CCIE-RS GOLDlab ASET CCIE Lab 1

Got a free moment to play around on Cisco.com/PEC  – cranked up the lab CCIE RS-FOCUS1  .  Focused on layer two concepts.

“This is an ASET Routing and Switching “focus” lab and is intended to aid your preparation for the CCIE Routing and Switching lab using CCIE Blueprint topics (as of 1/2/2008). This lab deals with the following topics:

  • CATALYST ETHERNET SWITCH CONFIGURATION
  • SPANNING TREE
  • SPANNING TREE OPTIONS
  • CATALYST INTERCONNECTIVITY
  • SWITCH SAFEGUARDS
  • VLAN LOAD BALANCING
  • VLAN FILTER
  • CLIENT AUTHENTICATION

The tasks are marked with checkboxes, my attempt to configure them is bold..

        Configure all switches for VTP domain = ASET101 and VTP mode = transparent.

On all switches:

en
conf t
vtp domain ASET101
vtp mode transparent
end

        Configure SW1 and SW2 for dot1q trunks on ports Fa0/23 and Fa0/24. These interfaces should be trunk interfaces even if their neighbor interfaces are not trunk interfaces.

conf t
int range f0/23 – 24
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
end

        Configure VLAN assignments as per the table below. Configure for static VLAN access and permanent nontrunking mode. 

VLAN SW1 SW2 SW3
13 Fa0/1, Fa0/3
100 Fa0/10 Fa0/4, Fa0/6
145 Fa0/1, Fa0/4, Fa0/5
200 Fa0/2, Fa0/10
300 Fa0/5 Gi0/10

SW1

conf t
vlan 100
vlan 145
exit
!
int fa0/10
switchport mode access
switchport access vlan 100
!
int range fa0/1,fa0/4 – 5
switchport mode access
switchport access vlan 145
end

SW2

conf t
vlan 13
vlan 100
vlan 200
vlan 300
exit
!
int range fa0/1,fa0/3
sw mod acc
sw acc vlan 13
!
int range fa0/4,fa0/6
sw mod acc
sw acc vlan 100
!
int range fa0/2,fa0/10
sw mod acc
sw acc vlan 200
!
int fa0/5
sw mod acc
sw acc vlan 300
!
end

SW3

conf t
vlan 300
!
Conf t
int Gi0/10
sw mod acc
sw acc vlan 300
!

end

1.2   SPANNING TREE

Ensure that all Per VLAN Spanning Tree parameters for active VLANs seen on SW1 are dictated by SW1. In addition, configure VLANS for which SW1 is root, with the following:

        Root priority of zero (0).

        An access port start-up delay, due to Spanning Tree, of 32 seconds.

SW1

!– VLANs 1,100,145

conf t
spann vlan 1 root primary
spann vlan 100 root primary
spann vlan 145 root primary
!
spann vlan 1 forw 16
spann vlan 100 forw 16
spann vlan 145 forw 16

1.3   SPANNING TREE OPTIONS

                                                                                Disable Spanning Tree for VLAN 13 on SW2.

        Configure SW2 to reduce the time it takes to choose a new root port when a link or switch fails or when the Spanning Tree reconfigures itself. Use a single command on SW2 for this.

        Configure SW2 such that the default behavior on all ports is to prevent alternate or root ports from becoming designated ports because of a failure that leads to a unidirectional link.

        Assume that SW2 interface Fa0/12 is connected to a customer’s Ethernet switch. Configure Fa0/12 to go into the root-inconsistent (blocked) state if the customer’s switch wants to become the Spanning Tree root.

        Assume SW2 Fa0/13 will never connect to a switch or bridge. Configure SW2 interface Fa0/13 using a spanning-tree command such that Bridge Protocol Data Units (BPDUs) are not sent on the port.

