• If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.
Xin chào ! Nếu đây là lần đầu tiên bạn đến với diễn đàn, xin vui lòng danh ra một phút bấm vào đây để đăng kí và tham gia thảo luận cùng VnPro.

Announcement

Collapse
No announcement yet.

Bài tập Case study 2 cho môn học CCNP Switching

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Bài tập Case study 2 cho môn học CCNP Switching

    đây là bài tập lớn II của môn CCNP Switching. Thời gian làm bài 3 giờ.
    Email : vnpro@vnpro.org
    ---------------------------------------------------------------------------------------------------------------
Trung Tâm Tin Học VnPro
149/1D Ung Văn Khiêm P25 Q.Bình thạnh TPHCM
Tel : (08) 35124257 (5 lines)
Fax: (08) 35124314

Home page: http://www.vnpro.vn
Support Forum: http://www.vnpro.org
- Chuyên đào tạo quản trị mạng và hạ tầng Internet
- Phát hành sách chuyên môn
- Tư vấn và tuyển dụng nhân sự IT
- Tư vấn thiết kế và hỗ trợ kỹ thuật hệ thống mạng

Network channel: http://www.dancisco.com
Blog: http://www.vnpro.org/blog

  • #2
    Case study 2 - Implementing QoS and Security in a Switched Network

    DLSwitchA
    en
    conf t
    hostname DLSwitchA
    no ip domain-lookup
    enable secret cisco
    line console 0
    password cisco
    login
    line vty 0 15
    password cisco
    login
    ! enable Qos on Distribution layer switches
    mls qos
    exit

    interface vlan 1
    ip address 172.16.26.33 255.255.255.240
    no shut
    ! ip default-gateway 172.16.26.17 ! no needed since "Redistribute static" used on core.
    exit

    ! Configure VTP Sever
    vtp mode Server
    vtp domain CCNP3CASESTUDY
    vlan 5 name IP_Phones
    vlan 10 name Students
    vlan 20 name Staffs
    vlan 99 name Unused
    exit

    ! Set DLSwitch to be the vtp root
    spanning-tree vlan 1 root primary
    spanning-tree vlan 5 root primary
    spanning-tree vlan 10 root primary
    spanning-tree vlan 20 root primary

    ! Configure trunking
    interface range fa 0/1 - 4
    switchport trunk encapsulation dot1q
    switchport mode trunk
    no shutdown
    exit
    ! Assign interfaces to fast etherchannel
    int range fa 0/1 , fa 0/2
    channel-group 1 mode desirable
    int range fa 0/3 , fa 0/4
    channel-group 2 mode desirable
    exit

    ! Shut down unused interfaces and assign them to unused vlan
    int range fa 0/5 - 24
    switchport mode access
    switchport access vlan 99
    shut
    int gi0/2
    switchport mode access
    switchport access vlan 99
    shut
    exit

    ! Configure pruning on vtp server
    vtp pruning

    ! Configure Default Gateway for all VLAN's
    int vlan 5
    ip address 172.16.27.1 255.255.255.0
    no shut
    int vlan 10
    ip address 172.16.28.1 255.255.255.0
    no shut
    int vlan 20
    ip address 172.16.29.1 255.255.255.0
    no shut
    exit

    !Cofigure layer 3 routing
    ip routing
    router eigrp 100
    network 172.16.0.0
    exit

    !Configure QoS policy mapping and DSCP value of 40 for voice traffic enter DLSwitch
    mac access-list extended VOICE-DEVICE
    permit host 0000.74c7.9648 any
    ^Z
    class-map match-all VOICE-TRAFFIC
    match access-group name VOICE-DEVICE
    policy-map FROM-ACCESS-LAYER
    class VOICE-TRAFFIC
    set ip dscp 40
    class class-default
    trust cos

    ! Apply QoS policy to interface
    interface range fa0/1 – 4
    service-policy input FROM-ACCESS-LAYER

    ! Configure Uplinks to Core Switch
    interface gi0/1
    no switchport
    ip address 172.16.26.18 255.255.255.248
    no shut
    end

