LACP with STP Sim
Question
You work for SWITCH.com. They have just added a new switch (SwitchB) to the existing network as shown in the topology diagram.
RouterA is currently configured correctly and is providing the routing function for devices on SwitchA and SwitchB. SwitchA is currently configured correctly, but will need to be modified to support the addition of SwitchB. SwitchB has a minimal configuration. You have been tasked with competing the needed configuring of SwitchA and SwitchB. SwitchA and SwitchB use Cisco as the enable password.
Configuration Requirements for SwitchA
– The VTP and STP configuration modes on SwitchA should not be modified.
– SwitchA needs to be the root switch for vlans 11, 12, 13, 21, 22 and 23. All other vlans should be left are their default values.
Configuration Requirements for SwitchB
– Vlan 21, Name: Marketing, will support two servers attached to fa0/9 and fa0/10
– Vlan 22, Name: Sales, will support two servers attached to fa0/13 and fa0/14
– Vlan 23, Name: Engineering, will support two servers attached to fa0/15 and fa0/16
– Access ports that connect to server should transition immediately to forwarding state upon detecting the connection of a device.
– SwitchB VTP mode needs to be the same as SwitchA.
– SwitchB must operate in the same spanning tree mode as SwitchA.
– No routing is to be configured on SwitchB.
– Only the SVI vlan 1 is to be configured and it is to use address 192.168.1.11/24.
Inter-switch Connectivity Configuration Requirements:
– For operational and security reasons trunking should be unconditional and Vlans 1, 21, 22 and 23 should tagged when traversing the trunk link.
– The two trunks between SwitchA and SwitchB need to be configured in a mode that allows for the maximum use of their bandwidth for all vlans. This mode should be done with a non-proprietary protocol, with SwitchA controlling activation.
– Propagation of unnecessary broadcasts should be limited using manual pruning on this trunk link.
Note: There is a requirement that the trunk between SwitchA and SwitchB must be configured under physical interfaces, not logical port-channel interface
Answer and Explanation:
We post the initial configuration of Sw-A & Sw-B here for your reference, you can try solving this sim by yourself before reading the asnwers below:
Initial Configuration (useless lines have been removed)
| SwA: hostname Sw-A ! vtp mode transparent ! spanning-tree mode rapid-pvst ! vlan 98 ! vlan 99 name TrunkNative ! interface FastEthernet0/1 switchport access vlan 98 switchport mode access ! interface FastEthernet0/3 switchport access vlan 98 switchport mode access ! interface FastEthernet0/4 switchport access vlan 98 switchport mode access ! interface Vlan1 no ip address shutdown ! end |
Sw-B: hostname Sw-B ! vtp mode server ! spanning-tree mode pvst ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface Vlan1 no ip address shutdown ! ip default-gateway 192.168.1.1 ! end |
Solution
SW-A (close to router)
Note: If Sw-A does not have Vlan 11, 12, 13 we have to create them first with command “SW-A(config)#vlan 11,12,13”
SW-A(config)#vlan 21
SW-A(config)#vlan 22
SW-A(config)#vlan 23
SW-A(config)#spanning-tree vlan 11-13,21-23 root primary
SW-A(config)#interface range fa0/3 – 4
SW-A(config-if)#no switchport mode access
SW-A(config-if)#no switchport access vlan 98 (These two commands must be deleted to form a trunking link)
SW-A(config-if)#switchport trunk encapsulation dot1q
SW-A(config-if)#switchport mode trunk
SW-A(config-if)#switchport trunk native vlan 99
SW-A(config-if)#switchport trunk allowed vlan 1,21-23
SW-A(config-if)#channel-group 1 mode active
SW-A(config-if)#channel-protocol lacp
SW-A(config-if)#no shutdown
Note: In practical when you apply commands under “interface port-channel 1”, the same commands will be automatically applied to the physical member interfaces (of port-channel 1) so you don’t need to type them under physical member interfaces again. But in this exam you should configure everything under physical interfaces as there is a requirement to do so.
