Table of Contents About the Aur. Virtual LAN (VLAN... VIAN ~ Configuration UAB “Verify VLAN LB -VERIFY VLAN Connectivity ( Same Networks) LAB — VERIFY VLAN Connectivity (Different Networks) UAB - VLAN Design (Different Networks)... VOICE VLAN LAB - VOICE VLAN Configuration Management VLAN AB - Mangement VLAN Trunking Concepts LAB: TRUNKINE ——. cr. INTER-VLAN ROUTINE... LAB: VLAN Routing using Separate Baten... LAB INTER VLAN-ROUTING USING ROUTER (Router on Stick) LAB: Inter Van-Rauting ~L3 SMITE... sense UB: Inter Vian-Routing ~ 3 Switch ~ Multiple Switches UAB —L3 Routed interfaces — 13 SMITH ener AB: Inter Vian-Routing - 3 Switch ~ Mlle Switches VIAN TRUNKING PROTOCOL - VIP UB: VIP YIP REVISION NUMBER Spanning-tree Protocol LAB: VERIFYING SPANNING-TREE..... AB: Tuning STP (cast/praiity Timer). Campus Hierarchial Model STP- Selecting Root Bridge SPANNING_TREE PORTFAST. LAB: STP PORT FAST: ETHERCHANNEL / Link Aggreration / Port Channel LAB Confgruin Ether-Channel Using Pagp Protocol NegotiationLayer 3 Etherchannel STP - BPDU GUARD UB: BPDU Guar UAE: BPDU iter inerFace VED. oo Reid Spanning-Tree Protocol (RSTP). son Selecting Root Bridge......e.coeemnennnenen ne Per VIAN Spansng-TreeProtocl- PST... UAE: Per VLAN STP. Common Sparing-ree Protaacal (ET)... Mull Spanning Tree Protocol - STP... a UB: MSTP (MULTILPLE SPANNING-TREP.... Switchport Analyser ~ SPAN-RSPAR-ERSPAN. cnn Al co AB 150 156 vou l6D 168 soo TD AM 187 203About the Author Sikandar Shaik, a Triple CCIE (RS/SP/SEC # 35012), is a highly experienced and extremely driven senior technical instructor and network consultant. He has been training networking courses for more than 15 years, teaching on a wide range of topics including Routing and Switching, Service Provider and Security (CCNA fo CCIE). In addifion, he has been developing and updating the content for these courses. He has assisted many engineers in passing out the lab examinations and securing certifications. Sikandar Shaik is highly skilled at designing, planning, coordinating, maintaining, troubleshooting and implementing changes to various aspects of mulfi-scaled, multi-platform, multi-protocol complex networks as well as course development and instruction for a technical workforce in a varied networking environment. His experience includes responsibilities ranging from operating and maintaining PC's and peripherals to network control programs for multi-faceted data communication networks in LAN, MAN and WAN environments. Sikandar Shaik has delivered instructor led trainings in several states in India as welll as in abroad in countries like China, Kenya and UAE. He has also worked as a Freelance Cisco Cerfified instructor globally for Corporate Major Clients. Acknowledgment First and foremost | would like fo thank the Almighty for his continued blessings and for always being there for me. You have given me the power and confidence to believe in myself and pursue my dreams. | could never have done this without the faith I have in you. Secondly | would like fo thank my family for understanding my long nights at the computer. | have spent a lot of time on preparing workbooks and this workbook would not have been possible without their support and encouragement. I would also like to recognize the cooperation of my students who took my trainings and workbooks. | believe my workbooks have helped them in upskilling themselves with respect fo the subject and technologies and | will continue preparing workbooks for the updated technology versions. Shaik Gouse Moinuddin Sikandar CCIE x 3 (RS/SP/SEC) Feedback Please send feedback if there are any issues with respect to the content of this workbook. | would also appreciate suggestions from you which can improve this workbook further. Kindly send your feedback and suggestions at info@noasolutions.comtual LAN (VLAN) Vi tual LAN (VLAN) — Trunking Sikandar Shaik CCIEx3 (RS/SP)/SEC # 35012 Senior Technical Instructor www.noasol com htty What is Broadcast Domain 2 XA, Switches will aso broadcast Ethernet frames if they haven't learned the destination MAC address yet. Switches will forward broadcast traffic on all their interfaces, except the one they received the broadcast on. Set ofall devices that recelve broadcast frames originating from any device within the set. ALLAN includes all devices in the same broadcast domain. (écie) (cee) (cre) TING AND “SeRvice SECURITY ‘rondest DomainBroadcast Domain A, 6 A. » Size of the broadcast domain depends on number of devices connected in LAN. » Routers do not forward broadcast traffic, they break broadcast domains. Broadcast Domain » Number of broadcast domains depends on number of LAN/VLANS network, » Routers do not forward broadcast trafic, they break broadcast domains. » VLANs on switches also allow you to break broadcast domains. Broadcast Domain FT Broadcast Domain #2 lesa es | ‘We now have three broadcast domains, one on each side of the router. wnteonn i Soon ores mamaameonesn Page 6Virtual VLAN (VLAN) JD | q YA » Divides one single Broadcast domain into Multiple Broadcast domains. ‘One LAN (alvides multiple virtual VLANs) > VLANS provide a way to group devices within a LAN J | oD fe ‘What happens when a computer connected to the Accounts department » sends a broadcast like an ARP request? > Orif the destination mac unknown ( not present in mac-table) » By default the broadcast goes to each and every device in the network. » As by default there is only one broadcast domain Loy a CCI Ey JO Gl [ Accounts Marketing 192.168.1.0/24 192.168,2.0/24VLAN alvdes one single broadcast domain in o multiple Broadcast domains OA. > Limit the number of broadcast Unicast, broadcast, and multicast packets are forwarded and flooded only to end stations within the VLAN where the packets are sourced. ‘Accounts r92168.1.0/4 Finance ver69.4.0/26 Virtual LAN (VLAN) Benefits NA, » Limit the number of broadcasts (as broadcast goes with in the VLAN) Flooding of a packet i limited to the switch ports that belong to a VLAN. Prevents from listening to or receiving broadcasts not intended for them (from other VLAN ) » Improves the network performance and reduces network congestion, Reduces unnecessary traffic on the network and boosts performance. Cost saving by making efficient use of existing bandwidth and uplinks. A higher level of network security can be reached by separating sensitive data traffic from other network traffic VLANVLAN Types Types of VLANs == m, SA. > Default VLAN > Data VLAN » Voice VLAN ere oor, » Management VLAN » Native VLAN “Swit how an ret Internet VLAN Name 1 default seve Fat, 0/3, Fa Favs Foo’, For, Fane Fors, Foro, Fon, Fanri2 RD HR BR GR teat defer rane Management Heladesk Finance Security Frost, Faas, Fas, Faor0 romana 3 ome. ot CRD R RRD a | ae “ les Research 108 emet default acvinsip Default VLAN NA, » On Cisco switches the default VLAN is VLAN 1. » At the initial boot up of the switch, Al switch ports become a member of the default VLAN. Makes them all part of the same broadcast domain. This allows any network device connected to any of the switch port to communicate with other devices on other switch ports » VLAN 1 has all the features of any VLAN, except that you cannot rename or delete it. ‘Switch show vlan ble VLAN Name 1 defautt active Fao, Fava, Fao’, Fa0/a Faovs, Fanve, F207, Fa0ve Faove, Fao/10,Fa0/1, F20712 Fas, Fa0/4, F205, F016 Far, Fa0/18, Fa0/19,Fa0/20 Fao/21,Fao/22,Fa0/28,Fa0/24 Gio, Gior2 1002 fddt-defaut acvunsup 1003 token-ring-default acvunsup 1004 fddinet-defaut acvunsup absense 1005 tmet-defauit acvunsupNA. » The link connected to your computer is assigned to a data VLAN. J— internet » The data VLAN is designated only for user-generated data. Data VLAN ( User VLAN: » Also known as a user VLAN. yun wn =z wats S 3 SoBe Resource NOTE » ALAN caning voice or management traffic would not be a data VLAN. » It is common practice to separate voice and management traffic from data traffic. Voice VLAN NA are ONLINE ACADEMY + separate VLAN is needed to support Voie over P(ValP, Vole VLAN enables access pons to cay voce cate fom an phone. 0) » The Volce VLAN Is also known asthe Ausllary VLAN (AUX VLAN) » IP phones uses the same UTP cables to connect to Ethernet switch a » The computer will be in a data VLAN, the IP phone willbe in the voice VLAN. » The Cisco IP Phone contains an integrated three-port 10/109 switch Bun Seiten ‘Acces Layer VIAN 100 VIAN 101 cost Fone 2. Gas — QBManagement VLAN m, OA, » Used for managing the switch from a remote location by using protocols such as telnet, SSH, SNMP, syslog etc. » Normally the Management VLAN is VLAN 1, but you can use any VLAN as a management VLAN. » A best practice isto set up a separate VLAN for management traffic. © Provide security to separate management traffic (from data VLAN) © Also ensures that bandwidth for management will be available even when user traffic is high. » Cisco recommends not to use VLAN 1 and not to use any VLAN that carries user data traffic as Management VLAN. » You must configure IP address and default gateway for Management VLAN. 0/1, i of si é VLAN 2 Computers, 10.X.2.0 /24 VLAN Ranges » Cisco 1OS Software Release 12.2SX supports 4096 VLANs » These VLANs are organized into several ranges; you use each range slightly differently. VLANs Range ter v ) jo, 4095 Reserved |For system use only. You cannot see or use Ithese VLANs. uN? wus ‘computers cameras fi INommal [Cisco default. You can use this VLAN but 1020/26 10x40 /28 fou cannot delete it l2-1001 INormal |For Ethernet VLANs; you can create, use, ind delete these VLANs. Hoo2-1005 [Normal [Cisco defaults for FDDI and Token Ring [You cannot delete VLANs 