Scribd
Upload
193 views4 pages

CCNP Switching Case Study Overview

Digital Technologies Inc is setting up a new city office network with VLANs, trunking, routing, and redundancy features. The network uses Cisco switches and routers to connect user subnets, servers, phones, and management devices. Multiple Spanning Tree Protocol (MSTP) will be used along with other protocols like HSRP, EIGRP, DHCP snooping, and AAA authentication to provide fault tolerance and security across the network.

Uploaded by

http://utsit.blogspot.com.au/
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
193 views4 pages

CCNP Switching Case Study Overview

Digital Technologies Inc is setting up a new city office network with VLANs, trunking, routing, and redundancy features. The network uses Cisco switches and routers to connect user subnets, servers, phones, and management devices. Multiple Spanning Tree Protocol (MSTP) will be used along with other protocols like HSRP, EIGRP, DHCP snooping, and AAA authentication to provide fault tolerance and security across the network.

Uploaded by

http://utsit.blogspot.com.au/
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

CCNP3CaseStudy

Topology

Scenario
DigitalTechnologiesInc(DTI)[Link]
EtherChannels,withbackuplinks,trunkportsandaccessportsusingCatalyst2960(or2950)and
3560(or3550)switches,[Link],even
thosetoISP,requirebackup.
Staff,atthecityoffice,areinthefollowingsubnets:
1.
2.
3.
4.
5.

Corporate(Manager,Accounts,Secretaries)VLAN10
Sales(Marketing,Sales,Delivery)VLAN20
Servers(attachedtoDLS2)VLAN30
TelephonyVLAN150
Management(Forallswitches)VLAN217

32011MSN

CaseStudy3Autumn2011

Page1

MultipleInstanceSpanningTree(MST)willbeused,incombinationwithPortFastandBPDUguard.
Forloadbalancing,DLS1willberootforCorporateVLAN,SalesVLANandManagementVLAN,and
[Link]
sothatDLS1isactiveforVLAN10,20&217,andDLS2isactiveforVLANs30&[Link]
willprovidestandbylinksforallVLANs.
GeneralTasks

Connectallthenetworkdevicesaccordingtothenetworkdiagram.(Note:NoIPTelephones
willbeconnectedatthisstage,althoughallconfigurationswillassumetheirpresence.)
OnDL&ALSwitchesuseports3&4fortheEtherChannels(DLS1toALS1&DLS2toALS2).
OnDL&ALSwitchesuseports5&6astrunkportsbetweenthem(DLS1toALS2&DLS2to
ALS1).
Useports7&8forthetrunkportsbetweenALS1&ALS2.
Useport7forthetrunklinkstoISP(DLS1toISP&DLS2toISP).
ALS1hastheonlylinktoBACKUPRouteronport24
Onalldevices,configurethefollowing:
o vtysupportwithusername(Firstnameofeachgroupmember)&passwordcisco,
usingssh.
o consolepasswordcisco
o privilegedEXECmodesecretcisco
o Allhostnames
o Preventbystandersfromreadingpasswordsbyconfiguringallnetworkdevicesto
encryptthecleartextpasswords.

VLANsandVTP
DigitalTechnologiesInc(DTI)requiresVLANsandVTPtobeconfiguredwithintheswitched
network
1. VTP
DomainDTCORP
Passwordcisco
DLS1Server
AllotherswitchesCLIENT
2. FastEtherChannelisbetweenALS1&DLS1,andALS2&DLS2
3. CreateallrequiredVLANsintheVTPDomain
4. ConfigureAccessPortsasfollows:
VLAN10VLAN20VLAN30VLAN150
DLS1nilnilniln/a
DLS2nilnilfa0/2224n/a
ALS1fa0/1013fa0/1420nilallaccessports
ALS2fa0/1013fa0/1422nilallaccessports
5. [Link]
deleted.

32011MSN

CaseStudy3Autumn2011

Page2

SpanningTree
Configureinstance1forVLANs10,20&217withDLS1asRootBridge,withallotherVLANs
beingininstance2withDLS2asRootBridge.
ConfigurePortFastonallnontrunkports.
InterVLANRouting
[Link]
1,DLS2andBackupRouter.
ConfigureHSRPonDLS1,DLS2andBackupRoutersothatDLS1istheactiverouterfor
VLANs10,20&217andDLS2istheactiverouterforVLANs30&150,withstandbyforall
VLANsbeingtheotherDLSwitch,[Link]
preemptoptioninallconfiguration.
ConfigureHSRPinterfacetrackingsothatthenextstandbydevicebecomestheactive
deviceiftheFastEthernetlinkbetweenDLS1andISPorDLS2andISPfails.
UsethefollowingAddresses:

VLAN10 [Link]/24
VLAN20 [Link]/24
VLAN30 [Link]/24
VLAN150 [Link]/24
VLAN21710.1.217.0/24
RoutedlinkbetweenDLS1&DLS210.1.1.0/30
InterfaceS0/0/0(facingISP)onBackup [Link]/30
Interfacefa0/7onDLS1

[Link]/30
Interfacefa0/7onDLS2

[Link]/30
ConfigurevalidaddressesforthehostonALS1(port15)andthehostonALS2
(port20),andserverinVLAN30.
ConfiguretrackingonalllinkstoISP.

AdditionalRequirements

ConfigurearoutedportonbothDLS1andDLS2usinginterfacefa0/24.
Fortestingpurposes,configuretheloopbackaddress2.2.2.2/32onISPRouter.
ConfiguretheStaticroutesfromISPinsuchawaythattheprimaryreturnpathforVLAN10,
20&217isviaDLS1,withprimarybackuptoDLS2,andsecondarybackuptoBackup
Router;andtheprimarypathforVLANs30&150isviaDLS2,withprimarybackupDLS1
andsecondarybackupBackupRouter.
ConfigurePortstickyonallaccessports,allowingonlyasingleuser,andshutdownif
violated.
EnableBPDUguardonallappropriateinterfaces.
ConfigurePortfastanallappropriateports.

32011MSN

CaseStudy3Autumn2011

Page3

PlaceanyportsnotattachedtoaVLANintoVLAN539,placetheseinterfacesinshutdown
modeandthendeletethisvlan.
ConfigureIProutingonDLS1andDLS2,anduseEIGRP(AS10),withautomatic
[Link](AS10).
EnableQoSgloballyonallswitches.
OnALS1andALS2,configureaccessportstotrustCiscoIPphonesforQoS.UseVLAN150as
thevoiceVLAN.
EnableDHCPSnoopingtotrustallportsonDLS1andDLS2,buttoonlytrusttrunkportson
theALSwitches.LimittherateofDHCPrequeststo5persecond.
[Link](eachmembersfirst
name)passwordcisco(hashed).ApplyAAAtotheactivehostports(ALS1port15andALS

2port20)ONLY.

ConfigureanACLtorestrictVTYtraffictothesinglehostonVLAN20attachedtoALS2.
ConfigureasecureHTTPserveronDLS2switch.PermitONLYthehostonVLAN20attached
toALS2Switchtoaccessthisserver.
Disablehttponallotherswitches.
Shutdown/[Link].

32011MSN

CaseStudy3Autumn2011

Page4

You might also like