Upload
hoanganh
View
227
Download
1
Embed Size (px)
Citation preview
1
Lab 5: Inter-VLANs Routing
Network Topology:-
Device Interface IP Address Subnet Mask Gateway/Clock
Rate
R1
Fa 0/0.10 10.5.0.1 255.255.255.192 -----
Fa 0/0.20 10.6.0.1 255.255.255.192 -----
Fa 0/0.30 10.10.0.1 255.255.255.192 -----
PC0 NIC 10.5.0.10 255.255.255.192 10.5.0.1
PC1 NIC 10.6.0.10 255.255.255.192 10.6.0.1
PC2 NIC 10.5.0.11 255.255.255.192 10.5.0.1
PC3 NIC 10.10.0.10 255.255.255.192 10.10.0.1
PC4 NIC 10.10.0.11 255.255.255.192 10.10.0.1
PC5 NIC 10.6.0.11 255.255.255.192 10.6.0.1
Device From Port To Port (Device) VLAN Port Type
S1
Fa 0/1 Fa 0/1 (S2) 10, 20, 30 Trunk
Fa 0/2 Fa 0/4 (S2) 10, 20, 30 Trunk
Fa 0/3 Fa 0/0 (R1) 10, 20, 30 Trunk
Fa 0/10 NIC (PC0) 10 Access
Fa 0/11 NIC (PC1) 20 Access
S2
Fa 0/1 Fa 0/1 (S1) 10, 20, 30 Trunk
Fa 0/2 Fa 0/1 (S3) 10, 20, 30 Trunk
Fa 0/3 Fa 0/2 (S3) 10, 20, 30 Trunk
Fa 0/4 Fa 0/2 (S1) 10, 20, 30 Trunk
Fa 0/10 NIC (PC2) 10 Access
Fa 0/11 NIC (PC3) 30 Access
S3
Fa 0/1 Fa 0/2 (S2) 10, 20, 30 Trunk
Fa 0/2 Fa 0/3 (S2) 10, 20, 30 Trunk
Fa 0/10 NIC (PC4) 30 Access
Fa 0/11 NIC (PC5) 20 Access
2
Objective:
This lab configures routers using Open Shortest Path First Protocol (OSPF) so that all devices can ping any
other device.
Upon Completion You will learn:
1. Configure Access or Trunk links.
2. Create VLAN.
3. Assign VLAN membership.
4. Configure Intra VLAN routing.
5. Configure VTP Server.
6. Make VTP Clients.
7. Show STP Static.
8. Configure DTP port.
Theory:
A Virtual LAN (VLAN) is a logical grouping of network devices in the same broadcast
domain that can span multiple physical segments.
Logically speaking, VLANs are also subnets. A subnet or a sub-network is a contained
broadcast domain, meaning that if a broadcast occurs in one subnet, it will not be forwarded – by
default – to another subnet. The routers – also called Layer 3 devices – provide this boundary
function. Switches can provide this function at Layer 2 by means of VLAN.
Advantages of VLANs:-
Increase the number of broadcast domains while reducing their size.
Provide additional security.
Increase the flexibility of network equipment.
Allow a logical grouping of users by function, not location.
Make user adds, moves, and changes easier.
Scalability
VLANs provide location independence, this flexibility makes the addition, changing, and
moving of networking devices a simple process. It also allows to group people together, which also
makes implementing security policies straightforward. In general, IP protocols support up to 500
devices per VLAN.
VLAN Membership
A device’s membership in a VLAN can be determined by one of two methods:-
Static: Membership have to be assigned manually.
Dynamic: VTP server is configured first, and it will automatically do the rest.
VLAN Connections
There are two types of connections:
1) Access-Link Connections: An access-link connection is a connection between a switch and a
device with a normal Ethernet NIC, where the Ethernet frames are transmitted unaltered.
2) Trunk Connections: trunk connections are capable of carrying traffic for multiple VLANs.
3
Cisco supports two Ethernet trunking methods:-
Cisco’s proprietary Inter Switch Link (ISL) protocol for Ethernet: adds a 26-byte header and
a 4-byte trailer to the original Ethernet frame. Cisco’s 1900 switch supports only ISL.
