Professional Documents
Culture Documents
Aim: Study of different types of Network cables and practically implement the cross-wired
cable and straight through cable using clamping tool.
1. Start by stripping off about 2 inches of the plastic jacket off the end of the cable. Be very
careful at this point, as to not nick or cut into the wires, which are inside. Doing so could alter
the characteristics of your cable, or even worse render is useless. Check the wires, one more time
for nicks or cuts. If there are any, just whack the whole end off, and start over.
2. Spread the wires apart but be sure to hold onto the base of the jacket with your other hand.
You do not want the wires to become untwisted down inside the jacket. Category 5 cable must
only have 1/2 of an inch of 'untwisted' wire at the end; otherwise it will be 'out of spec'. At this
point, you obviously have ALOT more than 1/2 of an inch of un-twisted wire.
3. You have 2 end jacks, which must be installed on your cable. If you are using a pre-made
cable, with one of the ends whacked off, you only have one end to install - the crossed over end.
Below are two diagrams, which show how you need to arrange the cables for each type of cable
end. Decide at this point which end you are making and examine the associated picture below.
Topology Diagram
Objectives
ÿ Perform an initial configuration of a Cisco Catalyst 2960 switch.
Background / Preparation
In this activity, you will configure these settings on the customer Cisco Catalyst 2960 switch:
ÿ Host name
ÿ Console password
ÿ vty password
ÿ Privileged EXEC mode password
ÿ Privileged EXEC mode secret
ÿ IP address on VLAN1 interface
ÿ Default gateway
Note: Not all commands are graded by Packet Tracer.
Switch>enable
Switch#configure terminal
Switch(config)#hostname CustomerSwitch
b. From line configuration mode, set the password to cisco and require the password to be entered
at login.
CustomerSwitch(config-line)#password cisco
CustomerSwitch(config-line)#login
CustomerSwitch(config-line)#exit
CustomerSwitch(config)#line vty 0 15
b. From line configuration mode, set the password to cisco and require the password to be entered
at login.
CustomerSwitch(config-line)#password cisco
CustomerSwitch(config-line)#login
CustomerSwitch(config-line)#exit
CustomerSwitch(config)#interface vlan
1CustomerSwitch(config-if)#ip address 192.168.1.5
255.255.255.0CustomerSwitch(config-if)#no
shutdownCustomerSwitch(config-if)#exit
CustomerSwitch(config)#end
CustomerSwitch#ping 209.165.201.10
CustomerSwitch#
Reflection
a. What is the significance of assigning the IP address to the VLAN1 interface instead of any of the
Fast Ethernet interfaces?
b. What command is necessary to enforce password authentication on the console and vty lines?
c. How many gigabit ports are available on the Cisco Catalyst 2960 switch that you used in the activity?
Experiment-3
Topology Diagram
Use this syntax checker to practice configuring the initial settings on a router.
The following tasks should be completed when configuring initial settings on a router.
Router(config)# hostnamehostname
Router(config-line)#line vty 0 4
Router(config-line)# password password
Router(config-line)# login
Router(config-line)# transport input {ssh | telnet}
5. Secure all passwords in the config file.
Router(config-line)#exit
Router(config)# service password-encryption
Router(config)# end
Router# copy running-config startup-config
At this point, your routers have their basic configurations. The next step is to configure their interfaces.
This is because routers are not reachable by end devices until the interfaces are configured. There are
many different types of interfaces available on Cisco routers. For example, the Cisco ISR 4321 router is
equipped with two Gigabit Ethernet interfaces:
The task to configure a router interface is very similar to a management SVI on a switch. Specifically, it
includes issuing the following commands:
Router(config)# interfacetype-and-number
Router(config-if)#descriptiondescription-text
Router(config-if)# ip addressipv4-address subnet-mask
Router(config-if)# ipv6 addressipv6-address/prefix-length
Router(config-if)# no shutdown
the description command would be helpful to enter the third-party connection and contact information.
no shutdown command activates the interface and is similar to powering on the interface.
R1>enable
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#
changed state to up
R1(config)#
R1(config)#
R1(config-if)#description Link to R2
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#
changed state to up
R1(config)#
Note: Notice the informational messages informing us that G0/0/0 and G0/0/1 are enabled.
