TASKS
Task are:
TASK 1 -> OSPF
swithes Among the core and distribution switches you ospf, with the following loopback interfaces configured: 3.3.3.3/24, 4.4. 4.4/24, 5.5.5.5/24, 6.6.6.6/24
TASK 2 -> EtherChannel
L3/L2 L3 EtherChannel between the two core switches, and L2 Etherchannel between the two Distribution Switches
TASK 3 -> VLAN
We have 4 vlan, run by MST, and includes:
-VLAN 150 (voice VLAN) and 90 (data VLANs) that have as Route Bridge
S3-VLAN 100 (web server) and 97 (untagged) which have the Bridge Route S4
TASK 4 -> Default Gateway Redundancy HSRP Redundancy
default-gateway: the creation of two HSRP groups, the group 150 which has the active router S4, S3 standby (default gateway for VLAN 100 to 97) and the group 100 which has the active router S3, S4 standby mode (default gateway for VLAN 150 and 90)
TASK 5 -> IP SLA
IP SLA with S3 and S4 which controls S3 S4 which controls TASK 6 -> Port Security Configuration
 port-security, with 2 switch that allows only 3 1 mac and switches that allows up to 5 mac
  port-security, with 2 switch that allows only 3 1 mac and switches that allows up to 5 mac TASK 7 -> DHCP Server DHCP Server
for VLANs 100 and 150 there are two DHCP servers
TASK 2 -> ETEHRCHANNEL There are two types of etherchanel: a level 2 and level 3.
EtherChannel Layer 3
 are usually configured when you have a multilayer switch core connected to a distribution of multilayer switches. In this secnario you can think of "putting together" multiple interfaces in order to have redundancy in the connection between the two devices and increase the available bandwidth.
 are usually configured when you have a multilayer switch core connected to a distribution of multilayer switches. In this secnario you can think of "putting together" multiple interfaces in order to have redundancy in the connection between the two devices and increase the available bandwidth.  L3 Etherchannel configuration:
S5 (config) # interface port-channel 1 S5 (config-if) # no switchport
/ / E 'in effect a interface layer 3, so I have an IP address asseganre S5 (config-if) # no switchport S5 (config-if) # ip address 172.0.0.1 255.255.255.0
/ / selection interface that will be part of 1 PortChannel S5 (config) # interface range fastethernet 0 / 0 to 1 S5 (config-if-range) # no switchport
/ Association / port-channel physical interface. Clearly, in order to form the 'EtherChannel must be set so that the appropriate mode (LACP or PAgP) S5 (config-if-range) # channel-group 1 mode on
S6 (config) # interface port-channel 1
S6 (config-if) # no switchport
/ / selection interface that will be part of a PortChannel
S6 (config) # interface range fastethernet 0 / 0 to 1
S6 (config-if-range) # no switchport
/ Association / port-channel physical interface. Clearly, in order to form the 'EtherChannel must be set so that the appropriate mode (LACP or PAgP)
S6 (config-if-range) # channel-group 1 mode on
 
  L2 Etherchannel configuration :
In this case, redundancy and increased bandwidth you have level 2, or "aggregate" two level-2 interface. In general L2 can aggregate up to a maximum of eight interfaces, you can do load-balancing, have advantages in the management the STP. Port Channel to form the two possible protocols are: LACP (802.3ad) and PAgP (Cisco).
/ / Create the port-channel
S3 (config) # interface range fastethernet 0 / 3 - 4
S3 (config-if-range) # channel-group 2 mode active
/ / The port-chanel 2 I consider as a level 2 interface, and as such will support the vlan interface, the configuration mode trunk S3 (config) # interface port-channel 2
S3 (config-if) # switchport mode trunk
S3 (config-if) # switchport trunk native vlan 97
/ / The same for S4 / / Create the port-channel
S4 (config) # interface range fastethernet 0 / 3 - 4
S4 (config-if-range) # channel-group 2 mode active
/ / The port-2 chanel regard it as a level 2 interface, and as such will support the vlan interface, the configuration mode trunk S4 (config) # interface port-channel 2
S4 (config-if) # switchport mode trunk
S4 (config-if) # switchport trunk native vlan 97
1) Layer 2: SETTING TRUNK / ACCESS PORT
• Due to the presence of the vlan and the need to make them communicate with each other, I have to apply on the links of the protocols that support the creation and transmission of packets properly tagged according to the VLAN membership. • Using the protocol
802.1qe create this trunk and asked where I create the access port
TASK 3 -> MSTP
The scenario requires the use of Multiple Spanning Tree Protocol. With this protocol we create an instance of the groups and within each instance associated with one or more VLANs. Benefits
 MST (802.1s): if I used the 802.1q STP, there would be a stp instance for all VLANs, so the two links used by the access switch to the distribution switch, only one would be used as la'ltro in blocking mode.  With Multiple Spanning Tree Protocol is said to create more such 'instances for each instance of STP and include one or more' vlan. I remember that the STP is used only to prevent loops at Layer 2. Using the Multiple Spanning Tree, you can create, for example in our case, two logical topologies in order to exploit all the available links and have no links unused.
