Solution Manual for CCNP Enterprise: Core Networking (ENCOR) v8 Lab Manual, 2nd Edition

CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 Instructor’s Answer Key Cisco Networking Academy Cisco Press 221 River St Hoboken, NJ 07030 ii CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 Instructor’s Answer Key Cisco Networking Academy Copyright© 2021 Cisco Systems, Inc. Published by: Cisco Press 221 River St Hoboken, NJ 07030 All rights reserved. This publication is protected by copyright, and permission must be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise. For information regarding permissions, request forms, and the appropriate contacts within the Pearson Education Global Rights & Permissions Department, please visit www.pearson.com/permissions. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein. ScoutAutomatedPrintCode Library of Congress Control Number: 2020908332 ISBN-13: 978-0-13-690643-8 ISBN-10: 0-13-690643-5 Instructor’s Answer Key ISBN-13: 978-0-13-690645-2 ISBN-10: 0-13-690645-1 Editor-in-Chief Mark Taub Alliances Manager, Cisco Press Arezou Gol Director, ITP Product Management Brett Bartow Senior Editor James Manly Managing Editor Sandra Schroeder Project Editor Mandie Frank Editorial Assistant Cindy Teeters Designer Chuti Prasertsith Composition Bronkella Publishing, Inc. Proofreader Debbie Williams iii Warning and Disclaimer This book is designed to provide information about networking. Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information is provided on an “as is” basis. The authors, Cisco Press, and Cisco Systems, Inc. shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it. The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc. Trademark Acknowledgments All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark. This book is part of the Cisco Networking Academy series from Cisco Press. The products in this series support and complement the Cisco Networking Academy curriculum. If you are using this book outside the Networking Academy, then you are not preparing with a Cisco trained and authorized Networking Academy provider. For more information on the Cisco Networking Academy or to locate a Networking Academy, please visit www.cisco.com/edu. Special Sales For information about buying this title in bulk quantities, or for special sales opportunities (which may include electronic versions; custom cover designs; and content particular to your business, training goals, marketing focus, or branding interests), please contact our corporate sales department at [email protected] or (800) 382-3419. For government sales inquiries, please contact [email protected]. For questions about sales outside the U.S., please contact [email protected]. Feedback Information At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted with care and precision, undergoing rigorous development that involves the unique expertise of members from the professional technical community. Readers’ feedback is a natural continuation of this process. If you have any comments regarding how we could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through email at [email protected]. Please make sure to include the book title and ISBN in your message. We greatly appreciate your assistance. Americas Headquarters Cisco Systems, Inc. San Jose, CA Asia Pacific Headquarters Cisco Systems (USA) Pte. Ltd. Singapore Europe Headquarters Cisco Systems International BV Amsterdam, The Netherlands Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) iv CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 Contents Chapter 1 Packet Forwarding 1 1.1.2 Lab – Implement Inter-VLAN Routing (Instructor Version) Topology Addressing Table Objectives 1 2 Background/Scenario Required Resources Instructions 1 1 2 2 2 Part 1: Build the Network and Configure Basic Device Settings 2 Part 2: Configure and Verify Inter-VLAN Routing on a Layer 3 Switch 4 Part 3: Configure and Verify Router-based Inter-VLAN Routing 6 Part 4: Examine CAM and CEF Details 8 Router Interface Summary Table 10 Device Configs – Final 11 Router R1 11 Router R3 13 Switch D1 15 Switch D2 20 Chapter 2 Spanning Tree Protocol 25 2.1.2 Lab – Observe STP Topology Changes and Implement RSTP (Instructor Version) 25 Topology 25 Addressing Table Objectives 25 25 Background/Scenario 25 Required Resources 26 Instructions 26 Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing 26 Part 2: Discover the Default Spanning Tree 28 Part 3: Implement and Observe Rapid Spanning Tree Protocol Device Configs – Final 35 Switch D1 35 Switch D2 39 Switch A1 44 33 v Chapter 3 Advanced Spanning Tree Tuning 47 3.1.2 Lab – Implement Advanced STP Modifications and Mechanisms (Instructor Version) 47 Topology 47 Addressing Table Objectives 47 47 Background/Scenario 48 Required Resources 48 Instructions 48 Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing 48 Part 2: Implement and Observe Various Topology Tuning Methods Part 3: Implement and Observe Various Topology Protection Mechanisms 59 Device Configs – Final 67 Switch D1 67 Switch D2 72 Switch A1 76 Chapter 4 Multiple Spanning Tree Protocol 81 4.1.2 Lab – Implement MST (Instructor Version) 81 Topology 81 Objectives 81 Background/Scenario 81 Required Resources 82 Instructions 82 Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing 82 Part 2: Implement and Observe MST 84 Part 3: Configure, Tune and Verify Basic MST Operation 86 Device Configs – Final 94 Switch D1 94 Switch D2 99 Switch A1 104 Chapter 5 VLAN Trunks and EtherChannel Bundles 107 5.1.2 Lab – Implement VTP (Instructor Version) 107 Topology 107 Objectives 107 Background/Scenario 107 Required Resources 109 Instructions 109 Part 1: Build the Network, Configure Basic Device Settings and Interface Addressing 109 51 vi CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 Part 2: Implement and Observe a VTPv2 Domain. 110 Part 3: Implement and Observe a VTPv3 Domain 117 Device Configs – Final Switch D1 122 Switch D2 127 Switch A1 132 122 5.1.3 Lab – Implement EtherChannel (Instructor Version) 135 Topology 135 Objectives 135 Background/Scenario 135 Required Resources 136 Instructions 136 Part 1: Build the Network and Explore Dynamic Trunking Protocol 136 Part 2: Configure Static EtherChannel 140 Part 3: Implement EtherChannel Using PAgP 142 Part 4: Implement EtherChannel using LACP 144 Device Configs – Final 146 Switch D1 146 Switch D2 151 Switch A1 156 5.1.4 Lab – Tune and Optimize EtherChannel Operations (Instructor Version) 161 Topology 161 Objectives 161 Background/Scenario 161 Required Resources 161 Part 1: Build the Network and Configure Basic Device Settings Part 2: Tune LACP-based EtherChannels 162 163 Part 3: Explore EtherChannel Load Balancing 165 Switch D1 165 Switch D2 170 Chapter 6 IP Routing Essentials 177 6.1.2 Lab – Investigate Static Routes (Instructor Version) Topology 177 Addressing Table Objectives 177 178 Background/Scenario 178 Required Resources 178 Instructions 177 178 Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing 178 Part 2: Configure and Investigate IPv4 Static Routes 181 vii Part 3: Configure and Investigate IPv6 Static Routes Part 4: Complete Static Routing Challenge 187 190 Router Interface Summary Table 192 Device Configs – Final 193 Router R1 193 Router R2 195 Router R3 197 6.1.3 Lab – Implement VRF-Lite (Instructor Version) Topology 200 Addressing Table Objectives 200 200 201 Background/Scenario 201 Required Resources 201 Part 1: Build the Network and Configure Basic Device Settings Part 2: Configure and Verify VRF and Interface Addressing 201 206 Part 3: Configure and Verify Static Routing for Reachability Inside Each VRF 208 Router Interface Summary Table Device Configs – Final Router R1 211 Router R2 214 Router R3 216 211 211 Switch D1 218 Switch D2 223 Switch A1 228 Chapter 7 EIGRP 233 There are no labs in this chapter Chapter 8 OSPF 235 8.1.2 Lab – Implement Single-Area OSPFv2 (Instructor Version) 235 Topology 235 Addressing Table Objectives 235 236 Background/Scenario 236 Required Resources 236 Instructions 237 Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing 237 Part 2: Configure Single-Area OSPFv2 239 Part 3: Configure and Verify the Advertising of a Default Route Part 4: Implement OSPF Network Optimizing Features 247 Part 5: DR and BDR Placement 253 246 viii CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 Router Interface Summary Table Device Configs – Final Router R1 256 256 256 Switch D1 258 Switch D2 262 Chapter 9 Advanced OSPF 267 9.1.2 Lab – Implement Multiarea OSPFv2 (Instructor Version) 267 Topology 267 Addressing Table Objectives 267 268 Background/Scenario 268 Required Resources 268 Instructions 269 Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing 269 Part 2: Configure Multiarea OSPFv2 271 Part 3: Exploring Link-State Announcements Router Interface Summary Table Device Configs – Final Router R1 293 Router R2 295 Router R3 297 285 293 293 Switch D1 298 Switch D2 303 9.1.3 Lab – OSPFv2 Route Summarization and Filtering (Instructor Version) 308 Topology 308 Addressing Table Objectives 308 309 Background/Scenario 309 Required Resources 310 Instructions 310 Part 1: Build the Network, Configure Basic Device Settings and Routing Part 2: OSPFv2 Route Summarization Part 3: