Example B-31 through Example B-38 show the relevant configurations for each switch and router after completing Part II of the Self-Study Lab. NOTE On Cisco IOS switches, because all VTP and VLAN configuration is stored in the non-text VLAN database file, you will not see any VTP or VLAN configuration in the configurations shown. Example B-31. Switch-A Configurationhostname Switch-A ! enable secret cisco ! clock timezone EST -5 ! vlan access-map INTERNAL 10 match ip address 100 action forward vlan filter INTERNAL vlan-list 1,3-5,10,100,101 ! mls qos ! ip multicast-routing ! class-map match-all HTTP match access-group HTTP ! policy-map QOS class HTTP police flow 1000000 187500 conform-action set-dscp-transmit 24 exceed-action drop ! spanning-tree extend system-id spanning-tree vlan 1 priority 28672 spanning-tree vlan 1 forward-time 7 spanning-tree vlan 1 max-age 10 spanning-tree vlan 3 priority 28672 spanning-tree vlan 3 forward-time 7 spanning-tree vlan 3 max-age 10 spanning-tree vlan 4 priority 24576 spanning-tree vlan 4 forward-time 7 spanning-tree vlan 4 max-age 10 spanning-tree vlan 5 priority 28672 spanning-tree vlan 5 forward-time 7 spanning-tree vlan 5 max-age 10 spanning-tree vlan 10 priority 24576 spanning-tree vlan 10 forward-time 7 spanning-tree vlan 10 max-age 10 spanning-tree vlan 100 priority 28672 spanning-tree vlan 100 forward-time 7 spanning-tree vlan 100 max-age 10 spanning-tree vlan 101 priority 28672 spanning-tree vlan 101 forward-time 7 spanning-tree vlan 101 max-age 10 ! port-channel load-balance src-dst-ip ! interface range GigabitEthernet1/1 - 2 switchport mtu 9216 flowcontrol receive on flowcontrol send on channel-group 1 mode desirable switchport trunk encapsulation isl switchport mode trunk mls qos trust dscp ! interface FastEthernet 2/1 ip address 192.168.1.1 255.255.255.0 ip pim sparse-dense-mode mls qos trust dscp speed 100 duplex full ! interface FastEthernet 2/2 ip address 192.168.2.1 255.255.255.0 ip pim sparse-dense-mode mls qos trust dscp speed 100 duplex full ! interface range FastEthernet 2/3 - 24 switchport switchport access vlan 100 mls qos vlan-based ! interface range FastEthernet 2/25 - 47 switchport switchport access vlan 101 mls qos vlan-based ! interface Vlan 10 ip address 192.168.10.2 255.255.255.248 ip pim sparse-dense-mode ! interface Vlan 100 ip address 192.168.100.2 255.255.255.0 standby ip 192.168.100.1 standby priority 150 preempt ip pim sparse-dense-mode mls qos bridged service-policy input QOS ! interface Vlan 101 ip address 192.168.101.2 255.255.255.0 standby ip 192.168.101.1 standby priority 100 ip pim sparse-dense-mode mls qos bridged service-policy input QOS ! router eigrp 1 network 192.168.0.0 0.0.255.255 ! access-list 1 permit 192.168.100.0 0.0.0.255 access-list 2 permit host 192.168.100.50 access-list 100 permit ip 192.168.0.0 0.0.0.255 192.168.0.0 0.0.255.255 ! ip access-list extended HTTP permit tcp any eq www any ! snmp-server community cisco RO 2 snmp-server enable traps snmp-server host 192.168.100.50 cisco ! line con 0 line vty 0 4 access-class 1 in password cisco login line vty 5 15 access-class 1 in password cisco login ! ntp server 192.168.100.50 end Example B-32. Switch-B Configuration# ***** NON-DEFAULT CONFIGURATION ***** ! ! #time: Mon Jul 15 2002, 20:59:16 EST ! #version 7.2(2) ! set password $2$fX1D$Vwy2IJlXDsFlMudGbU8Wr1 set enablepass $2$DhKF$iZH3NdFq.oOUOJ2XlM0Dv0 ! #system set system name Switch-B ! #mac address reduction set spantree macreduction