switchport trunk native vlan 800 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 switchport mode trunk switchport nonegotiate ! interface Port-channel12 no switchport ip address 10.12.12.1 255.255.255.252 ! interface FastEthernet0/1 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/2 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/3 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/4 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/5 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/6 switchport access vlan 3456 switchport mode access spanning-tree portfast ! interface FastEthernet0/7 description member of po1 to ALS1 switchport trunk encapsulation dot1q switchport trunk native vlan 800 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 switchport mode trunk switchport nonegotiate channel-group 1 mode active ! interface FastEthernet0/8 description member of po1 to ALS1 switchport trunk encapsulation dot1q switchport trunk native vlan 800 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 switchport mode trunk switchport nonegotiate channel-group 1 mode active ! interface FastEthernet0/9 description member of po4 to ALS2 switchport trunk encapsulation dot1q switchport trunk native vlan 800 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 switchport mode trunk switchport nonegotiate channel-group 4 mode desirable ! interface FastEthernet0/10 description member of po4 to ALS2 switchport trunk encapsulation dot1q switchport trunk native vlan 800 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 switchport mode trunk switchport nonegotiate channel-group 4 mode desirable ! interface FastEthernet0/11 no switchport no ip address channel-group 12 mode active ! interface FastEthernet0/12 no switchport no ip address channel-group 12 mode active ! interface FastEthernet0/13 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/14 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/15 switchport access vlan 1111 switchport mode access spanning-tree portfast ! interface FastEthernet0/16 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/17 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/18 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/19 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/20 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/21 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/22 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/23 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/24 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface GigabitEthernet0/1 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface GigabitEthernet0/2 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface Vlan1 no ip address shutdown ! interface Vlan12 ip address 10.0.12.252 255.255.255.0 standby version 2 standby 1 ip 10.0.12.254 standby 1 priority 110 standby 1 preempt standby 1 track 1 decrement 30 ! interface Vlan123 ip address 10.0.123.252 255.255.255.0 standby version 2 standby 2 ip 10.0.123.254 standby 2 preempt ! interface Vlan234 ip address 10.0.234.252 255.255.255.0 standby version 2 standby 2 ip 10.0.234.254 standby 2 preempt ! interface Vlan1010 ip address 10.10.10.252 255.255.255.0 standby version 2 standby 1 ip 10.10.10.254 standby 1 priority 110 standby 1 preempt standby 1 track 1 decrement 30 ! interface Vlan1111 ip address 10.11.11.252 255.255.255.0 standby version 2 standby 1 ip 10.11.11.254 standby 1 priority 110 standby 1 preempt standby 1 track 1 decrement 30 ! interface Vlan3456 ip address 10.34.56.252 255.255.255.0 standby version 2 standby 1 ip 10.34.56.254 standby 1 priority 110 standby 1 preempt standby 1 track 1 decrement 30 ! ip http server ip http secure-server ! snmp-server group switch-sba v3 priv snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps flowmon snmp-server enable traps transceiver all snmp-server enable traps call-home message-send-fail server-fail snmp-server enable traps tty snmp-server enable traps eigrp snmp-server enable traps ospf state-change snmp-server enable traps ospf errors snmp-server enable traps ospf retransmit snmp-server enable traps ospf lsa snmp-server enable traps ospf cisco-specific state-change nssa-trans-change snmp-server enable traps ospf cisco-specific state-change shamlink interface snmp-server enable traps ospf cisco-specific state-change shamlink neighbor snmp-server enable traps ospf cisco-specific errors snmp-server enable traps ospf cisco-specific retransmit snmp-server enable traps ospf cisco-specific lsa snmp-server enable traps cluster snmp-server enable traps