Tip: Individual topology files are available in the diagrams folder on my Github
=== ## :icon-tasklist: Configuration Tasks ### Layer 2 Configuration Ensure access ports, trunks, VLAN databases, and port-channels are configured to span Layer 2 domain across all access and distribution switches. - **VLAN 10** – Sales - **VLAN 20** – Engineering - **VLAN 30** – Marketing *(New)* - **VLAN 99** – IT ### 1. Configure Rapid Per-VLAN Spanning-Tree - Enable **PVST+** on all switches. - Assign root bridge priorities so that: - `sea-mdf-dsw1` is the root for VLANs 10 and 99 - `sea-mdf-dsw2` is the root for VLANs 20 and 30 - Verify root bridge election and port roles using the appropriate show commands. ### 2. Configure Distribution Switches - Configure VRRP according to the diagram, load-balancing active gateways between `dsw1` and `dsw2` and implementing md5 authentication - On `sea-mdf-dsw1` and `sea-mdf-dsw2`, use a single network statement to advertise a single summary route into OSPF. - Ensure summary route is seen on `sea-mdf-r1` and `sea-mdf-r2` - Utilize `passive-interface default` under your OSPF process configuration and enable adjacencies on only on Eth5, Eth6, and VLAN 99. ### 3. Configure Routers - Configure OSPF to form adjacencies on Eth0/1 and Eth0/2 - Originate a default route into OSPF with a next-hop of your ISP - Set up a DHCP server and pool for each VLAN (10, 20, 30, 99) on either `sea-mdf-r1` or `sea-mdf-r2`. - Use **DHCP relay** on SVI's to forward client requests to your DHCP server. - Exclude gateway IP addresses from your DHCP pools. !!!tip Linux host DHCP commands * `sudo dhclient -v eth1` - Requests DHCP lease + verbose output flag * `sudo dhclient -r eth1` - Release existing lease !!! ## :icon-check-circle: Success Criteria +++ Primary Goals - **Spanning Tree** - `sea-mdf-dsw1` is root bridge for VLAN 10,20 - `sea-mdf-dsw2` is root bridge for VLAN 30,99 - **Routing** - Routers are learning a single summary route for all four departments at Shrimp Co. - All Loopbacks are reachable from hosts. - You can curl http://seamart.com from a host that got DHCP - **DHCP** - All hosts receive a DHCP lease +++ Stretch Goals - Capture and inspect a DHCP Discover and Offer exchange in a tcpdump on an access switch | `tcpdump interface [ethernet X] filter udp` - Configure OSPF with neighbor authentication - Exclude .1 through .9 from being handed out as DHCP addresses and set a lease time of one day. +++ ## :icon-terminal: Verification Commands +++ Switch Commands ```bash # Spanning-tree verification show spanning-tree vlan [10] show spanning-tree [detail] show spanning-tree blockedports ``` +++ Router Commands ```bash # OSPF show ip ospf database summary show ip route ospf show ip ospf neighbor show ip ospf interface [Ethernet5] # DHCP bindings show ip dhcp binding ``` +++ Host Commands ```bash # IP and default gateway ip route show # Gateway reachability ping