Scribd
Upload
2K views

CCNP Switching Case Study 3

Digital Technologies Inc is setting up a new city office network with VLANs, trunking, routing, and redundancy features. The network uses Cisco switches and routers to connect user subnets, servers, phones, and management devices. Multiple Spanning Tree Protocol (MSTP) will be used along with other protocols like HSRP, EIGRP, DHCP snooping, and AAA authentication to provide fault tolerance and security across the network.

Uploaded by

http://utsit.blogspot.com.au/
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
2K views

CCNP Switching Case Study 3

Digital Technologies Inc is setting up a new city office network with VLANs, trunking, routing, and redundancy features. The network uses Cisco switches and routers to connect user subnets, servers, phones, and management devices. Multiple Spanning Tree Protocol (MSTP) will be used along with other protocols like HSRP, EIGRP, DHCP snooping, and AAA authentication to provide fault tolerance and security across the network.

Uploaded by

http://utsit.blogspot.com.au/
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

CCNP3CaseStudy

Topology

Scenario
DigitalTechnologiesInc(DTI)hasanewcityoffice.Thedesignrequiresmaintrunksas
EtherChannels,withbackuplinks,trunkportsandaccessportsusingCatalyst2960(or2950)and
3560(or3550)switches,and2811seriesrouters.Faulttolerantlinksarerequiredsoalllinks,even
thosetoISP,requirebackup.
Staff,atthecityoffice,areinthefollowingsubnets:
1.
2.
3.
4.
5.

Corporate(Manager,Accounts,Secretaries)VLAN10
Sales(Marketing,Sales,Delivery)VLAN20
Servers(attachedtoDLS2)VLAN30
TelephonyVLAN150
Management(Forallswitches)VLAN217

32011MSN

CaseStudy3Autumn2011

Page1

MultipleInstanceSpanningTree(MST)willbeused,incombinationwithPortFastandBPDUguard.
Forloadbalancing,DLS1willberootforCorporateVLAN,SalesVLANandManagementVLAN,and
DLS2willberootforTelephonyVLANandServersVLAN.MultipleHSRPgroupswillbeimplemented
sothatDLS1isactiveforVLAN10,20&217,andDLS2isactiveforVLANs30&150.BackupRouter
willprovidestandbylinksforallVLANs.
GeneralTasks

Connectallthenetworkdevicesaccordingtothenetworkdiagram.(Note:NoIPTelephones
willbeconnectedatthisstage,althoughallconfigurationswillassumetheirpresence.)
OnDL&ALSwitchesuseports3&4fortheEtherChannels(DLS1toALS1&DLS2toALS2).
OnDL&ALSwitchesuseports5&6astrunkportsbetweenthem(DLS1toALS2&DLS2to
ALS1).
Useports7&8forthetrunkportsbetweenALS1&ALS2.
Useport7forthetrunklinkstoISP(DLS1toISP&DLS2toISP).
ALS1hastheonlylinktoBACKUPRouteronport24
Onalldevices,configurethefollowing:
o vtysupportwithusername(Firstnameofeachgroupmember)&passwordcisco,
usingssh.
o consolepasswordcisco
o privilegedEXECmodesecretcisco
o Allhostnames
o Preventbystandersfromreadingpasswordsbyconfiguringallnetworkdevicesto
encryptthecleartextpasswords.

VLANsandVTP
DigitalTechnologiesInc(DTI)requiresVLANsandVTPtobeconfiguredwithintheswitched
network
1. VTP
DomainDTCORP
Passwordcisco
DLS1Server
AllotherswitchesCLIENT
2. FastEtherChannelisbetweenALS1&DLS1,andALS2&DLS2
3. CreateallrequiredVLANsintheVTPDomain
4. ConfigureAccessPortsasfollows:
VLAN10VLAN20VLAN30VLAN150
DLS1nilnilniln/a
DLS2nilnilfa0/2224n/a
ALS1fa0/1013fa0/1420nilallaccessports
ALS2fa0/1013fa0/1422nilallaccessports
5. AllunusedportsaretobeshutdownandplacedintoVLAN539.Thisvlanistothenbe
deleted.

