The document discusses virtual local area networks (VLANs) and provides instructions for configuring VLANs and inter-VLAN routing on a switch and router. It defines VLANs, their benefits, types of VLANs including data, default, native and management VLANs. It also covers trunking, 802.1Q tagging, dynamic trunking protocol (DTP), VLAN trunking protocol (VTP) and configuring inter-VLAN routing using a router on a stick. Basic configurations and verification steps are provided for hands-on lab applications to create VLANs, assign ports, enable trunking and test inter-VLAN routing.
2. Outline
Introduction
Virtual Local Area Network Benefits
Types of Virtual Local Area Network
Trunk and 802.1Q Tagged
Dynamic Trunking Protocol(DTP)
VLAN Trunking Protocol(VTP)
InterVLAN Routing
Troubleshooting
Secure of Virtual Local Area Network
Virtual Local Area Network Design Guidelines
Source
3. Collision and Broadcast Domain
A collision domain is simply defined as any physical segment where a collision can occur. Hubs can
only operate at half-duplex, and thus all ports on a hub belong to the same collision domain.
Layer-2 switches can operate at full duplex. Each individual port on a switch belongs to its own
collision domain. Thus, Layer-2 switches create more collision domains, which results in fewer
collisions.
Like hubs though, Layer-2 switches belong to only one broadcast domain. A Layer-2 switch will
forward both broadcasts and multicasts out every port but the originating port.
Only Layer-3 devices separate broadcast domains. Because of this, Layer-2 switches are poorly suited
for large, scalable networks. The Layer-2 header provides no mechanism to differentiate one network
from another, only one host from another.
1.Introduction
5. What is Virtual Local Area Network?
A VLAN is a logical, software-defined subnetwork. It allows similar devices on the network to be
grouped together into one broadcast domain, irrespective of their physical position in the network.
Multiple VLANs can be used to group workstations, servers, and other network equipment connected
to the switch, according to similar data and security requirements. Also:
Broadcast packets sent by one of the workstations will reach all the others in the VLAN and will not
reach any workstations that are not in the VLAN.
The workstations can all communicate with each other without needing to go through a gateway.
The workstations can communicate with each other using non-routable protocols.
6. The Purpose of Virtual Local Area Network
The basic reason for splitting a network into VLANs is to reduce congestion on a large LAN. To
understand this problem, we should look briefly at how LANs have evolved over the years to different
goals. The structure used initially was very simple, all the workstations were connected to a single
piece of coaxial cable, or to hubs. In this case, the package that any network device put on the internet
allows all other devices in the LAN to see and send.
As the capacities of the workstations in the LAN grew, this led to some drawbacks. For example; there
were just too many collisions, because most of the time when a workstation tried to send a packet, it
would find that the wire was already occupied by a packet sent by some other device.
7. 2.Virtual Local Area Network Benefits
Advanced security -- since isolation is provided
within the network, everyone just gets the data
they need.
Cost reduction -- uses existing bandwidths more
effectively
Better performance -- since more than one general
broadcast field is created, traffic load on the
network will be reduced
Shrink broadcast domains -- reduce the number of
network devices in the public broadcast
Improved IT staff efficiency -- simplifies network
management because users with similar network
requirements are on the same VLAN
Simpler project and application management --
create according to needs
IT Department
VLAN 100
IT Department
VLAN 100
IT Department
VLAN 100
Employee
Department
VLAN 200
Employee
Department
VLAN 200
Employee
Department
VLAN 200
8. 3.Types of Virtual Network Local Area
Data VLAN
The data VLAN is the VLAN that is configured to carry user-originated traffic.
Data VLANs are used to divide the network into user or device groups.
VLANs carrying voice or management traffic are not part of the data VLAN.
Default VLAN
All switch ports become part of the default VLAN after the initial preload of the switch that loads
the default configuration.
The switch ports participating in the default VLAN are part of the same global broadcast domain.
This allows each device connected to any switch port to communicate with devices on other switch
ports.
9. Native VLAN
The 802.1Q trunk port is assigned a native VLAN. Trunk ports are connections between switches
that support the transmission of traffic associated with multiple VLANs.
The 802.1Q trunk port supports tagged traffic as well as untagged traffic. The 802.1Q trunk port
places untagged traffic in the native VLAN.
