Solution Manual for CCNP Enterprise: Core Networking (ENCOR) v8 Lab Manual, 2nd Edition
Preview Extract
CCNP Enterprise: Core
Networking (ENCOR) Lab Manual
Version 8
Instructorโs Answer Key
Cisco Networking Academy
Cisco Press
221 River St
Hoboken, NJ 07030
ii
CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8
CCNP Enterprise: Core Networking
(ENCOR) Lab Manual
Version 8
Instructorโs Answer Key
Cisco Networking Academy
Copyrightยฉ 2021 Cisco Systems, Inc.
Published by:
Cisco Press
221 River St
Hoboken, NJ 07030
All rights reserved. This publication is protected by copyright, and permission must be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any
means, electronic, mechanical, photocopying, recording, or likewise. For
information regarding permissions, request forms, and the appropriate contacts within the Pearson Education Global Rights & Permissions Department,
please visit www.pearson.com/permissions.
No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation
of this book, the publisher and author assume no responsibility for errors or
omissions. Nor is any liability assumed for damages resulting from the use of
the information contained herein.
ScoutAutomatedPrintCode
Library of Congress Control Number: 2020908332
ISBN-13: 978-0-13-690643-8
ISBN-10: 0-13-690643-5
Instructorโs Answer Key
ISBN-13: 978-0-13-690645-2
ISBN-10: 0-13-690645-1
Editor-in-Chief
Mark Taub
Alliances Manager,
Cisco Press
Arezou Gol
Director, ITP Product
Management
Brett Bartow
Senior Editor
James Manly
Managing Editor
Sandra Schroeder
Project Editor
Mandie Frank
Editorial Assistant
Cindy Teeters
Designer
Chuti Prasertsith
Composition
Bronkella Publishing, Inc.
Proofreader
Debbie Williams
iii
Warning and Disclaimer
This book is designed to provide information about networking. Every effort has been made to make this
book as complete and as accurate as possible, but no warranty or fitness is implied.
The information is provided on an โas isโ basis. The authors, Cisco Press, and Cisco Systems, Inc. shall have
neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the
information contained in this book or from the use of the discs or programs that may accompany it.
The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc.
Trademark Acknowledgments
All terms mentioned in this book that are known to be trademarks or service marks have been appropriately
capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information. Use of a term
in this book should not be regarded as affecting the validity of any trademark or service mark.
This book is part of the Cisco Networking Academy series from Cisco Press. The products in this series support and complement the Cisco Networking Academy curriculum. If you are using this book outside the
Networking Academy, then you are not preparing with a Cisco trained and authorized Networking Academy
provider. For more information on the Cisco Networking Academy or to locate a Networking Academy,
please visit www.cisco.com/edu.
Special Sales
For information about buying this title in bulk quantities, or for special sales opportunities (which may include
electronic versions; custom cover designs; and content particular to your business, training goals, marketing
focus, or branding interests), please contact our corporate sales department at [email protected] or
(800) 382-3419.
For government sales inquiries, please contact [email protected].
For questions about sales outside the U.S., please contact [email protected].
Feedback Information
At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is
crafted with care and precision, undergoing rigorous development that involves the unique expertise of members from the professional technical community.
Readersโ feedback is a natural continuation of this process. If you have any comments regarding how we could
improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through
email at [email protected]. Please make sure to include the book title and ISBN in your message.
We greatly appreciate your assistance.
Americas Headquarters
Cisco Systems, Inc.
San Jose, CA
Asia Pacific Headquarters
Cisco Systems (USA) Pte. Ltd.
Singapore
Europe Headquarters
Cisco Systems International BV Amsterdam,
The Netherlands
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go
to this URL: www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply
a partnership relationship between Cisco and any other company. (1110R)
iv
CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8
Contents
Chapter 1
Packet Forwarding
1
1.1.2 Lab – Implement Inter-VLAN Routing (Instructor Version)
Topology
Addressing Table
Objectives
1
2
Background/Scenario
Required Resources
Instructions
1
1
2
2
2
Part 1: Build the Network and Configure Basic Device Settings
2
Part 2: Configure and Verify Inter-VLAN Routing on a Layer 3
Switch 4
Part 3: Configure and Verify Router-based Inter-VLAN Routing
6
Part 4: Examine CAM and CEF Details 8
Router Interface Summary Table 10
Device Configs – Final 11
Router R1
11
Router R3
13
Switch D1 15
Switch D2 20
Chapter 2
Spanning Tree Protocol 25
2.1.2 Lab – Observe STP Topology Changes and Implement RSTP (Instructor
Version) 25
Topology
25
Addressing Table
Objectives
25
25
Background/Scenario
25
Required Resources
26
Instructions
26
Part 1: Build the Network and Configure Basic Device Settings and
Interface Addressing 26
Part 2: Discover the Default Spanning Tree 28
Part 3: Implement and Observe Rapid Spanning Tree Protocol
Device Configs – Final 35
Switch D1 35
Switch D2 39
Switch A1 44
33
v
Chapter 3
Advanced Spanning Tree Tuning
47
3.1.2 Lab – Implement Advanced STP Modifications and Mechanisms
(Instructor Version) 47
Topology
47
Addressing Table
Objectives
47
47
Background/Scenario
48
Required Resources
48
Instructions
48
Part 1: Build the Network and Configure Basic Device Settings and
Interface Addressing 48
Part 2: Implement and Observe Various Topology Tuning Methods
Part 3: Implement and Observe Various Topology Protection
Mechanisms 59
Device Configs – Final
67
Switch D1 67
Switch D2 72
Switch A1 76
Chapter 4
Multiple Spanning Tree Protocol
81
4.1.2 Lab – Implement MST (Instructor Version) 81
Topology
81
Objectives
81
Background/Scenario
81
Required Resources
82
Instructions
82
Part 1: Build the Network and Configure Basic Device Settings and
Interface Addressing 82
Part 2: Implement and Observe MST 84
Part 3: Configure, Tune and Verify Basic MST Operation
86
Device Configs – Final 94
Switch D1 94
Switch D2 99
Switch A1 104
Chapter 5
VLAN Trunks and EtherChannel Bundles 107
5.1.2 Lab – Implement VTP (Instructor Version) 107
Topology
107
Objectives
107
Background/Scenario
107
Required Resources
109
Instructions
109
Part 1: Build the Network, Configure Basic Device Settings and
Interface Addressing 109
51
vi
CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8
Part 2: Implement and Observe a VTPv2 Domain.
110
Part 3: Implement and Observe a VTPv3 Domain
117
Device Configs – Final
Switch D1
122
Switch D2
127
Switch A1
132
122
5.1.3 Lab – Implement EtherChannel (Instructor Version) 135
Topology
135
Objectives
135
Background/Scenario
135
Required Resources
136
Instructions
136
Part 1: Build the Network and Explore Dynamic Trunking
Protocol 136
Part 2: Configure Static EtherChannel
140
Part 3: Implement EtherChannel Using PAgP
142
Part 4: Implement EtherChannel using LACP
144
Device Configs – Final 146
Switch D1
146
Switch D2
151
Switch A1
156
5.1.4 Lab – Tune and Optimize EtherChannel Operations (Instructor
Version) 161
Topology
161
Objectives
161
Background/Scenario
161
Required Resources
161
Part 1: Build the Network and Configure Basic Device Settings
Part 2: Tune LACP-based EtherChannels
162
163
Part 3: Explore EtherChannel Load Balancing
165
Switch D1 165
Switch D2 170
Chapter 6
IP Routing Essentials
177
6.1.2 Lab – Investigate Static Routes (Instructor Version)
Topology
177
Addressing Table
Objectives
177
178
Background/Scenario
178
Required Resources
178
Instructions
177
178
Part 1: Build the Network and Configure Basic Device Settings and
Interface Addressing 178
Part 2: Configure and Investigate IPv4 Static Routes
181
vii
Part 3: Configure and Investigate IPv6 Static Routes
Part 4: Complete Static Routing Challenge
187
190
Router Interface Summary Table 192
Device Configs – Final 193
Router R1
193
Router R2
195
Router R3
197
6.1.3 Lab – Implement VRF-Lite (Instructor Version)
Topology
200
Addressing Table
Objectives
200
200
201
Background/Scenario
201
Required Resources
201
Part 1: Build the Network and Configure Basic Device Settings
Part 2: Configure and Verify VRF and Interface Addressing
201
206
Part 3: Configure and Verify Static Routing for Reachability Inside
Each VRF 208
Router Interface Summary Table
Device Configs – Final
Router R1
211
Router R2
214
Router R3
216
211
211
Switch D1 218
Switch D2 223
Switch A1 228
Chapter 7
EIGRP
233
There are no labs in this chapter
Chapter 8
OSPF 235
8.1.2 Lab – Implement Single-Area OSPFv2 (Instructor Version) 235
Topology
235
Addressing Table
Objectives
235
236
Background/Scenario
236
Required Resources
236
Instructions
237
Part 1: Build the Network and Configure Basic Device Settings and
Interface Addressing 237
Part 2: Configure Single-Area OSPFv2 239
Part 3: Configure and Verify the Advertising of a Default Route
Part 4: Implement OSPF Network Optimizing Features 247
Part 5: DR and BDR Placement
253
246
viii
CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8
Router Interface Summary Table
Device Configs – Final
Router R1
256
256
256
Switch D1 258
