Scribd
Upload
174 views

Lab Inter-VLAN Routing

The document describes configuring VLANs on switches S1 and S2. Key steps include: 1. Configuring S1 as the VTP server and S2 as the VTP client in the "ciscovtp.com" domain. 2. Creating VLANs 10, 20, 30, and 90 on the VTP server S1, which are then distributed to S2. 3. Configuring trunk ports between the switches and assigning access ports to the appropriate VLANs.

Uploaded by

senbeta alx
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
174 views

Lab Inter-VLAN Routing

The document describes configuring VLANs on switches S1 and S2. Key steps include: 1. Configuring S1 as the VTP server and S2 as the VTP client in the "ciscovtp.com" domain. 2. Creating VLANs 10, 20, 30, and 90 on the VTP server S1, which are then distributed to S2. 3. Configuring trunk ports between the switches and assigning access ports to the appropriate VLANs.

Uploaded by

senbeta alx
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

Lab 3.

VLAN Configuration
Topology Diagram

Addressing Table
Device (hostname) Interface IP Address Subnet Mask Default Gateway
S1 VLAN 90 192.168.90.11 255.255.255.0 192.168.90.1
S2 VLAN 90 192.168.90.12 255.255.255.0 192.168.90.1
R1 Fa0/0 See Sub-Interface Configuration Table N/A
PC1 NIC 192.168.10.21 255.255.255.0 192.168.10.1
PC2 NIC 192.168.20.22 255.255.255.0 192.168.20.1
PC3 NIC 192.168.30.23 255.255.255.0 192.168.30.1

Sub-Interface Configuration Table – Router 1


Router Interface Assignment IP Address
Fa0/0.10 VLAN 10 – Staff VLAN 192.168.10.1/24
Fa0/0.20 VLAN 20 – Students VLAN 192.168.20.1/24
Fa0/0.30 VLAN 30 – Guest VLAN 192.168.30.1/24
Fa0/0.90 VLAN 90 – Management VLAN 192.168.90.1/24

1
Learning Objectives
Upon completion of this lab, you will be able to:
➢ Cable a network according to the topology diagram
➢ Erase the startup configuration and reload a switch to the default state
➢ Perform basic configuration tasks on a switch and router
➢ Configure VLAN Trunking Protocol (VTP) on all switches
➢ Enable trunking on inter-switch connections
➢ Verify trunk configuration
➢ Create VLANs on the VTP server, and distribute this VLAN information to switches in the
network
➢ Assign switch ports to the VLANs
➢ Configure a router to support 802.1q trunking on a Fast Ethernet interface
➢ Configure a router with sub-interfaces corresponding to the configured VLANs
➢ Save the VLAN configuration

Task 1: Prepare the Network


Step 1: Cable a network that is similar to the one in the topology diagram.

Step 2: Clear any existing configurations on the switches, and initialize all ports in the shutdown
state
If necessary, refer to the first lab (Task 2), for the procedure to clear switch configurations. It is a good
practice to disable any unused ports on the switches by putting them in shutdown. Disable all ports on
the switches (all three of them):
Switch#config term
Switch(config)#interface range fa0/1-24
Switch(config-if-range)#shutdown
Switch(config-if-range)#exit
Switch(config)#interface range gi0/1-2
Switch(config-if-range)#shutdown

Task 2: Perform Basic Switch Configurations


Step 1: Configure the switches according to the following guidelines.
➢ Configure the switch hostname (S1, and S2)
➢ Disable DNS lookup.
➢ Configure an EXEC mode password of class.
➢ Configure a password of cisco for console connections.
➢ Configure a password of telnet for vty connections.

