Active Hub 2

Friday, April 5, 2019

Basic Routing - vlan - connected

This is an extension to my previous vlan posts.

Basic Routing on Multilayer Switch - Connected Network - No VLAN
Basic Routing on Multilayer Switch 2 - Connected Network - No VLAN

We keep 3 networks and do intervlan routing with Multilayer switch as below:

Topology

Keep the following picture as a reference while reading the info for better understanding.

Reference Topology

Task Breakup

Configure IP Addresses of Laptops
Create VLANs on Switch
Assign VLANs to Interfaces on Switch
Configure IP Addresses to VLAN on Switch
View VLAN Information
Enabling Routing
Validation
Alternate Topology

1. Configure IP Addresses of Laptops

PC Name	IP Address	Subnet Mask	Default Gateway
Inside1-1	172.16.0.11	255.255.0.0	172.16.0.1
Inside1-2	172.16.0.12	255.255.0.0	172.16.0.1
Inside2-1	10.0.0.11	255.0.0.0	10.0.0.1
Inside2-2	10.0.0.12	255.0.0.0	10.0.0.1
Outside	5.0.0.11	255.0.0.0	5.0.0.1

Click Laptop -> Desktop -> IP Configuration

IP Address Configuration - Outside Laptop

2. Create VLANs on Switch

As a good convention, we create VLANs and assign names to them

routing(config)#vlan 172
routing(config-vlan)#name vlan-172
routing(config-vlan)#exit
routing(config)#vlan 10
routing(config-vlan)#name vlan-10
routing(config-vlan)#exit
routing(config)#vlan 5
routing(config-vlan)#name vlan-5
routing(config-vlan)#exit

3. Assign VLANs to Interfaces on Switch

PC Name	IP Address	Subnet Mask	Default Gateway	Switchport interface	VLAN ID
Inside1-1	172.16.0.11	255.255.0.0	172.16.0.1	gig 1/0/1	VLAN 172
Inside1-2	172.16.0.12	255.255.0.0	172.16.0.1	gig 1/0/2	VLAN 172
Inside2-1	10.0.0.11	255.0.0.0	10.0.0.1	gig 1/0/11	VLAN 10
Inside2-2	10.0.0.12	255.0.0.0	10.0.0.1	gig 1/0/12	VLAN 10
Outside	5.0.0.11	255.0.0.0	5.0.0.1	gig 1/0/5	VLAN 5

routing(config)#int gig 1/0/1
routing(config-if)#switchport mode access
routing(config-if)#switchport access vlan 172
routing(config-if)#exit
routing(config)#int gig 1/0/2
routing(config-if)#switchport mode access
routing(config-if)#switchport access vlan 172

routing(config)#int gig 1/0/11
routing(config-if)#switchport mode access
routing(config-if)#switchport access vlan 10
routing(config-if)#exit
routing(config)#int gig 1/0/12
routing(config-if)#switchport mode access
routing(config-if)#switchport access vlan 10
routing(config-if)#exit

routing(config)#int gig 1/0/5
routing(config-if)#switchport mode access
routing(config-if)#switchport access vlan 5
routing(config-if)#exit

4. Configure IP Addresses to VLAN on Switch

VLAN ID	VLAN Name	VLAN IP Address
172	vlan-172	172.16.0.1
10	vlan-10	10.0.0.1
5	vlan-5	5.0.0.1

routing(config)#int vlan 172
routing(config-if)#ip address 172.16.0.1 255.255.0.0
routing(config-if)#no shut
routing(config-if)#exit
routing(config)#int vlan 10
routing(config-if)#ip address 10.0.0.1 255.0.0.0
routing(config-if)#no shut
routing(config-if)#exit
routing(config)#int vlan 5
routing(config-if)#ip address 5.0.0.1 255.0.0.0
routing(config-if)#no shut
routing(config-if)#exit