Management VLAN
VLAN is any VLAN configured to access the management capabilities of the switch.
10. 4.Trunk and 802.1Q
VLAN Trunk
It is a point-to-point link that has multiple VLANs between two network devices. VLAN trunk
extends VLANs across the entire network.
VLAN trunks allow all VLAN traffic to propagate among switches; So that devices in the same
VLAN but connected to different switches can communicate without the intervention of the router.
VLAN trunk does not belong to a specific VLAN.
11. Tagging Ethernet Frame
Destination MAC Source MAC Type/Length Data FCS
Destination MAC Source MAC TAG Type/Length Data FCS
Ethernet Type
(0x8100)
Priority CFI
VLAN
Identifier
Ethernet Frame
802.1Q Frame
2 Bytes 3 Bits 1 Bit 12 Bits
12. Tagging Ethernet Frame(cont.)
It is used to properly transmit multiple VLAN frames through a trunk link.
Switches tag frames to identify the VLAN to that they belong.
Switches add VLAN tags to the frames before placing them into link and remove the tags before
forwarding frames through nontrunk ports.
When properly tagged, the frames can transverse any number of switches via trunk links and still
be forwarded within the correct VLAN at destination.
13. Native VLANs and 802.1Q Trunking
Frames that belong to the Native VLAN are not tagged.
Frames received untagged remain untagged and are placed in the Native VLAN when forwarded.
If there are no ports associated to the Native VLAN and no other trunk links, an untagged frame is
dropped.
For example; when you configure an 802.1Q trunk port, a default port VLAN ID is assigned the
value of the Native VLAN ID. If VLAN 33 is configured as the Native VLAN, the PVID is 33 and all
untagged traffic is forward to VLAN 33.
14. Application 1
Basic Lab Application
Lab Task:
Perform basic configuration tasks on a switch
Create VLANs
Assign switch ports to a VLAN
Add, move, and change ports
Verify VLAN configuration
Enable trunking on inter-switch connections
Verify trunk configuration
16. The essential commands for device configuration are listed below:
1.Perform Basic Switch Configurations:
Switch(config)# hostname S1
S1(config)# no ip domain-lookup
S1(config)# enable secret class
S1(config)# line console 0
S1(config-line)# password cisco
S1(config-line)# exit
S1(config)# line vty 0 16
S1(config-line)# password cisco
S1(config-line)# login
S1(config-line)# exit
S1(config)# interface range FastEthernet 0/6, FastEthernet 0/11, FastEthernet 0/18
S1(config-if-range)# switchport mode access
S1(config-if-range)# no shutdown
17. The settings that need to be done on computers are quite simple. A step by step illustration of the
realization of these settings is below:
2.Configure the PCs:
We choose the first option from this menu.
Ip configuration is done as shown. The default gateway information
has not been filled in because it is not required.
18. Below are the steps for creating a VLAN and adding interfaces in VLANs. Shares have been made so
that we can check the vlan settings with different show commands.
3.Configure VLAN:
19. A management VLAN is any VLAN that you configure to access the management capabilities of a
switch. VLAN 1 serves as the management VLAN if you did not specifically define another VLAN. You
assign the management VLAN an IP address and subnet mask. A switch can be managed via HTTP,
Telnet, SSH, or SNMP.
From interface configuration mode, use the ip address command to assign the management IP address
to the switches.
3.Configure VLAN(cont.):
20. Trunks are connections between the switches that allow the switches to exchange information for all
VLANS. By default, a trunk port belongs to all VLANs, as opposed to an access port, which can only
belong to a single VLAN.
A native VLAN is assigned to an 802.1Q trunk port. In the topology, the native VLAN is VLAN 99. An
802.1Q trunk port supports traffic coming from many VLANs (tagged traffic) as well as traffic that
does not come from a VLAN (untagged traffic). The 802.1Q trunk port places untagged traffic on the
native VLAN. Untagged traffic is generated by a computer attached to a switch port that is configured
with the native VLAN. One of the IEEE 802.1Q specifications for Native VLANs is to maintain
backward compatibility with untagged traffic common to legacy LAN scenarios. For the purposes of
this lab, a native VLAN serves as a common identifier on opposing ends of a trunk link. It is a best
practice to use a VLAN other than VLAN 1 as the native VLAN.
