Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 51 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
51
Dung lượng
3,09 MB
Nội dung
2.12 Configure, verify, and troubleshoot interVLAN routing 119 The configuration of the switch would look something like this: 2960#config t 2960(config)#int f0/1 2960(config-if)#switchport mode trunk 2960(config-if)#int f0/2 2960(config-if)#switchport access vlan 1 2960(config-if)#int f0/3 2960(config-if)#switchport access vlan 1 2960(config-if)#int f0/4 2960(config-if)#switchport access vlan 3 2960(config-if)#int f0/5 2960(config-if)#switchport access vlan 3 2960(config-if)#int f0/6 2960(config-if)#switchport access vlan 2 Before we configure the router, we need to design our logical network: VLAN 1: 192.168.10.16/28 VLAN 2: 192.168.10.32/28 VLAN 3: 192.168.10.48/28 The configuration of the router would then look like this: ISR#config t ISR(config)#int f0/0 ISR(config-if)#no ip address ISR(config-if)#no shutdown ISR(config-if)#int f0/0.1 ISR(config-subif)#encapsulation dot1q 1 ISR(config-subif)#ip address 192.168.10.17 255.255.255.240 ISR(config-subif)#int f0/0.2 ISR(config-subif)#encapsulation dot1q 2 ISR(config-subif)#ip address 192.168.10.33 255.255.255.240 ISR(config-subif)#int f0/0.3 ISR(config-subif)#encapsulation dot1q 3 ISR(config-subif)#ip address 192.168.10.49 255.255.255.240 The hosts in each VLAN would be assigned an address from their subnet range, and the default gateway would be the IP address assigned to the router’s subinterface in that VLAN. Now, let’s take a look at another figure and see if you can determine the switch and router configurations without looking at the answer—no cheating! Figure 2.25 shows a router con- nected to a 2960 switch with two VLANs. One host in each VLAN is assigned an IP address. What are your router and switch configurations based on these IP addresses? 85711.book Page 119 Thursday, September 27, 2007 10:35 AM 120 Chapter 2 Configure, verify, and troubleshoot a switch with VLANs FIGURE 2.25 Inter-VLAN example 3 Since the hosts don’t list a subnet mask, you have to look for the number of hosts used in each VLAN to figure out the block size. VLAN 1 has 85 hosts and VLAN 2 has 115 hosts. Each of these will fit in a block size of 128, which is a /25 mask, or 255.255.255.128. You should know by now that the subnets are 0 and 128; the 0 subnet (VLAN 1) has a host range of 1–126, and the 128 subnet (VLAN 2) has a range of 129–254. You can almost be fooled since HostA has an IP address of 126, which makes it almost seem that HostA and B are in the same subnet. But they’re not, and you’re way too smart by now to be fooled by this one! Here is the switch configuration: 2960#config t 2960(config)#int f0/1 2960(config-if)#switchport mode trunk 2960(config-if)#int f0/2 2960(config-if)#switchport access vlan 1 2960(config-if)#int f0/3 2960(config-if)#switchport access vlan 2 Here is the router configuration: ISR#config t ISR(config)#int f0/0 ISR(config-if)#no ip address ISR(config-if)#no shutdown VLAN 1 85 Hosts HostA F0/1 172.16.10.129 F0/2 F0/3 172.16.10.126 VLAN 2 115 Hosts HostB 85711.book Page 120 Thursday, September 27, 2007 10:35 AM 2.12 Configure, verify, and troubleshoot interVLAN routing 121 ISR(config-if)#int f0/0.1 ISR(config-subif)#encapsulation dot1q 1 ISR(config-subif)#ip address 172.16.10.1 255.255.255.128 ISR(config-subif)#int f0/0.2 ISR(config-subif)#encapsulation dot1q 2 ISR(config-subif)#ip address 172.16.10.254 255.255.255.128 I used the first address in the host range for VLAN 1 and the last address in the range for VLAN 2, but any address in the range would work. You just have to configure the host’s default gateway to whatever you make the router’s address. Now, before we go on to the next example, I need to make sure that you know how to set the IP address on the switch. Since VLAN 1 is typically the administrative VLAN, we’ll use an IP address from that pool of addresses. Here’s how to set the IP address of the switch (I’m not nagging, but you really should already know this!): 2960#config t 2960(config)#int vlan 1 2960(config-if)#ip address 172.16.10.2 255.255.255.128 2960(config-if)#no shutdown Yes, you have to do a no shutdown on the VLAN interface. One more example, and then we’ll move on to VTP—another important subject that you definitely don’t want to miss! In Figure 2.26 there are two VLANs. By looking at the router configuration, what’s the IP address, mask, and default gateway of HostA? Use the last IP address in the range for HostA’s address: If you really look carefully at the router configuration (the hostname in this figure is just Router), there is a simple and quick answer. Both subnets are using a /28, or 255.255.255.240 mask, which is a block size of 16. The router’s address for VLAN 1 is in subnet 128. The next subnet is 144, so the broadcast address of VLAN 1 is 143 and the valid host range is 129–142. So, the host address would be this: IP Address: 192.168.10.142 Mask: 255.255.255.240 Default Gateway: 192.168.10.129 Exam Objectives Remember that hosts in a VLAN can only communicate with hosts in the same VLAN. If you have multiple VLANs and need inter-VLAN communication, you must configure a router or buy a more expensive layer 3 switch to provide the routing on the backplane of the switch. Remember how to create a Cisco “router on a stick” to provide inter-VLAN communication. You can use a Cisco FastEthernet of Gigabit Ethernet interface to provide inter-VLAN routing. The switch port connected to the router must be a trunk port, then you must create virtual inter- faces (subinterfaces) on the router port for each VLAN connecting. The hosts in each VLAN will use this subinterface address as their default gateway address. 85711.book Page 121 Thursday, September 27, 2007 10:35 AM 122 Chapter 2 Configure, verify, and troubleshoot a switch with VLANs FIGURE 2.26 Inter-VLAN example 4 Remember how to create a subinterface on a router port. By creating a subinterface on a router, you can use one router port to allow inter-VLAN communication. You must create a subinterface for each VLAN. Here is an example on how to create a subinterface on a router port for VLAN 2: Router#config t Rotuer(config)#int f0/0.1 Router(config-subif)#encapsulation dot1Q 2 Remember how to configure a trunk port on a 2960 switch. The 2960 switch only runs the 802.1q trunking method, so the command to trunk a port is simple: Switch(config-if)#switchport mode trunk VLAN 1 HostA F0/1 192.168.10.17 VLAN 2 F0/2 F0/3 HostB Router#config t Router(config)#int f0/0 Router(config-if)#no ip address Router(config-if)#no shutdown Router(config-if)#int f0/0.1 Router(config-subif)# encapsulation dot1q 1 Router(config-subif)# ip address 192.168.10.129 255.255.255.240 Router(config-subif)# int f0/0.2 Router(config-subif)# encapsulation dot1q 2 Router(config-subif)# ip address 192.168.10.46 255.255.255.240 85711.book Page 122 Thursday, September 27, 2007 10:35 AM 2.13 Configure, verify, and troubleshoot VTP 123 2.13 Configure, verify, and troubleshoot VTP All Cisco switches are configured to be VTP servers by default. To configure VTP, first you have to configure the domain name you want to use. And of course, once you configure the VTP information on a switch, you need to verify it. When you create the VTP domain, you have a bunch of options, including setting the domain name, password, operating mode, and pruning capabilities of the switch. Use the vtp global configuration mode command to set all this information. In the following example, I’ll set the S1 switch to vtp server, the VTP domain to Lammle, and the VTP password to todd: S1#config t S1#(config)#vtp mode server Device mode already VTP SERVER. S1(config)#vtp domain Lammle Changing VTP domain name from null to Lammle S1(config)#vtp password todd Setting device VLAN database password to todd S1(config)#do show vtp password VTP Password: todd S1(config)#do show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 255 Number of existing VLANs : 8 VTP Operating Mode : Server VTP Domain Name : Lammle VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x15 0x54 0x88 0xF2 0x50 0xD9 0x03 0x07 Configuration last modified by 192.168.24.6 at 3-14-93 15:47:32 Local updater ID is 192.168.24.6 on interface Vl1 (lowest numbered VLAN interface found) Please make sure that you remember that all switches are set to VTP server mode by default, and if you want to change any VLAN information on a switch, you absolutely must be in VTP server mode. After you configure the VTP information, you can verify it with the show vtp command as shown in the preceding output. The preceding switch output shows the VTP domain, the VTP password, and the switch’s mode. 85711.book Page 123 Thursday, September 27, 2007 10:35 AM 124 Chapter 2 Configure, verify, and troubleshoot a switch with VLANs Before we move onward to configuring the Core and the S2 switch with VTP information, take a minute to reflect on the fact that the show vtp status output shows that the maximum number of VLANs supported locally