Switch D2 262
Chapter 9
Advanced OSPF
267
9.1.2 Lab – Implement Multiarea OSPFv2 (Instructor Version) 267
Topology
267
Addressing Table
Objectives
267
268
Background/Scenario
268
Required Resources
268
Instructions
269
Part 1: Build the Network and Configure Basic Device Settings and Interface
Addressing 269
Part 2: Configure Multiarea OSPFv2
271
Part 3: Exploring Link-State Announcements
Router Interface Summary Table
Device Configs – Final
Router R1
293
Router R2
295
Router R3
297
285
293
293
Switch D1 298
Switch D2 303
9.1.3 Lab – OSPFv2 Route Summarization and Filtering (Instructor Version) 308
Topology
308
Addressing Table
Objectives
308
309
Background/Scenario
309
Required Resources
310
Instructions
310
Part 1: Build the Network, Configure Basic Device Settings and Routing
Part 2: OSPFv2 Route Summarization
Part 3: OSPFv2 Route Filtering
322
Router Interface Summary Table 325
Device Configs โ Final 325
Router R1
325
Router R2
327
Router R3
329
Switch D1 331
Switch D2 335
318
310
ix
Chapter 10
OSPFv3
341
10.1.2 Lab – Implement Multiarea OSPFv3 (Instructor Version) 341
Topology
341
Addressing Table
Objectives
341
342
Background/Scenario
342
Required Resources
342
Instructions
343
Part 1: Build the Network and Configure Basic Device Settings and
Interface Addressing 343
Part 2: Configure Traditional OSPFv3 for IPv6 on D1
Part 3: Configure OSPFv3 for AF IPv4 and AF IPv6
Part 4: Verify OSPFv3
351
Part 5: Tune OSPFv3
357
345
347
Router Interface Summary Table 359
Device Configs – Final 360
Router R1
360
Router R2
362
Router R3
364
Switch D1 366
Switch D2 370
Chapter 11
BGP
377
11.1.2 Lab – Implement eBGP for IPv4 (Instructor Version) 377
Topology
377
Addressing Table
Objectives
377
378
Background/Scenario
378
Required Resources
378
Instructions
378
Part 1: Build the Network and Configure Basic Device Settings and
Interface Addressing 378
Part 2: Configure and Verify eBGP for IPv4 on all Routers
380
Part 3: Configure and Verify Route Summarization and Atomic
Aggregate 387
Part 4: Configure and Verify Route Summarization with Atomic
Aggregate and AS-Set 390
Part 5: Configure and Verify the Advertising of a Default Route
Router Interface Summary Table 392
Device Configs – Final 393
Router R1
393
Router R2
395
Router R3
397
392
x
CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8
11.1.3 Lab – Implement MP-BGP (Instructor Version)
Topology
400
Addressing Table
Objectives
400
400
Background/Scenario
401
Required Resources
401
Instructions
400
401
Part 1: Build the Network and Configure Basic Device Settings and
Interface Addressing 401
Part 2: Configure MP-BGP on all Routers 403
Part 3: Verify MP-BGP
406
Part 4: Configure and Verify IPv6 Route Summarization
412
Router Interface Summary Table 414
Device Configs – Final 414
Chapter 12
Router R1
414
Router R2
417
Router R3
419
Advanced BGP 423
12.1.2 Lab – Implement BGP Path Manipulation (Instructor Version) 423
Topology
423
Addressing Table
Objectives
423
424
Background/Scenario
424
Required Resources
424
Instructions
424
Part 1: Build the Network and Configure Basic Device Settings and
Interface Addressing 424
Part 2: Configure and Verify Multi-Protocol BGP on all Routers
427
Part 3: Configure and Verify BGP Path Manipulation Settings on all
Routers 431
Router Interface Summary Table
Device Configs – Final
Router R1
437
Router R2
440
Router R3
442
437
437
12.1.3 Lab – Implement BGP Communities (Instructor Version) 446
Topology
446
Addressing Table
Objectives
446
447
Background/Scenario
447
Required Resources
447
xi
Instructions
447
Part 1: Build the Network and Configure Basic Device Settings and
Interface Addressing 447
Part 2: Configure and Verify Multi-Protocol BGP on all Routers
Part 3: Configure and Verify BGP Communities on all Routers
450
455
Reflection Questions 461
Router Interface Summary Table 461
Device Configs – Final 462
Chapter 13
Router R1
462
Router R2
465
Router R3
467
Multicast
471
There are no labs in this chapter
Chapter 14
QoS
473
There are no labs in this chapter
Chapter 15
IP Services 475
15.1.2 Lab – Implement NTP (Instructor Version) 475
Topology
475
Addressing Table
Objectives
475
475
Background/Scenario
476
Required Resources
477
Instructions
477
Part 1: Build the Network, Configure Basic Device Settings and
Routing 477
Part 2: Configure NTP in a P2P Network
480
Part 3: Configure NTP in a Multiaccess Broadcast Network
Router Interface Summary Table 488
Device Configs โ Final 488
Router R1
488
Router R2
490
Router R3
492
Switch D1 493
Switch D2 497
Switch A1 502
15.1.3 Lab – Implement HSRP (Instructor Version) 505
Topology
505
Addressing Table
Objectives
505
506
Background/Scenario
506
Required Resources
506
485
xii
CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8
Instructions
507
Part 1: Build the Network and Configure Basic Device Settings and
Interface Addressing 507
Part 2: Configure and Observe HSRP for IPv4 and IPv6 510
Part 3: Configure and Observe HSRP Authentication
513
Part 4: Configure and Observe HSRP Object Tracking
515
Device Configs – Final 517
Switch D1 517
Switch D2 523
Switch A1 529
15.1.4 Lab – Implement VRRP (Instructor Version) 533
Topology
533
Addressing Table
Objectives
533
534
Background/Scenario
534
Required Resources
535
Instructions
535
Part 1: Build the Network and Configure Basic Device Settings and
Interface Addressing 535
Part 2: Configure and Observe VRRP for IPv4 and IPv6 538
Part 3: Configure and Observe VRRP Object Tracking
542
Device Configs – Final 544
Switch D1 544
Switch D2 550
Switch A1 556
15.1.5 Lab – Implement GLBP (Instructor Version)
Topology
560
Addressing Table
Objectives
560
561
Background/Scenario
561
Required Resources
561
Instructions
560
562
Part 1: Build the Network and Configure Basic Device Settings and
Interface Addressing 562
Part 2: Configure and Observe GLBP for IPv4 and IPv6 565
Part 3: Configure and Observe GLBP Authentication 569
Part 4: Configure and Observe GLBP Object Tracking
Device Configs – Final 574
Switch D1 574
Switch D2 580
Switch A1 585
570
xiii
15.1.6 Lab – Implement NAT (Instructor Version) 590
Topology
590
Addressing Table
Objectives
590
590
Background/Scenario
591
Required Resources
591
Instructions
591
Part 1: Build the Network and Configure Basic Device Settings
Part 2: Configure and Verify Static Inside NAT
Part 3: Configure and Verify Pooled NAT
Part 4: Configure and Verify NAT Overload
591
594
596
598
Router Interface Summary Table 599
Device Configs – Final 599
Router R1
599
Router R2
601
Router R3
603
Switch D1 604
Switch D2 609
Chapter 16
Overlay Tunnels
615
16.1.2 Lab – Implement a GRE Tunnel (Instructor Version) 615
Topology
615
Addressing Table
Objectives
615
615
Background/Scenario
616
Required Resources
616
Instructions
616
Part 1: Build the Network and Configure Basic Device Settings
616
Part 2: Configure and Verify GRE Tunnels with Static Routing
619
Part 3: Configure and Verify GRE Tunnels with Dynamic Routing
Part 4: Examine the Recursive Routing Problem with GRE
626
Router Interface Summary Table 627
Device Configs – Final 628
Router R1
628
Router R2
630
Router R3
632
16.1.3 Lab – Implement IPsec Site-to-Site VPNs (Instructor Version) 636
Topology
636
Addressing Table
Objectives
636
637
Background/Scenario
637
Required Resources
638
622
xiv
CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8
Instructions
638
Part 1: Build the Network, Configure Basic Device Settings and Static
Routing 638
Part 2: Configure a Site-to-Site VPN using Crypto Maps Between R1
and R3 644
Part 3: Verify a Site-to-Site VPN Between R1 and R3
Router Interface Summary Table
Device Configs โ Final
Router R1
657
Router R2
659
Router R3
661
651
657
657
Layer 3 Switch D1
663
Layer 3 Switch D3
668
16.1.4 Lab – Implement GRE over IPsec Site-to-Site VPNs (Instructor
Version) 675
Topology
675
Addressing Table
Objectives
675
676
Background/Scenario
676
Required Resources
677
Instructions
677
Part 1: Build the Network, Configure Basic Device Settings and Static
Routing 677
Part 2: Configure GRE over IPsec using a Crypto Map on R1
683
Part 3: Configure GRE over IPsec using a Tunnel IPsec Profile
on R3 685
Part 4: Verify the GRE over IPsec Tunnel on R1 and R3
687
Router Interface Summary Table 691
Device Configs โ Final 692
Router R1
692
Router R2
694
Router R3
696
Switch D1 698
Switch D3 703
16.1.5 Lab – Implement IPsec VTI Site-to-Site VPNs (Instructor Version)
Topology
709
Addressing Table
Objectives
709
710
Background/Scenario
710
Required Resources
711
709
xv
Instructions
711
Part 1: Build the Network, Configure Basic Device Settings and Static
Routing 711
Part 2: Configure Static IPsec VTI on R1 and R3
Part 3: Verify Static IPsec VTI on R1 and R3
717
720
Router Interface Summary Table 724
Device Configs โ Final 725
Router R1
725
Router R2
727
Router R3
729
Switch D1 731
Switch D3 737
Chapter 17
Wireless Signals and Modulation 745
There are no labs in this chapter
Chapter 18
Wireless Infrastructure 747
There are no labs in this chapter
Chapter 19
Understanding Wireless Roaming and Location Services 749
There are no labs in this chapter
Chapter 20
Authenticating Wireless Clients 751
There are no labs in this chapter
Chapter 21
Troubleshooting Wireless Connectivity 753
There are no labs in this chapter
Chapter 22
Enterprise Network Architecture 755
There are no labs in this chapter
Chapter 23
Fabric Technologies 757
There are no labs in this chapter
Chapter 24
Network Assurance
759
24.1.2 Lab – Use Connectivity Tests and Debug for Network Assurance
(Instructor Version) 759
Topology
759
Addressing Table
Objectives
759
760
Background/Scenario
