STP Switch Sim | Spanning Tree priority Configuration

Question:
A company has an existing network comprised of 5 switches; 
·         CoreSwitch
·         DSW1
·         DSW2
·         AcessSwitch1
·         AcessSwitch2
This switch network has pre-VLAN spanning tree mapping. You has the following tasks to complete this Lab:

CoreSwitch should be the root bridge for VLAN 20, but currently DSW1 is the root bridge for VLAN 20.
Traffic for VLAN 30 should be forwarding over the gig 1/0/6 trunk port between DSW1 and DSW2. However VLAN 30 is currently using gig 1/0/5.
Traffic for VLAN 40 should be forwarding over the gig 1/0/5 trunk port between DSW1 and DSW2. However VLAN 40 is currently using gig 1/0/6.

You task is complicated by the fact that you only have full access to DSW1, with the enable password cisco. You are allowed and provided only limited show commands access is provided on CoreSwitch, and DSW2 using the enable 2 level with a password of Cisco. You are not allowed to made configuration changes on these Switches.  Also you don’t have access to ASW1 or ASW2. So you are only limited to make configuration on DSW1.

Required Configurations and Explanation:  

1.  “CoreSwitch should be the root bridge for VLAN 20.
DSW1 is currently the root bridge for VLAN 20″ our task to make CoreSwitch the root bridge for VLAN 20. For making the CoreSwitch as a root bridge we need to assign the lowest priority value for VLAN 20 on CoreSwitch, but we are not allowed to make changes on this Switch we have only access to DSW1 therefore we can increase the priority of DSW1 so that it become higher than CoreSwitch. For this use the “show spanning-tree” on CoreSwitch and on DSW1 for checking the priority of both switches for VLAN 20. Currently DSW1 is the root bridge for VLAN 20 (notice the line “This bridge is the root” on below figure).

DSW1>enable
DSW1#show spanning-tree
To make the CoreSwitch the root bridge we need to increase the DSW1′s priority value, the best value should be you can use another value but make sure it is higher than the CoreSwitch priority value by checking if the CoreSwitch becomes the root bridge or not; and that value must be in increments of 4096.

DSW1#configure terminal
DSW1(config)#spanning-tree vlan 20 priority 61440 
2.“Traffic for VLAN 30 should be forwarding over the gig 1/0/6 trunk port between DSW1 and DSW2.
VLAN 30 is currently using gig 1/0/5″ and gig 1/0/6 is in blocking state, you can find these information by using command “show spanning-tree”. We know that spaning tree protocol make the forwarding port base on
  •   Bridge-ID
  •  Port-Cost
  • Interface-ID

Since both ports have same bridge-ID and both interfaces are fastethernet therefore they will have the same port-cost. When the both ports have same port-cost and bridge-ID then the port with the lower interface will be in forwarding state while other will be in blocking state. Same happen in this case that both switches DSW1 and DSW2 have same bridge-ID and Cost therefore gig 1/0/5 is forwarding port for VLAN 30. Now you can make the gig 1/0/6 as forwarding port by lowering the Priority Number of the port gig 1/0/6 you can see the currently priority numbers of ports by show “show spanning-tree


Notice that we only need to change this value for VLAN 30, not for all VLANs.
DSW1(config)#interface g1/0/6
DSW1(config-if)#spanning-tree vlan 30 port-priority 64
DSW1(config-if)#exit




“3. Traffic for VLAN 40 should be forwarding over the gig 1/0/5 trunk port between DSW1 and DSW2.
However VLAN 40 is currently using gig 1/0/6″ and our task is to make the forwarding of VLAN 40 through gig 1/0/5. It is a similar job, but we are not allowed to make any configurations on DSW2, and in this case we can’t change the port-priority for VLAN 40. There is another solution for this you can change the cost (set the lower value) on an interface of DSW1 then only DSW1 will learn the change.
By default, the cost of a 100Mbps link is 19 but we can change this value to make sure that VLAN 40 will use interface Gig1/0/5.
DSW1(config)#interface g1/0/5
DSW1(config-if)#spanning-tree vlan 40 cost 1
DSW1(config-if)#exit

You should re-check to see if everything was configured correctly:
DSW1#show spanning-tree

DSW1#copy running-config startup-config

LACP with STP Sim | Switch practice Lab

Link Aggregation Control Protocol Configuration:

Suppose you have just added a new switch (SwitchB) to the existing network as shown in the topology.


