Ccnpv6 Switch Lab2-1 Vlans Student

CCNPv6 SWITCH
Chapter 2 Lab 2-1, Static VLANS, VLAN Trunking, and VTP Domains and odes
Topology
Objectives
Set up a VTP domain! Create and maintain VLANs! Con"igure #SL and $%2!1& trunking!
Background
VLANs 'ogica''( segment a net)ork b( "unction, team, or app'ication, regard'ess o" the ph(sica' 'ocation o" the users! *nd stations in a particu'ar #P subnet are o"ten associated )ith a speci"ic VLAN! VLAN membership on a s)itch that is assigned manua''( "or each inter"ace is kno)n as static VLAN membership! Trunking, or connecting s)itches, and the VLAN Trunking Protoco' +VTP, are techno'ogies that support VLANs! VTP manages the addition, de'etion, and renaming o" VLANs on the entire net)ork "rom a sing'e centra' s)itch! Note This 'ab uses Cisco -S-C2./%-20TT-L s)itches )ith the Cisco #1S image c2./%-'anbasek.-m2!1220/!S*!bin, and Cata'(st 34/%-20PS )ith the Cisco #1S image c34/%-ad5ipser5icesk.-m2!122-0/!S*!bin! 6ou can use other s)itches +such as a 2.4% or 344%, and Cisco #1S So"t)are 5ersions i" the( ha5e comparab'e capabi'ities and "eatures! Depending on the s)itch mode' and Cisco #1S So"t)are 5ersion, the commands a5ai'ab'e and output produced might 5ar( "rom )hat is sho)n in this 'ab!
A'' contents are Cop(right 7 1..282%13 Cisco S(stems, #nc! A'' rights reser5ed! This document is Cisco Pub'ic #n"ormation!
Page 1 o" 1/
CCNPv6 SWITCH
!e"uired !esources
2 s)itches +Cisco 2./% )ith the Cisco #1S 9e'ease 12!2+0/,S* C2./%-LAN:AS*;.comparab'e, image or
2 s)itches +Cisco 34/% )ith the Cisco #1S 9e'ease 12!2+0/,S* C34/%-ADV#PS*9V#C*S;.image or comparab'e, 0 PCs +optiona', *thernet and conso'e cab'es
Step # Prepare t$e s%itc$es &or t$e lab'

Po)er up the s)itches and use the standard process "or estab'ishing a <(perTermina' conso'e connection "rom a )orkstation to each s)itch in (our pod! #" (ou are connecting remote'( to the s)itches, "o''o) the instructions that ha5e been supp'ied b( (our instructor! 9emo5e a'' VLAN in"ormation and con"igurations that ma( ha5e been pre5ious'( entered into the s)itches! 9e"er to Lab 1-1, =C'earing a S)itch,> and Lab 1-2, =C'earing a S)itch Connected to a Larger Net)ork!>
Step ( Con&igure basic s%itc$ para)eters'

Assign each s)itch a hostname and con"igure an #P address on the management VLAN according to the diagram! :( de"au't, VLAN 1 is used as the management VLAN! *nter basic con"iguration commands on each s)itch according to the diagram! DLS1 e?amp'e@ Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config # hostname DLS1 !LS"(config # interface vlan 1 !LS"(config#if # ip address 10.1.1.101 255.255.255.0 !LS"(config#if # no shutdown +1ptiona', 1n each s)itch, create an enab'e secret pass)ord and con"igure the 5t( 'ines to a''o) remote access "rom other net)ork de5ices! DLS1 e?amp'e@ !LS"(config # enable secret cisco !LS"(config # line vty 0 15 !LS"(config#line # password cisco !LS"(config#line # login
Step * +isplay t$e s%itc$ de&ault ,-.N in&or)ation'