760
Required Resources
760
Instructions
760
Part 1: Build the Network and Configure Basic Device Settings and
Interface Addressing 760
Part 2: Explore Ping Options and Extended Ping Commands 764
xvi
CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8
Part 3: Explore Traceroute Options and Extended Traceroute
Commands 769
Part 4: Explore Common Debug Commands and Conditional
Debugging 771
Part 5: Troubleshoot OSPF with Debugging
774
Router Interface Summary Table 777
Device Configs โ Final 777
Router R1
777
Router R2
779
Router R3
781
24.1.3 Lab – Implement SNMP and Syslog (Instructor Version)
Topology
784
Addressing Table
Objectives
784
784
784
Background/Scenario
785
Required Resources
785
Part 1: Build the Network and Configure Basic Device Settings and
Interface Addressing 785
Part 2: Configure and Verify SNMP
788
Part 3: Configure and Verify Syslog
790
Router Interface Summary Table
Device Configs โ Final
Router R1
794
Switch D1
800
Switch A1
807
794
794
24.1.4 Lab – Implement Flexible Netflow (Instructor Version) 812
Topology
812
Addressing Table
Objectives
812
812
Background/Scenario
812
Required Resources
813
Instructions
813
Part 1: Build the Network and Configure Basic Device Settings and
Interface Addressing 813
Part 2: Configure and Verify Flexible Netflow
Part 3: (Optional) Configure and Verify Netflow
Router Interface Summary Table 823
Device Configs โ Final 823
Router R1
823
Switch D1
826
Switch A1 831
816
820
xvii
24.1.5 Lab – Implement SPAN Technologies (Instructor Version)
Topology
835
Addressing Table
Objectives
835
835
835
Background/Scenario
836
Required Resources
836
Part 1: Build the Network and Configure Basic Device Settings and
Interface Addressing 836
Part 2: Configure and Verify Local SPAN
Part 3: Configure and Verify RSPAN
Device Configs โ Final
Switch D1
839
840
842
842
Switch A1 847
24.1.6 Lab – Implement IP SLA (Instructor Version) 851
Topology
851
Addressing Table
Objectives
851
852
Background/Scenario
852
Required Resources
853
Instructions
853
Part 1: Build the Network and Configure Basic Device Settings and
Interface Addressing 853
Part 2: Configure and Observe IP SLA Operations
861
Part 3: Configure and Observe HSRP IP SLA Tracking
864
Router Interface Summary Table 866
Device Configs – Final 866
Router R1
866
Router R2
868
Router R3
870
Switch D1 872
Switch D2 879
Switch A1 886
Chapter 25
Secure Network Access Control
891
25.1.2 Lab – Install the CCNP Virtual Machine (Instructor Version) 891
Objectives
891
Background/Scenario
891
Required Resources
891
Instructions
891
Part 1: Prepare a Computer for Virtualization
891
Part 2: Configure Your Network and Explore the GUI 892
xviii
CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8
Chapter 26
Network Device Access Control and Infrastructure Security
26.1.2 Lab – Implement IPv4 ACLs (Instructor Version)
Topology
895
896
Background/Scenario
896
Required Resources
896
Instructions
895
895
Addressing Table
Objectives
895
897
Part 1: Build the Network and Configure Basic Device Settings
Part 2: Verify Initial Connectivity
897
900
Part 3: Implement Standard ACLs on R3 900
Part 4: Implement a Named Extended ACL from Area 1 to Area 2
902
Part 5: Implement a Named Extended ACL from Area 2 to Area 1
904
Part 6: Implement a Port ACL on D2
905
Part 7: Implement a VLAN ACL on D2
Router Interface Summary Table
Device Configs โ Final
Router R1
908
Router R3
911
906
908
908
Switch D1 913
Switch D2 917
Switch A1
922
26.1.3 Lab – Configure Protections for Passwords and Terminal Lines
(Instructor Version) 926
Topology
926
Addressing Table
Objectives
926
926
Background/Scenario
926
Required Resources
927
Part 1: Build the Network and Configure Basic Device Settings
Part 2: Explore Password Protection Options
929
Part 3: Configure and Verify Terminal Line Protection Options
Reflection Questions
Router R1
932
935
Router Interface Summary Table
Device Configs
927
935
936
936
Switch D1 938
Switch A1
943
26.1.4 Lab – Configure Local and Server-Based AAA Authentication (Instructor
Version) 947
Topology
947
Addressing Table
Objectives
947
947
xix
Background/Scenario
947
Required Resources
948
Part 1: Build the Network and Configure Basic Device Settings and
Interface Addressing 948
Part 2: Configure Local AAA Authentication
950
Part 3: Configure Server-Based AAA using RADIUS on A1
953
Part 4: Configure Server-Based AAA using TACACS+ on D1 955
Router Interface Summary Table
Device Configs
Router R1
958
958
958
Switch D1 960
Switch A1 965
26.1.5 Lab – Implement CoPP (Instructor Version)
Topology
969
Addressing Table
Objectives
969
969
969
Background/Scenario
969
Required Resources
970
Part 1: Build the Network and Configure Basic Device Settings
Part 2: Verify Initial Connectivity
972
Part 3: Implement a CoPP Policy on R1
972
Part 4: Verify the CoPP Policy on R1.
975
Part 5: (Challenge) Further Classify Default Traffic
Reflection Questions
Router Interface Summary Table
Device Configs
Chapter 27
Router R1
981
Router R2
984
Switch A1
986
980
981
981
981
Virtualization 991
There are no labs in this chapter
Chapter 28
Foundational Network Programmability Concepts
993
28.1.2 Lab – Construct a Basic Python Script (Instructor Version) 993
Objectives
993
Background/Scenario
993
Required Resources
993
Instructions
993
Part 1: Explore the Python Interpreter
993
Part 2: Explore Data Types, Variables, and Conversions
Part 3: Explore Lists and Dictionaries
Part 4: Explore User Input 1000
998
996
970
xx
CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8
Part 5: Explore If Functions and Loops 1001
Part 6: Explore File Access
1005
28.1.3 Lab – Use the Netmiko Python Module to Configure a Router (Instructor
Version) 1009
Topology
1009
Addressing Table
Objectives
1009
1009
Background/Scenario
1009
Required Resources
1009
Instructions
1010
Part 1: Build the Network and Verify Connectivity
1010
Part 2: Import Netmiko Python Module 1012
Part 3: Use Netmiko to Connect to the SSH Service 1012
Part 4: Use Netmiko to Send a Verification Command
1013
Part 5: Use Netmiko to Send and Verify a Configuration
Part 6: Use Netmiko to Send an Erroneous Command
Part 7: Modify the Program Used in this Lab
1014
1015
1016
Router Interface Summary Table 1017
Device Configs – Final 1017
Router R1
1017
28.1.4 Lab – Use NETCONF to Access an IOS XE Router (Instructor
Version) 1020
Topology
1020
Addressing Table
Objectives
1020
1020
Background/Scenario
1020
Required Resources
1020
Instructions
1021
Part 1: Build the Network and Verify Connectivity
1021
Part 2: Use a NETCONF Session to Gather Information
Part 3: Use ncclient to Connect to NETCONF
1023
1027
Part 4: Use ncclient to Retrieve the Configuration
1029
Part 5: Use ncclient to Configure a Device 1032
Part 6: Modify the Program Used in this Lab
1035
Router Interface Summary Table 1037
Device Configs โ Final 1038
Router R1
1038
28.1.5 Lab – Use RESTCONF to Access an IOS XE Router (Instructor
Version) 1041
Topology
1041
Addressing Table
Objectives
1041
1041
Background/Scenario
1041
xxi
Required Resources
Instructions
1041
1042
Part 1: Build the Network and Verify Connectivity
1042
Part 2: Configure an IOS XE Device for RESTCONF Access 1044
Part 3: Open and Configure Postman
1045
Part 4: Use Postman to Send GET Requests
1045
Part 5: Use Postman to Send a PUT Request
1048
Part 6: Use a Python Script to Send GET Requests
1050
Part 7: Use a Python Script to Send a PUT Request
1053
Programs Used in this Lab
1055
Router Interface Summary Table 1056
Device Configs โ Final 1057
Router R1
Chapter 29
1057
Introduction to Automation Tools 1061
29.1.2 Lab – Construct an EEM Applet (Instructor Version)
Topology
Addressing Table
Objectives
1061
1061
Background/Scenario
1061
Required Resources
1062
Instructions
1061
1061
1062
Part 1: Build the Network and Verify Connectivity
1062
Part 2: Implement a Syslog Detector EEM Applet
1063
Part 3: Implement a CLI Detector EEM Applet
Router Interface Summary Table 1069
1066
xxii
CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8
About This Lab Manual
This is the only authorized Lab Manual for the Cisco Networking Academy CCNP Enterprise:
Core Networking (ENCOR) v8 Course.
The two courses in this CCNP Enterprise version 8.0 curriculum provide students with knowledge and skills needed to configure, operate, and troubleshoot large scale enterprise networks. The courses cover a broad range of routing, switching, and wireless topics along with
security best practices used in software-driven digital networks. CCNP Enterprise certification
requires candidates to pass two 120-minute exams: CCNP and CCIE Enterprise Core ENCOR
350-401 and CCNP Enterprise Advanced Routing ENARSI 300-410.
By the end of the CCNP course series, students gain practical, hands-on lab experience preparing them for the CCNP Enterprise certification exams and career-ready skills for professional-level roles in the Information & Communication Technologies (ICT) industry.
CCNP Enterprise: Core Networking
This first course in the 2-course CCNP Enterprise series covers switching, routing, wireless,
and related security topics, along with the technologies that support software-defined, programmable networks. Comprehensive labs emphasize hands-on learning and practice to reinforce configuration and troubleshooting skills.
This course directly prepares for the Cisco Enterprise Network Core Technologies exam (350401 ENCOR) to earn an Enterprise Core Specialist certification. Completion of both courses
in the CCNP Enterprise course series prepares for the CCNP Enterprise certification exam.
