lab 5: inter-vlans routing network topology:- · pdf file · 2017-07-221 lab 5:...

1

Lab 5: Inter-VLANs Routing

Network Topology:-

Device Interface IP Address Subnet Mask Gateway/Clock

Rate

R1

Fa 0/0.10 10.5.0.1 255.255.255.192 -----

Fa 0/0.20 10.6.0.1 255.255.255.192 -----

Fa 0/0.30 10.10.0.1 255.255.255.192 -----

PC0 NIC 10.5.0.10 255.255.255.192 10.5.0.1

PC1 NIC 10.6.0.10 255.255.255.192 10.6.0.1

PC2 NIC 10.5.0.11 255.255.255.192 10.5.0.1

PC3 NIC 10.10.0.10 255.255.255.192 10.10.0.1

PC4 NIC 10.10.0.11 255.255.255.192 10.10.0.1

PC5 NIC 10.6.0.11 255.255.255.192 10.6.0.1

Device From Port To Port (Device) VLAN Port Type

S1

Fa 0/1 Fa 0/1 (S2) 10, 20, 30 Trunk

Fa 0/2 Fa 0/4 (S2) 10, 20, 30 Trunk

Fa 0/3 Fa 0/0 (R1) 10, 20, 30 Trunk

Fa 0/10 NIC (PC0) 10 Access


S2

Fa 0/1 Fa 0/1 (S1) 10, 20, 30 Trunk

Fa 0/2 Fa 0/1 (S3) 10, 20, 30 Trunk

Fa 0/3 Fa 0/2 (S3) 10, 20, 30 Trunk

Fa 0/4 Fa 0/2 (S1) 10, 20, 30 Trunk



S3

Fa 0/1 Fa 0/2 (S2) 10, 20, 30 Trunk

Fa 0/2 Fa 0/3 (S2) 10, 20, 30 Trunk



2

Objective:

This lab configures routers using Open Shortest Path First Protocol (OSPF) so that all devices can ping any

other device.

Upon Completion You will learn:

1. Configure Access or Trunk links.

2. Create VLAN.

3. Assign VLAN membership.

4. Configure Intra VLAN routing.

5. Configure VTP Server.

6. Make VTP Clients.

7. Show STP Static.

8. Configure DTP port.

Theory:

A Virtual LAN (VLAN) is a logical grouping of network devices in the same broadcast

domain that can span multiple physical segments.

Logically speaking, VLANs are also subnets. A subnet or a sub-network is a contained

broadcast domain, meaning that if a broadcast occurs in one subnet, it will not be forwarded – by

default – to another subnet. The routers – also called Layer 3 devices – provide this boundary

function. Switches can provide this function at Layer 2 by means of VLAN.

Advantages of VLANs:-

Increase the number of broadcast domains while reducing their size.

Provide additional security.

Increase the flexibility of network equipment.

Allow a logical grouping of users by function, not location.

Make user adds, moves, and changes easier.

Scalability

VLANs provide location independence, this flexibility makes the addition, changing, and

moving of networking devices a simple process. It also allows to group people together, which also

makes implementing security policies straightforward. In general, IP protocols support up to 500

devices per VLAN.

VLAN Membership

A device’s membership in a VLAN can be determined by one of two methods:-

Static: Membership have to be assigned manually.

Dynamic: VTP server is configured first, and it will automatically do the rest.

VLAN Connections

There are two types of connections:

1) Access-Link Connections: An access-link connection is a connection between a switch and a

device with a normal Ethernet NIC, where the Ethernet frames are transmitted unaltered.

2) Trunk Connections: trunk connections are capable of carrying traffic for multiple VLANs.

3

Cisco supports two Ethernet trunking methods:-

Cisco’s proprietary Inter Switch Link (ISL) protocol for Ethernet: adds a 26-byte header and

a 4-byte trailer to the original Ethernet frame. Cisco’s 1900 switch supports only ISL.