RouterA is currently configured correctly for providing the routing function for devices on SwitchA and SwitchB. You need to be modified SwitchA to support the addition of SwitchB. You have been tasked with competing the needed configuring of SwitchA and SwitchB. SwitchA and SwitchB use Cisco as the enable password.
Configuration Requirements for SwitchA
  • The VTP and STP configuration modes on SwitchA is correct and should not be modified. 
  • You need to configure SwitchA as root switch for vlans 11, 12, 13, 21, 22 and 23. All other vlans should be left are their default values.

Configuration Requirements for SwitchB
You need to configure the VLANs according to following information:
VLAN#
VLAN NAME
VLAN Ports
21
HR
Fa1/9 and fa1/10
22
Finance
Fa1/5 and fa1/6
23
Marketing
Fa1/15 and fa1/14

– Access ports that assigned to VLANs should transition immediately to forwarding state upon detecting the connection of a device.
– SwitchB VTP mode needs to be the same as SwitchA.
– SwitchB must operate in the same spanning tree mode as SwitchA. And no routing is required on this Switch
–SVI vlan 1 is to be configured with IP address 192.168.1.11/24.
Inter-switch Connectivity Configuration Requirements:
- For operational and security reasons trunking should be unconditional and Vlans 1, 21, 22 and 23 should tagged when traversing the trunk link.
– The two trunks between SwitchA and SwitchB need to be configured in a mode that allows for the maximum use of their bandwidth for all vlans. This mode should be done with a non-proprietary protocol, with SwitchA controlling activation.
– Propagation of unnecessary broadcasts should be limited using manual pruning on this trunk link.

Answer and Explanation:
Some useful commands that may help you to find out the necessary information on SwitchA are as following: (Cisco basic router Commands)
show vtp status (you can get the information about VTP status on SwitchA i.e. SwitchA is in transparent mode)
show spanning-tree (rapid-pvst mode on SwitchA)
show vlan (check the native vlan and the existence of vlan100)
show etherchannel 1 port-channel and show ip int brief (check if Port-channel 1 has been created and make sure it is up)
show run (for complete configuration of Switch)


Configure the SwitchA as root switch for vlans 11, 12, 13, 21, 22 and 23 and need to have the same configuration as the SwitchB for successful configuration.
SwitchA>enable
SwitchA #configure terminal
SwitchA (config)#spanning-tree vlan 11,12,13,21,22,23 root primary
SwitchA (config)#vlan 21
SwitchA (config-vlan)#name HR
SwitchA (config-vlan)#exit
SwitchA (config)#vlan 22
SwitchA (config-vlan)#name Finance
SwitchA (config-vlan)#exit
SwitchA (config)#vlan 23
SwitchA (config-vlan)#name Marketing
SwitchA (config-vlan)#exit
SwitchA (config)#interface range Fa1/3 – 4
SwitchA (config-if-range)#switchport mode trunk
SwitchA (config-if-range)#switchport trunk native vlan 100
SwitchA (config-if-range)#switchport trunk allowed vlan 1,21,23
SwitchA (config-if-range)#channel-group 1 mode active
SwitchA (config-if-range)#channel-protocol lacp
SwitchA (config-if-range)#no shutdown
SwitchA (config-if-range)#end
——————————————————————————————–
Configuration VLANs according to given table:
SWITCHB#configure terminal
SWITCHB(config)#vlan 21
SWITCHB(config-vlan)#name HR
SWITCHB(config-vlan)#exit
SWITCHB(config)#vlan 22
SWITCHB(config-vlan)#name Finance
SWITCHB(config-vlan)#exit
SWITCHB(config)#vlan 23
SWITCHB(config-vlan)#name Marketing
SWITCHB(config-vlan)#exit
SWITCHB(config)#vlan 100
SWITCHB(config-vlan)#name TrunkNativeVlan
SWITCHB(config-vlan)#exit
SWITCHB(config)#interface range Fa1/9 – 10
SWITCHB(config-if-range)#switchport mode access
SWITCHB(config-if-range)#switchport access vlan 21
SWITCHB(config-if-range)#spanning-tree portfast (
Access ports that assigned to VLANs should transition immediately to forwarding state upon detecting the connection of a device.)
SWITCHB(config-if-range)#no shutdown
SWITCHB(config-if-range)#exit
SWITCHB(config)#interface range Fa1/5 – 6
SWITCHB(config-if-range)#switchport mode access
SWITCHB(config-if-range)#switchport access vlan 22
SWITCHB(config-if-range)#spanning-tree portfast
SWITCHB(config-if-range)#no shutdown
SWITCHB(config-if-range)#exit
SWITCHB(config)#interface range Fa1/14 – 15
SWITCHB(config-if-range)#switchport mode access
SWITCHB(config-if-range)#switchport access vlan 23
SWITCHB(config-if-range)#spanning-tree portfast
SWITCHB(config-if-range)#no shutdown
SWITCHB(config-if-range)#exit





