That’s right, we’ve gotten back to my crappy Paint topologies, as we all have come to know and love them.
So given I don’t have laptops around that I can piece into this home lab, I will be using a couple of my NBMA routers (2600XM series) as hosts C and D, while hosts A and B will be the 1841 and 2801 from the original topology.
I get everything re-cabled (I think, lots of green lights), now just need to reconfigure the access server lines which can be tricky, and re-configure the 3560’s from my *sniffle* ROUTE days.
OK, now that all lines and cables and bears oh my are finally configured properly, lets take a look at cdp neighbors on SW1:
SW1#sh cdp nei
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone,
D – Remote, C – CVTA, M – Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
R2 Fas 1/0/2 161 R S I 2801 Fas 0/1
R3 Fas 1/0/4 134 R S I 2611XM Fas 0/1
R1 Fas 1/0/3 137 R S I 1841 Fas 0/1
R4 Fas 1/0/1 179 R S I 2611XM Fas 0/1
SW1#
Make sure to check quick if any ports are missing or in different VLANs to begin with:
SW1#sh vlan bri
VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa1/0/1, Fa1/0/2, Fa1/0/3
Fa1/0/4, Fa1/0/5, Fa1/0/6
Fa1/0/7, Fa1/0/8, Fa1/0/9
Fa1/0/10, Fa1/0/11, Fa1/0/12
Fa1/0/13, Fa1/0/14, Fa1/0/15
Fa1/0/16, Fa1/0/17, Fa1/0/18
Fa1/0/19, Fa1/0/20, Fa1/0/21
Fa1/0/22, Fa1/0/23, Fa1/0/24
Gi1/0/1, Gi1/0/2
10 VLAN0010 active
20 VLAN0020 active
30 VLAN0030 active
40 VLAN0040 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
SW1#
So we have a “flat” LAN, lets see if all hosts are able to ping each other over the single switch 10.0.0.0/24 network:
R1#ping 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms
R1#ping 10.0.0.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.3, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/4 ms
R1#ping 10.0.0.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.4, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/4 ms
R1#
So we have a working, flat, single switch 4 node LAN – Time to change that! Like so:
SW1(config)#int fa1/0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 12
SW1(config-if)#int fa1/0/2
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 12
SW1(config-if)#int fa1/0/3
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 34
% Access VLAN does not exist. Creating vlan 34
SW1(config-if)#int fa1/0/4
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 34
SW1(config-if)#int fa1/0/3
SW1(config-if)#switchport access vlan 34
SW1(config-if)#
In this config, I manually specify these as “switchport mode access” meaning this is a host port, rather than a Trunk which will be coming up as switches get added. However you can also see the two different methods to creating a VLAN in the configuration.
To verify:
SW1#sh vlan bri
VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa1/0/5, Fa1/0/6, Fa1/0/7
Fa1/0/8, Fa1/0/9, Fa1/0/10
Fa1/0/11, Fa1/0/12, Fa1/0/13
Fa1/0/14, Fa1/0/15, Fa1/0/16
Fa1/0/17, Fa1/0/18, Fa1/0/19
Fa1/0/20, Fa1/0/21, Fa1/0/22
Fa1/0/23, Fa1/0/24, Gi1/0/1
Gi1/0/2
10 VLAN0010 active
12 VLAN0012 active Fa1/0/1, Fa1/0/2
13 VLAN0013 active
20 VLAN0020 active
30 VLAN0030 active
34 VLAN0034 active Fa1/0/3, Fa1/0/4
40 VLAN0040 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
SW1#
One upshot to creating a vlan with “vlan #” or modifying one this way is this:
SW1(config)#vlan 12
SW1(config-vlan)#?
VLAN configuration commands:
are Maximum number of All Route Explorer hops for this VLAN (or
zero if none specified)
backupcrf Backup CRF mode of the VLAN
bridge Bridging characteristics of the VLAN
exit Apply changes, bump revision number, and exit mode
media Media type of the VLAN
mtu VLAN Maximum Transmission Unit
name Ascii name of the VLAN
no Negate a command or set its defaults
parent ID number of the Parent VLAN of FDDI or Token Ring type VLANs
private-vlan Configure a private VLAN
remote-span Configure as Remote SPAN VLAN
ring Ring number of FDDI or Token Ring type VLANs
said IEEE 802.10 SAID
shutdown Shutdown VLAN switching
state Operational state of the VLAN
ste Maximum number of Spanning Tree Explorer hops for this VLAN (or
zero if none specified)
stp Spanning tree characteristics of the VLAN
tb-vlan1 ID number of the first translational VLAN for this VLAN (or
zero if none)
tb-vlan2 ID number of the second translational VLAN for this VLAN (or
zero if none)
SW1(config-vlan)#
Giving your VLAN a name so other techs that need to troubleshoot it have an idea of what they are looking at, so I could name mine as such:
SW1(config-vlan)#name IT-Staff
SW1(config-vlan)#vlan 34
SW1(config-vlan)#name Better-IT-Staff
SW1(config-vlan)#exit
SW1(config)#exit
SW1#sh vlan
*Mar 1 01:16:26.949: %SYS-5-CONFIG_I: Configured from console by console bri
VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa1/0/5, Fa1/0/6, Fa1/0/7
Fa1/0/8, Fa1/0/9, Fa1/0/10
Fa1/0/11, Fa1/0/12, Fa1/0/13
Fa1/0/14, Fa1/0/15, Fa1/0/16
Fa1/0/17, Fa1/0/18, Fa1/0/19
Fa1/0/20, Fa1/0/21, Fa1/0/22
Fa1/0/23, Fa1/0/24, Gi1/0/1
Gi1/0/2
10 VLAN0010 active
12 IT-Staff active Fa1/0/1, Fa1/0/2
13 VLAN0013 active
20 VLAN0020 active
30 VLAN0030 active
34 Better-IT-Staff active Fa1/0/3, Fa1/0/4
40 VLAN0040 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
SW1#
So lets see if it’s working:
R1#ping 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
….
Success rate is 0 percent (0/4)
R1#ping 10.0.0.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R1#ping 10.0.0.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.4, timeout is 2 seconds:
…
Success rate is 0 percent (0/3)
R1#
Exactly as it should be, the control sequence to abort pings on a router if you haven’t already picked this up somewhere, is hitting ctrl + shft + 6 twice in a row to break the slow moving dots of no connectivity.
However, this is an issue for LAN’s that are “Flat” in terms of really just wanting one big subnet with everything on it, even in our fight to mitigate broadcasts. We did stop 66% of broadcasts being forwarded by the switch, as it’s only communicating with the host on the same VLAN, but the problem is that it’s only communicating with devices on it’s own VLAN.
With VLAN’s we can separate traffic flows, but our goal is to mitigate unnecessary broadcast traffic from wasting LAN resources again like CPU and Bandwidth.
So just tell me already how to make hosts communicate on a single switch!
At this point in the configuration, we don’t have configuration for Inter-Vlan Routing, which can be done on MLS switches with IP Routing (as a Layer 3 device is needed for inter-vlan communication). However, I am going to leave the MLS / IP Routing on switches for that time in the course, as there is a whole video series regarding it.
Although we could use a router, configure a couple sub-interfaces and use Router on a Stick like a Layer 2 switch would require, we will get to that topic but next will be a quick review of Dynamic VLANs!
The DEVNET GRIND! 