OSPFv2 Route Filtering 322 Router Interface Summary Table 325 Device Configs – Final 325 Router R1 325 Router R2 327 Router R3 329 Switch D1 331 Switch D2 335 318 310 ix Chapter 10 OSPFv3 341 10.1.2 Lab – Implement Multiarea OSPFv3 (Instructor Version) 341 Topology 341 Addressing Table Objectives 341 342 Background/Scenario 342 Required Resources 342 Instructions 343 Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing 343 Part 2: Configure Traditional OSPFv3 for IPv6 on D1 Part 3: Configure OSPFv3 for AF IPv4 and AF IPv6 Part 4: Verify OSPFv3 351 Part 5: Tune OSPFv3 357 345 347 Router Interface Summary Table 359 Device Configs – Final 360 Router R1 360 Router R2 362 Router R3 364 Switch D1 366 Switch D2 370 Chapter 11 BGP 377 11.1.2 Lab – Implement eBGP for IPv4 (Instructor Version) 377 Topology 377 Addressing Table Objectives 377 378 Background/Scenario 378 Required Resources 378 Instructions 378 Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing 378 Part 2: Configure and Verify eBGP for IPv4 on all Routers 380 Part 3: Configure and Verify Route Summarization and Atomic Aggregate 387 Part 4: Configure and Verify Route Summarization with Atomic Aggregate and AS-Set 390 Part 5: Configure and Verify the Advertising of a Default Route Router Interface Summary Table 392 Device Configs – Final 393 Router R1 393 Router R2 395 Router R3 397 392 x CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 11.1.3 Lab – Implement MP-BGP (Instructor Version) Topology 400 Addressing Table Objectives 400 400 Background/Scenario 401 Required Resources 401 Instructions 400 401 Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing 401 Part 2: Configure MP-BGP on all Routers 403 Part 3: Verify MP-BGP 406 Part 4: Configure and Verify IPv6 Route Summarization 412 Router Interface Summary Table 414 Device Configs – Final 414 Chapter 12 Router R1 414 Router R2 417 Router R3 419 Advanced BGP 423 12.1.2 Lab – Implement BGP Path Manipulation (Instructor Version) 423 Topology 423 Addressing Table Objectives 423 424 Background/Scenario 424 Required Resources 424 Instructions 424 Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing 424 Part 2: Configure and Verify Multi-Protocol BGP on all Routers 427 Part 3: Configure and Verify BGP Path Manipulation Settings on all Routers 431 Router Interface Summary Table Device Configs – Final Router R1 437 Router R2 440 Router R3 442 437 437 12.1.3 Lab – Implement BGP Communities (Instructor Version) 446 Topology 446 Addressing Table Objectives 446 447 Background/Scenario 447 Required Resources 447 xi Instructions 447 Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing 447 Part 2: Configure and Verify Multi-Protocol BGP on all Routers Part 3: Configure and Verify BGP Communities on all Routers 450 455 Reflection Questions 461 Router Interface Summary Table 461 Device Configs – Final 462 Chapter 13 Router R1 462 Router R2 465 Router R3 467 Multicast 471 There are no labs in this chapter Chapter 14 QoS 473 There are no labs in this chapter Chapter 15 IP Services 475 15.1.2 Lab – Implement NTP (Instructor Version) 475 Topology 475 Addressing Table Objectives 475 475 Background/Scenario 476 Required Resources 477 Instructions 477 Part 1: Build the Network, Configure Basic Device Settings and Routing 477 Part 2: Configure NTP in a P2P Network 480 Part 3: Configure NTP in a Multiaccess Broadcast Network Router Interface Summary Table 488 Device Configs – Final 488 Router R1 488 Router R2 490 Router R3 492 Switch D1 493 Switch D2 497 Switch A1 502 15.1.3 Lab – Implement HSRP (Instructor Version) 505 Topology 505 Addressing Table Objectives 505 506 Background/Scenario 506 Required Resources 506 485 xii CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 Instructions 507 Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing 507 Part 2: Configure and Observe HSRP for IPv4 and IPv6 510 Part 3: Configure and Observe HSRP Authentication 513 Part 4: Configure and Observe HSRP Object Tracking 515 Device Configs – Final 517 Switch D1 517 Switch D2 523 Switch A1 529 15.1.4 Lab – Implement VRRP (Instructor Version) 533 Topology 533 Addressing Table Objectives 533 534 Background/Scenario 534 Required Resources 535 Instructions 535 Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing 535 Part 2: Configure and Observe VRRP for IPv4 and IPv6 538 Part 3: Configure and Observe VRRP Object Tracking 542 Device Configs – Final 544 Switch D1 544 Switch D2 550 Switch A1 556 15.1.5 Lab – Implement GLBP (Instructor Version) Topology 560 Addressing Table Objectives 560 561 Background/Scenario 561 Required Resources 561 Instructions 560 562 Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing 562 Part 2: Configure and Observe GLBP for IPv4 and IPv6 565 Part 3: Configure and Observe GLBP Authentication 569 Part 4: Configure and Observe GLBP Object Tracking Device Configs – Final 574 Switch D1 574 Switch D2 580 Switch A1 585 570 xiii 15.1.6 Lab – Implement NAT (Instructor Version) 590 Topology 590 Addressing Table Objectives 590 590 Background/Scenario 591 Required Resources 591 Instructions 591 Part 1: Build the Network and Configure Basic Device Settings Part 2: Configure and Verify Static Inside NAT Part 3: Configure and Verify Pooled NAT Part 4: Configure and Verify NAT Overload 591 594 596 598 Router Interface Summary Table 599 Device Configs – Final 599 Router R1 599 Router R2 601 Router R3 603 Switch D1 604 Switch D2 609 Chapter 16 Overlay Tunnels 615 16.1.2 Lab – Implement a GRE Tunnel (Instructor Version) 615 Topology 615 Addressing Table Objectives 615 615 Background/Scenario 616 Required Resources 616 Instructions 616 Part 1: Build the Network and Configure Basic Device Settings 616 Part 2: Configure and Verify GRE Tunnels with Static Routing 619 Part 3: Configure and Verify GRE Tunnels with Dynamic Routing Part 4: Examine the Recursive Routing Problem with GRE 626 Router Interface Summary Table 627 Device Configs – Final 628 Router R1 628 Router R2 630 Router R3 632 16.1.3 Lab – Implement IPsec Site-to-Site VPNs (Instructor Version) 636 Topology 636 Addressing Table Objectives 636 637 Background/Scenario 637 Required Resources 638 622 xiv CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 Instructions 638 Part 1: Build the Network, Configure Basic Device Settings and Static Routing 638 Part 2: Configure a Site-to-Site VPN using Crypto Maps Between R1 and R3 644 Part 3: Verify a Site-to-Site VPN Between R1 and R3 Router Interface Summary Table Device Configs – Final Router R1 657 Router R2 659 Router R3 661 651 657 657 Layer 3 Switch D1 663 Layer 3 Switch D3 668 16.1.4 Lab – Implement GRE over IPsec Site-to-Site VPNs (Instructor Version) 675 Topology 675 Addressing Table Objectives 675 676 Background/Scenario 676 Required Resources 677 Instructions 677 Part 1: Build the Network, Configure Basic Device Settings and Static Routing 677 Part 2: Configure GRE over IPsec using a Crypto Map on R1 683 Part 3: Configure GRE over IPsec using a Tunnel IPsec Profile on R3 685 Part 4: Verify the GRE over IPsec Tunnel on R1 and R3 687 Router Interface Summary Table 691 Device Configs – Final 692 Router R1 692 Router R2 694 Router R3 696 Switch D1 698 Switch D3 703 16.1.5 Lab – Implement IPsec VTI Site-to-Site VPNs (Instructor Version) Topology 709 Addressing Table Objectives 709 710 Background/Scenario 710 Required Resources 711 709 xv Instructions 711 Part 1: Build the Network, Configure Basic Device Settings and Static Routing 711 Part 2: Configure Static IPsec VTI on R1 and R3 Part 3: Verify Static IPsec VTI on R1 and R3 717 720 Router Interface Summary Table 724 Device Configs – Final 725 Router R1 725 Router R2 727 Router R3 729 Switch D1 731 Switch D3 737 Chapter 17 Wireless Signals and Modulation 745 There are no labs in this chapter Chapter 18 Wireless Infrastructure 747 There are no labs in this chapter Chapter 19 Understanding Wireless Roaming and Location Services 749 There are no labs in this chapter Chapter 20 Authenticating Wireless Clients 751 There are no labs in this chapter Chapter 21 Troubleshooting Wireless Connectivity 753 There are no labs in this chapter Chapter 22 Enterprise Network Architecture 755 There are no labs in this chapter Chapter 23 Fabric Technologies 757 There are no labs in this chapter Chapter 24 Network Assurance 759 24.1.2 Lab – Use Connectivity Tests and Debug for Network Assurance (Instructor Version) 759 Topology 759 Addressing Table Objectives 759 760 Background/Scenario 760 Required Resources 760 Instructions 760 Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing 760 Part 2: Explore Ping Options and Extended Ping Commands 764 xvi CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 Part 3: Explore Traceroute Options and Extended Traceroute Commands 769 Part 4: Explore Common Debug Commands and Conditional Debugging 771 Part 5: Troubleshoot OSPF with Debugging 774 Router Interface Summary Table 777 Device Configs – Final 777 Router R1 777 Router R2 779 Router R3 781 24.1.3 Lab – Implement SNMP and Syslog (Instructor Version) Topology 784 Addressing Table Objectives 784 784 784 Background/Scenario 785 Required Resources 785 Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing 785 Part 2: Configure and Verify SNMP 788 Part 3: Configure