2
Switch#configure terminal
Switch(config)#interface range fa0/1-24
Switch(config-if-range)#shutdown
Switch(config-if-range)#exit

Switch(config)#interface range gi0/1-2


Switch(config-if-range)#shutdown
Switch(config-if-range)#exit

Switch(config)#hostname S2 [S1]
S2(config)#no ip domain-lookup

S2(config)#enable secret class


S2(config)#line console 0

S2(config-line)#password cisco
S2(config-line)#login
S2(config-line)#exit

S2(config)#line vty 0 15
S2(config-line)#password telnet
S2(config-line)#login
S2(config-line)#exit

Step 2: Re-enable the user ports (only ports that are connected to PCs).
S1(config)#interface range fa0/1-2
S1(config-if-range)#switchport mode access
S1(config-if-range)#no shutdown
S1(config-if-range)#end
%SYS-5-CONFIG_I: Configured from console by console
S1#

S2(config)#interface fa0/2
S2(config-if-range)#switchport mode access
S2(config-if-range)#no shutdown
S2(config-if-range)#end
%SYS-5-CONFIG_I: Configured from console by console
S2#
Task 3: Configure and Activate Ethernet Interfaces
Step 1: Configure the PCs using the IP addresses given in the table.

Task 4: Configure VTP on the Switches


Step 1: Configure the operating mode, domain name, and VTP password on both switches.
Set the VTP domain name to ciscovtp.com and the VTP password to vtp1234 on both
switches. Configure S1 in server mode, and S2 in client mode.

3
S1#configure terminal
S1(config)#vtp mode server
Device mode already VTP SERVER.
S1(config)#vtp domain ciscovtp.com
Changing VTP domain name from NULL to VTP-Lab
S1(config)#vtp password vtp1234
Setting device VLAN database password to VTP-Pass
S1(config)#end
%SYS-5-CONFIG_I: Configured from console by console
S1#
S2#configure terminal
S2(config)#vtp mode client
Setting device to VTP CLIENT mode
S2(config)#vtp domain ciscovtp.com
Changing VTP domain name from NULL to VTP-Lab
S2(config)#vtp password vtp1234
Setting device VLAN database password to VTP-Pass
S2(config)#end
%SYS-5-CONFIG_I: Configured from console by console
S2#

Step 2: Configure trunking ports


Use the interface range command in global configuration mode to simplify this task.
S1#configure terminal
S1(config)#interface range fa0/3,fa0/5
S1(config-if-range)#switchport mode trunk
S1(config-if-range)#no shutdown
S1(config-if-range)#end
%SYS-5-CONFIG_I: Configured from console by console
S1#

S2#configure terminal
S2(config)#interface fa0/3
S2(config-if-range)#switchport mode trunk
S2(config-if-range)#no shutdown
S2(config-if-range)#end
%SYS-5-CONFIG_I: Configured from console by console
S2#

Step 3: Configure VLANs on the VTP server.


There are four additional VLANs required in this lab:
➢ VLAN 90 (Management)
➢ VLAN 10 (staff)
➢ VLAN 20 (students)
➢ VLAN 30 (guest)

4
Configure these on the VTP server (i.e. S1).
S1#configure terminal
S1(config)#vlan 90
S1(config-vlan)#name Management
S1(config-vlan)#exit
S1(config)#vlan 10
S1(config-vlan)#name Staff
S1(config-vlan)#exit
S1(config)#vlan 20
S1(config-vlan)#name Students
S1(config-vlan)#exit
S1(config)#vlan 30
S1(config-vlan)#name Guest
S1(config-vlan)#end
%SYS-5-CONFIG_I: Configured from console by console
S1#

Verify that the VLANs have been created on S1 with the show vlan brief command. Additionally, make
sure that the server is distributed them to client switches
S1#show vlan brief

VLAN Name Status Ports


---- ------- ------ ---------------------------------------
1 default active Fa0/1, Fa0/2, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24, Gi0/1, Gi0/2
10 Staff active
20 Students active
30 Guest active
90 Management active
<!-- Outputs omitted !>

S2#show vlan brief


VLAN Name Status Ports
---- ------- ------ ---------------------------------------
1 default active Fa0/1, Fa0/2, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24, Gi0/1, Gi0/2
10 Staff active
20 Students active
30 Guest active
90 Management active
<!-- Outputs omitted !>