Use the interface range command in global configuration mode to simplify configuring trunking.
4.Configure Trunking and Native VLAN:
21. Verify that the trunks have been configured with the show interface trunk command.
From S1, ping the management address on both S2 and S3.
4. Configure Trunking and Native VLAN (cont.):
5.Verify switches:
22. 5.Dynamic Trunking Protocol(DTP)
The trunk agreement is governed by DTP, which simply acts as a point-to-point across network
devices.
It's a Cisco proprietary protocol. The switches of the other providers do not support DTP.
The DTP manages the trunk agreement only if the neighboring port is configured in trunk mode
that supports DTP.
Switch ports can be manually configured to form trunks.
DTP manages trunk negotiation.
Dynamic Auto
Dynamic
Desirable Trunk Access
Dynamic Auto Access Trunk Trunk Access
Dynamic
Desirable
Trunk Trunk Trunk Access
Trunk Trunk Trunk TRUNK Limited
Connectivity
Access Access Access Limited
Connectivity
ACCESS
23. 6.VLAN Trunking Protocol(VTP)
With trunk ports in networks with a large number of switchers, it allows VLANs to be carried to other
switches. Various permissions are granted to the VTP network manager on VLANs, adding, deleting,
changing the name such as and because of VTP, the new information is communicated to the other
switchers on the network.
With VTP, centralized management can be achieved in networks with more than one switch. It
eliminates the need to individually configure all the switches and prevent them from errors that may
occur during configuration. Modifications are made on a single switch and changes made to other
switches through trunk ports are taught with VTP.
When VLANs are wanted to be taught with VTP, a VTP domain is created in network. Switches in the
same area are in VTP packet exchange and switches with the same VTP domain name are in the same
domain.
24. Modes that have the ability to make all changes on VLANs, send change information, get
information, update them.
At least a VTP server mode switch is needed in VTP domain area.
Any changes made in this mode are announced to that VTP domain and other switches in the
domain are taught.
Configurations are stored on NVRAM.
VTP is the switch mode that can receive information from servers, update it and send the
information it receives. They can not make any changes to VLANs.
The configuration is temporary, not stored on NVRAM.
Modes of VTP
Server
Client
25. The switch working in this mode is actually like a server.
The changes made here can not be transferred to the other switches.
Does not use the information it receives over trunk ports, it does not update its own VLAN database
with this information.
Configurations are stored on NVRAM.
Modes of VTP
Transparent
26. When a change is made on VLANs within the network, the switch in server mode increments the
revision number one. Changed revision number of the switch sends the VTP notification to the other
switches in the same domain.
If the revision number in the notification received is larger than its revision number, the VLAN
information is updated according to the notification.
There are a number of ways that can be done to reset the revision number of a switch with a
configuration on it.
Configuration Revision Number
1. Change the VTP domain name
2. Delete the vlan.dat file held in Flash
3. Get VTP in transparent mode
27. There are 3 types of notifications:
If pruning is enabled on a domain, a switcher that is not an active port of a VLAN will not broadcast
traffic related to that VLAN
Advertisements
1. Summary: It contains information such as the VTP domain name, the current revision number, and other
VTP configuration details. Every 5 minutes sent for a neighbors server or switch running in client mode with
the VTP feature is
2. Subset: Contains VLAN information. The modified switch sends the other switches in the same domain
immediately after the change is made.
3. Request: VTP domain name change, taking a summary advertisement higher than its revision number, no
subset advertisement message due to any reason and switcher is switched on and off the switcher in the
switcher domain is in the request notification. A request advertisement receives a subset of advertisements
first, followed by a subset of advertisements.
Puring
28. 7.InterVLAN Routing
InterVLAN routing is the process of forwarding network traffic
from one VLAN to another VLAN using a router.
• Traditionally, LAN routing has used routers with multiple
physical interfaces.
Each interface needed to be connected to a separate network,
configured for a different subnet.
Each router interface is connected to a switch port, associated
with a specific VLAN.