IEEE’s 802.1Q: commonly referred to as dot1q for Ethernet, is a standardized trunking method
that inserts a 4-byte field into the original Ethernet frame and recomputed the FCS. The Cisco's
2950 only supports 802.1Q. 802.1Q trunks support two types of frames:-
An untagged frame does not carry any VLAN identification information in it. Basically,
this is a standard, unaltered Ethernet frame.
A tagged frame contains VLAN information, and only other 802.1Q-aware devices on
the trunk will be able to process this frame
Trunk Tagging
For VLANs to span across multiple switches, you obviously need to connect the switches to
each other. Although it is possible to simply plug one switch into another using an Access port just as
you would plug in a host or a hub, doing so kills the VLAN-spanning feature and a bunch of other
useful stuff too. A switch-to-switch link must be set up as a trunk link in order for the VLAN system
to work properly. A trunk link is a special connection; the key difference between an ordinary
connection (an Access port) and a Trunk port is that although an Access port is only in one VLAN at
a time, a Trunk port has the job of carrying traffic for all VLANs from one switch to another. Any
time you connect a switch to another switch, you want to make it a trunk.
Trunking methods create the illusion that instead of a single physical connection between the
two trunking devices, a separate logical connection exists for each VLAN between them. When
trunking, the switch adds the source port’s VLAN identifier to the frame so that the device (typically
a switch) at the other end of the trunk understands what VLAN originated this frame and the
destination switch can make intelligent forwarding decisions on not just the destination MAC
address, but also the source VLAN identifier. Since information is added to the original Ethernet
frame, normal NICs will not understand this information and will typically drop the frame.
Therefore, you need to ensure that when you set up a trunk connection on a switch’s interface, the
device at the other end also supports the same trunking protocol and has it configured. If the device
at the other end doesn’t understand these modified frames or is not set up for trunking, it will, in
most situations, drop them. The modification of these frames, commonly called tagging.
By default, all VLANs are permitted across a trunk link. Switch-to-Switch trunk links always
require the use of a crossover cable, never a straight-through cable.
Key feature about Dynamic Trunk Protocol (DTP)
A trunk can be created only on a Fast Ethernet or Gigabit Ethernet connection; 10Mb
Ethernet ports are not fast enough to support the increased traffic from multiple VLANs, so the
commands are not available for a regular Ethernet port. By default, traffic from all VLANs is
allowed on a trunk. It is also possible to specify which VLANs are permitted (or not) to cross a
particular trunk, this practice is not very common.
Dynamic Trunk Protocol (DTP) supports five trunking modes:-
1) On or Trunk: interface always assumes the connection is a trunk, even if the remote end does
not support trunking.
2) Desirable: the interface will generate DTP messages on the interface, but it make the assumption
that the other side is not trunk-capable and will wait for a DTP message from the remote side. In
this state, the interface starts as an access-link connection. If the remote side sends a DTP
message, and this message indicates that trunking is compatible between the two switches, a
trunk will be formed and the switch will start tagging frames on the interface. If the other side
does not support trunking, the interface will remain as an access-link connection.
4
3) Auto-negotiate: interface passively listens for DTP messages from the remote side and leaves
the interface as an access-link connection. If the interface receives a DTP message, and the
message matches trunking capabilities of the interface, then the interface will change from an
access-link connection to a trunk connection and start tagging frames.
4) No-negotiate: interface is set as a trunk connection and will automatically tag frames with
VLAN information; however, the interface will not generate DTP messages: DTP is disabled.
This mode is typically used when connecting trunk connections to non-Cisco devices that don’t
understand Cisco’s proprietary trunking protocol and thus won’t understand the contents of these
messages.
5) Off: If an interface is set to off, the interface is configured as an access link. No DTP messages
are generated in this mode, nor are frames tagged.
VLAN Trunk Protocol (VTP)
VTP is a Layer 2 protocol that takes care of the steps of creating and naming VLANs on all
switches in the system. We still have to set port membership to VLANs at each switch, which we can
do either statically or using a VMPS. VTP works by establishing a single switch as being in charge
of the VLAN information for a domain, i.e. a server. In this case, a domain is simply a group of
switches that all have the same VTP domain name. This simply puts all the switches into a common
administrative group.
