Lab4-1.net file for Dynamips:
##################################################
#
# CCNP: Building Multilayer Switched Networks v5.0
# Lab 4-1: Inter-VLAN Routing with an External Router
# By Happy Peter http://blog.xuite.net/juilin77/happy
#
##################################################
autostart=false
[localhost:7200]
workingdir = /opt/dynamips/dynagen-0.10.1/UTS/CCNP3/Lab4-1/workingconfig/
[[3640]]
# Specify 3640 IOS image on Linux here:
image = /opt/dynamips/images/c3640-jk.bin
ram = 128
disk0 = 0
disk1 = 0
# Choose an idlepc value from the below
idlepc = 0x605ac7b8
mmap = true
ghostios = true
confreg = 0x2102
[[3725]]
# Specify 3725 IOS image on Linux here:
image = /opt/dynamips/images/c3725-ad.bin
ram = 256
idlepc =0x60bf8d58
mmap = true
ghostios = true
confreg = 0x2102
###########################
#
# Define router instances 1
#
###########################
[[Router ISP]]
model = 3640
console = 2001
slot0 = NM-4T
S0/0 = Gateway S1/0
[[Router Gateway]]
model = 3640
console = 2002
slot0 = NM-1FE-TX
slot1 = NM-4T
F0/0 = ALS1 F1/1
[[Router ALS1]]
model = 3725
console = 2003
slot1 = NM-16ESW
F1/6 = Payroll F0/0
F1/11 = ALS2 F1/11
F1/12 = ALS2 F1/12
[[Router ALS2]]
model = 3725
console = 2004
slot1 = NM-16ESW
F1/6 = Engineering F0/0
[[Router Payroll]]
model = 3640
console = 2005
slot0 = NM-1FE-TX
[[Router Engineering]]
model = 3640
console = 2006
slot0 = NM-1FE-TX
Objective:
This lab configures inter-VLAN routing using an external router, also known as
a router-on-a-stick.
Scenario:
In this scenario, we are splitting an existing network into two separate VLANs on
the access layer switches, and using an external router to route between the VLANs.
Basic Configuration:
Router:
enable
configure terminal
!
no ip domain lookup
!
line console 0
logging synchronous
exec-timeout 0 0
!
hostname
Switch and PC:
enable
configure terminal
!
no ip routing
!
no ip domain lookup
!
line console 0
logging synchronous
exec-timeout 0 0
!
hostname
Step 1
Start by deleting the vlan.dat file, erasing the startup config, and reloading all your switches.
All Switches:
Clearing all Switches
Step 2
Configure the ISP router for communication with your Gateway router.
ISP(config)#hostname ISP
ISP(config)#interface loopback 0
ISP(config-if)#ip address 200.200.200.1 255.255.255.0
ISP(config)#interface serial 0/0
ISP(config-if)#ip address 192.168.1.1 255.255.255.0
ISP(config-if)#clock rate 64000
ISP(config-if)#no shutdown
ISP(config)#ip route 172.16.0.0 255.255.0.0 192.168.1.2
Configure the Gateway router to communicate with the ISP router.
Gateway(config)#hostname Gateway
Gateway(config)#interface serial 1/0
Gateway(config-if)#ip address 192.168.1.2 255.255.255.0
Gateway(config-if)#no shutdown
Gateway(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1
Gateway#ping 200.200.200.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.200.200.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/8/16 ms
Gateway#
Step 3
Configure the IP addresses on the management VLAN according to the diagram.
Create a default gateway on both access layer switches using the "ip default-gateway
ip_address" command. Set an enable secret password and configure the VTY
lines for Telnet access to the switch.
ALS1(config)#hostname ALS1
ALS1(config)#interface vlan 1
ALS1(config-if)#ip address 172.16.1.101 255.255.255.0
ALS1(config-if)#no shutdown
ALS1(config)#ip default-gateway 172.16.1.1
ALS1(config)#enable secret cisco
ALS1(config)#line vty 0 15
ALS1(config-line)#password cisco
ALS1(config-line)#login
ALS1(config-line)#logging synchronous
ALS2(config)#hostname ALS2
ALS2(config)#interface vlan 1
ALS2(config-if)#ip addr 172.16.1.102 255.255.255.0
ALS2(config-if)#no shutdown
ALS2(config)#ip default-gateway 172.16.1.1
ALS2(config)#enable secret cisco
ALS2(config)#line vty 0 15
ALS2(config-line)#password cisco
ALS2(config-line)#login
ALS2(config-line)#logging synchronous
Step 4
Verify that the only existing VLANs are the defaults.
ALS1#show vlan-switch
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1/0, Fa1/1, Fa1/2, Fa1/3
Fa1/4, Fa1/5, Fa1/6, Fa1/7
Fa1/8, Fa1/9, Fa1/10, Fa1/11
Fa1/12, Fa1/13, Fa1/14, Fa1/15
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
1002 fddi 101002 1500 - - - - - 1 1003
1003 tr 101003 1500 1005 0 - - srb 1 1002
1004 fdnet 101004 1500 - - 1 ibm - 0 0
1005 trnet 101005 1500 - - 1 ibm - 0 0
ALS1#
Step 5
Configure the access layer switches for trunking and Etherchannel.
