Arbab Nazar

Case Study 2 Voice and Security in a Switched Network

Disable the links between the access layer switches.

DS1(config)#interface range fa 0/7 - 10DS1(config-if-range)#sh

DS2(config)#interface range fa 0/7 - 10DS2(config-if-range)#sh

AS1(config)#interface range fa 0/7 - 10AS1(config-if-range)#sh

AS2(config)#interface range fa 0/7 - 10AS2(config-if-range)#sh

Place all switches in the VTP domain CISCO and set them all to VTP modetransparent.

DS1(config)#vtp domain CISCODS1(config)#vtp mode transparent

DS2(config)#vtp domain CISCODS2(config)#vtp mode transparent

AS1(config)#vtp domain CISCOAS1(config)#vtp mode transparent

AS2(config)#vtp domain CISCO

Arbab Nazar

AS2(config)#vtp mode transparent

Make sure that all inter-switch links are statically set as 802.1q links.

Check it by SHOW RUN command; otherwise configure it by using thecommands provided in case study 1 Create VLANs 10 and 200 on all switche s. Give DLS1 and DLS2 SVIs in VLAN

10 and assign addresses in the 172.16.10.0/24 subnet.

DS1(config)#vlan 10DS1(config-vlan)#exitDS1(config)#vlan 200DS1(config-vlan)#exit

DS1(config)#interface vlan 10DS1(config-if)#ip add 172.16.10.1 255.255.255.0DS1(config-if)#no shDS1(config-if)#exit

DS2(config)#vlan 10DS2(config-vlan)#exitDS2(config)#vlan 200DS2(config-vlan)#exit

DS2(config)#interface vlan 10DS2(config-if)#ip add 172.16.10.2 255.255.255.0DS2(config-if)#no shDS2(config-if)#exit

AS1(config)#vlan 10AS1(config-vlan)#exitAS1(config)#vlan 200AS1(config-vlan)#exit

AS2(config)#vlan 10AS2(config-vlan)#exitAS2(config)#vlan 200AS2(config-vlan)#exit

Configure DLS1 and DLS2 to use HSRP on the 172.16.10.0/24 subnet. MakeDLS1 the primary gateway, and enable preemption on both switches.

DS1(config)#interface vlan 10DS1(config-if)#standby 10 ip 172.16.10.3

Arbab Nazar

DS1(config-if)#standby 10 priority 150DS1(config-if)#standby 10 preempt

DS2(config)#interface vlan 10DS2(config-if)# standby 10 ip 172.16.10.3DS2(config-if)# standby 10 preempt

Place ports Fa0/15 through Fa0/20 in VLAN 10 on both access layer switches.

AS1(config)#interface range fa 0/15 - 20AS1(config-if-range)#switchport mode accessAS1(config-if-range)#switchport access vlan 10AS1(config-if-range)#no shAS1(config-if-range)#exit

AS2(config)#interface range fa 0/15 - 20AS2(config-if-range)#switchport mode accessAS2(config-if-range)#switchport access vlan 10AS2(config-if-range)#no shAS2(config-if-range)#exit

Enable PortFast on all access ports.

AS1(config)#spanning-tree portfast default

AS2(config)#spanning-tree portfast default

DS1(config)#spanning-tree portfast default

DS2(config)#spanning-tree portfast default

Enable QoS on all switches involved in the scenario.

AS1(config)#mls qos

AS2(config)#mls qos

DS1(config)#mls qos

DS2(config)#mls qos

Arbab Nazar

Configure ALS1 F0/15 and F0/16 for using Cisco IP phones with a voice VLAN of200 and trust the IP phone CoSe s.

AS1(config)#interface range fa0/15 -16AS1(config-if-range)#switchport voice vlan 200AS1(config-if-range)#auto qos voip cisco-phoneAS1(config-if-range)#exit

DS1(config)#interface range fa0/7 - 8DS1(config-if-range)#auto qos voip trustDS1(config-if-range)#exit

DS2(config)#interface range fa 0/9 -10DS2(config-if-range)#auto qos voip trustDS2(config-if-range)#exit

Configure ALS1 F0/18 through F0/20 for port security. Allow only up to threeMAC addresses to be learned on each port and then drop any traffic from otherMAC addresses.

AS1(config)#interface range fa0/18 - 20AS1(config-if-range)#switchport port-securityAS1(config-if-range)#switchport port-security maximum 3AS1(config-if-range)#switchport port-security mac-address stickyAS1(config-if-range)#switchport port-security violation restrictAS1(config-if-range)#exit

Configure ALS2 F0/18 to only allows the MAC address 1234.1234 .1234 and toshut down if a violation occurs.

AS2(config)#int fa0/18AS2(config-if)#switchport port-securityAS2(config-if)#switchport port-security maximum 1AS2(config-if)#switchport port-security mac-address 1234.1234.1234AS2(config-if)#switchport port-security violation shutdownAS2(config-if)#exit