CCNA Lab - Solution Rev1.0 Layer 2 Switching

ieMentor CCIE™ Service Provider Workbook v1.0 | Lab2: Layer 2 Switching Solutions Task 2.1: 3750-M-CE4(config)#vtp mode server Setting device to VTP SERVER mode 3750-M-CE4(config)#vtp domain ieMentor 3750-M-CE4#sho vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 1005 Number of existing VLANs : 21 VTP Operating Mode : Server VTP Domain Name : ieMentor VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x9D 0x13 0x41 0x03 0x6A 0xA3 0xCF 0x2B Configuration last modified by 172.16.1.250 at 3-1-93 11:08:59 Local updater ID is 172.100.1.1 on interface Vl1 (lowest numbered VLAN interface found) 3550-CE6(config)#vtp mode client Setting device to VTP CLIENT mode. 3550-CE6(config)#vtp domain ieMentor 3550-CE6#sho vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 1005 Number of existing VLANs : 21 VTP Operating Mode : Client VTP Domain Name : ieMentor VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xD6 0xAC 0x23 0xD9 0x5B 0xDC 0x6A 0xA1 Configuration last modified by 172.16.1.250 at 3-1-93 11:08:59 1 This product is individually licensed and Copyright © 2005 ieMentor http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab2: Layer 2 Switching Solutions Description example: 3550 interface FastEthernet0/4 description TO ASBR2-RACK1 -VLAN 240 switchport access vlan 240 switchport mode access duplex half ! interface FastEthernet0/3 description to PE3-RACK1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 13,23,31,123 switchport mode trunk Remember that all VLAN changes can be configured on the VTP server only. You won’t be able to make any changes on the client. 3750-M-CE4(config)#vlan 82 3750-M-CE4(config-vlan)#state active 3750-M-CE4(config-vlan)#name VLAN82_CE8 3750-M-CE4#sho vlan id 82 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------82 VLAN82_CE8 active Fa1/0/12, Po1 VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- -----82 enet 100082 1500 0 0 Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------interface FastEthernet0/8 description to CE8 - VLAN 82 switchport access vlan 82 switchport mode access duplex full speed 100 2 This product is individually licensed and Copyright © 2005 ieMentor http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab2: Layer 2 Switching Solutions Task 2.2: 3750-M-CE4 interface Port-channel1 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet1/0/13 description to 3550 switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode on ! interface FastEthernet1/0/14 description to 3550 switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode on 3550-CE6 interface Port-channel1 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/13 description To 3750-M switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode on ! interface FastEthernet0/14 description To 3750-M switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode on 3 This product is individually licensed and Copyright © 2005 ieMentor http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab2: Layer 2 Switching Solutions 3750-M-CE4#sho etherchannel detail Channel-group listing: ---------------------Group: 1 ---------Group state = L2 Ports: 2 Maxports = 8 Port-channels: 1 Max Port-channels = 1 Protocol: Ports in the group: ------------------Port: Fa1/0/13 -----------Port state Channel group Port-channel Port index = = = = Up Mstr In-Bndl 1 Mode = On/FEC Po1 GC = 0 Load = 0x00 Gcchange = Pseudo port-channel = Po1 Protocol = - Age of the port in the current state: 20d:14h:14m:22s Port: Fa1/0/14 -----------Port state Channel group Port-channel Port index = = = = Up Mstr In-Bndl 1 Mode = On/FEC Po1 GC = 0 Load = 0x00 Gcchange = Pseudo port-channel = Po1 Protocol = - Age of the port in the current state: 20d:14h:14m:23s Port-channels in the group: --------------------------Port-channel: Po1 -----------Age of the