alias exec sir sh ip route alias exec spc sh etherchannel summary alias exec siib sh ip int brief alias exec sirc sh ip route | inc C alias exec src sh run | s alias exec sv sh vlan *********************************************** Lab 1 - Configuring Port Channels - SW1 & SW3 *********************************************** Requirements: Configure Port-Channels between SW1 & SW3 - Configure a Port-Channels between SW1 & SW3 using the appropriate ports - The port-channel should not use a negotiation protocol - Configure it as a trunk using an industry standard protocol ----- SW1 ----- Interface range E0/2-3 channel-group 13 mode on no shut ! Interface port-channel 13 switchport trunk encapsulation dot1q switchport mode trunk ----- SW3 ----- Interface range E0/0-1 channel-group 13 mode on no shut ! Interface port-channel 13 switchport trunk encapsulation dot1q switchport mode trunk *********************************************** Lab 2 - Configuring Port Channels - SW1 & SW2 *********************************************** Requirements: Configure Port-Channels between SW1 & SW2 - Configure a Port-Channels between SW1 & SW2 using the appropriate ports - The port-channel should use an industry standard negoitation protocol - SW1 should be the only one to initiate the negotiation process - Configure it as a trunk using an industry standard protocol ----- SW1 ----- Interface range E0/0-1 channel-group 12 mode active no shut ! Interface port-channel 12 switchport trunk encapsulation dot1q switchport mode trunk ----- SW2 ----- Interface range E0/0-1 channel-group 12 mode passive no shut ! Interface port-channel 12 switchport trunk encapsulation dot1q switchport mode trunk *********************************************** Lab 3 - Configuring Port Channels - SW2 & SW4 *********************************************** Requirements: Configure Port-Channels between SW2 & SW4 - Configure a Port-Channels between SW2 & SW4 using the appropriate ports - The port-channel should use an industry standard negoitation protocol - Either switch should be able to initiate the negotiation process - Configure it as a trunk using an industry standard protocol ----- SW2 ----- Interface range E0/2-3 channel-group 24 mode active no shut ! Interface port-channel 24 switchport trunk encapsulation dot1q switchport mode trunk ----- SW2 ----- Interface range E0/0-1 channel-group 24 mode active no shut ! Interface port-channel 24 switchport trunk encapsulation dot1q switchport mode trunk *********************************************** Lab 4 - Configuring VTP version 2 *********************************************** Requirements: 1. Configure SW1 as VTP Server - Domain: KBITS - Configure VTP to use version 2 - Configure a password of kbits@123 2. Configure SW2, SW3 and SW4 as VTP clients in the same Domain 3. Create the following VLANs: 10,20,30,40,50,60,70,80 ----- SW1 ----- vtp mode server vtp domain KBITS vtp version 2 vtp password kbits@123 ! vlan 10,20,30,40,50,60,70,80 exit ----- SW2 ----- vtp mode client vtp domain KBITS vtp version 2 vtp password kbits@123 ----- SW3 ----- vtp mode client vtp domain KBITS vtp version 2 vtp password kbits@123 ----- SW4 ----- vtp mode client vtp domain KBITS vtp version 2 vtp password kbits@123 *********************************************** Lab 5 - Configuring the Root Switches - PVST *********************************************** Requirements: 1. Configure Root Bridge selection for VLANs 1, 10, 20, 30 & 40 - Configure SW1 as the preferred Root Switch for VLANs 1,10,20,30,40 - Configure SW2 as the backup Root Switch for these VLANS - Do not use the "Root Primary" or "Root Secondary" option to accomplish this step 2. Configure Root Bridge selection for VLANs 50, 60, 70 & 80 - Configure SW2 as the preferred Root Switch for VLANs 50,60,70,80 - Configure SW1 as the backup Root Switch - Do not use the Priority command to accomplish this task ------ SW1 ------ spanning-tree vlan 1,10,20,30,40 priority 0 ! spanning-tree vlan 50,60,70,80 root secondary ------ SW2 ------ spanning-tree vlan 1,10,20,30,40 priority 4096 ! spanning-tree vlan 50,60,70,80 root primary ***************************************************** Lab 6 - Configuring MST with Root Switch Selection ****************************************************** Requirements: 1. Configure the switches to run MSTP with the following configuration. - MSTP name should be configured as "CCIE-EI" - VLANS 10,20,30,40 should be in instance 1 - VLANs 50,60,70,80 should be in instance 2 - MST Instance Configuration can only be done on SW1 - You should be able to create VLANs only on SW1. 