There are several commands that can be used to verify interface configuration. The most useful of these is
the show ip interface brief and show ipv6 interface brief commands, as shown in the example.
GigabitEthernet0/0/0 [up/up]
FE80::201:C9FF:FE89:4501
2001:DB8:ACAD:10::1
GigabitEthernet0/0/1 [up/up]
FE80::201:C9FF:FE89:4502
2001:DB8:FEED:224::1
unassigned
R1#
The table summarizes the more popular show commands used to verify interface configuration.
Table caption
Commands Description
show ip interface The output displays all interfaces, their IP addresses, and their current status.
brief The configured and connected interfaces should display a Status of “up” and
show ipv6 interface Protocol of “up”. Anything else would indicate a problem with either the
brief configuration or the cabling.
show ip route
Displays the contents of the IP routing tables stored in RAM.
show ipv6 route
Displays statistics for all interfaces on the device. However, this command will
show interfaces
only display the IPv4 addressing information.
show ip interfaces Displays the IPv4 statistics for all interfaces on a router.
show ipv6 interface Displays the IPv6 statistics for all interfaces on a router.
R1# show ip interface brief Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0/0
192.168.10.1 YES manual up up GigabitEthernet0/0/1 209.165.200.225 YES manual up up Vlan1
unassigned YES unset administratively down down R1#
Experiment-4
Topology Diagram
Objectives
Distinguish the difference between successful and unsuccessful ping attempts.
Distinguish the difference between successful and unsuccessful traceroute attempts.
Background / Preparation
In this activity, you will test end-to-end connectivity using ping and traceroute. At the end of this activity, you will
be able to distinguish the difference between successful and unsuccessful ping and traceroute attempts.
Note: Before beginning this activity, make sure that the network is converged. To converge the
networkquickly, switch between Simulation mode and Realtime mode until all the link lights turn green.
Step 1: Test connectivity using ping from a host computer and a router.
Click N-Host, click the Desktop tab, and then click Command Prompt. From the Command Prompt window, ping
the Cisco server at www.cisco.com.
Packet Tracer PC Command Line 1.0
PC>ping www.cisco.com
PC>
From the output, you can see that N-Host was able to obtain an IP address for the Cisco server. The IP address was
obtained using (DNS). Also notice that the first ping failed. This failure is most likely due to lack of ARP
convergence between the source and destination. If you repeat the ping, you will notice that all pings succeed.
From the Command Prompt window on N-Host, ping E-Host at 192.168.4.10. The pings fail. If you do not want to
wait for all four unsuccessful ping attempts, press Ctrl+C to abort the command, as shown below.
PC>ping 192.168.4.10
Control-C
^C
PC>
Click the N-Branch router, and then click the CLI tab. Press Enter to get the router prompt. From the router prompt,
ping the Cisco server at www.cisco.com.
N-Branch>ping www.cisco.com
Translating "www.cisco.com"...domain server (64.100.1.242)
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 64.100.1.185, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 210/211/213 ms
N-Branch>
As you can see, the ping output on a router is different from a PC host. Notice that the N-Branch router resolved the
domain name to the same IP address that N-Host used to send its pings. Also notice that the first ping fails, which is
indicated by a period (.), and that the next four pings succeed, as shown with an exclamation point (!).
From the CLI tab on N-Branch, ping E-Host at 192.168.4.10. Again, the pings fail. To not wait for all the
failures, press Ctrl+C.
N-Branch>ping 192.168.4.10
N-Branch>
Step 2: Test connectivity using traceroute from a host computer and a router.
a. Click N-Host, click the Desktop tab, and then click Command Prompt. From the Command
Prompt window, trace the route to the Cisco server at www.cisco.com.
PC>tracert www.cisco.com
1 92 ms 77 ms 86 ms 192.168.1.1
2 91 ms 164 ms 84 ms 64.100.1.101
3 135 ms 168 ms 1 5 1 m s 64.100.1.6
4 185 ms 261 ms 1 6 1 m s 64.100.1.34
5 257 ms 280 ms 2 2 4 m s 64.100.1.62
6 310 ms 375 ms 2 9 8 m s 64.100.1.185
Trace complete.