SwitchB VTP mode needs to be the same as SwitchA:
SWITCHB(config)#vtp mode transparent
SWITCHB(config)#spanning-tree mode rapid-pvst
Configure VLAN-1 with IP address 192.168.1.1:
SWITCHB(config)#interface vlan 1
SWITCHB(config-if)#ip address 192.168.1.11 255.255.255.0
SWITCHB(config-if)#no shutdown
SWITCHB(config-if)#exit

Vlans 1, 21, 22 and 23 should tagged when traversing the trunk link:

SWITCHB(config)#interface range Fa1/3 – 4
SWITCHB(config-if-range)#switchport trunk encapsulation dot1q
SWITCHB(config-if-range)#switchport mode trunk
SWITCHB(config-if-range)#switchport trunk native vlan 100
SWITCHB(config-if-range)#switchport trunk allowed vlan 1,21-23

Maximum use of bandwidth for all vlans with SwitchA controlling activation:
SWITCHB(config-if-range)#channel-group 1 mode passive //mode passive because “SwitchA controlling activation”
SWITCHB(config-if-range)#channel-protocol lacp
SWITCHB(config-if-range)#no shutdown
SWITCHB(config-if-range)#end

STP Practice lab Sim for Switch Exam

PortFast spanning tree configuration:

Lab Tasks:

Suppose your company has installed a new Switch in your existing network to connect 24 additional users. You need to configure the switch correctly so that it will not disturb your existing configuration of your network. You also have to ensure that the switch does not participate in VTP (VLAN trunking protocols) but forwards VTP updates and advertisements that are received on trunk ports.
Because of errors that have been experienced on office computers, all nontrunking interfaces (all Fast Ethernet ports) should transition immediately to the forwarding state of Spanning tree. 


Ensure the following configurations on Switch:
·         Configure all port of Switch as access-ports and assign the VLAN 20 to Fast Ethernet ports 1/12 to 1/24 in global configuration mode.
·         Switch does not participate in VTP but forwards VTP advertisements received on trunk ports.
·         Ensure all access interfaces (1-24) of switch transition immediately to the forwarding state of Spanning-Tree.
·         Ensure all FastEthernet interfaces are in a permanent non-trunking mode.

Solution for STP Switch Lab:

Configure all port of Switch as access-ports or non-trunking ports
Switch>enable
Switch#configure terminal
Switch(config)#interface range fa1/1 – 24
Switch(config-if-range)#switchport mode access


Assign the VLAN 20 to Fast Ethernet ports 1/12 to 1/24 in global configuration mode.
By default, all ports on the switch are in VLAN 1. To change the VLAN associated with a port, you need to go to each interface (or a range of interfaces) and tell it which VLAN to be a part of.
Switch(config-if-range)#interface range fa1/12 – 24
Switch(config-if-range)#switchport access vlan 20
Switch(config-if-range)#exit

Ensure all access interfaces (1-24) of switch transition immediately to the forwarding state of Spanning-Tree.
Switch(config)#interface range fa1/1 – 24 
Switch(config-if-range)#spanning-tree portfast 

Switch does not participate in VTP but forwards VTP advertisements received on trunk ports.
Switch(config)#vtp mode transparent
Switch(config)#exit


And finally you can save the configuration with one of following command.
Switch#copy running-config startup-config
OR