The VLAN Trunk Protocol (VTP) is a proprietary Cisco protocol used to share VLAN
configuration information between Cisco switches on trunk connections. When you are setting up
VTP, you have three different modes:-
Server mode: This is the one switch that is in charge of the VLAN information for the VTP
domain. You may add, delete, and change VLAN information on this switch, and doing so
affects the entire VTP domain. This way, we only have to enter our VLAN information once,
and the Server mode switch propagates it to all the other switches in the domain.
Client mode: Client mode switches get VLAN information from the Server. You cannot add,
delete, or change VLAN information on a Client mode switch; in fact, the commands to do so
are disabled.
Transparent mode: A Transparent mode switch is doing its own thing; it will not accept any
changes to VLAN information from the Server, but it will forward those changes to other
switches in the system. You can add, delete, and change VLANs—but those changes only
affect the Transparent mode switch and are not sent to other switches in the domain.
VTP Messages
Summary advertisement: is generated by a switch in VTP server mode. Summary
advertisements are generated every five minutes by default (300 seconds), or when a configuration
change takes place on the server switch. It informs adjacent switches of the current VTP domain
name and the configuration revision number. When the switch receives a summary advertisement
packet, the switch compares the VTP domain name to its own VTP domain name. If the name is
different, the switch simply ignores the packet. If the name is the same, the switch then compares the
configuration revision to its own revision. If its own configuration revision is higher or equal, the
packet is ignored. If it is lower, an advertisement request is sent.
Advertisement request message: A switch needs a VTP advertisement request in these
situations: The switch has been reset, VTP domain name has been changed, or the switch has
received a VTP summary advertisement with a higher configuration revision than its own.
Upon receipt of an advertisement request, a VTP server device sends one or more Subset
advertisement. A subset advertisement contains a list of VLAN information. If there are several
VLANs, more than one subset advertisement can be required in order to advertise all the VLANs.
5
VTP Pruning
VTP gives you a way to preserve bandwidth by configuring it to reduce the amount of
broadcasts, multicasts, and unicast packets. This is called pruning. VTP pruning enabled switches
sends broadcasts only to trunk links that actually must have the information. VTP pruning is used on
trunk connections to dynamically remove VLANs not active between the two switches. It requires all
of the switches to be in server mode.
Scenario:
You are the administrator at ComputerNetworkingNotes.com. The company wants the
network to be divided into three VLANs: Board, Managers, and Employees. You have given two
PCs for each VLAN. For backup purposes you have interconnected switches with one extra
connection. You also have one router for inter–VLAN communications.
The topology has router, switches, and PCs need to be configured as per the IP addresses
listed in table above. You must use the console connections through the PCs to configure the router
and the switches. The passwords are cisco for user EXEC mode and class for privileged EXEC
mode. Use show and ping commands to discover problems and troubleshoot the networks
Practice1:-
Now you are ready to use Packet Tracer to build your network and apply your lab network VLAN
schemes.
Task 1: Configure PCs
Use the table above to configure the PCs with IP addresses.
Task 2: Configure The Switches to be VTP Server and Clients
Step 1. Since S1 is the one connecting the LANs with the router, it must be configured as VTP
server, also the VTP domain name can be set to (Main), and it is preferable to use a password for
security. S1(config)#vtp mode server
Device mode already VTP SERVER.
S1(config)#vtp domain Main
Changing VTP domain name from NULL to Main
S1(config)#vtp password cisco
Setting device VLAN database password to cisco
S1(config)#
Step 2. On S2 and S3, configure them to be clients in the same VTP domain. S2(config)#vtp mode client
Setting device to VTP CLIENT mode.
S2(config)#vtp domain Main
Changing VTP domain name from NULL to Main
S2(config)#vtp password cisco
Setting device VLAN database password to cisco
S2(config)#
S3(config)#vtp mode client
Setting device to VTP CLIENT mode.
S3(config)#vtp domain Main
Changing VTP domain name from NULL to Main
S3(config)#vtp password cisco
Setting device VLAN database password to cisco
S3(config)#
6
Task 3: Configure DTP ports on S1, S2 and S3
Step 1. Shutdown all the ports on all the switches using interface range and shutdown commands
(the following is for all S1 only, repeat for S2 & S3). S1(config)#interface range fa0/1-24
S1(config-if-range)#shutdown
Step 2. On each switch, use the interface range and switchport mode commands to define
the Trunk and Access ports. Don't forget to turn on the ports using no shutdown command.
S1(config)#interface range fa0/1-3
S1(config-if-range)#switchport mode trunk
S1(config-if-range)#no shutdown
S1(config-if-range)#interface range fa0/10-24
S1(config-if-range)#switchport mode access
S1(config-if-range)#no shutdown
S2(config)#interface range fa0/1-4
S2(config-if-range)#switchport mode trunk
S2(config-if-range)#no shutdown
S2(config-if-range)#interface range fa0/10-24
S2(config-if-range)#switchport mode access
S2(config-if-range)#no shutdown
S3(config)#interface range fa0/1-2
S3(config-if-range)#switchport mode trunk
S3(config-if-range)#no shutdown
S3(config-if-range)#interface range fa0/10-24
S3(config-if-range)#switchport mode access
S3(config-if-range)#no shutdown
Task 4: VLANs Creation and Membership
Step 1. Since S1 is the VTP server, we only need to set the VLANs on it, and S1 will distribute the
information to the rest switches. The creation of VLANs goes as follows:- S1(config)#vlan 10
S1(config-vlan)#name Board
S1(config-vlan)#exit
S1(config)#vlan 20
S1(config-vlan)#name Managers
S1(config-vlan)#exit
S1(config)#vlan 30
S1(config-vlan)#name Employees
S1(config-vlan)#exit
Step 2. Use the show vlan brief command to check the VLAN table. S1#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24
11 Board active
01 Managers active
01 Employees active
7
1110 fddi-default active
1110 token-ring-default active
1111 fddinet-default active
1111 trnet-default active
S1#
Step 3. You have to add switch ports to each VLAN on each switch. S1(config)#interface fa0/10
S1(config-if)#switchport access vlan 10
S1(config-if)#interface fa0/11
S1(config-if)#switchport access vlan 20
S1(config-if)#end
S2(config)#interface fa0/10
S2(config-if)#switchport access vlan 10
S2(config-if)#interface fa0/11
S2(config-if)#switchport access vlan 30
S2(config-if)#end
S3(config)#interface fa0/10
S3(config-if)#switchport access vlan 30
S3(config-if)#interface fa0/11
S3(config-if)#switchport access vlan 20
S3(config-if)#end
Step 4. Use ping command for each of the following:-
PC0 PC2? …………………………………………………………………………………………
PC1 PC5? …………………………………………………………………………………………
PC3 PC4? …………………………………………………………………………………………
PC3 PC1? …………………………………………………………………………………………
PC5 PC2? …………………………………………………………………………………………
Were all the pings successful? ……… If not, why? …………………………………………………..
…………………………………………………………………………………………………………..
…………………………………………………………………………………………………………..
Task 5: Configuring Inter-VLAN routing
Step 1. This must be done on Layer 3 device such as a router. Here and on R1, Fast Ethernet
connection 0/0 will be configured as an IEEE 802.1Q trunk to allow all inter-VLAN traffic to be
carried to and from the routing device on a single trunk. However, it requires that the interface be
configured with multiple IP addresses. This is done by creating "virtual interfaces" called
subinterfaces. Each subinterface is then configured for 802.1Q encapsulation. R1(config)#interface fa0/0
R1(config-if)#no ip address
R1(config-if)#no shutdown
R1(config-if)#interface fa0/0.10
R1(config-subif)#encapsulation dot1Q 10
R1(config-subif)#ip address 10.5.0.1 255.255.255.192
8
R1(config-subif)#interface fa0/0.20
R1(config-subif)#encapsulation dot1Q 20
R1(config-subif)#ip address 10.6.0.1 255.255.255.192
R1(config-subif)#interface fa0/0.30
R1(config-subif)#encapsulation dot1Q 30
R1(config-subif)#ip address 10.10.0.1 255.255.255.192
R1(config-subif)#
Step 2. Use the show ip route to check the routing tables for the VLANs. R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/26 is subnetted, 3 subnets
C 10.5.0.0 is directly connected, FastEthernet0/0.10
C 10.6.0.0 is directly connected, FastEthernet0/0.20
C 10.10.0.0 is directly connected, FastEthernet0/0.30
Step 3. Use ping command for each of the following:-
PC0 PC5? …………………………………………………………………………………………
PC1 PC2? …………………………………………………………………………………………
PC4 PC2? …………………………………………………………………………………………
Were all the pings successful? ……… If not, why? …………………………………………………..