enable ! #snmp set snmp community read-only cisco set snmp trap 192.168.100.50 cisco set snmp enable ! #vtp set vtp domain ciscolab set vtp mode client set vtp passwd cisco ! #ip set interface sc0 10 192.168.10.3 255.255.255.248 set ip route 0.0.0.0/0.0.0.0 192.168.10.2 ! #spantree #vlan <VlanId> set spantree fwddelay 7 1 set spantree maxage 10 1 set spantree priority 24576 1 set spantree fwddelay 7 3 set spantree maxage 10 3 set spantree priority 24576 3 set spantree fwddelay 7 4 set spantree maxage 10 4 set spantree priority 28672 4 set spantree fwddelay 7 5 set spantree maxage 10 5 set spantree priority 24576 5 set spantree fwddelay 7 10 set spantree maxage 10 10 set spantree priority 28672 10 set spantree fwddelay 7 100 set spantree maxage 10 100 set spantree priority 28672 100 set spantree fwddelay 7 101 set spantree maxage 10 101 set spantree priority 24576 101 ! #ntp set ntp server 192.168.100.50 set timezone EST -5 0 ! #permit list set ip permit enable telnet set ip permit enable ssh set ip permit enable snmp set ip permit 192.168.100.0 255.255.255.0 telnet set ip permit 192.168.100.50 snmp ! #qos set qos enable set qos bridged-microflow-policing enable 100-101 set qos policer microflow HTTP rate 1000 burst 1500 drop #QOS set qos acl ip QOS dscp 24 microflow HTTP tcp any eq 80 any # commit qos acl all ! #port channel set port channel 1/1-2 13 ! #security ACLs clear security acl all #INTERNAL set security acl ip INTERNAL permit arp set security acl ip INTERNAL permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255 # commit security acl all set security acl map INTERNAL 1,3-5,10,100-101 ! # default port status is enable ! ! #module 1 : 2-port 1000BaseX Supervisor set trunk 1/1 on isl 1-1005,1025-4094 set trunk 1/2 on isl 1-1005,1025-4094 set port channel 1/1-2 mode desirable silent set port jumbo 1/1-2 enable set port flowcontrol 1/1-2 receive on set port flowcontrol 1/1-2 send on set port qos 1/1 trust trust-dscp set port qos 1/2 trust trust-dscp ! #module 2 : 48-port 10/100 Ethernet set vlan 3 2/1 set vlan 4 2/2 set vlan 5 2/48 set vlan 100 2/3-24 set vlan 101 2/25-47 set port duplex 2/1-2 full set port speed 2/1-2 100 set port qos 2/3-47 vlan-based set port qos 2/1 trust trust-dscp set port qos 2/2 trust trust-dscp set port qos 2/48 trust trust-ipprec set qos acl map QOS 100 set qos acl map QOS 101 ! end Example B-33. Switch-C Configurationhostname Switch-C ! enable secret cisco ! clock timezone EST -5 ! mls qos ! ip routing ip multicast-routing ! spanning-tree extend system-id spanning-tree vlan 1 priority 28672 spanning-tree vlan 1 forward-time 10 spanning-tree vlan 1 max-age 14 spanning-tree vlan 10 priority 24576 spanning-tree vlan 10 forward-time 10 spanning-tree vlan 10 max-age 14 spanning-tree vlan 200 priority 24576 spanning-tree vlan 200 forward-time 10 spanning-tree vlan 200 max-age 14 spanning-tree vlan 201 priority 28672 spanning-tree vlan 201 forward-time 10 spanning-tree vlan 201 max-age 14 ! interface FastEthernet 0/1 no switchport ip address 192.168.1.2 255.255.255.0 ip pim sparse-dense-mode speed 100 duplex full wrr-queue cos-map 4 5 6 7 priority-queue out mls qos trust dscp speed 100 duplex full ! interface FastEthernet 0/2 no switchport ip address 192.168.3.2 255.255.255.0 ip pim sparse-dense-mode speed 100 duplex full wrr-queue cos-map 4 5 6 7 priority-queue out mls qos trust dscp speed 100 duplex full ! interface range FastEthernet 0/3 - 4 channel-group 1 mode desirable switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,10,200-202,1002-1005 switchport trunk native vlan 10 switchport mode trunk wrr-queue cos-map 4 5 6 7 priority-queue out mls qos trust dscp speed 100 duplex full ! interface FastEthernet 0/5 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,10,200-202,1002-1005 switchport trunk native vlan 10 switchport mode trunk wrr-queue cos-map 4 5 6 7 priority-queue out mls qos trust dscp speed 100 duplex full ! interface FastEthernet 0/6 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,10,200-202,1002-1005 switchport trunk native vlan 10 switchport mode trunk wrr-queue cos-map 4 5 6 7 priority-queue out mls qos trust cos speed 100 duplex full ! interface vlan 10 ip address 192.168.10.9 255.255.255.248 ip pim sparse-dense-mode ip cgmp ! interface vlan 200 ip address 192.168.200.2 255.255.255.0 ip pim sparse-dense-mode ip cgmp standby ip 192.168.200.1 standby priority 150 preempt ! interface vlan 201 ip address 192.168.201.2 255.255.255.0 ip pim sparse-dense-mode ip cgmp standby ip 192.168.201.1 standby priority 100 ! interface vlan 202 ip address 192.168.202.2 255.255.255.0 ip pim sparse-dense-mode ip cgmp standby ip 192.168.202.1 standby priority 150 preempt ! router eigrp 1 network 192.168.0.0 0.0.255.255 ! access-list 1 permit 192.168.100.0 0.0.0.255 access-list 2 permit host 192.168.100.50 ! snmp-server community cisco RO 2 snmp-server enable traps snmp-server host 192.168.100.50 cisco ! line con 0 line vty 0 4 access-class 1 in password cisco login line vty 5 15 access-class 1 in password cisco login ! ntp server 192.168.100.50 end Example B-34. Switch-D Configurationhostname Switch-D ! enable secret cisco ! clock timezone EST -5 ! mls qos ! ip routing ip multicast-routing ! spanning-tree extend system-id spanning-tree vlan 1 priority 24576 spanning-tree vlan 1 forward-time 10 spanning-tree vlan 1 max-age 14 spanning-tree vlan 10 priority 28672 spanning-tree vlan 10 forward-time 10 spanning-tree vlan 10 max-age 14 spanning-tree vlan 200 priority 28672 spanning-tree vlan 200 forward-time 10 spanning-tree vlan 200 max-age 14 spanning-tree vlan 201 priority 24576 spanning-tree vlan 201 forward-time 10 spanning-tree vlan 201 max-age 14 ! interface FastEthernet 0/1 no switchport ip address 192.168.2.2 255.255.255.0 ip pim sparse-dense-mode speed 100 duplex full wrr-queue cos-map 4 5 6 7 priority-queue out mls qos trust dscp speed 100 duplex full ! interface FastEthernet 0/2 no switchport ip address 192.168.4.2 255.255.255.0 ip pim sparse-dense-mode speed 100 duplex full wrr-queue cos-map 4 5 6 7 priority-queue out mls qos trust dscp speed 100 duplex full ! interface range FastEthernet 0/3 - 4 channel-group 1 mode desirable switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,10,200-202,1002-1005 switchport trunk native vlan 10 switchport mode trunk wrr-queue cos-map 4 5 6 7 priority-queue out mls qos trust dscp speed 100 duplex full ! interface FastEthernet 0/5 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,10,200-202,1002-1005 switchport trunk native vlan 10 switchport mode trunk wrr-queue cos-map 4 5 6 7 priority-queue out mls qos trust dscp speed 100 duplex full ! interface FastEthernet 0/6 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,10,200-202,1002-1005 switchport trunk native vlan 10 switchport mode trunk wrr-queue cos-map 4 5 6 7 priority-queue out mls qos trust cos speed 100 duplex full ! interface vlan 10 ip address 192.168.10.10 255.255.255.248 ip