1002-1005. foos-aose [Extended |For Ethernet VLANs only.VLAN - Confi ‘ion VLAN — Creating VLAN ‘Switchash vian brief m, OA, 7 VLAN Name Status Ports Switch(configie vian 7 Switch(config-Vian)s mame Switch(config- Vian) Exit 1 default active Fag/1, Fa0/2, Fa0/3, Fa0/s Fa0/s, Fa0/6, Fa0/7, Fa0/e Fa0/8, Fa0/10, Fa0/11, Fa0/12 eae ce Fa0/13, Fa0/14, Faov15, Fa0/16 Switchiconfigvian 10 ] F20/17, Fa0/18, Fa0/19, Fa0/20 ‘Switch(config-vianjéname Green Fao/21, Fao/22, Fao/23, Fao/24 10 Green active Switchyconfig-vian}evian 20 20 Red active ‘Switch(config-vianjéname Red ‘0 on ‘ Ca 1002 fddi-default active Switchiconfig-vlan}evian 30 rooagaktiing default ate Switchiconfig-vlan}ename Blue 100$ fddinet default active _— 1005 tmet-default active B-t001 INormal For Ethemet VLANs, you can create, use, land delete these VLANs. fiooe-s0s4 [Extended |For Ethernet VLANs only. VLAN ~ Assigning Ports OA, » VLAN Assignment is based on port numbers ( host connected) » By Default all ports will be in VLAN 1 » Need to manually assign a port on a switch to a VLAN ‘One port can be a member of only one VLAN ( data or Voice) » Can be Configured on a Manageable switches only » VLANs are based on logical connections, instead of physical connections, ae vlan 10 (ACCOUNTS) +2, 3,459, 12 192.168.1.0/24 a vlan 20 (MARKETING) = 5, 6,10, 11 192.168.2.0/24 vlan 30 (SALES) 78 192.168.3.0/24VLAN - Assigning Ports_- Configuration NOA, 7 Switehiconfigye interface range f0/1 - 4, fo/9, f0/12 Switch(config-iFrange) switchport mode access Switch(config-IFrange} switchport access vian 10 Switch(config-iFrange} exit Switeh(config Interface Switeh(config:ié switchport mode access Switch(confg-i¢ switchport access Vlan os oa a ‘Switch(configyt interface range f0/5 - 6 , f0/10- 11 Switch(config int range fo/7 - 8 ‘Switch(config-itrangew switchport mode access ‘Switch(config-rangey# switchport mode access ‘Switch(config-itrangey switchport access vlan 20 ‘Switch(config--range)# switchport access vian 30, ‘Switch(config-itrangeyt exit Switch(config--range)+ exit VLAN ~ Configuration NA, aa > PCsare preconfigured with IP address (from 192.168.1.0/24). » Verify the Reachability between same VLAN / Different VLAN.LAB -VLAN — Design ie > PCsare preconfigured with IP address as given below ss vlan 10 (ACCOUNTS) = 1, 2,3, 4,9, 12 192.168.1.0/24 vlan 20 (MARKETING) = 5,6, 10, 11 192.168.2.0/24 vlan 30 (SALES) =7,8 192.168.3.0/24 > Verify the Reachability between same VLAN / Same network. 192.168.10.0/24 192.168.20.0/24 192.168.30.0/24 192,168.40.0/24 ae VLAN 10 VLAN 20 VLAN 30 VLAN 40LAB -Verify VLAN 192.168.1.4 a=. 168.14 168.1. 192.168.1.0/24 STEPS: 1g between 192.168.1.1 and. 192.168.1.3 a. (they can communicate with each other and they are on the same network (logically) and same VLAN (default vian 1) 2. Create VLAN 20 3. Shift port 0/3 , 0/4 in to VLAN 20 4, Ping between 192.168.1.1 and 192.168.1.3 a. they cannot communicate with each other and they are on the same network (logically) but on different VLAN (VLANI and vian 20) Switchi#sh vlan VLAN Name Status Ports 1 default active Fa0/I, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gig!/1, Gig! /2 1002 fdiai-defauit act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-defautt act/unsup PC>ipconfig IP Acres S2NOona Subnet Mask, 2 255.255.2550 Default Gateway.nnennnen! 192.168.1.100 PC>ping 192.168.1.2 wsesone iso sheansie sonatas mmnomeaaiensson "Page 15Pinging 192.168.1.2 with 32 bytes of data: Recly ROnHISZNEBID: bytes=32 time=19ms TIL=128 Reply from 192.168.1.2: bytes Reply from 192.168. 1.2: bytes=32 time=8ms Tl Reply from 192.168.1.2: bytes=32 time=7ms TIL=128 PC>ping 192.168.1.3 Pinging 192.168. 1.3 with 32 bytes of data: Reply IOMMO2NSBNISIBYIEs=32 time=12ms TIL=128 Reply from 192. 168. 1.3: bytes 28 Reply from 192.168. 1.3: bytes=32 time=7ms TL=128 Reply from 192,168. 1.3: bytes=32 time=8ms T=128 PC>ping 192.168.1.4 Pinging 192.168. 1.4 with 32 bytes of data: Reply tom 192. 168.1 4 bytes=32 time=10ms TIL=128 Reply from 192.168. 1.4: bytes Reply from 192.168. 1.4: bytes=32 time=8ms TT Reply from 192.168. 1.4: bytes=32 time=9ms TIL=128 All the Four devices in the LAN can communicate with each other and they are on the same network (logicallyandsame VLAN«(.default vian 1) TASK: Create Vian 20 And Shift The Ports 3 And 4 In To Vian 20 Switch(config) #vlan 20 Switch(config-vian)#name SALES ‘Switch(config-vian) #exit Switch(config) #interface fastEthernet 0/3 Switch(config-if) #switchport mode access Switch(config-f) #switchport access vian 20 Switch(config-f] #exit Switch(config) #interface fastéthernet 0/4 Switch(configrif) #switchport mode access Switch(config-if) #switchport access vian 20 Switchitsh vian VLAN Name Status Ports Tce reUiF ae tive NFGO/IFAO/2)F0/s, Fa0/6 Fa0/7, Fa0/8, Fa0/9, Fa0/10 Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, FaQ/22 Fa0/23, Fa0/24, GigI/I, Gigt/2 1002 fddi-default ‘act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-defauit act/unsupPC>ipconfig |P Address MMMM O2E8I0 Subnet Mask... : 255.255.255.0 Default Gatewer 2192.168.1.100 PC>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: Reply bytes=32 time=1Ims TTL=128 Reply from 192.168. 1.2: bytes=32 time=9ms TM=128 Reply from 192.168.1.2: bytes=32 time=7ms TTL=128 Reply from 192,168. 1.2: bytes=32 time=7ms T.=128 PC>ping 192.168.1.3 ae 192. 168.1.3 with 32 bytes of data: Request timed out. Request timed out. Request timed out. PC>ping 192.168.1.4 Pinging 192.168.1.4 with 32 bytes of data: Request timed out. Request timed out. Request timed out,(Sai Networks) ‘© PCs are preconfigured with IP address (from 192.168.1.0/24). ‘+ Verify the Reachability between same VLAN / Different VLAN. Switch#show interfaces status Port Name Fa0/1 Fa0/2 Fa0/3 Fa0/4 Fa0/5 Fa0/6 Fa0/7 Fa0/8 Fa0/9 Fa0/10 Fa0/11 Fa0/12 Fa0/13 Fa0/14 Fa0/15 Fa0/16 Fa0/17 Fa0/18 Fa0/19 Fa0/20 Fa0/2) Fa0/22 Fa0/23 Fa0/24 Gigod/1 Gigd/2 Status connected connected connected connected connected connected connected connected connected connected connected connected notconnect notconnect notconnect notconnect notconnect notconnect notconnect notconnect notconnect notconnect notconnect notconnect notconnect notconnect Vian 1 On PC1 veirfy the reachability to_other PC C:\>ipconfig FastEthernet0 Connection:(default port) Duplex Speed Type auto auto auto auto culo auto auto auto auto auto auto auto auto auto auto auto auto auto auto auto auto auto auto auto auto auto auto auto auto auto auto auto auto auto auto auto auto auto aulo auto auto auto auto auto auto auto auio auto auto auto auto auto 10/100BaseTX 10/100BaseTX 10/100BaseTX 10/100BaseTX 10/100BaseTx 10/100BaseTx J0/100BaseTX 10/100BaseTX 10/100BaseTx 10/100BaseTx 10/100BaseTX 10/100BaseTX 10/100BaseTX 10/100BaseTX 10/100BaseTx 10/100BaseTx 10/100BaseTx 10/100BaseTx 10/100BaseTx 10/100BaseTx 10/100BaseTx 10/100BaseTx 10/100BaseTX 10/100BaseTx 10/100BaseTX 10/100BaseTXLink-local IPV6 Adiaress........! FE80::2D0:BAFF:FE95:3278 IP Address. sven 192,168,101 Subnet MASK. oe. : 255.255.255.0 Default Gateway... 1 192,168.1.100 C:\>ping 192.168.1.1 Pinging 192.168.1.1 with 32 bytes of data: Reply from 192.168. 1.1: bytes=32 time=Sms M=128 Reply from 192.168. 1.1: bytes=32 time=3ms M=128 Reply from 192.168. 1.1: bytes=32 time=4ms T.=128 Reply from 192.168. 1.1: bytes=32 time=5ms T=128 C:\>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: Reply from 192.168.1.2: bytes=32 time=Ims TIL=128 Reply from 192.168.1.2: bytes=32 time=!2ms TIL=128 Reply from 192.168.1.2: bytes=32 timeping 192.168.1.3 Pinging 192.168.1.3 with 32 bytes of data: Reply from 192.168.1. : bytes=32 time=Ims TTL=128 Reply from 192.168.1.3: bytes=32 time=10ms TIL=128 Reply from 192.168.1.3: bytes=32 timeping 192.168.1.6 Pinging 192.168.1.6 with 32 bytes of data: Reply from 192.168. 1.6: bytes=32 time=!ms TIL=128 Reply from 192.168. 1.6: bytes=32 time=3ms TIL=128 Reply from 192.168. 1.6: bytes=32 timeping 192.168.1.10 Pinging 192.168.1.10 with 32 bytes of data: Reply from 192.168.1.10: bytes=: Reply from 192.168.1.10: bytes=32 time=4ms TT Reply from 192.168.1.10: bytes=32 timeping 192.168.1.12 Pinging 192.168. 1.12 with 32 bytes of date: Reply from 192.168.1.12: byte: Reply from 192.168.1.12: byte: Reply from 192.168. 1.12: bytesReply from 192.168. 1.12: bytes=32 timeipconfig FastEthernet0 Connection:(default port) Link-local IPV6 AdAPeS8 ne! FEBO::200:BAFF:FE9S:327B IP Address. 2 192.168.1.1 Subnet Mask... 255.255.255.0 Default Gateway... 1 192,168.1.100 C:\>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: Reply from 192.168.1.2: bytes=32 timeping 192.168.1.3 Pinging 192.168.1.3 with 32 bytes of data: Reply from 192.168.1.3: bytes=32 time=Ims TTL=128 Reply from 192.168. 1.3: bytes=32 timeping 192.168.1.4 Pinging 192.168. 1.4 with 32 bytes of data: Reply from 192.168. 1.4: bytes=32 time=Ims TTL=128 Reply from 192.168. 1.4: bytes=32 timeping 192.168.1.5 Pinging 192.168.1.5 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out, Ping statistics for 192.168. 1.5: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss}, C:\>ping 192.168.1.6 Pinging 192.168. 1.6 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out.Ping statistics for 192.168.1.6: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss}, C:A\>ping 192.168.1.7 Pinging 192.168.1.7 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 192.168.1,7: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), C:\>ping 192.168.1.10 Pinging 192.168.1.10 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 192.168.1.10: Packets: Sent = 4, Received = 0, Lost =4 (100% loss}, C:\>ping 192.168.1.9 Pinging 192.168. 1.9 with 32 bytes of data: Reply from 192.168. 