ITtech2010 wrote: » Congrats on the pass! What study materials did you use to pass?
smcclenaghan wrote: » Thanks, I used the OCG only the first time and found it didn't cover everything. I retooled with CBT nuggets and much labbing (network diagram attached). I used that equipment (3x2950, 2x2610xm, 1x2610, 2x3750) to test most core objectives. I used this sheet to reconfigure the 3 2950s and 2 3750s from scratch without notes, to spec. There were a few topics I was confused about (vtp pruning vs. manual pruning, vtp v3, vs vtp v2 transparent mode) on which the exam will split hairs, which weren't covered by OCG or nuggets. Network specs:ALL DEVICES · Set hostnames and domain names (to example.com). · Store encrypted passwords for enable mode and scottm on all switches · Only permit ssh on vty lines, remove timeout for console & vty. · Dhcp snooping should be active on all switches, and all trunks should be trusted. · All live access ports must have portfast, bpduguard and a max of 2 MACs per interface. · Recovery in 5 minutes should be configured for port-security violations. · All unused ports should be access ports in VLAN 99 (unused devices) and shutdown. · Each should run MST (instance 1 for vlan 1 and 2 for vlan 2, name = CCNP) · Everything should point to 172.16.0.1 for NTP, but prefer 10.0.0.1. · Aaa authentication using radius (192.168.1.175, key=CCNP, timeout = 5 seconds) and then local should be set up everywhere · Configure SNMP v3 (username scottm, no auth/priv) and permit from 192.168.1.175.SWITCH-01 through SWITCH-03 · VTP domain & password = CCNP, mode=server · No trunks should use DTP. · All port channels should use PAGP. · Switch-01 is root mst for vlan 1, Switch-02 is secondary root mst for vlan 1. · All switches use default gateway 10.0.0.1MSL-01 & 02 · VTP domain & password = CCNP, mode=transparent · Use the Access SDM template · MLS01 should be mst root for vlan 2, MLS02 should be mst secondary for vlan 2 · MLS01 & 2 should be trunked together using lacp, 802.1q without DTP on fa1/0/2 & 4 · Vlan 1: 10.0.0.0/24 (using .111, .112) · Vlan 2: 10.0.1.0/24 (using .2, .3 and sharing .1) · Configure broadcast storm control on fa1/0/3 (>5 packets/second) · Vlan2 should forward dhcp requests to Router 3 · EIGRP process 10 should be enabled, peering with 10.0.0.1 · Trunks to Switches 02 and 03 are via 802.1q without DTP. · Nothing in vlan 2 should be permitted to ping 192.168.1.3 · MAC of the Win8 (6451-0604-83b1) should be hard coded to fa1/0/3 on MLS1 & 2 for vlan 2. It should be the only permitted MAC. · Ip sla for ping should be set up between MLS1 and Router-02 · On MLS-01, configure primary VLAN 10 (10.0.10.0/24), isolated VLAN 12 (fa1/0/12-13), and community VLAN 14(fa1/0/14-15). Point to Router-3 for DHCP. · On MLS-01 and MLS-02, configure fa1/0/48 with dot1x authentication · Configure SNMP v3 (username CCNP, auth=DES/CCNPCCNP, priv=MD5/CCNPCCNP) for context vlan1 Last test, separate from above, was to configure a 9 port lacp port channel, messing with port and system priorities to determine which ports participate. Trust me and do this experiment. Best of luck to you.