Switch#Write

AAA dot1x Lab Switch Sim

Pre-Radius Server configuration 

Buraqtech is a small cargo company that has an existing network consist of 2 switches, DSW1 and ASW1. The network diagram shows their layer 2 mapping. VLAN 10 is a new VLAN that will be used to provide the cargo personnel access to the server. For security reasons, it is necessary to restrict access to VLAN 20 in the following manner:
– Users connecting to ASW1’s port must be authenticate via a Radius server before they are given access to the network. The radius server address is 172.189.29.100 and Radius key is ciscoradius.
– Authentication should be implemented as close to the host device possible.
– Devices on VLAN 20 are restricted to in the address range of 172.120.10.0/24 and packets from devices in the address range of 172.120.10.0/24 should be passed on VLAN 20.
– Packets from devices in any other address range should be dropped on VLAN 20. And this filtering should be configured as close to the server farm as possible.
The Radius server and application servers will be installed at a future date. You have been tasked with implementing the above access control as a pre-condition to installing the servers. You must use the available IOS switch features.
Answer and Explanation:

1) Configure authenticate via a Radius server on ASW1
ASW1(config)#aaa new-model
Set the server address and password for radius server:
ASW1(config)#radius-server host 172.189.29.100 key ciscoradius
ASW1(config)#aaa authentication dot1x default group radius
Enable 802.1x on the switch:
ASW1(config)#dot1x system-auth-control
ConīŦgure Fa0/1 to use 802.1x:
ASW1(config)#interface fastEthernet 0/1
ASW1(config-if)#switchport mode access
ASW1(config-if)#dot1x port-control auto
Notice that the word “auto” will force connected PC to authenticate through the 802.1x exchange.
ASW1(config-if)#end
ASW1#write
Packets from devices in the address range of 172.120.10.0/24 should be passed on VLAN 20.
Define an access-list:
DSW1(config)#ip access-list standard 10 
DSW1(config-std-nacl)#permit 172.120.10.0 0.0.0.255
DSW1(config-std-nacl)#exit

Define an access-map which uses the access-list above:
DSW1(config)#vlan access-map MYMAPIP 10 
DSW1(config-access-map)#match ip address 10 
DSW1(config-access-map)#action forward
DSW1(config-access-map)#exit
Packets from devices in any other address range should be dropped on VLAN 20.
DSW1(config)#vlan access-map MYMAPIP 20
DSW1(config-access-map)#action drop 
DSW1(config-access-map)#exit
Apply a vlan-map into a vlan close to the server farm as possible:
DSW1(config)#vlan filter MYMAPIP vlan-list 20 

MLS and EIGRP Sim | CCNP Switch Practice lab

Interface VLAN Configuration on multilayer Switch (SIM)

Lab Tasks:
You need to configure multilayer Switch according to topology diagram and such that both hosts i.e. Host-A and Host-B are able to successfully ping the Internet server “Server_S1”.

You are not allowed to add/delete VLANs, changes VLAN port assignments or create trunk links. Also you can’t use a static or default routing. All routes must be learned via EIGRP 300 routing protocol. RouterC is correctly configured and no trunking has been configured on RouterC.
Routed interfaces should use the lowest host on a subnet when possible. The following subnets are available to implement this solution:
– 10.10.10.0/24 
– 192.168.100.32/27 
– 192.168.100.64/27
Hosts H1 and H2 are configured with the correct IP address and default gateway. The enable password for Multi-Switch is Cisco. Routing must only be enabled for the specific subnets shown in the diagram.
Solution:
Step to perform:
-Find gateways of PCs with “ipconfig” command in Exam simulator, these gateways are use to configured as the virtual interface on multilayer switch for given VLANs and in our case we have the following:
Host1:
IP Address: 192.168.100.36
Default gateway: 192.168.100.35
Host2:
IP Address: 192.168.100.66
Default gateway: 192.168.100.65