The router can accept traffic from the VLAN associated with the
switch interface it is connected to, and route the traffic to other
VLANs
Fa 0/0 Fa 0/1
Fa 0/1 Fa 0/2
Fa 0/3 Fa 0/4
172.17.40.21 172.17.20.31
VLAN 10
VLAN 10
VLAN 20
VLAN 20
29. A type of router configuration in which a single router interface
routes traffic between multiple VLANs.
The connection between the switch and the router is a single
trunk link.
The router accept VLAN tagged traffic on the trunk interface.
Route traffic between the different VLANs.
The physical interface is divided into multiple subinterfaces.
Each subinterface is associated with one VLAN and one IP
subnet.
By configuring IP addresses on the interfaces, the router can be
used as a gateway to access devices connected to the other
VLANs.
Router on a Stick
VLAN 40
VLAN 10
VLAN 20 VLAN 30
Fast Ethernet 0/0.10
192.168.10.1
Fast Ethernet 0/0.20
192.168.20.1
Fast Ethernet 0/0.30
192.168.30.1
Fast Ethernet 0/0.40
192.168.40.1
30. Application 2
Basic Lab Application
Lab Task:
Create a basic switch configuration and verify it.
Create multiple VLANs, name them and assign
multiple member ports to them.
Create a basic configuration on a router
Create an 802.1q trunk line between the switch
and router to allow communication between VLANs .
Test the routing functionality
Fa 0/4 Fa 0/1
Fa 0/8
PC-1
VLAN 10 - ADMIN
192.168.5.2 /24
PC-2
VLAN 20 - SALES
192.168.7.2 /24
VLAN
1-- NATIVE
10-- ADMIN
20-- SALES
PORT
Fa0/1-3
Fa0/4-7
Fa0/8-13
192.168.1.2/24
VLAN 1 IP ADDRESS
31. Configure the hostname, access, and command mode passwords, as well as the management LAN
settings.
Switch(config)# hostname Atakan
Atakan(config)# enable secret cisco
Atakan(config)# line console 0
Atakan(config-line)# password class
Atakan(config-line)# exit
Atakan(config)# line vty 0 16
Atakan(config-line)# password class
Atakan(config-line)# login
Atakan(config-line)# exit
1.Configure the switch:
32. Configure the hosts using the following information.
To verify that the host and switch are correctly configured, ping the switch from the hosts or host from
the another host.
2.Configure the hosts:
3.Verify Connectivity:
Ping operation failed. Some of the reasons:
1. The default gateways are not yet configured on the switch.
2. The relevant interfaces of the switch may be inactive.
33. Enter the following commands to create and name two VLANs:
Assigning ports to VLANs must be done from the interface mode. Enter the following commands to
add:
4.Create two VLANs:
5.Assign ports to VLANs:
Atakan(config)# vlan database
Atakan(config-vlan)# vlan 10 name Admın
Atakan(config-vlan)# vlan 20 name Sales
Atakan(config-vlan)# exit
Atakan(config)# interface range fastEthernet 0/4-7
Atakan(config-if)# switchport mode access
Atakan(config-if)# switchport access vlan 10
Atakan(config-if)# exit
Atakan(config)# interface range fastEthernet 0/8-13
Atakan(config-if)# switchport mode access
Atakan(config-if)# switchport access vlan 20
Atakan(config-if)# exit
34. On Switch, type the command show vlan at the privileged EXEC prompt as follows:
On Switch, type the following commands at the Fast Ethernet 0/1 interface command prompt.
6.Display the VLAN:
7.Create the trunk:
Atakan(config)# interface fastEthernet 0/1
Atakan(config-if)# switchport mode trunk
Atakan(config-if)# exit
35. Configure the router with the following data. Note that, in order to support trunking and inter-VLAN
routing, the router must have a Fast Ethernet interface.
Then configure the Fast Ethernet interface using the following commands:
8.Configure the Router:
1. Host name is R1
2. Console and VTY enable password are class
3. Enable secret password is cisco
R1(config)# interface fastEthernet 0/0
R1(config-if)# no shutdown
R1(config-if)# interface fastEthernet 0/0.1
R1(config-subif)# encapsulation dot1q 1
R1(config-subif)# ip address 192.168.1.1 255.255.255.0
R1(config-if)# interface fastEthernet 0/0.2
R1(config-subif)# encapsulation dot1q 10
R1(config-subif)# ip address 192.168.5.1 255.255.255.0
R1(config-if)# interface fastEthernet 0/0.3
R1(config-subif)# encapsulation dot1q 20
R1(config-subif)# ip address 192.168.7.1 255.255.255.0
R1(config-subif)# end
36. On Router, type the command write memory at the privileged EXEC prompt as follows:
Type show ip route at the privileged EXEC mode prompt.