 

SW2

conf t

no spann vlan 13

spanning-tree uplinkfast

spanning-tree loop guard default

!

int fa0/12

spanning-tree bpduguard enable

!

int f0/13 

spann bpdufilter enable

1.4   CATALYST INTERCONNECTIVITY

Configure the Catalyst switches to prefer maximized bandwidth utilization between SW1 and SW2. Use a standards-based configuration. Configure the four physical interfaces to actively negotiate.

SW1#show cdp nei | in SW2

SW2                 Fas 0/24              148            S I      WS-C3550-2Fas 0/24

SW2                 Fas 0/23              148            S I      WS-C3550-2Fas 

SW2#show cdp nei | in SW1

SW1                 Fas 0/24              150            S I      WS-C3550-2Fas 0/24

SW1                 Fas 0/23              150            S I      WS-C3550-2Fas 0/23

conf t

int range fa0/23 – 24

channel-group 1 mode active

1.5   CONFIGURING SWITCH SAFEGUARDS

Fiber optic connectivity will eventually replace the existing trunks. Additional trunks between SW1 and SW2 will also be added at that time.  In order to assure that the fiber links are installed correctly and traffic is guaranteed to flow in a bi-directional manner, globally configure both switches such that a failing link is shut down in the event of a malfunction.

conf t

udld enable

1.6   VLAN LOAD BALANCING

VLANs 58 and 59 do not currently exist on the switches, but there are plans to use them in the future. Configure SW1 such that VLAN 58 traffic will pass primarily through the Gi0/1 interface and VLAN 59 traffic will pass primarily through the Gi0/2 interface. If one of the interfaces should fail, the remaining interface must carry all traffic. You do not need to actually configure the VLANs on the switches. Configure only Gi0/1 and Gi0/2 to accomplish this task. Your solution should not involve configuring a “cost”.

 

interface GigabitEthernet0/1

 switchport mode dynamic desirable

 spanning-tree vlan 58 port-priority 16

end

SW1(config)#do show run int gi0/2

Building configuration…

Current configuration : 111 bytes

!
interface GigabitEthernet0/2

 switchport mode dynamic desirable

 spanning-tree vlan 59 port-priority 16
end

These last two .. 1.7 requires a VLAN map, I couldn’t remember how.. here are the last two tasks if anyone in the ether wants to take a whack at how you would solve the issues..  I am too sleepy to continue (3am my time) .

– Gabe

1.7   VLAN FILTER

  • On SW2, prevent all DHCP client requests from entering or leaving VLANs 100, 200, and 300.
  • All BOOTP requests should be dropped; all other traffic should be forwarded.
  • Use a map NO-DHCP with access list 100 as part of the solution.

1.8   CLIENT AUTHENTICATION

  • On SW2, place interface Fa0/7 into VLAN 13 and force the interface into access mode.
  • Assume there is an 802.1X-compliant client attached to port Fa0/7. Configure the switch to prompt for client authentication on Fa0/7.
  • Assume a RADIUS server is reachable at 110.1.13.59 and it requires a RADIUS key of cisco. Use default accounting and authorization ports.
  • Do not configure any AAA commands except to enable AAA and then one line for dot1x authentication. A mistake may make SW2 unreachable for assessment purposes.
Advertisements

CCIE Data Center Written Exam Topics are out!

Here they are – very exciting times indeed 🙂

CCIE ® Data Center Written Exam Topics

The topic areas listed are general guidelines for the type of content that is likely to appear on the exam. Please note, however, that other relevant or related topic areas may also appear.

All exam materials are provided and no outside reference materials are allowed.