1.9: bytes=32 timeping 192.168.1.12 Pinging 192,168.1.12 with 32 bytes of data: Reply from 192.168. 1.12: bytes=32 time Reply from 192.168.1.12: bytes Reply from 192.168.1.12: bytes Reply from 192.168. 1.12: bytesTASK * Contive with VLAN Configuration on Ports on the switch * PCs are preconfigured with IP address from different networks. + Verify the Reachability between same VLAN Nefworks. (should reach each other) ‘Switch#show vian brief VLAN Name Status Ports 1 default active Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 ig0/1, Gigd/2 1002 fddi-default active 1003 foken-ring-default active 1004 fddinet-default active 1005 trnet-default active Switch# 19: from VLAN 1 C:\>ipconfig FastEthernet0 Connection:(default port) Link-local IPV8 Address.......! FE80::2D0:BAFF:FE9S:3278 IP Address... 2 192.168.1.1 Subnet Mas! 1 258.255.255.0 Default Gateway... 192.168.1.100 C:\>ping 192.168.1.2 Pinging 192.168. 1.2 with 32 bytes of data: Reply from 192.168. 1.2: bytes=32 time=Ims TTL=128 Reply from 192.168. 1.2: bytes=32 time=2ms TL=128 Reply from 192.168. 1.2: bytes=32 timeping 192.168.1.4 Pinging 192.168. 1.4 with 32 bytes of data: Reply from 192.168. 1.4: byte: 2 time<| ms TIL=128 Reply from 192.168. 1.4: bytes=32 timeping 192.168.1.5 Pinging 192.168.1.5 with 32 bytes of data: Reply from 192.168.1.5: bytes=32 time=5ms TTL=128 Reply from 192.168. 1.5: bytes=32 timeping 192.168.1.6 Pinging 192.168. 1.6 with 32 bytes of data: Reply from 192.168. 1.6: byte: Reply from 192.168.1.6: byte: Reply from 192.168. 1.6: bytes=32 timeping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 192. 168.2.1: Packets: Sent = 4, Received ), Lost = 4 (100% loss), C:A\>ping 192.168.3.1 Pinging 192.168.3.1 with 32 bytes of data: Request timed out.Request timed out. Request timed out. Request timed out. Ping statistics for 192.168.3.1: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss}, From PC ( 192. 1/24) from VLAN 20 C:\>ipconfig FastEthernef0 Connection:(default port) Link-local IPV6 AdAPeS8......! FEBO::260:47FF:FE48:CDBA IP AAAS... sorceress! 192,168.21 Subnet Mask, 255.255.255.0 Default Gateway... 0.0.0.0 C:\>ping 192.168.2.2 Pinging 192,168.2.2 with 32 bytes of data: Reply from 192.168.2.2: bytes=32 timeping 192,168.23 Pinging 192. 168.2.3 with 32 bytes of data: Reply from 192,168.2.3: bytes=32 time<1ms T.=128 Reply from 192.168.2.3: bytes=32 time<1ms T.=128 Reply from 192.168.2.3: bytes=32 timeping 192.168.2.4 Pinging 192.168.2.4 with 32 bytes of data: Reply from 192.168.2.4: bytes=32 timeipconfig FastEthemet0 Connection: (default port) Link-local IPV6 AdAPES8......! FEBO::200:BCFF:FECS:CO99 IP Address. 2 192,168.3.2 Subnet Mask,.oreoe 255.255.255.0 Default Gateway.. 0.0.0.0C:\>ping 192.168.3.2 Pinging 192.168.3.2 with 32 bytes of data: Reply from 192.168.3.2: bytes=32 time=5ms TIL=128 Reply from 192.168.3.2: bytes=32 time=5ms TIL=128 Reply from 192.168.3.2: bytes=32 time=4ms TTL=128 Reply from 192.168.3.2: bytes=32 time=Ims TTL=128- VLAN Design ( Different Networks) TASK a aE Continue with VLAN configuration based on the previous lab Change the IP addressing on PCs (every VLAN should be different Subnet) as given below (Pre- configured) * vlan 10 (ACCOUNTS) =1,2,3,4,9,12 192.168.1.0/24 + vlan 20 (MARKETING) — = 5, 6, 10, 11 192.168.2.0/24 * vlan 30 (SALES) =7,8 192.168.3.0/24 + Verify the Reachability between same VLAN / Same network. ra Mo dd From PC (192.168.1.1/24 = VLAN 10 PC) C:\>ipconfig Fastéthemet0 Connection: (default port) Link-local IPVS AddreSS.......! FEBO::2D0:BAFF:FE9S:3278 : 2 192,168.11 1 259.255.255.0 192.168.1.100 Default Gateway... C:\>ping 192.168.1.2Pinging 192.168.1.2 with 32 bytes of data: Reply from 192.168.1.2: bytes=32 timeping 192.168.1.3 Pinging 192.168.1.3 with 32 bytes of data: Reply from 192.168.1.3: bytes=32 time=Ims TH.=128 Reply from 192.168.1.3: bytes=32 time=1ms T.=128 Reply from 192.168. 1.3: bytes=32 timeping 192.168.1.4 Pinging 192.168. 1.4 with 32 bytes of data: Reply from 192.168. 1.4: bytes=32 time=Ims TIL=128 Reply from 192.168. 1.4: bytes=32 timeping 192.168.1.5 Pinging 192.168. 1.5 with 32 bytes of data: Reply from 192.168.1.5: bytes=32 timeping 192.168.1.6 Pinging 192.168.1.6 with 32 bytes of data: Reply from 192.168.1.6: bytes=32 time=Ims TTL=128 Reply from 192.168.1.6: bytes=32 time=Ims TIL=128 Reply from 192.168.1.6: bytes=32 time=3ms TIL=128 Reply from 192.168.1.6: bytes=32 timeipeonfig FastEthernet0 Connection:(default port) Link-local IPvé Adaress.....! FE80::260:47FF:FE48:CDB4 IP Adaress.. ssnsne! 192.168.2.1 Subnet Mask... 1 255.255.255.0 Default GateWay..nnnnnn! 0.0.0.0 C:\>ping 192.168.2.2 Pinging 192.168.2.2 with 32 bytes of data:Reply from 192.168.2.2: bytes=32 timeping 192.168.2.3 Reply from 192.168.2.3: bytes=32 time Reply from 192.168.2.3: byt Reply from 192.168.2.3: byte: Reply from 192.168.2.3: bytes=32 timeping 192.168.2.4 Pinging 192,168.2.4 with 32 bytes of data: Reply from 192.168.2.4: bytes=32 time=Ims TIL=128 Reply from 192.168.2.4: bytes=32 timeipconfig FastEthernet0 Connection:(default port) Link-local IPvé Adaress. IP Address. Subnet Mask... Default Gateway... FE80::20C:CFFF:FE78:94EE 3 192,168.3.1 : 255.255.255.0 2 192.168.1.100 C:\>ping 192.168.3.2 Pinging 192.168.3.2 with 32 bytes of data: Reply from 192.168.3.2: bytes=32 time=Ims TIL=128 Reply from 192.168.3.2: bytes=32 timeping 192.168.1.1 Pinging 192.168.1.1 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. C:\>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data:Request timed out. Request timed out. Request timed out. Request timed out,VOICE VLAN MokeVLAN NA, » A sseparate VLAN is needed to support Voice over IP (VoIP). hn > Voie VLAN emals aces prs to cary IP oie trafic fom an phone The Voce VLAN i al known she Atilny VAN (AUX VLAN) a » IP phones uses the same UTP cables to connect to Ethernet switch sg » The computer willbe in a data VLAN, the IP phone will be in the voice VLAN. » The Cisco IP Phone contains an integrated three-port 19/100 switch 201 Prone “@ IAN 100 VIAN 201 bss QBVoice VLAN — Configuration » Create VLAN 10 = DATA & VLAN 50 = VOICE » Assign Ports connecting to PC to Data VLAN and IP phones to Voice VLAN Switeh(confighvlan 10 Switch(config-lanjename DATA. Switch(config-lanyexit ‘Switchconfigh vlan $0 ‘Switchiconfig-vlan)+ name VOICE Suich(cSoftayint 6079 Switehiconfig.vianexit Switchiconfigi switchport mode access Switchiconfigiffe switchport access vlan 10 Switeh(confipint for Swiech(con Eas | ‘Switchiconfigife switchport mode access Switch(configiffe switchport access ian 10 ‘Switch(configie switchport voice vlan 30 SwitchiconfigiNe end Switchconfigh int f0/2 ‘Switchconfigie switchport mode access Switch(configifeswitchport voice vlan 50 Switchiconfigiexit | Voice VLAN — Verfication > Create VLAN 10 = DATA & VLAN 50 = VOICE » Assign Ports connecting to PC to Data VLAN and IP phones to Voice VLAN Switchtshow vian 1 default active Fa0/3, Fag/s, Fa0/10, Fa0/11 20/12, F20/13, Fa0/14, Fa0/1s F20/16, Fa0/17, Fa0/18, Fa0/19 20/20, Fa0/21, Fa0/22, Fa0/23 F20/24, Gio, Gior2 10 DATA active Fa0/1, Fao/3 50 VOICE active Fa0/2, Fa0/3 » The voice VLAN feature is disabled by default. » You should configure voice VLAN on switch access por » The voice VLAN should be present and active on the switch for the IP phone to correctly communicate on the voice VLAN. » Use the show vlan privileged EXEC command to see if the VLAN is present. » The Port Fast feature is automatically enabled when voice VLAN is configured.TASK- * Design your topology & connect as given inthe Diagram * Create VLAN 10 = DATA & VLAN 50 = VOICE + Assign Ports connecting fo PC to Data VLAN and IP phones fo Voice VLAN ‘Switchi#show vian brief VLAN Name Status Ports 1 default active Fa0/I, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gig0/1, Gigd/2 1002 fddi-cefault active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active Switch Switch(config)#vian 10 Switch(config-vian) #name DATA Switch(config-vian) #exit Switch(config) # vlan 50 Switch(config-vian) # name VOICE Switch(config-vian) #exit ‘Switch#show vian brief VLAN Name Status Ports1 default active Fa0/I, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fao/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/2I, Fa0/22, Fa0/23, Fa0/24 Gig0/1, Gigd/2 1002 fddi-default active 1008 token-ring-default active 1004 fdinet-default active 1005 trnet-defauit active Switch Switch(config) #int f0/1 Switch(config-if)# switchport mode access Switch(configrif)# switchport access vian 10 Switch(config-if) #exit Switch#show vian brief VLAN Name Status Ports 1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5 Fa0/6, Fa0/7, Fa0/8, Fa0/9 Fa0/10, Fa0/11, Fa0/12, Fa0/13 Fa0/14, Fa0/15, Fa0/16, Fa0/17 Fa0/18, Fa0/19, Fa0/20, Fa0/21 Fa0/22, Fa0/23, Fa0/24, Gigd/1 oe 50 VOICE active 1002 fddi-clefault active 1003 token-ring-default active 1004 fddinet-default active 1005 tet-defauit active Switch Switch(config) # int 10/2 Switch(config-if]# switchport mode access Switch(config-if) #switchport voice vlan 50 Switch(config-if) texit Switch#show vian brief VLAN Name Status Ports 1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5 Fa0/6, Fa0/7, Fa0/8, Fa0/9 Fa0/10, Fa0/11, Fa0/12, Fa0/13 Fa0/14, Fa0/15, Fa0/16, FaO/17 Fa0/18, Fa0/19, Fa0/20, Fa0/21Fa0/22, Fa0/23, Fa0/24, Gigd/! Gigo/2 10_ DATA active Fa0/1 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 tmet-default active Switch# ‘Switeh(config) #int f0/3, Switch(configrif)# switchport mode access Switch(contigeif)# switchport access vian 10 Switch(config-if]# switchport voice vian 50 Switch(config-if]# end Switch#show vian brief VLAN Name Status Ports 1 default active Fa0/2, Fa0/4, Fa0/5, Fa0/6 