PC>
The above output shows that you can successfully trace a route all the way to the Cisco server at 64.100.1.185.
Each hop in the path is a router responding three times to trace messages from N-Host. The trace continues until the
destination for the trace (64.100.1.185) responds three times.
From the Command Prompt window on N-Host, trace a route to E-Host at 192.168.4.10. The trace fails, but notice
that the tracert command traces up to 30 hops. If you do not want to wait for all 30 attempts to time out, press
Ctrl+C.
PC>tracert 192.168.4.10
1103 ms 45 ms 91 ms 192.168.1.1
256 ms 110 ms 125 ms 64.100.1.101
3174 ms 195 ms 134 ms 64.100.1.6
4246 ms 183 ms 179 ms 64.100.1.34
5217 ms 285 ms 226 ms 64.100.1.62
6246 ms 276 ms 245 ms 64.100.1.154
7 * * * R eq u est tim ed o u t.
8 * * * R eq u est tim ed o u t.
9 * * * R eq u est tim ed o u t.
10
Control-C
^C
PC>
The tracert command can be helpful in finding the potential source of a problem. The last device to
respond was 64.100.1.154, so you would start troubleshooting by determining which device is
configured with the IP address 64.100.1.154. The source of the problem might not be that device,
but the trace has given you a starting point, whereas a ping simply tells you that the destination is
either reachable or unreachable.
Click the N-Branch router, and then click the CLI tab. Press Enter to get the router prompt. From the router prompt,
trace the route to the Cisco server at www.cisco.com.
N-Branch>traceroute www.cisco.com
Translating "www.cisco.com"...domain server (64.100.1.242)
Type escape sequence to abort.
Tracing the route to 64.100.1.185
As you can see, traceroute output on a router is very similar to the output on a PC host. The
only difference is that on a PC host, the IP address is listed after the three millisecond outputs.
From the CLI tab on N-Branch, trace the route to E-Host at 192.168.4.10. The trace fails at the same IP address as
it failed when tracing from N-Host. Again, you can use Ctrl+C to abort the command.
N-Branch>traceroute 192.168.4.10
Type escape sequence to abort.
Tracing the route to 192.168.4.10
Topology
Objectives
Part 1: Capture and Analyze Local ICMP Data in Wireshark
Part 2: Capture and Analyze Remote ICMP Data in Wireshark
Background / Scenario
Wireshark is a powerful software protocol analyzer, commonly known as a “packet sniffer.”It is used for network troubleshooting,
analysis, software development, and education.As data flows across a network, Wireshark captures each protocol data unit (PDU)
and decodes its content based on relevant specifications (such as RFCs).
Required Resources
1 PC (Windows with internet access)
Additional PCs on a local-area network (LAN) will be used to reply to ping requests.
Instructions
4. Stop Capturing:
o When you want to stop capturing traffic, click the red “Stop” button near the top left corner of the Wireshark
window.
Step 3: Examine the captured data.
In Step 3, examine the data that was generated by the ping requests of your team member PC. Wireshark data is displayed in
three sections: 1) The top section displays the list of PDU frames captured with a summary of the IP packet information listed;
2) the middle section lists PDU information for the frame selected in the top part of the screen and separates a captured PDU
frame by its protocol layers; and 3) the bottom section displays the raw data of each layer. The raw data is displayed in both
hexadecimal and decimal form.
a. Click the first ICMP request PDU frames in the top section of Wireshark. Notice that the Source column has your PC IP
address, and the Destination column contains the IP address of the teammate PC that you pinged.
b. With this PDU frame still selected in the top section, navigate to the middle section. Click the plus sign to the left of the
Ethernet II row to view the destination and source MAC addresses.
Questions:
1) www.yahoo.com
2) www.cisco.com
3) www.google.com
Note: When you ping the URLs listed, notice that the Domain Name Server (DNS) translates the URL to an IP address.
Note the IP address received for each URL.
d. You can stop capturing data by clicking the Stop Capture icon.
Step 2: Examining and analyzing the data from the remote hosts.
Review the captured data in Wireshark and examine the IP and MAC addresses of the three locations that you pinged. List the
destination IP and MAC addresses for all three locations in the space provided.