Port-channel = 20d:14h:14m:28s Logical slot/port = 10/1 Number of ports = 2 GC = 0x00000000 HotStandBy port = null Port state = Port-channel Ag-Inuse Protocol = Ports in the Port-channel: Index Load Port EC state No of bits ------+------+------+------------------+----------0 00 Fa1/0/13 On/FEC 0 0 00 Fa1/0/14 On/FEC 0 Time since last port bundled: 4 20d:14h:14m:23s Fa1/0/14 This product is individually licensed and Copyright © 2005 ieMentor http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab2: Layer 2 Switching Solutions 3550-CE6#sho etherchannel summary Flags: D - down P - in port-channel I - stand-alone s – suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator u - unsuitable for bundling w - waiting to be aggregated d - default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+---------------------------------------1 Po1(SU) - Fa0/13(P) Fa0/14(P) Task 2.3: This task expects you to utilize sub-interfaces with encapsulation dot1Q. This concept will be repeated throughout this lab. interface Ethernet0/0 no ip address full-duplex ! interface Ethernet0/0.20 description to PE2 -VLAN encapsulation dot1Q 20 ip address 172.16.20.254 ! interface Ethernet0/0.30 description to PE3 -VLAN encapsulation dot1Q 30 ip address 172.16.30.254 20 255.255.255.0 30 255.255.255.0 RR1-RACK1#sho cdp ne Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r – Repeater Device ID 3550-CE6 5 Local Intrfce Eth 0/0 Holdtme 152 Capability R S I Platform Port ID WS-C3550-2Fas 0/12 This product is individually licensed and Copyright © 2005 ieMentor http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab2: Layer 2 Switching Solutions On the switch, you need to configure a dot1q trunk on the interface going to RR1 and then allow the VLANs configured on RR1. 3550-CE6 interface FastEthernet0/12 description to RR switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,30 switchport mode trunk duplex full speed 10 Task 2.4: PE3 interface Ethernet0/0 no ip address half-duplex ! interface Ethernet0/0.13 description to CE1 - VLAN 13 encapsulation dot1Q 13 ip address 10.13.1.3 255.255.255.0 no snmp trap link-status ! interface Ethernet0/0.23 description to CE2 - VLAN 23 encapsulation dot1Q 23 no snmp trap link-status ! interface Ethernet0/0.30 description to RR - VLAN 30 encapsulation dot1Q 30 ip address 172.16.30.3 255.255.255.0 ! interface Ethernet0/0.31 description to PE1 - VLAN 31 encapsulation dot1Q 31 ip address 172.16.13.3 255.255.255.0 ! interface Ethernet0/0.123 description to PE2 - VLAN 123 encapsulation dot1Q 123 ip address 172.16.123.3 255.255.255.0 6 This product is individually licensed and Copyright © 2005 ieMentor http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab2: Layer 2 Switching Solutions 3550-CE6 interface FastEthernet0/3 description to PE3-RACK1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 13,23,31,123 switchport mode trunk Task 2.5: PE1 interface FastEthernet0/0 description to PE3 VLAN31 ip address 172.16.13.1 255.255.255.0 speed 100 full-duplex ! interface FastEthernet0/1 description to PE2 VLAN21 ip address 172.16.12.1 255.255.255.0 speed 100 full-duplex 3750 interface FastEthernet1/0/10 description To PE2 switchport access vlan 21 switchport mode access duplex full speed 100 ! interface FastEthernet1/0/11 description to PE1 switchport access vlan 31 switchport mode access duplex full speed 100 7 This product is individually licensed and Copyright © 2005 ieMentor http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab2: Layer 2 Switching Solutions Task 2.6: interface Ethernet0/0 no ip address half-duplex ! interface Ethernet0/0.20 description to RR - VLAN 20 encapsulation dot1Q 20 ip address 172.16.20.2 255.255.255.0 ! interface Ethernet0/0.21 description to PE1 - VLAN 21 encapsulation dot1Q 21 ip address 172.16.12.2 255.255.255.0 no snmp trap link-status ! interface