pim sparse-dense-mode ip cgmp ! interface vlan 200 ip address 192.168.200.3 255.255.255.0 ip pim sparse-dense-mode ip cgmp standby ip 192.168.200.1 standby priority 100 ! interface vlan 201 ip address 192.168.201.3 255.255.255.0 ip pim sparse-dense-mode ip cgmp standby ip 192.168.201.1 standby priority 150 preempt ! interface vlan 202 ip address 192.168.202.3 255.255.255.0 ip pim sparse-dense-mode ip cgmp standby ip 192.168.202.1 standby priority 100 ! router eigrp 1 network 192.168.0.0 0.0.255.255 ! access-list 1 permit 192.168.100.0 0.0.0.255 access-list 2 permit host 192.168.100.50 ! snmp-server community cisco RO 2 snmp-server enable traps snmp-server host 192.168.100.50 cisco ! line con 0 line vty 0 4 access-class 1 in password cisco login line vty 5 15 access-class 1 in password cisco login ! ntp server 192.168.100.50 end Example B-35. Switch-E Configurationhostname Switch-E ! enable secret cisco ! clock timezone EST -5 ! vlan access-map VLAN202 10 match ip address 100 action forward vlan filter VLAN202 vlan-list 202 ! class-map match-all VOICE match access-group VOICE ! class-map match-all VOICE-CONTROL match access-group VOICE-CONTROL ! class-map match-all SQL match access-group SQL ! class-map match-all HTTP match access-group HTTP ! policy-map QOS class HTTP policy 1000000 187500 exceed-action drop class VOICE set ip dscp 46 class VOICE set ip dscp 26 class SQL set ip dscp 24 class class-default set ip dscp 8 ! mls qos ! spanning-tree uplinkfast spanning-tree uplinkfast max-update-rate 200 spanning-tree portfast bpdufilter default spanning-tree extend system-id ! interface FastEthernet 0/1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,10,200-202,1002-1005 switchport trunk native vlan 10 switchport mode trunk wrr-queue cos-map 4 5 6 7 priority-queue out mls qos trust dscp speed 100 duplex full spanning-tree vlan 1 cost 10000 spanning-tree vlan 101 cost 10000 spanning-tree vlan 201 cost 10000 ! interface FastEthernet 0/2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,10,200-202,1002-1005 switchport trunk native vlan 10 spanning-tree vlan switchport mode trunk wrr-queue cos-map 4 5 6 7 priority-queue out mls qos trust dscp speed 100 duplex full spanning-tree vlan 10 cost 10000 spanning-tree vlan 100 cost 10000 spanning-tree vlan 200 cost 10000 spanning-tree vlan 202 cost 10000 ! interface range FastEthernet 0/3 - 12 switchport access vlan 200 switchport host switchport voice vlan 202 switchport priority extend cos 3 service-policy input QOS ! interface range FastEthernet 0/13 - 23 switchport access vlan 201 switchport host service-policy input QOS ! interface FastEthernet 0/24 switchport access vlan 201 switchport host switchport port-security switchport port-security maximum 1 switchport port-security mac-address 0010.0010.0010 switchport port-security violation shutdown service-policy input QOS ! interface vlan 10 ip address 192.168.10.11 255.255.255.248 ! ip default-gateway 192.168.10.9 ! access-list 1 permit 192.168.100.0 0.0.0.255 access-list 2 permit host 192.168.100.50 access-list 100 permit tcp any any eq 2000 access-list 100 permit tcp any eq 2000 any access-list 100 permit udp any range 16384 32767 any range 16384 32767 access-list 100 permit udp any eq 67 any eq 68 access-list 100 permit udp any eq 68 any eq 67 access-list 100 permit udp any any eq 69 access-list 100 permit udp any eq 69 any access-list 100 permit udp any eq 88 any access-list 100 permit icmp any any echo access-list 100 