…………………………………………………………………………………………………………..
…………………………………………………………………………………………………………..
Task 5: Documentation
On each switch and the router, save the running configuration using (copy running-config
startup-config) command, then save your Packet Tracer's file.
9
Practice2 (Homework):-
Network Topology:-
Device Interface IP Address Subnet Mask Gateway/Clock
Rate
R1
Fa 0/1 172.20.0.1 255.255.255.0 -----
Fa 0/0.10 192.168.0.1 255.255.255.0 -----
Fa 0/0.20 172.16.5.1 255.255.255.0 -----
Fa 0/0.30 10.10.1.1 255.255.255.0 -----
Fa 0/0.99 10.0.0.1 255.255.255.0 -----
S1 VLAN 99 10.0.0.10 255.255.255.0 10.0.0.1
S2 VLAN 99 10.0.0.20 255.255.255.0 10.0.0.1
S3 VLAN 99 10.0.0.30 255.255.255.0 10.0.0.1
PC0 NIC 192.168.0.10 255.255.255.0 192.168.0.1
PC1 NIC 172.16.5.10 255.255.255.0 172.16.5.1
PC2 NIC 172.16.5.11 255.255.255.0 172.16.5.1
PC3 NIC 10.10.1.10 255.255.255.0 10.10.1.1
PC4 NIC 10.10.1.11 255.255.255.0 10.10.1.1
PC5 NIC 172.16.5.12 255.255.255.0 172.16.5.1
PC6 NIC 172.20.0.10 255.255.255.0 172.20.0.1
11
Device From Port To Port (Device) VLAN Port Type
S1
Fa 0/1 Fa 0/1 (S2) 10, 20, 30, 99 Trunk
Fa 0/2 Fa 0/4 (S2) 10, 20, 30, 99 Trunk
Fa 0/3 Fa 0/3 (S3) 10, 20, 30, 99 Trunk
Fa 0/4 Fa 0/4 (S3) 10, 20, 30, 99 Trunk
Fa 0/9 Fa 0/0 (R1) 10, 20, 30, 99 Trunk
Fa 0/10 NIC (PC0) 10 Access
Fa 0/14 NIC (PC1) 30 Access
S2
Fa 0/1 Fa 0/1 (S1) 10, 20, 30, 99 Trunk
Fa 0/2 Fa 0/1 (S3) 10, 20, 30, 99 Trunk
Fa 0/3 Fa 0/2 (S3) 10, 20, 30, 99 Trunk
Fa 0/4 Fa 0/2 (S1) 10, 20, 30, 99 Trunk
Fa 0/10 NIC (PC3) 20 Access
Fa 0/14 NIC (PC2) 30 Access
S3
Fa 0/1 Fa 0/2 (S2) 10, 20, 30, 99 Trunk
Fa 0/2 Fa 0/3 (S2) 10, 20, 30, 99 Trunk
Fa 0/3 Fa 0/3 (S1) 10, 20, 30, 99 Trunk
Fa 0/4 Fa 0/4 (S1) 10, 20, 30, 99 Trunk
Fa 0/10 NIC (PC4) 20 Access
Fa 0/14 NIC (PC5) 30 Access
Scenario:
You have to build a network for a company, which had the configurations shown above. Also to
mentioned that all the switches and the router should have (cisco) as a console password and (class)
for the privilege mode. (You have to make sure that connections between ports are EXACTLY as
shown in the table). Use the following commands as a guide to you for the configuration process (of
course you have to change the hostname for each switch and the router):- Switch>enable
Switch#configure terminal
Switch(config)#hostname S1
S1(config)#enable secret class
S1(config)#no ip domain-lookup
S1(config)#line console 0
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#line vty 0 15
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#end
S1#copy running-config startup-config
Now you have to further configure the network to have 4 VLANs: Boss VLAN (10), Managers
VLAN (20), Employees VLAN (30) and the network Management VLAN (99), then assign switch
ports to these VLANs and configure the router to route data between them and PC6.