5. View VLAN Information

The following show commands gives an overview of what VLANs are assigned to which interfaces and the IP Address of VLANs

routing#show vlan br

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gig1/0/3, Gig1/0/4, Gig1/0/6, Gig1/0/7
                                                Gig1/0/8, Gig1/0/9, Gig1/0/10, Gig1/0/13
                                                Gig1/0/14, Gig1/0/15, Gig1/0/16, Gig1/0/17
                                                Gig1/0/18, Gig1/0/19, Gig1/0/20, Gig1/0/21
                                                Gig1/0/22, Gig1/0/23, Gig1/0/24, Gig1/1/1
                                                Gig1/1/2, Gig1/1/3, Gig1/1/4
5    vlan-5                           active    Gig1/0/5
10   vlan-10                          active    Gig1/0/11, Gig1/0/12
172  vlan-172                         active    Gig1/0/1, Gig1/0/2
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active 


routing#show ip int br
Interface              IP-Address      OK? Method Status                Protocol 
GigabitEthernet1/0/1   unassigned      YES NVRAM  up                    up 
GigabitEthernet1/0/2   unassigned      YES NVRAM  up                    up 
............
...........
GigabitEthernet1/1/3   unassigned      YES NVRAM  down                  down 
GigabitEthernet1/1/4   unassigned      YES NVRAM  down                  down 
Vlan1                  unassigned      YES NVRAM  administratively down down 
Vlan5                  5.0.0.1         YES manual up                    up 
Vlan10                 10.0.0.1        YES manual up                    up 
Vlan172                172.16.0.1      YES manual up                    up

6. Enabling Routing

Routing might be already enabled. It doesn't hurt to enable one more time.

routing#conf t
routing(config)#ip routing
routing(config)#exit

In the show command, if Connected Network information is shown, it means routing is enabled.

routing#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

C    5.0.0.0/8 is directly connected, Vlan5
C    10.0.0.0/8 is directly connected, Vlan10
C    172.16.0.0/16 is directly connected, Vlan172

7. Validation

Issue ping from any Laptop to any Laptop, it will be success.

Successful ping from Inside2-1 to Outside

Successful ping from Outside to Inside1-1

8. Alternate Topology

If there is no multilayer switch and we use Router, our topology has to be like this. We will not be using VLANs. All the laptops that are earlier connected to same VLAN, will be connected to a hub here.

Wednesday, April 3, 2019

Basic Routing on Multilayer Switch 2 - Connected Network - No VLAN

Today, we are enhancing a little bit our previous post

https://activehub2.blogspot.com/2019/03/basic-routing-on-multilayer-switch.html

Earlier we had a single inside laptop. Now we are placing one more laptop on the inside. Both laptops are connected to Hub, that in turn connected to the port of the switch.

All the configurations will be same.

Topology

Task Breakup

Configuring IP Address on Laptops
Configuring IP Address on Switch
Analysis before Routing
Enable Routing
Analysis after Routing
Validation

1. Configuring IP address on Laptops

Click on Laptop -> Desktop -> IP Configuration

Inside1 - IP Address - Configuration

Inside2 - IP Address - Configuration

Outside - IP Address - Configuration

2. Configure IP addresses on Switch

As it is a multilayer switch, by default it will act as a switchport. We have to convert to routing interface, by the command 'no switchport'. Setting the IP address as mentioned in the Topology

routing(config)#int gig 1/0/1
routing(config-if)#no switchport
routing(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to up

routing(config-if)#ip address 172.16.0.1 255.255.0.0
routing(config-if)#no shut
routing(config-if)#exit
routing(config)#int gig1/0/10
routing(config-if)#no switchport
routing(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/10, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/10, changed state to up

routing(config-if)#ip address 5.0.0.1 255.0.0.0
routing(config-if)#no shut
routing(config-if)#exit

3. Analysis before Routing

Enable Packet Debugging

routing#debug ip packet
Packet debugging is on

Observe the IP Routing table is empty

routing#show ip route 
Default gateway is not set

Host               Gateway           Last Use    Total Uses  Interface
ICMP redirect cache is empty

routing#

4. Enable Routing

I am not sure if Routing is enabled by default. Even it is enabled, it doesn't hurt to enable with the command 'ip routing'.

routing#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
routing(config)#ip routing 
routing(config)#exit

5. Analysis after Routing

Observe that IP Routing table will show connected networks. It means, packets can be passed between those networks.

routing#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

C    5.0.0.0/8 is directly connected, GigabitEthernet1/0/10
C    172.16.0.0/16 is directly connected, GigabitEthernet1/0/1

6. Validation

Issue a ping from inside2 to outside. It will be successful.

Successful ping from inside to outside

As packet debug is enabled in step 3, we will observe some routing information that the switch has processed to route packets between inside and outside network.