IEEE’s 802.1Q: commonly referred to as dot1q for Ethernet, is a standardized trunking method

that inserts a 4-byte field into the original Ethernet frame and recomputed the FCS. The Cisco's

2950 only supports 802.1Q. 802.1Q trunks support two types of frames:-

An untagged frame does not carry any VLAN identification information in it. Basically,

this is a standard, unaltered Ethernet frame.

A tagged frame contains VLAN information, and only other 802.1Q-aware devices on

the trunk will be able to process this frame

Trunk Tagging

For VLANs to span across multiple switches, you obviously need to connect the switches to

each other. Although it is possible to simply plug one switch into another using an Access port just as

you would plug in a host or a hub, doing so kills the VLAN-spanning feature and a bunch of other

useful stuff too. A switch-to-switch link must be set up as a trunk link in order for the VLAN system

to work properly. A trunk link is a special connection; the key difference between an ordinary

connection (an Access port) and a Trunk port is that although an Access port is only in one VLAN at

a time, a Trunk port has the job of carrying traffic for all VLANs from one switch to another. Any

time you connect a switch to another switch, you want to make it a trunk.

Trunking methods create the illusion that instead of a single physical connection between the

two trunking devices, a separate logical connection exists for each VLAN between them. When

trunking, the switch adds the source port’s VLAN identifier to the frame so that the device (typically

a switch) at the other end of the trunk understands what VLAN originated this frame and the

destination switch can make intelligent forwarding decisions on not just the destination MAC

address, but also the source VLAN identifier. Since information is added to the original Ethernet

frame, normal NICs will not understand this information and will typically drop the frame.

Therefore, you need to ensure that when you set up a trunk connection on a switch’s interface, the

device at the other end also supports the same trunking protocol and has it configured. If the device

at the other end doesn’t understand these modified frames or is not set up for trunking, it will, in

most situations, drop them. The modification of these frames, commonly called tagging.

By default, all VLANs are permitted across a trunk link. Switch-to-Switch trunk links always

require the use of a crossover cable, never a straight-through cable.

Key feature about Dynamic Trunk Protocol (DTP)

A trunk can be created only on a Fast Ethernet or Gigabit Ethernet connection; 10Mb

Ethernet ports are not fast enough to support the increased traffic from multiple VLANs, so the

commands are not available for a regular Ethernet port. By default, traffic from all VLANs is

allowed on a trunk. It is also possible to specify which VLANs are permitted (or not) to cross a

particular trunk, this practice is not very common.

Dynamic Trunk Protocol (DTP) supports five trunking modes:-

1) On or Trunk: interface always assumes the connection is a trunk, even if the remote end does

not support trunking.

2) Desirable: the interface will generate DTP messages on the interface, but it make the assumption

that the other side is not trunk-capable and will wait for a DTP message from the remote side. In

this state, the interface starts as an access-link connection. If the remote side sends a DTP

message, and this message indicates that trunking is compatible between the two switches, a

trunk will be formed and the switch will start tagging frames on the interface. If the other side

does not support trunking, the interface will remain as an access-link connection.

4

3) Auto-negotiate: interface passively listens for DTP messages from the remote side and leaves

the interface as an access-link connection. If the interface receives a DTP message, and the

message matches trunking capabilities of the interface, then the interface will change from an

access-link connection to a trunk connection and start tagging frames.

4) No-negotiate: interface is set as a trunk connection and will automatically tag frames with

VLAN information; however, the interface will not generate DTP messages: DTP is disabled.

This mode is typically used when connecting trunk connections to non-Cisco devices that don’t

understand Cisco’s proprietary trunking protocol and thus won’t understand the contents of these

messages.

5) Off: If an interface is set to off, the interface is configured as an access link. No DTP messages

are generated in this mode, nor are frames tagged.

VLAN Trunk Protocol (VTP)

VTP is a Layer 2 protocol that takes care of the steps of creating and naming VLANs on all

switches in the system. We still have to set port membership to VLANs at each switch, which we can

do either statically or using a VMPS. VTP works by establishing a single switch as being in charge

of the VLAN information for a domain, i.e. a server. In this case, a domain is simply a group of

switches that all have the same VTP domain name. This simply puts all the switches into a common

administrative group.