Ping from the host in Switch port 0/4 to the host in port 0/8. Ping from the host in Switch port 0/4 to
the switch IP 192.168.1.2 .
9.Save the Router configuration:
10.Display the routing table:
11.Test the VLAN and the trunk:
37. Benefits of InterVLAN
Additional security and management is added.
Logical links converse physical ports.
Depending on the protocol, multimode configurations can be implemented.
Routers controll access to VLANs.
Up to 255 VLANs or more can be supported per router.
38. 8.Troubleshooting
IP Addressing Issues With VLAN
It is a common practice to associate a VLAN with an IP network.
Beacuse different IP networks only communicate through a router, all devices within a VLAN must
be part of the same IP network to communicate.
Each VLAN should correspond to a unique IP subnet.
Two devices in the same VLAN can not communicate if they have different subnet addresses. This is
a common problem and can be easily solved by determining the wrong configuration and replacing
the subnet address with the correct one.
39. Missing VLANs
If all the IP addresses mismatches have been solved, but the device still cannot connect, check if the
VLAN exists in the switch.
show vlan
show mac address-table
show vlan
show interfaces
show interfaces switchport
No connection
among devices in
same VLAN.
Is port in
correct
VLAN?
VLAN
present in
VLAN
database?
Verify connection
among devices in
same VLAN.
Assign port to
correct VLAN.
Create VLAN in
VLAN database.
YES
NO
YES
NO
40. Problem on Trunk
show interfaces trunk show interfaces trunk
Troubleshoot
trunks.
Native
VLAN on
local and
peer ports
match?
Trunk mode
on local and
peer port
compatible?
Opretional trunk.
Change native
VLAN to match.
Statically configure
ports on both
devices to trunk.
YES
NO
YES
NO
41. Problem on Trunk(cont.)
Trunking issues are usually associated with incorrect configurations.
The most common type of trunk configuration errors are:
If a trunk problem is detected, the best practice guidelines recommend to troubleshoot in the order
shown above.
1. Native VLAN mismatches
2. Trunk mode mismatches
3. Allowed VLANs on trunks
42. Problem on Trunk(cont.)
Trunking problems are often associated with misconfigurations. The most common ones are:
Trouble Result Example
Incorrect native VLAN
matches
Constitutes a security risk
Unintended consequences
Incorrect trunk mode
mappings
Loss of network connection
VLANs allowed in the
trunk
Causes no traffic to be sent
over unexpected traffic or
trunks
A port vlan is defined as 100
other vlan 99.
One port trunk mode is turned
on and the other is configured
as off.
The list of allowed VLANs
does not support the current
VLAN trunking requirements.
43. Problem on Trunk(cont.)
If a port on trunk link is configured with a trunk mode that is incompatible with the neighboring
trunk port, a trunk link fails to form between the two switches.
Use the show interfaces trunk command to check the status of the trunk ports on the switches.
To fix the problem, configure the interfaces with proper trunk modes.
Dynamic Auto
Dynamic
Desirable Trunk Access
Dynamic Auto Access Trunk Trunk Access
Dynamic
Desirable
Trunk Trunk Trunk Access
Trunk Trunk Trunk TRUNK Limited
Connectivity
Access Access Access Limited
Connectivity
ACCESS
44. Incorrect VLAN List
VLAN must be allowed in the trunk before their frames can be transmitted across the link.
Use the switchport trunk allowed vlan command to specify which VLANs are allowed in a trunk
link.
Use te show interfaces trunk command to ensure the correct VLANs are permitted in a trunk.
45. 9.Secure of Virtual Network Local Area
For example; VLAN hopping attack.
The default configuration of the switch port is dynamic auto.
By confuguring a host to act as a switch and form a trunk, an attacker could gain access to any
VLAN in the network.