IP: tableid=0, s=172.16.0.11 (GigabitEthernet1/0/1), d=5.0.0.2 (GigabitEthernet1/0/10), routed via RIB

IP: s=172.16.0.11 (GigabitEthernet1/0/1), d=5.0.0.2 (GigabitEthernet1/0/10), g=5.0.0.2, len 128, forward

IP: tableid=0, s=5.0.0.2 (GigabitEthernet1/0/10), d=172.16.0.11 (GigabitEthernet1/0/1), routed via RIB

IP: s=5.0.0.2 (GigabitEthernet1/0/10), d=172.16.0.11 (GigabitEthernet1/0/1), g=172.16.0.11, len 128, forward

Issue a ping from outside to inside1 laptop. It will be successful. Observe the packet debug info.

Successful ping - Outside - Inside1

IP: tableid=0, s=5.0.0.2 (GigabitEthernet1/0/10), d=172.16.0.10 (GigabitEthernet1/0/1), routed via RIB

IP: s=5.0.0.2 (GigabitEthernet1/0/10), d=172.16.0.10 (GigabitEthernet1/0/1), g=172.16.0.10, len 128, forward

IP: tableid=0, s=172.16.0.10 (GigabitEthernet1/0/1), d=5.0.0.2 (GigabitEthernet1/0/10), routed via RIB

IP: s=172.16.0.10 (GigabitEthernet1/0/1), d=5.0.0.2 (GigabitEthernet1/0/10), g=5.0.0.2, len 128, forward

Sunday, March 31, 2019

Basic Routing on Multilayer Switch - Connected Network - No VLAN

Today, we are going to try connectivity between two networks, connected by a multilayer switch.

Topology

We see two networks 172.16.0.0 (inside) and 5.0.0.0 (outside). Inside laptop with 172.16.0.10 and Outside laptop with 5.0.0.10. We check for ping between inside and outside laptops.

Task Breakup

Configuring IP address on Laptops
Configure IP address on Switch
Analysis before routing
Configure routing on switch
Analysis after routing

1. Configuring IP address on Laptop

Click on Laptop -> Desktop -> IP Configuration

Inside - Laptop - IP Configuration

Outside - Laptop - IP Configuration

2. Configure IP addresses on Switch

As it is multilayer switch, we have to convert the interface into routing interface instead of switch interface. 'no switchport' is the command we use. We set the interface according to the details mentioned in Topology.

routing#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
routing(config)#int gig 1/0/1
routing(config-if)#no switchport 
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to up

routing(config-if)#ip address 172.16.0.1 255.255.0.0
routing(config-if)#no shut
routing(config-if)#exit

routing(config)#int gig 1/0/10
routing(config-if)#no switchport
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/10, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/10, changed state to up

routing(config-if)#ip address 5.0.0.1 255.0.0.0
routing(config-if)#no shut
routing(config-if)#exit

3. Analysis before Routing

Enable debugging at packet level

routing#debug ip packet 
Packet debugging is on
routing#

IP Routing information will be empty

routing#show ip route 
Default gateway is not set

Host               Gateway           Last Use    Total Uses  Interface
ICMP redirect cache is empty

Ping from Inside Laptop and Outside Laptop will not happen

4. Configuring routing on switch

routing#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
routing(config)#ip routing
routing(config)#exit
routing#

Routing information will be populated with connected networks

routing#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

C    5.0.0.0/8 is directly connected, GigabitEthernet1/0/10
C    172.16.0.0/16 is directly connected, GigabitEthernet1/0/1

5. Analysis after Routing

Issue ping from Inside laptop(172.16.0.10) to outside laptop(5.0.0.2) . It will be successful !!!

As packet debug is enabled, we will see the following dumps.

IP: tableid=0, s=172.16.0.10 (GigabitEthernet1/0/1), d=5.0.0.2 (GigabitEthernet1/0/10), routed via RIB

IP: s=172.16.0.10 (GigabitEthernet1/0/1), d=5.0.0.2 (GigabitEthernet1/0/10), g=5.0.0.2, len 128, forward

IP: tableid=0, s=5.0.0.2 (GigabitEthernet1/0/10), d=172.16.0.10 (GigabitEthernet1/0/1), routed via RIB

IP: s=5.0.0.2 (GigabitEthernet1/0/10), d=172.16.0.10 (GigabitEthernet1/0/1), g=172.16.0.10, len 128, forward

First 2 lines, indicates the routing process that happened for ICMP Echo Request packet with source IP(inside laptop) and destination IP (outside laptop)

Next 2 lines, indicates the routing process of ICMP Echo Reply packet with source IP (outside laptop) and destination IP(inside laptop)

Thursday, March 28, 2019

Simple VTP Operation

VLAN Trunk Protocol (VTP) in simple terms. We configure VLAN information in one switch. It will be passed on to number of switches connected to it. Saving the effort of typing same VLAN information on all switches.

