Tonight...

I started off tonight by hitting a practice exam.  Got caught off-guard with a few questions and got and 84% on the thing.  I will try again tomorrow.  I then booted up the rack, cleared my configs and vlan.dat files, and started off by configuring vtp, version, domain, mode, and password.....easy enough.  Then I created a couple of vlans on the server...and made sure they were given to the client boxes.  They were....Then I, without a book, configured MST, mapping vlans 10, 100 to instance 1, vlan 200 to instance 2, and vlan 300 to instance 3.  I had to do some research, but found the command to make a different switch the root for a specific instance:

(config)spanning-tree mst [instance #] root primary

as Borat would say.....niooooooccceeeee

Then I did a VACL to block a host from reaching his intended vlan.  He was still allowed access other vlans, unless the acl read somthing like

access-list 1 permit 192.168.10.100 0.0.0.0

then he didnt get to shit!

I changed it to:

access-list 101 permit ip host 192.168.10.100 192.168.10.0 0.0.0.255

and it worked as planned.

I also set up some inter-vlan routing using one of my 3550's.  Easy config....just set the default gateway on the other switches....configure routing with "ip routing", and configure the interfaces. Works flawlessly.  Going to go to bed and read some foundation summary's now.