 MST (802.1s): if I used the 802.1q STP, there would be a stp instance for all VLANs, so the two links used by the access switch to the distribution switch, only one would be used as la'ltro in blocking mode.  With Multiple Spanning Tree Protocol is said to create more such 'instances for each instance of STP and include one or more' vlan. I remember that the STP is used only to prevent loops at Layer 2. Using the Multiple Spanning Tree, you can create, for example in our case, two logical topologies in order to exploit all the available links and have no links unused. • Put all the switches in transparent mode and on each one I create vlans 150, 90, 100, 97
S1 (config) # vtp mode transparent
S1 (config) # vlan 150
S1 (config) 90
# vlan S1 (config) # vlan 100
S1 (config) # vlan 97
S2 (config) # vtp mode transparent
S2 (config) # vlan 150
S2 (config) # vlan 90 S2 (config) # vlan 100
S2 (config) # vlan 97
S3 (config) # vtp mode transparent
S3 (config) # vlan 150 S3 (config) # vlan 90
S3 (config) # vlan 100 S3 (config) # vlan 97
S4 (config) # vtp mode transparent
S4 (config) # vlan 150
S4 (config) # vlan 90
S4 (config) # vlan 100
S4 (config) # vlan 97
• Currently there is no protocol to propagate this info (as in vtp example)
• Necessarily then you must configure MST on each switch. The steps are: 1
. Enabling MST on switches:
S1 (config) # spanning-tree mode mst
S2 (config) # spanning-tree mode mst
S3 (config) # spanning-tree mode mst
S4 (config) # spanning-tree mode mst
2. Enter config mode in MST:
S (config) # spanning-tree mst configuration
S1 (config) # spanning-tree mst configuration
S2 (config) # spanning-tree mst configuration
S3 (config) # spanning-tree mst configuration
S4 (config) # spanning-tree mst configuration
3. Give the name of the MST region:
S (config-mst) # name name
S1 (config-mst) # name Lab
S2 (config-mst) # name Lab
S3 (config-mst) # name Lab
S4 (config-mst) # name Lab
4. Assign a configuration number to the MST region:
S (config-mst) # revision version
S1 (config-mst) # revision 1
S2 (config-mst) # revision 1
S3 (config-mst) # revision 1
S4 (config-mst) # revision 1
5. VLAN and instance mapping. In our case vlan 150, instance 1 vlan 90 with 100, 97 with 2 instance
S1 (config-mst) # instance 1 vlan 150, 90
S1 (config-mst) # instance 2 van 10, 97
S2 ( config-mst) # instance 1 vlan 150, 90
S2 (config-mst) # instance 2 van 10, 97
S3 (config-mst) # instance 1 vlan 150, 90
S3 (config-mst) # instance 2 van 10, 97
S4config-mst) # instance 1 vlan 150, 90
S4config-mst) # instance 2 van 10, 97
6. Select I root for the various departments, in this case because the request was to have as a root for vlan 150 S3 and S4 as 90 and root for vlan 10, 97:
S (config) # spanning-tree mst instance- id root primary
S3 (config) # spanning-tree mst 1 root primary
S3 (config) # spanning-tree mst 2 root secondary
S4 (config) # spanning-tree mst 2 root primary
S4 (config) # spanning-tree mst 1 root secondary
This way I get two logical topologies in 2 completely different.
INTERVLAN ROUTING
E 'clear intervlan this transmission should be allowed and then I will use the SVI.
• Using SVI, the two multilayer switches S3 and S4 has been made in step 2 during the configuration of 'HSRP.
Task 4 -> HSRP default gateway redundancy-
• I have four VLANs and each have a different subnet:
(S3) vlan 150 -> 172.16.0.0 / 28
( S4) vlan 100 -> 172.16.0.64 / 28
• The two mls distribution will take care of routing intervlan. I apply development, according to this scheme that I have to confirm it is true or not:
S3 -> 172.16.0.0 VLAN 150 / 28 (default gateway: 172.16.0.1)
S4 -> VLAN 100 172.16.0.64 / 28 (default gateway: 172.16.0.65)
• Thinking that I should now I HSRP integrate with SVI in the sense that: as has been developed until now that I physically siwtchare SVI for VLAN 150 traffic is on S3. If I implement HSRP and VLAN index for this, S3 as "Active Router and S4 as backup router must implement SVI for vlan 150 featured in s4? It
• Side HSRP diagram above is respected, that you need:
Group 150 -> Active Router S3, S4
Group Backup router 100 -> Active Router S4, S3
• Backup router configuration HSRP S3 (config) # interface vlan 150
S3 (config-if) # 172.16.0.2 255.255.255.0
S3 (config-if) # standby 150 priority 200
S3 (config-if) # standby ip 172.16.0.1
/ / (ip virtual subnet must belong to the same virtual interface "150", but should have two distinct addresses)
S3 (config) # interface vlan 100
S3 (config-if) # standby priority 100 150
S3 (config-if) # standby ip 255.255.255.0 172.16.0.66
S3 (config-if) # standby 100 priority 200 S3 (config-if) # standby ip 172.16.0.65
S4 (config ) # interface vlan 100
S4 (config-if) # standby priority 100 200
S4 (config-if) # standby ip 172.16.0.65
S4 (config) # interface vlan 100
S4 (config-if) # standby 150 priority 150
S4 (config-if) # standby ip 172.16.0.1
Task 5 -> IP SLA: Service Level Agreement
Network Management Tool used for, or verify that the network is working properly for example.