ALS1(config)#interface range fastEthernet 1/11 - 12
ALS1(config-if-range)#channel-group 1 mode on
ALS1(config-if-range)#switchport trunk encapsulation dot1q
ALS1(config-if-range)#switchport mode trunk
ALS1(config-if-range)#exit
ALS1(config)#interface port-channel 1
ALS1(config-if)#switchport trunk encapsulation dot1q
ALS1(config-if)#switchport mode trunk
ALS2(config)#interface range fastEthernet 1/11 - 12
ALS2(config-if-range)#channel-group 1 mode on
ALS2(config-if-range)#switchport trunk encapsulation dot1q
ALS2(config-if-range)#switchport mode trunk
ALS2(config-if-range)#exit
ALS2(config)#interface port-channel 1
ALS2(config-if)#switchport trunk encapsulation dot1q
ALS2(config-if)#switchport mode trunk
Verify the Etherchannel configuration.
ALS1#show etherchannel summary
Flags: D - down P - in port-channel
I - stand-alone s - suspended
R - Layer3 S - Layer2
U - in use
Group Port-channel Ports
-----+------------+-----------------------------------------------------------
1 Po1(SU) Fa1/11(P) Fa1/12(P)
ALS1#
Step 6
Set up the VTP domain for the access layer switches in global configuration
mode.
ALS1#vlan database
ALS1(vlan)#vtp domain SWLAB
ALS1(vlan)#exit
Step 7
Configure the switch access ports for the hosts according to the diagram.
ALS1(config)#interface fastEthernet 1/6
ALS1(config-if)#switchport access vlan 100
% Access VLAN does not exist. Creating vlan 100
ALS1(config-if)#switchport mode access
ALS2(config)#interface fastEthernet 1/6
ALS2(config-if)#switchport access vlan 200
% Access VLAN does not exist. Creating vlan 200
ALS2(config-if)#switchport mode access
ALS1#show vlan-switch
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1/0, Fa1/2, Fa1/3, Fa1/4
Fa1/5, Fa1/7, Fa1/8, Fa1/9
Fa1/10, Fa1/13, Fa1/14, Fa1/15
100 VLAN0100 active Fa1/6
200 VLAN0200 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
100 enet 100100 1500 - - - - - 0 0
200 enet 100200 1500 - - - - - 0 0
1002 fddi 101002 1500 - 0 - - - 1 1003
1003 tr 101003 1500 1005 0 - - srb 1 1002
1004 fdnet 101004 1500 - - 1 ibm - 0 0
1005 trnet 101005 1500 - - 1 ibm - 0 0
ALS1#
ALS2#sh vlan-switch
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1/0, Fa1/1, Fa1/2, Fa1/3
Fa1/4, Fa1/5, Fa1/7, Fa1/8
Fa1/9, Fa1/10, Fa1/13, Fa1/14
Fa1/15
100 VLAN0100 active
200 VLAN0200 active Fa1/6
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
100 enet 100100 1500 - - - - - 0 0
200 enet 100200 1500 - - - - - 0 0
1002 fddi 101002 1500 - 0 - - - 1 1003
1003 tr 101003 1500 1005 0 - - srb 1 1002
1004 fdnet 101004 1500 - - 1 ibm - 0 0
1005 trnet 101005 1500 - - 1 ibm - 0 0
ALS2#
ALS2#show vtp status
VTP Version : 2
Configuration Revision : 2
Maximum VLANs supported locally : 36
Number of existing VLANs : 7
VTP Operating Mode : Server
VTP Domain Name : SWLAB
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xE9 0x3A 0x68 0xC1 0xC4 0xB9 0xE5 0x59
Configuration last modified by 172.16.1.102 at 3-1-02 01:23:36
Local updater ID is 172.16.1.102 on interface Vl1 (lowest numbered VLAN interface found)
ALS2#
Step 8
Configure the switch for trunking with the external router’s Fast Ethernet
interface according to the diagram.
ALS1(config)#interface fastEthernet 1/1
ALS1(config-if)#switchport trunk encapsulation dot1q
ALS1(config-if)#switchport mode trunk
Step 9
Configure the Gateway router’s Fast Ethernet interface for trunking for VLANs
1, 100, and 200.