The 37 comprehensive labs in this manual emphasize hands-on learning and practice to reinforce configuration skills.
CHAPTER 1
Packet Forwarding
1.1.2 Lab – Implement Inter-VLAN Routing (Instructor
Version)
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.
Topology
Addressing Table
Device
Interface
IPv4 Address
IPv6 Address
IPv6 Link-Local
R1
G0/0/1
10.1.13.1/24
2001:db8:acad:10d1::1/64
fe80::1:1
S0/1/1
10.1.3.1/24
2001:db8:acad:1013::1/64
fe80::1:2
D1
G1/0/11
10.1.13.13/24
2001:db8:acad:10d1::d1/64
fe80::d1:1
VLAN50
10.2.50.1/24
2001:db8:acad:1050::d1/64
fe80::d1:2
VLAN60
10.2.60.1/24
2001:db8:acad:1060::d1/64
fe80::d1:3
S0/1/1
10.1.3.3/24
2001:db8:acad:1013::3/64
fe80::3:1
G0/0/1.75
10.3.75.1/24
2001:db8:acad:3075::1/64
fe80::3:2
G0/0/1.85
10.3.85.1/24
2001:db8:acad:3085::1/64
fe80::3:3
D2
VLAN75
10.3.75.14/24
2001:db8:acad:3075::d2/64
fe80::d2:1
PC1
NIC
10.2.50.50/24
2001:db8:acad:1050::50/64
EUI-64
R3
PC2
NIC
10.2.60.50/24
2001:db8:acad:1060::50/64
EUI-64
PC3
NIC
10.3.75.50/24
2001:db8:acad:3075::50/64
EUI-64
PC4
NIC
10.3.85.50/24
2001:db8:acad:3085::50/64
EUI-64
2
CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8
Objectives
Part 1: Build the Network and Configure Basic Device Settings
Part 2: Configure and Verify Inter-VLAN Routing on a Layer 3 Switch
Part 3: Configure and Verify Router-based Inter-VLAN Routing
Part 4: Examine CAM and CEF Details
Background/Scenario
The methods used to move packets and frames from one interface to the next have changed over the
years. In this lab you will configure Inter-VLAN Routing in its various forms and then examine the different tables used in making forwarding decisions.
Note: This lab is an exercise in configuring and verifying various methods of Inter-VLAN routing and does not
reflect networking best practices.
Note: The routers and switches used with CCNP hands-on labs are Cisco 4221 and Cisco 3650, both with Cisco
IOS XE Release 16.9.4 (universalk9 image). Other routers and Cisco IOS versions can be used. Depending on the
model and Cisco IOS version, the commands available and the output produced might vary from what is shown in
the labs.
Note: Ensure that the routers and switches have been erased and have no startup configurations. If you are unsure
contact your instructor.
Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.
Required Resources
โ
2 Routers (Cisco 4221 with Cisco IOS XE Release 16.9.4 universal image or comparable)
โ
2 Switches (Cisco 3650 with Cisco IOS XE Release 16.9.4 universal image or comparable)
โ
4 PCs (PC with terminal emulation program, such as Tera Term)
โ
Console cables to configure the Cisco IOS devices via the console ports
โ
Ethernet and serial cables as shown in the topology
Instructions
Part 1: Build the Network and Configure Basic Device Settings
In Part 1, you will set up the network topology and configure basic settings.
Step 1.
Cable the network as shown in the topology.
Attach the devices as shown in the topology diagram, and cable as necessary.
Chapter 1: Packet Forwarding
Step 2.
3
Configure basic settings for each device.
a.
Console into each router, enter global configuration mode, and apply the basic settings
using the following startup configurations.
Router R1
no ip domain lookup
hostname R1
line con 0
exec-timeout 0 0
logging synchronous
exit
banner motd # This is R1, Inter-VLAN Routing Lab #
Router R3
no ip domain lookup
hostname R3
line con 0
exec-timeout 0 0
logging synchronous
exit
banner motd # This is R3, Inter-VLAN Routing Lab #
Switch D1
no ip domain lookup
hostname D1
line con 0
exec-timeout 0 0
logging synchronous
exit
banner motd # This is D1, Inter-VLAN Routing Lab #
interface range g1/0/1-24, g0/0, g1/1/1-4
shutdown
Switch D2
no ip domain lookup
hostname D2
line con 0
exec-timeout 0 0
logging synchronous
exit
banner motd # This is D2, Inter-VLAN Routing Lab #
interface range g1/0/1-24, g0/0, g1/1/1-4
shutdown
b.
Set the clock on each device to UTC time.
c.
Save the running configuration to startup-config.
4
CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8
Part 2: Configure and Verify Inter-VLAN Routing on a Layer 3
Switch
In Part 2, you will configure and verify inter-VLAN Routing on a Layer 3 switch. For this part, you will
focus on the configuration of switch D1 and router R1.
Note: The default Switch Database Manager (SDM) template on a Catalyst 3650 running IOS XE supports dualstacked operations and requires no additional configuration for our purposes.
If you are using an alternate device running Cisco IOS, check the SDM template with the privileged
EXEC command show sdm prefer and verify that the โnumber of IPv6 unicast routesโ supported is not
zero.
If it is zero, you must change the SDM template to one that supports IPv6 using the sdm prefer
template_name global configuration command. The template name will vary depending on the IOS
version. Changing the template will require a reboot.
Step 1.
On D1, configure Inter-VLAN Routing.
a.
Configure D1 to support IP routing and IPv6 unicast routing.
D1(config)# ip routing
D1(config)# ipv6 unicast-routing
b.
Create the VLANs and name them as specified in the topology.
D1(config)# vlan 50
D1(config-vlan)# name Group50
D1(config-vlan)# exit
D1(config)# vlan 60
D1(config-vlan)# name Group60
D1(config-vlan)# exit
c.
Assign the G1/0/23 to VLAN 50 and G1/0/24 to VLAN 60.
D1(config)# interface g1/0/23
D1(config-if)# switchport mode access
D1(config-if)# switchport access vlan 50
D1(config-if)# no shutdown
D1(config-if)# exit
D1(config)# interface g1/0/24
D1(config-if)# switchport mode access
D1(config-if)# switchport access vlan 60
D1(config-if)# no shutdown
D1(config-if)# exit
d.
Create the Switched Virtual Interfaces (SVI) that will support VLAN 50 and VLAN 60.
D1(config)# interface vlan 50
D1(config-if)# ip address 10.2.50.1 255.255.255.0
D1(config-if)# ipv6 address fe80::d1:2 link-local
D1(config-if)# ipv6 address 2001:db8:acad:1050::d1/64
D1(config-if)# no shutdown
D1(config-if)# exit
D1(config)# interface vlan 60
D1(config-if)# ip address 10.2.60.1 255.255.255.0
D1(config-if)# ipv6 address fe80::d1:3 link-local
D1(config-if)# ipv6 address 2001:db8:acad:1060::d1/64
Chapter 1: Packet Forwarding
5
D1(config-if)# no shutdown
D1(config-if)# exit
e.
Configure PC1 with the addresses specified in the Addressing Table. Further assign
default gateways of 10.2.50.1 and 2001:db8:acad:1050::d1.
f.
Configure PC2 with the addresses specified in the Addressing Table. Further assign
default gateways of 10.2.60.1 and 2001:db8:acad:1060::d1.
g.
From PC1, ping PC2โs IPv4 and IPv6 address. Success indicates that D1 is performing
Inter-VLAN Routing.
h.
Examine the MAC address table on D1 with the command show mac address-table
dynamic. You should see PC1 and PC2โs mac addresses listed with the ports they are
connected to.
D1# show mac address-table dynamic
Mac Address Table
——————————————Vlan
Mac Address
Type
Ports
—-
———–
——–
—–
50
0050.56b3.8137
DYNAMIC
Gi1/0/23
60
0050.56b3.994b
DYNAMIC
Gi1/0/24
Total Mac Addresses for this criterion: 2
Step 2.
On D1, configure a routed port and default routes towards R1.
a.
Configure interface G1/0/11 as a routed port with addressing as specified in the topology diagram.
D1(config)# interface g1/0/11
D1(config-if)# no switchport
D1(config-if)# ip address 10.1.13.13 255.255.255.0
D1(config-if)# ipv6 address fe80::d1:1 link-local
D1(config-if)# ipv6 address 2001:db8:acad:10d1::d1/64
D1(config-if)# no shutdown
D1(config-if)# exit
b.
Verify that interface G1/0/11 is no longer associated with the VLAN database by issuing the command show vlan brief | i g1/0/11. There should be no output.
c.
Configure static default routes for IPv4 and IPv6 that point towards the interface
address at R1.
D1(config)# ip route 0.0.0.0 0.0.0.0 10.1.13.1
D1(config)# ipv6 route ::/0 2001:db8:acad:10d1::1
You may see the error message %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed
to resolve 10.1.13.1. This indicates that the switch sent an ARP for the MAC address
of 10.1.13.1 and got no reply. We will configure that next.
Step 3.
On R1, configure interface addressing and static routing.
a.
Configure R1 to support IPv6 unicast routing.
R1(config)# ipv6 unicast-routing
b.
Configure the interfaces on R1 with the addresses specified in the Addressing Table.
R1(config)# interface g0/0/1
R1(config-if)# ip address 10.1.13.1 255.255.255.0
6
CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8
R1(config-if)# ipv6 address fe80::1:1 link-local
R1(config-if)# ipv6 address 2001:db8:acad:10d1::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)# interface s0/1/1
R1(config-if)# ip address 10.1.3.1 255.255.255.0
R1(config-if)# ipv6 address fe80::1:2 link-local
R1(config-if)# ipv6 address 2001:db8:acad:1013::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
c.
Configure routing on R1. Configure static routes to the networks supported by D1 and
a default route for everything else point at R3.