    DLSwitchB

    en
    conf t
    hostname DLSwitchB
    no ip domain-lookup
    enable secret cisco
    line console 0
    password cisco
    login
    line vty 0 15
    password cisco
    login
    ! enable Qos on Distribution layer switches
    mls qos
    exit

    interface vlan 1
    ip address 172.17.26.33 255.255.255.240
    no shut
    exit

    ! Configure VTP Sever
    vtp mode Server
    vtp domain CCNP3CASESTUDY
    vlan 5 name IP_Phones
    vlan 15 name Students
    vlan 25 name Staffs
    vlan 99 name Unused
    exit

    ! Set DLSwitch to be the vtp root
    spanning-tree vlan 1 root primary
    spanning-tree vlan 5 root primary
    spanning-tree vlan 15 root primary
    spanning-tree vlan 25 root primary

    ! Configure trunking

    interface range fa 0/1 - 4
    switchport trunk encapsulation dot1q
    switchport mode trunk
    no shutdown
    exit

    ! Assign interfaces to fast etherchannel
    int range fa 0/1 , fa 0/2
    channel-group 1 mode desirable
    int range fa 0/3 , fa 0/4
    channel-group 2 mode desirable
    exit

    ! Shut down unused interfaces and assign them to unused vlan
    int range fa 0/5 - 24
    switchport mode access
    switchport access vlan 99
    shut
    int gi0/2
    switchport mode access
    switchport access vlan 99
    shut
    exit

    !Cofigure layer 3 routing
    ip routing
    router eigrp 100
    network 172.17.0.0
    exit

    ! Configure pruning on vtp server
    vtp pruning

    ! Configure Default Gateway for all VLAN's
    int vlan 5
    ip address 172.17.27.1 255.255.255.0
    no shut
    int vlan 15
    ip address 172.17.28.1 255.255.255.0
    no shut
    int vlan 25
    ip address 172.17.29.1 255.255.255.0
    no shut
    exit

    !Configure QoS policy mapping and DSCP value of 40 for voice traffic enter DLSwitch
    mac access-list extended VOICE-DEVICE
    permit host 0000.74c7.9648 any
    ^Z
    class-map match-all VOICE-TRAFFIC
    match access-group name VOICE-DEVICE
    policy-map FROM-ACCESS-LAYER
    class VOICE-TRAFFIC
    set ip dscp 40
    class class-default
    trust cos

    ! Apply QoS policy to interface
    interface range fa0/1 – 4
    service-policy input FROM-ACCESS-LAYER

    ! Configure Uplinks to Core Switch
    interface gi 0/1
    no switchport
    ip address 172.17.26.18 255.255.255.248
    no shut
    end


    ALSwitchA1 (2950)

    en
    conf t
    hostname ALSwitchA1
    enable secret cisco
    line console 0
    password cisco
    login
    line vty 0 15
    password cisco
    login
    interface vlan 1
    ip address 172.16.26.34 255.255.255.240
    no shut
    exit
    ! set vtp mode to client
    vtp mode client
    ! no need to enable QoS globally since we are using 2950 switches as ALSwtiches


    ! Configure Trunking
    interface range fa 0/1 , fa 0/2
    switchport mode trunk
    no shut
    exit

    ! Assign interfaces to fast etherchannel
    int range fa 0/1 - 2
    channel-group 1 mode desirable
    exit


    ! Assign interfaces to VLAN and secure unused interfaces

    interface range fa 0/3 - 4
    switchport mode access
    switchport access vlan 5
    spanning-tree portfast
    !Clasify IPPhones traffic as trusted
    mls qos trust cos
    exit

    interface range fa 0/5 - 8
    switchport mode access
    switchport access vlan 10
    spanning-tree portfast
    !Clasify Students traffic as untrusted and cos value is 0
    mls qos cos 0
    mls qos cos override
    exit

    interface range fa 0/9 - 12
    switchport mode access
    switchport access vlan 20
    spanning-tree portfast
    !Clasify Staffs traffic as trusted and cos value is 2
    mls qos cos 2
    mls qos trust cos
    exit

    interface range fa 0/13 - 24
    switchport mode access
    switchport access vlan 99
    shut
    exit

    interface range gi 0/1 , gi 0/2
    switchport mode access
    switchport access vlan 99
    shut
    end