is only 255. Since you can create more than 1,000 VLANs on a switch, this seems like it would definitely be a problem if you have more then 255 switches and you’re using VTP. And, well, yes, it is problem—if you are trying to configure the 256th VLAN on a switch, you’ll get a nice little error message stating that there are not enough hard- ware resources available, and then it will shut down the VLAN and the 256th VLAN will show up in suspended state in the output of the show vlan command. Not so good! Let’s go to the Core and S2 switches and set them into the Lammle VTP domain. It is very important to remember that the VTP domain name is case sensitive! VTP is not forgiving—one teeny small mistake and it just won’t work. Core#config t Core(config)#vtp mode client Setting device to VTP CLIENT mode. Core(config)#vtp domain Lammle Changing VTP domain name from null to Lammle Core(config)#vtp password todd Setting device VLAN database password to todd Core(config)#do show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 1005 Number of existing VLANs : 5 VTP Operating Mode : Server VTP Domain Name : Lammle VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x2A 0x6B 0x22 0x17 0x04 0x4F 0xB8 0xC2 Configuration last modified by 192.168.10.19 at 3-1-93 03:13:16 Local updater ID is 192.168.24.7 on interface Vl1 (first interface found) S2#config t S2(config)#vtp mode client Setting device to VTP CLIENT mode. S2(config)#vtp domain Lammle Changing VTP domain name from null to Lammle S2(config)#vtp password todd Setting device VLAN database password to todd S2(config)#do show vtp status VTP Version : 2 Configuration Revision : 0 85711.book Page 124 Thursday, September 27, 2007 10:35 AM 2.13 Configure, verify, and troubleshoot VTP 125 Maximum VLANs supported locally : 1005 Number of existing VLANs : 5 VTP Operating Mode : Client VTP Domain Name : Lammle VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x02 0x11 0x18 0x4B 0x36 0xC5 0xF4 0x1F Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 Nice—now that all our switches are set to the same VTP domain and password, the VLANs I created earlier on the S1 switch should be advertised to the Core and S2 VTP client switches. Let’s take a look using the show vlan brief command on the Core and S2 switch: Core#sh vlan brief VLAN Name Status Ports 1 default active Fa0/1,Fa0/2,Fa0/3,Fa0/4 Fa0/9,Fa0/10,Fa0/11,Fa0/12 Fa0/13,Fa0/14,Fa0/15, Fa0/16,Fa0/17, Fa0/18, Fa0/19, Fa0/20,Fa0/21, Fa0/22, Fa0/23, Fa0/24, Gi0/1, Gi0/2 2 Sales active 3 Marketing active 4 Accounting active [output cut] S2#sh vlan bri VLAN Name Status Ports 1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6 Fa0/7, Fa0/8, Gi0/1 2 Sales active 3 Marketing active 4 Accounting active [output cut] The VLAN database that I created on the S1 (2960) switch earlier in this chapter was uploaded to the Core and S2 switch via VTP advertisements. VTP is a great way to keep VLAN naming consistent across the switched network. We can now assign VLANs to the ports on the Core and S1 switches, and they’ll communicate with the hosts in the same VLANs on the S1 switch across the trunked ports between switches. 85711.book Page 125 Thursday, September 27, 2007 10:35 AM 126 Chapter 2 Configure, verify, and troubleshoot a switch with VLANs It’s imperative that you can assign a VTP domain name, set the switch to VTP server mode, and create a VLAN! Troubleshooting VTP You connect your switches with crossover cables, the lights go green on both ends, and you’re up and running! Yeah—in a perfect world, right? Don’t you wish it was that easy? Well, actu- ally, it pretty much is—without VLANs, of course. But if you’re using VLANs—and you def- initely should be—then you need to use VTP if you have multiple VLANs configured in your switched network. But here there be monsters: If VTP is not configured correctly, it (surprise!) will not work, so you absolutely must be capable of troubleshooting VTP. Let’s take a look at a couple of configurations and solve the problems. Study the output from the two following switches: SwitchA#sh vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 64 Number of existing VLANs : 7 VTP Operating Mode : Server VTP Domain Name : RouterSim VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled SwitchB#sh vtp status VTP Version : 2 Configuration Revision : 1 Maximum VLANs supported locally : 64 Number of existing VLANs : 7 VTP Operating Mode : Server VTP Domain Name : GlobalNet VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled So, what’s