Ethernet0/0.123 description to PE3 - VLAN 123 encapsulation dot1Q 123 ip address 172.16.123.2 255.255.255.0 PE2-RACK1#sho cdp ne Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r – Repeater Device ID BB1-RACK1 3750-M-CE4 Local Intrfce Eth 0/1 Eth 0/0 Holdtme 135 155 Capability R S S I Platform Port ID 2610 Eth 0/0 ME-C3750-2Fas 1/0/12 3750 interface FastEthernet1/0/12 description to PE2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20,21,82,123 switchport mode trunk duplex half speed 10 8 This product is individually licensed and Copyright © 2005 ieMentor http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab2: Layer 2 Switching Solutions Task 2.7: 3750-M-CE4 interface FastEthernet1/0/13 description to 3550 switchport trunk encapsulation dot1q switchport mode trunk duplex full Å Same as on 3550 Å Same as on 3550 speed 100 channel-group 1 mode on ! interface FastEthernet1/0/14 description to 3550 switchport trunk encapsulation dot1q switchport mode trunk duplex full Å Same as on 3550 Å Same as on 3550 speed 100 channel-group 1 mode on 3550-CE6(config)#spanning-tree mode pvst 3750-M-CE4(config)#spanning-tree mode pvst Task 2.8: Check the Port Channel rather than the physical port. 3750-M-CE4#sho interfaces port-channel 1 trunk Port Po1 Port Po1 9 Mode on Encapsulation 802.1q Status trunking Native vlan 1 Vlans allowed on trunk 1-4094 Port Po1 Vlans allowed and active in management domain 1,10,13,20-21,23,30-31,60,82,101-102,110,123,240,300,600 Port Po1 Vlans in spanning tree forwarding state and not pruned 1,10,13,20-21,23,30-31,60,82,101-102,110,123,240,300,600 This product is individually licensed and Copyright © 2005 ieMentor http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab2: Layer 2 Switching Solutions Task 2.9: 3750-M-CE4(config)#vtp password iem.com Setting device VLAN database password to iem.com 3550-CE6(config)#vtp password iem.com Setting device VLAN database password to iem.com 3550-CE6#sho vtp password VTP Password: iem.com 3550-CE6# 3750-M-CE4#sho vtp password VTP Password: iem.com 3750-M-CE4# Task 2.10: 3750-M-CE4(config)#monitor session 1 source vlan 13 , 23 3750-M-CE4(config)#monitor session 1 destination interface fastEthernet 1/0/4 ! 3750-M-CE4#sho monitor detail Session 1 --------Type : Local Session Source Ports : RX Only : None TX Only : None Both : None Source VLANs : RX Only : None TX Only : None Both : 13,23 Source RSPAN VLAN : None Destination Ports : Fa1/0/4 Encapsulation : Native Ingress : Disabled Filter VLANs : None Dest RSPAN VLAN : None Task 2.11: 3550-CE6(config)# monitor session 1 destination interface Fa0/18 3550-CE6(config)# monitor session 1 source remote vlan 123 10 This product is individually licensed and Copyright © 2005 ieMentor http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab2: Layer 2 Switching Solutions Task 2.12: All configured VLANs are allowed by default if no additional configuration for removing them exists. 3750-M-CE4#sho interfaces port-channel 1 trunk Port Po1 Port Po1 Port Po1 Mode on Encapsulation 802.1q Status trunking Native vlan 1 Vlans allowed on trunk 1-4094 Vlans allowed and active in management domain 1,10,13,20-21,23,30-31,60,82,101-102,110,123,240,300,600 Port Vlans in spanning tree forwarding state and not pruned Po1 1,10,13,20-21,23,30-31,60,82,101-102,110,123,240,300,600 3750-M-CE4# Disallow VLANs 10 and 110 from the trunk: 3750-M-CE4(config)#int port-channel 1 3750-M-CE4(config-if)#switchport trunk allowed vlan remove 10,110 Verify that VLANs 10 and 110 are not among those still allowed on the trunk: 3750-M-CE4#sho interfaces port-channel 1 trunk Port Po1 Port Po1 Mode on Encapsulation 802.1q Status trunking Native vlan 1 Vlans allowed on trunk 1-9,11-109,111-4094 Port Po1 Vlans allowed and active in management domain 1,13,20-21,23,30-31,60,82,101-102,123,240,300,600 Port Po1 Vlans in spanning tree forwarding state and not pruned 1,13,20-21,23,30-31,60,82,101-102,123,240,300,600 Verify that VLANs 10 and 110 are removed from trunk’s configuration: interface Port-channel1 switchport trunk encapsulation dot1q 11 This product is individually licensed and Copyright © 2005 ieMentor http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab2: Layer 2 Switching Solutions switchport trunk allowed vlan 1-9,11-109,111-4094 switchport mode trunk Task 2.13: This task will need to be re-configured in later Labs to allow other VLANs. 