5
Step 4: Assign switch ports to VLANs on S1 and S2.
Refer to the port assignment on the topology on page 1. Ports are assigned to VLANs in interface
configuration mode, using the switchport access vlan vlan-id command.
S1(config)#interface fa0/1
S1(config-if)#switchport access vlan 30
S1(config-if)#exit
S1(config)#interface fa0/2
S1(config-if)#switchport access vlan 10
S1(config-if)#end
S1#copy running-config startup-config
Destination filename [startup-config]? [enter]
Building configuration...
[OK]
S2(config)#interface fa0/2
S2(config-if-range)#switchport access vlan 20
S2(config-if-range)#end
S2#copy running-config startup-config
Destination filename [startup-config]? [enter]
Building configuration...
[OK]

Step 5: Assign IP addresses to the management VLAN and Default Gateways.


S1(config)#interface vlan 90
S1(config-if)#ip address 192.168.90.11 255.255.255.0
S1(config-if)#no shutdown
S1(config-if)#exit
S1(config)#ip default-gateway 192.168.90.1
S2(config)#interface vlan 90
S2(config-if)#ip address 192.168.90.12 255.255.255.0
S2(config-if)#no shutdown
S2(config-if)#exit
S2(config)#ip default-gateway 192.168.90.1

Step 6: Configure the native VLAN for the trunking ports on all switches and verify that the
switches can communicate.

S1(config)#interface range fa0/3,fa0/5


S1(config-if-range)#switchport trunk native vlan 90
S1(config-if-range)#no shutdown
S1(config-if-range)#end
%SYS-5-CONFIG_I: Configured from console by console
S1#
S2(config)#interface fa0/3
S2(config-if-range)#switchport trunk native vlan 90
S2(config-if-range)#no shutdown
S2(config-if-range)#end
%SYS-5-CONFIG_I: Configured from console by console
S2#

From S1, ping the management address on S2.


6
S1#ping 192.1168.90.12
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.17.90.12, timeout is 2 seconds:
!!!!!
Step 7: Ping PC2 and PC3 hosts from PC1.
Ping from host PC1 to PC2 (192.168.20.22).
Ping from host PC1 to PC3 (192.168.30.23).
Ping from host PC2 to PC3 (192.168.30.23).

Is any of the above ping attempts successful? No! Because these hosts are in different subnets and in
different VLANs, therefore they cannot communicate without a Layer 3 device (like router or layer-3
switch) which is/are used to route traffic between different subnetworks and/or VLANs.

You can also ping the management VLAN IP address of the switches. None of them will work for you,
because they are in separate VLAN and subnetwork from the hosts. So, if any host tries to manage the
switch, then routing is mandatory. The next task we are going to do is configuration of Inter-VLAN
routing, which allows communication between hosts/devices found in different VLANs.

Task 5: Configure the Router


Step 1: Clear the configuration on the router and reload
Router>enable
Router#erase startup-config
Erasing nvram filesystem will remove ... files! Continue? [confirm]
[OK]
Erase of nvram: complete
%SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram
Router#reload
Proceed with reload? [confirm]

<!-- Outputs omitted !>

--- System Configuration Dialog ---

Continue with configuration dialog? [yes/no]: n

Press RETURN to get started!

Router>enable
Router#

7
Step 2: Create a basic configuration on the router.
➢ Configure the router with hostname R1.
➢ Disable DNS lookup.
➢ Configure an EXEC mode password of class.
➢ Configure a password of cisco for console connections.
➢ Configure a password of telnet for vty connections.
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#no ip domain-lookup
R1(config)#enable secret class
R1(config)#line console 0
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#exit
R1(config)#line vty 0 15
R1(config-line)#password telnet
R1(config-line)#login
R1(config-line)#exit
R1(config)#

Step 3: Configure the trunking interface on R1.


You have demonstrated that connectivity between VLANs requires routing at the network layer, exactly
like connectivity between any two remote networks. This can be done by creating “virtual” interfaces,
called sub-interfaces, on one of the router Fast Ethernet ports and configuring them to dot1q aware.
Using the sub-interface configuration approach requires these steps:
➢ Enter sub-interface configuration mode
➢ Establish trunking encapsulation
➢ Associate a VLAN with the sub-interface
➢ Assign an IP address from the VLAN to the sub-interface

R1(config)#interface fastethernet 0/0.10


R1(config-subif)#encapsulation dot1q 10
R1(config-subif)#ip address 192.168.10.1 255.255.255.0
R1(config-subif)#exit

R1(config)#interface fastethernet 0/0.20


R1(config-subif)#encapsulation dot1q 20
R1(config-subif)#ip address 192.168.20.1 255.255.255.0
R1(config-subif)#exit

8
R1(config)#interface fastethernet 0/0.30
R1(config-subif)#encapsulation dot1q 30
R1(config-subif)#ip address 192.168.30.1 255.255.255.0
R1(config-subif)#exit

R1(config)#interface fastethernet 0/0.90


R1(config-subif)#encapsulation dot1q 90 native
R1(config-subif)#ip address 192.168.90.1 255.255.255.0
R1(config-subif)#exit

R1(config)#interface fastethernet 0/0


R1(config-if)#no shutdown

Note the following points in this configuration:


➢ The physical interface is enabled using the no shutdown command, because router interfaces
are down by default. The virtual interfaces are up by default.
➢ The sub-interface can use any number that can be described with 32 bits, but it is good practice
to assign the number of the VLAN as the interface number, as has been done here.
➢ The native VLAN is specified on the L3 device so that it is consistent with the switches.
Otherwise, VLAN 1 would be the native VLAN by default, and there would be no
communication between the router and the management VLAN (i.e. VLAN 90) on the switches.

Step 4: Verify inter-VLAN routing


From PC1, verify that you can ping the other two hosts (192.168.20.22 and 192.168.30.23). It may take
a couple of pings before the end-to-end path is established. You should be able to ping any node on any
of the networks configured on your LAN, including the switch management interfaces (i.e.
192.168.90.11 and 192.168.90.12).

Are the pings successful? If not, troubleshoot your configuration. Check to make sure the default
gateways have been set on all PCs and all switches.

9
Summary of the Configurations
Basic configurations
Switch#configure terminal
Switch(config)#interface range fa0/1-24
Switch(config-if-range)#shutdown
Switch(config-if-range)#exit

Switch(config)#interface range gi0/1-2


Switch(config-if-range)#shutdown
Switch(config-if-range)#exit

Switch(config)#hostname S2 [S1]
S2(config)#no ip domain-lookup

S2(config)#enable secret class


S2(config)#line console 0

S2(config-line)#password cisco
S2(config-line)#login
S2(config-line)#exit

S2(config)#line vty 0 15
S2(config-line)#password telnet
S2(config-line)#login
S2(config-line)#exit

S2(config)#interface fa0/2
S2(config-if-range)#switchport mode access [S1-f0/1,f0/2]
S2(config-if-range)#no shutdown
S2(config-if-range)#exit
Configure VTP
S1#configure terminal
S1(config)#vtp mode server
Device mode already VTP SERVER.
S1(config)#vtp domain ciscovtp.com
Changing VTP domain name from NULL to VTP-Lab
S1(config)#vtp password vtp1234
Setting device VLAN database password to VTP-Pass
S1(config)#end
%SYS-5-CONFIG_I: Configured from console by console
S1#

S2(config)#vtp mode client


Setting device to VTP CLIENT mode
S2(config)#vtp domain ciscovtp.com
Changing VTP domain name from NULL to VTP-Lab
S2(config)#vtp password vtp1234
Setting device VLAN database password to VTP-Pass
S2(config)#end
%SYS-5-CONFIG_I: Configured from console by console
S2#

10
Configure Trunking and Native VLAN
S1#configure terminal
S1(config)#interface range fa0/3,fa0/5
S1(config-if-range)#switchport mode trunk
S1(config-if-range)#switchport trunk native vlan 90
S1(config-if-range)#no shutdown
S1(config-if-range)#end
%SYS-5-CONFIG_I: Configured from console by console
S1#

