CCNP Switch 642-813 정리(ccnp switch/ccnp)

 

CCNPSwitch 642-813 Official Certification Guide [With CDROM]

 

 

 

 

 

링크 : YES24 (https://app.ac/vbivSdl23)

Chris Bryant's CCNP Switch 300-115 Study Guide

 

 

자주 이용하는 반디앤루니스 인터넷 서점입니다. 네이버 마일리지까지 적립되고 사용가능하기 떄문에 더욱 싸게 살 수도 있습니다.

교보문고, 11번가 역시 싸고 좋지만, 네이버 검색을 해보시면 아시다시피 반디앤루니스가 무료배송인데다가, 가격 비교를 보시면 제일 쌉니다. 아마 처음하시는 분들과 오래하신분들도 자격증이론은 틀리기때문에 사시는 것을 추천합니다.

 

 

CCNP_SWITCH_642-813_Official_Certification_Guide.pdf

다운로드

 

 

 

 

CCNP 에 대해 자세하고 정확히 알고 싶으면 가이드 북 다운받을 곳은 많으므로 잘 찾아보도록 한다.

시험이 1~2주정도 남았을 때는 되도록 안보는 게 낫다고 권장합니다.

왜냐하면 덤프와 시뮬을 보기에도 바쁘기 때문입니다.

 

 

 

 

AAAdot1x Lab Sim

 

 

 

Acme is a small shipping company that has an existing enterprise network comprised of 2 switches;DSW1 and ASW1. The topology diagram indicates their layer 2 mapping. VLAN 40 is a new VLAN that will be used to provide the shipping personnel access to the server. For security reasons, it is necessary to restrict access to VLAN 20 in the following manner:
– Users connecting to ASW1’s port must be authenticate before they are given access to the network. Authentication is to be done via a Radius server:
– Radius server host: 172.120.39.46
– Radius key: rad123
– Authentication should be implemented as close to the host device possible.
– Devices on VLAN 20 are restricted to in the address range of 172.120.40.0/24.
– Packets from devices in the address range of 172.120.40.0/24 should be passed on VLAN 20.
– Packets from devices in any other address range should be dropped on VLAN 20.
– Filtering should be implemented as close to the server farm as possible.
The Radius server and application servers will be installed at a future date. You have been tasked with implementing the above access control as a pre-condition to installing the servers. You must use the available IOS switch features.

 

 

ASW1(config)#aaa new-model

ASW1(config)#radius-server host 172.120.39.46 key rad123

ASW1(config)#aaa authentication dot1x default group radius

ASW1(config)#dot1x system-auth-control

ASW1(config)#interface fastEthernet 0/1
ASW1(config-if)#switchport mode access
ASW1(config-if)#dot1x port-control auto

ASW1(config-if)#exit

ASW1#copy running-config startup-config

2) Configure DSW1:

DSW1(config)#ip access-list standard 10 
DSW1(config-std-nacl)#permit 172.120.40.0 0.0.0.255
DSW1(config-std-nacl)#exit

DSW1(config)#vlan access-map MYACCMAP 10 
DSW1(config-access-map)#match ip address 10
DSW1(config-access-map)#action forward
DSW1(config-access-map)#exit

DSW1(config)#vlan access-map MYACCMAP 20
DSW1(config-access-map)#action drop 
DSW1(config-access-map)#exit

DSW1(config)#vlan filter MYACCMAP vlan-list 20 

DSW1#copy running-config startup-config

 

 

 

 

 

MLS and EIGRP Sim

 

 

 

You have been tasked with configuring multilayer SwitchC, which has a partial configuration and has been attached to RouterC as shown in the topology diagram.

You need to configure SwitchC so that Hosts H1 and H2 can successful ping the server S1. Also SwitchC needs to be able to ping server S1. Due to administrative restrictions and requirements you should not add/delete VLANs, changes VLAN port assignments or create trunk links. Company policies forbid the use of static or default routing. All routes must be learned via EIGRP 650 routing protocol.