    ALSwitchA2

    en
    conf t
    hostname ALSwitchA2
    enable secret cisco
    line console 0
    password cisco
    login
    line vty 0 15
    password cisco
    login
    interface vlan 1
    ip address 172.16.26.35 255.255.255.240
    no shut
    exit
    ! set vtp mode to client
    vtp mode client

    ! Configure Trunking
    interface range fa 0/1 , fa 0/2
    switchport mode trunk
    no shut
    exit

    ! Assign interfaces to fast etherchannel
    int range fa 0/1 , fa 0/2
    channel-group 1 mode desirable
    exit

    ! Assign interfaces to VLAN's and secure
    ! unused interfaces

    interface range fa 0/3 , fa 0/4
    switchport mode access
    switchport access vlan 5
    spanning-tree portfast
    !Clasify IPPhones traffic as trusted
    mls qos trust cos
    exit

    interface range fa 0/5 - 8
    switchport mode access
    switchport access vlan 10
    spanning-tree portfast
    !Clasify Students traffic as untrusted and cos value is 0
    mls qos cos 0
    mls qos cos override
    exit

    interface range fa 0/9 - 12
    switchport mode access
    switchport access vlan 20
    spanning-tree portfast
    !Clasify Staffs traffic as trusted and cos value is 2
    mls qos cos 2
    mls qos trust cos
    exit

    interface range fa 0/13 - 24
    switchport mode access
    switchport access vlan 99
    shut
    exit

    interface range gi 0/1 , gi 0/2
    switchport mode access
    switchport access vlan 99
    shut
    end

    ALSwitchB1

    en
    conf t
    hostname ALSwitchB1
    enable secret cisco
    line console 0
    password cisco
    login
    line vty 0 15
    password cisco
    login
    interface vlan 1
    ip address 172.17.26.34 255.255.255.240
    no shut
    exit
    ! set vtp mode to client
    vtp mode client


    ! Configure Trunking
    interface range fa 0/3 , fa 0/4
    switchport mode trunk
    no shut
    exit

    ! Assign interfaces to fast etherchannel
    int range fa 0/3 , fa 0/4
    channel-group 1 mode desirable
    exit

    ! Assign interfaces to VLAN's and secure
    ! unused interfaces

    interface range fa 0/1 , fa 0/2
    switchport mode access
    switchport access vlan 5
    spanning-tree portfast
    !Clasify IPPhones traffic as trusted
    mls qos trust cos
    exit

    interface range fa 0/5 - 8
    switchport mode access
    switchport access vlan 15
    spanning-tree portfast
    !Clasify Students traffic as untrusted and cos value is 0
    mls qos cos 0
    mls qos cos override
    exit


    interface range fa 0/9 - 12
    switchport mode access
    switchport access vlan 25
    spanning-tree portfast
    !Clasify Staffs traffic as trusted and cos value is 2
    mls qos cos 2
    mls qos trust cos
    exit

    interface range fa 0/13 - 24
    switchport mode access
    switchport access vlan 99
    shut
    exit

    interface range gi 0/1 , gi 0/2
    switchport mode access
    switchport access vlan 99
    shut
    end

    ALSwitchB2
    en
    conf t
    hostname ALSwitchB2
    enable secret cisco
    line console 0
    password cisco
    login
    line vty 0 15
    password cisco
    login
    interface vlan 1
    ip address 172.17.26.35 255.255.255.240
    no shut
    exit
    ! set vtp mode to client
    vtp mode client

    ! Configure Trunking
    interface range fa 0/3 , fa 0/4
    switchport mode trunk
    no shut
    exit

    ! Assign interfaces to fast etherchannel
    int range fa 0/3 , fa 0/4
    channel-group 1 mode desirable
    exit