The VLAN Trunk Protocol (VTP) is a proprietary Cisco protocol used to share VLAN

configuration information between Cisco switches on trunk connections. When you are setting up

VTP, you have three different modes:-

Server mode: This is the one switch that is in charge of the VLAN information for the VTP

domain. You may add, delete, and change VLAN information on this switch, and doing so

affects the entire VTP domain. This way, we only have to enter our VLAN information once,

and the Server mode switch propagates it to all the other switches in the domain.

Client mode: Client mode switches get VLAN information from the Server. You cannot add,

delete, or change VLAN information on a Client mode switch; in fact, the commands to do so

are disabled.

Transparent mode: A Transparent mode switch is doing its own thing; it will not accept any

changes to VLAN information from the Server, but it will forward those changes to other

switches in the system. You can add, delete, and change VLANs—but those changes only

affect the Transparent mode switch and are not sent to other switches in the domain.

VTP Messages

Summary advertisement: is generated by a switch in VTP server mode. Summary

advertisements are generated every five minutes by default (300 seconds), or when a configuration

change takes place on the server switch. It informs adjacent switches of the current VTP domain

name and the configuration revision number. When the switch receives a summary advertisement

packet, the switch compares the VTP domain name to its own VTP domain name. If the name is

different, the switch simply ignores the packet. If the name is the same, the switch then compares the

configuration revision to its own revision. If its own configuration revision is higher or equal, the

packet is ignored. If it is lower, an advertisement request is sent.

Advertisement request message: A switch needs a VTP advertisement request in these

situations: The switch has been reset, VTP domain name has been changed, or the switch has

received a VTP summary advertisement with a higher configuration revision than its own.

Upon receipt of an advertisement request, a VTP server device sends one or more Subset

advertisement. A subset advertisement contains a list of VLAN information. If there are several

VLANs, more than one subset advertisement can be required in order to advertise all the VLANs.

5

VTP Pruning

VTP gives you a way to preserve bandwidth by configuring it to reduce the amount of

broadcasts, multicasts, and unicast packets. This is called pruning. VTP pruning enabled switches

sends broadcasts only to trunk links that actually must have the information. VTP pruning is used on

trunk connections to dynamically remove VLANs not active between the two switches. It requires all

of the switches to be in server mode.

Scenario:

You are the administrator at ComputerNetworkingNotes.com. The company wants the

network to be divided into three VLANs: Board, Managers, and Employees. You have given two

PCs for each VLAN. For backup purposes you have interconnected switches with one extra

connection. You also have one router for inter–VLAN communications.

The topology has router, switches, and PCs need to be configured as per the IP addresses

listed in table above. You must use the console connections through the PCs to configure the router

and the switches. The passwords are cisco for user EXEC mode and class for privileged EXEC

mode. Use show and ping commands to discover problems and troubleshoot the networks

Practice1:-

Now you are ready to use Packet Tracer to build your network and apply your lab network VLAN

schemes.

Task 1: Configure PCs

Use the table above to configure the PCs with IP addresses.

Task 2: Configure The Switches to be VTP Server and Clients

Step 1. Since S1 is the one connecting the LANs with the router, it must be configured as VTP

server, also the VTP domain name can be set to (Main), and it is preferable to use a password for

security. S1(config)#vtp mode server

Device mode already VTP SERVER.

S1(config)#vtp domain Main

Changing VTP domain name from NULL to Main

S1(config)#vtp password cisco

Setting device VLAN database password to cisco

S1(config)#

Step 2. On S2 and S3, configure them to be clients in the same VTP domain. S2(config)#vtp mode client

Setting device to VTP CLIENT mode.