Topology

If help is needed on how to power on cisco switch in packet tracer. click here

Task Breakup

Create Trunk between master and clients
Create VLAN info in master switch
Configure VTP server on master switch
Configure VTP client on client switches
Validation

1. Create Trunk between master and clients

Establish trunk link between

Master(Gig 1/0/1) ------------- (Gig 1/0/1)Client1
Master(Gig 1/0/2) ------------- (Gig 1/0/1)Client2

master(config)#int gig 1/0/1
master(config-if)#switchport trunk encapsulation dot1q
master(config-if)#switchport mode trunk
master(config-if)#exit
master(config)#int gig 1/0/2
master(config-if)#switchport trunk encapsulation dot1q
master(config-if)#switchport mode trunk

client1(config)#int gig 1/0/1
client1(config-if)#switchport trunk encapsulation dot1q
client1(config-if)#switchport mode trunk

client2(config)#int gig 1/0/1
client2(config-if)#switchport trunk encapsulation dot1q
client2(config-if)#switchport mode trunk

2. Create VLAN info in master switch

We create few vlans in master switch. Our intention is to pass those information to the client switches. We assign an interface to vlan 300 (reason will be explained in step 5). At this stage, observe that the vlan info in client1 and client2 is default.

master#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
master(config)#vlan 200
master(config-vlan)#name vtp-200
master(config-vlan)#exit
master(config)#vlan 300
master(config-vlan)#name vtp-300
master(config-vlan)#exit
master(config)#vlan 400
master(config-vlan)#name vtp-400
master(config-vlan)#exit
master(config)#int gig
master(config)#int gigabitEthernet 1/0/24
master(config-if)#switchport access vlan 300
master(config-if)#exit
master(config)#^Z
master#
%SYS-5-CONFIG_I: Configured from console by console
show vlan br

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gig1/0/1, Gig1/0/2, Gig1/0/3, Gig1/0/4
                                                Gig1/0/5, Gig1/0/6, Gig1/0/7, Gig1/0/8
                                                Gig1/0/9, Gig1/0/10, Gig1/0/11, Gig1/0/12
                                                Gig1/0/13, Gig1/0/14, Gig1/0/15, Gig1/0/16
                                                Gig1/0/17, Gig1/0/18, Gig1/0/19, Gig1/0/20
                                                Gig1/0/21, Gig1/0/22, Gig1/0/23, Gig1/1/1
                                                Gig1/1/2, Gig1/1/3, Gig1/1/4
200  vtp-200                          active    
300  vtp-300                          active    Gig1/0/24
400  vtp-400                          active    
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active

client1#show vlan br

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gig1/0/1, Gig1/0/2, Gig1/0/3, Gig1/0/4
                                                Gig1/0/5, Gig1/0/6, Gig1/0/7, Gig1/0/8
                                                Gig1/0/9, Gig1/0/10, Gig1/0/11, Gig1/0/12
                                                Gig1/0/13, Gig1/0/14, Gig1/0/15, Gig1/0/16
                                                Gig1/0/17, Gig1/0/18, Gig1/0/19, Gig1/0/20
                                                Gig1/0/21, Gig1/0/22, Gig1/0/23, Gig1/0/24
                                                Gig1/1/1, Gig1/1/2, Gig1/1/3, Gig1/1/4
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active

client2#show vlan br

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gig1/0/1, Gig1/0/2, Gig1/0/3, Gig1/0/4
                                                Gig1/0/5, Gig1/0/6, Gig1/0/7, Gig1/0/8
                                                Gig1/0/9, Gig1/0/10, Gig1/0/11, Gig1/0/12
                                                Gig1/0/13, Gig1/0/14, Gig1/0/15, Gig1/0/16
                                                Gig1/0/17, Gig1/0/18, Gig1/0/19, Gig1/0/20
                                                Gig1/0/21, Gig1/0/22, Gig1/0/23, Gig1/0/24
                                                Gig1/1/1, Gig1/1/2, Gig1/1/3, Gig1/1/4
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active

3. Configure master switch as VTP server

We create VTP. Usually contains following information.