and Verify Syslog 790 Router Interface Summary Table Device Configs – Final Router R1 794 Switch D1 800 Switch A1 807 794 794 24.1.4 Lab – Implement Flexible Netflow (Instructor Version) 812 Topology 812 Addressing Table Objectives 812 812 Background/Scenario 812 Required Resources 813 Instructions 813 Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing 813 Part 2: Configure and Verify Flexible Netflow Part 3: (Optional) Configure and Verify Netflow Router Interface Summary Table 823 Device Configs – Final 823 Router R1 823 Switch D1 826 Switch A1 831 816 820 xvii 24.1.5 Lab – Implement SPAN Technologies (Instructor Version) Topology 835 Addressing Table Objectives 835 835 835 Background/Scenario 836 Required Resources 836 Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing 836 Part 2: Configure and Verify Local SPAN Part 3: Configure and Verify RSPAN Device Configs – Final Switch D1 839 840 842 842 Switch A1 847 24.1.6 Lab – Implement IP SLA (Instructor Version) 851 Topology 851 Addressing Table Objectives 851 852 Background/Scenario 852 Required Resources 853 Instructions 853 Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing 853 Part 2: Configure and Observe IP SLA Operations 861 Part 3: Configure and Observe HSRP IP SLA Tracking 864 Router Interface Summary Table 866 Device Configs – Final 866 Router R1 866 Router R2 868 Router R3 870 Switch D1 872 Switch D2 879 Switch A1 886 Chapter 25 Secure Network Access Control 891 25.1.2 Lab – Install the CCNP Virtual Machine (Instructor Version) 891 Objectives 891 Background/Scenario 891 Required Resources 891 Instructions 891 Part 1: Prepare a Computer for Virtualization 891 Part 2: Configure Your Network and Explore the GUI 892 xviii CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 Chapter 26 Network Device Access Control and Infrastructure Security 26.1.2 Lab – Implement IPv4 ACLs (Instructor Version) Topology 895 896 Background/Scenario 896 Required Resources 896 Instructions 895 895 Addressing Table Objectives 895 897 Part 1: Build the Network and Configure Basic Device Settings Part 2: Verify Initial Connectivity 897 900 Part 3: Implement Standard ACLs on R3 900 Part 4: Implement a Named Extended ACL from Area 1 to Area 2 902 Part 5: Implement a Named Extended ACL from Area 2 to Area 1 904 Part 6: Implement a Port ACL on D2 905 Part 7: Implement a VLAN ACL on D2 Router Interface Summary Table Device Configs – Final Router R1 908 Router R3 911 906 908 908 Switch D1 913 Switch D2 917 Switch A1 922 26.1.3 Lab – Configure Protections for Passwords and Terminal Lines (Instructor Version) 926 Topology 926 Addressing Table Objectives 926 926 Background/Scenario 926 Required Resources 927 Part 1: Build the Network and Configure Basic Device Settings Part 2: Explore Password Protection Options 929 Part 3: Configure and Verify Terminal Line Protection Options Reflection Questions Router R1 932 935 Router Interface Summary Table Device Configs 927 935 936 936 Switch D1 938 Switch A1 943 26.1.4 Lab – Configure Local and Server-Based AAA Authentication (Instructor Version) 947 Topology 947 Addressing Table Objectives 947 947 xix Background/Scenario 947 Required Resources 948 Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing 948 Part 2: Configure Local AAA Authentication 950 Part 3: Configure Server-Based AAA using RADIUS on A1 953 Part 4: Configure Server-Based AAA using TACACS+ on D1 955 Router Interface Summary Table Device Configs Router R1 958 958 958 Switch D1 960 Switch A1 965 26.1.5 Lab – Implement CoPP (Instructor Version) Topology 969 Addressing Table Objectives 969 969 969 Background/Scenario 969 Required Resources 970 Part 1: Build the Network and Configure Basic Device Settings Part 2: Verify Initial Connectivity 972 Part 3: Implement a CoPP Policy on R1 972 Part 4: Verify the CoPP Policy on R1. 975 Part 5: (Challenge) Further Classify Default Traffic Reflection Questions Router Interface Summary Table Device Configs Chapter 27 Router R1 981 Router R2 984 Switch A1 986 980 981 981 981 Virtualization 991 There are no labs in this chapter Chapter 28 Foundational Network Programmability Concepts 993 28.1.2 Lab – Construct a Basic Python Script (Instructor Version) 993 Objectives 993 Background/Scenario 993 Required Resources 993 Instructions 993 Part 1: Explore the Python Interpreter 993 Part 2: Explore Data Types, Variables, and Conversions Part 3: Explore Lists and Dictionaries Part 4: Explore User Input 1000 998 996 970 xx CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 Part 5: Explore If Functions and Loops 1001 Part 6: Explore File Access 1005 28.1.3 Lab – Use the Netmiko Python Module to Configure a Router (Instructor Version) 1009 Topology 1009 Addressing Table Objectives 1009 1009 Background/Scenario 1009 Required Resources 1009 Instructions 1010 Part 1: Build the Network and Verify Connectivity 1010 Part 2: Import Netmiko Python Module 1012 Part 3: Use Netmiko to Connect to the SSH Service 1012 Part 4: Use Netmiko to Send a Verification Command 1013 Part 5: Use Netmiko to Send and Verify a Configuration Part 6: Use Netmiko to Send an Erroneous Command Part 7: Modify the Program Used in this Lab 1014 1015 1016 Router Interface Summary Table 1017 Device Configs – Final 1017 Router R1 1017 28.1.4 Lab – Use NETCONF to Access an IOS XE Router (Instructor Version) 1020 Topology 1020 Addressing Table Objectives 1020 1020 Background/Scenario 1020 Required Resources 1020 Instructions 1021 Part 1: Build the Network and Verify Connectivity 1021 Part 2: Use a NETCONF Session to Gather Information Part 3: Use ncclient to Connect to NETCONF 1023 1027 Part 4: Use ncclient to Retrieve the Configuration 1029 Part 5: Use ncclient to Configure a Device 1032 Part 6: Modify the Program Used in this Lab 1035 Router Interface Summary Table 1037 Device Configs – Final 1038 Router R1 1038 28.1.5 Lab – Use RESTCONF to Access an IOS XE Router (Instructor Version) 1041 Topology 1041 Addressing Table Objectives 1041 1041 Background/Scenario 1041 xxi Required Resources Instructions 1041 1042 Part 1: Build the Network and Verify Connectivity 1042 Part 2: Configure an IOS XE Device for RESTCONF Access 1044 Part 3: Open and Configure Postman 1045 Part 4: Use Postman to Send GET Requests 1045 Part 5: Use Postman to Send a PUT Request 1048 Part 6: Use a Python Script to Send GET Requests 1050 Part 7: Use a Python Script to Send a PUT Request 1053 Programs Used in this Lab 1055 Router Interface Summary Table 1056 Device Configs – Final 1057 Router R1 Chapter 29 1057 Introduction to Automation Tools 1061 29.1.2 Lab – Construct an EEM Applet (Instructor Version) Topology Addressing Table Objectives 1061 1061 Background/Scenario 1061 Required Resources 1062 Instructions 1061 1061 1062 Part 1: Build the Network and Verify Connectivity 1062 Part 2: Implement a Syslog Detector EEM Applet 1063 Part 3: Implement a CLI Detector EEM Applet Router Interface Summary Table 1069 1066 xxii CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 About This Lab Manual This is the only authorized Lab Manual for the Cisco Networking Academy CCNP Enterprise: Core Networking (ENCOR) v8 Course. The two courses in this CCNP Enterprise version 8.0 curriculum provide students with knowledge and skills needed to configure, operate, and troubleshoot large scale enterprise networks. The courses cover a broad range of routing, switching, and wireless topics along with security best practices used in software-driven digital networks. CCNP Enterprise certification requires candidates to pass two 120-minute exams: CCNP and CCIE Enterprise Core ENCOR 350-401 and CCNP Enterprise Advanced Routing ENARSI 300-410. By the end of the CCNP course series, students gain practical, hands-on lab experience preparing them for the CCNP Enterprise certification exams and career-ready skills for professional-level roles in the Information & Communication Technologies (ICT) industry. CCNP Enterprise: Core Networking This first course in the 2-course CCNP Enterprise series covers switching, routing, wireless, and related security topics, along with the technologies that support software-defined, programmable networks. Comprehensive labs emphasize hands-on learning and practice to reinforce configuration and troubleshooting skills. This course directly prepares for the Cisco Enterprise Network Core Technologies exam (350401 ENCOR) to earn an Enterprise Core Specialist certification. Completion of both courses in the CCNP Enterprise course series prepares for the CCNP Enterprise certification exam. The 37 comprehensive labs in this manual emphasize hands-on learning and practice to reinforce configuration skills. CHAPTER 1 Packet Forwarding 1.1.2 Lab – Implement Inter-VLAN Routing (Instructor Version) Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only. Topology Addressing Table Device Interface IPv4 Address IPv6 Address IPv6 Link-Local R1 G0/0/1 10.1.13.1/24 2001:db8:acad:10d1::1/64 fe80::1:1 S0/1/1 10.1.3.1/24 2001:db8:acad:1013::1/64 fe80::1:2 D1 G1/0/11 10.1.13.13/24 2001:db8:acad:10d1::d1/64 fe80::d1:1 VLAN50 10.2.50.1/24 2001:db8:acad:1050::d1/64 fe80::d1:2 VLAN60 10.2.60.1/24 2001:db8:acad:1060::d1/64 fe80::d1:3 S0/1/1 10.1.3.3/24 2001:db8:acad:1013::3/64 fe80::3:1 G0/0/1.75 