3750-M-CE4(config-if)#switchport trunk allowed vlan 250-299,301-599 3750-M-CE4#sho interfaces port-channel 1 trunk 3w0d: %SYS-5-CONFIG_I: Configured from console by console Port Po1 Port Po1 12 Mode on Encapsulation 802.1q Status trunking Native vlan 1 Vlans allowed on trunk 250-299,301-599 Port Po1 Vlans allowed and active in management domain Port Po1 Vlans in spanning tree forwarding state and not pruned This product is individually licensed and Copyright © 2005 ieMentor http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab2: Layer 2 Switching Solutions Task 2.14: 3550-CE6#sho interfaces fastEthernet 0/16 switchport Name: Fa0/16 Switchport: Enabled Administrative Mode: static access Operational Mode: static access Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: native Negotiation of Trunking: Off Access Mode VLAN: 230 (VLAN0230) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none interface FastEthernet0/15 description to User 1 switchport access vlan 230 switchport mode access switchport protected ! interface FastEthernet0/16 description to User 2 switchport access vlan 230 switchport mode access switchport protected 13 This product is individually licensed and Copyright © 2005 ieMentor http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab2: Layer 2 Switching Solutions Verify that the configuration changes took effect. 3550-CE6#sho interfaces fastEthernet 0/16 switchport Name: Fa0/16 Switchport: Enabled Administrative Mode: static access Operational Mode: static access Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: native Negotiation of Trunking: Off Access Mode VLAN: 230 (VLAN0230) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: true Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none Task 2.15: interface FastEthernet0/15 description to User 1 switchport access vlan 230 switchport mode access switchport port-security switchport port-security mac-address sticky switchport port-security aging static switchport port-security mac-address sticky 0000.0100.1141 switchport port-security mac-address sticky 0000.0200.2050 14 This product is individually licensed and Copyright © 2005 ieMentor http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab2: Layer 2 Switching Solutions 3550-CE6#sho port-security address Secure Mac Address Table -----------------------------------------------------------------------Vlan Mac Address Type Ports Remaining Age (mins) --------------------------------230 0000.0100.1141 SecureSticky Fa0/15 230 0000.0200.2050 SecureSticky Fa0/15 -----------------------------------------------------------------------Total Addresses in System (excluding one mac per port) : 1 Max Addresses limit in System (excluding one mac per port) : 5120 Task 2.16: 3550 switchport port-security aging time 1 3550-CE6#sho port-security Port Security Port Status Violation Mode Aging Time Aging Type SecureStatic Address Aging Maximum MAC Addresses Total MAC Addresses Configured MAC Addresses Sticky MAC Addresses Last Source Address:Vlan Security Violation Count interface fastEthernet 0/15 : Enabled : Secure-down : Shutdown : 1 mins : Absolute : Enabled : 2 : 2 : 0 : 2 : 0000.0000.0000:0 : 0 Task 2.17: To protect against the CAM table-overflow attack, limit the amount of MAC addresses that can be learned on a switch port. switchport