For management security, the case study mandates replacing Telnet with SSH. Steps include:
SSH ensures that all remote management traffic, including login credentials and commands, is encrypted. Verification involves establishing an SSH session from a PC using PuTTY or the ssh -l username router-ip command.
Set primary/secondary root for different VLANs (load balancing). ccna-2v7.0 case study -rev b-
spanning-tree vlan 10 root primary
spanning-tree vlan 20 root secondary
Note: Commands below are canonical Cisco IOS examples. Apply appropriate interface names and device-specific variations.
hostname R2
no ip domain-lookup
enable secret cisco123
service password-encryption
line console 0
logging synchronous
password cisco123
login
line vty 0 4
transport input ssh
login local
!
ip domain-name clearview.local
username admin secret AdminPass1
crypto key generate rsa modulus 2048
interface GigabitEthernet0/0
no shutdown
!
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
!
interface GigabitEthernet0/0.30
encapsulation dot1Q 30
ip address 192.168.30.1 255.255.255.0
ip dhcp excluded-address 192.168.10.1 192.168.10.50
ip dhcp excluded-address 192.168.20.1 192.168.20.50
ip dhcp excluded-address 192.168.30.1 192.168.30.50
ip dhcp pool VLAN10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 8.8.8.8
ip dhcp pool VLAN20
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 8.8.8.8
ip dhcp pool VLAN30
network 192.168.30.0 255.255.255.0
default-router 192.168.30.1
dns-server 8.8.8.8
vlan 10
name Sales
vlan 20
name Engineering
vlan 30
name HR
interface range GigabitEthernet0/1 - 10
switchport mode access
switchport access vlan 10
interface range GigabitEthernet0/11 - 20
switchport mode access
switchport access vlan 20
interface range GigabitEthernet0/21 - 24
switchport mode access
switchport access vlan 30
interface GigabitEthernet0/48
switchport trunk encapsulation dot1q
switchport mode trunk
router ospf 1
network 10.10.10.0 0.0.0.3 area 0
network 192.168.10.0 0.0.0.255 area 0
network 192.168.20.0 0.0.0.255 area 0
network 192.168.30.0 0.0.0.255 area 0
And on R1 include the WAN and any HQ networks in OSPF area 0. For management security, the case study mandates replacing
ip domain-name clearview.local
username netadmin secret NetAdm1!
crypto key generate rsa modulus 2048
ip ssh version 2
line vty 0 4
transport input ssh
login local
ip access-list extended HR_BLOCK
permit ip any any
deny ip 192.168.30.0 0.0.0.255 host 192.168.10.50
(Real ACL ordering matters; refine per lab requirement.)
access-list 1 permit 192.168.0.0 0.0.255.255
ip nat inside source list 1 interface GigabitEthernet0/0 overload
interface GigabitEthernet0/0
ip nat outside
!
interface Serial0/0/0
ip nat inside
The CCNA 2 v7.0 Case Study – Rev B successfully mirrors real-world networking challenges, requiring the integration of switching, routing, and security concepts. By implementing VLANs, trunking with a secure native VLAN, router-on-a-stick inter-VLAN routing, DHCP, static routing, and SSH, a network engineer builds a robust and manageable infrastructure. The case study emphasizes not just configuration but also verification and troubleshooting—essential skills for any networking professional. Ultimately, mastering these tasks prepares students for both the CCNA certification exam and practical network administration roles. SSH ensures that all remote management traffic, including
The modern enterprise relies on networks that are not only functional but also scalable, secure, and efficiently segmented. The CCNA 2 v7.0 Case Study – Rev B provides a practical scenario where a network engineer must design, configure, and verify a multi-switch, multi-router environment. This essay outlines the key implementation tasks, including VLAN segmentation, trunking, inter-VLAN routing, DHCP configuration, and remote management security, while highlighting best practices and verification strategies.