CCNA Lab - Solution Rev1.0 Layer 2 Switching
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (223.36 KB, 22 trang )
ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab2: Layer 2 Switching Solutions
Task 2.1:
3750-M-CE4(config)#vtp mode server
Setting device to VTP SERVER mode
3750-M-CE4(config)#vtp domain ieMentor
3750-M-CE4#sho vtp status
VTP Version
: 2
Configuration Revision
: 0
Maximum VLANs supported locally : 1005
Number of existing VLANs
: 21
VTP Operating Mode
: Server
VTP Domain Name
: ieMentor
VTP Pruning Mode
: Disabled
VTP V2 Mode
: Disabled
VTP Traps Generation
: Disabled
MD5 digest
: 0x9D 0x13 0x41 0x03 0x6A 0xA3 0xCF 0x2B
Configuration last modified by 172.16.1.250 at 3-1-93 11:08:59
Local updater ID is 172.100.1.1 on interface Vl1 (lowest numbered VLAN
interface found)
3550-CE6(config)#vtp mode client
Setting device to VTP CLIENT mode.
3550-CE6(config)#vtp domain ieMentor
3550-CE6#sho vtp status
VTP Version
: 2
Configuration Revision
: 0
Maximum VLANs supported locally : 1005
Number of existing VLANs
: 21
VTP Operating Mode
: Client
VTP Domain Name
: ieMentor
VTP Pruning Mode
: Disabled
VTP V2 Mode
: Disabled
VTP Traps Generation
: Disabled
MD5 digest
: 0xD6 0xAC 0x23 0xD9 0x5B 0xDC 0x6A 0xA1
Configuration last modified by 172.16.1.250 at 3-1-93 11:08:59
1
This product is individually licensed and Copyright © 2005 ieMentor
ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab2: Layer 2 Switching Solutions
Description example:
3550
interface FastEthernet0/4
description TO ASBR2-RACK1 -VLAN 240
switchport access vlan 240
switchport mode access
duplex half
!
interface FastEthernet0/3
description to PE3-RACK1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 13,23,31,123
switchport mode trunk
Remember that all VLAN changes can be configured on the VTP
server only. You won’t be able to make any changes on the client.
3750-M-CE4(config)#vlan 82
3750-M-CE4(config-vlan)#state active
3750-M-CE4(config-vlan)#name VLAN82_CE8
3750-M-CE4#sho vlan id 82
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------82
VLAN82_CE8
active
Fa1/0/12, Po1
VLAN Type SAID
MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- -----82
enet 100082 1500 0
0
Primary Secondary Type
Ports
------- --------- ----------------- ------------------------------------interface FastEthernet0/8
description to CE8 - VLAN 82
switchport access vlan 82
switchport mode access
duplex full
speed 100
2
This product is individually licensed and Copyright © 2005 ieMentor
ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab2: Layer 2 Switching Solutions
Task 2.2:
3750-M-CE4
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet1/0/13
description to 3550
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
!
interface FastEthernet1/0/14
description to 3550
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
3550-CE6
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/13
description To 3750-M
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
!