Questions:
Reflection Question
Why does Wireshark show the actual MAC address of the local hosts, but not the actual MAC address for the remote hosts?
MAC addresses for remote hosts are not known on the local network, so the MAC address of the default-gateway is
used. After the packet reaches the default-gateway router, the Layer 2 information is stripped from the packet and a
new Layer 2 header is attached with the destination MAC address of the next hop router.
Part 1: Create a new inbound rule allowing ICMP traffic through the firewall.
a. Navigate to the Control Panel and click the System and Security option in the Category view.
b. In the System and Security window, click Windows Defender Firewall or Windows Firewall.
c. In the left pane of the Windows Defender Firewall or Windows Firewall window, click advanced settings.
d. On the Advanced Security window,click the Inbound Rules option on the left sidebar and then click New Rule… on
the right sidebar.
e. This launches the New Inbound Rule wizard. On the Rule Type screen, click the Custom radio button and click next.
f. In the left pane, click the Protocol and Ports option and using the Protocol Type drop-down menu, select ICMPv4, and
then click next.
g. Verify that Any IP address for both the local and remote IP addresses are selected. Click Next to continue.
h. Select allow the connection. Click Next to continue.
i. By default, this rule applies to all the profiles. Click Next to continue.
j. Name the rule with Allow ICMP Requests. Click Finish to continue. This new rule should allow your team members to
receive ping replies from your PC.
Background / Scenario
This lab requires you to determine the availability and status of the network interface cards (NICs) on the PC that you use.
Windows provides a number of ways to view and work with your NICs.
In this lab, you will access the NIC information of your PC and change the status of these cards.
Required Resources
1 PC (Windows with two NICs, wired and wireless, and a wireless connection)
Note: At the start of this lab, the wired Ethernet NIC in the PC was cabled to one of the integrated switch ports on a wireless
router and the Local Area Connection (wired) was enabled. The wireless NIC was disabled initially. If the wired and wireless
NICs are both enabled the PC will receive two different IP addresses and the wireless NIC will take precedence.
Instructions
Objectives
Part 1: Examine the Header Fields in an Ethernet II Frame
Part 2: Use Wireshark to Capture and Analyze Ethernet Frames
Background / Scenario
When upper layer protocols communicate with each other, data flows down the Open Systems Interconnection (OSI) layers
and is encapsulated into a Layer 2 frame. The frame composition is dependent on the media access type. For example, if the
upper layer protocols are TCP and IP and the media access is Ethernet, then the Layer 2 frame encapsulation will be Ethernet
II. This is typical for a LAN environment. When learning about Layer 2 concepts, it is helpful to analyze frame header
information. In the first part of this lab, you will review the fields contained in an Ethernet II frame. In Part 2, you will use
Wireshark to capture and analyze Ethernet II frame header fields for local and remote traffic.
Required Resources
1 PC (Windows with internet access and with Wireshark installed)
Instructions
Preamble Not shown in capture This field contains synchronizing bits, processed by the NIC
hardware.
Destination Address Broadcast (ff:ff:ff:ff:ff:ff)
Layer 2 addresses for the frame. Each address is 48 bits long, or
6 octets, expressed as 12 hexadecimal digits, 0-9,A-F.
A common format is 12:34:56:78:9A:BC.
The first six hex numbers indicate the manufacturer of the
Source Address Netgear_99:c5:72
network interface card (NIC), the last six hex numbers are the
(30:46:9a:99:c5:72)
serial number of the NIC.
The destination address may be a broadcast, which contains all
ones, or a unicast. The source address is always unicast.
Frame Type 0x0806 For Ethernet II frames, this field contains a hexadecimal value
that is used to indicate the type of upper-layer protocol in the
data field. There are numerous upper-layer protocols supported
by Ethernet II. Two common frame types are these:
Value Description
0x0800 IPv4 Protocol
0x0806 Address Resolution Protocol (ARP)
Data ARP Contains the encapsulated upper-level protocol. The data field is
between 46 – 1,500 bytes.
Field Value Description
FCS Not shown in capture Frame Check Sequence, used by the NIC to identify errors during
transmission. The value is computed by the sending device,
encompassing frame addresses, type, and data field. It is verified
by the receiver.