You do not have access to RouterC, RouterC is correctly configured. No trunking has been configured on RouterC.
Routed interfaces should use the lowest host on a subnet when possible. The following subnets are available to implement this solution:
– 10.10.10.0/24 
– 190.200.250.32/27 
– 190.200.250.64/27
Hosts H1 and H2 are configured with the correct IP address and default gateway.
SwitchC uses Cisco as the enable password.
Routing must only be enabled for the specific subnets shown in the diagram.

In real life, there are two ways to configure interVLAN routing in this case:

+ Use RouterC as a “router on a stick” and SwitchC as a pure Layer2 switch. Trunking must be established between RouterC and SwitchC.
+ Only use SwitchC for interVLAN routing without using RouterC, SwitchC should be configured as a Layer 3 switch (which supports ip routing function as a router). No trunking requires.

The question clearly states “No trunking has been configured on RouterC” so RouterC does not contribute to interVLAN routing of hosts H1 & H2 -> SwitchC must be configured as a Layer 3 switch with SVIs for interVLAN routing.

We should check the default gateways on H1 & H2. Click on H1 and H2 and type the “ipconfig” command to get their default gateways.

 

 

Answer and Explanation:

SwitchC# configure terminal
SwitchC(config)# int gi0/1
SwitchC(config-if)#no switchport -> without using this command, the simulator does not let you assign IP address on Gi0/1 interface.
SwitchC(config-if)# ip address 10.10.10.2 255.255.255.0 ->RouterC has used IP 10.10.10.1 so this is the lowest usable IP address.
SwitchC(config-if)# no shutdown
SwitchC(config-if)# exit
SwitchC(config)# int vlan 2
SwitchC(config-if)# ip address 190.200.250.33 255.255.255.224
SwitchC(config-if)# no shutdown
SwitchC(config-if)# int vlan 3
SwitchC(config-if)# ip address 190.200.250.65 255.255.255.224
SwitchC(config-if)# no shutdown
SwitchC(config-if)#exit
SwitchC(config)# ip routing (Notice: MLS will not work without this command)
SwitchC(config)# router eigrp 650
SwitchC(config-router)# network 10.10.10.0 0.0.0.255
SwitchC(config-router)# network 190.200.250.32 0.0.0.31
SwitchC(config-router)# network 190.200.250.64 0.0.0.31

 

 

 

 

 

LACP and STP Sim

 

 

 

 

RouterA is currently configured correctly and is providing the routing function for devices on SwitchA and SwitchB. SwitchA is currently configured correctly, but will need to be modified to support the addition of SwitchB. SwitchB has a minimal configuration. You have been tasked with competing the needed configuring of SwitchA and SwitchB. SwitchA and SwitchB use Cisco as the enable password.

Configuration Requirements for SwitchA

- The VTP and STP configuration modes on SwitchA should not be modified. 
– SwitchA needs to be the root switch for vlans 11, 12, 13, 21, 22 and 23. All other vlans should be left are their default values.

Configuration Requirements for SwitchB

- Vlan 21, Name: Marketing, will support two servers attached to fa0/9 and fa0/10
– Vlan 22, Name: Sales, will support two servers attached to fa0/13 and fa0/14
– Vlan 23, Name: Engineering, will support two servers attached to fa0/15 and fa0/16
– Access ports that connect to server should transition immediately to forwarding state upon detecting the connection of a device.
– SwitchB VTP mode needs to be the same as SwitchA.
– SwitchB must operate in the same spanning tree mode as SwitchA.
– No routing is to be configured on SwitchB.
– Only the SVI vlan 1 is to be configured and it is to use address 192.168.1.11/24.

Inter-switch Connectivity Configuration Requirements:

- For operational and security reasons trunking should be unconditional and Vlans 1, 21, 22 and 23 should tagged when traversing the trunk link.
– The two trunks between SwitchA and SwitchB need to be configured in a mode that allows for the maximum use of their bandwidth for all vlans. This mode should be done with a non-proprietary protocol, with SwitchA controlling activation.
– Propagation of unnecessary broadcasts should be limited using manual pruning on this trunk link.