Gateway(config)#interface fastEthernet 0/0
Gateway(config-if)#no shutdown
Gateway(config)#interface fastEthernet 0/0.1
Gateway(config-subif)#encapsulation dot1Q 1 native
Gateway(config-subif)#ip address 172.16.1.1 255.255.255.0
Gateway(config)#interface fastEthernet 0/0.100
Gateway(config-subif)#encapsulation dot1Q 100
Gateway(config-subif)#ip address 172.16.100.1 255.255.255.0
Gateway(config)#interface fastEthernet 0/0.200
Gateway(config-subif)#encapsulation dot1Q 200
Gateway(config-subif)#ip address 172.16.200.1 255.255.255.0
Gateway#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset up up
FastEthernet0/0.1 172.16.1.1 YES manual up up
FastEthernet0/0.100 172.16.100.1 YES manual up up
FastEthernet0/0.200 172.16.200.1 YES manual up up
Serial1/0 192.168.1.2 YES manual up up
Serial1/1 unassigned YES unset administratively down down
Serial1/2 unassigned YES unset administratively down down
Serial1/3 unassigned YES unset administratively down down
Gateway#
Step 10
Verify inter-VLAN routing on the Gateway router and the host devices.
Payroll(config)#hostname Payroll
Payroll(config)#interface fastEthernet 0/0
Payroll(config-if)#ip address 172.16.100.101 255.255.255.0
Payroll(config-if)#no shutdown
Payroll(config-if)#exit
Payroll(config)#ip default-gateway 172.16.100.1
Engineering(config)#hostname Engineering
Engineering(config)#interface fastEthernet 0/0
Engineering(config-if)#ip address 172.16.200.101 255.255.255.0
Engineering(config-if)#no shutdown
Engineering(config-if)#exit
Engineering(config)#ip default-gateway 172.16.200.1
Payroll#ping 200.200.200.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.200.200.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/11/24 ms
Payroll#
Engineering#ping 200.200.200.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.200.200.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/10/16 ms
Engineering#
Final Configurations
ISP:
hostname ISP
!
no ip domain lookup
!
interface Loopback0
ip address 200.200.200.1 255.255.255.0
!
interface Serial0/0
ip address 192.168.1.1 255.255.255.0
clock rate 64000
no shutdown
!
ip route 172.16.0.0 255.255.0.0 192.168.1.2
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
Gateway:
hostname Gateway
!
no ip domain lookup
!
interface FastEthernet0/0
no ip address
no shutdown
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 172.16.1.1 255.255.255.0
!
interface FastEthernet0/0.100
encapsulation dot1Q 100
ip address 172.16.100.1 255.255.255.0
!
interface FastEthernet0/0.200
encapsulation dot1Q 200
ip address 172.16.200.1 255.255.255.0
!
interface Serial1/0
ip address 192.168.1.2 255.255.255.0
no shutdown
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
ASL1:
hostname ALS1
!
enable secret 5 $1$gZT7$a0n0/jiA481wbNhjNm1je0
!
no ip routing
!
no ip domain lookup
!
interface Port-channel1
switchport mode trunk
!
interface FastEthernet1/0
!
interface FastEthernet1/1
switchport mode trunk
!
interface FastEthernet1/6
switchport access vlan 100
!
interface FastEthernet1/11
switchport mode trunk
channel-group 1 mode on
!
interface FastEthernet1/12
switchport mode trunk
channel-group 1 mode on
!
interface Vlan1
ip address 172.16.1.101 255.255.255.0
no shutdown
!
ip default-gateway 172.16.1.1
!
line con 0
exec-timeout 0 0
logging synchronous
!
line vty 0 4
password cisco
logging synchronous
login
line vty 5 15
password cisco
logging synchronous
login
!
end
ALS2:
hostname ALS2
!
enable secret 5 $1$Veuv$UlOQSUlEOK7Y8SP0WwI.p.
!
no ip routing
!
no ip domain lookup
!
interface Port-channel1
switchport mode trunk
!
interface FastEthernet1/6
switchport access vlan 200
!
interface FastEthernet1/11
switchport mode trunk
channel-group 1 mode on
!
interface FastEthernet1/12
switchport mode trunk
channel-group 1 mode on
!
interface Vlan1
ip address 172.16.1.102 255.255.255.0
no shutdown
!
ip default-gateway 172.16.1.1
!
line con 0
exec-timeout 0 0
logging synchronous
!
line vty 0 4
password cisco
logging synchronous
login
line vty 5 15
password cisco
logging synchronous
login
!
end
Payroll:
hostname Payroll
!
no ip routing
!
no ip domain lookup
!
interface FastEthernet0/0
ip address 172.16.100.101 255.255.255.0
no shutdown
!
ip default-gateway 172.16.100.1
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
Engineering:
hostname Engineering
!
no ip routing
!
no ip domain lookup
!
interface FastEthernet0/0
ip address 172.16.200.101 255.255.255.0
no shutdown
!
ip default-gateway 172.16.200.1
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
Reference:
Cisco Networking Academy
http://www.cisco.com/web/learning/netacad/index.html
CCNP Version 5.0: Building Multilayer Switched Networks
Student Lab Manual
最初發表 / 最後更新: 2008.10.10 / 2018.06.12
0 comments:
張貼留言