MODE PROMPT

USER Switch >

PRIVILEGED Switch #
GLOBAL CONFIGURATION Switch (Config) #
INTERFACE CONFIGURATION Switch (Config-if) #
INTERFACE RANGE CONFIGURATION Switch (Config-if-range) #

REBOOT THE SWITCH

Switch >
Switch > enable
Switch #
Switch # reload
System configuration has been modified. Save? [Yes/No]: Y
Building configuration...
[OK]
Proceed with reload? [Confirm]

CONFIGURE HOSTNAME TO SWITCHES

Switch >
Switch > enable
Switch #
Switch # Configure terminal
Switch (Config) # Hostname CORESW2F
CORESW2F (Config) #

CONFIGURE PASSWORD TO SWITCHES ENABLE MODE /

PRIVILEGED MODE
CORESW2F > enable
CORESW2F # configure terminal
CORESW2F (config) # enable password cisco
CORESW2F (config) # exit
CORESW2F #
CORESW2F # wr
CORESW2F # Exit
CORESW2F > enable
Password:
CORESW2F#
 SETTING IP ADDRESSES AND DEFAULT GATEWAYS

CORESW2F > enable

Password:
CORESW2F #
CORESW2F# configure terminal
CORESW2F (config) #interface vlan1
CORESW2F (config-if) #ip address 192.168.30.1 255.255.255.0
CORESW2F (config-if) # Exit
CORESW2F (config) # ip default-gateway 192.168.30.1
CORESW2F (config) #exit
CORESW2F # wrCORESW2F >

CREATING VLAN
CORESW2F > Enable
CORESW2F #
CORESW2F # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
CORESW2F (config) # Vlan2
CORESW2F (config-Vlan) # name --------------
CORESW2F (config- Vlan) # Exit
CORESW2F (config) # Vlan3
CORESW2F (config- Vlan) # name --------------
CORESW2F (config- Vlan) # Exit
CORESW2F (config) # do show vlan
 ASSIGN IP ADDRESS TO VLAN
CORESW2F (config) # interface Vlan2
CORESW2F (config-if) # ip address 10.1.2.1 255.255.255.0
CORESW2F (config-if) #no shutdown
CORESW2F (config-if) # exit
CORESW2F (config) #
CORESW2F (config) # copy running-config startup-config
CORESW2F (config) # Exit
CORESW2F # show vlan association subnet

ASSIGNING THE VLAN RANGE TO FAST ETHERNET

Switch (config) # interface range fastEthernet 0/1 – 10
Switch (config-if-range) # Switchport acess Vlan 10
Switch (config-if-range) # Exit
Switch (config) #
Switch (config) # copy running-config startup-config
Switch (config) # interface range fastEthernet 0/11 – 20
Switch (config-if-range) # Switchport acess Vlan 20
Switch (config-if-range) # do show vlan

DELET IP ADDRESS TO VLAN

Switch (config) #no int vlan 32

CONFIGURE TRUNK INTERFACE ON CISCO SWITCHES

Switch > enable
Password:
Switch # Configure Terminal
Switch (Config) # interface GigaEthernet 0/1
Switch (Config-if) # Switch port trunk encapsulation dot1q
Switch (Config-if) # interface GigaEthernet 0/1
Switch (Config-if) # switch port mode trunk allowed vlan 1
Switch (Config-if) # end
Switch (Config-if) # exit
Switch (Config) # exit
Switch # copy running-config startup-config
Switch # write memory
Switch # no shutdown

S1(config)# interface fastethernet0/1

S1(config-if)# switchport mode trunk
S1(config-if)# switchport trunk native vlan 99
S1(config-if)# switchport trunk allowed vlan 10,20,30
S1(config-if)# end

 show interfaces trunk

 show interfaces switchport
 INTER-VLAN ROUTING

SVI (SWITCH VIRTUAL INTERFACE)

This is the picture of a multilayer switch. This switch has routing capabilities! I can configure something
called a SVI (Switch Virtual Interface) for each VLAN and put an IP address on it. This IP address can be
used for computers as their default gateway. Here’s how to configure it:

SW1(config)#ip routing
SW1(config)#interface vlan 10
SW1(config-if)#no shutdown
SW1(config-if)#ip address 192.168.10.254 255.255.255.0
SW1(config)#interface vlan 20
SW1(config-if)#no shutdown
SW1(config-if)#ip address 192.168.20.254 255.255.255.0

Start by enabling routing using the ip routing command. If you forget this your switch won’t build a
routing table! Next step is to create a SVI for VLAN 10 and 20 and configure IP addresses on them. This
configuration might look familiar if you worked with layer 2 switches before. On a layer 2 switch like the
Cisco Catalyst 2950/2960 we also have a SVI but you can only use it for remote management.

Once you create a SVI and type no shutdown it will normally be “up” since it’s only a virtual interface,
there are however a number of requirements or it will show up as “down”:

 The VLAN has to exist in the VLAN database and it should be active.
  At least one access or trunk port should use this VLAN actively and it should be in spanning-tree
forwarding mode.

Simply said: the VLAN has to be active somehow or your SVI will go down.

I have two computers in VLAN 10 and created a SVI for VLAN 10.

SW1#show ip interface brief vlan 10

Interface IP-Address OK? Method Status Protocol
Vlan10 192.168.10.254 YES manual up up

You’ll see that the status says up/up so that’s good.