    ! Assign interfaces to VLAN's and secure
    ! unused interfaces

    interface range fa 0/1 , fa 0/2
    switchport mode access
    switchport access vlan 5
    spanning-tree portfast
    !Clasify IPPhones traffic as trusted
    mls qos trust cos
    exit

    interface range fa 0/5 - 8
    switchport mode access
    switchport access vlan 15
    spanning-tree portfast
    !Clasify Students traffic as untrusted and cos value is 0
    mls qos cos 0
    mls qos cos override
    exit

    interface range fa 0/9 - 12
    switchport mode access
    switchport access vlan 25
    spanning-tree portfast
    !Clasify Staffs traffic as trusted and cos value is 2
    mls qos cos 2
    mls qos trust cos
    exit

    interface range fa 0/13 - 24
    switchport mode access
    switchport access vlan 99
    shut
    exit

    interface range gi 0/1 , gi 0/2
    switchport mode access
    switchport access vlan 99
    shut
    end

    Configure Core Layer Switch

    en
    conf t
    hostname Core
    no ip domain-lookup
    enable secret cisco
    line console 0
    password cisco
    login
    line vty 0 15
    password cisco
    login
    ip default-gateway 172.16.1.1
    int gi 0/1
    no switchport
    ip address 172.16.26.17 255.255.255.248
    no shut
    exit
    int gi 0/2
    no switchport
    ip address 172.17.26.17 255.255.255.248
    no shut
    exit
    int fa 0/1
    no switchport
    ip address 172.16.1.2 255.255.255.248
    no shut
    exit
    int range fa 0/2 - 24
    no switchport
    shut
    exit

    ! Configure simulated server farm
    ! (each server on separate subnet)
    int loop 0
    ip address 172.17.1.1 255.255.255.0
    no shut
    exit
    int loop 1
    ip address 172.17.2.1 255.255.255.0
    no shut
    exit
    int loop 2
    ip address 172.17.3.1 255.255.255.0
    no shut
    exit
    int loop 3
    ip address 172.17.4.1 255.255.255.0
    no shut
    exit
    int loop 4
    ip address 172.17.5.1 255.255.255.0
    no shut
    exit

    !Cofigure layer 3 routing
    ip routing
    router eigrp 100
    network 172.16.0.0
    network 172.17.0.0
    ! distribure static (default) route.
    redistribute static
    exit
    end

    Configure Border Router
    en
    conf t
    hostname Border
    no ip domain-lookup
    enable secret cisco
    line console 0
    password cisco
    login
    line vty 0 4
    password cisco
    login
    ip default-gateway 200.200.100.129

    !Configure routing protocol
    router eigrp 100
    network 172.16.0.0
    network 172.17.0.0
    network 192.168.0.0
    network 200.200.100.0

    !Default gateway interface
    int fa 0/0
    ip address 172.16.1.1 255.255.255.248
    no shut

    ! Apply Qos for voice traffic (8kbps is available) by policy-map
    ! create access list for voice traffic (suppose UDP 16384 to 32767 represents voice)
    access-list 102 permit udp any any range 16384 32767
    access-lisy 103 permit tcp any eq 1720 any
    ! Create class map
    class-map match-all VOICE-TRAFFIC
    match access-group 102
    class-map match-all VOICE-SIGNALING
    match access-group 103
    ! Create policy map
    policy-map VOICE-POLICY
    class VOICE-SIGNALING
    bandwidth 8
    class VOICE-TRAFIC
    priority 48
    class class-default
    fair-queue

    ! Configure multilink interface
    interface multilink 1
    ip address 200.200.100.130 255.255.255.248
    ppp multilink fragment-delay 10
    bandwidth 128
    ppp multilink interleave
    service-policy output VOICE-POLICY
    exit

    ! Tell router that the virtual interface multilink 1 will use this physical interface s0/0
    interface s0/0
    ppp multilink group 1
    exit

    ! Configure map-class to define the shape of the traffic to Remote1 router
    map-class frame-relay PHUC
    frame-relay cir 128000
    frame-relay bc 128000
    frame-relay be 0
    frame-relay fair-queue

    ! Configure Frame relay traffic shaping to Remote 1
    int s 0/1
    encapsulation frame-relay
    interface s0/1.103 point-to-point
    frame-relay interface-dlci 103
    ip address 192.168.0.1 255.255.255.248
    no shut
    ! Apply FRTS to interface
    frame-relay traffic-shaping
    interface s0/1.103
    frame-relay class PHUC
    exit