10.3.75.1/24 2001:db8:acad:3075::1/64 fe80::3:2 G0/0/1.85 10.3.85.1/24 2001:db8:acad:3085::1/64 fe80::3:3 D2 VLAN75 10.3.75.14/24 2001:db8:acad:3075::d2/64 fe80::d2:1 PC1 NIC 10.2.50.50/24 2001:db8:acad:1050::50/64 EUI-64 R3 PC2 NIC 10.2.60.50/24 2001:db8:acad:1060::50/64 EUI-64 PC3 NIC 10.3.75.50/24 2001:db8:acad:3075::50/64 EUI-64 PC4 NIC 10.3.85.50/24 2001:db8:acad:3085::50/64 EUI-64 2 CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 Objectives Part 1: Build the Network and Configure Basic Device Settings Part 2: Configure and Verify Inter-VLAN Routing on a Layer 3 Switch Part 3: Configure and Verify Router-based Inter-VLAN Routing Part 4: Examine CAM and CEF Details Background/Scenario The methods used to move packets and frames from one interface to the next have changed over the years. In this lab you will configure Inter-VLAN Routing in its various forms and then examine the different tables used in making forwarding decisions. Note: This lab is an exercise in configuring and verifying various methods of Inter-VLAN routing and does not reflect networking best practices. Note: The routers and switches used with CCNP hands-on labs are Cisco 4221 and Cisco 3650, both with Cisco IOS XE Release 16.9.4 (universalk9 image). Other routers and Cisco IOS versions can be used. Depending on the model and Cisco IOS version, the commands available and the output produced might vary from what is shown in the labs. Note: Ensure that the routers and switches have been erased and have no startup configurations. If you are unsure contact your instructor. Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices. Required Resources ■ 2 Routers (Cisco 4221 with Cisco IOS XE Release 16.9.4 universal image or comparable) ■ 2 Switches (Cisco 3650 with Cisco IOS XE Release 16.9.4 universal image or comparable) ■ 4 PCs (PC with terminal emulation program, such as Tera Term) ■ Console cables to configure the Cisco IOS devices via the console ports ■ Ethernet and serial cables as shown in the topology Instructions Part 1: Build the Network and Configure Basic Device Settings In Part 1, you will set up the network topology and configure basic settings. Step 1. Cable the network as shown in the topology. Attach the devices as shown in the topology diagram, and cable as necessary. Chapter 1: Packet Forwarding Step 2. 3 Configure basic settings for each device. a. Console into each router, enter global configuration mode, and apply the basic settings using the following startup configurations. Router R1 no ip domain lookup hostname R1 line con 0 exec-timeout 0 0 logging synchronous exit banner motd # This is R1, Inter-VLAN Routing Lab # Router R3 no ip domain lookup hostname R3 line con 0 exec-timeout 0 0 logging synchronous exit banner motd # This is R3, Inter-VLAN Routing Lab # Switch D1 no ip domain lookup hostname D1 line con 0 exec-timeout 0 0 logging synchronous exit banner motd # This is D1, Inter-VLAN Routing Lab # interface range g1/0/1-24, g0/0, g1/1/1-4 shutdown Switch D2 no ip domain lookup hostname D2 line con 0 exec-timeout 0 0 logging synchronous exit banner motd # This is D2, Inter-VLAN Routing Lab # interface range g1/0/1-24, g0/0, g1/1/1-4 shutdown b. Set the clock on each device to UTC time. c. Save the running configuration to startup-config. 4 CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 Part 2: Configure and Verify Inter-VLAN Routing on a Layer 3 Switch In Part 2, you will configure and verify inter-VLAN Routing on a Layer 3 switch. For this part, you will focus on the configuration of switch D1 and router R1. Note: The default Switch Database Manager (SDM) template on a Catalyst 3650 running IOS XE supports dualstacked operations and requires no additional configuration for our purposes. If you are using an alternate device running Cisco IOS, check the SDM template with the privileged EXEC command show sdm prefer and verify that the ‘number of IPv6 unicast routes’ supported is not zero. If it is zero, you must change the SDM template to one that supports IPv6 using the sdm prefer template_name global configuration command. The template name will vary depending on the IOS version. Changing the template will require a reboot. Step 1. On D1, configure Inter-VLAN Routing. a. Configure D1 to support IP routing and IPv6 unicast routing. D1(config)# ip routing D1(config)# ipv6 unicast-routing b. Create the VLANs and name them as specified in the topology. D1(config)# vlan 50 D1(config-vlan)# name Group50 D1(config-vlan)# exit D1(config)# vlan 60 D1(config-vlan)# name Group60 D1(config-vlan)# exit c. Assign the G1/0/23 to VLAN 50 and G1/0/24 to VLAN 60. D1(config)# interface g1/0/23 D1(config-if)# switchport mode access D1(config-if)# switchport access vlan 50 D1(config-if)# no shutdown D1(config-if)# exit D1(config)# interface g1/0/24 D1(config-if)# switchport mode access D1(config-if)# switchport access vlan 60 D1(config-if)# no shutdown D1(config-if)# exit d. Create the Switched Virtual Interfaces (SVI) that will support VLAN 50 and VLAN 60. D1(config)# interface vlan 50 D1(config-if)# ip address 10.2.50.1 255.255.255.0 D1(config-if)# ipv6 address fe80::d1:2 link-local D1(config-if)# ipv6 address 2001:db8:acad:1050::d1/64 D1(config-if)# no shutdown D1(config-if)# exit D1(config)# interface vlan 60 D1(config-if)# ip address 10.2.60.1 255.255.255.0 D1(config-if)# ipv6 address fe80::d1:3 link-local D1(config-if)# ipv6 address 2001:db8:acad:1060::d1/64 Chapter 1: Packet Forwarding 5 D1(config-if)# no shutdown D1(config-if)# exit e. Configure PC1 with the addresses specified in the Addressing Table. Further assign default gateways of 10.2.50.1 and 2001:db8:acad:1050::d1. f. Configure PC2 with the addresses specified in the Addressing Table. Further assign default gateways of 10.2.60.1 and 2001:db8:acad:1060::d1. g. From PC1, ping PC2’s IPv4 and IPv6 address. Success indicates that D1 is performing Inter-VLAN Routing. h. Examine the MAC address table on D1 with the command show mac address-table dynamic. You should see PC1 and PC2’s mac addresses listed with the ports they are connected to. D1# show mac address-table dynamic Mac Address Table ——————————————Vlan Mac Address Type Ports —- ———– ——– —– 50 0050.56b3.8137 DYNAMIC Gi1/0/23 60 0050.56b3.994b DYNAMIC Gi1/0/24 Total Mac Addresses for this criterion: 2 Step 2. On D1, configure a routed port and default routes towards R1. a. Configure interface G1/0/11 as a routed port with addressing as specified in the topology diagram. D1(config)# interface g1/0/11 D1(config-if)# no switchport D1(config-if)# ip address 10.1.13.13 255.255.255.0 D1(config-if)# ipv6 address fe80::d1:1 link-local D1(config-if)# ipv6 address 2001:db8:acad:10d1::d1/64 D1(config-if)# no shutdown D1(config-if)# exit b. Verify that interface G1/0/11 is no longer associated with the VLAN database by issuing the command show vlan brief | i g1/0/11. There should be no output. c. Configure static default routes for IPv4 and IPv6 that point towards the interface address at R1. D1(config)# ip route 0.0.0.0 0.0.0.0 10.1.13.1 D1(config)# ipv6 route ::/0 2001:db8:acad:10d1::1 You may see the error message %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.1.13.1. This indicates that the switch sent an ARP for the MAC address of 10.1.13.1 and got no reply. We will configure that next. Step 3. On R1, configure interface addressing and static routing. a. Configure R1 to support IPv6 unicast routing. R1(config)# ipv6 unicast-routing b. Configure the interfaces on R1 with the addresses specified in the Addressing Table. R1(config)# interface g0/0/1 R1(config-if)# ip address 10.1.13.1 255.255.255.0 6 CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 R1(config-if)# ipv6 address fe80::1:1 link-local R1(config-if)# ipv6 address 2001:db8:acad:10d1::1/64 R1(config-if)# no shutdown R1(config-if)# exit R1(config)# interface s0/1/1 R1(config-if)# ip address 10.1.3.1 255.255.255.0 R1(config-if)# ipv6 address fe80::1:2 link-local R1(config-if)# ipv6 address 2001:db8:acad:1013::1/64 R1(config-if)# no shutdown R1(config-if)# exit c. Configure routing on R1. Configure static routes to the networks supported by D1 and a default route for everything else point at R3. R1(config)# ip route 10.2.0.0 255.255.0.0 10.1.13.13 R1(config)# ipv6 route 2001:db8:acad:1050::/64 2001:db8:acad:10d1::d1 R1(config)# ipv6 route 2001:db8:acad:1060::/64 2001:db8:acad:10d1::d1 R1(config)# R1(config)# ip route 0.0.0.0 0.0.0.0 10.1.3.3 R1(config)# ipv6 route ::/0 2001:db8:acad:1013::3 R1(config)# d. From R1, ping PC2 with IPv4 and IPv6. All pings should be successful. Part 3: Configure and Verify Router-based Inter-VLAN Routing Note: The default Switch Database Manager (SDM) template on a Catalyst 3650 running IOS XE supports dualstacked operations and requires no additional configuration for our purposes. If you are using an alternate device running Cisco IOS, check the SDM template with the privileged exec command show sdm prefer and verify that the ‘number of IPv6 unicast routes’ supported is not zero. If it is zero, you must change the SDM template to one that supports IPv6 using the sdm prefer template_name global configuration command. The template name will vary depending on the IOS version. Changing the template will