port-security maximum 2 15 This product is individually licensed and Copyright © 2005 ieMentor http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab2: Layer 2 Switching Solutions 3550-CE6#sho port-security interface fastEthernet 0/15 Port Security : Enabled Port Status : Secure-down Violation Mode : Shutdown Å default when port security is enabled Aging Time Aging Type SecureStatic Address Aging Maximum MAC Addresses Total MAC Addresses Configured MAC Addresses Sticky MAC Addresses Last Source Address:Vlan Security Violation Count : : : : : : : : : 1 mins Absolute Enabled 2 2 0 2 0000.0000.0000:0 0 Task 2.18: access-list snmp-server snmp-server snmp-server snmp-server snmp-server snmp-server snmp-server snmp-server 1 permit 172.16.1.0 community iempublic RO 1 community iemprivate RW 1 chassis-id 3750-M enable traps port-security enable traps vlancreate enable traps vlandelete enable traps MAC-Notification host 172.16.1.1 public port-security MAC-Notification 3750-M-CE4#sho snmp Chassis: 3750-M SNMP logging: enabled Logging to 172.16.1.1.162, 0/10, 0 sent, 0 dropped. SNMP agent enabled 3750-M-CE4# 16 This product is individually licensed and Copyright © 2005 ieMentor http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab2: Layer 2 Switching Solutions Task 2.19: For this task, you need understand many components of Layer 2 tunnelling. To accomplish this task, first re-configure 3550 and 3750 ports that are facing CE8 and CE1 to accept CEs’ VLANs in the QinQ mode and transport them in the newly allocated service provider VLAN. To allow packets of 1500 bytes to be transported between 3550 and 3750-M, you will need to increase the system MTU to accommodate those extra 8 bytes: 4 dot1Q bytes and 4 bytes for the second label. Because MTU changes on a switch cannot be made per interface, the system MTU change will affect the entire core. When dot1Q tunnelling is enabled, the switches automatically disable CDP and VTP tunnelling for the interfaces facing the CEs. Our goal is to enable CDP and VTP tunnelling, so that CE1 and CE8 appear directly connected to one another. Additional commands will need to be configured to accommodate this requirement. CE8 interface FastEthernet0/0 description to PE2 - VLAN 82 no ip address speed 100 full-duplex ! interface FastEthernet0/0.321 encapsulation dot1Q 321 ip address 3.2.1.8 255.255.255.0 no snmp trap link-status ! interface FastEthernet0/0.323 encapsulation dot1Q 323 ip address 3.2.3.8 255.255.255.0 no snmp trap link-status 17 This product is individually licensed and Copyright © 2005 ieMentor http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab2: Layer 2 Switching Solutions 3550-CE4 interface FastEthernet0/8 switchport access vlan 67 [...]... management domain 1,10,13 ,2 0 -2 1 ,23 ,3 0-3 1,60,67, 82, 10 1-1 02, 110, 123 ,24 0 Port Po1 Vlans in spanning tree forwarding state and not pruned 1,10,13 ,2 0 -2 1 ,23 ,3 0-3 1,60,67, 82, 10 1-1 02, 110, 123 ,24 0 CE1-RACK1#PING 3 .2. 1.8 Å CE8 Type escape sequence to abort Sending 5, 100-byte ICMP Echos to 3 .2. 1.8, timeout is 2 seconds: !!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 1/3/4 ms 21 This product is individually... 1,10,13 ,2 0 -2 1 ,23 ,3 0-3 1,60,67, 82, 1011 02, 110, 123 ,23 0 ,24 0,300,600 Port Vlans in spanning tree forwarding state and not pruned Po1 1,10,13 ,2 0 -2 1 ,23 ,3 0-3 1,60,67, 82, 1011 02, 110, 123 ,23 0 ,24 0,300,600 19 This product is individually licensed and Copyright © 20 05 ieMentor http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab2 : Layer 2 Switching Solutions CE1 interface Ethernet0/0. 