happening with these two switches? Why won’t they share VLAN information? At first glance, it seems that both servers are in VTP server mode, but that’s not the problem. Servers in VTP server mode will share VLAN information using VTP. The problem is that they’re in two different VTP domains. SwitchA is in VTP domain RouterSim and SwitchB 85711.book Page 126 Thursday, September 27, 2007 10:35 AM 2.13 Configure, verify, and troubleshoot VTP 127 is in VTP domain GlobalNet. They will never share VTP information because the VTP domain names are configured differently. Now that you know how to look for common VTP domain configuration errors in your switches, let’s take a look at another switch configuration: SwitchC#sh vtp status VTP Version : 2 Configuration Revision : 1 Maximum VLANs supported locally : 64 Number of existing VLANs : 7 VTP Operating Mode : Client VTP Domain Name : Todd VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled There you are just trying to create a new VLAN on SwitchC, and what do you get for your trou- ble? A loathsome error! Why can’t you create a VLAN on SwitchC? Well, the VTP domain name isn’t the important thing in this example. What is critical here is the VTP mode. The VTP mode is client, and a VTP client cannot create, delete, add, or change VLANs, remember? VTP clients only keep the VTP database in RAM, and that’s not saved to NVRAM. So, in order to create a VLAN on this switch, you’ve got to make the switch a VTP server first. Here’s what will happen when you have the preceding VTP configuration: SwitchC(config)#vlan 50 VTP VLAN configuration not allowed when device is in CLIENT mode. So, to fix this problem, here’s what you need to do: SwitchC(config)#vtp mode server Setting device to VTP SERVER mode SwitchC(config)#vlan 50 SwitchC(config-vlan)# Wait, we’re not done. Now take a look at the output from these two switches and determine why SwitchB is not receiving VLAN information from SwitchA: SwitchA#sh vtp status VTP Version : 2 Configuration Revision : 4 Maximum VLANs supported locally : 64 Number of existing VLANs : 7 VTP Operating Mode : Server VTP Domain Name : GlobalNet 85711.book Page 127 Thursday, September 27, 2007 10:35 AM 128 Chapter 2 Configure, verify, and troubleshoot a switch with VLANs VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled SwitchB#sh vtp status VTP Version : 2 Configuration Revision : 14 Maximum VLANs supported locally : 64 Number of existing VLANs : 7 VTP Operating Mode : Server VTP Domain Name : GlobalNet VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled You may be tempted to say it’s because they’re both VTP servers, but that is not the prob- lem. All your switches can be servers and they can still share VLAN information. As a matter of fact, Cisco actually suggests that all switches stay VTP servers and that you just make sure the switch you want to advertise VTP VLAN information has the highest revision number. If all switches are VTP servers, then all of the switches will save the VLAN database. But SwitchB isn’t receiving VLAN information from SwitchA because SwitchB has a higher revision num- ber than SwitchA. It’s very important that you can recognize this problem. There are a couple ways to go about resolving this issue. The first thing you could do is to change the VTP domain name on SwitchB to another name, then set it back to GlobalNet, which will reset the revision number to zero (0) on SwitchB. The second approach would be to create or delete VLANs on SwitchA until the revision number passes the revision number on SwitchB. I didn’t say the second way was better; I just said it’s another way to fix it! Exam Objectives Understand the purpose and configuration of VTP. VTP provides propagation of the VLAN database throughout your switched network. All switches must be in the same VTP domain. Remember the command to verify VTP. Unfortunately, there are not a lot of ways to verify your VTP configuration. The best way is by using the command show vtp status. This shows you your domain name, password, and revision number. 2.14 Configure, verify, and troubleshoot RSTP operation Configuring RSTP actually is as easy as configuring any of our other 802.1d extensions. Considering how much better it is than 802.1d, you’d think the configuration would be 85711.book Page 128 Thursday, September 27, 2007 10:35 AM [...]... 