Fa0/7, Fa0/8, Fa0/9, Fa0/10 Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fao/22 Fa0/23, Fa0/2: si Gigo/2 1002 fdai-default active 1003 token-ring-default active 1004 fddinet-default active 1005 tmet-defauit active SwitchManagement VLAN Management VLAN OA. Used for managing the switch from a remote location by using protocols such as telnet, SSH, SNMP, syslog etc. ‘Normally the Management VLAN is VLAN 1, but you can use any VLAN as a management VLAN. A best practice is to set up a separate VLAN for management traffic. © Provide security to separate management traffic (from data VLAN) © Also ensures that bandwidth for management will be available even when user traffic Is high. Cisco recommends not to use VLAN 1 and not to use any VLAN that carries user data traffic as Management VLAN. You must configure IP address and default gateway for Management VLAN. i O/ i 0/4 co a a VIAN2 VIAN 4 ‘Computers ‘cameras 10.X.2.0 /24 10.X.4.0 /24Management VLAN ~ Configuration NN OA, LAB PRE-CONFIGURATION » VLAN 10,20,30 preconfigured with IP / Ports assigned as given in diagram ( refer previous labs) TASK » Create VLAN 100 aa management VLAN » Assign IP address to VLAN 100 & PCs in VLAN 100 for management Purpose > Configure VTY password on Switch to verify telnet Access from only Management VLAN NA. Management VLAN ~ Configuration Switch(configisint vlan 100 Switch(config-Isip address 192.168.10.50 255.255.255.0 Switchi(config-ifeexit “5 22 J a4 ‘Switch(config)evlan 100 Switch(confightine vty 0 4 Switch(config-vlan)yname MANAGEMENT ‘Switch(config-line)ypassword noai23 Switch(config-vlanyrexit, ‘Switch(config-ine)Hlogin Switeh(configtine}exit Switch(configivinterface range f0/20-21 ShAER(GAoigWionge eanneciore ms boca Switch(confighrenable secret noai23 Switchiconfighend Switch(config-f-range)eswitchport access vlan 100+ VIAN 10,20,30 preconfigured with IP / Ports assigned as given in diagram ( refer previous labs) TASK * Create VLAN 100. aa management VLAN «Assign IP address fo VLAN 100 & PCs in VLAN 100 for management Purpose * Configure VIY password on Switch fo verify telnet Access from only Management VLAN SenerPT L2pt6°0 “Senerd ‘VLAN 100 - MGMT 192.168.10.0/24 ‘ACCOUNTS - 192.168.1.028‘Switch#show vian brief VLAN Name Status Ports 1 default active Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 GigO/1, Gigd/2 1002 fddii-clefault active 1003 token-ring-default active 1004 fddinet-default active 1005 tnet-defauit active Switch# Switch#conft Switch(config) #vlan 100 Switch/config-vian) #name MANAGEMENT Switch(config-vian) #exit Switch(config) #interface range f0/20-21 Switch(config-itrange) #switchport mode access Switch{config-itrange) #switchport access vian 100 Switch(config-i-range) tend ‘Switch#show vian brief VLAN Name Status Ports 1 default active Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/22 Fa0/23, Fa0/24, Gig0/!, Gigd/2 10 ACCOUNTS active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/9, Fa0/12 20 MARKETING active Fa0/5, Fa0/6, Fa0/10, Fa0/11 30_ SALES active Fa0/7, Fa0/8 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 tmet-default active Switch# Switch(config) #int vian 100 Switch(config-if) #ip address 192.168.10.50 255.255.255.0 Switch(contigrif) #exit Switch(config) #int vian 1 Switch(config-if) #shutdown Switch(config-if) #exitNOTE * Cisco recommends not fo use VLAN I and not fo use any VLAN that carries user data traffic as Management VLAN. ‘Switchi#show ip int brief Interface IP-Adaress OK? Method Status Protocol FastEthemet0/1 unassigned YES manual up up FastEthemet0/2 unassigned YES manual up up FastEthemet0/3. unassigned YES manual up up FastEthemet0/4 unassigned YES manual up up FastEthemet0/5 unassigned YES manual up up FastEthemet0/6 unassigned YES manual up up FastEthemet0/7 unassigned YES manual up up FastEthemet0/8 unassigned YES manual up up FastEthemet0/9 unassigned YES manual up up FastEthernef0/10 unassigned YES manual up up FastEthemet0/11_ unassigned YES manual up up FastEthemet0/12 unassigned YES manual up up FastEthernet0/13_ unassigned YES manual down down FastEtheret0/14 unassigned YES manual down down FastEthemet0/15 unassigned YES manual down down FastEthemet0/16. unassigned YES manual down down FastEthemet0/17 unassigned _ YES manual down down FastEthemet0/18 unassigned YES manual down down, FastEthernet0/19_— unassigned YES manual down down, FastEthemet0/20 unassigned YES manual up. up FastEthemet0/21 unassigned YES manual up up FastEthernet0/22_ unassigned YES manual down down FastEtheret0/23. unassigned YES manual down down, FastEthernet0/24 unassigned _ YES manual down down, GigabitEthernet0/1 unassigned YES manual down down Peale es YES manual down down Switch# Switch#tshow interfaces status Port Name Status Vian Duplex Speed Type Fo0/1 connected 10 auto auto 10/100BaseTx Fa0/2 connected 10 auto auto 10/100BaseTx Fa0/3 connected 10 auto auto 10/100BaseTx Fao/a connected 10 auto auto 10/100BaseTx FaO/s connected 20 auto auto 10/100BaseTx Fa0/s connected 20 auto auto 10/100BaseTx Fa0/7 connected 30 auto auto 10/I00BaseTx Fa0/8 connected 30 auto auto 10/I00BaseTx Fa0/9 connected 10 auto auto 10/100BaseTX Fa0/10 connected 20 auto auto 10/I00BaseTx Fa0/11 connected 20 auto auto 10/I00BaseTX Fa0/12 connected 10 auto auto 10/100BaseTx Fa0/13 notconnect | auto. auto 10/100BaseTx Fa0/14 notconnect | auto auto 10/100BaseTxFa0/15 notconnect auto auto 10/100BaseTx 1 Fa0/16 notconnect | auto auto 10/100BaseTxX Fa0/17 notconnect | auto auto 10/100BaseTx Fa0/18 notconnect 1 auto auto 10/100BaseTx Fa0/19 notconnect 1 auto auto 10/100BaseTx Fa0/22 notconnect 1 auto auto 10/100BaseTx Fa0/23 notconnect 1 auto auto 10/100BaseTx Fa0/24 notconnect | auto auto 10/100BaseTxX Gig0/1 nofconnect | auto auto 10/100BaseTX Gigo/2 notconnect 1 auto auto 10/100BaseTx Switch Switch#tping 192.168.10.1 Type escape sequence fo abort. Sending 5, 100-byte ICMP Echos to 192. 168.10.1, timeout is 2 seconds: lt Success rate Is 80 percent (4/5), round-trip min/avg/max = 0/0/0 ms Switch#tping 192.168.10.2 Type escape sequence fo abort Sending 5, 100-byte ICMP Echos to 192.168.10.2, timeouts 2 seconds: mW Success rate is 80 percent (4/5), round-trip min/avg/map Switch 0/0/0 ms ‘Switch(config) #line viy 0.4 Switch(config-line] #password noal23 Switch(config-ine) #login Switch(config-line) #exit Switch(config) #enable secret noal23 Switch(config) tend PC -Mangement CLI (host 192.168.10.1/24) C:\>ipeonfig FastEthemet0 Connection:(default port) Link-local IVS AAAPeS.......! FEBO::201:97FF:FECD:7A72 IP AAATOSS sore 192.168.10.1 Subnet Mask. cmentssrsnee! 255,.255.255.0 Default Gateway. 0.0.0.0 C:\>ping 192.168.10.50 Pinging 192.168. 10.50 with 32 bytes of data: Reply from 192.168.10.50: byte: Reply from 192.168.10.50: byte: 32 time=Ims TL=255 32 timetelnet 192.168.10.50 Trying 192. 168.10.50 ...Open User Access Verification Password: Switch>en Switch>enable Password: Switch Switchitexit [Connection to 192.168.10.50 closed by foreign host] CAPTrunking Concepts AM OA. Virtual LAN (VLAN) —- Trunking Sikandar Shaik GEIEX3 (RS/SP)/SEC # 35012 Seniar Technical Instructor a otto (core cote st) Youtube.com/sikandars ‘SERVICE andarceie weal facebook con/shandar3S002/ ‘\CCIE gr} (oge }{c ‘sikandarshaik/ Linkedin.com, Www.Noasolutions.comVLANs > Asingle VLAN can span over Multiple Switches Users of the same VLAN ~ may connect on two or more switches with in the LAN Even a small business might have more than one switch, VLANs in a Multiswitched Environment. JM DA. ‘Second Floor VLAN- Trunk Links MW OA. > AVLAN trunk, oF trunk, is a point-to-point link between two network devices. Trunk Links cary traffic for multiple VLANs (more than one VLAN). > AVLAN aunk extends VLANs across two or more network devices. » Cisco trunks links are supported Fast Ethernet, Gig Ethernet, and 10-Gigabit Ethernet interfaces. Not scalableAccess Links vs Trunk Links XA, ‘Access links » An access fink isa link that is parvmember of only one VLAN (carry the traffic of only one VLAN) » Normally access tinks are connecting to End devices. » An Accesslink connection can understand only standard Ethernet frames (without VLAN Tags) » Any device attached to an access link is unaware of a VLAN membership (assumes one broadcast domain) ‘Trunk links » Used to carry traffic from multiple VLANs . » By default all VLANs traffic are supported on a trunk port. g Qe . Be O90) vuuy as wurommcarircicinseerines 0 CONF wens iis) MAND wat Ww onan tances ae et IEEE 802.3 Ethernet Frame Format NOA,, » Switches use the Ethernet frame header informaton to forward packets. » The standard Ethernet frame header does not contain information about the VLAN to which the frame belongs. {ype sabe moat we pre etc race eB ae ‘ae gayoad- site FOU py ano pc. alte rapt ve Fame Check Sonne 9) - Ava sll ck aac anesTagging Ethernet Frames for VLAN Identification NEA, When an Ethernet frame traverses a trunk link, a special VLAN tag is added to the frame and sent across the trunk link Identify packets travelling through trunk links (to which VLAN belongs) VLAN Tagging, aso known as Frame Tagging, she) 6 she a NDA, In order to make sure that same VLAN users on Multiples switches to communicate there is a method of tagging ‘Tagging happens only on the trunk links (added / Removed) VLAN Taj » Tag is added before a frame is send and removed once itis received on trunk link Dest | se [ tenes | Data canst Frome Lent ‘ae [POS | Fae Frame includes source and destination MAC entries » Tag includes the VLAN- ID/ Ethertype /PRI EerType (8100) | PR ‘E roten Rn Eneapsaton FagVLAN Tagging Protocols - Trunking Protocols NEA, ” Responsible for adding and removing tags on trunk > Cisco has supported two different trunking protocols. © Inter-Switch Link (ISL) Y ® IEEE 802.1. ae = TSL_(inter-switch TEE 602, + WS a Cisco proprietary TEEE Open standard + Te works with Ethernet, Token ring, FDDI {It works only on Ethernet + Iadds 30 bytes of tag ( encapsulate new Frame) (Only 4 Byte tag will be added to original frame. + No more supported on new cisco platforms ‘Commonly used. + Support 1000 Vians (10 bit VLAN ID) ‘© Support 4096 Vians (12 bit VLAN ID) » Cisco created the ISL years before 802.1Q, in part because the IEEE had not yet defined a VLAN trunking standard. » Today, 802.1Q has become the more popular trunking protocol, With Cisco not even bothering to support ISL in many of its switch models tod: Trunking Protocols - Format NETWORK ONLINE ACADEMY ISL Encapsulated Layer 2 frame Titec] OA ] & [oraneore| ose | ros [tics aone | oo |e |e | ome | oe | a ISL Header 802.10 Tagged Layer 2 frame ca | sa | tag [tengivéiype | Data Fes 68 6 48 28 oss | 48 EtherType(Ox8100) PR cr | van 28 3B ton | 1268 802.10 TagTrunk Configuration iM OA, 5 waa Lab Preconfiguration | » Create Vian 10 , Vian 20 on both Switches. » Assign ports in to their respective VLAN as given in diagram. ‘SW-1(configinterface range fo/1 - 2 ‘SW-2(configinterface range fo/1 - 2 ‘SW-1(config-if-range)+switchport mode access ‘SW-2(config-if-range}+switchport mode access W-(config range sultchport access lan 10 SW-atconfigFrangeswitchport access lan 10 SW-vconfigifrangedextt SW-2tconfigFrangeext ‘SW-1(configinterface range fo/3 - 4 ‘SW-2(configwinterface range fo/3 - 4 ‘SW-1(config-if-range)¥switchport mode access ‘SW-2(config-if-range}sswitchport mode access ‘SW-1(config-if-range)+switchport access vian 20 ‘SW-2(config-if-range}+switchport access vlan 20, SW-(conigiFrange)eend SW-2(configitrange)end Trunk Link ~ Configuration NA, ‘Configure Fo/20_port between SW1 and SW2 as Trunk link Switch(configyt Interface Switeh(config-ift switchport mode trunk Switch(config-if\y_ switchport trunk encapsulation dotiq ‘On both switches ‘SW-x(configysinterface fastEthernet 0/20 ‘SW-x(config-ife switchport mode trunk ‘SW-x(config-i9¥ switchport trunk encapsulation dotiq, ‘SW-1ish interfaces trunk ] Port Mode Encapsulation Status Native vlan Fao720 on 802.1q——_ trunking 1 | wvteone Sa so soeaneie oy satatete mmnooeaaiensson Page 49192.1682.9 font6s.22 s92168.12 uN 10 tozsss21 YUN20 192.168:14 fontestct VOW 10, 192:168:1.2 TASK: © Create Vian 10, Vian 20 on both Switches ‘* Shift ports in fo their respective VLAN as per the diagram. + Confiure F0/20 port between SWI and SW2 as Trunk link + Ensure That users of same VLAN on different Switches must communicate with each other On sw-1 Switch(config) #hosiname SW-1 SW-I (config) #interface range f0/1 - 2 SW-1(config-itrange] #switchport mode access SW-1(config-if-range] #switchport access vian 10 SW-1(config-ifrange) #exit SW-1 (config) #interface range f0/3 - 4 SW-I(configcif-range] #switchport mode access SW-1(config-itrange] #switchport access vian 20 SW-I(config-itrange] tend. ‘SW-1#tsh vlan VLAN Name Status Ports 1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 ‘ihe Aa 1002 fdai-default ‘act/unsup wvteone so soeaneie ov satatete mmnomeaiaiensson "Page 501003 token-ring-default act/unsup 1004 fddinet-default act/unsup| 1005 tmet-default act/unsup On sw-2 Switch(config) #hosiname SW-2 SW-2(config) #interface range f0/1 - 2 SW-2(config-iF-range] #switchport mode access SW or oes a access vian 10 SW-2(config-i-range] exit ‘SW-2(config) #interface range f0/3 - 4 ‘SW-2{config-ifrange} #switchport mode access Sw2 cont one Ssiichport access vlan 20 SW-2(config-iFrange] tend ‘SW-2#sh vlan VLAN Name Status Ports 1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 1/1, Gigh {2 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 tmet-default act/unsup From PC 192.168.1.1 PC>ipcontig IP Address. 5 192,168.1.1 Subnet Mask. 255.255.255.0 Default Gateway... 192.168. 1.100 PC>ping 192.168.1.3 Pinging 192.168. 1.3 with 32 bytes of data: Request timed out. Request timed out. Request timed out, Request timed out. PC>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data:Reply from 192.168. 1.2: byte: Reply from 192.168. 1.2: byte: Reply from 192.168.1.2: byte: Reply from 192.168. 1.2: byte: PC>ping 192.168.1.4 Pinging 192.168. 1.4 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. From PC 192.168.2.1 PC>ipconfig |P Address MMMM O2NE82 Subnet Mask... sunt 255,255.255.0 Default Gateway. 192.168.2.100 PC>ping 192.168.2.2 Pinging 192.168.2.2 with 32 bytes of data: Reply from 192.168.2.2: bytes=32 time= Reply from 192.168.2.2: bytes=32 time Reply from 192.168.2.2: byte! Reply from 192.168.2.2: byte: SERVER>ping 192.168.2.3 Pinging 192.168.2.3 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. SERVER>ping 192.168.2.4 Pinging 192.168.2.4 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. NOTE: From the above verification Users of the same VLAN connected on the same switch can ping each other Same vlan users on different switches are not able to ping each other In oder to communicate between same vian on different switches , there should be trunking configured on link (10/20) between the switches TASK + Confiure F0/20 port between SWI and SW2 as Trunk link + _Ensure That users of same VLAN on different Switches must communicate with each otherSW-1(config) #interface fastEthernet 0/20 SW-1 (config-if] #switchport mode trunk SW-I(config-if) #switchport trunk encapsulation dotlq ‘SW-2(config) #int f0/20 SW-2(configuif) #switchport mode trunk SW-2(config:if) #switchport trunk encapsulation dotlg ‘SW-I#tsh interfaces trunk Port Mode Encapsulation Status Native vian REOROMSR MMBC runking 1 Port Vians allowed on trunk Fa0/20 1-105 Port Vlans allowed and active in management domain Fa0/20 1,10,20 Port Vlans in spanning tree forwarding state and not pruned Fa0/20 1.10.20 ‘SW-2#sh interfaces trunk Port Mode Encapsulation Status Native vian Favre “on s02.14. trunking 1 Port Vians allowed on trunk Fa0/20 1-105 Port Vians allowed and active in management domain Fa0/20, 1.10.20 Port Vlans in spanning tree forwarding state and not pruned Fa0/20 1,10,20 From PC 192.168.1.1 PC>ipconfig IP AddPeS5.soo + 192.168.1.1 Subnet Mask. vst 255,255,255.0 Default Gateway. 192.168. 1.100 PC>ping 192.168.1.3 mie 192.168.1.3 with 32 pa of data: Reply from 192.168.1.3: byte: Reply from 192.168.1.3: byte: Reply from 192.168.1.3: byte: PC>ping 192.168.1.4 Pinging 192.168,1.4 with 32 bytes of dat Reply rom 192,168.14: ytes-32 tnReply from 192.168. 1.4: bytes=32 time=14ms TT Reply from 192.168. 1.4: bytes=32 time=12ms TT Reply from 192.168. 1.4: bytes=32 time=13ms TT From PC 192.168.2.1 PC>ipconfig IP Address... sone! 192,168.2.1 SUbNEt MASK. ou sonensnnees! 255,255.255.0 Default Gateway. :192.168.2.100 PC>ping 192.168.2.3 Pinging 192.168.2.3 with 32 bytes of data: Reply from 192.168.2.3: bytes=32 time=13ms T=128 Reply from 192.168.2.3: bytes=32 time=12ms TTL=128 Reply from 192.168.2.3: bytes=32 time=13ms TT Reply from 192.168.2.3: bytes=32 time=13ms TI PC>ping 192.168.2.4 Pinging 192. 168.2.4 with 32 bytes of data: Reply from 192,168.2.4: bytes=32 time=26ms TIL Reply from 192.168.2.4: bytes=32 time=12ms TT Reply from 192.168.2.4: bytes=32 time=12ms TT Reply from 192.168.2.4: bytes=32 time=13ms TTINTER-VLAN ROUTIN( INTER_VLAN ROUTING Sikandar Shaik GDIEX3 (RS/SP)/SEC # 3502 Senior Technical Instructor cisco Facebook.com sikandar3S0IZ/ (coiE| (cot) —), tanleam/slri (ccE} (cciE gE) (CCIE ) Twitter.com/sikandarccie weal J SEOURITY Linkedin.com/in/sikandarshaik/ Www.Noasolutions.com Forwarding Data Between VLANs NOA . » VLANs segment broadcast traffic on a switch and segment a switched network into different LANs. » By default, a host can communicate with only those hosts that are members of the same VLAN. » Whenever hosts in one VLAN need to communicate with hosts in another VLAN ‘The traffic must be routed between them (using Router/L3 Switch) This is known as inter-VLAN routing, YUN 10 Accounts YUN 20 France 182.188.1.0/24 192.188.2.0/24VLAN Routing ~ Methods soo SB sn, OA. » VLAN Routing with Separate Gateway Interfaces a Ce » VLAN Routing with Router 802.1Q Trunks » VLAN Routing with Layer 3 Switch SVIs » VLAN Routing with Layer 3 Switch Routed Ports Fovo.10 Foon: VLAN 10Sales VLAN 20 marketing soa.teen feclacia rwar6s.2.0/24 -SMLinterfaces Vian1o nema Vian 20 192.166.1.10 Faas 192.168.2.100 ultilayer Switch} VLAN 10 Sales VLAN 20 marketing 192.168.1.9728 anaant VLAN 10 Sales VLAN 20 marketing 192.168.0728 NeTTAOET VLAN Routing — Router Physical Gateways NN OA ‘To forward packets between VLANs Foo Fon >The network must use a device that acts as a router. Need one Router Wh BERatatetewayS fot ach VIAN 192.168.1.100 192.168.2.100 » Ensure that Gateway Port/VLAN users ( logically same VLAI 1,2,10 - VLAN 10 3,4,11= VLAN 20 VLAN 10 Sales 192.168.1.0/28 VLAN 20 marketing. 