Parcial Final Páctico 2016-2
Parcial Final Páctico 2016-2
Parcial Final Páctico 2016-2
Skills-Based Assessment
Topology
200.200.200.1
Server
VLAN 199:
10.10.199.2
DL
Fa0/
Fa0/
S1
11
Fa0/
6
12
P
o
2
P
o
2
Fa0/
11
Fa0/
12
Fa0/
6
AL
S2
P
o
1
Fa0
/7
Fa0
/8
Fa0
/8
Fa0
/7
P
o
1
Ho
st
A
Stud
VLAN
ent10
VLAN 199:
10.10.199.3
DL
Fa0
/7
Fa0
/8
Fa0
/8
Fa0
/7
VLAN 199
10.10.199.100/24
L3
Po3
Fa0/
11
Fa0/
11
AL
Fa0/
6
VLAN
VLAN
S1 199:
S2 199:
10.10.199.4
All L2 Switch-to-Switch connections
are
10.10.199.5
802.1q trunks using PAgP as the
Etherchannel Negotiation Protocol
Ho
st
B
Faculty
VLAN 30
Objectives
Part 1: Build the physical network topology.
Part 2: Configure the switches in the topology according to the diagram and the specifications provided.
Part 3: Test the network for connectivity and the configured options.
Exam Overview
This skills-based assessment (SBA) is the final practical exam for instructor training for the CCNPv6 SWITCH
course. It is similar to the student version, but differs in how the IP addressing and devices are configured. In
Part 1, you build the physical network. In Part 2, you configure various features such as trunking,
EtherChannel, VTP, VLANs, SVIs, routed links, OSPF, HSRP, port security, and DHCP snooping. In Part 3,
All contents are Copyright 19922010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 6
CCNPv6 SWITCH
you create a Tcl script to test IP connectivity and use show commands to verify the configured options. This
exam combines building the network with device configuration and troubleshooting.
Note: This lab uses Cisco WS-C2960-24TT-L switches with the Cisco IOS image c2960-lanbasek9-mz.12246.SE.bin, and Catalyst 3560-24PS with the Cisco IOS image c3560-advipservicesk9-mz.122-46.SE.bin. You
can use other switches (such as 2950 or 3550) and Cisco IOS Software versions if they have comparable
capabilities and features. Depending on the switch model and Cisco IOS Software version, the commands
available and output produced might vary from what is shown in this lab.
Required Resources
2 switches (Cisco 2960 with the Cisco IOS Release 12.2(46)SE C2960-LANBASEK9-M image or
comparable)
2 switches (Cisco 3560 with the Cisco IOS Release 12.2(46)SE C3560-ADVIPSERVICESK9-mz
image or comparable)
VLAN Name
Subnet
10
Client
10.10.10.0/24
20
VOICE
10.10.20.0/24
30
Server
10.10.30.0/24
All contents are Copyright 19922015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 6
CCNPv6 SWITCH
VLAN
VLAN Name
Subnet
199
Management
10.10.199.0/24
777
Native_VLAN
900
Parking_LOT
L3 Subnet
10.10.12.0/30
7. Configure MSTP on all switches in the region TEST_LAB. Assign VLANs 10 and 20 to instance 1,
and VLANs 30 and 199 to instance 2. Ensure that DLS1 becomes the spanning-tree root for instance
1 and the backup root for instance 2. DLS2 should become the root for instance 2 and the backup
root for instance 1.
8. On DLS1 and DLS2, configure SVIs and HSRP to provide gateway redundancy for access layer
clients in VLANs 10, 20, 30, and 199. Create an SVI in VLANs 10, 20, 30, and 199, each with an IP
address and mask. Reference the chart below for IP address information. Map the HSRP group
number to the VLAN number.
DLS1
DLS2
ALS1
10.10.10.2/24
10.10.10.3/24
10.10.10.1
10.10.20.2/24
10.10.20.3/24
10.10.20.1
10.10.30.2/24
10.10.30.3/24
10.10.30.1
10.10.199.2/24
10.10.199.3/24
10.10.199.4
ALS2
10.10.10.199.5
HSRP VIP
10.10.199.1/24
9. Configure DLS1 as the active HSRP router for VLANs 10 and 20 with a priority value of 120, and
configure DLS2 as the backup. Configure DLS2 as the active router for VLANs 30 and 199 with a
priority value of 120, and configure DLS1 as the backup.