permit icmp any any echo-reply ! ip access-list extended VOICE permit udp any range 16384 32767 any range 16384 32767 ! ip access-list extended VOICE-CONTROL permit tcp any any eq 2000 ! ip access-list extended SQL permit tcp any any eq 1433 ! ip access-list extended HTTP permit tcp any any eq 80 ! snmp-server community cisco RO 2 snmp-server enable traps snmp-server host 192.168.100.50 cisco ! line con 0 line vty 0 4 access-class 1 in password cisco login line vty 5 15 access-class 1 in password cisco login ! ntp server 192.168.100.50 end Example B-36. Switch-F Configuration# ***** NON-DEFAULT CONFIGURATION ***** ! ! #time: Mon Jul 15 2002, 21:14:37 EST ! set password $2$f647$Vwy24JlXDsFlMudGbH8Wr1 set enablepass $2$7498F$f7Dl$.OU492JAM0Dv0 ! #system set system name Switch-F ! #snmp set snmp community read-only cisco set snmp trap 192.168.100.50 cisco set snmp enable ! #mac address reduction set spantree macreduction enable ! #vtp set vtp domain ccnp set vtp mode client set vtp passwd cisco ! #ip set interface sc0 10 192.168.10.12 255.255.255.248 set ip route 0.0.0.0/0.0.0.0 192.168.10.9 ! #cgmp set cgmp enable ! #spantree #portfast set spantree global-default bpdu-filter enable ! #uplinkfast groups set spantree uplinkfast enable rate 20 all-protocols off ! #vlan <VlanId> set spantree priority 49152 1 set spantree priority 49152 10 set spantree priority 49152 200 set spantree priority 49152 201 set spantree priority 49152 202 ! #ntp set ntp server 192.168.100.50 set timezone EST -5 0 ! #permit list set ip permit enable telnet set ip permit enable ssh set ip permit enable snmp set ip permit 192.168.100.0 255.255.255.0 telnet set ip permit 192.168.100.50 snmp ! #qos set qos enable set qos defaultcos 3 set qos map 2q1t 2 1 cos 0-4 set qos map 2q1t 2 1 cos 5-7 ! #module 1 : 0-port Switching Supervisor ! #module 2 : 50-port 10/100/1000 Ethernet set port disable 2/24-48 set port speed 2/1-2 100 set port duplex 2/1-2 full set vlan 10 2/1-2 set vlan 200 2/3-12 set vlan 201 2/13-24 set spantree portfast 2/48 enable clear trunk 2/1-2 1-1005,1025-4094 set trunk 2/1 on dot1q 1,10,200-202 set trunk 2/2 on dot1q 1,10,200-202 set trunk 2/3-48 off set port channel 2/3-48 mode off set spantree portvlancost 2/1 cost 10000 1,101,201 set spantree portvlancost 2/2 cost 10000 10,100,102,202 ! end Example B-37. Router-A Configurationhostname Router-A ! enable secret cisco ! ip multicast-routing ip pim send-rp-announce FastEthernet0/0 scope 10 ! interface FastEthernet0/0 ip pim sparse-dense-mode ip address 192.168.5.1 255.255.255.0 ! interface loopback0 ip address 10.0.0.1 255.0.0.0 ! router eigrp 1 network 10.0.0.0 network 192.168.0.0 0.0.0.255 ! line vty 0 4 password cisco login Example B-38. MSFC-B Configurationhostname MSFC-B ! enable secret cisco ! ip multicast-routing ! interface VLAN 3 ip address 192.168.3.1 255.255.255.0 ip pim sparse-dense-mode ! interface VLAN 4 ip address 192.168.4.1 255.255.255.0 ip pim sparse-dense-mode ! interface VLAN 5 ip address 192.168.5.2 255.255.255.0 ip pim sparse-dense-mode ! interface VLAN 10 ip address 192.168.10.4 255.255.255.255 ip pim sparse-dense-mode ! interface vlan 100 ip address 192.168.100.3 255.255.255.0 ip pim sparse-dense-mode standby ip 192.168.100.1 standby priority 100 ! interface vlan 101 ip address 192.168.101.3 255.255.255.0 ip pim sparse-dense-mode standby ip 192.168.101.1 standby priority 150 preempt ! router eigrp 1 network 192.168.0.0 0.0.255.255 ! line vty 0 4 password cisco login |