Mode (server, client) - default will be server
Domain - it is case sensitive. All switches with same domain name will have vlan configuration as in vtp server
Password - enhanced authentication

master(config)#vtp mode server
Device mode already VTP SERVER.
master(config)#vtp domain blogger
Changing VTP domain name from NULL to blogger
master(config)#vtp pass
master(config)#vtp password blog-pass
Setting device VLAN database password to blog-pass
master(config)#

master#show vtp status
VTP Version capable             : 1 to 2
VTP version running             : 2
VTP Domain Name                 : blogger
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : 0000.0CE1.E500
Configuration last modified by 0.0.0.0 at 3-1-93 00:47:49
Local updater ID is 0.0.0.0 (no valid interface found)

Feature VLAN : 
--------------
VTP Operating Mode                : Server
Maximum VLANs supported locally   : 1005
Number of existing VLANs          : 8
Configuration Revision            : 0
MD5 digest                        : 0x65 0xBC 0x5B 0x21 0xC3 0x28 0x52 0x80 
                                    0x9E 0xBA 0x83 0xA1 0x0E 0xF7 0x57 0xAD

4. Configure client switches as VTP client

We create VTP in the client switches. Configuration will be the same as VTP master, except mode as client.

client1(config)#vtp mode client
Setting device to VTP CLIENT mode.
client1(config)#vtp domain blogger
Changing VTP domain name from NULL to blogger
client1(config)#vtp password blog-password
Setting device VLAN database password to blog-password
client1(config)#vtp password blog-pass
Setting device VLAN database password to blog-pass
client1#show vtp status
VTP Version capable             : 1 to 2
VTP version running             : 2
VTP Domain Name                 : blogger
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : 000A.F38B.B400
Configuration last modified by 0.0.0.0 at 3-1-93 00:47:49

Feature VLAN : 
--------------
VTP Operating Mode                : Client
Maximum VLANs supported locally   : 1005
Number of existing VLANs          : 8
Configuration Revision            : 0
MD5 digest                        : 0x65 0xBC 0x5B 0x21 0xC3 0x28 0x52 0x80 
                                    0x9E 0xBA 0x83 0xA1 0x0E 0xF7 0x57 0xAD

client2(config)#vtp mode client
Setting device to VTP CLIENT mode.
client2(config)#vtp domain blogger
Changing VTP domain name from NULL to blogger
client2(config)#vtp password blog-pass
Setting device VLAN database password to blog-pass
client2(config)#exit
client2#show vtp status
VTP Version capable             : 1 to 2
VTP version running             : 2
VTP Domain Name                 : blogger
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : 0001.636E.B900
Configuration last modified by 0.0.0.0 at 3-1-93 00:47:49

Feature VLAN : 
--------------
VTP Operating Mode                : Client
Maximum VLANs supported locally   : 1005
Number of existing VLANs          : 8
Configuration Revision            : 0
MD5 digest                        : 0x65 0xBC 0x5B 0x21 0xC3 0x28 0x52 0x80 
                                    0x9E 0xBA 0x83 0xA1 0x0E 0xF7 0x57 0xAD

5. Validation

After step 4, if we view vlan information in client1 and client2, all the vlan info that are configured in master switch will be present. Note that we assigned gig 1/0/24 to vlan 300. It will not be shown in client switches. Port assignment is not part of VTP.

client1# show vlan br

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gig1/0/2, Gig1/0/3, Gig1/0/4, Gig1/0/5
                                                Gig1/0/6, Gig1/0/7, Gig1/0/8, Gig1/0/9
                                                Gig1/0/10, Gig1/0/11, Gig1/0/12, Gig1/0/13
                                                Gig1/0/14, Gig1/0/15, Gig1/0/16, Gig1/0/17
                                                Gig1/0/18, Gig1/0/19, Gig1/0/20, Gig1/0/21
                                                Gig1/0/22, Gig1/0/23, Gig1/0/24, Gig1/1/1
                                                Gig1/1/2, Gig1/1/3, Gig1/1/4
200  vtp-200                          active    
300  vtp-300                          active    
400  vtp-400                          active    
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active

client2#show vlan br

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gig1/0/2, Gig1/0/3, Gig1/0/4, Gig1/0/5
                                                Gig1/0/6, Gig1/0/7, Gig1/0/8, Gig1/0/9
                                                Gig1/0/10, Gig1/0/11, Gig1/0/12, Gig1/0/13
                                                Gig1/0/14, Gig1/0/15, Gig1/0/16, Gig1/0/17
                                                Gig1/0/18, Gig1/0/19, Gig1/0/20, Gig1/0/21
                                                Gig1/0/22, Gig1/0/23, Gig1/0/24, Gig1/1/1
                                                Gig1/1/2, Gig1/1/3, Gig1/1/4
200  vtp-200                          active    
300  vtp-300                          active    
400  vtp-400                          active    
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active