32011MSN

CaseStudy3Autumn2011

Page2

SpanningTree
Configureinstance1forVLANs10,20&217withDLS1asRootBridge,withallotherVLANs
beingininstance2withDLS2asRootBridge.
ConfigurePortFastonallnontrunkports.
InterVLANRouting
EnableInterVLANrouting.ConfigureBackupasarouteronastick.ConfigureHSRPonDLS
1,DLS2andBackupRouter.
ConfigureHSRPonDLS1,DLS2andBackupRoutersothatDLS1istheactiverouterfor
VLANs10,20&217andDLS2istheactiverouterforVLANs30&150,withstandbyforall
VLANsbeingtheotherDLSwitch,withsecondarystandbybeingBackupRouter.Includethe
preemptoptioninallconfiguration.
ConfigureHSRPinterfacetrackingsothatthenextstandbydevicebecomestheactive
deviceiftheFastEthernetlinkbetweenDLS1andISPorDLS2andISPfails.
UsethefollowingAddresses:

VLAN10 10.1.10.0/24
VLAN20 10.1.20.0/24
VLAN30 10.1.30.0/24
VLAN150 10.1.150.0/24
VLAN21710.1.217.0/24
RoutedlinkbetweenDLS1&DLS210.1.1.0/30
InterfaceS0/0/0(facingISP)onBackup 192.168.1.0/30
Interfacefa0/7onDLS1

192.168.1.4/30
Interfacefa0/7onDLS2

192.168.1.8/30
ConfigurevalidaddressesforthehostonALS1(port15)andthehostonALS2
(port20),andserverinVLAN30.
ConfiguretrackingonalllinkstoISP.

AdditionalRequirements

ConfigurearoutedportonbothDLS1andDLS2usinginterfacefa0/24.
Fortestingpurposes,configuretheloopbackaddress2.2.2.2/32onISPRouter.
ConfiguretheStaticroutesfromISPinsuchawaythattheprimaryreturnpathforVLAN10,
20&217isviaDLS1,withprimarybackuptoDLS2,andsecondarybackuptoBackup
Router;andtheprimarypathforVLANs30&150isviaDLS2,withprimarybackupDLS1
andsecondarybackupBackupRouter.
ConfigurePortstickyonallaccessports,allowingonlyasingleuser,andshutdownif
violated.
EnableBPDUguardonallappropriateinterfaces.
ConfigurePortfastanallappropriateports.

32011MSN

CaseStudy3Autumn2011

Page3

PlaceanyportsnotattachedtoaVLANintoVLAN539,placetheseinterfacesinshutdown
modeandthendeletethisvlan.
ConfigureIProutingonDLS1andDLS2,anduseEIGRP(AS10),withautomatic
summarizationdisabled.BackuproutershouldalsouseEIGRPRouting(AS10).
EnableQoSgloballyonallswitches.
OnALS1andALS2,configureaccessportstotrustCiscoIPphonesforQoS.UseVLAN150as
thevoiceVLAN.
EnableDHCPSnoopingtotrustallportsonDLS1andDLS2,buttoonlytrusttrunkportson
theALSwitches.LimittherateofDHCPrequeststo5persecond.
EnableAAA.AuthenticateyourgroupmembersONLYwithusername(eachmembersfirst
name)passwordcisco(hashed).ApplyAAAtotheactivehostports(ALS1port15andALS

2port20)ONLY.

ConfigureanACLtorestrictVTYtraffictothesinglehostonVLAN20attachedtoALS2.
ConfigureasecureHTTPserveronDLS2switch.PermitONLYthehostonVLAN20attached
toALS2Switchtoaccessthisserver.
Disablehttponallotherswitches.
Shutdown/disableallunusedservicesonallswitches.Makealistoftheonesyoudisable.

32011MSN

CaseStudy3Autumn2011

Page4

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy