Cisco Admin II

Configuring VLANs on a Switch

Virtual Local Area Network: IEEE 802.1Q (dot1q).

PacketTracer - Add network device swt-02

cisco_packettracer_add_swt-02

Create VLANs

swt-01(config)#vlan 2
swt-01(config-vlan)#name VLAN2
swt-01(config-vlan)#exit

Assign VLANs to interfaces

swt-01(config)#int Fa0/1
swt-01(config-if)#description client_vl2_01
swt-01(config-if)#switchport access vlan 2

Same with VLAN3.

Checks

swt-01#sh vlan brief

VLAN Name                             Status     Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/3, Fa0/4, Fa0/5, Fa0/6
                                                Fa0/7, Fa0/8, Fa0/9, Fa0/10
                                                Fa0/11, Fa0/12, Fa0/13, Fa0/14
                                                Fa0/15, Fa0/16, Fa0/17, Fa0/18
                                                Fa0/19, Fa0/20, Fa0/21, Fa0/22
                                                Fa0/23, Fa0/24, Gig0/2
2    VLAN2                            active    Fa0/1
3    VLAN3                            active    Fa0/2
1002 fddi-default                     active
1003 token-ring-default               active
1004 fddinet-default                  active
1005 trnet-default                    active
swt-01#sh vlan id 2

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
2    VLAN2                            active    Fa0/1

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
2    enet  100002     1500  -      -      -        -    -        0      0

swt-01#sh vlan id 3

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
3    VLAN3                            active    Fa0/2

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
3    enet  100003     1500  -      -      -        -    -        0      0
sh int status
sh ip int brief

Apply the same commands on swt-02.

Configure trunk connection

Trunk:

a single interconnect used to transport data for multiple VLANs.

swt-01(config)#int Gi0/1
swt-01(config-if)#description swt-02
swt-01(config-if)#switchport mode trunk
swt-01(config-if)#switchport trunk allowed vlan 2-3
swt-02(config)#int Gi0/2
swt-02(config-if)#description swt-01
swt-02(config-if)#switchport mode trunk
swt-02(config-if)#switchport trunk allowed vlan 2-3

Configuring DHCP, NTP and NAT

Configure DHCP

rtr-01(config)#service dhcp
rtr-01(config)#ip dhcp pool vlan-2
rtr-01(dhcp-config)#network 192.168.2.0 255.255.255.0
rtr-01(dhcp-config)#default-router 192.168.2.254
rtr-01(dhcp-config)#end

rtr-01#sh ip dhcp conflict
IP address        Detection method   Detection time          VRF
192.168.2.1       Ping               Mar 1 1993 12:25 am

rtr-01#clear ip dhcp conflict *

rtr-01#sh ip dhcp pool

Pool vlan-2 :
 Utilization mark (high/low)    : 100 / 0
 Subnet size (first/next)       : 0 / 0
 Total addresses                : 254
 Leased addresses               : 2
 Excluded addresses             : 0
 Pending event                  : none

 1 subnet is currently in the pool
 Current index        IP address range                    Leased/Excluded/Total
 192.168.2.1          192.168.2.1      - 192.168.2.254     2    / 0     / 254

PacketTracer - Configure DHCP on end device

cisco_packettracer_dhcp_client_01 cisco_packettracer_dhcp_client_02

Same with VLAN3.

Configure NTP

rtr-01#clock set 18:21:00 15 Nov 2021

rtr-01(config)#ntp master 1
rtr-01(config)#end
swt-02(config)#ntp server 192.168.99.254
swt-02(config)#exit

swt-02#sh ntp associations

address         ref clock       st   when     poll    reach  delay          offset            disp
*~192.168.99.254127.127.1.1     1    15       16      77     0.00           0.00              0.12
 * sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured

swt-02#sh ntp status
Clock is synchronized, stratum 2, reference is 192.168.99.254
nominal freq is 250.0000 Hz, actual freq is 249.9990 Hz, precision is 2**24
reference time is FFFFFFFFAF1EDDAA.000000D3 (1:0:26.211 UTC Mon Mar 1 1993)
clock offset is 0.00 msec, root delay is 0.00  msec
root dispersion is 10.18 msec, peer dispersion is 0.11 msec.
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is - 0.000001193 s/s system poll interval is 4, last update was 5 sec ago

swt-02#sh clock detail
18:23:50.147 UTC Mon Nov 15 2021
Time source is NTP

Apply the same commands on swt-02.