With IP SLA is an agreement between the service provider and the company holds a network, quality of service provided by the service provider and perceived by the user.
The network administrator can monitor the network, and verify that the agreement is ripsettato ISP, or track to intervene proactively to potential problems of the network. IP SLA measures are:
-jitter, latency, packet loss
-RTT, Round Trip Time
IP SLA configuration implies the configuration of a source that monitors and another device configured as a responder who is "monitored".
The device that acts as IP SLA Source sends probe to which the responder must clearly respond. These probes are then used to calculate the measures deiderate (jitter, RTT, packet loss etc)
The responder can be qualiasi IP system, but if it is a Cisco device properly set as responders, the measure will be more accurate.
Before starting the actual measurement relished there is a scmbio of info between source and responder referred to as IP SLA Control Protocol (UDP port 1967).
Configurations:
-Source:
Define the identifier ip-sla-
Define the operation and address of the target
-Define the frequency-
Define the measure when it starts
-Define the 'any reaction
Typically, the source collects the necessary info, stores it in the MIB which can then be read via SNMP.
In the specific case should be monitored S3 S4 S4 and S3 should be monitored.
Solution Plan 1: S3 S4 monitors
Source-> Responder
S3-> S4
Operation -> icmp echo, an operation used to measure the time interval between an echo from a source and a reply by any device into an IP address (in this case do not have to configure the responder)
S3 ( config) # ip sla 1
S3 (config-ip-sla) # icmp-echo "ip address of any interface of the switch S4"
/ / It's like if I did a ping interface
Solution Plan 2: S3 S4 monitors
(config) # ip sla 1
S4 (config-ip-sla) # icmp-echo "ip address of any interface of the switch S3"
PRIVATE VLAN
Reference: https: / / supportforums.cisco.com/thread/2055062.pdf
Since the scheme above, the request is:
• PC3, 4.5 can not communicate between them but only with the PC2
• Looking known:
or PC4 and PC5 belong to the same VLAN but at the same time
can not communicate with each other: it is not strange is correct. The PVLAN
must be seen as the ACL, and PC5 PC4 that will address
the same subnet (VLAN 150) but do not communicate with each other. The PVLAN
as they aim to isolate the ports Level 2.
• Rules to follow when implementing VLANs:
or I can not use the numbers 1, or when implementing 1002.1005
PVLAN always configure the switches in transparent mode or I can make a PVLAN a VLAN if the VLAN does not has access doors defined.
• For the scheme above we have (ref:
https: / / supportforums.cisco.com/message/3160548
# 3160548):
Planned Solution - Creating a secondary VLAN for PC 3.4 , 5: 202 PVLAN
- Create a primary VLAN to the PC 1, so I meet the requirements date: PVLAN 201 - Swicth di accesso S1:
//Creazione PVLAN isolated
Switch1(config)#vtp transparent
Switch1(config)#vlan 202
Switch1(config-vlan)#private-vlan isolated
Switch1(config)#vtp transparent
Switch1(config)#vlan 100 Switch1(config-vlan)#private-vlan primary
 
            //Associazione primary PVLAN 100 con secondary PVLAN 202
Switch1(config-vlan)#private-vlan association 202
//Configurazione interfaces
/ / Create host port (Doubts? must also be included in access to VLANs 100 and 150
?)
Switch1 (config) # interface range fastethernet 0 / 2 to 4
Switch1 (config-range- if) # switchport mode private-vlan host Switch1 (config-if-range) # switchport private-vlan host-association 100 202
/ / Create promiscuos port: This port must support the fact
traffic isolated vlan 202 (and to support normal traffic vlan 150 and 100? I leave the port in trunk mode?) Switch1 (config) # interface range fastethernet 0 / 1
Switch1 (config-if) # switchport mode private-vlan promiscuos
Switch1 (config-if-range) # switchport private-vlan mapping 100 202
 
0 comments:
Post a Comment