S2#configure terminal
S2(config)#interface fa0/3
S2(config-if-range)#switchport mode trunk
S2(config-if-range)#switchport trunk native vlan 90
S2(config-if-range)#no shutdown
S2(config-if-range)#end
%SYS-5-CONFIG_I: Configured from console by console
S2#

Configuring VLANs on VTP Server


S1#configure terminal
S1(config)#vlan 90
S1(config-vlan)#name Management
S1(config-vlan)#exit
S1(config)#vlan 10
S1(config-vlan)#name Staff
S1(config-vlan)#exit
S1(config)#vlan 20
S1(config-vlan)#name Students
S1(config-vlan)#exit
S1(config)#vlan 30
S1(config-vlan)#name Guest
S1(config-vlan)#end
%SYS-5-CONFIG_I: Configured from console by console
S1#

Verify The Configurations on Both Switches


S1#show vlan brief
VLAN Name Status Ports
---- ------- ------ ---------------------------------------
1 default active Fa0/1, Fa0/2, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24, Gi0/1, Gi0/2
10 Staff active
20 Students active
30 Guest active
90 Management active
<!-- Outputs omitted !>

11
S2#show vlan brief
VLAN Name Status Ports
---- ------- ------ ---------------------------------------
1 default active Fa0/1, Fa0/2, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24, Gi0/1, Gi0/2
10 Staff active
20 Students active
30 Guest active
90 Management active
<!-- Outputs omitted !>
Assign switch ports to VLANs
S1(config)#interface fa0/1
S1(config-if)#switchport access vlan 30
S1(config-if)#exit
S1(config)#interface fa0/2
S1(config-if)#switchport access vlan 10
S1(config-if)#end
S1#copy running-config startup-config
Destination filename [startup-config]? [enter]
Building configuration...
[OK]

S2(config)#interface fa0/2
S2(config-if-range)#switchport access vlan 20
S2(config-if-range)#end
S2#copy running-config startup-config
Destination filename [startup-config]? [enter]
Building configuration...
[OK]

Assign IP Addresses to management VLANs and Default Gateway


S1(config)#interface vlan 90
S1(config-if)#ip address 192.168.90.11 255.255.255.0
S1(config-if)#no shutdown
S1(config-if)#exit
S1(config)#ip default-gateway 192.168.90.1

S2(config)#interface vlan 90
S2(config-if)#ip address 192.168.90.12 255.255.255.0
S2(config-if)#no shutdown
S2(config-if)#exit
S2(config)#ip default-gateway 192.168.90.1

Configure Native VLAN


S1(config)#interface range fa0/3,fa0/5
S1(config-if-range)#switchport trunk native vlan 90
S1(config-if-range)#no shutdown

S2(config)#interface fa0/3 12
S2(config-if-range)#switchport trunk native vlan 90
S2(config-if-range)#no shutdown
S2(config-if-range)#end


Basic Configuration on the Router
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#no ip domain-lookup
R1(config)#enable secret class
R1(config)#line console 0
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#exit
R1(config)#line vty 0 15
R1(config-line)#password telnet
R1(config-line)#login
R1(config-line)#exit
R1(config)#

Configure Trunking Interface on R1

R1(config)#interface fastethernet 0/0.10


R1(config-subif)#encapsulation dot1q 10
R1(config-subif)#ip address 192.168.10.1 255.255.255.0
R1(config-subif)#exit

R1(config)#interface fastethernet 0/0.20


R1(config-subif)#encapsulation dot1q 20
R1(config-subif)#ip address 192.168.20.1 255.255.255.0
R1(config-subif)#exit

R1(config)#interface fastethernet 0/0.30


R1(config-subif)#encapsulation dot1q 30
R1(config-subif)#ip address 192.168.30.1 255.255.255.0
R1(config-subif)#exit

R1(config)#interface fastethernet 0/0.90


R1(config-subif)#encapsulation dot1q 90 native
R1(config-subif)#ip address 192.168.90.1 255.255.255.0
R1(config-subif)#exit
R1(config)#interface fastethernet0/0
R1(config-if)#no shutdown
Verify Inter-VLAN Routing by Pinging Devices One Another

13

You might also like