Configure WAN

PacketTracer - Add WAN (fake)

cisco_packettracer_add_wan

Create a public interface and a default route.

rtr-01(config)#int gi0/0/1
rtr-01(config-if)#ip ad
rtr-01(config-if)#ip address 223.0.0.1 255.255.255.0
rtr-01(config-if)#no shut

rtr-01(config)#ip route 0.0.0.0 0.0.0.0 223.0.0.2

Configure NAT

rtr-01(config)#ip access-list standard NAT_INTERNET_VLAN2
rtr-01(config-std-nacl)#permit 192.168.2.0 0.0.0.255

rtr-01(config)#int gi0/0/1
rtr-01(config-if)#ip nat outside
rtr-01(config-if)#exit
rtr-01(config)#int gi0/0/0.2
rtr-01(config-subif)#ip nat inside
rtr-01(config-subif)#exit

rtr-01(config)#ip nat inside source list NAT_INTERNET_VLAN2 interface GigabitEthernet0/0/1 overload
rtr-01(config)#ip access-list standard NAT_INTERNET_VLAN99
rtr-01(config-std-nacl)#permit 192.168.99.3 0.0.0.255
rtr-01(config-std-nacl)#exit

rtr-01(config)#ip nat inside source list NAT_INTERNET_VLAN99 int gi0/0/1 overload

PacketTracer - Check NAT from end device

cisco_packettracer_check_nat

Same with VLAN3.

Configure port forwarding

rtr-01(config)#ip nat inside source static tcp 192.168.2.5 80 223.0.0.1 80
rtr-01(config)#ip nat inside source static tcp 192.168.2.5 443 223.0.0.1 443

PacketTracer - End device server configuration

cisco_packettracer_server_net_config cisco_packettracer_server_web_services

PacketTracer - Check port forwarding

cisco_packettracer_check_port_forwarding

Managing STP

Spanning Tree Protocol

  • IEEE 802.1D

  • Operation mode:
    1. selection of the root switch

    2. determination of the root port on each switch

    3. determination of the designated port on each segment

    4. blocking of other ports

  • BPDU: Bridge Protocol Data Units

Change STP root switch

PacketTracer - Spanning Tree root switch Switch2

cisco_packettracer_stp_01

Switch1#sh sp
VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address     0001.430B.5579
             Cost        38
             Port        1(FastEthernet0/1)
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     0030.A3CC.A9EA
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  20

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1            Root FWD 19        128.1    P2p
Fa0/2            Altn BLK 19        128.2    P2p

Switch1#conf t
Switch1(config)#spanning-tree vlan 1 root primary

Switch1#sh sp
VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    24577
             Address     0030.A3CC.A9EA
             This bridge is the root
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    24577  (priority 24576 sys-id-ext 1)
             Address     0030.A3CC.A9EA
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  20

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1            Desg FWD 19        128.1    P2p
Fa0/2            Desg FWD 19        128.2    P2p
Switch2#sh sp
VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address     0001.430B.5579
             This bridge is the root
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     0001.430B.5579
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  20

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1            Desg FWD 19        128.1    P2p
Fa0/2            Desg FWD 19        128.2    P2p

Switch2#conf t
Switch2(config)#spanning-tree vlan 1 root secondary

Switch2#sh sp
VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    24577
             Address     0030.A3CC.A9EA
             Cost        38
             Port        1(FastEthernet0/1)
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    28673  (priority 28672 sys-id-ext 1)
             Address     0001.430B.5579
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  20

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1            Root FWD 19        128.1    P2p
Fa0/2            Altn BLK 19        128.2    P2p

PacketTracer - Spanning Tree root switch Switch1

cisco_packettracer_stp_02