R1(config)# ip route 10.2.0.0 255.255.0.0 10.1.13.13
R1(config)# ipv6 route 2001:db8:acad:1050::/64 2001:db8:acad:10d1::d1
R1(config)# ipv6 route 2001:db8:acad:1060::/64 2001:db8:acad:10d1::d1
R1(config)#
R1(config)# ip route 0.0.0.0 0.0.0.0 10.1.3.3
R1(config)# ipv6 route ::/0 2001:db8:acad:1013::3
R1(config)#
d.
From R1, ping PC2 with IPv4 and IPv6. All pings should be successful.
Part 3: Configure and Verify Router-based Inter-VLAN Routing
Note: The default Switch Database Manager (SDM) template on a Catalyst 3650 running IOS XE supports dualstacked operations and requires no additional configuration for our purposes.
If you are using an alternate device running Cisco IOS, check the SDM template with the privileged
exec command show sdm prefer and verify that the โnumber of IPv6 unicast routesโ supported is not
zero.
If it is zero, you must change the SDM template to one that supports IPv6 using the sdm prefer template_name global configuration command. The template name will vary depending on the IOS version. Changing the template will require a reboot.
Step 1.
Configure D2 to support the required VLANs.
a.
Create the VLANs and name them as specified in the topology. In addition, create vlan
999 and name it NativeVLAN.
D2(config)# vlan 75
D2(config-vlan)# name Group75
D2(config-vlan)# exit
D2(config)# vlan 85
D2(config-vlan)# name Group85
D2(config-vlan)# exit
D2(config)# vlan 999
D2(config-vlan)# name NativeVLAN
D2(config-vlan)# exit
b.
Assign the G1/0/23 to VLAN 75 and G1/0/24 to VLAN 85.
Chapter 1: Packet Forwarding
c.
7
Create a Switched Virtual Interface that will operate within VLAN 75.
D2(config)# interface vlan75
D2(config-if)# ip address 10.3.75.14 255.255.255.0
D2(config-if)# ipv6 address fe80::d2:1 link-local
D2(config-if)# ipv6 address 2001:db8:acad:3075::d2/64
D2(config-if)# no shutdown
D2(config-if)# exit
d.
Create an IEEE 802.1Q-based trunk to R3. As a part of the configuration of the trunk,
set the native VLAN to VLAN 999 and filter the VLANs allowed on the trunk down to
only those that are configured.
D2(config)# interface g1/0/11
D2(config-if)# switchport mode trunk
D2(config-if)# switchport trunk native vlan 999
D2(config-if)# switchport trunk allowed vlan 75,85,999
D2(config-if)# no shutdown
D2(config-if)# exit
Step 2.
Configure R3 to support Inter-VLAN Routing.
a.
Configure R3 to support IPv6 unicast routing.
b.
Configure the subinterfaces needed on R3 interface G0/0/1 to support the configured
VLANs. Ensure an interface is created for the native VLAN 999.
R3(config)# interface g0/0/1
R3(config-if)# no shutdown
R3(config-if)# exit
R3(config)# interface g0/0/1.75
R3(config-subif)# encapsulation dot1q 75
R3(config-subif)# ip address 10.3.75.1 255.255.255.0
R3(config-subif)# ipv6 address fe80::3:2 link-local
R3(config-subif)# ipv6 address 2001:db8:acad:3075::1/64
R3(config-subif)# no shutdown
R3(config-subif)# exit
R3(config)# interface g0/0/1.85
R3(config-subif)# encapsulation dot1q 85
R3(config-subif)# ip address 10.3.85.1 255.255.255.0
R3(config-subif)# ipv6 address fe80::3:3 link-local
R3(config-subif)# ipv6 address 2001:db8:acad:3085::1/64
R3(config-subif)# no shutdown
R3(config-subif)# exit
R3(config)# interface g0/0/1.999
R3(config-subif)# encapsulation dot1q 999 native
R3(config-subif)# no shutdown
R3(config-subif)# exit
c.
Configure PC3 with the addresses specified in the Addressing Table. Further assign
default gateways of 10.3.75.1 and 2001:db8:acad:3075::1.
d.
Configure PC4 with the addresses specified in the Addressing Table. Further assign
default gateways of 10.3.85.1 and 2001:db8:acad:3085::1.
e.
From PC3, ping PC4โs IPv4 and IPv6 address. Success indicates that R3 is performing
Inter-VLAN Routing.
8
CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8
Step 3.
Configure static routing to enable end-to-end reachability.
a.
On R3, configure interface S0/1/1 with the addresses specified in the Addressing Table.
R3(config)# interface s0/1/1
R3(config-if)# ip address 10.1.3.3 255.255.255.0
R3(config-if)# ipv6 address fe80::3:1 link-local
R3(config-if)# ipv6 address 2001:db8:acad:1013::3/64
R3(config-if)# no shutdown
R3(config-if)# exit
b.
On R3, configure a static default route for IPv4 and IPv6 that points to R1โs S0/1/1
interface addresses.
R3(config)# ip route 0.0.0.0 0.0.0.0 10.1.3.1
R3(config)# ipv6 route ::/0 2001:db8:acad:1013::1
c.
On PC3, issue a ping to PC2. The ping should be successful. This indicates the routing
solution is working in both directions.
Part 4: Examine CAM and CEF Details
In Part 4, you will examine CEF details on the devices you have configured. The objective of Cisco
Express Forwarding is to speed up the process of moving data from one interface to another. To do
this, as much data as possible is precompiled into two tables, the Forwarding Information Base (FIB)
and the Adjacency Table. These are basically shortcuts that identify what interface a packet should be
sent out of and how it should be framed.
a.
Issue the command show ip cef to see the compiled CEF table, which tells the device
what to do with a frame or packet based on its destination address. This table gives the
device a quick answer and keeps the CPU from getting directly involved. For example,
packets destined to the 10.2.0.0/16 network are quickly resolved to the next-hop
address of 10.1.13.13 exiting interface g0/0/1.
R1# show ip cef
Prefix
Next Hop
Interface
0.0.0.0/0
10.1.3.3
Serial0/1/1
0.0.0.0/8
drop
0.0.0.0/32
receive
10.1.3.0/24
attached
Serial0/1/1
10.1.3.0/32
receive
Serial0/1/1
10.1.3.1/32
receive
Serial0/1/1
10.1.3.3/32
10.1.3.3
Serial0/1/1
10.1.3.255/32
receive
Serial0/1/1
10.1.13.0/24
attached
GigabitEthernet0/0/1
10.1.13.0/32
receive
GigabitEthernet0/0/1
10.1.13.1/32
receive
GigabitEthernet0/0/1
10.1.13.13/32
attached
GigabitEthernet0/0/1
10.1.13.255/32
receive
GigabitEthernet0/0/1
10.2.0.0/16
10.1.13.13
GigabitEthernet0/0/1
127.0.0.0/8
drop
224.0.0.0/4
drop
224.0.0.0/24
receive
240.0.0.0/4
drop
255.255.255.255/32
receive
Chapter 1: Packet Forwarding
b.
Issue the command show adjacency, which shows you the address neighbors on each
interface.
R1# show adjacency
c.
Protocol Interface
Address
IP
GigabitEthernet0/0/1
10.1.13.13(11)
IP
GigabitEthernet0/0/1
227.0.0.0(3)
IPV6
GigabitEthernet0/0/1
2001:DB8:ACAD:10D1::D1(12)
IPV6
GigabitEthernet0/0/1
FE80::D1:1(3)
IPV6
GigabitEthernet0/0/1
FFFF::(3)
IP
Serial0/1/1
point2point(13)
IPV6
Serial0/1/1
point2point(13)
Expand this a bit and issue the command show adjacency detail, and you will see that
the router has precompiled the Layer 2 headers and other details to allow it to package
information quickly.
R1# show adjacency detail
Protocol Interface
Address
IP
10.1.13.13(11)
GigabitEthernet0/0/1
20 packets, 1680 bytes
epoch 0
sourced in sev-epoch 0
Encap length 14
001AE3CFB8C37079B39236410800
L2 destination address byte offset 0
L2 destination address byte length 6
Link-type after encap: ip
ARP
IP
GigabitEthernet0/0/1
227.0.0.0(3)
connectionid 1
0 packets, 0 bytes
epoch 0
sourced in sev-epoch 0
Encap length 14
01005E0000007079B39236410800
L2 destination address byte offset 0
L2 destination address byte length 6
Link-type after encap: ip
Inject p2mp Multicast
IPV6
GigabitEthernet0/0/1
2001:DB8:ACAD:10D1::D1(12)
5 packets, 570 bytes
epoch 0
sourced in sev-epoch 0
Encap length 14
001AE3CFB8C37079B392364186DD
L2 destination address byte offset 0
L2 destination address byte length 6
Link-type after encap: ipv6
IPv6 ND
IPV6
GigabitEthernet0/0/1
FE80::D1:1(3)
0 packets, 0 bytes
epoch 0
9
10
CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8
sourced in sev-epoch 0
Encap length 14
001AE3CFB8C37079B392364186DD
L2 destination address byte offset 0
L2 destination address byte length 6
Link-type after encap: ipv6
IPv6 ND
IPV6
GigabitEthernet0/0/1
FFFF::(3)
connectionid 1
8 packets, 720 bytes
epoch 0
sourced in sev-epoch 0
Encap length 14
3333000000007079B392364186DD
L2 destination address byte offset 0
L2 destination address byte length 6
Link-type after encap: ipv6
Inject p2mp Multicast
IP
Serial0/1/1
point2point(13)
8 packets, 512 bytes
epoch 0
sourced in sev-epoch 0
Encap length 4
0F000800
P2P-ADJ
IPV6
Serial0/1/1
point2point(13)
18599 packets, 1756190 bytes
epoch 0
sourced in sev-epoch 0
Encap length 4
0F0086DD
P2P-ADJ
Router Interface Summary Table
Router Ethernet Interface #1
Model
Ethernet Interface #2
Serial Interface #1
Serial Interface #2
1800
Fast Ethernet 0/0 (F0/0)
Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0)
Serial 0/0/1 (S0/0/1)
1900
Gigabit Ethernet 0/0
(G0/0)
Gigabit Ethernet 0/1
(G0/1)
Serial 0/0/0 (S0/0/0)
Serial 0/0/1 (S0/0/1)
2801
Fast Ethernet 0/0 (F0/0)
Fast Ethernet 0/1 (F0/1) Serial 0/1/0 (S0/1/0)
Serial 0/1/1 (S0/1/1)
2811
Fast Ethernet 0/0 (F0/0)
Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0)
Serial 0/0/1 (S0/0/1)
2900
Gigabit Ethernet 0/0
(G0/0)
Gigabit Ethernet 0/1
(G0/1)
Serial 0/0/0 (S0/0/0)
Serial 0/0/1 (S0/0/1)
4221
Gigabit Ethernet 0/0/0
(G0/0/0)
Gigabit Ethernet 0/0/1
(G0/0/1)
Serial 0/1/0 (S0/1/0)
Serial 0/1/1 (S0/1/1)
4300
Gigabit Ethernet 0/0/0
(G0/0/0)
Gigabit Ethernet 0/0/1
(G0/0/1)
Serial 0/1/0 (S0/1/0)
Serial 0/1/1 (S0/1/1)
Chapter 1: Packet Forwarding
11
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An example
of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be used in Cisco
IOS commands to represent the interface.