321 encapsulation dot1Q 321 ip address... trunking Native vlan 1 Vlans allowed on trunk 1-9 ,1 1-1 09,11 1-4 094 Port Po1 Vlans allowed and active in management domain 1,13 ,2 0 -2 1 ,23 ,3 0-3 1,60, 82, 10 1-1 02, 123 ,24 0,300,600 Port Po1 Vlans in spanning tree forwarding state and not pruned 1,13 ,2 0 -2 1 ,23 ,3 0-3 1,60, 82, 10 1-1 02, 123 ,24 0,300,600 Verify that VLANs 10 and 110 are removed from trunk’s configuration: interface Port-channel1 switchport trunk encapsulation... | Lab2 : Layer 2 Switching Solutions Task 2. 12: All configured VLANs are allowed by default if no additional configuration for removing them exists 3750-M-CE4#sho interfaces port-channel 1 trunk Port Po1 Port Po1 Port Po1 Mode on Encapsulation 8 02. 1q Status trunking Native vlan 1 Vlans allowed on trunk 1-4 094 Vlans allowed and active in management domain 1,10,13 ,2 0 -2 1 ,23 ,3 0-3 1,60, 82, 10 1-1 02, 110, 123 ,24 0,300,600... Copyright © 20 05 ieMentor http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab2 : Layer 2 Switching Solutions switchport trunk allowed vlan 1-9 ,1 1-1 09,11 1-4 094 switchport mode trunk Task 2. 13: This task will need to be re-configured in later Labs to allow other VLANs 3750-M-CE4(config-if)#switchport trunk allowed vlan 25 0 -2 99,30 1-5 99 3750-M-CE4#sho interfaces port-channel 1 trunk... encapsulation dot1Q 321 ip address 3 .2. 1.1 25 5 .25 5 .25 5.0 no snmp trap link-status ! interface Ethernet0/0. 323 encapsulation dot1Q 323 ip address 3 .2. 3.1 25 5 .25 5 .25 5.0 no snmp trap link-status 3750-M interface FastEthernet1/0/1 switchport access vlan 67 switchport mode dot1q-tunnel l2protocol-tunnel cdp l2protocol-tunnel vtp no cdp enable 3750-M-CE4(config)#vlan dot1q tag native 3750-M-CE4#sho interfaces fastEthernet... pruned Po1 1,10,13 ,2 0 -2 1 ,23 ,3 0-3 1,60, 82, 10 1-1 02, 110, 123 ,24 0,300,600 3750-M-CE4# Disallow VLANs 10 and 110 from the trunk: 3750-M-CE4(config)#int port-channel 1 3750-M-CE4(config-if)#switchport trunk allowed vlan remove 10,110 Verify that VLANs 10 and 110 are not among those still allowed on the trunk: 3750-M-CE4#sho interfaces port-channel 1 trunk Port Po1 Port Po1 Mode on Encapsulation 8 02. 1q Status trunking... interface FastEthernet0/0 description to PE2 - VLAN 82 no ip address speed 100 full-duplex ! interface FastEthernet0/0. 321 encapsulation dot1Q 321 ip address 3 .2. 1.8 25 5 .25 5 .25 5.0 no snmp trap link-status ! interface FastEthernet0/0. 323 encapsulation dot1Q 323 ip address 3 .2. 3.8 25 5 .25 5 .25 5.0 no snmp trap link-status 17 This product is individually licensed and Copyright © 20 05 ieMentor http://www.iementor.com... switchport port-security switchport port-security mac-address sticky switchport port-security aging static switchport port-security mac-address sticky 0000.0100.1141 switchport port-security mac-address sticky 0000. 020 0 .20 50 14 This product is individually licensed and Copyright © 20 05 ieMentor http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab2 : Layer 2 Switching Solutions 3550-CE6#sho... snmp-server snmp-server snmp-server snmp-server snmp-server 1 permit 1 72. 16.1.0 community iempublic RO 1 community iemprivate RW 1 chassis-id 3750-M enable traps port-security enable traps vlancreate enable traps vlandelete enable traps MAC-Notification host 1 72. 16.1.1 public port-security MAC-Notification 3750-M-CE4#sho snmp Chassis: 3750-M SNMP logging: enabled Logging to 1 72. 16.1.1.1 62, 0/10, 0 sent, ... Ethernet0/0 .20 description to RR - VLAN 20 encapsulation dot1Q 20 ip address 1 72. 16 .20 .2 255 .25 5 .25 5.0 ! interface Ethernet0/0 .21 description to PE1 - VLAN 21 encapsulation dot1Q 21 ip address 1 72. 16. 12. 2... address 1 72. 16. 12. 2 25 5 .25 5 .25 5.0 no snmp trap link-status ! interface Ethernet0/0. 123 description to PE3 - VLAN 123 encapsulation dot1Q 123 ip address 1 72. 16. 123 .2 255 .25 5 .25 5.0 PE2-RACK1#sho cdp... management domain 1,10,13 ,20 -21 ,23 ,30-31,60, 82, 101-1 02, 110, 123 ,24 0,300,600 Port Po1 Vlans in spanning tree forwarding state and not pruned 1,10,13 ,20 -21 ,23 ,30-31,60, 82, 101-1 02, 110, 123 ,24 0,300,600 This