Exam Sections and Sub-task Objectives

Cisco Data Center Architecture

  • Describe the Cisco Data Center Architecture
  • Describe the products used in the Cisco Data Center Architecture
  • Describe Cisco unified I/O solution in access layer
  • Determine which platform to select for use in the data center different layers

Cisco Data Center Infrastructure—NX-OS

  • Describe NX-OS features
    Describe the architecture of NX-OS
    Describe NX-OS Process Recovery
    Describe NX-OS Supervisor Redundancy
    Describe NX-OS Systems file management
    Describe Virtual Output Queuing (VoQ)
    Describe Virtual Device Contexts
    Configure and Troubleshoot VDCs
    Describe fabric extension via the nexus family
  • Design and implement NX-OS Layer 2 and Layer 3 functionality
    Describe VLANs
    Describe PVLANs
    Describe Spanning-Tree Protocols
    Describe Port-Channels and Virtual Port Channels
    Compare and contrast VPC options
    Describe basic features of routing protocols in a data center environment
    Implement jumbo frames end-to-end in a data center
    Describe FabricPath
    Describe VRF lite in a data center environment
    Validate configurations and troubleshoot problems and failures using command line, show and debug commands.
  • Describe Multicast
    Describe Multicast Operation in a data center environment
    Describe Basic PIM configuration
    Describe IGMP operation and configuration on the Nexus Platform
    Validate Configurations and troubleshoot problems and failures using command line, show and debug commands
  • Describe basic NX-OS Security features
    AAA Services
    RBAC, SSH, and SNMPv3
    Control Plane Protection and Hardware Rate Limiting
    IP ACLs, MAC ACLs, and VLAN ACLs
    Port Security
    DHCP Snooping, Dynamic ARP Inspection, and IP Source Guard
    Validate configurations and troubleshoot problems and failures using command line, show and debug commands
  • Implement NX-OS high availability features
    Describe First-Hop Routing Protocols
    Describe Graceful Restart and nonstop forwarding
    Describe OTV
    Describe the ISSU process
    Validate configurations and troubleshoot problems and failures using command line, show and debug commands
  • Implement NX-OS management
    Describe DCNM LAN features
    Implement SPAN and ERSPAN
    Implement embedded Ethernet analyzer and Netflow
    Describe XML for network management and monitoring
    Describe SNMP for network management and monitoring
    Describe Implement Embedded Event Management
    Describe configuration management in Data Center Network Manager
    Describe Smart Call Home
    Detail connectivity and credentials required for Data Center Network Manager
    Validate configurations and troubleshoot problems and failures using command line, show and debug commands

Cisco Storage Networking

  • Describe Standard-based SAN Protocols
    Describe Fiber Channel Standards and protocols
    Describe SCSI standards and protocols
    Describe iSCSI standards and protocols
    Describe FCIP standards and protocols
  • Implement Fiber Channel Protocols features
    Describe Port Channel, ISL, trunking and VSANs
    Design basic and enhanced zoning
    Describe FC domain parameters
    Describe Cisco Fabric services and benefits
    Design and implement proper oversubscription in an FC environment
    Validate proper configuration of FC storage based solutions
  • Implement IP Storage based solution
    Implement FC over IP (FCIP)
    Describe iSCSI and its features
    Validate proper configuration of IP Storage based solutions
  • Design and describe NX-OS Unified Fabric features
    Describe Fiber Channel features in the NX-OS environment
    Describe Fiber Channel over Ethernet Protocol and technology
    Design and implement data center bridging protocol and lossless Ethernet
    Design and implement QoS features
    Describe NPV and NPIV features in a Unified Fabric environment
    Describe FCoE NPV features
    Describe Unified Fabric Switch different modes of operations
    Describe multihop FCoE
    Describe and configure universal ports
    Validate configurations and troubleshoot problems and failures using command line, show and debug commands
  • Design high availability features in a standalone server environment
    Describe server-side high availability in the Cisco Unified I/O environment
    Describe Converged Network Adapter used in FCoE topologies
    Configuring NIC teaming
  • Implement SAN management
    Describe Device Manager for element management
    Describe configuration management in Data Center Network Manager
    Describe connectivity and credentials required for DCNM-SAN
    Describe how to monitor and trend utilization with DCNM Dashboard