S2(config)#

S3(config)#vtp mode client






S3(config)#

6

Task 3: Configure DTP ports on S1, S2 and S3

Step 1. Shutdown all the ports on all the switches using interface range and shutdown commands

(the following is for all S1 only, repeat for S2 & S3). S1(config)#interface range fa0/1-24

S1(config-if-range)#shutdown

Step 2. On each switch, use the interface range and switchport mode commands to define

the Trunk and Access ports. Don't forget to turn on the ports using no shutdown command.

S1(config)#interface range fa0/1-3

S1(config-if-range)#switchport mode trunk

S1(config-if-range)#no shutdown

S1(config-if-range)#interface range fa0/10-24

S1(config-if-range)#switchport mode access














Task 4: VLANs Creation and Membership

Step 1. Since S1 is the VTP server, we only need to set the VLANs on it, and S1 will distribute the

information to the rest switches. The creation of VLANs goes as follows:- S1(config)#vlan 10

S1(config-vlan)#name Board

S1(config-vlan)#exit

S1(config)#vlan 20

S1(config-vlan)#name Managers


S1(config)#vlan 30

S1(config-vlan)#name Employees


Step 2. Use the show vlan brief command to check the VLAN table. S1#show vlan brief

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6

Fa0/7, Fa0/8, Fa0/9, Fa0/10

Fa0/11, Fa0/12, Fa0/13, Fa0/14

Fa0/15, Fa0/16, Fa0/17, Fa0/18

Fa0/19, Fa0/20, Fa0/21, Fa0/22

Fa0/23, Fa0/24

11 Board active

01 Managers active

01 Employees active

7

1110 fddi-default active

1110 token-ring-default active

1111 fddinet-default active

1111 trnet-default active

S1#

Step 3. You have to add switch ports to each VLAN on each switch. S1(config)#interface fa0/10

S1(config-if)#switchport access vlan 10

S1(config-if)#interface fa0/11


S1(config-if)#end

S2(config)#interface fa0/10




S2(config-if)#end





S3(config-if)#end

Step 4. Use ping command for each of the following:-

PC0 PC2? …………………………………………………………………………………………

PC1 PC5? …………………………………………………………………………………………

PC3 PC4? …………………………………………………………………………………………

PC3 PC1? …………………………………………………………………………………………

PC5 PC2? …………………………………………………………………………………………

Were all the pings successful? ……… If not, why? …………………………………………………..

…………………………………………………………………………………………………………..

…………………………………………………………………………………………………………..

Task 5: Configuring Inter-VLAN routing

Step 1. This must be done on Layer 3 device such as a router. Here and on R1, Fast Ethernet

connection 0/0 will be configured as an IEEE 802.1Q trunk to allow all inter-VLAN traffic to be

carried to and from the routing device on a single trunk. However, it requires that the interface be

configured with multiple IP addresses. This is done by creating "virtual interfaces" called

subinterfaces. Each subinterface is then configured for 802.1Q encapsulation. R1(config)#interface fa0/0

R1(config-if)#no ip address

R1(config-if)#no shutdown

R1(config-if)#interface fa0/0.10

R1(config-subif)#encapsulation dot1Q 10

R1(config-subif)#ip address 10.5.0.1 255.255.255.192

8

R1(config-subif)#interface fa0/0.20






R1(config-subif)#

Step 2. Use the show ip route to check the routing tables for the VLANs. R1#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/26 is subnetted, 3 subnets

C 10.5.0.0 is directly connected, FastEthernet0/0.10



Step 3. Use ping command for each of the following:-

PC0 PC5? …………………………………………………………………………………………

PC1 PC2? …………………………………………………………………………………………

PC4 PC2? …………………………………………………………………………………………


…………………………………………………………………………………………………………..

…………………………………………………………………………………………………………..

Task 5: Documentation

On each switch and the router, save the running configuration using (copy running-config

startup-config) command, then save your Packet Tracer's file.

