CCNP 642-811 BCMSN Exam Certification Guide - Cisco press

C H A P T E R 21

Scenarios for Final Preparation

This chapter presents scenarios that you can use to review most of the concepts contained in this book. The scenarios are designed to assist you in final preparation for the BCMSN exam. Case studies are presented with network diagrams and questions covering many switching topics.

This chapter emphasizes an overall understanding of switching concepts, configuration commands, and network operation. Although the Cisco BCMSN exam might not contain scenarios of this type, you can become better prepared by thinking about the “bigger picture” of a network and how you can apply each switching topic.

Scenario 1: Trunking and DTP

This scenario is built around a network of switches connected by trunking links. You need to think about how DTP operates and how trunks are negotiated (or not) between switches.

Consider the network shown in Figure 21-1 and answer the questions that follow. Assume that all switches shown support DTP.

498 Chapter 21: Scenarios for Final Preparation

Figure 21-1 Diagram for Scenario 1

PC-1

VLAN 1

1.What is the mode of the link between Catalyst A and Catalyst B?

2.Suppose the network administrator types these commands for interface GigabitEthernet 0/1 on Catalyst B:

switchport mode trunk switchport nonegotiate

What will the link mode be now?

3.Catalyst B has been given the command no switchport nonegotiate for interface GigabitEthernet 0/1. What is the link mode now?

4.What is the mode of the link between Catalyst A and Catalyst C?

5.Assume that all links between Catalyst switches are in trunking mode, transporting VLANs 1 through 1005. Can PC-2 ping PC-4?

6.Suppose PC-1 begins to generate a broadcast storm. Where would the effects of this storm be experienced in this network? Consider both devices and links. Will PC-4 receive the broadcasts?

103203

104204

1.To prevent the possibility of a unidirectional link occurring on switch A1’s uplinks, what switch feature can be used? What commands are necessary to enable this feature? Assume that the links should be disabled if a unidirectional condition is found. Which switches need to be configured this way?

2.For the links between switch A1 and the user PCs, what command is needed to configure these as RSTP edge ports?

3.Suppose MST is to be configured to reduce the number of STP instances, because 12 unique VLANs are being used across the network. How many MST instances are needed for the three switches shown in figure 21-4, assuming that traffic should be load-balanced across the two uplinks of switch A1?

4.What commands are needed to configure switch C1 for MST?

5.Now, make sure that C1 is configured as the Root Bridge for one MST instance. What commands are needed?

Scenario 5: Router Redundancy with HSRP and GLBP

This scenario covers two methods by which you can configure multilayer switches to provide redundant router or gateway functionality: HSRP and GLBP.

502Chapter 21: Scenarios for Final Preparation

1.A network consists of two VLANs: 101 and 102. Suppose the PCs in VLAN 101 (192.168.101.0/24) use address 192.168.101.1 as their default gateway. The PCs in VLAN 102 (192.168.102.0/24) use 192.168.102.1. What commands are necessary to configure HSRP on a Catalyst switch so that it becomes the active router for VLAN 101 and the standby router for VLAN 102? If a failed router interface is restored, control should be passed back to it from the HSRP standby router. (You can use IP addresses 192.168.101.2 and 192.168.102.2, if needed.)

2.GLBP is to be used in the network shown in Figure 21-5. Answer the following questions about this network.

Figure 21-5 Network Diagram for Scenario 5

GLBP Gateway

192.168.10.1

VLAN 10

a.What command should you use to make Catalyst B become the active virtual gateway (AVG) for GLBP group 10?

b.The virtual gateway address is 192.168.10.1. Which switches should be configured for this, and with what command?

504 Chapter 21: Scenarios for Final Preparation

3.What configuration is needed on Catalysts C and D to limit multicast traffic to only those ports that explicitly join multicast groups, using CGMP with PIM dense mode? Assume this is needed on both VLANs 101 and 102. What configuration is needed on Catalysts A and B, which are not capable of IGMP snooping.

Scenario 7: QoS in a Switched Network

This scenario uses a simple two-switch network to reinforce the concepts needed to properly implement QoS. Think about QoS trust within this network, and how the switches can use QoS information to provide appropriate delivery of data and voice applications. Use Figure 21-7 as a reference for the following questions.

Figure 21-7 Network Diagram for Scenario 7

User PC

1.Where should a QoS trust boundary be implemented? In other words, which switches should trust incoming QoS information and which ones should not?

2.If Catalyst A port 1/1 is to have inbound QoS untrusted, what commands should you use?

3.Suppose two mission-critical applications are running on the “public” network. One is a streaming video application that uses UDP port 5000. The other is Citrix. What commands could you use on Catalyst A to configure a QoS class map that will classify this traffic specifically?

4.What other commands are necessary to use the class map from Question 3 in a complete QoS policy? Classified traffic should receive a DSCP codepoint AF31 (26). The policy will be applied to Catalyst A interface Gigabit 1/1.

5.After the DSCP has been marked to AF31, are additional commands needed to mark the IP Precedence value to 3?

Scenario 8: Securing Access and Managing Traffic in a Switched Network 505

6.On Catalyst B, configure interface FastEthernet 3/1 to inform the IP Phone to use VLAN 17 for voice traffic. Also, add a configuration command to ensure that no QoS trust is extended to the IP Phone’s PC data port.

7.When voice traffic enters switch Catalyst B from the IP Phone on interface FastEthernet 3/1, it will be forwarded out Catalyst B’s interface GigabitEthernet 1/1. What egress queue will the voice traffic be placed in on that interface? (Assume the interface is queue type 1p2q2t.)

Scenario 8: Securing Access and Managing Traffic in a Switched Network

This scenario is designed to stir your thinking about how to control access to switched networks, how to control traffic within a VLAN, and how to monitor traffic.

1.Network administrators want to have tight control over hosts moving around within their network. A Catalyst 3550 needs to have port-level security enabled on all 48 FastEthernet access layer ports. Only one host should be connected per port, so the default behavior of shutting the port down is acceptable. What commands are necessary to do this?

2.Port-level security is desired on a Catalyst 3550 interface FastEthernet 0/18, where 24 users are connected via an Ethernet hub. Rather than have the switch port shut down upon a security violation, network administrators want only the hosts in violation to be rejected. What command can accomplish this?

3.Configure a VLAN access control list that can perform packet filtering within a VLAN. Users in the 192.168.191.0 255.255.255.0 network should be allowed to use only HTTP (www) traffic to the web server 192.168.191.199/24, on VLAN 180. How can you configure the VACL to accomplish this?

4.Assume that a server is connected to interface GigabitEthernet 3/3 on a Catalyst 6500. What command can be used to monitor traffic transmitted and received on the server port with a network analyzer connected to interface GigabitEthernet 5/8 on the same switch?

5.Suppose that the only network analyzer available has a 10/100 Ethernet NIC. It is connected to Catalyst 6500 interface FastEthernet 2/1, to monitor the server on GigabitEthernet 3/3. Explain any problems you might encounter with this setup.