fru-ctrl snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps power-ethernet police snmp-server enable traps rep snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps auth-framework sec-violation snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps bgp snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps event-manager snmp-server enable traps hsrp snmp-server enable traps ipmulticast snmp-server enable traps isis snmp-server enable traps msdp snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message snmp-server enable traps energywise snmp-server enable traps vstack snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps ipsla snmp-server enable traps ike policy add snmp-server enable traps ike policy delete snmp-server enable traps ike tunnel start snmp-server enable traps ike tunnel stop snmp-server enable traps ipsec cryptomap add snmp-server enable traps ipsec cryptomap delete snmp-server enable traps ipsec cryptomap attach snmp-server enable traps ipsec cryptomap detach snmp-server enable traps ipsec tunnel start snmp-server enable traps ipsec tunnel stop snmp-server enable traps ipsec too-many-sas snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down snmp-server host 10.34.56.50 version 3 priv sbastudent snmp ifmib ifindex persist ! radius server RADIUS address ipv4 10.34.56.50 auth-port 1812 acct-port 1813 key WinRadius ! line con 0 line vty 0 4 password cisco login authentication CENTRAL-AUTH line vty 5 15 ! ntp master 4 end
DLS2
version 15.0 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname DLS2 ! boot-start-marker boot-end-marker ! enable secret 5 $1$STz1$voB57usiW/YyJn7SLSSc70 ! username LASTDITCH password 0 321ocsic aaa new-model ! ! aaa authentication login CENTRAL-AUTH group radius local ! aaa session-id common clock timezone CDT -5 0 system mtu routing 1500 vtp mode transparent ip routing ! ipv6 unicast-routing ! spanning-tree mode pvst spanning-tree extend system-id spanning-tree vlan 1,12,434,800,1010,3456 priority 28672 spanning-tree vlan 123,234 priority 24576 ! vlan internal allocation policy ascending ! vlan 12 name EXECUTIVES ! vlan 123 name CUBES ! vlan 234 name GUEST ! vlan 434 name PARKING-LOT state suspend ! vlan 567 name ACCOUNTING ! vlan 800 name NATIVE-VLAN ! vlan 1010 name VOICE ! vlan 1111 name VIDEONET ! vlan 3456 name MANAGEMENT ! track 1 interface Loopback0 line-protocol ! interface Loopback0 ip address 1.1.1.1 255.255.255.255 ! interface Port-channel2 switchport trunk encapsulation dot1q switchport trunk native vlan 800 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 switchport mode trunk switchport nonegotiate ! interface Port-channel3 switchport trunk encapsulation dot1q switchport trunk native vlan 800 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 switchport mode trunk switchport nonegotiate ! interface Port-channel12 no switchport ip address 10.12.12.2 255.255.255.252 ! interface FastEthernet0/1 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/2 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/3 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/4 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/5 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/6 switchport access vlan 12 switchport mode access switchport voice vlan 1010 spanning-tree portfast ! interface FastEthernet0/7 description member of po1 to ALS2 switchport trunk encapsulation dot1q switchport trunk native vlan 800 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 switchport mode trunk switchport nonegotiate channel-group 2 mode active ! interface FastEthernet0/8 description member of po1 to ALS2 switchport trunk encapsulation dot1q switchport trunk native vlan 800 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 switchport mode trunk switchport nonegotiate channel-group 2 mode active ! interface FastEthernet0/9 description member of po3 to ALS1 switchport trunk encapsulation dot1q switchport trunk native vlan 800 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 switchport mode trunk switchport nonegotiate channel-group 3 mode desirable ! interface FastEthernet0/10 description member of po3 to ALS1 switchport trunk encapsulation dot1q switchport trunk native vlan 800 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 switchport mode trunk switchport nonegotiate channel-group 3 mode desirable ! interface FastEthernet0/11 no switchport no ip address channel-group 12 mode active ! interface FastEthernet0/12 no switchport no ip address channel-group 12 mode active ! interface FastEthernet0/13 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/14 