Can be practiced with " Free Cisco Catalyst Switch Lab ", by Brendan Choi
1: Load and verify the configurations from lab 6-2.
2: Configure private VLANs to isolate traffic between hosts A and B while keeping them in the same subnet.
3: Configure RACLs to separate the student and staff VLANs:
The staff VLAN (100) can access the student VLAN (200), but the student VLAN does not have access to the staff VLAN
for security purposes.
4: Configure VACLs:
Configure the network so that the temporary staff host cannot access the rest of the staff VLAN, yet still be able to
use the default gateway of the staff subnet to connect to the rest of the network and the ISP.
Note: Mistakes in the solution provided by the CCNP SWITCH Lab Manual v6
3) It is not necessary to apply the ACL on the SVI 100, pages 7/10 and 8/10,
4) Another ACL is needed to authorize traffic sourced from the temporary staff PC to the HSRP Router of its VLAN
(; that ACL call should be inserted in the first position of the displayed VLAN access map with a ‘forward’
action, page 9/10