Sunday, March 24, 2019

InterVLAN Routing - Layer3 Switch

I try to do inter VLAN Routing without using Router. Usually if layer 2 switches are used, we have to use a router to do inter VLAN Routing. I use a standalone layer 3 switch to create VLAN and route packets between them.

Topology

There are 3 PCs in 3 different networks, and a layer3 switch.

Task Breakdown

Configure IP Addresses in PCs
Create VLANs in switch
Configure Layer3 parameters in switch
Validate configuration

1. Configure IP Addresses in PCs

PC Name	IP Address	Subnet Mask	Default Gateway
PC-NET-1	172.1.0.100	255.255.0.0	172.1.0.1
PC-NET-2	172.2.0.100	255.255.0.0	172.2.0.1
PC-NET-3	172.3.0.100	255.255.0.0	172.3.0.1

Click on PC-> Desktop -> IP Configuration

Static IP Configuration in PC

2. Create VLANs in switch

Creating 3 VLANs 101, 102, 103 for PC-NET-1, PC-NET-2, PC-NET-3 respectively.

Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#vlan 101
Switch(config-vlan)#exit
Switch(config)#vlan 102
Switch(config-vlan)#exit
Switch(config)#vlan 103
Switch(config-vlan)#exit
Switch(config)#

Assign the switch ports fa0/1(connected to PC-NET-1), fa0/2(connected to PC-NET-2) and fa0/3(connected to PC-NET-3) to VLAN 101, 102 and 103 respectively.

PC Name	IP Address	Subnet Mask	Default Gateway	Switchport interface	VLAN ID
PC-NET-1	172.1.0.100	255.255.0.0	172.1.0.1	fa0/1	VLAN 101
PC-NET-2	172.2.0.100	255.255.0.0	172.2.0.1	fa0/2	VLAN 102
PC-NET-3	172.3.0.100	255.255.0.0	172.3.0.1	fa0/3	VLAN 103

Switch(config)#int fa0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 101
Switch(config-if)#exit
Switch(config)#int fa0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 102
Switch(config-if)#exit
Switch(config)#int fa0/3
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 103
Switch(config-if)#exit

3. Configure Layer3 parameters in switch

Configure IP addresses to VLANs like the following. IP addresses has to match the default gateway configured in the respective PCs

Switch(config)#int vlan 101
Switch(config-if)#ip address 172.1.0.1 255.255.0.0
Switch(config-if)#exit
Switch(config)#int vlan 102
Switch(config-if)#ip address 172.2.0.1 255.255.0.0
Switch(config-if)#exit
Switch(config)#int vlan 103
Switch(config-if)#ip address 172.3.0.1 255.255.0.0
Switch(config-if)#exit
Switch(config)#

To enable layer3 switch's capability to route packets, the following command has to be given

Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#ip routing
Switch(config)#exit
Switch#

To view the routing table of the switch

Switch#show ip route 
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

C    172.1.0.0/16 is directly connected, Vlan101
C    172.2.0.0/16 is directly connected, Vlan102
C    172.3.0.0/16 is directly connected, Vlan103

4. Validation

Ping test has to be done from any PC to the other two PCs

Click on PC-NET-2 -> Desktop -> Command Prompt

Successful Ping from PC-NET-2

Basic VLAN Operation

I am performing a basic operation of VLAN using Packet Tracer.

Topology

It resembles a use case scenario, where 2 PC's from Marketing and Finance are placed in two different buildings. Each building will have a 3560 multi-layer switch. A connection is laid between switches. We need connectivity between MKT-1 and MKT-2. Also between FIN-1 and FIN-2.