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/15 switchport access vlan 1111 switchport mode access spanning-tree portfast ! interface FastEthernet0/16 switchport access vlan 567 switchport mode access spanning-tree portfast ! interface FastEthernet0/17 switchport access vlan 567 switchport mode access spanning-tree portfast ! interface FastEthernet0/18 switchport access vlan 567 switchport mode access spanning-tree portfast ! interface FastEthernet0/19 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/20 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/21 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/22 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/23 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/24 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface GigabitEthernet0/1 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface GigabitEthernet0/2 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface Vlan1 no ip address shutdown ! interface Vlan12 ip address 10.0.12.253 255.255.255.0 standby version 2 standby 1 ip 10.0.12.254 standby 1 preempt ! interface Vlan123 ip address 10.0.123.253 255.255.255.0 standby version 2 standby 2 ip 10.0.123.254 standby 2 priority 110 standby 2 preempt standby 2 track 1 decrement 30 ! interface Vlan234 ip address 10.0.234.253 255.255.255.0 standby version 2 standby 2 ip 10.0.234.254 standby 2 priority 110 standby 2 preempt standby 2 track 1 decrement 30 ! interface Vlan1010 ip address 10.10.10.253 255.255.255.0 standby version 2 standby 1 ip 10.10.10.254 standby 1 preempt ! interface Vlan1111 ip address 10.11.11.253 255.255.255.0 standby version 2 standby 1 ip 10.11.11.254 standby 1 preempt ! interface Vlan3456 ip address 10.34.56.253 255.255.255.0 standby version 2 standby 1 ip 10.34.56.254 standby 1 preempt ! ip http server ip http secure-server ! snmp-server group switch-sba v3 priv snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps flowmon snmp-server enable traps transceiver all snmp-server enable traps call-home message-send-fail server-fail snmp-server enable traps tty snmp-server enable traps eigrp snmp-server enable traps ospf state-change snmp-server enable traps ospf errors snmp-server enable traps ospf retransmit snmp-server enable traps ospf lsa snmp-server enable traps ospf cisco-specific state-change nssa-trans-change snmp-server enable traps ospf cisco-specific state-change shamlink interface snmp-server enable traps ospf cisco-specific state-change shamlink neighbor snmp-server enable traps ospf cisco-specific errors snmp-server enable traps ospf cisco-specific retransmit snmp-server enable traps ospf cisco-specific lsa snmp-server enable traps cluster snmp-server enable traps fru-ctrl snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps power-ethernet police snmp-server enable traps rep snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps auth-framework sec-violation snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps bgp snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps event-manager snmp-server enable traps hsrp snmp-server enable traps ipmulticast snmp-server enable traps isis snmp-server enable traps msdp snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message snmp-server enable traps energywise snmp-server enable traps vstack snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps ipsla snmp-server enable traps ike policy add snmp-server enable traps ike policy delete snmp-server enable traps ike tunnel start snmp-server enable traps ike tunnel stop snmp-server enable traps ipsec cryptomap add snmp-server enable traps ipsec cryptomap delete snmp-server enable traps ipsec cryptomap attach snmp-server enable traps ipsec cryptomap detach snmp-server enable traps ipsec tunnel start snmp-server enable traps ipsec tunnel stop snmp-server enable traps ipsec too-many-sas snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down snmp-server host 10.34.56.50 version 3 priv sbastudent snmp ifmib ifindex persist ! radius server RADIUS address ipv4 10.34.56.50 auth-port 1812 acct-port 1813 key WinRadius ! line con 0 line vty 0 4 password cisco login authentication CENTRAL-AUTH line vty 5 15 ! ntp server 10.34.56.252 end
ALS1