9

Practice2 (Homework):-

Network Topology:-

Device Interface IP Address Subnet Mask Gateway/Clock

Rate

R1

Fa 0/1 172.20.0.1 255.255.255.0 -----

Fa 0/0.10 192.168.0.1 255.255.255.0 -----

Fa 0/0.20 172.16.5.1 255.255.255.0 -----

Fa 0/0.30 10.10.1.1 255.255.255.0 -----

Fa 0/0.99 10.0.0.1 255.255.255.0 -----

S1 VLAN 99 10.0.0.10 255.255.255.0 10.0.0.1

S2 VLAN 99 10.0.0.20 255.255.255.0 10.0.0.1

S3 VLAN 99 10.0.0.30 255.255.255.0 10.0.0.1

PC0 NIC 192.168.0.10 255.255.255.0 192.168.0.1

PC1 NIC 172.16.5.10 255.255.255.0 172.16.5.1

PC2 NIC 172.16.5.11 255.255.255.0 172.16.5.1

PC3 NIC 10.10.1.10 255.255.255.0 10.10.1.1

PC4 NIC 10.10.1.11 255.255.255.0 10.10.1.1

PC5 NIC 172.16.5.12 255.255.255.0 172.16.5.1

PC6 NIC 172.20.0.10 255.255.255.0 172.20.0.1

11

Device From Port To Port (Device) VLAN Port Type

S1

Fa 0/1 Fa 0/1 (S2) 10, 20, 30, 99 Trunk

Fa 0/2 Fa 0/4 (S2) 10, 20, 30, 99 Trunk

Fa 0/3 Fa 0/3 (S3) 10, 20, 30, 99 Trunk

Fa 0/4 Fa 0/4 (S3) 10, 20, 30, 99 Trunk

Fa 0/9 Fa 0/0 (R1) 10, 20, 30, 99 Trunk



S2

Fa 0/1 Fa 0/1 (S1) 10, 20, 30, 99 Trunk

Fa 0/2 Fa 0/1 (S3) 10, 20, 30, 99 Trunk

Fa 0/3 Fa 0/2 (S3) 10, 20, 30, 99 Trunk

Fa 0/4 Fa 0/2 (S1) 10, 20, 30, 99 Trunk



S3

Fa 0/1 Fa 0/2 (S2) 10, 20, 30, 99 Trunk

Fa 0/2 Fa 0/3 (S2) 10, 20, 30, 99 Trunk

Fa 0/3 Fa 0/3 (S1) 10, 20, 30, 99 Trunk

Fa 0/4 Fa 0/4 (S1) 10, 20, 30, 99 Trunk



Scenario:

You have to build a network for a company, which had the configurations shown above. Also to

mentioned that all the switches and the router should have (cisco) as a console password and (class)

for the privilege mode. (You have to make sure that connections between ports are EXACTLY as

shown in the table). Use the following commands as a guide to you for the configuration process (of

course you have to change the hostname for each switch and the router):- Switch>enable

Switch#configure terminal

Switch(config)#hostname S1

S1(config)#enable secret class

S1(config)#no ip domain-lookup

S1(config)#line console 0

S1(config-line)#password cisco

S1(config-line)#login

S1(config-line)#line vty 0 15

S1(config-line)#password cisco

S1(config-line)#login

S1(config-line)#end

S1#copy running-config startup-config

Now you have to further configure the network to have 4 VLANs: Boss VLAN (10), Managers

VLAN (20), Employees VLAN (30) and the network Management VLAN (99), then assign switch

ports to these VLANs and configure the router to route data between them and PC6.

Task 1: Configure PCs

Use the table above to configure the PCs with IP addresses.

Task 2: Configure The Switches to be VTP Server and Clients

Step 1. Configure S1 to be VTP Server, and S2 & S3 to be clients (VTP domain name is

"Company"). Also configure the default gateway on all switches to be 10.0.0.1 using the ip

default-gateway command.

11

S1(config)#vtp mode server

Device mode already VTP SERVER.