interface FastEthernet0/14
description To 3750-M
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
3
This product is individually licensed and Copyright © 2005 ieMentor
ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab2: Layer 2 Switching Solutions
3750-M-CE4#sho etherchannel detail
Channel-group listing:
---------------------Group: 1
---------Group state = L2
Ports: 2
Maxports = 8
Port-channels: 1 Max Port-channels = 1
Protocol:
Ports in the group:
------------------Port: Fa1/0/13
-----------Port state
Channel group
Port-channel
Port index
=
=
=
=
Up Mstr In-Bndl
1
Mode = On/FEC
Po1
GC
=
0
Load = 0x00
Gcchange = Pseudo port-channel = Po1
Protocol =
-
Age of the port in the current state: 20d:14h:14m:22s
Port: Fa1/0/14
-----------Port state
Channel group
Port-channel
Port index
=
=
=
=
Up Mstr In-Bndl
1
Mode = On/FEC
Po1
GC
=
0
Load = 0x00
Gcchange = Pseudo port-channel = Po1
Protocol =
-
Age of the port in the current state: 20d:14h:14m:23s
Port-channels in the group:
--------------------------Port-channel: Po1
-----------Age of the Port-channel
= 20d:14h:14m:28s
Logical slot/port
= 10/1
Number of ports = 2
GC
= 0x00000000
HotStandBy port = null
Port state
= Port-channel Ag-Inuse
Protocol
=
Ports in the Port-channel:
Index
Load
Port
EC state
No of bits
------+------+------+------------------+----------0
00
Fa1/0/13 On/FEC
0
0
00
Fa1/0/14 On/FEC
0
Time since last port bundled:
4
20d:14h:14m:23s
Fa1/0/14
This product is individually licensed and Copyright © 2005 ieMentor
ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab2: Layer 2 Switching Solutions
3550-CE6#sho etherchannel summary
Flags: D - down
P - in port-channel
I - stand-alone s – suspended
H - Hot-standby (LACP only)
R - Layer3
S - Layer2
U - in use
f - failed to allocate aggregator
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators:
1
Group Port-channel Protocol
Ports
------+-------------+-----------+---------------------------------------1
Po1(SU)
-
Fa0/13(P)
Fa0/14(P)
Task 2.3:
This task expects you to utilize sub-interfaces with encapsulation
dot1Q. This concept will be repeated throughout this lab.
interface Ethernet0/0
no ip address
full-duplex
!
interface Ethernet0/0.20
description to PE2 -VLAN
encapsulation dot1Q 20
ip address 172.16.20.254
!
interface Ethernet0/0.30
description to PE3 -VLAN
encapsulation dot1Q 30
ip address 172.16.30.254
20
255.255.255.0
30
255.255.255.0
RR1-RACK1#sho cdp ne
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r – Repeater
Device ID
3550-CE6
5
Local Intrfce
Eth 0/0
Holdtme
152
Capability
R S I
Platform Port ID
WS-C3550-2Fas 0/12
This product is individually licensed and Copyright © 2005 ieMentor
ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab2: Layer 2 Switching Solutions
On the switch, you need to configure a dot1q trunk on the interface
going to RR1 and then allow the VLANs configured on RR1.
3550-CE6
interface FastEthernet0/12
description to RR
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 20,30
switchport mode trunk
duplex full
speed 10
Task 2.4:
PE3
interface Ethernet0/0
no ip address
half-duplex
!
interface Ethernet0/0.13
description to CE1 - VLAN 13
encapsulation dot1Q 13
ip address 10.13.1.3 255.255.255.0
no snmp trap link-status
!
interface Ethernet0/0.23
description to CE2 - VLAN 23
encapsulation dot1Q 23
no snmp trap link-status
!
interface Ethernet0/0.30
description to RR - VLAN 30
encapsulation dot1Q 30
ip address 172.16.30.3 255.255.255.0
!
interface Ethernet0/0.31
description to PE1 - VLAN 31
encapsulation dot1Q 31
ip address 172.16.13.3 255.255.255.0
!
interface Ethernet0/0.123
description to PE2 - VLAN 123
encapsulation dot1Q 123
ip address 172.16.123.3 255.255.255.0
6
This product is individually licensed and Copyright © 2005 ieMentor
ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab2: Layer 2 Switching Solutions
3550-CE6
interface FastEthernet0/3
description to PE3-RACK1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 13,23,31,123
switchport mode trunk
Task 2.5:
PE1
interface FastEthernet0/0
description to PE3 VLAN31
ip address 172.16.13.1 255.255.255.0
speed 100
full-duplex
!
interface FastEthernet0/1
description to PE2 VLAN21
ip address 172.16.12.1 255.255.255.0
speed 100
full-duplex
3750
interface FastEthernet1/0/10
description To PE2
switchport access vlan 21
switchport mode access
duplex full
speed 100
!
interface FastEthernet1/0/11
description to PE1
switchport access vlan 31
switchport mode access
duplex full
speed 100
7
This product is individually licensed and Copyright © 2005 ieMentor
ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab2: Layer 2 Switching Solutions
Task 2.6:
interface Ethernet0/0
no ip address
half-duplex
!