192.168.2.0/24VLAN Routing - Physical Gateway (ROUTE! NOA., onfighinterface FastEtherneto/0 Foo —° | Routertconfig-if Ip address 192.168.1.100 255.255.255.0 Meee Mewwa me | Routertconfigfheno shutdown Router(config-ifeexit Router(confightinterface FastEtherneto/1 | Router(config'ie Ip address 192.168.2.100 255.255.255.0 | Router{config-ieno shutdown Router(config-ifrexit Switchtshow vian VLAN Name Status Ports VIAN Te Sales PLAN ose VIAN 20 marketing 1 default active Fa0/s, Fa0/6, Fa0/7, Fao/s Fa0/9, Fa0/12, Fa0/13, Fao/14 20/15, Fa0/16, Fa0/17, Fa0/18 F20/19, Fa0/20, Fa0/21, Fao/22 Fa0/23, Fa0/24, Gigt/1, Gigi/2 10 sales active Fa0/1, Fa0/2, Fa0/10 20. marketing active Fa0/3, Fa0/4, Fa0/11 Drawbacks OA. » The first solution of incer-VLAN routing is known as legacy inter-VLAN routing » Each port ona switch connecting Router/PC is placed into access mode. Every Interface on that switch would be assigned to a different VLAN. » Requires multiple physical interfaces on both the switch and the router. » This means as the network grows, additional hardware is required ‘Once you exceeded the number of physical interfaces for either the router or switch. Foo Fon 192.1681.10 192.1682.109 VLAN 1 Sales vinnie ‘VLAN 30 marketingVLAN Routing ~Sub-Interfaces NOA NETWORK ONLINE ACADEMY » Also known asiRSeOR ER IROASY © Very popular term and commonly used in networks Where no layer-3 switch exists, » Uses one connection between the router and the switch. Uses sub-interfaces on single interface as gateway. » The Ethernet frames belonging to each VLAN will be tagged. Frames leaves the switch and goes to an end device ( a PC or Laptop) the dotiq tagging is removed. VLAN Routing ~Sub-Interfaces » Create Vian 10 , Vian 20 on SW1 Shift ports in to their respective VLAN as per the diagram. » Create sub interfaces on router port f0/0 » Configure Fo/20 port as Trunk tink. Ensure That users of VLAN 10 and 20 communicate with each other [osteo ae ae 1921681100 re 3,4 - vlan 20 i td Fy YUN 0 Sales| 192.168.10/26VLAN Routing ~Sub-Interfaces MOA, SW-r(config'f-rangewexlt ‘SW-1(confightinterface range f0/3 - 4 ‘SW-r(config--range)eswitchport mode access ‘SW-r(config-f-range)eswitchport access vian 20 ord ee ‘Trunk link configuration (Interface faci ‘SW-1(confightinterface fastEthernet 0/20 ‘SW-t(config-ifswitchport mode trunk ‘SW-1(contfig-feswitchport trunk encapsulation dotiq VLAN Routing ~Sub-Interfaces MOA, Re1(configvint fao/o Rx(config-it no shutdown Ret(configiff no Ip address Rer(configif exit Rev(confighsin fa0/0.10 Rev(contfighznt f90/0.20 Rev(config-sub-if encapsulation dot1Q 10 Reviglline sub-ife \encepsttetion dott. 20 It should be the exact vlan no (vlan 10) It should be the exact vlan no (vlan 20) Rev(config-sub-ify_ Ip add 192.168.1.100 255.255.255.0 Rev(config-sub-ify ip add 192.168.2.100 255.255.255.0 21681100 aT] ree) a oto eeeVLAN Routing ~Sub-Interfaces NA, Advantages » Only one LAN connection is required for multiple VLANs » The number of VLANs are not limited by the number of router LAN ports as only one port is required Disadvantages fe point of failure (when that lnk falls the network could be down for some time) » Congested as the trunk lnk is limited by the speed of the router interface The trunk is a major source of congestion » Adds Latency/Delay Not Seale ster VLAN Routing ~ SVI ~ L3 Switch NOA, 7 » Perform layer 2 & 3 Functions, > A.Layer 3 switch (also called a multilayer switch) is one device, but it executes logic at two layers Layer 2 LAN switching forwards frames inside each VLAN, but i will not forward frames between VLANs. Layer 3 IP routing. forwards IP packets between VLAN » Supports dynamic Routing & Inter-VLAN Routing » (SV Switch Virtual Interface is used as default Gateway to route traffic to other LAN/VLAN ‘SVL is Logical layer 3 Interface can be configured for any/each VLAN (acts as Gateway) ‘Clients that are connected to that VLAN will make use of the SVI interface as their default gateway. » No additional physical interfaces required. > Most Common & Scalable Solution for VLAN Routing. Seep wane ee Worsttons 100.0028) ‘eres 100.028) LAN 10 VLAN 20VLAN Routing ~ SVI — L3 Switch NEA, > te VLANs ( ass / Trunks Lin sw ‘su Create VLANs (assign ports to VLAN ) / Trunks Links mets » Need atleast one Multilayer Switch connected in the LAN MANO wanes 10.1.10.1 10.1201 » Each VLAN uses SVI as Gateway for respective VLAN. » Enable IP routing on Switch. Aloe i PS ery Ee cad ‘Switch (configvlan 10 Sich (onfpwvan 20 Shieh confine van 0 ‘Switch(config-ifwip address 192.168.1.100 255.255.255.0 Silticonfigia shutdown ‘Switch(config-iffrexit ‘Switch(configysint vian 20, ‘Switch(config-iffwip address 192.168.2.100 255.255.255.0 Stciconifeno shutdown ‘Switch(config)tip routing, VLAN Routing ~ SVI- Multiple Switches NA, » Create VLANs (assign ports to VLAN ) on all switches Ensure that VLAN must present in the database. » Configure Trunk links Between Switches my » Need atleast one Multi-layer Switch connected in the LAN » Each VLAN uses SVI as Gateway for respective VLAN. » Enable IP routing on L3 Switch.VLAN Routing ~ SVI~ Multiple Switches NA, Ggmates ‘SWashow vian brief VLAN Name Stats Ports 1 deta sake Fos Fo Fo, at fon Fa eal fans, Foon Fas one | ash, oan Fa, ra Tate, Flas Fa, Gr Gign/2 | 10 SALES active Fao, Fa0/2 20, MARKETING active Fa0v3,Fa0/4 | SW1(confightint 0/20 SW1(config-fsswitchport mode trunk SWr(config-ivexit MLS1(confighine f0/20 MLSi(config-fsswitchport trunk encapsulation dotiq MLSi(config-fsswitchport mode trunk MLsi(config-ifexit MLS1(configitip routing MLS1(confighsvian 10 MLS1(config-vlanjtvlan 20 MLsi(config-vianjtexit MLSi(configisint vian 10 MLSi(config-fwip address. 192.168.1.100 255.255.255.0 MLSi(config-fexit MLsi(configitint vian 20, MLS1(config-fjip address 192.168.2.100 255.255.255.0, MLS1(config-fexitL3 Switch - Routed Interfaces ( L3 Ports) NPA, » Layer 3 switch combines some features of Layer 2 switch and some of the router. » Uses L3 Routed Port Interface instead of SVI interfaces. ( not preferred for Inter-VLAN routing) ‘Commonly used for WAN connections ( internet / Remote sites) » Converts Layer 2 port into a Layer 3 port and makes the port operate like a router interface.(routed port) » You can apply an IP address directly to the port and more IP configuration options. » The routed port isn’t joined to any VLANs and do not support VLAN sub interfaces. sw ‘svi Interface Intertoco vane wane faat04 r0n209 go) Be 2 al = we 4 L3 Switch - Routed Interfaces ( L3 Ports) NA, TASK: » Continue with configurations based on the Previous Lab. (VLAN/Intervian Routing/ Trunk ports/ SVI) > Design additional devices connecting as given. » Add A Router Connecting To MLS as per the diagram ( Assuming that there is a Wan Connection (internet‘remote sites) Between Router And MLS and they are different locations)L3 Switch - Routed Interfaces ( L3 Ports) NA, Router(confighostname R1 Ri(config-fip address 172.16.1.100 255.285.255.0 Ri(config-fino shutdown Ri(config-ifjrexit Ritconfigyint fo/1 Ri(config-vip address 10.0.0.1 255.255.255.252 Ri(config-fino shutdown MLS(configwint fao/21 MLS(config'ifip address 10.0.0.2 255.255.255.252 9 Invalid input detected at ” marker. MLS(config-ifsno switchport MLS(configifsip address 10.0.0.2 255.255.255.252 L3 Switch - Routed Interfaces ( L3 Ports) JN OA, MLS(confighrouter rip MLs(config-routerversion 2 MLS(config-routeryinetwork 192.168.1.0 MLS(config-routersnetwork 192.168.2.0 MLS(config-routeryinetwork 10.0.0.0 Ri(confighrrouter rip ‘ravens rare Ri(config-routenaver 2 — Ri(config-router)anetwork 172.16.0.0 Ri(config-router)snetwork 10.0.0.0 Ritshow ip route rip Rating 9268.1 172.160.0726 subnetted, 1 sumets || Type escape sequence to abort R_w2168:.0/24 112071 via 12.002, 000025, FastEthemetor Sending 5, 10obyte ICMP Echos to 192.168.1, timeout Is2 seconds: R__192.168.2.0/24{120/1] via 10.002, 00:00:25, FastEtherneto" te Success rate Is 80 percent (4) round-trip min/avg/max ~ 0/6/21 msSeparate Gateways. Fovo SS Fo 192.168.1.100 192.168.2.100 VLAN 10 Sales VLAN 20 marketing 192.168.1.0/24 192.168.2.0/24 TASK * Create Vian 10, Vian 20 on SWI and assign ports in fo their respective VLAN as per the diagram. * Configure PCs in the LAN with Default Gateway ( VLANI0 - 192.168.1.100 / VLAN 20 - 192.168.2.100) *_Ensure That users of VLAN 10 and 20 communicate with each other On All PCs of VLAN 10 (assign IP as given / with default Gateway) Physical Contig 2 Propamming Atibtes weace 1 Contguation One Sate PAddess rea Subnet ask (ss ns5 2550 Data Gaonay 2 68 00 n All PCs of VLAN 20 (assign IP as given / with default Gateway Physical Config op Programming Altibutes interace Festthemetd a 1P Configuration O once @ static Adress 92.1602 ‘Subnet Maske (266 255.286. Defaut Gateway 182.168 2.100 wsesone Sa so sheaneie ov satateate mmnomeaiienscon "Page 65Switch(config) #vian 10 Switch(config-vian) #name sales Switch(config-vian) #exit Switch(config) # vlan 20 Switch(config-vian] #name marketing Switch(config-vian) #exit ‘Switch(config) #interface FastEthernet0/1 Switch(config-if|# switchport access vian 10 Switch{config-if] # switchport mode access Switch(config-if| #interface FastEthernet0/2 Switch(config-if) # switchport access vian 10 Switch(config-if) # switchport mode access Switch(config-if|#interface Fastethernet0/3 Switch(config-if) # switchport access vian 20 Switch(config-if] # switchport mode access Switch(config-if) #interface FastEthernet0/4 Switch(config-if| # switchport access vian 20 Switch(config-if] # switchport mode access Switch(config-if) #exit ‘Switch(config) interface FastEthernet0/10 Switch(contig-if)# switchport access vian 10 Switch(config-il)# switchport mode access Switch(config-if| #interface FastEthernet0/11 Switch(config-if) # switchport access vian 20 Switch(config-if) # switchport mode access Switch(config-if)#end Switchi#sh vian VLAN Name Status Ports 1 defauit active Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, 2 0 1002 fdai-defauit act/unsup Router|config) #interface FastEthemet0/0 Router(config-if) # ip address 192.168.1.100 255.255.255.0Router(config-if] #no shutdown Router(config-if)#exit Router(config) #interface FastEthernet0/1 Router(configeif)# ip address 192.168.2.100 255.255.255.0 Router(config-i] #no shutdown Router{config-i] #exit Router{config) tend Router#sh ip int brief Interface IP-Address OK? Method Status Protocol YES manual up up Routerttsh ip route ae of last resort is not set PC>ipconfig FastEtherne!0 Connection:(default port) Link-local IPvé Address. : PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Request timed out. Reply from 192.168,2.1: bytes=32 time=Oms TL=127 Reply from 192. 