version 15.0 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ALS1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$VwMl$v0PIRGNyxK2mzGdov1V9e/ ! username LASTDITCH password 0 321ocsic aaa new-model ! aaa authentication login CENTRAL-AUTH group radius local ! aaa session-id common clock timezone CDT -5 0 system mtu routing 1500 ! spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! interface Port-channel1 switchport trunk native vlan 800 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 switchport mode trunk switchport nonegotiate ! interface Port-channel3 switchport trunk native vlan 800 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 switchport mode trunk switchport nonegotiate ! interface FastEthernet0/1 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/2 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/3 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/4 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/5 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/6 switchport access vlan 123 switchport mode access switchport voice vlan 1010 spanning-tree portfast ! interface FastEthernet0/7 description member of po1 to DLS1 switchport trunk native vlan 800 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 switchport mode trunk switchport nonegotiate channel-group 1 mode active ! interface FastEthernet0/8 description member of po1 to DLS1 switchport trunk native vlan 800 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 switchport mode trunk switchport nonegotiate channel-group 1 mode active ! interface FastEthernet0/9 description member of po 3 to DLS2 switchport trunk native vlan 800 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 switchport mode trunk switchport nonegotiate channel-group 3 mode desirable ! interface FastEthernet0/10 description member of po 3 to DLS2 switchport trunk native vlan 800 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 switchport mode trunk switchport nonegotiate channel-group 3 mode desirable ! interface FastEthernet0/11 shutdown ! interface FastEthernet0/12 shutdown ! interface FastEthernet0/13 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/14 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/15 switchport access vlan 1111 switchport mode access spanning-tree portfast ! interface FastEthernet0/16 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/17 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/18 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/19 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/20 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/21 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/22 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/23 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/24 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface GigabitEthernet0/1 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface GigabitEthernet0/2 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface Vlan1 no ip address ! interface Vlan3456 ip address 10.34.56.101 255.255.255.0 ! ip default-gateway 10.34.56.254 ip http server ip http secure-server ! snmp-server group switch-sba v3 priv snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps transceiver all snmp-server enable traps call-home message-send-fail server-fail snmp-server enable traps tty snmp-server enable traps cluster snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps auth-framework sec-violation snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps power-ethernet police snmp-server enable traps fru-ctrl snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps energywise snmp-server enable traps vstack snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable snmp-server host 10.34.56.50 version 3 priv sbastudent snmp ifmib ifindex persist ! radius server RADIUS address ipv4 10.34.56.50 auth-port 1812 acct-port 1813 key WinRadius ! line con 0 line vty 0 4 password cisco login authentication CENTRAL-AUTH line vty 5 15 ! ntp server 10.34.56.252 end
ALS2
version 15.0 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ALS2 ! boot-start-marker boot-end-marker ! enable secret 5 $1$RfCM$nrsQv/Oo05Kjhf66QDIse. ! username LASTDITCH password 0 321ocsic aaa new-model ! aaa authentication login CENTRAL-AUTH group radius local ! aaa session-id common clock timezone CDT -5 0 system mtu routing 1500 ! spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! interface Port-channel2 switchport trunk native vlan 800 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 switchport mode trunk switchport nonegotiate ! interface Port-channel4 switchport trunk native vlan 800 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 switchport mode trunk switchport nonegotiate ! interface FastEthernet0/1 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/2 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/3 