S1(config)#vtp domain Company

Changing VTP domain name from NULL to Company



S1(config)#ip default-gateway 10.0.0.1

S1(config)#

Step 2. On S2 and S3, configure them to be clients in the same VTP domain. S2(config)#vtp mode client







S2(config)#

S3(config)#vtp mode client







S3(config)#

Task 3: Configure DTP ports on S1, S2 and S3

Step 1. Shutdown all the ports on all the switches using interface range and shutdown commands

(the following is for all S1 only, repeat for S2 & S3). S1(config)#interface range fa0/1-24

S1(config-if-range)#shutdown

Step 2. On each switch, use the interface range and switchport mode commands to define

the Trunk (1 to 9) and Access ports (10 to 24). In addition to that you have to set the trunk ports to be

on the VLAN99 and make it the native VLAN using the switchport trunk native vlan

99 command. Don't forget to turn on the ports using no shutdown command. S1(config)#interface range fa0/1-9


S1(config-if-range)#switchport trunk native vlan 99












12








Task 4: VLANs Creation and Membership

Step 1. Since S1 is the VTP server, we only need to set the VLANs on it, and S1 will distribute the

information to the rest switches. The creation of VLANs goes as follows:- S1(config)#vlan 10

S1(config-vlan)#name Boss


S1(config)#vlan 20

S1(config-vlan)#name Managers


S1(config)#vlan 30

S1(config-vlan)#name Employees


S1(config)#vlan 99

S1(config-vlan)#name Management


Step 2. Use the show vlan brief command to check the VLAN table on S1 & S2 (Provide it on

a separate paper to your teacher).

Step 3. Now, you have to add switch ports to each VLAN on each switch. Use interface,

interface range and switchport access vlan commands.



S1(config-if)#interface range fa0/11-13




S1(config-if)#end





S2(config-if)#end





S3(config-if)#end

Step 4. Configure the management interface address on all three switches (here only S1 is given): S1(config)#interface vlan99

S1(config-if)#ip address 10.0.0.10 255.255.255.0

S1(config-if)#no shutdown

13

Step 5. Use ping command for each of the following (Provide it on a separate paper to your

teacher).:-

PC1 PC2? …………………………………………………………………………………………

PC1 PC5? …………………………………………………………………………………………

PC3 PC4? …………………………………………………………………………………………

PC0 PC6? …………………………………………………………………………………………

PC1 PC4? …………………………………………………………………………………………

PC0 PC5? …………………………………………………………………………………………


…………………………………………………………………………………………………………..

…………………………………………………………………………………………………………..

Task 5: Configuring Inter-VLAN routing

Step 1. This must be done on Layer 3 device such as a router. Here and on R1, Fast Ethernet

connection 0/0 will be configured as an IEEE 802.1Q trunk to allow all inter-VLAN traffic to be

carried to and from the routing device on a single trunk. However, it requires that the interface be

configured with multiple IP addresses. This is done by creating "virtual interfaces" called

subinterfaces. Each subinterface is then configured for 802.1Q encapsulation. R1(config)#interface fa0/1

R1(config-if)#ip address 172.20.0.1 255.255.255.0


R1(config)#interface fa0/0

R1(config-if)#no ip address


R1(config-if)#interface fa0/0.10












R1(config-subif)#

Step 2. Use the show ip route to check the routing tables for the VLANs (Provide it on a

separate paper to your teacher)..

14

Step 3. Use ping command for each of the following (Provide it on a separate paper to your

teacher).:-

PC0 PC5? …………………………………………………………………………………………

PC1 PC2? …………………………………………………………………………………………

PC4 PC2? …………………………………………………………………………………………


…………………………………………………………………………………………………………..

…………………………………………………………………………………………………………..

Task 5: Documentation

On each switch and the router, save the running configuration using (copy running-config

startup-config) command, then save your Packet Tracer's file.

Please make sure that the completion percentage is 100% at this stage (without a *

mark which means that there is an error on some routes), else you have to go back and

verify your network settings.

Also, don't forget to save the file and rename it to be LAB4-XXXX, where XXXX

represents your student number.

lab 5: inter-vlans routing network topology:- · pdf file · 2017-07-221 lab 5:...

Documents