168,2.1: bytes=32 time=Oms TL=127 Reply from 192. 168.2.1: bytes=32 time=Oms TIL=127 PC>tracert 192.168.2.1 Tracing route to 192.168.2.1 over a maximum of 30 hops: 1 13ms Oms Oms 192.168.1.100 20ms Oms Oms 192,168.21 Trace complete.ER VLAN-ROUTING USING ROUTER (Router on Stick) 1070.10 192.168.1.100 10/020 192.168.2100 RA 168.1.0/24 TASK: Create Vian 10, Vian 20 on SWI Shift ports in fo their respective VLAN as per the diagram. Configure F0/20 port as Trunk link. Create sub interfaces on router port 0/0 Ensure That users of VLAN 10 and 20 communicate with each other LC cy 192168.1100 192.168.2100 Pad) Ue ea tad Kk) © VON 20 market 182.188.2.0/24 VUN 10 Sales 192.168.10/24On All PCs of VLAN 10 (assign IP as given / with default Gateway) Physical Cong Ossiioo | Progamming Atos | Intertace Imm as eee eee a IP Coniguion Padeoes 92. 160.1.9, ‘Sobnt Mask Erarat etek Gay 99.1681. 100 On All PCs of VLAN 20 (assign IP as given / with default Gateway) Physical Conig _Oositop Progaming Atibates Inerace FestEthorntd . 1P-Coniguation O once State Adress 792. 168.21 ‘Subnet Mask 255.265 2550 Defaut Gateway 182.166.2100 On sw-1 Switch (config) thostname SW-1 SW-1 (config) #interface range f0/1 - 2 SW-1(config-itrange} #switchport mode access Sales ce ane access vian 10 SW-1(config-itrange] #exit SW-1 (config) #interface range f0/3 - 4 SW-1(config-itrange} #switchport mode access SW-| (config-itrange] #switchport access vian 20 SW-1(config-itrange) #end SW-1#sh vlan VLAN Name Status Ports 1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 ween so sheansie ov satatete nomenon" Page 682h von 1002 fdai-clefault act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 tmet-default act/unsup Trunk link configuration (Interface facing Router) SW-1(config) #interface fastEthernet 0/20 SW-1(config-if| #switchport mode trunk SW-1(config-if] #switchport trunk encapsulation dotlq + Arouter ona stick can be used to route between VLANs using either ISL or 802.1Q as the trunking protocol. * Arouter on a stick requires subinterfaces, one for each VLAN. Creating sub interfaces on router interface f0/0 R-1 (config) #int fa0/0 R-I{configrif) # no shutdown R-I(config.if}# exit R-1 (config) #int fa0/0.10 R-1(config-sub-i# encapsulation dotlQ 10 R-1(config-sub-if] # ip add 192.168.1.100 255.255.255.0 R-1(config-sub-if}# exit R-1 (config) #int fa0/0.20 R-I[config-sub-if) # encapsulation dot1@ 20 R-I (config-sub-if] # ip add 192.168.2.100 255.255.255.0 ‘SUBINTERFACE © The subinterface number begins with the period, like .10 and .20 in this case. * These numbers can be any number from 1 up through a very large number (over 4 billion). * The number just needs fo be unique among alll subinterfaces associated with this one physical interface. * Infact, the subinterface number does not even have fo match the associated VLAN ID. (The encapsulation command, and not the subinterface number, defines the VLAN ID associated with the subinterface.) + Although not required, most sites do choose to make the subinterface number match the VLAN ID, just to avoid confusion. NOTE The command used for encapsulation DOTIQ (we need fo define the exact VLAN ID) VLAN 10 and VLAN 20 * Use the encapsulation dotlq vian_id command in subinterface configuration * mode to enable 802.1Q and associate one specific VLAN with the subinterface. * Use the ip address address mask command in subinterface configuration mode fo configure IP seffings (address and mask).Routerttsh ip int brief Interface IP-Adaress OK? Method Status Protocol Fastéthemet0/0 “vai YES unset i - Verify connectivity PC>ipconfig IP Address... £192.168.1.1 Subnet MASK... 255.255.255.0 Default Gateway... et 192.168.1100 PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Request timed out. Reply from 192. 168.2.1: bytes=32 time=62ms TIL=127 Reply from 192. 168.2.1: bytes=32 time=125ms T1L=127 Reply from 192. 168.2.1: bytes=32 fime=]09ms TIL=127 PC>tracert 192.168.2.1 Tracing route fo 192.168.2.1 over a maximum of 30 hops: 1 47ms 63ms 62ms 192.168.1.100 2 109ms 125ms 78ms 192.168.2.1LAB: Inter Vian-Routing - L3 S' H SVI interfaces Vian 10 Sy Vian 20 _—&)— 192.168.1.100 y ios 192.168.2.100 Multilayer Switch VLAN 10 Sales VLAN 20 marketing 192.168.1.0/24 192.168.2.0/24 TAS! * Create VLAN and shift the ports as per the diagram + create SVI (switch virtual interface ) for each vian and assing IP as per vlan addressing as per the diagram given ‘+ Ensure that IP routing is enabled on Multilayer Switch *__verify connectivity between vians (ping 192.168.1.1 ---192.168.2.1) On All PCs of VLAN 10 (assign IP as given / with default Gateway) Physieal IP Contgution Once @ sae Padaoes 92. 160.1.4, ‘Sabet Mask (as a5 50 stat Getanay i On All PCs of VLAN 20 (assign IP as given / with default Gateway) wean so sheanene oy Tonateste namnomrastenson "page 72Physical Conig _Oesisop = Progamming Atibtes a | inetace FasEtheretd 3S IP Configuration O once © site Airs 792.168.21 ‘Subnet Mask Sau NNn INE reereee nee eee Defaut Gateway 82.168 2.100 TASK: Create VLAN and Shift the Ports According To the Diagram ‘Switch(config) #vian 10 Switch(config-vian) #vlan 20 Switch(config-vian) #exit Switch(config) #int range f0/1 - 2 Switch(config-itrange] #switchport mode access Switch(config-itrange) #switchport access vian 10 Switch(config-frange) #exit Switch(config) #int range 10/3 - 4 Switch(config-itrange #switchport mode access Switch(config-itrange) #switchport access vian 20 Switch(config-itrange) #exit SW-1#sh vian VLAN Name Status Ports 1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/1 1, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gig!/1, Gig /2 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup) 1005 tet-default act/unsup TASK: Create SVI (Switch Virtual Interface) For Each Vian Switch (config}#int vlan 10 Switch(config-if}#ip address 192.168.1.100 255.255.255.0 Switch(config-if] #no shutdownSwitch(configeif] #exit Switch(contig) #int vian 20 Switch(contigrif)#ip address 192.168.2.100 255.255.255.0 Switch(configrif) #no shutdown Switch(configrif) #exit Switch # sh ‘ int brief + The VLAN must be defined and active on the switch before the SVI can be used. + The VLAN and the SVI are configured separately, even though they interoperate. Creating or configuring the SVI doesn't create or configure the VLAN; you still must define each one independently Switch(config) ip routing * Enable routing on the switch by using the ip routing command. * Even if IP routing was previously enabled, this step ensures that it is activated. Task: Verify Connectivity between VLANs (Ping 192.168.1.1 ---192.168.2.1) PC>ipcontig IP Address. 2 Subnet Mask.. snd 255,255.255.0 Default Gateway. sees? 192.168.1.100, PC>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Request timed out. PC>tracert 192.168.2.1 Tracing route to 192.168.2.! over a maximum of 30 hops: 47ms_63ms_62msVLAN 10 - 192.168.1.100 VLAN 20 - 192.168.2100 192.168.2.1 192.168.2.2 VLAN 20 192.168.2.0/24 On All PCs of VLAN 10 (assign IP as given / with default Gateway) Physical Cong Ossitop | Proganming _Atites rere mtn O once ‘Static mo oom ‘Subnet Mask ass 55.2550 1 Defaut Gatnay 2.16.1. 100 1 On All PCs of VLAN 20 (assign IP as given / with default Gateway)Physical Conig _Oesisop = Programming Atibtes inetace FasEtheretd 1P Configuration O pxce @ static Adirss 792.168.21 ‘Subnet Mask (266 256.286.0 Defaut Gateway 82 168-2100 ‘SW (config) #int range f0/1-2 SW1(config-itrange] #switchport mode access SW1/config-itrange] #switchport access vian 10 SW1/config-itrange] #exit SW! (config) #int range f0/3-4 SW (config-itrange) #switchport mode access SW (config-itrange) #switchport access vian 20 SW (config-itrange) #exit SWi (config) #end ‘SW1(config) #int f0/20 SW (config-if] #switchport mode trunk SWI (config-if) exit SW1#show vian brief VLAN Name Status Ports 1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/21 Fa0/22, Fa0/23, Fa0/24, GigO/1 Gigo/2 10 SALES active Fa0/1, Fa0/2 20 MARKETING active Fa0/3, Fa0/4 1002 fdai-default active 1003 token-ring-default active 1004 fddinet-default active 1005 tet-default active ‘MLS! (config) #int 70/20 ‘LSI (config-if) #switchport trunk encapsulation dotiq ‘MLS1 (config-if) #switchport mode trunk MLS1 (config-if) tend wteone iso soeansie ov satateate mnomnaaiensson Page 76MLS 1#show interfaces frunk Port Mode Encapsulation Status Native vian Fo0/20 on — 802.1q_—strunking 1 Port Vians allowed on trunk Fa0/20 1-1005 Port Vians allowed and active in management domain Fa0/20 1,10,20 Port Vins in spanning tree forwarding state and not pruned Fa0/20 1.10.20 MLST# MLS1 (config) #vlan 10 MASI (config-vian)#vlan 20 MASI (config-vian) #exit MLS] (config) #int vlan 10 MLSI(config-if)#ip address 192.168.1.100 255.255.255.0 MASI (configrf} #exit MLS I (config) #int vlan 20 MLSI(config-if] #ip address 192.168.2.100 255.255.255.0 MALS (config-if) #exit MLSI (config) #ip routing MAST (config) #end ‘MLS 1#show ip int brief Interface IP-Address OK? Method Status Protocol Fastéthemet0/i unassigned YES unset down down FastEthemet0/2 unassigned YES unset down down FastEthernet0/3 unassigned YES unset down down FastEthernet0/4 unassigned YES unset down down FastEthernet0/S unassigned YES unset down down FastEthernet0/6 unassigned YES unset down down FastEthernet0/7, unassigned YES unset down down FastEthemet0/8 unassigned YES unset down down FastEthernet0/9 unassigned YES unset down down