Because the attacker is now able to access other VLANs, this is called a VLAN hopping attack.
To prevent a basic switch spoofing attack, turn off trunking on all ports, expect the ones that
specifially require trunking.
Switch Spoofing Attack
46. Takes advantage of the way that hardware on most switches de-encapsulation 802.1Q tags.
Most switches perform only one level of 802.1Q de-encapsulation allowing an attacker to embed a
second, unauthorized attack header in the frame.
After removing the first legit 802.1Q header, the switch forwards the frame to the VLAN specified in
the authorized 802.1Q header.
The best approach to mitigating double-tagging attacks is to ensure that the native VLAN of the
trunk ports is different from the VLAN of any user ports.
Double-Tagging Attack
VLAN 10
PERSONE
L
VLAN 20
SERVER
ATTACKE
R
I am switch, send me all
traffic.
TRUNK
47. Double-Tagging Attack(cont.)
Attacker on VLAN 33, but
puts a 66 tag in packet
1
The first switch strips off the first tag and
does not retag it (native traffic is not
retagged). It then forwards the packet to
next switch.2
3
The second switch receives
the packet, on the native
VLAN
4
The second switch examines the
packet, sees the VLAN 66 tag and
forwards it accordingly.
66
802.1Q , Frame
TRUNK
(Native VLAN = 33)
VICTIM
(VLAN 66)
Note: This attack works only if the trunk has the same native
VLAN as the attacker.
48. The Private VLAN Edge feature, also known as protected ports, ensures that there is no exchange of
unicast, broadcast or multicast traffic between protected ports on the switch.
Local relavancy only.
A protected port only exchanges traffic with unprotected ports.
A protected port does not exchange traffic with another protected port.
PVLAN Edge
49. The PVLAN Edge feature has the following characteristics:
A protected port does not forward any traffic (unicast, multicast,
or broadcast) to any other port that is also a protected port,
except for control traffic. Data traffic cannot be forwarded
between protected ports at Layer 2.
Forwarding behavior between a protected port and a
nonprotected port proceeds as usual.
Protected ports must be manually configured.
PVLAN Edge(cont.)
Unprotected port
Potected port
Data traffic is not
permitted.
Potected port
Data traffic is
permitted.
50. 10.Virtual Network Local Area Design Guidelines
Move all ports from VLAN 1 and assign them to a not in use VLAN.
Shutdown all unused switch ports.
Seperate management and user data traffic.
Change the management VLAN.
Ensure that only devices in the management VLAN can connect to the switches.
The switch should only accept SSH connections.
Disable autonegotiation on trunk ports.
Do not use the auto desirable switch port modes.
51. Application 3
Advance Lab Application
Create VLAN on Core SW1 and Core SW2.
Configure VTP Server and Trunk on Core SW1 and Core SW2.
VTP Client and Trunk port on all Access Switch. Assign port to VLAN.
Configure STP on Core SW1 and Core SW2.
Configure EtherChannel, HSRP and OSPF.
1. VLAN 10 --- F0/1
2. VLAN 20 --- F0/1
3. VLAN 30 --- F0/1
4. VLAN 40 --- F0/3-5
53. We will simply configure the VLANs as we learned in previous projects. Use the necessary commands
on Core Switches with reference to the following figure:
1.Create VLAN on Core Switches:
54. We will simply configure the VLANs as we learned in previous projects. Use the necessary commands
on Core Switches with reference to the following figure:
2.Configure VTP Server and Trunk on Core Switches:
CoreSW1(config)# vtp mode server
CoreSW1(config)# vtp domain cisco.com
CoreSW1(config)# vtp version 2
55. Due to STP, all trunk ports in CoreSw1 switch are not active at the same time. Use the necessary
commands on Core Switches with reference to the following figure:
2.Configure VTP Server and Trunk on Core Switches(cont.):
CoreSW1(config)# interface range fastEthernet 0/21-24
CoreSW1(config-if-range)# switchport trunk encapsulation dot1q
CoreSW1(config-if-range)# exit
CoreSW1(config-if-range)# switchport mode trunk
56. We will simply configure the VLANs as we learned in previous projects. Use the necessary commands
on Access Switches with reference to the following figure:
3.VTP Client and Trunk Port on All Access Switches:
AccSW1(config)# vtp mode client
AccSW1(config)# vtp version 2
AccSW4(config)# interface range fastEthernet 0/4-5
AccSW4(config-if-range)# switchport mode trunk
AccSW4(config-if-range)# exit
AccSW4(config)# interface fastEthernet 0/1
AccSW4(config-if)# switchport mode access
AccSW4(config-if)# switchport Access vlan 30
57. Use the necessary commands on Core Switches with reference to the following figure:
4.Configure STP:
CoreSW2(config)# spaning-tree vlan 30,40 root primary
CoreSW1(config)# spaning-tree vlan 10,20 root primary
If you want to do extra network analysis, you can try the
following command. You can get more detailed
information at the end of the command.