Device Configs – Final
Router R1
R1# show run
Building configuration…
Current configuration : 1601 bytes
!
version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname R1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
no ip domain lookup
!
login on-success log
!
subscriber templating
!
ipv6 unicast-routing
multilink bundle-name authenticated
!
spanning-tree extend system-id
!
redundancy
mode none
!
interface GigabitEthernet0/0/0
12
CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1
ip address 10.1.13.1 255.255.255.0
negotiation auto
ipv6 address FE80::1:1 link-local
ipv6 address 2001:DB8:ACAD:10D1::1/64
!
interface Serial0/1/0
no ip address
!
interface Serial0/1/1
ip address 10.1.3.1 255.255.255.0
ipv6 address FE80::1:2 link-local
ipv6 address 2001:DB8:ACAD:1013::1/64
!
ip forward-protocol nd
no ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.1.3.3
ip route 10.2.0.0 255.255.0.0 10.1.13.13
!
ipv6 route 2001:DB8:ACAD:1050::/64 2001:DB8:ACAD:10D1::D1
ipv6 route 2001:DB8:ACAD:1060::/64 2001:DB8:ACAD:10D1::D1
ipv6 route ::/0 2001:DB8:ACAD:1013::3
!
control-plane
!
banner motd ^C This is R1, Inter-VLAN Routing Lab ^C
!
line con 0
exec-timeout 0 0
logging synchronous
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end
Chapter 1: Packet Forwarding
Router R3
R3# show run
Building configuration…
Current configuration : 1790 bytes
!
version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname R3
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
no ip domain lookup
!
login on-success log
!
subscriber templating
!
ipv6 unicast-routing
multilink bundle-name authenticated
!
spanning-tree extend system-id
!
redundancy
mode none
!
interface GigabitEthernet0/0/0
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1.75
encapsulation dot1Q 75
13
14
CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8
ip address 10.3.75.1 255.255.255.0
ipv6 address FE80::3:2 link-local
ipv6 address 2001:DB8:ACAD:3075::1/64
!
interface GigabitEthernet0/0/1.85
encapsulation dot1Q 85
ip address 10.3.85.1 255.255.255.0
ipv6 address FE80::3:3 link-local
ipv6 address 2001:DB8:ACAD:3085::1/64
!
interface GigabitEthernet0/0/1.999
encapsulation dot1Q 999 native
!
interface Serial0/1/0
no ip address
!
interface Serial0/1/1
ip address 10.1.3.3 255.255.255.0
ipv6 address FE80::3:1 link-local
ipv6 address 2001:DB8:ACAD:1013::3/64
!
ip forward-protocol nd
no ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.1.3.1
!
ipv6 route ::/0 2001:DB8:ACAD:1013::1
!
control-plane
!
banner motd ^C This is R3, Inter-VLAN Routing Lab ^C
!
line con 0
exec-timeout 0 0
logging synchronous
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end
Chapter 1: Packet Forwarding
Switch D1
D1# show run
Building configuration…
Current configuration : 9334 bytes
!
version 16.9
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
! Call-home is enabled by Smart-Licensing.
service call-home
no platform punt-keepalive disable-kernel-core
!
hostname D1
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
switch 1 provision ws-c3650-24ts
!
ip routing
!
no ip domain lookup
!
login on-success log
ipv6 unicast-routing
!
license boot level ipservicesk9
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
15
16
CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8
!
redundancy
mode sso
!
transceiver type all
monitoring
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data, LOGGING
class-map match-any system-cpp-default
description Inter FED, EWLC control, EWLC data
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, High Rate App, Exception, EGR Exception, NFL SAMPLED DATA,
RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
description DHCP snooping
class-map match-any system-cpp-police-system-critical
description System Critical and Gold Pkt
!
Chapter 1: Packet Forwarding
policy-map system-cpp-policy
!
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet1/0/1
shutdown
!
interface GigabitEthernet1/0/2
shutdown
!
interface GigabitEthernet1/0/3
shutdown
!
interface GigabitEthernet1/0/4
shutdown
!
interface GigabitEthernet1/0/5
shutdown
!
interface GigabitEthernet1/0/6
shutdown
!
interface GigabitEthernet1/0/7
shutdown
!
interface GigabitEthernet1/0/8
shutdown
!
interface GigabitEthernet1/0/9
shutdown
!
interface GigabitEthernet1/0/10
shutdown
!
interface GigabitEthernet1/0/11
no switchport
ip address 10.1.13.13 255.255.255.0
ipv6 address FE80::D1:1 link-local
ipv6 address 2001:DB8:ACAD:10D1::D1/64
17
18
CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8
!
interface GigabitEthernet1/0/12
shutdown
!
interface GigabitEthernet1/0/13
shutdown
!
interface GigabitEthernet1/0/14
shutdown
!
interface GigabitEthernet1/0/15
shutdown
!
interface GigabitEthernet1/0/16
shutdown
!
interface GigabitEthernet1/0/17
shutdown
!
interface GigabitEthernet1/0/18
shutdown
!
interface GigabitEthernet1/0/19
shutdown
!
interface GigabitEthernet1/0/20
shutdown
!
interface GigabitEthernet1/0/21
shutdown
!
interface GigabitEthernet1/0/22
shutdown
!
interface GigabitEthernet1/0/23
switchport access vlan 50
switchport mode access
!
interface GigabitEthernet1/0/24
switchport access vlan 60
switchport mode access
!
interface GigabitEthernet1/1/1
shutdown
Chapter 1: Packet Forwarding
!
interface GigabitEthernet1/1/2
shutdown
!
interface GigabitEthernet1/1/3
shutdown
!
interface GigabitEthernet1/1/4
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan50
ip address 10.2.50.1 255.255.255.0
ipv6 address FE80::D1:2 link-local
ipv6 address 2001:DB8:ACAD:1050::D1/64
!
interface Vlan60
ip address 10.2.60.1 255.255.255.0
ipv6 address FE80::D1:3 link-local
ipv6 address 2001:DB8:ACAD:1060::D1/64
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.1.13.1
!
!
ipv6 route ::/0 2001:DB8:ACAD:10D1::1
!
!
control-plane
service-policy input system-cpp-policy
!
banner motd ^C This is D1, Inter-VLAN Routing Lab ^C
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
19
20
CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8
stopbits 1
line vty 0 4
login
line vty 5 15
login
!
end
Switch D2
D2# show run
Building configuration…
Current configuration : 9069 bytes
!
version 16.9
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
! Call-home is enabled by Smart-Licensing.
service call-home
no platform punt-keepalive disable-kernel-core
!
hostname D2
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
no aaa new-model
switch 1 provision ws-c3650-24ts
!
no ip domain lookup
!
login on-success log
!
license boot level ipservicesk9
!
diagnostic bootup level minimal
Chapter 1: Packet Forwarding
21
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
redundancy
mode sso
!
transceiver type all
monitoring
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data, LOGGING
class-map match-any system-cpp-default
description Inter FED, EWLC control, EWLC data
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, High Rate App, Exception, EGR Exception, NFL SAMPLED DATA,
RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
description DHCP snooping
22
CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8
class-map match-any system-cpp-police-system-critical
description System Critical and Gold Pkt
!
policy-map system-cpp-policy
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet1/0/1
shutdown
!
interface GigabitEthernet1/0/2
shutdown
!
interface GigabitEthernet1/0/3
shutdown
!
interface GigabitEthernet1/0/4
shutdown
!
interface GigabitEthernet1/0/5
shutdown
!
interface GigabitEthernet1/0/6
shutdown
!
interface GigabitEthernet1/0/7
shutdown
!
interface GigabitEthernet1/0/8
shutdown
!
interface GigabitEthernet1/0/9
shutdown
!
interface GigabitEthernet1/0/10
shutdown
!
interface GigabitEthernet1/0/11
switchport trunk native vlan 999
Chapter 1: Packet Forwarding
switchport trunk allowed vlan 75,85,999
switchport mode trunk
!
interface GigabitEthernet1/0/12
shutdown
!
interface GigabitEthernet1/0/13
shutdown
!
interface GigabitEthernet1/0/14
shutdown
!
interface GigabitEthernet1/0/15
shutdown
!
interface GigabitEthernet1/0/16
shutdown
!
interface GigabitEthernet1/0/17
shutdown
!
interface GigabitEthernet1/0/18
shutdown
!
interface GigabitEthernet1/0/19
shutdown
!
interface GigabitEthernet1/0/20
shutdown
!
interface GigabitEthernet1/0/21
shutdown
!
interface GigabitEthernet1/0/22
shutdown
!
interface GigabitEthernet1/0/23
switchport access vlan 75
switchport mode access
!
interface GigabitEthernet1/0/24
switchport access vlan 85
switchport mode access
23
24
CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8
!
interface GigabitEthernet1/1/1
shutdown
!
interface GigabitEthernet1/1/2
shutdown
!
interface GigabitEthernet1/1/3
shutdown
!
interface GigabitEthernet1/1/4
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan75
ip address 10.3.75.14 255.255.255.0
ipv6 address FE80::D2:1 link-local
ipv6 address 2001:DB8:ACAD:3075::D2/64
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
control-plane
service-policy input system-cpp-policy
!
banner motd ^C This is D2, Inter-VLAN Routing Lab ^C
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
line vty 5 15
login
!
end
CHAPTER 2
Spanning Tree Protocol
2.1.2 Lab – Observe STP Topology Changes and
Implement RSTP (Instructor Version)
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy
only.