 

 

Answer and Explanation:

 

Below is a good solution commented by Ruci. Please say thank to Ruci!

SW-A (close to router)
SW-A#configure terminal

SW-A(config)#spanning-tree vlan 11-13,21-23 root primary

SW-A(config)#vlan 21
SW-A(config-vlan)#name Marketing
SW-A(config-vlan)#exit

SW-A(config)#vlan 22
SW-A(config-vlan)#name Sales
SW-A(config-vlan)#exit

SW-A(config)#vlan 23
SW-A(config-vlan)#name Engineering
SW-A(config-vlan)#exit
SW-A(config)#interface range Fa0/3 – 4
SW-A(config-if-range)#no switchport mode access
SW-A(config-if-range)#no switchport access vlan 98 (These two commands must be deleted to form a trunking link)
SW-A(config-if-range)#switchport trunk encapsulation dot1q (cannot issued this command on this switch, but don’t worry coz I still got 100%)
SW-A(config-if-range)#switchport mode trunk
SW-A(config-if-range)#switchport trunk native vlan 99
SW-A(config-if-range)#switchport trunk allowed vlan 1,21-23
SW-A(config-if-range)#channel-group 1 mode active
SW-A(config-if-range)#channel-protocol lacp
SW-A(config-if-range)#no shutdown
SW-A(config-if-range)#end

——————————————————————————————–

SW-B (far from router)
SW-B#configure terminal

SW-B(config)#vlan 21
SW-B(config-vlan)#name Marketing
SW-B(config-vlan)#exit

SW-B(config)#vlan 22
SW-B(config-vlan)#name Sales
SW-B(config-vlan)#exit

SW-B(config)#vlan 23
SW-B(config-vlan)#name Engineering
SW-B(config-vlan)#exit
SW-B(config)#vlan 99
SW-B(config-vlan)#name TrunkNative // not necessary to name it but just name it same as SwitchA
SW-B(config-vlan)#exit
SW-B(config)#interface range Fa0/9 – 10
SW-B(config-if-range)#switchport mode access
SW-B(config-if-range)#switchport access vlan 21
SW-B(config-if-range)#spanning-tree portfast
SW-B(config-if-range)#no shutdown
SW-B(config-if-range)#exit

SW-B(config)#interface range Fa0/13 – 14
SW-B(config-if-range)#switchport mode access
SW-B(config-if-range)#switchport access vlan 22
SW-B(config-if-range)#spanning-tree portfast
SW-B(config-if-range)#no shutdown
SW-B(config-if-range)#exit

SW-B(config)#interface range Fa0/15 – 16
SW-B(config-if-range)#switchport mode access
SW-B(config-if-range)#switchport access vlan 23
SW-B(config-if-range)#spanning-tree portfast
SW-B(config-if-range)#no shutdown
SW-B(config-if-range)#exit

SW-B(config)#vtp mode transparent

SW-B(config)#spanning-tree mode rapid-pvst

SW-B(config)#ip default-gateway 192.168.1.1 (you can get this IP from SW-A with command show cdp neighbour detail) // not sure about this command because the question says “No routing is to be configured on SwitchB”.

SW-B(config)#interface vlan 1
SW-B(config-if)#ip address 192.168.1.11 255.255.255.0
SW-B(config-if)#no shutdown
SW-B(config-if)#exit

SW-B(config)#interface range Fa0/3 – 4
SW-B(config-if-range)#switchport trunk encapsulation dot1q (yes I can issued this command on this switch)
SW-B(config-if-range)#switchport mode trunk
SW-B(config-if-range)#switchport trunk native vlan 99
SW-B(config-if-range)#switchport trunk allowed vlan 1,21-23
SW-B(config-if-range)#channel-group 1 mode passive //mode passive because “SwitchA controlling activation”
SW-B(config-if-range)#channel-protocol lacp
SW-B(config-if-range)#no shutdown
SW-B(config-if-range)#end

———————————————————------------------------------------------

 

 

출처 : http://www.certprepare.com

SWITCH Training