2=2E Scenario: You have 2 Cisco catalyst 4509 switches in your branch, connected to each other using Gig port on Sup Module. VLAN 1 is you primary VLAN for users. See below for the configuration of the VLAN on both switches.
4509-1 config: interface Vlan1 ip address 10.2.100.1 255.255.0.0 no ip redirects standby 1 ip 10.2.100.2 standby 1 priority 105 standby 1 preempt4509-2 config: interface Vlan1 ip address 10.2.100.3 255.255.0.0 no ip redirects standby 1 ip 10.2.100.2 standby 1 priority 100
=B7 Question: Which switch should be the root device for Spanning tree ? Answer: Based on the HSRP configuration, 4509-1 will be the root device for spanning tree.
3=2E Scenario: 2 branch offices connected through managed private LAN, routers R1 and R4 belongs to you, routers R2 and R3 are managed routers and you have no control over it. You want to run OSPF as a routing protocol across those 2 branches.=B7 Question: How you can achieve this.
4=2E Scenario: Small branch office has Cisco Catalyst 2950G-24 switch and Cisco 1841 router with 2 Fast Ethernet interfaces. Fa0/0 connected to Private line pointed to headoffice, Fa0/1 connected to switch. Internal network in the office - 10.0.0.0/24. You have to create separate network in this office for test equipment (i.e 10.0.1.0/24), devices on this network should be able to connect to your headoffice network and to old branch network (10.0.0.0/24).=B7 Question: How you can do this ?
5=2E Scenario: Small branch office has own Internet connection terminated on Cisco PIX 501, (see configuration below). Your office has a site to site VPN connection to the headoffice.interface ethernet0 10baset interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password encrypted passwd encrypted hostname ScarPix domain-name dscltd.com fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names name 10.7.0.0 TCA-Main name 10.0.0.0 Lang access-list in_out_nat0_acl permit ip 192.168.255.0 255.255.255.240 Lang 255.255.0.0 access-list in_out_nat0_acl permit ip 192.168.255.0 255.255.255.240 TCA-Main 255.255.0.0 access-list out_crypto_20 permit ip 192.168.255.0 255.255.255.240 Lang
255.255.0.0 access-list out_crypto_20 permit ip 192.168.255.0 255.255.255.240 TCA-Main 255.255.0.0 pager lines 24 logging on mtu outside 1500 mtu inside 1500 ip address outside pppoe setroute ip address inside 192.168.255.2 255.255.255.240 ip audit info action alarm ip audit attack action alarm pdm history enable arp timeout 14400 nat (inside) 0 access-list in_out_nat0_acl timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local aaa authentication telnet console LOCAL aaa authentication ssh console LOCAL http server enable http 10.0.250.170 255.255.255.255 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto map out_map 20 ipsec-isakmp crypto map out_map 20 match address out_crypto_20 crypto map out_map 20 set peer 209.135.126.147 crypto map out_map 20 set transform-set ESP-3DES-SHA crypto map out_map interface outside isakmp enable outside isakmp key ******** address 209.135.126.147 netmask 255.255.255.255 no-xauth no-config-mode isakmp policy 20 authentication pre-share isakmp policy 20 encryption 3des isakmp policy 20 hash sha isakmp policy 20 group 2 isakmp policy 20 lifetime 86400 telnet timeout 5 ssh 209.202.119.2 255.255.255.255 outside ssh timeout 5 console timeout 0 vpdn group Bell request dialout pppoe vpdn group Bell localname vpdn username password ********* dhcpd address 192.168.255.8-192.168.255.14 inside dhcpd wins 10.0.0.3 dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd domain dscltd.com dhcpd auto_config outside username password encrypted privilege 15 terminal width 80 Cryptochecksum:e62b274f3c900e2a451d81748f320df0 : end=B7 Question: Can they use own internet connection for internet access and if not, what you would change in config to allow this. PIX Version 6.3(3)
6=2E Scenario: Small office has Internet Connection terminated on Cisco PIX firewall all local computers connected to Cisco Catalyst 2950 switch. You need to create additional subnet on internal branch network, this new subnet must have Internet access and ability to talk to existing internal subnet. =B7 Question: How you can achive this if: a) You have Cisco PIX 501 b) You have Cisco PIX 506 c) You have Cisco PIX 515 with 2 Ethernet interfaces d) You have Cisco PIX 515 with 3 Ethernet interfaces