Task 1: Configure PCs
Use the table above to configure the PCs with IP addresses.
Task 2: Configure The Switches to be VTP Server and Clients
Step 1. Configure S1 to be VTP Server, and S2 & S3 to be clients (VTP domain name is
"Company"). Also configure the default gateway on all switches to be 10.0.0.1 using the ip
default-gateway command.
11
S1(config)#vtp mode server
Device mode already VTP SERVER.
S1(config)#vtp domain Company
Changing VTP domain name from NULL to Company
S1(config)#vtp password cisco
Setting device VLAN database password to cisco
S1(config)#ip default-gateway 10.0.0.1
S1(config)#
Step 2. On S2 and S3, configure them to be clients in the same VTP domain. S2(config)#vtp mode client
Setting device to VTP CLIENT mode.
S2(config)#vtp domain Company
Changing VTP domain name from NULL to Company
S2(config)#vtp password cisco
Setting device VLAN database password to cisco
S2(config)#ip default-gateway 10.0.0.1
S2(config)#
S3(config)#vtp mode client
Setting device to VTP CLIENT mode.
S3(config)#vtp domain Company
Changing VTP domain name from NULL to Company
S3(config)#vtp password cisco
Setting device VLAN database password to cisco
S3(config)#ip default-gateway 10.0.0.1
S3(config)#
Task 3: Configure DTP ports on S1, S2 and S3
Step 1. Shutdown all the ports on all the switches using interface range and shutdown commands
(the following is for all S1 only, repeat for S2 & S3). S1(config)#interface range fa0/1-24
S1(config-if-range)#shutdown
Step 2. On each switch, use the interface range and switchport mode commands to define
the Trunk (1 to 9) and Access ports (10 to 24). In addition to that you have to set the trunk ports to be
on the VLAN99 and make it the native VLAN using the switchport trunk native vlan
99 command. Don't forget to turn on the ports using no shutdown command. S1(config)#interface range fa0/1-9
S1(config-if-range)#switchport mode trunk
S1(config-if-range)#switchport trunk native vlan 99
S1(config-if-range)#no shutdown
S1(config-if-range)#interface range fa0/10-24
S1(config-if-range)#switchport mode access
S1(config-if-range)#no shutdown
S2(config)#interface range fa0/1-9
S2(config-if-range)#switchport mode trunk
S2(config-if-range)#switchport trunk native vlan 99
S2(config-if-range)#no shutdown
S2(config-if-range)#interface range fa0/10-24
S2(config-if-range)#switchport mode access
S2(config-if-range)#no shutdown
12
S3(config)#interface range fa0/1-9
S3(config-if-range)#switchport mode trunk
S3(config-if-range)#switchport trunk native vlan 99
S3(config-if-range)#no shutdown
S3(config-if-range)#interface range fa0/10-24
S3(config-if-range)#switchport mode access
S3(config-if-range)#no shutdown
Task 4: VLANs Creation and Membership
Step 1. Since S1 is the VTP server, we only need to set the VLANs on it, and S1 will distribute the
information to the rest switches. The creation of VLANs goes as follows:- S1(config)#vlan 10
S1(config-vlan)#name Boss
S1(config-vlan)#exit
S1(config)#vlan 20
S1(config-vlan)#name Managers
S1(config-vlan)#exit
S1(config)#vlan 30
S1(config-vlan)#name Employees
S1(config-vlan)#exit
S1(config)#vlan 99
S1(config-vlan)#name Management
S1(config-vlan)#exit
Step 2. Use the show vlan brief command to check the VLAN table on S1 & S2 (Provide it on
a separate paper to your teacher).