Step 4: From the command prompt window, ping the default gateway of your PC.
Open a Windows command prompt.
From the command window, ping the default gateway using the IP address that you recorded in Step 1.
Close Windows command prompt.
In the first echo (ping) request frame, what are the source and destination MAC addresses?
Source:
Type your answers here.
This should be the MAC address of the PC.
Destination:
Type your answers here.
This should be the MAC address of the Default Gateway.
What are the source and destination IP addresses contained in the data field of the frame?
Source:
Type your answers here.
This is still the IP address of the PC.
Destination:
Type your answers here.
This is the address of the server at www.cisco.com.
Compare these addresses to the addresses you received in Step 6. The only address that changed is the destination IP
address. Why has the destination IP address changed, while the destination MAC address remained the same?
Type your answers here.
Layer 2 frames never leave the LAN. When a ping is issued to a remote host, the source will use the default
gateway MAC address for the frame destination. The default gateway receives the packet, strips the Layer 2 frame
information from the packet and then creates a new frame header with the MAC address of the next hop. This
process continues from router to router until the packet reaches its destination IP address.
Reflection Question
Wireshark does not display the preamble field of a frame header. What does the preamble contain?
Type your answers here.
The preamble field contains seven octets of alternating 1010 sequences, and one octet that signals the beginning of the
frame, 10101011.
Experirment-6
Aim: Subnet an IPv4 Network: Variable Length Subnetting
Topology Diagram
Objectives
Part 1: Design an IPv4 Network Subnetting Scheme Part 2: Configure the Devices
Background / Scenario
In this activity, you will subnet the Customer network into multiple subnets. The subnet scheme should be based on the
number of host computers required in each subnet, as well as other network considerations, like future network host
expansion.
After you have created a subnetting scheme and completed the table by filling in the missing host and interface
IP addresses, you will configure the host PCs, switches and router interfaces.
After the network devices and host PCs have been configured, you will use the ping command to test for network
connectivity.
Instructions
Step 1: Step 1: Create a subnetting scheme that meets the required number of subnets and required number of host
addresses.
In this scenario, you are a network technician assigned to install a new network for a customer. You must create multiple
subnets out of the 192.168.0.0/24 network address space to meet the following requirements:
a. The first subnet is the LAN-A network. You need a minimum of 50 host IPaddresses.
b. The second subnet is the LAN-B network. You need a minimum of 40 host IPaddresses.
c. You also need at least two additional unused subnets for future networkexpansion.
Note: Variable length subnet masks will not be used. All of the device subnet masks should be the same length.
d. Answer the following questions to help create a subnetting scheme that meets the statednetwork
requirements:
How many host addresses are needed in the largest required subnet?50
What is the minimum number of subnets required?4
The network that you are tasked to subnet is 192.168.0.0/24. What is the /24 subnet mask in binary?
e. The subnet mask is made up of two portions, the network portion, and the host portion. Thisis
represented in the binary by the ones and the zeros in the subnetmask.
In the network mask, what do the ones represent?Network ID
In the network mask, what do the zeros represent?Host Id
f. To subnet a network, bits from the host portion of the original network mask are changed into subnet
bits. The number of subnet bits defines the number ofsubnets.
Given each of the possible subnet masks depicted in the following binary format, how many subnets and
how many hosts are created in each example?
Hint: Remember that the number of host bits (to the power of 2) defines the number of hosts per subnet (minus 2),
and the number of subnet bits (to the power of two) defines the number of subnets. The subnet bits (shown in bold)
are the bits that have been borrowed beyond the original network mask of /24. The
/24 is the prefix notation and corresponds to a dotted decimal mask of 255.255.255.0. 1) (/25)
11111111.11111111.11111111.10000000
2) (/26) 11111111.11111111.11111111.11000000
Dotted decimal subnet mask equivalent:
Number of subnets? Number of hosts?
3) (/27) 11111111.11111111.11111111.11100000
Dotted decimal subnet mask equivalent:
Number of subnets? Number of hosts?
4) (/28) 11111111.11111111.11111111.11110000
Dotted decimal subnet mask equivalent:
Number of subnets? Number of hosts?