Topology
Addressing Table
Device
Interface
IPv4 Address
D1
VLAN1
10.0.0.1/8
D2
VLAN1
10.0.0.2/8
A1
VLAN1
10.0.0.3/8
Objectives
Part 1: Build the Network and Configure Basic Device Settings
Part 2: Observe STP Convergence and Topology Change
Part 3: Configure and Verify Rapid Spanning Tree
Background/Scenario
The potential effect of a loop in the Layer 2 network is significant. Layer 2 loops could impact connected hosts as well as the network equipment. Layer 2 loops can be prevented by following good
design practices and careful implementation of the Spanning Tree Protocol. In this lab, you will observe
the operation of spanning tree protocols to protect the Layer 2 network from loops and topology disruptions. The terms โswitchโ and โbridgeโ will be used interchangeably throughout the lab.
26
CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8
Note: This lab is an exercise in deploying and verifying various STP mechanisms. It does not reflect networking
best practices.
Note: The switches used with CCNP hands-on labs are Cisco 3650 with Cisco IOS XE release 16.9.4 (universalk9
image) and Cisco 2960+ with IOS release 15.2 (lanbase image). Other routers and Cisco IOS versions can be used.
Depending on the model and Cisco IOS version, the commands available and the output produced might vary from
what is shown in the labs.
Note: Ensure that the switches have been erased and have no startup configurations. If you are unsure contact
your instructor.
Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.
Required Resources
โ
2 Switches (Cisco 3650 with Cisco IOS XE release 16.9.4 universal image or comparable)
โ
1 Switch (Cisco 2960+ with Cisco IOS release 15.2 lanbase image or comparable)
โ
1 PC (Windows with a terminal emulation program, such as Tera Term)
โ
Console cables to configure the Cisco IOS devices via the console ports
โ
Ethernet cables as shown in the topology
Instructions
Part 1: Build the Network and Configure Basic Device Settings
and Interface Addressing
In Part 1, you will set up the network topology and configure basic settings and interface addressing on
routers.
Step 1.
Cable the network as shown in the topology.
Attach the devices as shown in the topology diagram, and cable as necessary.
Step 2.
Configure basic settings for each switch.
a.
Console into each switch, enter global configuration mode, and apply the basic settings
and interface addressing. The startup configuration is provided below for each switch in
the topology.
Switch D1
hostname D1
spanning-tree mode pvst
banner motd # D1, STP Topology Change and RSTP Lab #
line con 0
exec-timeout 0 0
logging synchronous
exit
interface range g1/0/1-24, g1/1/1-4, g0/0
shutdown
exit
Chapter 2: Spanning Tree Protocol
interface range g1/0/1, g1/0/5-6
switchport mode trunk
no shutdown
exit
vlan 2
name SecondVLAN
exit
interface vlan 1
ip address 10.0.0.1 255.0.0.0
no shut
exit
Switch D2
hostname D2
banner motd # D2, STP Topology Change and RSTP Lab #
spanning-tree mode pvst
line con 0
exec-timeout 0 0
logging synchronous
exit
interface range g1/0/1-24, g1/1/1-4, g0/0
shutdown
exit
interface range g1/0/1, g1/0/5-6
switchport mode trunk
no shutdown
exit
vlan 2
name SecondVLAN
exit
interface vlan 1
ip address 10.0.0.2 255.0.0.0
no shut
exit
Switch A1
hostname A1
banner motd # A1, STP Topology Change and RSTP Lab #
spanning-tree mode pvst
line con 0
exec-timeout 0 0
logging synchronous
exit
interface range f0/1-24, g0/1-2
shutdown
exit
interface range f0/1-4
switchport mode trunk
no shutdown
exit
vlan 2
name SecondVLAN
27
28
CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8
exit
interface vlan 1
ip address 10.0.0.3 255.0.0.0
no shut
exit
b.
Set the clock on each switch to UTC time.
c.
Save the running configuration to startup-config.
Note: Outputs and Spanning Tree topologies highlighted in this lab may be different than what you
observe using your own equipment. It is critically important for you to understand how Spanning Tree
makes its decisions, and how those decisions impact the operational topology of the network.
Part 2: Discover the Default Spanning Tree
Your switches have been configured and interfaces have been enabled, and the Spanning Tree Protocol,
operational by default, has already converged onto a loop-free logical network. In this part of the lab,
we will discover what that default spanning tree looks like and evaluate why it converged the way it
did. We will do this by following the same set of steps that Spanning Tree does. We will find the Root
Bridge, then find the Root Ports, and lastly see which ports are Designated ports, and which ports are
non-Designated ports in our topology.
Step 1.
Find the root bridge.
Our switches are running the Cisco default PVST+, and we have two VLANs in the network,
so we should see two root bridges.
a.
On A1, issue the command show spanning-tree root and observe what the output tells
you about the root bridge. Amongst the lab devices being used to document this lab,
A1 shows the root id with a cost of 19 and the root port as interface FastEthernet 0/1
for both VLAN1 and VLAN2.
A1# show spanning-tree root
Vlan
Root ID
Root
Hello Max Fwd
Cost
Time
Age Dly
Root Port
—————- ——————– ——— —– — —
————
VLAN0001
32769 d8b1.9028.af80
19
2
20
15
Fa0/1
VLAN0002
32770 d8b1.9028.af80
19
2
20
15
Fa0/1
Because we know from the physical topology diagram that A1 is connected to D1 using
F0/1, and that interface is a FastEthernet interface, therefore having a cost of 19, D1 is
the root bridge for both VLAN 1 and VLAN 2. The question at this point is โ why?
b.
The root bridge is elected based upon which switch has the highest Bridge ID (BID).
The BID is made up of a configurable priority value (which defaults to 32768) and the
base MAC address for the switch. Use the command show spanning-tree root to gather
that information from your switches to support the root bridge decision.
D1# show spanning-tree root
Chapter 2: Spanning Tree Protocol
Vlan
Root ID
Root
Hello Max Fwd
Cost
Time
Age Dly
—————- ——————– ——— —– — –VLAN0001
32769 d8b1.9028.af80
0
2
20
15
VLAN0002
32770 d8b1.9028.af80
0
2
20
15
29
Root Port
————
D2# show spanning-tree root
Vlan
Root ID
Root
Hello Max Fwd
Cost
Time
Age Dly
Root Port
—————- ——————– ——— —– — —
————
VLAN0001
32769 d8b1.9028.af80
4
2
20
15
Gi1/0/1
VLAN0002
32770 d8b1.9028.af80
4
2
20
15
Gi1/0/1
A1# show spanning-tree root
Vlan
Root ID
Root
Hello Max Fwd
Cost
Time
Age Dly
Root Port
—————- ——————– ——— —– — —
————
VLAN0001
32769 d8b1.9028.af80
19
2
20
15
Fa0/1
VLAN0002
32770 d8b1.9028.af80
19
2
20
15
Fa0/1
The first thing to look at is the priority value. It is 32768 by default. Because we are
working with PVST+, a differentiator is added โ the priority value is modified with the
extended system ID, which is equal to the VLAN number. You can see in the output
here that our three devices are using default priorities โ 32769 for VLAN 1 (32768 + 1)
and 32770 for VLAN 2 (32768 + 2). For each VLAN, the priority values are the same
for each of the three switches. When this happens, the rest of the BID is taken into
account. The rest of the BID includes the base MAC address. The lowest base MAC
address is used to break the tie.
c.
What are the base MAC addresses for the devices we are using? Issue the command
show version | include MAC (capitalized exactly like that) on each switch.
D1# show version | include MAC
Base Ethernet MAC Address
: d8:b1:90:28:af:80
D2# show version | include MAC
Base Ethernet MAC Address
: d8:b1:90:5d:c3:00
D2#
A1# show version | include MAC
Base ethernet MAC Address
: F0:78:16:47:45:80
Amongst the three switches being used to document this lab, D1 has the lowest base
MAC address. The OUI portion of each MAC address is the same. The first set of hexadecimal characters are different; 0x28 is a lower number than 0x5d. This is what has
caused D1 to be elected as the root bridge.
Step 2.
Find the Root Port for each switch.
Each switch will have one single root port. This port represents the lowest path cost to
the root bridge. Path Cost is the total of the Port Costs in the path to the root bridge. The
Port Cost is based upon the bandwidth value of the port, and it can either be dynamically
assigned or statically configured.
30
CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8
a.
As we saw in the previous output of show spanning-tree root on each switch, the path
cost can be different amongst switches. In this case, the path cost from A1 to D1 is 19,
reflecting connectivity via a FastEthernet port, while the path cost from D2 to D1 is 4,
reflecting connectivity via a GigabitEthernet port.
D1# show spanning-tree root
Vlan
Root ID
Root
Hello Max Fwd
Cost
Time
Age Dly
—————- ——————– ——— —– — –VLAN0001
32769 d8b1.9028.af80
0
2
20
15
VLAN0002
32770 d8b1.9028.af80
0
2
20
15
Root Port
————
D2# show spanning-tree root
Vlan
Root ID
Root
Hello Max Fwd
Cost
Time
Age Dly
Root Port
—————- ——————– ——— —– — —
————
VLAN0001
32769 d8b1.9028.af80
4
2
20
15
Gi1/0/1
VLAN0002
32770 d8b1.9028.af80
4
2
20
15
Gi1/0/1
A1# show spanning-tree root
Vlan
b.