Cisco Data Center Virtualization

  • Implement Data Center Virtualization with Nexus1000v
    Describe the Cisco Nexus1000v and its role in a virtual server network environment
    Describe Virtual Ethernet Module (VEM) on Nexus1000v
    Describe Virtual Supervisor Module (VSM)
    Describe the Cisco Nexus 1010 physical appliance and components
    Describe Port Profiles and use cases in Nexus1000v
    Describe QoS, Traffic Flow and IGMP Snooping in Nexus1000v
    Describe Network monitoring on Nexus1000v
    Explain the benefits of DHCP snooping in a VDI environment
    Describe how to intercept traffic using Vpath and its benefits
    Describe and implement Nexus1000v port channels
    Describe Virtual Service Domain
    Validate configurations and troubleshoot problems and failures using command line, show and debug commands

Cisco Unified Computing

  • Unified Computing System components and architecture
    Describe Cisco Unified Computing System components and architecture
    Describe the Cisco Unified Computing server deployment and implementation model
    Describe Cisco UCS Management features
    Describe Cisco UCS Connectivity from both LAN and SAN perspective
    Describe Cisco UCS High Availability
    Describe what the capability catalog is and how it is used
    Describe Cisco UCS C Series Integration
    Describe the functional differences between physical and virtual adaptors
  • Describe LAN connectivity in a Cisco Unified Computing environment
    Describe Fabric Interconnect for LAN connectivity
    Implement server and uplink ports
    Describe End Host Mode
    Implement Ethernet Switching Mode
    Implement VLANs and port channels
    Implement Pinning and PIN groups
    Describe Disjoint Layer 2 and design consideration
    Describe Quality of Service (QoS) options and configuration restrictions
    Design and verify scalable Cisco Unified computing systems
  • Describe Implement SAN connectivity in a Cisco Unified Computing environment
    Describe Fabric Interconnect for SAN connectivity
    Describe End Host Mode
    Implement NPIV
    Implement FC Switch mode
    Implement FC ports for SAN connectivity
    Implement Virtual HBA (vHBA)
    Implement VSANs
    Implement SAN port channels
    Describe and implement direct attach Storage connectivity options
    Describe and implement FC trunking and SAN pinning
  • Describe Cisco Unified Computing Server resources
    Describe Service Profiles in Cisco UCS including templates and contrast with cloning
    Describe Server Resource Pools
    Implement updating and initial templates
    Describe Boot From remote storage
    Detail best practices for creating pooled objects
    Explain how to use the Cisco UCS KVM with Vmedia and session management
    Describe local disk options and configuration protection
    Describe power control policies and their effects
  • Describe role-based Access Control Management Groups
    Understand Cisco UCS Management Hierarchy using ORG and RBAC
    Describe roles and privileges
    Implement integrated authentication
  • Cisco Unified Computing troubleshooting and maintenance
    Understand backup and restore procedures in a unified computing environment
    Manage high availability in a Cisco Unified Computing environment
    Describe monitoring and analysis of system events
    Implement External Management Protocols
    Analyze statistical information
    Understand Cisco Unified Computing components system upgrade procedure
    Describe how to manage BIOS settings
    Describe memory extension technology

Cisco Application Networking Services—ANS

  • Data center application high availability and load balancing
    Describe standard ACE features for load balancing
    Describe different Server Load Balancing Algorithm
    Describe health monitoring and use cases
    Describe Layer 7 load balancing
    Describe sticky connections
    Understand SSL offload in SLB environment
    Describe Protocol Optimization
    Describe Route Health Injection (RHI)
    Describe Server load balancing Virtual Context and HA
    Describe Server load balancing management options
  • Global load balancing
    Describe basic DNS resolution process
    Describe the benefits of the Cisco Global Load Balancing Solution
    Describe how the Cisco Global Load Balancing Solution integrate with local Cisco load balancers
    Implement a Cisco Global Load Balancing Solution into an existing network infrastructure