5) (/29) 11111111.11111111.11111111.11111000
Dotted decimal subnet mask equivalent:
Number of subnets? Number of hosts?
6) (/30) 11111111.11111111.11111111.11111100
Dotted decimal subnet mask equivalent:
Number of subnets? Number of hosts?
Considering your answers above, which subnet masks meet the required number of minimum host addresses? /26
Considering your answers above, which subnet masks meets the minimum number of subnets
required?Considering your answers above, which subnet mask meets both the required
minimum number of hosts and the minimum number of subnets required?
When you have determined which subnet mask meets all of the stated network requirements,
deriveeach of the subnets. List the subnets from first to last in the table. Remember that the
first subnet is 192.168.0.0 with the chosen subnetmask.
192.168.0.64/192.168.0.127/64
192.168.0.128/192.168.0.191/64
192.168.0.192/192.168.0.255/64
Step 2: Step 2: Fill in the missing IP addresses in the Addressing Table 192.168.0.0---192.168.0.63
Assign IP addresses based on the following criteria: Use the ISP Network settings as an example.256-
a. Assign the first subnet toLAN-A.
1) Use the first host address for the CustomerRouter interface connected to LAN-Aswitch.
2) Use the second host address for the LAN-A switch. Make sure to assign a default gatewayaddress for
theswitch.
3) Use the last host address for PC-A. Make sure to assign a default gateway address for thePC.
b. Assign the second subnet toLAN-B.
1) Use the first host address for the CustomerRouter interface connected to LAN-Bswitch.
2) Use the second host address for the LAN-B switch. Make sure to assign a default gatewayaddress for
theswitch.
3) Use the last host address for PC-B. Make sure to assign a default gateway address for thePC.
• Legacy Inter-VLAN routing - This is a legacy solution. It does not scale well.
• Router-on-a-Stick - This is an acceptable solution for a small to medium-sized network.
• Layer 3 switch using switched virtual interfaces (SVIs) - This is the most scalable solution for
medium to large organizations.
• The first inter-VLAN routing solution relied on using a router with multiple Ethernet interfaces. Each router
interface was connected to a switch port in different VLANs. The router interfaces served as the default
gateways to the local hosts on the VLAN subnet.
• Legacy inter-VLAN routing using physical interfaces works, but it has a significant limitation. It is not
reasonably scalable because routers have a limited number of physical interfaces. Requiring one physical
router interface per VLAN quickly exhausts the physical interface capacity of a router.
VLAN details are stored in the vlan.dat file. You create VLANs in the global configuration mode.
:-
• If the Student PC is going to be in VLAN 20, we will create the VLAN first and then name it.
• If you do not name it, the Cisco IOS will give it a default name of vlan and the four-digit number of the
VLAN. E.g. vlan0020 for VLAN 20.
VLAN Port Assignment Commands
Once the VLAN is created, we can then assign it to the correct interfaces.
• We will want to create and name both Voice and Data VLANs.
• In addition to assigning the data VLAN, we will also assign the Voice VLAN and turn on QoS for the voice
traffic to the interface.
• The newer catalyst switch will automatically create the VLAN, if it does not already exist, when it is assigned
to an interface.
Note: QoS is beyond the scope of this course. Here we do show the use of the mlsqos trust [cos | device cisco-
phone | dscp | ip-precedence] command.
Verify VLAN Information
Configure and verify VLAN trunks. Trunks are layer 2 and carry traffic for all VLANs.
Reset the trunk to an access mode with the switchport mode access command:
• Is set to an access interface administratively
• Is set as an access interface operationally (functioning)
Introduction to DTP
The default DTP configuration is dependent on the Cisco IOS version and platform.
• Use the show dtp interface command to determine the current DTP mode.
• Best practice recommends that the interfaces be set to access or trunk and to turnoff DTP
Experirment-9
Router-on-a-Stick Scenario:-
• In the figure, the R1 GigabitEthernet 0/0/1 interface is connected to the S1 FastEthernet 0/5 port.
The S1 FastEthernet 0/1 port is connected to the S2 FastEthernet 0/1 port. These are trunk links
that are required to forward traffic within and between VLANs.