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/4 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/5 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/6 switchport access vlan 234 switchport mode access spanning-tree portfast ! interface FastEthernet0/7 description member of po2 to DLS2 switchport trunk native vlan 800 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 switchport mode trunk switchport nonegotiate channel-group 2 mode active ! interface FastEthernet0/8 description member of po2 to DLS2 switchport trunk native vlan 800 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 switchport mode trunk switchport nonegotiate channel-group 2 mode active ! interface FastEthernet0/9 description member of po 4 to DLS1 switchport trunk native vlan 800 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 switchport mode trunk switchport nonegotiate channel-group 4 mode desirable ! interface FastEthernet0/10 description member of po 4 to DLS1 switchport trunk native vlan 800 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 switchport mode trunk switchport nonegotiate channel-group 4 mode desirable ! interface FastEthernet0/11 shutdown ! interface FastEthernet0/12 shutdown ! interface FastEthernet0/13 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/14 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/15 switchport access vlan 1111 switchport mode access spanning-tree portfast ! interface FastEthernet0/16 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/17 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/18 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/19 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/20 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/21 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/22 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/23 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface FastEthernet0/24 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface GigabitEthernet0/1 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface GigabitEthernet0/2 switchport access vlan 434 switchport mode access shutdown spanning-tree portfast ! interface Vlan1 no ip address ! interface Vlan3456 ip address 10.34.56.102 255.255.255.0 ! ip default-gateway 10.34.56.254 ip http server ip http secure-server ! snmp-server group switch-sba v3 priv snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps transceiver all snmp-server enable traps call-home message-send-fail server-fail snmp-server enable traps tty snmp-server enable traps cluster snmp-server enable traps entity snmp-server enable traps cpu threshold snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps flash insertion removal snmp-server enable traps port-security snmp-server enable traps auth-framework sec-violation snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps power-ethernet police snmp-server enable traps fru-ctrl snmp-server enable traps config-copy snmp-server enable traps config snmp-server enable traps config-ctid snmp-server enable traps energywise snmp-server enable traps vstack snmp-server enable traps bridge newroot topologychange snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency snmp-server enable traps syslog snmp-server enable traps mac-notification change move threshold snmp-server enable traps vlan-membership snmp-server enable traps errdisable snmp-server host 10.34.56.50 version 3 priv sbastudent snmp ifmib ifindex persist ! radius server RADIUS address ipv4 10.34.56.50 auth-port 1812 acct-port 1813 key WinRadius ! line con 0 line vty 0 4 password cisco login authentication CENTRAL-AUTH line vty 5 15 ! ntp server 10.34.56.252 end
Device Configuration Scripts – INSTRUCTOR VERSION
DLS1
en conf t hostname DLS1 enable secret class line vty 0 4 password cisco login ! this will be over-ridden later by AAA exit int ran f0/1-24, g0/1-2 shutdown exit int ran f0/11-12 no switchport channel-group 12 mode active no shut exit interface port-channel 12 ip address 10.12.12.1 255.255.255.252 exit int ran f0/7-10 switchport trunk encapsulation dot1q switchport trunk native vlan 800 switchport mode trunk switchport nonegotiate no shut exit int ran f0/7-8 desc member of po1 to ALS1 channel-group 1 mode active exit int ran f0/9-10 desc member of po4 to ALS2 channel-group 4 mode desirable exit vtp domain SWITCHSBA vtp ver 3 vtp password c1sc0abc end ! ! SET AS PRIMARY FOR VLAN ! vtp primary vlan ! ! conf t vlan 800 name NATIVE exit vlan 434 name PARKING state suspend exit vlan 12 name EXECUTIVES exit vlan 123 name CUBES exit vlan 234 name GUEST exit vlan 1010 name VOICE