2. Configure Root Bridge selection for Instance 1 - Configure SW1 as the preferred Root Switch Instance 1 - Configure SW2 as the backup Root Switch 3. Configure Root Bridge selection for Instance 2 - Configure SW2 as the preferred Root Switch Instance 2 - Configure SW1 as the backup Root Switch ------ SW1 ------ spanning-tree mode mst ! vtp version 3 vtp domain KBITS vtp password kbits@123 vtp mode server mst ! ! Done in # ! vtp primary mst [confirm] ! vtp primary vlan [confirm] ! spanning-tree mst configuration name CCIE-EI instance 1 vlan 10,20,30,40 instance 2 vlan 50,60,70,80 ! spanning-tree mst 1 priority 0 ! spanning-tree mst 2 root secondary ------ SW2 ------ spanning-tree mode mst ! vtp version 3 vtp domain KBITS vtp password kbits@123 vtp mode client mst ! spanning-tree mst 2 priority 0 ! spanning-tree mst 1 root secondary ------ SW3 ------ spanning-tree mode mst ! vtp version 3 vtp domain KBITS vtp password kbits@123 vtp mode client mst ------ SW4 ------ spanning-tree mode mst ! vtp version 3 vtp domain KBITS vtp password kbits@123 vtp mode client mst ************************************************************************************** Lab 7 - Configuring the Switches to Map the Physical Topology to the Logical Topology ************************************************************************************** Notes: 1. Configure Trunking between all the Switches. 2. Create the VLANs on all the switches based on the Logial Topology diagram 3. Configure the Switchports connecting on the Logical diagrams as either Access Ports or Trunk Ports based on following: - If the Logical Topology shows a normal port, the corresponding switchport will be an Access port - If the Logical Topology shows a sub-interface, the correspoing switchport will be a Trunk port - If a Switch shows up on the Logical topology, it is a Layer 3 Switch. - Layer 2 switches do not show up on a Logical topology. *** Key to Success: Focus on ONE VLAN AT A TIME. Requirement: Create the Logical Topology based on the Physical Topology ========================================= 1. Connfigure Switchports in VLAN 10 ========================================= ------ SW1 ------ interface range E1/0-1 switchport mode access switchport access vlan 10 ========================================= 2. Connfigure Switchports in VLAN 20 ========================================= ------ SW2 ------ interface E1/0 switchport mode access switchport access vlan 20 ------ SW3 ------ interface E0/2 switchport trunk encapsulation dot1q switchport mode trunk ========================================= 3. Connfigure Switchports in VLAN 30 ========================================= ------ SW2 ------ interface E1/1 switchport mode access switchport access vlan 30 ========================================= 4. Connfigure Switchports in VLAN 40 ========================================= ------ SW3 ------ interface E0/3 switchport mode access switchport access vlan 40 ========================================= 5. Connfigure Switchports in VLAN 50 ========================================= ------ SW4 ------ interface E0/3 switchport mode access switchport access vlan 50 ========================================= 6. Connfigure Switchports in VLAN 70 ========================================= ------ SW2 ------ interface E1/2 switchport mode access switchport access vlan 70 ------ SW3 ------ interface E1/0 switchport mode access switchport access vlan 70 ========================================= 7. Connfigure Switchports in VLAN 80 ========================================= ------ SW1 ------ interface E1/2 switchport mode access switchport access vlan 80 ------ SW4 ------ interface E0/2 switchport mode access switchport access vlan 80 ******************************************************** Lab 8 - Configuring the Logical Topology (L3 Topology) ******************************************************** Requirement: - Create the Logical Topology based on the Diagram ( L3 Diagram ) - Configure the IP Addresses based on the Diagram. Use X for the last octet, where is the Router #. - Use 21 for SW1, 22 for SW2 & 23 for SW3 - Create a Loopback 0 based on X.X.X.X/8 where X is the Router/Switch # - Use EIGRP 123 to route the loopbacks. ------ R1 ------ alias exec sir sh ip route alias exec siib sh ip int brief alias exec sirc sh ip route | inc C alias exec src sh run | s ! Interface E0/0 ip address 192.168.10.1 255.255.255.0 duplex full no shut ! Interface E0/1 ip address 192.168.20.1 255.255.255.0 duplex full no shut ! Interface Loopback 0 ip address 1.1.1.1 255.0.0.0 ! router eigrp 123 network 192.168.10.0 network 192.168.20.0 network 1.0.0.0 ------ R2 ------ alias exec sir sh ip route alias exec siib sh ip int brief alias exec sirc sh ip route | inc C alias exec src sh run | s ! Interface E0/0 ip address 192.168.10.2 255.255.255.0 duplex full no shut ! Interface E0/1 ip address 192.168.30.2 255.255.255.0 duplex full no shut ! Interface Loopback 0 ip address 2.2.2.2 255.0.0.0 ! router eigrp 123 network 192.168.10.0 network 192.168.30.0 network 2.0.0.0 ------ R3 ------ alias exec sir sh ip route alias exec siib sh ip int brief alias exec sirc sh ip route | inc C alias exec src sh run | s ! Interface E0/0 duplex full no shut ! Interface E0/0.1 