10. On DLS1, configure the loopback address of 200.200.200.1/24. This loopback address will be used in
conjunction with HSRP interface tracking.
11. Configure a tracked object on DLS1 to check for reachability of the 200.200.200.1 loopback address
using an IP SLA. If reachability is lost, DLS1 should relinquish its role to as active router for VLANs
10 and 20.
12. Configure DLS1 as a DHCP server for VLAN 10 and DLS2 as DHCP server for the VLAN 30.
Exclude the first 10 addresses from each pool. Name the pool with VLAN number and name, i.e.,
VLAN_10_STUDENT. Set the DNS server to the loopback 200.200.200.1 address.
13. Configure all switches with DHCP snooping on VLAN 10, and 30 to guard against DHCP spoofing
and man-in-the-middle attacks.
14. On ALS1 and ALS2, create an SVI for MGMT VLAN 199 with an IP address from the VLAN 199
subnet assigned in Step 9.
All contents are Copyright 19922015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 6
CCNPv6 SWITCH
15. For ALS1 and ALS2, specify the HSRP gateway address of VLAN 199 as the default gateway.
16. Enable PortFast on all access layer switch ports.
17. On ALS1, configure Fa0/6 as an access port using a MACRO and configure the the CLIENT to have
access to VLAN 10.
18. Configure Fa0/6 with a rate limit of 10 pps to prevent DHCP starvation attacks.
19. On ALS1, configure port Fa0/6 with port security. Allow up to two MAC addresses to be learned for IP
phone support. Enable sticky learning. Shut down the port if a violation occurs.
20. On ALS1, enable error disable autorecovery for the switchport in the event of a port security violation.
Set the auto recovery period to 30 seconds.
21. On ALS2, configure port Fa0/6 as an access port in FACULTY VLAN 30.
22. Configure IP routing on DLS1 and DLS2, and use OSPF to advertise 10.10.0/16. Ensure that the
routing information is only exchanged over the layer 3 EtherChannel. Hard code the router-id on both
devices. DLS1 should use 1.1.1.1 and DLS2 should use 2.2.2.2.
23. Configure all switching devices to synchronize using NTP with authentication. Use a NTP password
of s3cureNTP. DLS1 should be set as the NTP master. Ensure the clocks are accurate on all
devices.
24. Configure remote login on all switching devices using SSH version 2. Restrict remote login on the
VTY lines to only allow the management VLAN using the SSH protocol.
25. Configure client PC-A and PC-B to obtain an IP address from the DHCP server.
Page 4 of 6
CCNPv6 SWITCH
} {
ping $address }
b. What is the show command used to verify that the correct VLANs exist on all switches and contain the
correct ports? _____________________________________________________________________
c.
What is the show command used to verify that the EtherChannel between switches is configured
correctly?_________________________________________________________________________
d. What is the show command used to verify the spanning-tree configuration and root bridge (DLS1 or
DLS2) for each VLAN?_______________________________________________________________
e. What is the show command used to verify that the correct SVIs exist and that the correct HRSP
routers are primary and standby for each VLAN?___________________________________________
f.
g. What is the command used to verify that client PC-A can ping server PC-B?_____________________
h. What is the command used to verify the traced route from client PC-A to server PC-B._____________
i.
Test the HSRP configuration by shutting down the loopback interface on DLS1. Initiate a continuous
ping from the student VLAN PC. DLS1 should relinquish the HSRP active role. The host on the student
VLAN should see minimal disruption. Verify the result
j.
Verify the routing configuration. Are DLS1 and DLS2 only neighboring across the Po3 interface? What
is the appropriate show command to verify.
Exam Notes:
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
All contents are Copyright 19922015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 6
CCNPv6 SWITCH
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
All contents are Copyright 19922015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 6