Lab Objective: Link to heading
- Basic HSRP implementation.
- Optimizing STP diameter for faster convergence.
Task 1: Link to heading
- Disable VTP on all switches and create the following VLANs:
- DLS1: VLAN 100 and VLAN 200
- DLS2: VLAN 100 and VLAN 200
- ALS1: VLAN 100
- ALS2: VLAN 200
- Disable DTP negotiation and configure 802.1Q trunking on all switches as follows:
- The trunk links on switch DLS1 should only allow VLANs 1, 100 and 200
- The trunk links on switch DLS2 should only allow VLANs 1, 100 and 200
- The trunk links on switch ALS1 should only allow VLANs 1 and 100
- The trunk links on switch ALS2 should only allow VLANs 1 and 200
- Configure the following SVIs and interfaces on the switches in the topology:
- DLS1: Interface VLAN 100: IP address 100.1.1.1/24
- DLS1: Interface VLAN 200: IP address 200.1.1.1/24
- DLS1: Interface Loopback0: IP address 192.1.1.1/24
- DLS2: Interface VLAN 100: IP address 100.1.1.2/24
- DLS2: Interface VLAN 200: IP address 200.1.1.2/24
- ALS1: Interface VLAN 100: IP address 100.1.1.3/24
- ALS2: Interface VLAN 200: IP address 200.1.1.3/24
Configuration Link to heading
hostname DLS1
vtp mode transparent
vlan 100,200
exit
int g0/0
switchport trunk encapsulation dot1Q
switchport trunk allow vlan 1,100,200
switchport mode trunk
switchport nonegotiate
int g0/1
switchport trunk encapsulation dot1Q
switchport trunk allow vlan 1,200
switchport mode trunk
switchport nonegotiate
int g0/2
switchport trunk encapsulation dot1Q
switchport trunk allow vlan 1,100
switchport mode trunk
switchport nonegotiate
int l0
ip add 192.1.1.1 255.255.255.0
int vlan 100
no shut
ip add 100.1.1.1 255.255.255.0
int vlan 200
no shut
ip add 200.1.1.1 255.255.255.0
hostname DLS2
vtp mode transparent
vlan 100,200
exit
int g0/0
switchport trunk encapsulation dot1Q
switchport trunk allow vlan 1,100,200
switchport mode trunk
switchport nonegotiate
int g0/1
switchport trunk encapsulation dot1Q
switchport trunk allow vlan 1,100
switchport mode trunk
switchport nonegotiate
int g0/2
switchport trunk encapsulation dot1Q
switchport trunk allow vlan 1,200
switchport mode trunk
switchport nonegotiate
int vlan 100
no shut
ip add 100.1.1.2 255.255.255.0
int vlan 200
no shut
ip add 200.1.1.2 255.255.255.0
hostname ALS1
vtp mode transparent
vlan 100
exit
int range g0/1-2
switchport mode trunk
switchport trunk allow vlan 1,100
switchport nonegotiate
int vlan 100
no shut
ip add 100.1.1.3 255.255.255.0
hostname ALS2
vtp mode transparent
vlan 200
exit
int range g0/1-2
switchport mode trunk
switchport trunk allow vlan 1,200
switchport nonegotiate
int vlan 200
no shut
ip add 200.1.1.3 255.255.255.0
Task 2 Link to heading
- Configure HSRP with preemption and MD5 authentication on DLS1 and DLS2 as follows:
- DLS1: VLAN 100: HSRP IP address 100.1.1.254, group 1, priority 200, key chain CCNP1, MD5 password: ONE
- DLS1: VLAN 200: HSRP IP address 200.1.1.254, group 2, priority 200, key chain CCNP2, MD5 password: TWO
- DLS2: VLAN 100: HSRP IP address 100.1.1.254, group 1, priority 150, key chain CCNP1, MD5 password: ONE
- DLS2: VLAN 200: HSRP IP address 200.1.1.254, group 2, priority 150, key chain CCNP2, MD5 password: TWO
Configuration Link to heading
DLS1(config)#
key chain CCNP1
key 1
key-string ONE
key chain CCNP2
key 1
key-string TWO
int vlan 100
standby 1 ip 100.1.1.254
standby 1 priority 200
standby 1 preempt
standby 1 authentication md5 key-chain CCNP1
int vlan 200
standby 2 ip 200.1.1.254
standby 2 priority 200
standby 2 preempt