——————————————————————————————–
SW-B (far from router)
SW-B(config)#vlan 21
SW-B(config-vlan)#name Marketing
SW-B(config-vlan)#exit
SW-B(config)#vlan 22
SW-B(config-vlan)#name Sales
SW-B(config-vlan)#exit
SW-B(config)#vlan 23
SW-B(config-vlan)#name Engineering
SW-B(config-vlan)#exit
SW-B(config)#vlan 99
SW-B(config-vlan)#name TrunkNative // not necessary to name it but just name it same as SwitchA
SW-B(config-vlan)#exit
SW-B(config)#interface range fa0/9 – 10
SW-B(config-if-range)#switchport mode access
SW-B(config-if-range)#switchport access vlan 21
SW-B(config-if-range)#spanning-tree portfast
SW-B(config-if-range)#no shutdown
SW-B(config-if-range)#exit
SW-B(config)#interface range fa0/13 – 14
SW-B(config-if-range)#switchport mode access
SW-B(config-if-range)#switchport access vlan 22
SW-B(config-if-range)#spanning-tree portfast
SW-B(config-if-range)#no shutdown
SW-B(config-if-range)#exit
SW-B(config)#interface range fa0/15 – 16
SW-B(config-if-range)#switchport mode access
SW-B(config-if-range)#switchport access vlan 23
SW-B(config-if-range)#spanning-tree portfast
SW-B(config-if-range)#no shutdown
SW-B(config-if-range)#exit
SW-B(config)#vtp mode transparent
SW-B(config)#spanning-tree mode rapid-pvst //Same as Sw-A
SW-B(config)#ip default-gateway 192.168.1.1 (you can get this IP from SW-A with command show cdp neighbour detail) // not sure about this command because the question says “No routing is to be configured on SwitchB”.
SW-B(config)#interface vlan 1
SW-B(config-if)#ip address 192.168.1.11 255.255.255.0
SW-B(config-if)#no shutdown
SW-B(config-if)#exit
SW-B(config)#interface range fa0/3 – 4
SW-B(config-if)#switchport trunk encapsulation dot1q
SW-B(config-if)#switchport mode trunk
SW-B(config-if)#switchport trunk native vlan 99 //this command will prevent the “Native VLAN mismatched” error on both switches
SW-B(config-if)#switchport trunk allowed vlan 1,21-23
SW-B(config-if)#channel-group 1 mode passive //mode passive because “SwitchA controlling activation”
SW-B(config-if)#channel-protocol lacp
SW-B(config-if)#no shutdown
Note: For Sw-B we have to set the 802.1q trunking protocol (switchport trunk encapsulation dot1q) before converting it into a trunk because it is a 3500 series (or higher) switch which supports both ISL and 802.1Q and we have to explicitly set which trunking protocol to be used. Sw-A is a 2900x series (or lower) switch and does not support ISL trunking protocol (802.1Q is the only supported trunking protocol) so we can apply “switchport mode trunk” directly.
———————————————————
Some guidelines for configuring SwitchA & SwitchB:
Configuration Requirements for SwitchA
| – The VTP and STP configuration modes on SwitchA should not be modified. – SwitchA needs to be the root switch for vlans 11, 12, 13, 21, 22 and 23. All other vlans should be left are their default values |
SW-A(config)#spanning-tree vlan 11-13,21-23 root primary |
Configuration Requirements for SwitchB
| – Vlan 21, Name: Marketing, will support two servers attached to fa0/9 and fa0/10 – Vlan 22, Name: Sales, will support two servers attached to fa0/13 and fa0/14 – Vlan 23, Name: Engineering, will support two servers attached to fa0/15 and fa0/16 – Access ports that connect to server should transition immediately to forwarding state upon detecting the connection of a device. |
vlan … name … (VLANs must be created on both switches if not exist) interface range fa0/x – y switchport mode access switchport access vlan spanning-tree portfast |
| – SwitchB VTP mode needs to be the same as SwitchA. | vtp mode transparent |
| – SwitchB must operate in the same spanning tree mode as SwitchA. | spanning-tree mode rapid-pvst |
| – No routing is to be configured on SwitchB. – Only the SVI vlan 1 is to be configured and it is to use address 192.168.1.11/24. |
interface vlan 1 ip address 192.168.1.11 255.255.255.0 |
Inter-switch Connectivity Configuration Requirements:
| – For operational and security reasons trunking should be unconditional and Vlans 1, 21, 22 and 23 should tagged when traversing the trunk link. – The two trunks between SwitchA and SwitchB need to be configured in a mode that allows for the maximum use of their bandwidth for all Vlans. This mode should be done with a non-proprietary protocol, with SwitchA controlling activation. – Propagation of unnecessary broadcasts should be limited using manual pruning on this trunk link. |
SW-A(config)#interface range fa0/3 – 4 SW-A(config-if)#no switchport mode access SW-A(config-if)#no switchport access vlan 98 Note: Two above commands must be deleted first to form a trunking link. Although the first requirement asks us to configure trunking but we can ignore this task because we only need to configure trunking under their Port-channel (in the next task) – The two trunks between SwitchA and SwitchB need to be configured in a mode that allows for the maximum use of their bandwidth for all Vlans: |
Some notes for this sim:
+ You should check the initial status of both switches with these commands: show vtp status (transparent mode on SwitchA and we have to set the same mode on SwitchB), show spanning-tree [summary] (rapid-pvst mode on SwitchA and we have to set the same mode on SwitchB), show vlan (check the native vlan and the existence of vlan99), show etherchannel 1 port-channel and show ip int brief (check if Port-channel 1 has been created and make sure it is up), show run (to check everything again).