interface Ethernet0/0.20
description to RR - VLAN 20
encapsulation dot1Q 20
ip address 172.16.20.2 255.255.255.0
!
interface Ethernet0/0.21
description to PE1 - VLAN 21
encapsulation dot1Q 21
ip address 172.16.12.2 255.255.255.0
no snmp trap link-status
!
interface Ethernet0/0.123
description to PE3 - VLAN 123
encapsulation dot1Q 123
ip address 172.16.123.2 255.255.255.0
PE2-RACK1#sho cdp ne
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r – Repeater
Device ID
BB1-RACK1
3750-M-CE4
Local Intrfce
Eth 0/1
Eth 0/0
Holdtme
135
155
Capability
R S
S I
Platform Port ID
2610
Eth 0/0
ME-C3750-2Fas 1/0/12
3750
interface FastEthernet1/0/12
description to PE2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 20,21,82,123
switchport mode trunk
duplex half
speed 10
8
This product is individually licensed and Copyright © 2005 ieMentor
ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab2: Layer 2 Switching Solutions
Task 2.7:
3750-M-CE4
interface FastEthernet1/0/13
description to 3550
switchport trunk encapsulation dot1q
switchport mode trunk
duplex full
Å Same as on 3550
Å Same as on 3550
speed 100
channel-group 1 mode on
!
interface FastEthernet1/0/14
description to 3550
switchport trunk encapsulation dot1q
switchport mode trunk
duplex full
Å Same as on 3550
Å Same as on 3550
speed 100
channel-group 1 mode on
3550-CE6(config)#spanning-tree mode pvst
3750-M-CE4(config)#spanning-tree mode pvst
Task 2.8:
Check the Port Channel rather than the physical port.
3750-M-CE4#sho interfaces port-channel 1 trunk
Port
Po1
Port
Po1
9
Mode
on
Encapsulation
802.1q
Status
trunking
Native vlan
1
Vlans allowed on trunk
1-4094
Port
Po1
Vlans allowed and active in management domain
1,10,13,20-21,23,30-31,60,82,101-102,110,123,240,300,600
Port
Po1
Vlans in spanning tree forwarding state and not pruned
1,10,13,20-21,23,30-31,60,82,101-102,110,123,240,300,600
This product is individually licensed and Copyright © 2005 ieMentor
ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab2: Layer 2 Switching Solutions
Task 2.9:
3750-M-CE4(config)#vtp password iem.com
Setting device VLAN database password to iem.com
3550-CE6(config)#vtp password iem.com
Setting device VLAN database password to iem.com
3550-CE6#sho vtp password
VTP Password: iem.com
3550-CE6#
3750-M-CE4#sho vtp password
VTP Password: iem.com
3750-M-CE4#
Task 2.10:
3750-M-CE4(config)#monitor session 1 source vlan 13 , 23
3750-M-CE4(config)#monitor session 1 destination interface fastEthernet
1/0/4
!
3750-M-CE4#sho monitor detail
Session 1
--------Type
: Local Session
Source Ports
:
RX Only
: None
TX Only
: None
Both
: None
Source VLANs
:
RX Only
: None
TX Only
: None
Both
: 13,23
Source RSPAN VLAN : None
Destination Ports : Fa1/0/4
Encapsulation : Native
Ingress : Disabled
Filter VLANs
: None
Dest RSPAN VLAN
: None
Task 2.11:
3550-CE6(config)# monitor session 1 destination interface Fa0/18
3550-CE6(config)# monitor session 1 source remote vlan 123
10
This product is individually licensed and Copyright © 2005 ieMentor
ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab2: Layer 2 Switching Solutions
Task 2.12:
All configured VLANs are allowed by default if no additional
configuration for removing them exists.