require a reboot. Step 1. Configure D2 to support the required VLANs. a. Create the VLANs and name them as specified in the topology. In addition, create vlan 999 and name it NativeVLAN. D2(config)# vlan 75 D2(config-vlan)# name Group75 D2(config-vlan)# exit D2(config)# vlan 85 D2(config-vlan)# name Group85 D2(config-vlan)# exit D2(config)# vlan 999 D2(config-vlan)# name NativeVLAN D2(config-vlan)# exit b. Assign the G1/0/23 to VLAN 75 and G1/0/24 to VLAN 85. Chapter 1: Packet Forwarding c. 7 Create a Switched Virtual Interface that will operate within VLAN 75. D2(config)# interface vlan75 D2(config-if)# ip address 10.3.75.14 255.255.255.0 D2(config-if)# ipv6 address fe80::d2:1 link-local D2(config-if)# ipv6 address 2001:db8:acad:3075::d2/64 D2(config-if)# no shutdown D2(config-if)# exit d. Create an IEEE 802.1Q-based trunk to R3. As a part of the configuration of the trunk, set the native VLAN to VLAN 999 and filter the VLANs allowed on the trunk down to only those that are configured. D2(config)# interface g1/0/11 D2(config-if)# switchport mode trunk D2(config-if)# switchport trunk native vlan 999 D2(config-if)# switchport trunk allowed vlan 75,85,999 D2(config-if)# no shutdown D2(config-if)# exit Step 2. Configure R3 to support Inter-VLAN Routing. a. Configure R3 to support IPv6 unicast routing. b. Configure the subinterfaces needed on R3 interface G0/0/1 to support the configured VLANs. Ensure an interface is created for the native VLAN 999. R3(config)# interface g0/0/1 R3(config-if)# no shutdown R3(config-if)# exit R3(config)# interface g0/0/1.75 R3(config-subif)# encapsulation dot1q 75 R3(config-subif)# ip address 10.3.75.1 255.255.255.0 R3(config-subif)# ipv6 address fe80::3:2 link-local R3(config-subif)# ipv6 address 2001:db8:acad:3075::1/64 R3(config-subif)# no shutdown R3(config-subif)# exit R3(config)# interface g0/0/1.85 R3(config-subif)# encapsulation dot1q 85 R3(config-subif)# ip address 10.3.85.1 255.255.255.0 R3(config-subif)# ipv6 address fe80::3:3 link-local R3(config-subif)# ipv6 address 2001:db8:acad:3085::1/64 R3(config-subif)# no shutdown R3(config-subif)# exit R3(config)# interface g0/0/1.999 R3(config-subif)# encapsulation dot1q 999 native R3(config-subif)# no shutdown R3(config-subif)# exit c. Configure PC3 with the addresses specified in the Addressing Table. Further assign default gateways of 10.3.75.1 and 2001:db8:acad:3075::1. d. Configure PC4 with the addresses specified in the Addressing Table. Further assign default gateways of 10.3.85.1 and 2001:db8:acad:3085::1. e. From PC3, ping PC4’s IPv4 and IPv6 address. Success indicates that R3 is performing Inter-VLAN Routing. 8 CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 Step 3. Configure static routing to enable end-to-end reachability. a. On R3, configure interface S0/1/1 with the addresses specified in the Addressing Table. R3(config)# interface s0/1/1 R3(config-if)# ip address 10.1.3.3 255.255.255.0 R3(config-if)# ipv6 address fe80::3:1 link-local R3(config-if)# ipv6 address 2001:db8:acad:1013::3/64 R3(config-if)# no shutdown R3(config-if)# exit b. On R3, configure a static default route for IPv4 and IPv6 that points to R1’s S0/1/1 interface addresses. R3(config)# ip route 0.0.0.0 0.0.0.0 10.1.3.1 R3(config)# ipv6 route ::/0 2001:db8:acad:1013::1 c. On PC3, issue a ping to PC2. The ping should be successful. This indicates the routing solution is working in both directions. Part 4: Examine CAM and CEF Details In Part 4, you will examine CEF details on the devices you have configured. The objective of Cisco Express Forwarding is to speed up the process of moving data from one interface to another. To do this, as much data as possible is precompiled into two tables, the Forwarding Information Base (FIB) and the Adjacency Table. These are basically shortcuts that identify what interface a packet should be sent out of and how it should be framed. a. Issue the command show ip cef to see the compiled CEF table, which tells the device what to do with a frame or packet based on its destination address. This table gives the device a quick answer and keeps the CPU from getting directly involved. For example, packets destined to the 10.2.0.0/16 network are quickly resolved to the next-hop address of 10.1.13.13 exiting interface g0/0/1. R1# show ip cef Prefix Next Hop Interface 0.0.0.0/0 10.1.3.3 Serial0/1/1 0.0.0.0/8 drop 0.0.0.0/32 receive 10.1.3.0/24 attached Serial0/1/1 10.1.3.0/32 receive Serial0/1/1 10.1.3.1/32 receive Serial0/1/1 10.1.3.3/32 10.1.3.3 Serial0/1/1 10.1.3.255/32 receive Serial0/1/1 10.1.13.0/24 attached GigabitEthernet0/0/1 10.1.13.0/32 receive GigabitEthernet0/0/1 10.1.13.1/32 receive GigabitEthernet0/0/1 10.1.13.13/32 attached GigabitEthernet0/0/1 10.1.13.255/32 receive GigabitEthernet0/0/1 10.2.0.0/16 10.1.13.13 GigabitEthernet0/0/1 127.0.0.0/8 drop 224.0.0.0/4 drop 224.0.0.0/24 receive 240.0.0.0/4 drop 255.255.255.255/32 receive Chapter 1: Packet Forwarding b. Issue the command show adjacency, which shows you the address neighbors on each interface. R1# show adjacency c. Protocol Interface Address IP GigabitEthernet0/0/1 10.1.13.13(11) IP GigabitEthernet0/0/1 227.0.0.0(3) IPV6 GigabitEthernet0/0/1 2001:DB8:ACAD:10D1::D1(12) IPV6 GigabitEthernet0/0/1 FE80::D1:1(3) IPV6 GigabitEthernet0/0/1 FFFF::(3) IP Serial0/1/1 point2point(13) IPV6 Serial0/1/1 point2point(13) Expand this a bit and issue the command show adjacency detail, and you will see that the router has precompiled the Layer 2 headers and other details to allow it to package information quickly. R1# show adjacency detail Protocol Interface Address IP 10.1.13.13(11) GigabitEthernet0/0/1 20 packets, 1680 bytes epoch 0 sourced in sev-epoch 0 Encap length 14 001AE3CFB8C37079B39236410800 L2 destination address byte offset 0 L2 destination address byte length 6 Link-type after encap: ip ARP IP GigabitEthernet0/0/1 227.0.0.0(3) connectionid 1 0 packets, 0 bytes epoch 0 sourced in sev-epoch 0 Encap length 14 01005E0000007079B39236410800 L2 destination address byte offset 0 L2 destination address byte length 6 Link-type after encap: ip Inject p2mp Multicast IPV6 GigabitEthernet0/0/1 2001:DB8:ACAD:10D1::D1(12) 5 packets, 570 bytes epoch 0 sourced in sev-epoch 0 Encap length 14 001AE3CFB8C37079B392364186DD L2 destination address byte offset 0 L2 destination address byte length 6 Link-type after encap: ipv6 IPv6 ND IPV6 GigabitEthernet0/0/1 FE80::D1:1(3) 0 packets, 0 bytes epoch 0 9 10 CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 sourced in sev-epoch 0 Encap length 14 001AE3CFB8C37079B392364186DD L2 destination address byte offset 0 L2 destination address byte length 6 Link-type after encap: ipv6 IPv6 ND IPV6 GigabitEthernet0/0/1 FFFF::(3) connectionid 1 8 packets, 720 bytes epoch 0 sourced in sev-epoch 0 Encap length 14 3333000000007079B392364186DD L2 destination address byte offset 0 L2 destination address byte length 6 Link-type after encap: ipv6 Inject p2mp Multicast IP Serial0/1/1 point2point(13) 8 packets, 512 bytes epoch 0 sourced in sev-epoch 0 Encap length 4 0F000800 P2P-ADJ IPV6 Serial0/1/1 point2point(13) 18599 packets, 1756190 bytes epoch 0 sourced in sev-epoch 0 Encap length 4 0F0086DD P2P-ADJ Router Interface Summary Table Router Ethernet Interface #1 Model Ethernet Interface #2 Serial Interface #1 Serial Interface #2 1800 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) 1900 Gigabit Ethernet 0/0 (G0/0) Gigabit Ethernet 0/1 (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) 2801 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1) 2811 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) 2900 Gigabit Ethernet 0/0 (G0/0) Gigabit Ethernet 0/1 (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) 4221 Gigabit Ethernet 0/0/0 (G0/0/0) Gigabit Ethernet 0/0/1 (G0/0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1) 4300 Gigabit Ethernet 0/0/0 (G0/0/0) Gigabit Ethernet 0/0/1 (G0/0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1) Chapter 1: Packet Forwarding 11 Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many interfaces the router has. There is no way to effectively list all the combinations of configurations for each router class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device. The table does not include any other type of interface, even though a specific router may contain one. An example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be used in Cisco IOS commands to represent the interface. Device Configs – Final Router R1 R1# show run Building configuration… Current configuration : 1601 bytes ! version 16.9 service timestamps debug datetime msec service timestamps log datetime msec platform qfp utilization monitor load 80 no platform punt-keepalive disable-kernel-core ! hostname R1 ! boot-start-marker boot-end-marker ! no aaa new-model ! no ip domain lookup ! login on-success log ! subscriber templating ! ipv6 unicast-routing multilink bundle-name authenticated ! spanning-tree extend system-id ! redundancy mode none ! interface GigabitEthernet0/0/0 12 CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 no ip address negotiation auto ! interface GigabitEthernet0/0/1 ip address 10.1.13.1 255.255.255.0 negotiation auto ipv6 address FE80::1:1 link-local ipv6 address 2001:DB8:ACAD:10D1::1/64 ! interface Serial0/1/0 no ip address ! interface Serial0/1/1 ip address 10.1.3.1 255.255.255.0 ipv6 address FE80::1:2 link-local ipv6 address 2001:DB8:ACAD:1013::1/64 ! ip forward-protocol nd no ip http server ip http secure-server ip route 0.0.0.0 0.0.0.0 10.1.3.3 ip route 10.2.0.0 255.255.0.0 10.1.13.13 ! ipv6 route 2001:DB8:ACAD:1050::/64 2001:DB8:ACAD:10D1::D1 ipv6 route 2001:DB8:ACAD:1060::/64 2001:DB8:ACAD:10D1::D1 ipv6 route ::/0 2001:DB8:ACAD:1013::3 ! control-plane ! banner motd ^C This is R1, Inter-VLAN Routing Lab ^C ! line con 0 exec-timeout 0 0 logging synchronous transport input none stopbits 1 line aux 0 stopbits 1 line vty 0 4 login ! end Chapter 1: Packet Forwarding Router R3 R3# show run Building configuration… Current configuration : 1790 bytes ! version 16.9 service timestamps debug datetime msec service timestamps log datetime msec platform qfp utilization monitor load 80 no platform punt-keepalive disable-kernel-core ! hostname R3 ! boot-start-marker boot-end-marker ! no aaa new-model ! no ip domain lookup ! login on-success log ! subscriber templating ! ipv6 unicast-routing multilink bundle-name authenticated ! spanning-tree extend system-id ! redundancy mode none ! interface GigabitEthernet0/0/0 no ip address negotiation auto ! interface GigabitEthernet0/0/1 no ip address negotiation auto ! interface GigabitEthernet0/0/1.75 encapsulation dot1Q 75 13 14 CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 ip address 10.3.75.1 255.255.255.0 ipv6 address FE80::3:2 link-local ipv6 address 2001:DB8:ACAD:3075::1/64 ! interface GigabitEthernet0/0/1.85 encapsulation dot1Q 85 ip address 10.3.85.1 255.255.255.0 ipv6 address FE80::3:3 link-local ipv6 address 2001:DB8:ACAD:3085::1/64 ! interface GigabitEthernet0/0/1.999 encapsulation dot1Q 999 native ! interface Serial0/1/0 no ip address ! interface Serial0/1/1 ip address 10.1.3.3 255.255.255.0 ipv6 address FE80::3:1 link-local ipv6 address 2001:DB8:ACAD:1013::3/64 ! ip forward-protocol nd no ip http server ip http secure-server ip route 0.0.0.0 0.0.0.0 10.1.3.1 ! ipv6 route ::/0 2001:DB8:ACAD:1013::1 ! control-plane ! banner motd ^C This is R3, Inter-VLAN Routing Lab ^C ! line con 0 exec-timeout 0 0 logging synchronous transport input none stopbits 1 line aux 0 stopbits 1 line vty 0 4 login ! end Chapter 1: Packet Forwarding Switch D1 D1# show run Building configuration… Current configuration : 9334 bytes ! version 16.9 no service pad service timestamps debug datetime msec service timestamps log datetime msec ! Call-home is enabled by Smart-Licensing. service call-home no platform punt-keepalive disable-kernel-core ! hostname D1 ! ! vrf definition Mgmt-vrf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! ! no aaa new-model switch 1 provision ws-c3650-24ts ! ip routing ! no ip domain lookup ! login on-success log ipv6 unicast-routing ! license boot level ipservicesk9 ! diagnostic bootup level minimal ! spanning-tree mode rapid-pvst spanning-tree extend system-id 15 16 CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 ! redundancy mode sso ! transceiver type all monitoring ! class-map match-any system-cpp-police-topology-control description Topology control class-map match-any system-cpp-police-sw-forward description Sw forwarding, L2 LVX data, LOGGING class-map match-any system-cpp-default description Inter FED, EWLC control, EWLC data class-map match-any system-cpp-police-sys-data description Learning cache ovfl, High Rate App, Exception, EGR Exception, NFL SAMPLED DATA, RPF Failed class-map match-any system-cpp-police-punt-webauth description Punt Webauth class-map match-any system-cpp-police-l2lvx-control description L2 LVX control packets class-map match-any system-cpp-police-forus description Forus Address resolution and Forus traffic class-map match-any system-cpp-police-multicast-end-station description MCAST END STATION class-map match-any system-cpp-police-multicast description Transit Traffic and MCAST Data class-map match-any system-cpp-police-l2-control description L2 control class-map match-any system-cpp-police-dot1x-auth description DOT1X Auth class-map match-any system-cpp-police-data description ICMP redirect, ICMP_GEN and BROADCAST class-map match-any system-cpp-police-stackwise-virt-control description Stackwise Virtual class-map match-any non-client-nrt-class class-map match-any system-cpp-police-routing-control description Routing control and Low Latency class-map match-any system-cpp-police-protocol-snooping description Protocol snooping class-map match-any system-cpp-police-dhcp-snooping description DHCP snooping class-map match-any system-cpp-police-system-critical description System Critical and Gold Pkt ! Chapter 1: Packet Forwarding policy-map system-cpp-policy ! ! interface GigabitEthernet0/0 vrf forwarding Mgmt-vrf no ip address shutdown negotiation auto ! interface GigabitEthernet1/0/1 shutdown ! interface GigabitEthernet1/0/2 shutdown ! interface GigabitEthernet1/0/3 shutdown ! interface GigabitEthernet1/0/4 shutdown ! interface GigabitEthernet1/0/5 shutdown ! interface GigabitEthernet1/0/6 shutdown ! interface GigabitEthernet1/0/7 shutdown ! interface GigabitEthernet1/0/8 shutdown ! interface GigabitEthernet1/0/9 shutdown ! interface GigabitEthernet1/0/10 shutdown ! interface GigabitEthernet1/0/11 no switchport ip address 10.1.13.13 255.255.255.0 ipv6 address FE80::D1:1 link-local ipv6 address 2001:DB8:ACAD:10D1::D1/64 17 18 CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 ! interface GigabitEthernet1/0/12 shutdown ! interface GigabitEthernet1/0/13 shutdown ! interface GigabitEthernet1/0/14 shutdown ! interface GigabitEthernet1/0/15 shutdown ! interface GigabitEthernet1/0/16 shutdown ! interface GigabitEthernet1/0/17 shutdown ! interface GigabitEthernet1/0/18 shutdown ! interface GigabitEthernet1/0/19 shutdown ! interface GigabitEthernet1/0/20 shutdown ! interface GigabitEthernet1/0/21 shutdown ! interface GigabitEthernet1/0/22 shutdown ! interface GigabitEthernet1/0/23 switchport access vlan 50 switchport mode access ! interface GigabitEthernet1/0/24 switchport access vlan 60 switchport mode access ! interface GigabitEthernet1/1/1 shutdown Chapter 1: Packet Forwarding ! interface GigabitEthernet1/1/2 shutdown ! interface GigabitEthernet1/1/3 shutdown ! interface GigabitEthernet1/1/4 shutdown ! interface Vlan1 no ip address shutdown ! interface Vlan50 ip address 10.2.50.1 255.255.255.0 ipv6 address FE80::D1:2 link-local ipv6 address 2001:DB8:ACAD:1050::D1/64 ! interface Vlan60 ip address 10.2.60.1 255.255.255.0 ipv6 address FE80::D1:3 link-local ipv6 address 2001:DB8:ACAD:1060::D1/64 ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip route 0.0.0.0 0.0.0.0 10.1.13.1 ! ! ipv6 route ::/0 2001:DB8:ACAD:10D1::1 ! ! control-plane service-policy input system-cpp-policy ! banner motd ^C This is D1, Inter-VLAN Routing Lab ^C ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 19 20 CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 stopbits 1 line vty 0 4 login line vty 5 15 login ! end Switch D2 D2# show run Building configuration… Current configuration : 9069 bytes ! version 16.9 no service pad service timestamps debug datetime msec service timestamps log datetime msec ! Call-home is enabled by Smart-Licensing. service call-home no platform punt-keepalive disable-kernel-core ! hostname D2 ! ! vrf definition Mgmt-vrf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! no aaa new-model switch 1 provision ws-c3650-24ts ! no ip domain lookup ! login on-success log ! license boot level ipservicesk9 ! diagnostic bootup level minimal Chapter 1: Packet Forwarding 21 ! spanning-tree mode rapid-pvst spanning-tree extend system-id ! redundancy mode sso ! transceiver type all monitoring ! class-map match-any system-cpp-police-topology-control description Topology control class-map match-any system-cpp-police-sw-forward description Sw forwarding, L2 LVX data, LOGGING class-map match-any system-cpp-default description Inter FED, EWLC control, EWLC data class-map match-any system-cpp-police-sys-data description Learning cache ovfl, High Rate App, Exception, EGR Exception, NFL SAMPLED DATA, RPF Failed class-map match-any system-cpp-police-punt-webauth description Punt Webauth class-map match-any system-cpp-police-l2lvx-control description L2 LVX control packets class-map match-any system-cpp-police-forus description Forus Address resolution and Forus traffic class-map match-any system-cpp-police-multicast-end-station description MCAST END STATION class-map match-any system-cpp-police-multicast description Transit Traffic and MCAST Data class-map match-any system-cpp-police-l2-control description L2 control class-map match-any system-cpp-police-dot1x-auth description DOT1X Auth class-map match-any system-cpp-police-data description ICMP redirect, ICMP_GEN and BROADCAST class-map match-any system-cpp-police-stackwise-virt-control description Stackwise Virtual class-map match-any non-client-nrt-class class-map match-any system-cpp-police-routing-control description Routing control and Low Latency class-map match-any system-cpp-police-protocol-snooping description Protocol snooping class-map match-any system-cpp-police-dhcp-snooping description DHCP snooping 22 CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 class-map match-any system-cpp-police-system-critical description System Critical and Gold Pkt ! policy-map system-cpp-policy ! interface GigabitEthernet0/0 vrf forwarding Mgmt-vrf no ip address shutdown negotiation auto ! interface GigabitEthernet1/0/1 shutdown ! interface GigabitEthernet1/0/2 shutdown ! interface GigabitEthernet1/0/3 shutdown ! interface GigabitEthernet1/0/4 shutdown ! interface GigabitEthernet1/0/5 shutdown ! interface GigabitEthernet1/0/6 shutdown ! interface GigabitEthernet1/0/7 shutdown ! interface GigabitEthernet1/0/8 shutdown ! interface GigabitEthernet1/0/9 shutdown ! interface GigabitEthernet1/0/10 shutdown ! interface GigabitEthernet1/0/11 switchport trunk native vlan 999 Chapter 1: Packet Forwarding switchport trunk allowed vlan 75,85,999 switchport mode trunk ! interface GigabitEthernet1/0/12 shutdown ! interface GigabitEthernet1/0/13 shutdown ! interface GigabitEthernet1/0/14 shutdown ! interface GigabitEthernet1/0/15 shutdown ! interface GigabitEthernet1/0/16 shutdown ! interface GigabitEthernet1/0/17 shutdown ! interface GigabitEthernet1/0/18 shutdown ! interface GigabitEthernet1/0/19 shutdown ! interface GigabitEthernet1/0/20 shutdown ! interface GigabitEthernet1/0/21 shutdown ! interface GigabitEthernet1/0/22 shutdown ! interface GigabitEthernet1/0/23 switchport access vlan 75 switchport mode access ! interface GigabitEthernet1/0/24 switchport access vlan 85 switchport mode access 23 24 CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 ! interface GigabitEthernet1/1/1 shutdown ! interface GigabitEthernet1/1/2 shutdown ! interface GigabitEthernet1/1/3 shutdown ! interface GigabitEthernet1/1/4 shutdown ! interface Vlan1 no ip address shutdown ! interface Vlan75 ip address 10.3.75.14 255.255.255.0 ipv6 address FE80::D2:1 link-local ipv6 address 2001:DB8:ACAD:3075::D2/64 ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ! control-plane service-policy input system-cpp-policy ! banner motd ^C This is D2, Inter-VLAN Routing Lab ^C ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 login line vty 5 15 login ! end CHAPTER 2 Spanning Tree Protocol 2.1.2 Lab – Observe STP Topology Changes and Implement RSTP (Instructor Version) Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only. Topology Addressing Table Device Interface IPv4 Address D1 VLAN1 10.0.0.1/8 D2 VLAN1 10.0.0.2/8 A1 VLAN1 10.0.0.3/8 Objectives Part 1: Build the Network and Configure Basic Device Settings Part 2: Observe STP Convergence and Topology Change Part 3: Configure and Verify Rapid Spanning Tree Background/Scenario The potential effect of a loop in the Layer 2 network is significant. Layer 2 loops could impact connected hosts as well as the network equipment. Layer 2 loops can be prevented by following good design practices and careful implementation of the Spanning Tree Protocol. In this lab, you will observe the operation of spanning tree protocols to protect the Layer 2 network from loops and topology disruptions. The terms “switch” and “bridge” will be used interchangeably throughout the lab. 26 CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 Note: This lab is an exercise in deploying and verifying various STP mechanisms. It does not reflect networking best practices. Note: The switches used with CCNP hands-on labs are Cisco 3650 with Cisco IOS XE release 16.9.4 (universalk9 image) and Cisco 2960+ with IOS release 15.2 (lanbase image). Other routers and Cisco IOS versions can be used. Depending on the model and Cisco IOS version, the commands available and the output produced might vary from what is shown in the labs. Note: Ensure that the switches have been erased and have no startup configurations. If you are unsure contact your instructor. Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices. Required Resources ■ 2 Switches (Cisco 3650 with Cisco IOS XE release 16.9.4 universal image or comparable) ■ 1 Switch (Cisco 2960+ with Cisco IOS release 15.2 lanbase image or comparable) ■ 1 PC (Windows with a terminal emulation program, such as Tera Term) ■ Console cables to configure the Cisco IOS devices via the console ports ■ Ethernet cables as shown in the topology Instructions Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing In Part 1, you will set up the network topology and configure basic settings and interface addressing on routers. Step 1. Cable the network as shown in the topology. Attach the devices as shown in the topology diagram, and cable as necessary. Step 2. Configure basic settings for each switch. a. Console into each switch, enter global configuration mode, and apply the basic settings and interface addressing. The startup configuration is provided below for each switch in the topology. Switch D1 hostname D1 spanning-tree mode pvst banner motd # D1, STP Topology Change and RSTP Lab # line con 0 exec-timeout 0 0 logging synchronous exit interface range g1/0/1-24, g1/1/1-4, g0/0 shutdown exit Chapter 2: Spanning Tree Protocol interface range g1/0/1, g1/0/5-6 switchport mode trunk no shutdown exit vlan 2 name SecondVLAN exit interface vlan 1 ip address 10.0.0.1 255.0.0.0 no shut exit Switch D2 hostname D2 banner motd # D2, STP Topology Change and RSTP Lab # spanning-tree mode pvst line con 0 exec-timeout 0 0 logging synchronous exit interface range g1/0/1-24, g1/1/1-4, g0/0 shutdown exit interface range g1/0/1, g1/0/5-6 switchport mode trunk no shutdown exit vlan 2 name SecondVLAN exit interface vlan 1 ip address 10.0.0.2 255.0.0.0 no shut exit Switch A1 hostname A1 banner motd # A1, STP Topology Change and RSTP Lab # spanning-tree mode pvst line con 0 exec-timeout 0 0 logging synchronous exit interface range f0/1-24, g0/1-2 shutdown exit interface range f0/1-4 switchport mode trunk no shutdown exit vlan 2 name SecondVLAN 27 28 CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 exit interface vlan 1 ip address 10.0.0.3 255.0.0.0 no shut exit b. Set the clock on each switch to UTC time. c. Save the running configuration to startup-config. Note: Outputs and Spanning Tree topologies highlighted in this lab may be different than what you observe using your own equipment. It is critically important for you to understand how Spanning Tree makes its decisions, and how those decisions impact the operational topology of the network. Part 2: Discover the Default Spanning Tree Your switches have been configured and interfaces have been enabled, and the Spanning Tree Protocol, operational by default, has already converged onto a loop-free logical network. In this part of the lab, we will discover what that default spanning tree looks like and evaluate why it converged the way it did. We will do this by following the same set of steps that Spanning Tree does. We will find the Root Bridge, then find the Root Ports, and lastly see which ports are Designated ports, and which ports are non-Designated ports in our topology. Step 1. Find the root bridge. Our switches are running the Cisco default PVST+, and we have two VLANs in the network, so we should see two root bridges. a. On A1, issue the command show spanning-tree root and observe what the output tells you about the root bridge. Amongst the lab devices being used to document this lab, A1 shows the root id with a cost of 19 and the root port as interface FastEthernet 0/1 for both VLAN1 and VLAN2. A1# show spanning-tree root Vlan Root ID Root Hello Max Fwd Cost Time Age Dly Root Port —————- ——————– ——— —– — — ———— VLAN0001 32769 d8b1.9028.af80 19 2 20 15 Fa0/1 VLAN0002 32770 d8b1.9028.af80 19 2 20 15 Fa0/1 Because we know from the physical topology diagram that A1 is connected to D1 using F0/1, and that interface is a FastEthernet interface, therefore having a cost of 19, D1 is the root bridge for both VLAN 1 and VLAN 2. The question at this point is – why? b. The root bridge is elected based upon which switch has the highest Bridge ID (BID). The BID is made up of a configurable priority value (which defaults to 32768) and the base MAC address for the switch. Use the command show spanning-tree root to gather that information from your switches to support the root bridge decision. D1# show spanning-tree root Chapter 2: Spanning Tree Protocol Vlan Root ID Root Hello Max Fwd Cost Time Age Dly —————- ——————– ——— —– — –VLAN0001 32769 d8b1.9028.af80 0 2 20 15 VLAN0002 32770 d8b1.9028.af80 0 2 20 15 29 Root Port ———— D2# show spanning-tree root Vlan Root ID Root Hello Max Fwd Cost Time Age Dly Root Port —————- ——————– ——— —– — — ———— VLAN0001 32769 d8b1.9028.af80 4 2 20 15 Gi1/0/1 VLAN0002 32770 d8b1.9028.af80 4 2 20 15 Gi1/0/1 A1# show spanning-tree root Vlan Root ID Root Hello Max Fwd Cost Time Age Dly Root Port —————- ——————– ——— —– — — ———— VLAN0001 32769 d8b1.9028.af80 19 2 20 15 Fa0/1 VLAN0002 32770 d8b1.9028.af80 19 2 20 15 Fa0/1 The first thing to look at is the priority value. It is 32768 by default. Because we are working with PVST+, a differentiator is added – the priority value is modified with the extended system ID, which is equal to the VLAN number. You can see in the output here that our three devices are using default priorities – 32769 for VLAN 1 (32768 + 1) and 32770 for VLAN 2 (32768 + 2). For each VLAN, the priority values are the same for each of the three switches. When this happens, the rest of the BID is taken into account. The rest of the BID includes the base MAC address. The lowest base MAC address is used to break the tie. c. What are the base MAC addresses for the devices we are using? Issue the command show version | include MAC (capitalized exactly like that) on each switch. D1# show version | include MAC Base Ethernet MAC Address : d8:b1:90:28:af:80 D2# show version | include MAC Base Ethernet MAC Address : d8:b1:90:5d:c3:00 D2# A1# show version | include MAC Base ethernet MAC Address : F0:78:16:47:45:80 Amongst the three switches being used to document this lab, D1 has the lowest base MAC address. The OUI portion of each MAC address is the same. The first set of hexadecimal characters are different; 0x28 is a lower number than 0x5d. This is what has caused D1 to be elected as the root bridge. Step 2. Find the Root Port for each switch. Each switch will have one single root port. This port represents the lowest path cost to the root bridge. Path Cost is the total of the Port Costs in the path to the root bridge. The Port Cost is based upon the bandwidth value of the port, and it can either be dynamically assigned or statically configured. 