exit vlan 1111 name VIDEONET exit vlan 3456 name MANAGEMENT exit spanning-tree vlan 1,12,434,800,1010,1111,3456 root primary spanning-tree vlan 123,234 root secondary interface port-channel 1 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 exit interface port-channel 4 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 ip routing ipv6 unicast-routing int vlan 12 ip address 10.0.12.252 255.255.255.0 no sh exit int vlan 123 ip address 10.0.123.252 255.255.255.0 no sh exit int vlan 234 ip address 10.0.234.252 255.255.255.0 no sh exit int vlan 1010 ip add 10.10.10.252 255.255.255.0 no shut exit int vlan 1111 ip add 10.11.11.252 255.255.255.0 no sh exit int vlan 3456 ip address 10.34.56.252 255.255.255.0 no shut exit int loop 0 ip address 1.1.1.1 255.255.255.255 no shut exit ! interface f0/6 switchport host switchport access vlan 3456 no shut exit int f0/15 swi host swi ac v 1111 no sh exit int ran f0/1-5, f0/13-14, f0/16-24, g0/1-2 swi host swi ac v 434 shut exit ! ! HSRP & TRACKING COMMANDS BELOW ! NOTE: DLS1 primary for 12 and 1010 and 1111 and 3456, DLS2 primary for 123 and 234 ! int vlan 12 standby ver 2 standby 1 ip 10.0.12.254 standby 1 preempt standby 1 priority 110 standby 1 track loop 0 30 exit int vlan 123 stand ver 2 stand 2 ip 10.0.123.254 standby 2 preempt exit int vlan 234 stand ver 2 stand 2 ip 10.0.234.254 stand 2 preempt exit int vlan 1010 stand ver 2 stand 1 ip 10.10.10.254 stand 1 preempt stand 1 pri 110 standby 1 track loop 0 30 exit int vlan 1111 stand ver 2 stand 1 ip 10.11.11.254 stand 1 preempt stand 1 pri 110 standby 1 track loop 0 30 exit int vlan 3456 stand ver 2 stand 1 ip 10.34.56.254 stand 1 preempt stand 1 pri 110 standby 1 track loop 0 30 exit ! ! ! HSRP & TRACKING COMMANDS ABOVE ! NTP & CLOCK COMMANDS BELOW ! do clock set 19:00:00 31 Oct 2014 clock timezone CDT -5 ntp master 4 ! ! NTP & CLOCK COMMANDS ABOVE ! COMMANDS FOR AAA BELOW ! username LASTDITCH password 321ocsic aaa new-model radius server RADIUS address ipv4 10.34.56.50 auth-port 1812 acct-port 1813 key WinRadius exit aaa authentication login CENTRAL-AUTH group radius local line vty 0 4 login authentication CENTRAL-AUTH exit ! COMMANDS FOR AAA ABOVE ! ! SNMP COMMANDS BELOW snmp-server group switch-sba v3 priv snmp-server user sbastudent switch-sba v3 auth sha cisco123 priv aes 128 cisco123 snmp-server host 10.34.56.50 version 3 priv sbastudent snmp-server ifindex persist snmp-server enable traps ! ! SNMP COMMANDS ABOVE ! DHCP COMMANDS BELOW ! ip dhcp pool EXECUTIVES-POOL network 10.0.12.0 255.255.255.0 default-router 10.0.12.254 dns-server 1.1.1.1 exit ip dhcp pool CUBES-POOL network 10.0.123.0 255.255.255.0 default-router 10.0.123.254 dns-server 1.1.1.1 exit ip dhcp pool GUEST-POOL network 10.0.234.0 255.255.255.0 default-router 10.0.234.254 dns-server 1.1.1.1 exit
DLS2
en conf t hostname DLS2 enable secret class line vty 0 4 password cisco login ! this will be over-ridden later by AAA exit int ran f0/1-24, g0/1-2 shutdown exit int ran f0/11-12 no switchport channel-group 12 mode active no shut exit interface port-channel 12 ip address 10.12.12.2 255.255.255.252 exit int ran f0/7-10 switchport trunk encapsulation dot1q switchport trunk native vlan 800 switchport mode trunk switchport nonegotiate no shut exit int ran f0/7-8 desc member of po1 to ALS2 channel-group 2 mode active exit int ran f0/9-10 desc member of po3 to ALS1 channel-group 3 mode desirable exit vtp ver 2 vtp mode transparent spanning-tree vlan 1,12,123,234,434,800,1010,3456 root secondary spanning-tree vlan 123,234 root primary vlan 800 name NATIVE-VLAN exit vlan 434 name PARKING-LOT state suspend exit vlan 12 name EXECUTIVES exit vlan 123 name CUBES exit vlan 234 name GUEST exit vlan 1010 name VOICE exit vlan 1111 name VIDEONET exit vlan 3456 name MANAGEMENT exit vlan 567 name ACCOUNTING exit interface port-channel 2 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 exit interface port-channel 3 switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 exit ip routing ipv6 unicast-routing ! multicast routing? int vlan 12 ip address 10.0.12.253 255.255.255.0 no sh exit int vlan 123 ip address 10.0.123.253 255.255.255.0 no sh exit int vlan 234 ip address 10.0.234.253 255.255.255.0 no sh exit int vlan 1010 ip add 10.10.10.253 255.255.255.0 no shut exit int vlan 1111 ip add 10.11.11.253 255.255.255.0 no shut exit int vlan 3456 ip address 10.34.56.253 255.255.255.0 no shut exit int loop 0 ip address 1.1.1.1 255.255.255.255 no shut exit ! interface f0/6 switchport host switchport access vlan 12 switchport voice vlan 1010 no shut exit int f0/15 swi