-Note down the EIGRP AS number and VLANs information
You can find it from topology diagram and it is EIGRP 300.
VLAN 22 and 33 are created on multilayer switch and interfaces (connected to hosts) were configured as access ports so we don’t need to configure them in this sim, you also use the “show vlan” command for checking VLANs .
-Configure the Virtual interfaces on switch
According to SIM requirement we are not allow to use trunking therefore we will configure the Multi-Switch as a Layer 3 switch with SVIs for interVLAN routing and will configure these VLAN interfaces with gateways of PCs for respective VLANs.
Multi-Switch# configure terminal
Multi-Switch(config)# int f0/0
Multi-Switch(config-if)#no switchport (without using this command, the simulator does not let you assign IP address on f0/0 interface.)
Multi-Switch(config-if)# ip address 10.10.10.2 255.255.255.0 (Router has IP address of 10.10.10.1 therefore we have to assign this interface with same IP-Range) 
Multi-Switch(config-if)# no shutdown
Multi-Switch(config-if)# exit
Multi-Switch(config)# int vlan 22
Multi-Switch(config-if)# ip address 192.168.100.35 255.255.255.224
Multi-Switch(config-if)# no shutdown
Multi-Switch(config-if)# int vlan 33
Multi-Switch(config-if)# ip address 192.168.100.65 255.255.255.224
Multi-Switch(config-if)# no shutdown
Multi-Switch(config-if)#exit

  
-Run the routing protocol on Multi layered switch

Multi-Switch(config)# ip routing (Notice: MLS will not work without this command)
Multi-Switch(config)# router eigrp 300
Multi-Switch(config-router)# network 10.10.10.0 0.0.0.255
Multi-Switch(config-router)# network 192.168.100.32 0.0.0.31
Multi-Switch(config-router)# network 192.168.100.64 0.0.0.31


VTP (Sim) Practice lab for Switch Exam

VLAN Trunking Protocol (VTP) Switch Lab

A company has added two new layer3 switches, one will act as distribution-layer switch while other will play the role of access-layer switch as shown in figure. You task is configure VTP (vlan trunking protocol) to distributing the VLAN information distribution-layer switch to the access-layer switch. Also configure interVLAN routing on the distribution layer switch to route traffic between the different VLANs that are configured on the access-layer switches; however, it is not compulsory for you to make the specific VLAN port assignments on the access-layer switches.


Please reference the following table for the VTP and VLAN information to be configured:
Tasks and requirements:
VTP Domain name
Cisco

VLAN Ids
40
41
IP Addresses
172.16.71.40/24
172.16.132.41/24
These are your specific tasks:
1. Configure the above VTP information with the distribution layer switch (Dswitch) as the VTP server
2. Configure the VTP information with the access layer switch (Aswitch) as a VTP client
3. Configure VLANs on the Dswitch
4. Configure inter-VLAN routing on the Dswitch
5. Specific VLAN port assignments will be made as users are added to the access layer switches in the future.
Note:  All VLANs and VTP configurations are to completed in the global configuration of Switch. 
---------------------------------------------------------------------------------------


Solution and Explanation: 
1) Configure the VTP information Dswitch:
 Open the console of distribution layer switch (Dswitch) and configure it with following configuration for above task:
DSwitch>enable
DSwitch#configure terminal
Dswitch(config)#vtp mode server
Dswitch(config)#vtp domain Cisco 
2) Configure the VTP information with the access layer switch as a VTP client
 Access the console of Access layer switch Aswitch for performing the following configurations:

ASwitch>enable
Aswitch#configure terminal
Aswitch(config)#vtp mode client
Aswitch(config)#vtp domain Cisco

3) Configure VLANs on the distribution layer switch
According to lab requirement create VLANs on a Dswitch by using the “vlan vlanID#” command in global configuration mode instead of “database vlan” command:
Dswitch(config)#vlan 40
Dswitch(config)#vlan 41
Assign the IP addresses for Vlans:
Dswitch(config)#interface vlan 40
Dswitch(if-config)#ip address 172.16.71.40 255.255.255.0
Dswitch(if-config)#no shutdown
Dswitch(if-config)#interface vlan 41
Dswitch(if-config)#ip address 172.16.132.41 255.255.255.0
Dswitch(if-config)#no shutdown
Dswitch(if-config)#exit
4) Configure inter-VLAN routing on the Dswitch

Dswitch(config)#ip routing
Dswitch(config)#exit
Dswitch#Write (save configurations)
5) Configure the VTP information with the access layer switch as a VTP client
Aswitch#configure terminal
Aswitch(config)#vtp mode client
Aswitch(config)#vtp domain cisco
Aswitch(config)#exit
Aswitch#copy run start
UA-23728446-1