If I shut down one interface nothing will change, my SVI will still show up/up because interface fa0/2 is
still active.
SW1#show ip interface brief vlan 10
Interface IP-Address OK? Method Status Protocol
Vlan10 192.168.10.254 YES manual up down
Once I shut both interfaces we don’t have anything active anymore in VLAN 10. As a result the SVI will
go to up/down. Now if I want I can exclude an interface from the SVI state. Imagine I want to make sure
that whatever happens to interface fa0/2 doesn’t influence the SVI state:

SW1(config)#interface fa0/2
SW1(config-if)#switchport autostate exclude

I can use the switchport autostate exclude command. This means it won’t influence the state of the SVI
interface anymore. Fa0/1 is the only interface that can now influence the SVI state, as soon as it goes
down you’ll see that SVI state go down as well, even though fa0/2 is still up and running.

Enough about the SVI, there’s another method we can use our multilayer switch for routing. By default
all interfaces on a switch are switchports (layer 2) but we can change them to routed ports (layer 3). A
routed port is the exact same interface as what we use on a router.

hostname SW1
ip routing
interface vlan 10
ip address 192.168.10.254 255.255.255.0
interface vlan 20
ip address 192.168.20.254 255.255.255.0
interface FastEthernet0/2
switchport autostate exclude
end
 ROUTER ON A STICK

SW1 has two VLANs so we have two different subnets. If we want communication between these VLANs
we’ll have to use a device that can do routing. In this example we’ll use a router for the job. R1 will need
access to both VLANs so we’ll create a 802.1Q trunk between SW1 and R1. Here’s how to configure this:
SW1(config)#interface fa0/3
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#switchport mode trunk
SW1(config-if)#switchport trunk allowed vlan 10,20

This is how we configure SW1. Make interface fa0/3 a trunk port and for security measures I made sure
that only VLAN 10 and 20 are allowed.

R1(config)#interface fa0/0.10
R1(config-subif)#encapsulation dot1Q 10
R1(config-subif)#ip address 192.168.10.254 255.255.255.0
R1(config)#interface fa0/0.20
R1(config-subif)#encapsulation dot1Q 20
R1(config-subif)#ip address 192.168.20.254 255.255.255.0
Create two sub-interfaces on the router and tell it to which VLAN they belong. Don’t forget to add an IP
address for each VLAN.

R1#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 192.168.10.0/24 is directly connected, FastEthernet0/0.10

C 192.168.20.0/24 is directly connected, FastEthernet0/0.20

The router will be able to route because these two networks are directly connected.

C:\Documents and Settings\H1>ipconfig

Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.10.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.10.254

C:\Documents and Settings\H2>ipconfig

Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.20.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.20.254
Don’t forget to set your IP address and gateway on the computers.

Let’s try a ping:

C:\Documents and Settings\H1>ping 192.168.20.1

Pinging 192.168.20.1 with 32 bytes of data:

Reply from 192.168.20.1: bytes=32 time<1ms TTL=128
Reply from 192.168.20.1: bytes=32 time<1ms TTL=128
Reply from 192.168.20.1: bytes=32 time<1ms TTL=128
Reply from 192.168.20.1: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.1.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

That’s how you do it. So why would you want to use a solution like this? It’s cheap! You don’t need a
multilayer switch for your routing. Any layer 2 switch will do.

Some of the disadvantages of this solution is that your router is a single point of failure and that traffic
flows up and down on the same link which might cause congestion.

hostname SW1
!
interface fastEthernet0/1
switchport mode access
switchport access vlan 10
!
interface fastEthernet0/2
switchport mode access
switchport access vlan 20
!
interface fastEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10,20
end
 TROUBLE SHOOTING COMMANDS VLAN

 show vlan  When devices are not communicating with each other while
supposedly configured on the same VLAN, the first command you should run
on the switch is show vlan.

 show interfaces vlan (#)  When trying to figure out why devices
configured in one VLAN cannot communicate with devices configured in
another VLAN on a layer 3 switch, make sure you have a switch virtual
interface (SVI) configured for each VLAN and that the SVI is in an up/up
state. Inter-VLAN communication must be routed from one VLAN to the next,
thus, a Layer 3 gateway must be configured on each VLAN that needs to talk.
On layer 3 switches, the gateway is configured using SVIs. 

CORESW2F#show ip interface brief | exclude unassigned

 show interfaces trunk  When a VLAN spans more than one switch, you
can use a VLAN trunk to connect VLANs together. Depending on how you
have your trunk configured, it may share information about all VLANs or only
specific VLANs spanning the two switches. If you have one or more VLANs
that are configured on two switches connected by a trunk link, yet the VLANs
are not communicating for some reason, the first command you should run
is show interfaces trunk. The command output will show you all the
configured trunk links on the local switch. In addition, it will tell you the
trunking mode, status of the trunk, and what the native (untagged) VLAN is
configured for.

 show run interface  Finally, if you are troubleshooting problems with

Cisco phones, the problem may be that they are not configured for the
proper voice VLAN. Cisco phones have a unique feature that essentially
allows them to trunk two VLANs on a single port. One VLAN is for voice traffic
and the other is for PC traffic. The switch connects to the phone and another
Ethernet connection from the phone to the PC is used. That way, each desk
or cube uses a single cable, yet the phone and PC reside in separate VLANs.