host swi ac v 1111 no sh exit int ran f0/16-18 swi host swi ac v 567 no shut exit int ran f0/1-5, f0/13-14, f0/19-24, g0/1-2 swi host swi ac v 434 shut exit ! ! HSRP & TRACKING COMMANDS BELOW ! NOTE: DLS1 primary for 12 and 1010 and 1111 and 3456, DLS2 primary for 123 and 234 ! int vlan 12 standby ver 2 standby 1 ip 10.0.12.254 standby 1 preempt exit int vlan 123 stand ver 2 stand 2 ip 10.0.123.254 standby 2 preempt standby 2 priority 110 standby 2 track loop 0 30 exit int vlan 234 stand ver 2 stand 2 ip 10.0.234.254 stand 2 preempt standby 2 priority 110 standby 2 track loop 0 30 exit int vlan 1010 stand ver 2 stand 1 ip 10.10.10.254 stand 1 preempt exit int vlan 1111 stand ver 2 stand 1 ip 10.11.11.254 stand 1 preempt exit int vlan 3456 stand ver 2 stand 1 ip 10.34.56.254 stand 1 preempt exit ! ! ! HSRP & TRACKING COMMANDS ABOVE ! do clock set 19:00:00 31 Oct 2014 clock timezone CDT -5 ntp server 10.34.56.252 ! ! COMMANDS FOR AAA BELOW ! username LASTDITCH password 321ocsic aaa new-model radius server RADIUS address ipv4 10.34.56.50 auth-port 1812 acct-port 1813 key WinRadius exit aaa authentication login CENTRAL-AUTH group radius local line vty 0 4 login authentication CENTRAL-AUTH exit ! COMMANDS FOR AAA ABOVE ! ! SNMP COMMANDS BELOW snmp-server group switch-sba v3 priv snmp-server user sbastudent switch-sba v3 auth sha cisco123 priv aes 128 cisco123 snmp-server host 10.34.56.50 version 3 priv sbastudent snmp-server ifindex persist snmp-server enable traps ! SNMP COMMANDS ABOVE ! exit
ALS1
en conf t hostname ALS1 ena sec class line vty 0 4 passw cisco login ! this will be over-ridden later by AAA exit int ran f0/1-24, g0/1-2 shutdown exit int ran f0/7-10 swi mo tru swi tr nat v 800 swi non no shut exit int ran f0/7-8 desc member of po1 to DLS1 channel-group 1 mode active switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 no shut exit int ran f0/9-10 desc member of po 3 to DLS2 channel-group 3 mode desirable switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 no shut exit int vlan 3456 ip address 10.34.56.101 255.255.255.0 no shut exit ip default-gateway 10.34.56.254 vtp domain SWITCHSBA vtp ver 3 vtp mo client vtp password c1sc0abc ! ! COMMANDS FOR AAA BELOW ! username LASTDITCH password 321ocsic aaa new-model radius server RADIUS address ipv4 10.34.56.50 auth-port 1812 acct-port 1813 key WinRadius exit aaa authentication login CENTRAL-AUTH group radius local line vty 0 4 login authentication CENTRAL-AUTH exit ! COMMANDS FOR AAA ABOVE ! ! ! SNMP COMMANDS BELOW snmp-server group switch-sba v3 priv snmp-server user sbastudent switch-sba v3 auth sha cisco123 priv aes 128 cisco123 snmp-server host 10.34.56.50 version 3 priv sbastudent snmp-server ifindex persist snmp-server enable traps ! SNMP COMMANDS ABOVE ! int f0/6 switchport host switchport access vlan 123 switchport voice vlan 1010 no shut exit int f0/15 swi host swi ac v 1111 no sh exit int ran f0/1-5, f0/13-14, f0/16-24, g0/1-2 swi host swi ac v 434 shut exit do clock set 19:00:00 31 Oct 2014 clock timezone CDT -5 ntp server 10.34.56.252 end
ALS2
en conf t hostname ALS2 ena sec class line vty 0 4 passw cisco login ! this will be over-ridden later by AAA exit int ran f0/1-24, g0/1-2 shutdown exit int ran f0/7-10 swi mo tru swi tr nat v 800 swi non no shut exit int ran f0/7-8 desc member of po2 to DLS2 channel-group 2 mode active switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 no shut exit int ran f0/9-10 desc member of po 4 to DLS1 channel-group 4 mode desirable switchport trunk allowed vlan 12,123,234,800,1010,1111,3456 no shut exit int vlan 3456 ip add 10.34.56.102 255.255.255.0 no shut exit ip default-gateway 10.34.56.254 vtp domain SWITCHSBA vtp ver 3 vtp mo client vtp password c1sc0abc ! ! COMMANDS FOR AAA BELOW ! username LASTDITCH password 321ocsic aaa new-model radius server RADIUS address ipv4 10.34.56.50 auth-port 1812 acct-port 1813 key WinRadius exit aaa authentication login CENTRAL-AUTH group radius local line vty 0 4 login authentication CENTRAL-AUTH exit ! COMMANDS FOR AAA ABOVE ! ! SNMP COMMANDS BELOW snmp-server group switch-sba v3 priv snmp-server user sbastudent switch-sba v3 auth sha cisco123 priv aes 128 cisco123 snmp-server host 10.34.56.50 version 3 priv sbastudent snmp-server ifindex persist snmp-server enable traps ! SNMP COMMANDS ABOVE ! int f0/6 switchport host switchport access vlan 234 no shut exit int f0/15 swi host swi ac v 1111 no sh exit int ran f0/1-5, f0/13-14, f0/16-24, g0/1-2 swi host swi ac v 434 shut exit ! do clock set 19:00:00 31 Oct 2014 clock timezone CDT -5 ntp server 10.34.56.252 end
Thanks