    ! Configure nat
    ip nat pool PHUC 200.200.100.136 200.200.200.254 netmask 255.255.255.128
    access-list 10 permit 172.16.27.0 0.0.0.255
    access-list 10 permit 172.16.28.0 0.0.0.255
    access-list 10 permit 172.16.29.0 0.0.0.255
    access-list 10 permit 172.17.27.0 0.0.0.255
    access-list 10 permit 172.17.28.0 0.0.0.255
    access-list 10 permit 172.17.29.0 0.0.0.255
    access-list 10 permit 192.168.0.0 0.0.255.255
    access-list 10 deny any
    ip nat inside source list 10 pool PHUC overload

    ! Add static addresses
    ip nat inside source static 172.17.1.1 200.200.100.131
    ip nat inside source static 172.17.2.1 200.200.100.132
    ip nat inside source static 172.17.3.1 200.200.100.133
    ip nat inside source static 172.17.4.1 200.200.100.134
    ip nat inside source static 172.17.5.1 200.200.100.135

    int s0/0
    ip nat outside
    int fa 0/0
    ip nat inside
    exit
    ! Configure Static Routes
    ip route 172.16.0.0 255.255.0.0 172.16.1.2
    ip route 172.17.0.0 255.255.0.0 172.16.1.2
    ip route 192.168.0.0 255.255.0.0 192.168.0.1
    end
    Configure Remote1 Router
    en
    conf t
    hostname Remote1
    no ip domain-lookup
    enable secret cisco
    line console 0
    password cisco
    login
    line vty 0 4
    password cisco
    login

    !Configure routing protocol
    router eigrp 100
    network 172.16.0.0
    network 172.17.0.0
    network 192.168.0.0
    network 200.200.100.0

    ! Configure map-class to define the shape of the traffic
    map-class frame-relay PHUC
    frame-relay cir 128000
    frame-relay bc 128000
    frame-relay be 0
    frame-relay fair-queue

    !Configure Frame relay traffic sharping to Remote 1
    int s 0/0
    encapsulation frame-relay
    interface s0/0.301 point-to-point
    frame-relay interface-dlci 301
    ip address 192.168.0.2 255.255.255.248
    ! Apply FRTS to interface
    frame-relay traffic-shaping
    interface s0/0.301
    frame-relay class PHUC
    no shut
    exit
    end


    Configure CountyOffice Router
    en
    conf t
    hostname CountyOffice
    no ip domain-lookup
    enable secret cisco
    line console 0
    password cisco
    login
    line vty 0 4
    password cisco
    login

    !Configure routing protocol
    router eigrp 100
    network 172.16.0.0
    network 172.17.0.0
    network 192.168.0.0
    network 200.200.100.0

    ! Apply Qos for voice traffic (8kbps is available) by policy-map
    ! create access list for voice traffic (suppose UDP 16384 to 32767 represents voice)
    access-list 102 permit udp any any range 16384 32767
    access-lisy 103 permit tcp any eq 1720 any
    ! Create class map
    class-map match-all VOICE-TRAFFIC
    match access-group 102
    class-map match-all VOICE-SIGNALING
    match access-group 103
    ! Create policy map
    policy-map VOICE-POLICY
    class VOICE-SIGNALING
    bandwidth 8
    class VOICE-TRAFIC
    priority 48
    class class-default
    fair-queue

    ! Configure multilink interface
    interface multilink 1
    ip address 200.200.100.129 255.255.255.248
    ppp multilink fragment-delay 10
    bandwidth 128
    ppp multilink interleave
    service-policy output VOICE-POLICY
    exit

    ! Tell router that the virtual interface multilink 1 will use this physical interface s0/0
    interface s0/0
    ppp multilink group 1
    exit
    end
    Attached Files

    Comment


    • #3
      Mod ơi, hình die rùi.

      Comment


      • #4
        file đính kèm down ko được, admin up lại dùm với

        Comment


        • #5
          Die rùi, dạo này Admin đâu rùi ta, ko thấy. Mình cũng đang cần nè, up lại dùm :)

          Comment

          • Working...
            X