CCNPv7 SWITCH

CCNPv7 SWITCH
Skills-Based Assessment
Topology
Objectives
Part 1: Build the physical network topology (optional).
Part 2: Configure the switches in the topology according to the diagram and the specifications provided.
Part 3: Test the network for connectivity and the configured options.
Exam Overview
This skills-based assessment (SBA) is the final practical exam for Academy training for the course CCNPv7
SWITCH. In Part 1, you build the physical network. In part 2, you configure various features such as trunking,
EtherChannel, VTP, VLANs, SVIs, routed links, and HSRP. In Part 3, you create a Tcl script to test IP
connectivity and use show commands to verify configured options. This exam combines device configuration
and troubleshooting.
Note: This lab uses Cisco Catalyst 3560 and 2960 switches running Cisco IOS 15.0(2)SE6 IP Services and
LAN Base images, respectively. The 3560 and 2960 switches are configured with the SDM templates “dual-
ipv4-and-ipv6 routing” and “lanbase-routing”, respectively. Depending on the switch model and Cisco IOS
Software version, the commands available and output produced might vary from what is shown in this lab.
Catalyst 3650 switches (running any Cisco IOS XE release) and Catalyst 2960-Plus switches (running any
comparable Cisco IOS image) can be used in place of the Catalyst 3560 switches and the Catalyst 2960
switches..
.
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 5
CCNPv7 SWITCH Skills Based Assessment
Required Resources
 2 switches (Cisco 2960 with the Cisco IOS Release 15.0(2)SE6 C2960-LANBASEK9-M image or
comparable)
 2 switches (Cisco 3560 with the Cisco IOS Release 15.0(2)SE6 C3560-IPSERVICESK9-M image or
comparable)
 Ethernet and console cables
 4 PCs with Windows OS
o PC C (Connected to DLS1) additionally requires the following software:
 ManageEngine MibBrowser
 TFTPD32
 WinRadius
Part 1: Build the Physical Network (Optional)

Connect all devices as shown in the topology. You must use the interfaces specified in diagram, if
possible. Clear all previous configurations.
Part 2: Configure the network according to specifications.

a. Shutdown all interfaces on each switch.
b. Configure each switch with a hostname and the enable secret class.
c. Configure trunks and port-channels as shown in the diagram. Issue the no shut command as you go.
1) The connection between DLS1 and DLS2 will be a layer-3 EtherChannel using LACP. DLS1 will use
the IP address 10.12.12.1/30 and DLS2 will use 10.12.12.2/30.
2) The Port-channels on interfaces fa0/7 and fa0/8 will use LACP.
3) The Port-channels on interfaces f0/9 and fa0/10 will use PAgP.
4) All trunks will use VLAN 800 as the native VLAN.
d. Configure DLS1, ALS1, and ALS2 to use VTP version 3
1) Use the domain name SWITCHSBA with the password !ssalc
2) Configure DLS1 as the primary server for VLANs.
3) Configure ALS1 and ALS2 as VTP clients.
e. On the primary VLAN server create and name the following VLANs:
VLAN Number VLAN Name VLAN Number VLAN Name
800 NATIVE 434 PARKING
12 EXECUTIVES 123 CUBES
234 GUEST 1010 VOICE
1111 VIDEONET 3456 MANAGEMENT
f. On DLS1, suspend VLAN 434.