encapsulation dot1q 20 ip address 192.168.20.3 255.255.255.0 no shut ! Interface E0/0.2 encapsulation dot1q 50 ip address 192.168.50.3 255.255.255.0 no shut ! Interface E0/1 ip address 192.168.80.3 255.255.255.0 duplex full no shut ! Interface Loopback 0 ip address 3.3.3.3 255.0.0.0 ! router eigrp 123 network 192.168.20.0 network 192.168.50.0 network 192.168.80.0 network 3.0.0.0 ------ R4 ------ alias exec sir sh ip route alias exec siib sh ip int brief alias exec sirc sh ip route | inc C alias exec src sh run | s ! Interface E0/0 duplex full ip address 192.168.40.4 255.255.255.0 no shut ! Interface E0/1 ip address 192.168.50.4 255.255.255.0 duplex full no shut ! Interface Loopback 0 ip address 4.4.4.4 255.0.0.0 ! router eigrp 123 network 192.168.40.0 network 192.168.50.0 network 4.0.0.0 ------ R5 ------ alias exec sir sh ip route alias exec siib sh ip int brief alias exec sirc sh ip route | inc C alias exec src sh run | s ! Interface E0/0 duplex full ip address 192.168.80.5 255.255.255.0 no shut ! Interface E0/1 ip address 192.168.70.5 255.255.255.0 duplex full no shut ! Interface Loopback 0 ip address 5.5.5.5 255.0.0.0 ! router eigrp 123 network 192.168.70.0 network 192.168.80.0 network 5.0.0.0 ------ R6 ------ alias exec sir sh ip route alias exec siib sh ip int brief alias exec sirc sh ip route | inc C alias exec src sh run | s ! Interface E0/0 duplex full ip address 192.168.70.6 255.255.255.0 no shut ! Interface Loopback 0 ip address 6.6.6.6 255.0.0.0 ! router eigrp 123 network 192.168.70.0 network 6.0.0.0 ------ SW1 ------ ip routing ! Interface vlan 30 ip address 192.168.30.21 255.255.255.0 no shut ! Interface vlan 40 ip address 192.168.40.21 255.255.255.0 no shut ! Interface Loopback 0 ip address 21.21.21.21 255.0.0.0 ! router eigrp 123 network 192.168.30.0 network 192.168.40.0 network 21.0.0.0 ------ SW2 ------ ip routing ! Interface vlan 50 ip address 192.168.50.22 255.255.255.0 no shut ! Interface vlan 60 ip address 192.168.60.22 255.255.255.0 no shut ! Interface Loopback 0 ip address 22.22.22.22 255.0.0.0 ! router eigrp 123 network 192.168.50.0 network 192.168.60.0 network 22.0.0.0 ------ SW3 ------ ip routing ! Interface vlan 60 ip address 192.168.60.23 255.255.255.0 no shut ! Interface vlan 70 ip address 192.168.70.23 255.255.255.0 no shut ! Interface Loopback 0 ip address 23.23.23.23 255.0.0.0 ! router eigrp 123 network 192.168.60.0 network 192.168.70.0 network 23.0.0.0 ******************************************************** Lab 8 - Configuring Port Fast ******************************************************** Requirement: - Configure Ports in VLANs 10,20 & 30 such that they bypass the listening and learning STP States ------ SW1 ------ Interface range E1/0-1 spanning-tree portfast edge ------ SW2 ------ Interface range E1/0-1 spanning-tree portfast edge ------ SW3 ------ Interface E0/2 spanning-tree portfast edge trunk ******************************************************** Lab 9 - Configuring BPDU Guard ******************************************************** Requirement: - Configure Ports from the previous Lab such that in case a bpduguard is received, the should be error disabled automatically - The switch should automatically try to recover a port that has gone into the error disabled state because of bpduguard. This should be done after waiting for 4 minutes ------ SW1 ------ Interface range E1/0-1 spanning-tree bpduguard enable ! errdisable recovery cause bpduguard errdisable recovery interval 240 ------ SW2 ------ Interface range E1/0-1 spanning-tree bpduguard enable ! errdisable recovery cause bpduguard errdisable recovery interval 240 ------ SW3 ------ Interface E0/2 spanning-tree bpduguard enable ! errdisable recovery cause bpduguard errdisable recovery interval 240 ******************************************************** Lab 10 - Configuring Root Guard ******************************************************** Requirement: - Configure your network such that if SW1 or SW2 receive superior BPDU's for either SW3 or SW4, the port should be error disabled. ------ SW1 ------ Interface port-channel 13 spanning-tree guard root ------ SW2 ------ Interface port-channel 24 spanning-tree guard root ******************************************************** Lab 11 - Configuring Port-Security ******************************************************** Requirement: - Configure SW1 such that only R1 E0/0 connects to Port E1/0 - Configure SW1 such that only R2 E0/0 connects to Port E1/1 - Configure SW3 such that port E0/3 allows 3 mac addresses to connect. These addresses should be learnt dynamically and copied into your running config ------ SW1 ------ Interface E1/0 switchport port-security mac aabb.cc00.0100 switchport port-security ! Interface E1/1 switchport port-security mac aabb.cc00.0200 switchport port-security ------ SW3 ------ Interface E0/3 switchport port-security mac sticky switchport port-security max 3 switchport port-security