standby 2 authentication md5 key-chain CCNP2
DLS2(config)#
key chain CCNP1
key 1
key-string ONE
key chain CCNP2
key 1
key-string TWO
int vlan 100
standby 1 ip 100.1.1.254
standby 1 priority 150
standby 1 authentication md5 key-chain CCNP1
int vlan 200
standby 2 ip 200.1.1.254
standby 2 priority 150
standby 2 authentication md5 key-chain CCNP2
Verification Link to heading
DLS1#show standby
Vlan100 - Group 1
State is Active
2 state changes, last state change 00:02:33
Virtual IP address is 100.1.1.254
Active virtual MAC address is 0000.0c07.ac01 (MAC In Use)
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.688 secs
Authentication MD5, key-chain "CCNP1"
Preemption enabled
Active router is local
Standby router is 100.1.1.2, priority 100 (expires in 11.552 sec)
Priority 200 (configured 200)
Group name is "hsrp-Vl100-1" (default)
Vlan200 - Group 2
State is Active
2 state changes, last state change 00:01:47
Virtual IP address is 200.1.1.254
Active virtual MAC address is 0000.0c07.ac02 (MAC In Use)
Local virtual MAC address is 0000.0c07.ac02 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.128 secs
Authentication MD5, key-chain "CCNP2"
Preemption enabled
Active router is local
Standby router is 200.1.1.2, priority 150 (expires in 9.312 sec)
Priority 200 (configured 200)
Group name is "hsrp-Vl200-2" (default)
Task 3 Link to heading
- In the future, switch DLS1 will be configured to track an uplink port to the WAN routers.
- To test this solution, configure HSRP on switch DLS1 to track the Loopback0 interface.
- If Loopback0 be shut down, ensure switch DLS2 becomes the active gateway for both groups.
Configuration Link to heading
DLS1(config)#
track 1 int l0 line-protocol
int vlan 100
standby 1 track 1 decrement 100
int vlan 200
standby 2 track 1 decrement 100
Task 4 Link to heading
- To allow for faster 802.1D convergence, configure the lowest possible diameter on all switchs.
- Ensure that switches ALS1 and ALS2 can also ping each other.
Answer:
- The network diameter can be a value from 1 to 7 switch hops; the default STP timers are based on a diameter of 7.
=> A frame would have to cross no more than 7 switches to reach the other end of the Layer 2 network.
=> By adjusting the diameter, STP will calculate new [shorter] timers, allowing for faster transitions and recovery.
By default:
- Hello: 2 seconds
- Max Age: 20 seconds
- Forward Delay: 15 seconds
There are 4 switches => set diameters = 4 on root bridge and it will propagate to other switches.
DLS1#show spanning vlan 100
VLAN0100
Spanning tree enabled protocol ieee
Root ID Priority 32868
Address 0012.2535.6f00
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32868 (priority 32768 sys-id-ext 100)
Address 0012.2535.6f00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/0 Desg FWD 4 128.1 P2p
Gi0/2 Desg FWD 4 128.3 P2p
Configuration Link to heading
DLS1(config)#
spanning vlan 100 root primary diameter 4
spanning vlan 200 root primary diameter 4
ALS1(config)#ip default-gateway 100.1.1.254
ALS2(config)#ip default-gateway 200.1.1.254
Verification Link to heading
DLS1#show spanning vlan 100
VLAN0100
Spanning tree enabled protocol ieee
Root ID Priority 24676
Address 0012.2535.6f00
This bridge is the root
Hello Time 2 sec Max Age 14 sec Forward Delay 10 sec
Bridge ID Priority 24676 (priority 24576 sys-id-ext 100)
Address 0012.2535.6f00
Hello Time 2 sec Max Age 14 sec Forward Delay 10 sec
Aging Time 10 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/0 Desg FWD 4 128.1 P2p
Gi0/2 Desg FWD 4 128.3 P2p