g. Configure DLS2 to be a VTP Transparent mode switch using VTP version 2, then locally configure the
same VLANs and VLAN names. Suspend VLAN 434
h. On DLS2, create VLAN 567 and name it ACCOUNTING. The Accounting VLAN will NOT be configured
or available on any other switch in the network.
i. Configure DLS1 as the spanning tree root for VLANs 1, 12, 434, 800, 1010, 1111, and 3456 and as a
secondary root for VLANs 123 and 234
j. Configure DLS2 as the spanning tree root for VLANs 123 and 234 and as a secondary root for VLANs 12,
434, 800, 1010, 1111, and 3456.
k. Configure all trunks so that, with the exception of VLANs 1, 434 and 567, only the VLANs that have been
created are allowed to cross the trunk
l. Assign interfaces as access ports to VLANs as follows:
DLS1 DLS2 ALS1 ALS2
Interface Fa0/6 3456 12 / voice 1010 123 / voice 1010 234
Interface Fa0/15 1111 1111 1111 1111
Interfaces F0/16-18 567
m. All unused interfaces will be assigned to the parking lot VLAN and shut down.
n. Configure SVIs on DLS1 and DLS2 in support of all of the VLANs and inter-VLAN routing. Use the
following table for subnet assignments:
VLAN VLAN Name Subnet VLAN VLAN Name Subnet
12 EXECUTIVES 10.0.12.0/24 123 CUBES 10.0.123.0/24
234 GUEST 10.0.234.0/24 1010 VOICE 10.10.10.0/24
1111 VIDEONET 10.11.11.0/24 3456 MANAGEMENT 10.34.56.0/24
DLS1 will always use the .252 address and DLS2 will always use the .253 address for IPv4 addresses. VLAN
567 on DLS2 will NOT be supported by routing.
o. Configure an interface Loopback 0 on both DLS1 and DLS2. This interface will be addressed 1.1.1.1/32
on both switches.
p. Configure HSRP with interface tracking for VLANs 12, 123, 234, 1010, and 1111
1) Use HSRP version 2
2) Create two HSRP groups, aligning VLAN 12, 1010, 1111, and 3456 to the first group and 123 and
234 to the second group.
3) DLS1 will be the primary switch for VLANs 12, 1010, 1111, and 3456; DLS2 will be the primary switch
for VLANs 123 and 234.
4) Configure all groups with preemption. Further configure priority to ensure that the primary switch
takes over upon recovery.
5) Use the virtual address .254 as the standby address for all VLANs
6) Configure interface tracking so that each group tracks the local interface Loopback 0 interface.
q. Set the correct UTC time, configure DLS1 as an NTP server and then set the correct time zone.
r. Configure DLS2, ALS1, and ALS2 to use the Management network to synchronize time with the NTP
server.
s. Configure HOST C with a static IPv6 address of 10.34.56.50/24 and a default-gateway of 10.34.56.254
t. Configure all four switches to use AAA to authenticate VTY lines 0 through 4. The RADIUS server is on
HOST C (10.34.56.50) and uses WinRadius with a shared secret key of WinRadius. Ensure aaa new-
model is configured. Further ensure that there is a fallback account configured should the RADIUS
server not be available.
1) AAA Account: studentaaa password cisco123
2) Local Fallback Account: lastditch password 321ocsic
u. Configure all four switches to use SNMP version 3.
1) The SNMP Server is HOST C at 10.34.56.50
2) SNMP v3 will use PRIV with AES 128 and AUTH with SHA.
3) The community string will be switch-sba
4) The secret key will be cisco123
5) The username will be sbastudent and password will be cisco123
v. Configure DLS1 to be a DHCP server for VLANs 12, 123, and 234
1) Exclude the addresses .251-.254 in each subnet
2) Set the DNS server to 1.1.1.1 for all three pools.
3) Set the default router to the HSRP virtual address for each VLAN
w. Obtain IPv4 addresses on Hosts A, B, and D via DHCP.
Part 3: Test network connectivity and configured options.

a. Create a Tcl script to test connectivity from each distribution layer switch to the addresses you assigned
in the topology.
b. What is the show command used to verify that the correct VLANs exist on all switches and contain the
correct ports?
c. What is the show command used to verify that the EtherChannel between DLS1 and ALS1 is configured
correctly?
d. What is the show command used to verify the spanning-tree configuration and root bridge (DLS1 or
DLS2) for each VLAN?
e. What is the show command used to verify that the correct SVIs exist and that the correct HRSP routers
are primary and standby for each VLAN?
f. Verify that NTP is working. DLS2, ALS1 and ALS2 should have NTP sync with DLS1.
g. Verify that AAA is working. From HOST C, telnet to each switch and login using the studentaaa account.
h. Verify that SNMPv3 is working. From HOST C, use ManageEngine MibBrowser to do a GET of the OID
.1.3.6.1.2.1.2.2 (the interface table). from each switch. Run Trap Viewer and enter then exit configuration
mode on each switch. You should see traps received in the viewer window.
i. Verify that HSRP is working. From HOST A, start a continuous ping to 1.1.1.1. Then go to DLS2 and
shutdown interface loopback 0. When this occurs, DLS2’s interface tracking should fail, causing it to
demote itself from being the virtual gateway for VLAN 123. DLS1 will take over, and the still-running ping
should show only minor packet loss.
Exam Notes:
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________

CCNPv7 SWITCH - SBA Version A - STUDENT

Uploaded by

Copyright:

Available Formats

CCNPv7 SWITCH - SBA Version A - STUDENT

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CCNPv7 SWITCH - SBA Version A - STUDENT

Uploaded by

Copyright:

Available Formats

Part 1: Build the Physical Network (Optional)

Part 2: Configure the network according to specifications.

VLAN Number VLAN Name VLAN Number VLAN Name

800 NATIVE 434 PARKING

12 EXECUTIVES 123 CUBES

234 GUEST 1010 VOICE

1111 VIDEONET 3456 MANAGEMENT

f. On DLS1, suspend VLAN 434.

DLS1 DLS2 ALS1 ALS2

Interface Fa0/6 3456 12 / voice 1010 123 / voice 1010 234

Interface Fa0/15 1111 1111 1111 1111

Interfaces F0/16-18 567

VLAN VLAN Name Subnet VLAN VLAN Name Subnet

12 EXECUTIVES 10.0.12.0/24 123 CUBES 10.0.123.0/24

234 GUEST 10.0.234.0/24 1010 VOICE 10.10.10.0/24

1111 VIDEONET 10.11.11.0/24 3456 MANAGEMENT 10.34.56.0/24

Part 3: Test network connectivity and configured options.

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.