30 CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 a. As we saw in the previous output of show spanning-tree root on each switch, the path cost can be different amongst switches. In this case, the path cost from A1 to D1 is 19, reflecting connectivity via a FastEthernet port, while the path cost from D2 to D1 is 4, reflecting connectivity via a GigabitEthernet port. D1# show spanning-tree root Vlan Root ID Root Hello Max Fwd Cost Time Age Dly —————- ——————– ——— —– — –VLAN0001 32769 d8b1.9028.af80 0 2 20 15 VLAN0002 32770 d8b1.9028.af80 0 2 20 15 Root Port ———— D2# show spanning-tree root Vlan Root ID Root Hello Max Fwd Cost Time Age Dly Root Port —————- ——————– ——— —– — — ———— VLAN0001 32769 d8b1.9028.af80 4 2 20 15 Gi1/0/1 VLAN0002 32770 d8b1.9028.af80 4 2 20 15 Gi1/0/1 A1# show spanning-tree root Vlan b. Root ID Root Hello Max Fwd Cost Time Age Dly Root Port —————- ——————– ——— —– — — ———— VLAN0001 32769 d8b1.9028.af80 19 2 20 15 Fa0/1 VLAN0002 32770 d8b1.9028.af80 19 2 20 15 Fa0/1 These are direct connections to the root, so port cost and path cost are the same. This can be seen in the output of show spanning-tree. A1# show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Bridge ID Interface Priority 32769 Address d8b1.9028.af80 Cost 19 Port 1 (FastEthernet0/1) Hello Time 2 sec Max Age 20 sec Priority 32769 (priority 32768 sys-id-ext 1) Address f078.1647.4580 Hello Time 2 sec Aging Time 300 sec Role Sts Cost Max Age 20 sec Forward Delay 15 sec Forward Delay 15 sec Prio.Nbr Type ——————- —- — ——— ——– ——————————Fa0/1 Root FWD 19 128.1 P2p Fa0/2 Altn BLK 19 128.2 P2p Chapter 2: Spanning Tree Protocol c. 31 Our topology does not really illustrate the difference between port cost and path cost very well, so we will introduce a change in the network to achieve this. At D1, shutdown the g1/0/1 interface. The result of this is that D2 will have to change the port it considers root, and we will then see the difference between port cost and path cost. D1(config)# interface g1/0/1 D1(config-if)# shutdown d. On D2, issue the command show spanning-tree and you will see the port cost and path cost values separating themselves. D2# show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Bridge ID Priority 32769 Address d8b1.9028.af80 Cost 38 Port 5 (GigabitEthernet1/0/5) Hello Time 2 sec Max Age 20 sec Priority 32769 (priority 32768 sys-id-ext 1) Address d8b1.905d.c300 Hello Time 2 sec Aging Time 15 Interface Max Age 20 sec Forward Delay 15 sec Forward Delay 15 sec sec Role Sts Cost Prio.Nbr Type ——————- —- — ——— ——– ——————————Gi1/0/5 Root FWD 19 128.5 P2p Gi1/0/6 Altn BLK 19 128.6 P2p The root path cost is now 38, while the root port cost is 19. For D2 to reach the root bridge D1, it must traverse two FastEthernet links, and 19 times 2 is 38. Step 3. Identify Designated Ports. The Spanning Tree Designated Port can be traced back to the early versions of the protocol, which were developed when LAN segments were shared, multiaccess networks. In these networks, there was a very real possibility that there could be users attached to a segment between two switches. The job of the Designated Port back then was to ensure that users had a way to access the network from a given segment, and there was always one Designated Port on each segment. In the switched networks of today, there are very few shared segments, so the job of the Designated Port is more to help maintain the network topology. A Designated Port stays active in the topology, both sending BPDUs and learning MAC addresses. Every port on the Root Bridge is a Designated Port. Further, there is one Designated Port on every segment that is not attached directly to the root. a. If you have not already done so, issue the no shutdown command for D1 interface g1/0/1. This will restore our full topology and allow for the non-root attached segment to exist (the links between A1 and D2). 32 CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8 b. On D2, issue the show spanning-tree command, and you will see that there are two ports now identified as being in the Designated Port role. D2# show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Bridge ID Priority 32769 Address d8b1.9028.af80 Cost 4 Port 1 (GigabitEthernet1/0/1) Hello Time 2 sec Max Age 20 sec Priority 32769 (priority 32768 sys-id-ext 1) Address d8b1.905d.c300 Hello Time 2 sec Aging Time 300 sec Interface Max Age 20 sec Role Sts Cost Forward Delay 15 sec Forward Delay 15 sec Prio.Nbr Type ——————- —- — ——— ——– ——————————- c. Gi1/0/1 Root FWD 4 128.1 P2p Gi1/0/5 Desg FWD 19 128.5 P2p Gi1/0/6 Desg FWD 19 128.6 P2p And now look at the segments from the A1 side. Issue the show spanning-tree command on A1. A1# show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Bridge ID Interface Priority 32769 Address d8b1.9028.af80 Cost 19 Port 1 (FastEthernet0/1) Hello Time 2 sec Max Age 20 sec Priority 32769 (priority 32768 sys-id-ext 1) Address f078.1647.4580 Hello Time 2 sec Aging Time 300 sec Role Sts Cost Max Age 20 sec Forward Delay 15 sec Forward Delay 15 sec Prio.Nbr Type ——————- —- — ——— ——– ——————————Fa0/1 Root FWD 19 128.1 P2p Fa0/2 Altn BLK 19 128.2 P2p Fa0/3 Altn BLK 19 128.3 P2p Fa0/4 Altn BLK 19 128.4 P2p Interfaces F0/3 and F0/4 on A1 are in the Alternate Role, which is the Cisco PVST+ version of the IEEE 802.1D Discarding role. These interfaces are up and receiving BPDUs from the Designated Ports on each segment, but they will not learn MAC addresses or forward traffic until they stop receiving those BDPUs and move to the Designated state. Chapter 2: Spanning Tree Protocol 33 Why is D2 controlling the Designated Port role on these two segments? Because from the middle of the segment, D2 has a lower cost to the root bridge than does A1. The root cost on D2 is 4, while the root cost on A1 is 19. Therefore, it takes and maintains the Designated Ports for these two segments. d. You may have noticed in the previous output that the two links from A1 to D1 were not being used. Fa0/1 Root FWD 19 128.1 P2p Fa0/2 Altn BLK 19 128.2 P2p Each switch can only have a single root port. In this example, F0/2, which is in the Alternate Role, would only take over if F0/1 were to fail. The decision about which interface to use in this scenario is based on the lowest port priority, which defaults to 128.interface_id. Part 3: Implement and Observe Rapid Spanning Tree Protocol In Part 3, you will implement Rapid Spanning Tree Protocol (RSTP) on all the switches. Using the same basic rules, RSTP speeds up convergence significantly. a. On D2, issue the debug spanning-tree events command, and then issue the shutdown command for interface g1/0/1 and observe the output. D2# debug spanning-tree events D2# config t D2(config)# interface g1/0/1 D2(config-if)# shutdown D2(config-if)# *Dec 24 13:07:10.790: %LINK-5-CHANGED: Interface GigabitEthernet1/0/1, changed state to administratively down *Dec 24 13:07:11.790: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down D2(config-if)# *Dec 24 13:07:28.159: STP: VLAN0001 heard root 32769-d8b1.9028.af80 on Gi1/0/5 *Dec 24 13:07:28.160: supersedes 32769-d8b1.905d.c300 *Dec 24 13:07:28.161: STP: VLAN0001 new root is 32769, d8b1.9028.af80 on port Gi1/0/5, cost 38 *Dec 24 13:07:28.162: STP: VLAN0001 sent Topology Change Notice on Gi1/0/5 *Dec 24 13:07:28.165: STP[1]: Generating TC trap for port GigabitEthernet1/0/6 *Dec 24 13:07:28.166: STP: VLAN0001 Gi1/0/6 -> blocking *Dec 24 13:07:28.166: STP: VLAN0002 heard root 32770-d8b1.9028.af80 on Gi1/0/5 *Dec 24 13:07:28.167: supersedes 32770-d8b1.905d.c300 *Dec 24 13:07:28.167: STP: VLAN0002 new root is 32770, d8b1.9028.af80 on port Gi1/0/5, cost 38 D2(config-if)# *Dec 24 13:07:28.169: STP: VLAN0002 sent Topology Change Notice on Gi1/0/5 *Dec 24 13:07:28.171: STP[2]: Generating TC trap for port GigabitEthernet1/0/6 *Dec 24 13:07:28.171: STP: VLAN0002 Gi1/0/6 -> blocking D2(config-if)# From the above output, you can see that it took a total of about 17 seconds for spanning tree to adjust to the topology change. Rapid Spanning Tree can adjust much faster.