CCNP Switch Lab 7-3 Voice and Security in a Switched Network – Case Study

CCNP Switch Lab 7-3 Voice and Security in a Switched Network – Case Study



  • Plan, design, and implement the International Travel Agency switched network as shown in the diagram and described below.
  • Implement the design on the lab set of switches.
  • Verify that all configurations are operational and functioning according to the guidelines.

Note: This lab uses Cisco WS-C2960-24TT-L with the Cisco IOS image c2960-lanbasek9-mz.122-46.SE.bin and Catalyst 3560-24PS with the Cisco IOS image c3560-advipservicesk9-mz.122-46.SE.bin. Other switches (such as 2950 or 3550), and Cisco IOS Software versions can be used if they have comparable capabilities and features. Depending on the switch model and Cisco IOS Software version, the commands available and output produced might vary from what is shown in this lab.

Required Resources

  • 2 switches (Cisco 2960 with the Cisco IOS Release 12.2(46)SE C2960-LANBASEK9-M image orcomparable)
  • 2 switches (Cisco 3560 with the Cisco IOS Release 12.2(46)SE C3560-advipservicesk9-mz image or comparable)
  • Console and Ethernet cables


The International Travel Agency has two distribution switches, DLS1 and DLS2, and two access layer switches, ALS1 and ALS2. Configure the switches as follows:

  1. Disable the links between the access layer switches.
  2. Place all switches in the VTP domain CISCO and set them all to VTP mode transparent.
  3. Configure all inter-switch links statically as 802.1q trunk links.
  4. Create VLANs 10 and 200 on all switches. Configure DLS1 and DLS2 SVIs in VLAN 10 and assign addresses in the subnet.
  5. Configure DLS1 and DLS2 to use HSRP on the subnet. Make DLS1 the primary gateway, and enable preemption on both switches.
  6. Place ports Fa0/15 through Fa0/20 in VLAN 10 on both access layer switches.
  7. Enable PortFast on all access ports.
  8. Enable QoS on all switches involved in the scenario.
  9. Configure ALS1 Fa0/15 and F0/16 for use with Cisco IP phones with a voice VLAN of 200 and trust the IP phone CoS markings using AutoQoS.
  10. Configure ALS1 Fa0/18 through Fa0/20 for port security. Allow only up to three MAC addresses to be learned on each port and then drop any traffic from other MAC addresses and set the violate mode to protect.
  11. Configure ALS2 Fa0/18 to only allow the MAC address 1234.1234.1234 and to shut down if a violation occurs.


Device Configurations (Instructor version)

Switch DLS1

Switch DLS2

Switch ALS1

Switch ALS2

More Resources

About the author


Leave a Comment