Root ID
Root
Hello Max Fwd
Cost
Time
Age Dly
Root Port
—————- ——————– ——— —– — —
————
VLAN0001
32769 d8b1.9028.af80
19
2
20
15
Fa0/1
VLAN0002
32770 d8b1.9028.af80
19
2
20
15
Fa0/1
These are direct connections to the root, so port cost and path cost are the same. This
can be seen in the output of show spanning-tree.
A1# show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID
Bridge ID
Interface
Priority
32769
Address
d8b1.9028.af80
Cost
19
Port
1 (FastEthernet0/1)
Hello Time
2 sec
Max Age 20 sec
Priority
32769
(priority 32768 sys-id-ext 1)
Address
f078.1647.4580
Hello Time
2 sec
Aging Time
300 sec
Role Sts Cost
Max Age 20 sec
Forward Delay 15 sec
Forward Delay 15 sec
Prio.Nbr Type
——————- —- — ——— ——– ——————————Fa0/1
Root FWD 19
128.1
P2p
Fa0/2
Altn BLK 19
128.2
P2p
Chapter 2: Spanning Tree Protocol
c.
31
Our topology does not really illustrate the difference between port cost and path cost
very well, so we will introduce a change in the network to achieve this. At D1, shutdown the g1/0/1 interface. The result of this is that D2 will have to change the port it
considers root, and we will then see the difference between port cost and path cost.
D1(config)# interface g1/0/1
D1(config-if)# shutdown
d.
On D2, issue the command show spanning-tree and you will see the port cost and path
cost values separating themselves.
D2# show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID
Bridge ID
Priority
32769
Address
d8b1.9028.af80
Cost
38
Port
5 (GigabitEthernet1/0/5)
Hello Time
2 sec
Max Age 20 sec
Priority
32769
(priority 32768 sys-id-ext 1)
Address
d8b1.905d.c300
Hello Time
2 sec
Aging Time
15
Interface
Max Age 20 sec
Forward Delay 15 sec
Forward Delay 15 sec
sec
Role Sts Cost
Prio.Nbr Type
——————- —- — ——— ——– ——————————Gi1/0/5
Root FWD 19
128.5
P2p
Gi1/0/6
Altn BLK 19
128.6
P2p
The root path cost is now 38, while the root port cost is 19. For D2 to reach the root bridge
D1, it must traverse two FastEthernet links, and 19 times 2 is 38.
Step 3.
Identify Designated Ports.
The Spanning Tree Designated Port can be traced back to the early versions of the protocol,
which were developed when LAN segments were shared, multiaccess networks. In these
networks, there was a very real possibility that there could be users attached to a segment
between two switches.
The job of the Designated Port back then was to ensure that users had a way to access the
network from a given segment, and there was always one Designated Port on each segment.
In the switched networks of today, there are very few shared segments, so the job of the
Designated Port is more to help maintain the network topology.
A Designated Port stays active in the topology, both sending BPDUs and learning MAC
addresses. Every port on the Root Bridge is a Designated Port. Further, there is one
Designated Port on every segment that is not attached directly to the root.
a.
If you have not already done so, issue the no shutdown command for D1 interface
g1/0/1. This will restore our full topology and allow for the non-root attached segment
to exist (the links between A1 and D2).
32
CCNP Enterprise: Core Networking (ENCOR) Lab Manual Version 8
b.
On D2, issue the show spanning-tree command, and you will see that there are two
ports now identified as being in the Designated Port role.
D2# show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID
Bridge ID
Priority
32769
Address
d8b1.9028.af80
Cost
4
Port
1 (GigabitEthernet1/0/1)
Hello Time
2 sec
Max Age 20 sec
Priority
32769
(priority 32768 sys-id-ext 1)
Address
d8b1.905d.c300
Hello Time
2 sec
Aging Time
300 sec
Interface
Max Age 20 sec
Role Sts Cost
Forward Delay 15 sec
Forward Delay 15 sec
Prio.Nbr Type
——————- —- — ——— ——– ——————————-
c.
Gi1/0/1
Root FWD 4
128.1
P2p
Gi1/0/5
Desg FWD 19
128.5
P2p
Gi1/0/6
Desg FWD 19
128.6
P2p
And now look at the segments from the A1 side. Issue the show spanning-tree
command on A1.
A1# show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID
Bridge ID
Interface
Priority
32769
Address
d8b1.9028.af80
Cost
19
Port
1 (FastEthernet0/1)
Hello Time
2 sec
Max Age 20 sec
Priority
32769
(priority 32768 sys-id-ext 1)
Address
f078.1647.4580
Hello Time
2 sec
Aging Time
300 sec
Role Sts Cost
Max Age 20 sec
Forward Delay 15 sec
Forward Delay 15 sec
Prio.Nbr Type
——————- —- — ——— ——– ——————————Fa0/1
Root FWD 19
128.1
P2p
Fa0/2
Altn BLK 19
128.2
P2p
Fa0/3
Altn BLK 19
128.3
P2p
Fa0/4
Altn BLK 19
128.4
P2p
Interfaces F0/3 and F0/4 on A1 are in the Alternate Role, which is the Cisco PVST+ version of the IEEE 802.1D Discarding role. These interfaces are up and receiving BPDUs
from the Designated Ports on each segment, but they will not learn MAC addresses or
forward traffic until they stop receiving those BDPUs and move to the Designated state.
Chapter 2: Spanning Tree Protocol
33
Why is D2 controlling the Designated Port role on these two segments? Because from
the middle of the segment, D2 has a lower cost to the root bridge than does A1. The
root cost on D2 is 4, while the root cost on A1 is 19. Therefore, it takes and maintains
the Designated Ports for these two segments.
d.
You may have noticed in the previous output that the two links from A1 to D1 were not
being used.
Fa0/1
Root FWD 19
128.1
P2p
Fa0/2
Altn BLK 19
128.2
P2p
Each switch can only have a single root port. In this example, F0/2, which is in the
Alternate Role, would only take over if F0/1 were to fail. The decision about which
interface to use in this scenario is based on the lowest port priority, which defaults to
128.interface_id.
Part 3: Implement and Observe Rapid Spanning Tree Protocol
In Part 3, you will implement Rapid Spanning Tree Protocol (RSTP) on all the switches. Using the same
basic rules, RSTP speeds up convergence significantly.
a.
On D2, issue the debug spanning-tree events command, and then issue the shutdown
command for interface g1/0/1 and observe the output.
D2# debug spanning-tree events
D2# config t
D2(config)# interface g1/0/1
D2(config-if)# shutdown
D2(config-if)#
*Dec 24 13:07:10.790: %LINK-5-CHANGED: Interface GigabitEthernet1/0/1, changed
state to administratively down
*Dec 24 13:07:11.790: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet1/0/1, changed state to down
D2(config-if)#
*Dec 24 13:07:28.159: STP: VLAN0001 heard root 32769-d8b1.9028.af80 on Gi1/0/5
*Dec 24 13:07:28.160:
supersedes 32769-d8b1.905d.c300
*Dec 24 13:07:28.161: STP: VLAN0001 new root is 32769, d8b1.9028.af80 on port
Gi1/0/5, cost 38
*Dec 24 13:07:28.162: STP: VLAN0001 sent Topology Change Notice on Gi1/0/5
*Dec 24 13:07:28.165: STP[1]: Generating TC trap for port GigabitEthernet1/0/6
*Dec 24 13:07:28.166: STP: VLAN0001 Gi1/0/6 -> blocking
*Dec 24 13:07:28.166: STP: VLAN0002 heard root 32770-d8b1.9028.af80 on Gi1/0/5
*Dec 24 13:07:28.167:
supersedes 32770-d8b1.905d.c300
*Dec 24 13:07:28.167: STP: VLAN0002 new root is 32770, d8b1.9028.af80 on port
Gi1/0/5, cost 38
D2(config-if)#
*Dec 24 13:07:28.169: STP: VLAN0002 sent Topology Change Notice on Gi1/0/5
*Dec 24 13:07:28.171: STP[2]: Generating TC trap for port GigabitEthernet1/0/6
*Dec 24 13:07:28.171: STP: VLAN0002 Gi1/0/6 -> blocking
D2(config-if)#
From the above output, you can see that it took a total of about 17 seconds for spanning tree to adjust to the topology change. Rapid Spanning Tree can adjust much faster.
Document Preview (55 of 1091 Pages)
User generated content is uploaded by users for the purposes of learning and should be used following SchloarOn's honor code & terms of service.
You are viewing preview pages of the document. Purchase to get full access instantly.
-37%
Solution Manual for CCNP Enterprise: Core Networking (ENCOR) v8 Lab Manual, 2nd Edition
$18.99 $29.99Save:$11.00(37%)
24/7 Live Chat
Instant Download
100% Confidential
Store
James Lee
0 (0 Reviews)
Best Selling
The World Of Customer Service, 3rd Edition Test Bank
$18.99 $29.99Save:$11.00(37%)
Chemistry: Principles And Reactions, 7th Edition Test Bank
$18.99 $29.99Save:$11.00(37%)
Test Bank for Hospitality Facilities Management and Design, 4th Edition
$18.99 $29.99Save:$11.00(37%)
Solution Manual for Designing the User Interface: Strategies for Effective Human-Computer Interaction, 6th Edition
$18.99 $29.99Save:$11.00(37%)
Data Structures and Other Objects Using C++ 4th Edition Solution Manual
$18.99 $29.99Save:$11.00(37%)
2023-2024 ATI Pediatrics Proctored Exam with Answers (139 Solved Questions)
$18.99 $29.99Save:$11.00(37%)