3750-M-CE4#sho interfaces port-channel 1 trunk
Port
Po1
Port
Po1
Port
Po1
Mode
on
Encapsulation
802.1q
Status
trunking
Native vlan
1
Vlans allowed on trunk
1-4094
Vlans allowed and active in management domain
1,10,13,20-21,23,30-31,60,82,101-102,110,123,240,300,600
Port
Vlans in spanning tree forwarding state and not pruned
Po1
1,10,13,20-21,23,30-31,60,82,101-102,110,123,240,300,600
3750-M-CE4#
Disallow VLANs 10 and 110 from the trunk:
3750-M-CE4(config)#int port-channel 1
3750-M-CE4(config-if)#switchport trunk allowed vlan remove 10,110
Verify that VLANs 10 and 110 are not among those still allowed on
the trunk:
3750-M-CE4#sho interfaces port-channel 1 trunk
Port
Po1
Port
Po1
Mode
on
Encapsulation
802.1q
Status
trunking
Native vlan
1
Vlans allowed on trunk
1-9,11-109,111-4094
Port
Po1
Vlans allowed and active in management domain
1,13,20-21,23,30-31,60,82,101-102,123,240,300,600
Port
Po1
Vlans in spanning tree forwarding state and not pruned
1,13,20-21,23,30-31,60,82,101-102,123,240,300,600
Verify that VLANs 10 and 110 are removed from trunk’s
configuration:
interface Port-channel1
switchport trunk encapsulation dot1q
11
This product is individually licensed and Copyright © 2005 ieMentor
ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab2: Layer 2 Switching Solutions
switchport trunk allowed vlan 1-9,11-109,111-4094
switchport mode trunk
Task 2.13:
This task will need to be re-configured in later Labs to allow other
VLANs.
3750-M-CE4(config-if)#switchport trunk allowed vlan 250-299,301-599
3750-M-CE4#sho interfaces port-channel 1 trunk
3w0d: %SYS-5-CONFIG_I: Configured from console by console
Port
Po1
Port
Po1
12
Mode
on
Encapsulation
802.1q
Status
trunking
Native vlan
1
Vlans allowed on trunk
250-299,301-599
Port
Po1
Vlans allowed and active in management domain
Port
Po1
Vlans in spanning tree forwarding state and not pruned
This product is individually licensed and Copyright © 2005 ieMentor
ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab2: Layer 2 Switching Solutions
Task 2.14:
3550-CE6#sho interfaces fastEthernet 0/16 switchport
Name: Fa0/16
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 230 (VLAN0230)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
interface FastEthernet0/15
description to User 1
switchport access vlan 230
switchport mode access
switchport protected
!
interface FastEthernet0/16
description to User 2
switchport access vlan 230
switchport mode access
switchport protected
13
This product is individually licensed and Copyright © 2005 ieMentor
ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab2: Layer 2 Switching Solutions
Verify that the configuration changes took effect.
3550-CE6#sho interfaces fastEthernet 0/16 switchport
Name: Fa0/16
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 230 (VLAN0230)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: true
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
Task 2.15:
interface FastEthernet0/15
description to User 1
switchport access vlan 230
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security aging static
switchport port-security mac-address sticky 0000.0100.1141
switchport port-security mac-address sticky 0000.0200.2050
14
This product is individually licensed and Copyright © 2005 ieMentor
ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab2: Layer 2 Switching Solutions
3550-CE6#sho port-security address
Secure Mac Address Table
-----------------------------------------------------------------------Vlan
Mac Address
Type
Ports
Remaining Age
(mins)
--------------------------------230
0000.0100.1141
SecureSticky
Fa0/15
230
0000.0200.2050
SecureSticky
Fa0/15
-----------------------------------------------------------------------Total Addresses in System (excluding one mac per port)
: 1
Max Addresses limit in System (excluding one mac per port) : 5120
Task 2.16:
3550
switchport port-security aging time 1
3550-CE6#sho port-security
Port Security
Port Status
Violation Mode
Aging Time
Aging Type
SecureStatic Address Aging
Maximum MAC Addresses
Total MAC Addresses
Configured MAC Addresses
Sticky MAC Addresses
Last Source Address:Vlan
Security Violation Count
interface fastEthernet 0/15
: Enabled
: Secure-down
: Shutdown
: 1 mins
: Absolute
: Enabled
: 2
: 2
: 0
: 2
: 0000.0000.0000:0
: 0
Task 2.17:
To protect against the CAM table-overflow attack, limit the amount
of MAC addresses that can be learned on a switch port.
switchport port-security maximum 2
15
This product is individually licensed and Copyright © 2005 ieMentor
ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab2: Layer 2 Switching Solutions
3550-CE6#sho port-security interface fastEthernet 0/15
Port Security
: Enabled
Port Status
: Secure-down
Violation Mode
: Shutdown
Å default when port security is
enabled
Aging Time
Aging Type
SecureStatic Address Aging
Maximum MAC Addresses
Total MAC Addresses
Configured MAC Addresses
Sticky MAC Addresses
Last Source Address:Vlan
Security Violation Count
:
:
:
:
:
:
:
:
:
1 mins
Absolute
Enabled
2
2
0
2
0000.0000.0000:0
0
Task 2.18:
access-list
snmp-server
snmp-server
snmp-server
snmp-server
snmp-server
snmp-server
snmp-server
snmp-server
1 permit 172.16.1.0
community iempublic RO 1
community iemprivate RW 1
chassis-id 3750-M
enable traps port-security
enable traps vlancreate
enable traps vlandelete
enable traps MAC-Notification
host 172.16.1.1 public port-security MAC-Notification
3750-M-CE4#sho snmp
Chassis: 3750-M
SNMP logging: enabled
Logging to 172.16.1.1.162, 0/10, 0 sent, 0 dropped.
SNMP agent enabled
3750-M-CE4#
16
This product is individually licensed and Copyright © 2005 ieMentor
ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab2: Layer 2 Switching Solutions
Task 2.19:
For this task, you need understand many components of Layer 2
tunnelling.
To accomplish this task, first re-configure 3550 and 3750 ports that
are facing CE8 and CE1 to accept CEs’ VLANs in the QinQ mode and
transport them in the newly allocated service provider VLAN. To
allow packets of 1500 bytes to be transported between 3550 and
3750-M, you will need to increase the system MTU to accommodate
those extra 8 bytes: 4 dot1Q bytes and 4 bytes for the second
label. Because MTU changes on a switch cannot be made per
interface, the system MTU change will affect the entire core.
When dot1Q tunnelling is enabled, the switches automatically
disable CDP and VTP tunnelling for the interfaces facing the CEs.
Our goal is to enable CDP and VTP tunnelling, so that CE1 and CE8
appear directly connected to one another. Additional commands will
need to be configured to accommodate this requirement.
CE8
interface FastEthernet0/0
description to PE2 - VLAN 82
no ip address
speed 100
full-duplex
!
interface FastEthernet0/0.321
encapsulation dot1Q 321
ip address 3.2.1.8 255.255.255.0
no snmp trap link-status
!
interface FastEthernet0/0.323
encapsulation dot1Q 323
ip address 3.2.3.8 255.255.255.0
no snmp trap link-status
17
This product is individually licensed and Copyright © 2005 ieMentor
ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab2: Layer 2 Switching Solutions
3550-CE4
interface FastEthernet0/8
switchport access vlan 67 <- service provider VLAN
switchport mode dot1q-tunnel
duplex full
speed 100
l2protocol-tunnel cdp
l2protocol-tunnel vtp
no cdp enable
To tag native VLAN (in addition to the customer VLANs), configure
the following:
3550-CE6(config)#vlan dot1q tag native
3550-CE6#SHO interfaces fastethernet 0/8 trunk
Port
Fa0/8
Port
Fa0/8
18
Mode
off
Encapsulation
negotiate
Status
not-trunking
Native vlan
1
Vlans allowed on trunk
67
Port
Fa0/8
Vlans allowed and active in management domain
67
Port
Fa0/8
Vlans in spanning tree forwarding state and not pruned
67
This product is individually licensed and Copyright © 2005 ieMentor
ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab2: Layer 2 Switching Solutions
3550-CE6#sho interfaces fastEthernet 0/8 switchport
Name: Fa0/8
Switchport: Enabled
Administrative Mode: tunnel
Operational Mode: tunnel
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 67 (VLAN0067)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
3550-CE6#show interfaces port-channel 1 trunk
Port
Po1
Port
Po1
Mode
on
Encapsulation
802.1q
Status
trunking
Native vlan
1
Vlans allowed on trunk
1-4094
Port
Vlans allowed and active in management domain
Po1
1,10,13,20-21,23,30-31,60,67,82,101102,110,123,230,240,300,600
Port
Vlans in spanning tree forwarding state and not pruned
Po1
1,10,13,20-21,23,30-31,60,67,82,101102,110,123,230,240,300,600
19
This product is individually licensed and Copyright © 2005 ieMentor
ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab2: Layer 2 Switching Solutions
CE1
interface Ethernet0/0.321
encapsulation dot1Q 321
ip address 3.2.1.1 255.255.255.0
no snmp trap link-status
!