85711.book Page 140 Thursday, September 27, 2007 10:35 AM 140 Chapter 2 Configure, verify, and troubleshoot a switch with VLANs 10 You type show mac address-table and receive the following output: Switch#sh mac address-table Vlan Mac Address Type 1 0005.dccb.d74b DYNAMIC 1 000a.f467.9e80 DYNAMIC 1 000a.f467.9e8b DYNAMIC 1 000a.f467.9e8c DYNAMIC 1 0010.7b7f.c2b0 DYNAMIC 1 0030.80dc .46 0b DYNAMIC... links, then we’ll start to receive this error: 19:23:29: %CDP -4- NATIVE_VLAN_MISMATCH: Native discovered on FastEthernet0/1 (40 ), with Core 19: 24: 29: %CDP -4- NATIVE_VLAN_MISMATCH: Native discovered on FastEthernet0/1 (40 ), with Core VLAN mismatch FastEthernet0/7 (1) VLAN mismatch FastEthernet0/7 (1) Actually, this is a good, noncryptic error, so either we go to the other end of our trunk link(s) and change... trunk native vlan ? VLAN ID of the native VLAN when this port is in trunking mode S1(config-if)#switchport trunk native vlan 40 S1(config-if)#^Z So we’ve changed our native VLAN on our trunk link to 40 , and by using the show running-config command, I can see the configuration under the trunk link: ! interface FastEthernet0/1 85711.book Page 135 Thursday, September 27, 2007 10:35 AM 16 Implement... redundant topology 6 Which command was used to produce the following output: Vlan -1 1 1 1 1 1 Mac Address 0005.dccb.d74b 000a.f467.9e80 000a.f467.9e8b 000a.f467.9e8c 0010.7b7f.c2b0 0030.80dc .46 0b Type -DYNAMIC DYNAMIC DYNAMIC DYNAMIC DYNAMIC DYNAMIC Ports Fa0/1 Fa0/3 Fa0 /4 Fa0/3 Fa0/3 Fa0/3 A show vlan B show ip route C show mac address-table D D show mac address-filter 7 If you want to disable... vlan 40 switchport trunk allowed vlan 1-3,9 -40 94 switchport trunk pruning vlan 3 ,4 ! Hold on there, partner! You didn’t think it would be this easy and would just start working, did you? Sure you didn’t Here’s the rub: If all switches don’t have the same native VLAN configured on the trunk links, then we’ll start to receive this error: 19:23:29: %CDP -4- NATIVE_VLAN_MISMATCH: Native discovered on FastEthernet0/1... network.node.node.node For example, in the IP address 49 .22.102.70, the 49 is the network address, and 22.102.70 is the node address Every machine on this particular network would have the distinctive network address of 49 85711.book Page 147 Thursday, September 27, 2007 10:35 AM 3.1 Describe the operation and benefits of using private and public IP addressing 147 Class A network addresses are 1 byte long,... Fa0/1 Fa0/3 Fa0 /4 Fa0/3 Fa0/3 Fa0/3 Suppose that the above switch received a frame with the following MAC addresses: Source MAC: 0005.dccb.d74b Destination MAC: 000a.f467.9e8c What will it do? A It will discard the frame B It will forward the frame out port Fa0/3 only C It will forward it out Fa0/1 only D It will send it out all ports except Fa0/1 85711.book Page 141 Thursday, September 27, 2007 10:35... (forward/filter table), it will send it out port Fa0/3 only 85711.book Page 142 Thursday, September 27, 2007 10:35 AM 85711.book Page 143 Thursday, September 27, 2007 10:35 AM Chapter 3 Implement an IP addressing scheme and IP Services to meet network requirements in a medium-size Enterprise branch office network THE CISCO CCNA EXAM OBJECTIVES COVERED IN THIS CHAPTER INCLUDE: 3.1 Describe the operation... is in trunking mode S1(config-if)#switchport trunk allowed vlan remove 4 85711.book Page 1 34 Thursday, September 27, 2007 10:35 AM 1 34 Chapter 2 Configure, verify, and troubleshoot a switch with VLANs The preceding command stopped the trunk link configured on S1 port f0/1, causing it to drop all traffic sent and received for VLAN 4 You can try to remove VLAN 1 on a trunk link, but it will still send... (including CLI/SDM) 3 .4 Implement static and dynamic addressing services for hosts in a LAN environment 3.5 Calculate and apply an addressing scheme, including VLSM IP addressing design, to a network 3.6 Determine the appropriate classless addressing scheme using VLSM and summarization to satisfy addressing requirements in a LAN/WAN environment 85711.book Page 144 Thursday, September 27, 2007 10:35 AM 3.7 . %CDP -4- NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/1 (40 ), with Core FastEthernet0/7 (1). 19: 24: 29: %CDP -4- NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/1. 1 0005.dccb.d74b DYNAMIC Fa0/1 1 000a.f467.9e80 DYNAMIC Fa0/3 1 000a.f467.9e8b DYNAMIC Fa0 /4 1 000a.f467.9e8c DYNAMIC Fa0/3 1 0010.7b7f.c2b0 DYNAMIC Fa0/3 1 0030.80dc .46 0b DYNAMIC Fa0/3 A 255.255.255. 240 mask, which is a block size of 16. The router’s address for VLAN 1 is in subnet 128. The next subnet is 144 , so the broadcast address of VLAN 1 is 143 and the valid host range is 129– 142 .