CoreSW2# show spaning-tree
58. We will simply configure uses the necessary commands on Core Switches with reference to the
following figure:
5.Configure EtherChannel:
CoreSW1(config-if-range)# channel-group 1 mode on
CoreSW1(config)# interface range fastEthernet 0/21-24
If you want to do extra network analysis, you can try the
following command. You can get more detailed
information at the end of the command.
CoreSW2# show etherchannel
CoreSW2(config)# interface range fastEthernet 0/21-24
CoreSW2(config-if-range)# channel-group 1 mode on
59. We will simply configure uses the necessary commands on Core Switches with reference to the
following figure:
5.Configure EtherChannel(cont.):
CoreSW1(config-if-range)# channel-group 1 mode on
CoreSW1(config)# interface range fastEthernet 0/21-24
If you want to do extra network analysis, you can try the
following command. You can get more detailed
information at the end of the command.
CoreSW2# show etherchannel
CoreSW2(config)# interface range fastEthernet 0/21-24
CoreSW2(config-if-range)# channel-group 1 mode on
CoreSW2(config)# interface port-channel 1
CoreSW2(config-if)# switchport trunk encapsulation dot1q
60. We need a virtual IP address for this protocol to work. This protocol has been included to show the
importance of redundancy in network design and how redundancy can be achieved. Since it is not
included in the contents of this slide, only the simple commands and the necessary output of the show
commands will be shared in this section.
Vırtual IP Addresses for VLANs with reference to the following figure:
6.Configure HSRP:
1. VLAN 10 --- 192.168.10.254
2. VLAN 20 --- 192.168.20.254
3. VLAN 30 --- 192.168.30.254
4. VLAN 40 --- 192.168.40.254
61. We will simply configure uses the necessary commands on Core Switches with reference to the
following figure:
6.Configure HSRP(cont.):
62. IP assignment to all of the interfaces of the routers and switches as shown below.
6.Configure IP Address on Interfaces:
CoreSW1(config-if)# no switchport
CoreSW1(config)# interface fastEthernet 0/20
CoreSW1(config-if)# ip address 1.1.1.2 255.255.255.0
CoreSW1(config-if)# shutdown
CoreSW1(config-if)# exit
63. IP assignment to all of the interfaces of the routers and switches as shown below. When single area
OSPF configuration commands are applied, the VLANs will have connections to the remote server.
Since the subject is outside the VLAN content, it will not be entered into the technical sections.
7.Configure OSPF:
64. IP assignment to all of the interfaces of the routers and switches as shown below. When single area
OSPF configuration commands are applied, the VLANs will have connections to the remote server.
Since the subject is outside the VLAN content, it will not be entered into the technical sections.
7.Configure OSPF(cont.):
65. You can use the following commands to display the running OSPF settings.
7.Configure OSPF(cont.):
66. Here we show some ping commands to show that the network is working correctly:
8.Verify Network:
Web Server to Server3. PC2 to 5.5.5.0 Network
PC1 to 6.6.6.0 Network PC2 to 5.5.5.0 Network
67. Cisco Systems
Router Alley
9tut
İstanbul Techinally University
Networklessons
Packetlife
11.Source
Notas del editor
Assigning a management address allows IP communication between the switches, and also allows any host connected to a port assigned to VLAN 99 to connect to the switches. Because VLAN 99 is configured as the management VLAN, any ports assigned to this VLAN are considered management ports and should be secured to control which devices can connect to these ports.