FastEthernet0/10 unassigned YES unset down. down FastEthernet0/11 unassigned YES unset down. down FastEthernet0/12 unassigned YES unset down down FastEthernet0/13 unassigned YES unset down. down FastEthernet0/14 unassigned —_-YES unset down. down Fastéthemet0/i5 unassigned —_YES unset down down FastEthernet0/16 unassigned YES unset down down FastEthernet0/17 unassigned —_YES unset down down FastEthernet0/18 unassigned YES unset down. down FastEthernet0/19 unassigned YES unset down down FastEthernet0/20 unassigned _YES unset up upFastEthemet0/21 unassigned _—_YES unset down down FastEthernet0/22 unassigned YES unset down down FastEthernet0/23 unassigned YES unset down. down FastEthernet0/24 unassigned YES unset down. down Gigabitethemet0/I unassigned YES unset down down GigabitEthernet0/2 unassigned —_- YES unset down down Vian | Pelee YES unset ae down down MLST# ‘MLS1#show ip route Codes: C - connected, S - static, - IGRP, R- RIP, M - mobile, B- BGP D- EIGRP, EX - EIGRP external, O - OSPF, IA- OSPF inter area NI - OSPF NSSA external type J, N2 - OSPF NSSA external type 2 E1 - OSPF external fype 1, E2- OSPF external type 2, E- EGP ISHS, LI - ISS level, L2 -IS-IS level-2, ia - IS-S inter area *- candidate default, U - per-user static route, o- ODR P - periodic downloaded static route Gateway of last resort is not set C 192.168.1.0/24 is directly connected, Vian 10 CC 192.168.2.0/24 is directly connected, Vian20 MLSI# PCI (VLAN 10 - 192.168.1.1 C:\>ipconfig FastEthemet0 Connection:(default port) Link-local IPV6 Adatress.....0 1 192,168.1.1 IP Address... Subnet Mask... 2 255.255.255.0 Default Gateway nner! 192.168.1.100 C:\>ping 192.168.1.100 Pinging 192.168. 1.100 with 32 bytes of data: Reply from 192.168. 1.100: bytes=32 timeping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Request timed out. Reply from 192.168.2.1: bytes=32 time=18ms TTL Reply from 192.168.2.1: bytesReply from 192.168.2.1: bytes=32 time=16ms TIL=127 C:\ tracert 192.168.2.1 Tracing route to 192, 168.2. over a maximum of 30 hops: 1 Oms Oms Oms 192.168.1.100 2 0ms Oms Oms 192.1682.) Trace complete.TASK: * Continue with configurations based on the Previous Lab. (VLAN/Intervian Routing/ Trunk ports/ SVI) * Design additional devices connecting as given. Add A Router Connecting To MLS as per the diagram (Assuming that there is a Wan Connection (intemet/remote sites) Between Router And MLS and they are different locations) ATRAGAA 172.16.44 192.168.2.2 tr216.1.024 wav20 s92.t68.20/24 MLS#show ip int brief | include up FastEthernet0/20 unassigned __ YES unset uy up MLSI#show ip route Codes: C - connected, S - static, |- IGRP, R- RIP, M - mobile, B- BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area NI - OSPF NSSA exfemal type I, N2- OSPF NSSA extemal fype 2 El - OSPF external type 1, E2 - OSPF external type 2, E - EGP. 1154S, LI - ISAS level-1, L2 - ISS level2, ia -1S-S inter area *- candidate default, U - per-user static route, o- ODR P - periodic downloaded static route Gateway of last resort is not set C _192,168.1.0/24 is directly connected, Vian10 C_ 192.168.2.0/24 is directly connected, Vian20 MLS#show interfaces trunk Port Mode cn Status Native vlanPort Vians allowed on trunk Fa0/20 11-1005 Port Vlas allowed and active in management domain Fa0/20 1,10,20 Fort Vians in spanning tree forwarding state and not pruned Fa0/20 1,10.20 Switch# SWI#show vian brief VLAN Name Status Ports 1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/21 Fa0/22, Fa0/23, Fa0/24, GigO/! Gigd/2 10 SALES active Fa0/I, Fa0/2 20 MARKETING active Fa0/3, Fa0/4 1002 feldi-cefault active 1003 token-ring-default active 1004 fddinet-default active 1005 tmet-defauit active VLAN 10 - 192.168.1. C:\>ipconfig FastEthernef0 Connection:(default port) Link-local IPV6 Address... 22 1 192,168.11 IP AAP ES...oeene Subnet Mask. 255.255.255.0 Default Gateway... 1 192.168.1.100 C:\>ping 192.168.1100 Pinging 192.168.1.100 with 32 bytes of data: Reply from 192.168.].100: bytes=32 timeping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Request timed out.Reply from 192,168.2.1: byte: Reply from 192.168.2.1: byte: Reply from 192.168.2.1: byte: C:\>tracert 192.168.2.1 Tracing route fo 192.168.2.! over a maximum of 30 hops: 1 Oms Oms Oms 192.168.1.100 2. O0ms Oms Oms 192.168.2.1 Trace complete. PC on remote sites are Configured with IP Addressing Recs - a x Physical Carly Osskigo Programming Atibutes — a ; Pomteon © pace @ Static — me eed Recs - oo x Physical Cong Ossitcp | Programming _ Atbutes | PConguraten ) oncP @ siac Paces 21612 Subnet Mask (255.266.2880 Dela Gateway 172 161100, TASK: Configure IP addressing on Router/MLS as per the Diagram on all Devices. Roufer{config) #hostname RT Ri (configrif] #ip address 172.16.1.100 255.255.255.0 RI (config-if] #no shutdown RI (config-if] #exit RI (config) #int f0/1 RI (config-if) #ip address 10.0.0.1 255.255.255.252 RI (config-if] #no shutdown Ri (config-if} tendR1#show ip int brief Interface IP-Adaress OK? Method Status Protocol FastEthemet0/0 —172.16.1.100_ YES manual up up FastEthemet0/1 —10.0.0.1 YES manual up up Vian} unassigned YES unset administratively down down Rit On MLS MLS{config] #int fa0/21 MLS{config-if] #ip address 10.0.0.2 255.255.255.252 a % Invalid input detected at's’ marker. NOTE: * By default all the ports ofany Multilayer Switch will be swithport (Layer 2) * they don't understand IP addressing and just forward frames by identifying MAC adatress * In ourexample we want 10/20 port of MLS as Router port { layer 3) * To.change the default Layer 2 port fo a Router port we need to add command “no switchport" MLS[config) #int fa0/21 MLS(config-if] #no switchport MLS(config-if] #ip address 10.0.0.2 255.255.255.252 ‘MLS 1#show ip int brief | include up FastEthernet0/20 unassigned _YES unset up up FastEthernet0/21__10.0.0.2_ YES manual up up Vian io 192.168.1.100 YES manual up up Vian20 192.168.2.100 YES manual up up MLSI# MLS1#ping 10.0.0.1 Type escape sequence fo abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: ws Success rate is 80 percent (4/5), round-trip min/avg/max = 0/1/3 ms TASK * Configure RIP Routing between MLS & Router RI (to communicate beween LANs) ‘*_More on the Routing Topics (Covered in Routing Section ) MLS (3560) MLS| MLS| MLS| MLS| MLS| MLS| (config) #router rip iconfig-router) #version 2 (config-router) #¢nefwork 192.168.1.0 (config-router) #network 192.168.2.0 iconfig-router] #network 10.0.0.0 iconfig-router) tend.RI (config) #router rip RI (config-router) #ver 2 RI (config-router) #network 172.16.0.0 RI (config-router) #nefwork 10.0.0.0 Ri (configrouter) #end Ri#show ip route Codes: C - connected, $ - static, 1- IGRP, R- RIP, M - mobile, B- BGP D - EIGRP, EX - EIGRP external, © - OSPF, IA - OSPF inter area NI - OSPF NSSA extemal type J, N2 - OSPF NSSA extemal type 2 El - OSPF external type 1, £2 - OSPF external type 2, E- EGP. i-IS-S, LI - ISIS level, L2 -IS-IS level-2, ia - IS-IS inter area *- candidate default, U - per-user static route, o- ODR P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/30 is subnetted, | subnets C _ 10.0.0.0is directly connected, FastEthemet0/1 172.16.0.0/24 is subnetted, | subnets Cc 172.16.1.01 i connected, FastEthemet0/0 R1#show ip route rip 172.16.0.0/24 is subnetted, | subnets Ri#ping 192.168.1.1 Type escape sequence fo abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1. timeout is 2 seconds: m Success rate is 80 percent (4/5), round-trip min/avg/max = 0/6/21 ms Ri#ping 192.168.2.1 Type escape sequence fo abort. Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds: a Success rate is 80 percent (4/5), roundtrip minfavg/max = 0/5/12 ms ‘MLS1#show ip route Codes: C - connected, $ - static, |- IGRP. R- RIP, M - mobile, B- BGP D- EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area, NI - OSPF NSSA external type I, N2- OSPF NSSA external type 2 El - OSPF external type 1, £2 - OSPF external type 2, E- EGP J- ISS, LI - ISS levelI, L2 -IS-IS levet-2, ia - IS-S inter area *- candidate default, U - per-user static route, o- ODRP - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/30 is subnetted, | subnets Cc 10.0.0.05s cea connected, FastEthemet0/21 CC 192.168.1.0/24 is directly connected, Vian 10 C 192.168.2.0/24 is directly connected, Vian20 ‘MLS1#show ip route rip 10.0.0.0/30 is subnetted, 1 subnets Verify Reachability from PC PC>ipconfig IP Addresslauuiiunneauus 1920681 Subnet Mask. 255.255.255.0 Default Gateway. 192.168.1.100 PC>ping 172.16.1.1 Pinging 172. 16.1.1 with 32 bytes of data: Request timed out. Reply from 172.16.1.1: bytes=32 time=125ms T Reply from 172.16.1.1: bytes=32 ti Reply from 172.16.1.1: bytes=32 time=125ms Tl PC>tracert 172.16.1.1 Tracing route to 172.16. 1.1 over a maximum of 30 hops: 1 31ms. 3ims 32ms — 192.168.1.100 2 63ms 62ms 62ms 10.0.0.) 3 109ms 125ms 125ms 172.16.1.1 Trace complete.VLAN 10 - 192.168.1.100 VLAN 20 - 192.168.2100 192.168.2.1 192.168.2.2 VLAN 20 192.168.2.0/24 On All PCs of VLAN 10 (assign IP as given / with default Gateway) Physical Cong Ossitop | Proganming _Atites rere mtn O once ‘Static mo oom ‘Subnet Mask ass 55.2550 1 Defaut Gatnay 2.16.1. 100 1 On All PCs of VLAN 20 (assign IP as given / with default Gateway)Physical Config Progamming _Attubutes inetace FasEtheretd IP Configuration O pxce ) state Adirss 792.168.21 ‘Subnet Mask (266 256.286.0 Defaut Gateway 82.168 2.100 ‘SW (config) #int range f0/1-2 SW1(config-itrange] #switchport mode access SW1/config-itrange] #switchport access vian 10 SW1/config-itrange] #exit SW! (config) #int range f0/3-4 SW (config-itrange) #switchport mode access SW (config-itrange) #switchport access vian 20 SW (config-itrange) #exit SWi (config) #end