Task Breakdown

Setting Devices
Creating VLANs in Switch
Access Mode Configuration in Switch
Trunk Mode Configuration in Switch
Validating

1. Setting Devices

Configure IP Address in PC: Click on PC. Config -> FastEthernet0 -> Static -> 172.1.0.1
Set hostname in Switch

IP Configuration on PC

Switch#configure t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname BLD-1
BLD-1(config)#

Similarly configure IP Addresses and hostnames for all PCs and Switches as mentioned in Topology diagram above.

2. Creating VLANs in Switch

On both BLD-1 and BLD-2 switches create VLANs 2 and 3 for Marketing and Finance respectively.

BLD-1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
BLD-1(config)#vlan 2
BLD-1(config-vlan)#name MKT
BLD-1(config-vlan)#exit
BLD-1(config)#vlan 3
BLD-1(config-vlan)#name FIN
BLD-1(config-vlan)#exit
BLD-1(config)#exit

Observe that 2 VLANs are created waiting for the ports to be assigned.

BLD-1#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gig0/1, Gig0/2
2    MKT                              active    
3    FIN                              active    
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active

3. Access Mode Configuration in Switch

Fa0/1 of BLD-1 to VLAN 2(MKT)
Fa0/2 of BLD-1 to VLAN 3(FIN)
Fa0/1 of BLD-2 to VLAN 2(MKT)
Fa0/2 of BLD-2 to VLAN 3(FIN)

Now we have to assign ports of switches to VLANs 2 or 3 according to the PCs connected. Here in our case:


BLD-1(config)#int fa0/1
BLD-1(config-if)#switchport access vlan 2
BLD-1(config-if)#switchport mode access
BLD-1(config-if)#exit
BLD-1(config)#int fa0/2
BLD-1(config-if)#switchport access vlan 3
BLD-1(config-if)#exit
BLD-1(config)#exit


Observe the Port assignments to VLAN

BLD-1# show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/3, Fa0/4, Fa0/5, Fa0/6
                                                Fa0/7, Fa0/8, Fa0/9, Fa0/10
                                                Fa0/11, Fa0/12, Fa0/13, Fa0/14
                                                Fa0/15, Fa0/16, Fa0/17, Fa0/18
                                                Fa0/19, Fa0/20, Fa0/21, Fa0/22
                                                Fa0/23, Fa0/24, Gig0/1, Gig0/2
2    MKT                              active    Fa0/1
3    FIN                              active    Fa0/2
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active

4. Trunk Mode Configuration in Switch

Interconnection of two Switches is through Gig0/1. They have to pass traffic of VLANs 1 and 2 in it. So, we make it Trunk mode with encapsulation IEEE Dot11q.

The configuration to be performed on both BLD-1 and BLD-2

BLD-1(config)#int gig0/1
BLD-1(config-if)#switchport trunk encapsulation dot1q
BLD-1(config-if)#switchport mode trunk
BLD-1(config-if)#exit
BLD-1(config)#exit

As Default VLAN 1 is already present in switch and we added VLAN 2 and 3, the resultant trunk port will pass all 3 VLANs traffic.

BLD-2#show int trunk
Port        Mode         Encapsulation  Status        Native vlan
Gig0/1      on           802.1q         trunking      1

Port        Vlans allowed on trunk
Gig0/1      1-1005

Port        Vlans allowed and active in management domain
Gig0/1      1,2,3

Port        Vlans in spanning tree forwarding state and not pruned
Gig0/1      1,2,3

5. Validating

To make sure our configuration works (without negative test cases involved), Following ping test should pass

MKT-1 (172.1.0.1) to MKT-2 (172.1.0.2)
FIN-1 (172.2.0.1) to FIN-2 (172.2.0.2)

Click FIN-1. Desktop -> Command Prompt

Thursday, December 6, 2018

wireshark: Viewing encrypted PSK2AES packet

In case, we capture packets encrypted with WPA/WPA2-PSK security in wireshark. Now, to see that we can do the following procedure.

Go to Edit -> Preferences to open the Preferences dialog box.
Expand Protocols and select IEEE 802.11.
Select: Enable decryption
Edit: Decryption Keys
Go to WEP and WPA Decryption window
Key type: wpa-pwd
Key: <passphrase>:<ssid>
Example: 12345678:4366ap
Click 'Apply' and 'Ok' on all corresponding nested windows.

Labels

Friday, April 5, 2019

Wednesday, April 3, 2019

Sunday, March 31, 2019

Thursday, March 28, 2019

Sunday, March 24, 2019

Thursday, December 6, 2018