+ When using “int range f0/x – y” command hit space bar before and after “-” otherwise the simulator does not accept it.
+ You must create VLAN 99 for the SwitchB. SwitchA already has VLAN 99 configured.
+ At the end, you can try to ping from SwitchB to RouterA (you can get the IP on RouterA via the show cdp neighbors detail on SwitchA), not sure if it can ping or not. If not, you can use the “ip default-gateway 192.168.1.1” on SwitchB.
+ The name of SwitchA and SwitchB can be swapped or changed so be careful to put your configuration into appropriate switch.
Other lab-sims in this site:
MLS and EIGRP Sim
VTP Lab 2
VTP Lab
Spanning Tree Lab Sim
AAAdot1x Lab Sim
Doesn’t it require adding native vlan (VLAN99) in trunk; after all it is management vlan
with regards to the sticky question:
The question says : ” ….after the PC is moved, port security is cleared on new port”.
that means when pc connected, the old port was still using the mac in the configuration. see example from GNS3:
interface Ethernet0/0
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0050.7966.6802
duplex auto
after the pc is moved, the admin removes the port-security command from the new interface, but the sticky command is still there:
!
interface Ethernet0/3
switchport mode access
switchport port-security mac-address sticky
duplex auto
so what does that mean for the answers. correct answers are:
port security sticky exists on the new network switch port
port security sticky is still enabled on the older network switch port
the rest of the answers don’t make sense. let’s check:
port security sticky is disabled on the new network switch port ? no it’s not. command is still there.
port security must be disabled on all access ports ? why ???? doesn’t make sense.
port security is still enabled on the older network switch port ? it can be, but it’s all about the sticky part that makes the new port go into err-disabled state.
IOU3#sh port-security interface e0/3
Port Security : Disabled
Port Status : Secure-shutdown
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0050.7966.6802:1
Security Violation Count : 1
does anyone have packet tracer similar file..
Regarding the native 99 or native 1 debate.
The task says “Vlans 1, 21, 22 and 23 should tagged”
That can be achieved in two ways:
-Change native vlan to something else (like 99 above)
-Use the “vlan dot1q tag native” in global config mode to tag native vlan on both switches
But of course first make sure the native vlan is the same on both switches.
The tag native option is only in that case if you would like to keep Vlan1 as native
Sim is valid, but during my exam all ports of SWB were down. Anyone experienced the same? I passed the exam with 8XX.
@vlad
Yes, I had the same ports down.
And btw no native mismatch (like in earlier versions), so the only reason I had to change native vlan was because of the task to send VLAN1 as tagged over the trunk.
I passed yesterday with 825points CCNP Switch, from LABS in exam was this LAB edhe AAAdot1x LAB
Does anyone have the latest dumps for Switch.
Is the command
Switch A(config)# default interface range fa0/3-4
valid?
Thanks for the answer.
Does anyone have the latest dumps for Switch
I have a question about the communication between SWITCH B and Router.
The SWITCH A fa0/1 and Router f0/0 were configured as access vlan 98 and SWITCH A is not Router.
How can SWITCH B (vlan 1) get a connection with Router?
Thanks for the answer.
I passed today successfully
I have been asked for this LAB LACP with STP
All is right, I did it like this site.
No ip routing command is needed
At the end
show ip inter brief
the ether channel was UP
And i could ping the router: 192.168.1.1
it was part of my exam today…
INSTATNT DOWNLOAD here
200-125 CCNA = 486
100-105 ICND1 = 347
200-105 ICND2 = 268
300-101 ROUTE = 146 SP0T0
300-115 SWITCH = 831
300-135 TSHOOT = 101
400-101 WRITTEN = 248
Copy below link:
http://www.yumpu.com/xx/embed/view/fkSIdylaC9co2z7v
if it says configure the port channel on the physical interface they dont want you to configure anything on the port channel, however ive seen that the only way to get rid of the native vlan mismatch error is to configure the native vlan on po1.
Can someone clarify?
In real exam does these labs get you partial points or do you have to have the entire lab correct?
I found some chatters on Google that you do get partial points, just want to confirm. Can anyone confirm that here? thanks.
Same here @sancho. I am assuming simply follow the lab for now. In real world, you will configure the port channel first anyway and ports part of that channel will automatically apply anything on that port channel. At least that’s what I found out.