• To route between VLANs, the R1 GigabitEthernet 0/0/1 interface is logically divided into three
subinterfaces, as shown in the table. The table also shows the three VLANs that will be
configured on the switches.
• Assume that R1, S1, and S2 have initial basic configurations. Currently, PC1
and PC2 cannot ping each other because they are on separate networks. Only
S1 and S2 can ping each other, but they but are unreachable by PC1 or PC2
because they are also on different networks.
• To enable devices to ping each other, the switches must be configured with
VLANs and trunking, and the router must be configured for inter-VLAN
routing.
Next, use ping to verify connectivity with PC2 and S1, as shown in
the figure. The ping output successfully confirms inter-VLAN
routing is operating.
• Inter-VLAN routing using the router-on-a-stick method is simple to implement for a small to
medium-sized organization. However, a large enterprise requires a faster, much more scalable
method to provide inter-VLAN routing.
• Enterprise campus LANs use Layer 3 switches to provide inter-VLAN routing. Layer 3 switches
use hardware-based switching to achieve higher-packet processing rates than routers. Layer 3
switches are also commonly implemented in enterprise distribution layer wiring closets.
• Route from one VLAN to another using multiple switched virtual interfaces (SVIs).
• Convert a Layer 2 switchport to a Layer 3 interface (i.e., a routed port). A routed port is similar to
a physical interface on a Cisco IOS router.
• To provide inter-VLAN routing, Layer 3 switches use SVIs. SVIs are configured using the
same interface vlan vlan-id command used to create the management SVI on a Layer 2 switch. A
Layer 3 SVI must be created for each of the routable VLANs.
In the figure, the Layer 3 switch, D1, is connected to two hosts on different VLANs. PC1 is in
VLAN 10 and PC2 is in VLAN 20, as shown. The Layer 3 switch will provide inter-VLAN
routing services to the two hosts.
Layer 3 Switch Configuration: -
• Step 1. Create the VLANs. In the example, VLANs 10 and 20 are used.
• Step 2. Create the SVI VLAN interfaces. The IP address configured will serve as the default
gateway for hosts in the respective VLAN.
• Step 3. Configure access ports. Assign the appropriate port to the required VLAN.
• Step 4. Enable IP routing. Issue the ip routing global configuration command to allow traffic to
be exchanged between VLANs 10 and 20. This command must be configured to enable inter-
VAN routing on a Layer 3 switch for IPv4.
• From a host, verify connectivity to a host in another VLAN using the ping command. It is a good
idea to first verify the current host IP configuration using the ipconfig Windows host command.
• Next, verify connectivity with PC2 using the ping Windows host command. The successful
ping output confirms inter-VLAN routing is operating
If VLANs are to be reachable by other Layer 3 devices, then they must be advertised using static
or dynamic routing. To enable routing on a Layer 3 switch, a routed port must be configured.
A routed port is created on a Layer 3 switch by disabling the switchport feature on a Layer 2 port
that is connected to another Layer 3 device. Specifically, configuring the no switchport interface
configuration command on a Layer 2 port converts it into a Layer 3 interface. Then the interface
can be configured with an IPv4 configuration to connect to a router or another Layer 3 switch.
In the figure, the previously configured D1 Layer 3 switch is now connected to R1. R1 and D1
are both in an Open Shortest Path First (OSPF) routing protocol domain. Assume inter-VLAN
has been successfully implemented on D1. The G0/0/1 interface of R1 has also been configured
and enabled. Additionally, R1 is using OSPF to advertise its two networks, 10.10.10.0/24 and
10.20.20.0/24.
Note: OSPF routing configuration is covered in another course. In this module, OSPF
configuration commands will be given to you in all activities and assessments. It is not required
that you understand the configuration in order to enable OSPF routing on the Layer 3 switch.
• Step 1. Configure the routed port. Use the no switchport command to convert the port to a routed
port, then assign an IP address and subnet mask. Enable the port.
• Step 2. Enable routing. Use the ip routing global configuration command to enable routing.
• Step 3. Configure routing. Use an appropriate routing method. In this example, Single-Area
OSPFv2 is configured
• Step 4. Verify routing. Use the show ip route command.
• Step 5. Verify connectivity. Use the ping command to verify reachability