Step 3. Now, you have to add switch ports to each VLAN on each switch. Use interface,
interface range and switchport access vlan commands.
S1(config)#interface fa0/10
S1(config-if)#switchport access vlan 10
S1(config-if)#interface range fa0/11-13
S1(config-if)#switchport access vlan 20
S1(config-if)#interface range fa0/14-24
S1(config-if)#switchport access vlan 30
S1(config-if)#end
S2(config)#interface range fa0/10-13
S2(config-if)#switchport access vlan 20
S2(config-if)#interface range fa0/14-24
S2(config-if)#switchport access vlan 30
S2(config-if)#end
S3(config)#interface range fa0/10-13
S3(config-if)#switchport access vlan 20
S3(config-if)#interface range fa0/14-24
S3(config-if)#switchport access vlan 30
S3(config-if)#end
Step 4. Configure the management interface address on all three switches (here only S1 is given): S1(config)#interface vlan99
S1(config-if)#ip address 10.0.0.10 255.255.255.0
S1(config-if)#no shutdown
13
Step 5. Use ping command for each of the following (Provide it on a separate paper to your
teacher).:-
PC1 PC2? …………………………………………………………………………………………
PC1 PC5? …………………………………………………………………………………………
PC3 PC4? …………………………………………………………………………………………
PC0 PC6? …………………………………………………………………………………………
PC1 PC4? …………………………………………………………………………………………
PC0 PC5? …………………………………………………………………………………………
Were all the pings successful? ……… If not, why? …………………………………………………..
…………………………………………………………………………………………………………..
…………………………………………………………………………………………………………..
Task 5: Configuring Inter-VLAN routing
Step 1. This must be done on Layer 3 device such as a router. Here and on R1, Fast Ethernet
connection 0/0 will be configured as an IEEE 802.1Q trunk to allow all inter-VLAN traffic to be
carried to and from the routing device on a single trunk. However, it requires that the interface be
configured with multiple IP addresses. This is done by creating "virtual interfaces" called
subinterfaces. Each subinterface is then configured for 802.1Q encapsulation. R1(config)#interface fa0/1
R1(config-if)#ip address 172.20.0.1 255.255.255.0
R1(config-if)#no shutdown
R1(config)#interface fa0/0
R1(config-if)#no ip address
R1(config-if)#no shutdown
R1(config-if)#interface fa0/0.10
R1(config-subif)#encapsulation dot1Q 10
R1(config-subif)#ip address 192.168.0.1 255.255.255.0
R1(config-subif)#interface fa0/0.20
R1(config-subif)#encapsulation dot1Q 20
R1(config-subif)#ip address 172.16.5.1 255.255.255.0
R1(config-subif)#interface fa0/0.30
R1(config-subif)#encapsulation dot1Q 30
R1(config-subif)#ip address 10.10.1.1 255.255.255.0
R1(config-subif)#interface fa0/0.99
R1(config-subif)#encapsulation dot1Q 99
R1(config-subif)#ip address 10.0.0.1 255.255.255.0
R1(config-subif)#
Step 2. Use the show ip route to check the routing tables for the VLANs (Provide it on a
separate paper to your teacher)..
14
Step 3. Use ping command for each of the following (Provide it on a separate paper to your
teacher).:-
PC0 PC5? …………………………………………………………………………………………
PC1 PC2? …………………………………………………………………………………………
PC4 PC2? …………………………………………………………………………………………
Were all the pings successful? ……… If not, why? …………………………………………………..
…………………………………………………………………………………………………………..
…………………………………………………………………………………………………………..
Task 5: Documentation
On each switch and the router, save the running configuration using (copy running-config
startup-config) command, then save your Packet Tracer's file.
Please make sure that the completion percentage is 100% at this stage (without a *
mark which means that there is an error on some routes), else you have to go back and
verify your network settings.
Also, don't forget to save the file and rename it to be LAB4-XXXX, where XXXX
represents your student number.