interface Ethernet0/0.323
encapsulation dot1Q 323
ip address 3.2.3.1 255.255.255.0
no snmp trap link-status
3750-M
interface FastEthernet1/0/1
switchport access vlan 67
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
l2protocol-tunnel vtp
no cdp enable
3750-M-CE4(config)#vlan dot1q tag native
3750-M-CE4#sho interfaces fastEthernet 1/0/1 trunk
Port
Fa1/0/1
Port
Fa1/0/1
Port
Fa1/0/1
Mode
off
Encapsulation
negotiate
Status
not-trunking
Native vlan
1
Vlans allowed on trunk
67
Vlans allowed and active in management domain
67
Port
Vlans in spanning tree forwarding state and not pruned
Fa1/0/1
67
3750-M-CE4#
20
This product is individually licensed and Copyright © 2005 ieMentor
ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab2: Layer 2 Switching Solutions
3750-M-CE4#sho interfaces fastEthernet 1/0/1 switchport
Name: Fa1/0/1
Switchport: Enabled
Administrative Mode: tunnel
Operational Mode: tunnel
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 67 (VLAN0067)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
3750-M-CE4#sho interfaces port-channel 1 trunk
Port
Po1
Port
Po1
Mode
on
Encapsulation
802.1q
Status
trunking
Native vlan
1
Vlans allowed on trunk
1-299,301-599,601-4094
Port
Po1
Vlans allowed and active in management domain
1,10,13,20-21,23,30-31,60,67,82,101-102,110,123,240
Port
Po1
Vlans in spanning tree forwarding state and not pruned
1,10,13,20-21,23,30-31,60,67,82,101-102,110,123,240
CE1-RACK1#PING 3.2.1.8
Å CE8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.2.1.8, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/3/4 ms
21
This product is individually licensed and Copyright © 2005 ieMentor
ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab2: Layer 2 Switching Solutions
CE1-RACK1#PING 3.2.3.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.2.3.8, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/3/4 ms
CE1-RACK1#SHO ARP
Protocol Address
Internet 3.2.1.1
Internet 3.2.3.1
Internet 3.2.1.8
Internet 3.2.3.8
Age (min)
0
0
Hardware Addr
0030.8561.5d00
0030.8561.5d00
0009.7cd6.4700
0009.7cd6.4700
Type
ARPA
ARPA
ARPA
ARPA
Interface
Ethernet0/0.321
Ethernet0/0.323
Ethernet0/0.321
Ethernet0/0.323
CE1-RACK1#sho cdp ne de
------------------------Device ID: CE8-RACK1
Entry address(es):
IP address: 8.8.8.8
Platform: cisco 2651, Capabilities: Router Switch
Interface: Ethernet0/0, Port ID (outgoing port): FastEthernet0/0
Holdtime : 171 sec
Version :
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-TELCO-M), Version 12.3(15b), RELEASE
SOFTWARE (fc1)
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Thu 25-Aug-05 13:38 by ssearch
advertisement version: 2
VTP Management Domain: ''
Duplex: full
Power drawn: 4294967.294 Watts
3550-CE6(config)#system mtu 1508
Changes to the System MTU will not take effect until the next reload is
done.
Task 2.20:
3550-CE6(config)#no service password-recovery
Task 2.21:
interface FastEthernet0/15
switchport access vlan 230
spanning-tree bpdufilter enable
22
This product is individually licensed and Copyright © 2005 ieMentor