Ase the s$o% vlan command in pri5i'eged mode on an( s)itch! The "o''o)ing output is "or a 2./% s)itch! $LS"# show vlan %L$N Name Status &orts #### ################################ ######### ############################### " default acti'e (a)/", (a)/*, (a)/+, (a)/, (a)/-, (a)/., (a)//, (a)/0 (a)/1, (a)/"), (a)/"", (a)/"* (a)/"+, (a)/",, (a)/"-, (a)/". (a)/"/, (a)/"0, (a)/"1, (a)/*) (a)/*", (a)/**, (a)/*+, (a)/*, 2i)/", 2i)/*
A'' contents are Cop(right 7 1..282%13 Cisco S(stems, #nc! A'' rights reser5ed! This document is Cisco Pub'ic #n"ormation! Page 2 o" 1/
CCNPv6 SWITCH "))* "))+ ")), "))%L$N #### " "))* "))+ ")), "))fddi#default to3en#ring#default fddinet#default trnet#default T4pe ##### enet fddi tr fdnet trnet S$5! ########## "))))" ")"))* ")"))+ ")")), ")"))6T7 ##### "-)) "-)) "-)) "-)) "-)) &arent ###### # # # # # act/unsup act/unsup act/unsup act/unsup 8ingNo ###### # # # # # 9ridgeNo ######## # # # # # Stp #### # # # ieee i:m 9rdg6ode ######## # # # # # Trans" ###### ) ) ) ) ) Trans* ###### ) ) ) ) )
8emote S&$N %L$Ns ############################################################################## &rimar4 Secondar4 T4pe &orts ####### ######### ################# ########################################## The "o''o)ing output is "or a 34/% s)itch! !LS"# show vlan %L$N Name Status &orts #### ################################ ######### ############################### " default acti'e (a)/", (a)/*, (a)/+, (a)/, (a)/-, (a)/., (a)//, (a)/0 (a)/1, (a)/"), (a)/"", (a)/"* (a)/"+, (a)/",, (a)/"-, (a)/". (a)/"/, (a)/"0, (a)/"1, (a)/*) (a)/*", (a)/**, (a)/*+, (a)/*, 2i)/", 2i)/* "))* fddi#default act/unsup "))+ to3en#ring#default act/unsup ")), fddinet#default act/unsup "))- trnet#default act/unsup %L$N #### " "))* "))+ ")), "))T4pe ##### enet fddi tr fdnet trnet S$5! ########## "))))" ")"))* ")"))+ ")")), ")"))6T7 ##### "-)) "-)) "-)) "-)) "-)) &arent ###### # # # # # 8ingNo ###### # # # # # 9ridgeNo ######## # # # # # Stp #### # # # ieee i:m 9rdg6ode ######## # # # # # Trans" ###### ) ) ) ) ) Trans* ###### ) ) ) ) )
8emote S&$N %L$Ns ############################################################################## &rimar4 Secondar4 T4pe &orts ####### ######### ################# ########################################## Note the de"au't VLAN numbers, names, and associated t(pes, and that a'' s)itch ports are automatica''( assigned to VLAN 1!
Page 3 o" 1/
CCNPv6 SWITCH 6ou can use the s$o% vlan command to determine the mode o" a port! Ports con"igured "or a particu'ar VLAN are sho)n in that VLAN! Ports con"igured "or trunk mode are not associated )ith a speci"ic VLAN, and so are not inc'uded in the output!
Step / 01a)ine ,TP in&or)ation'

A VTP domain, a'so ca''ed a VLAN management domain, consists o" trunked s)itches that are under the administrati5e responsibi'it( o" a s)itch or s)itches in ser5er VTP mode! A s)itch can be in on'( one VTP domain )ith the same VTP domain name! The de"au't VTP mode "or the 2./% and 34/% s)itches is ser5er mode! VLAN in"ormation is not propagated unti' a domain name is speci"ied and trunks are set up bet)een the de5ices! The "o''o)ing tab'e describes the three VTP modes! ,TP 2ode VTP ser5er +escription 6ou can create, modi"(, and de'ete VLANs and speci"( other con"iguration parameters, such as VTP 5ersion and VTP pruning, "or the entire VTP domain! VTP ser5ers ad5ertise their VLAN con"iguration to other s)itches in the same VTP domain and s(nchroni2e their VLAN con"iguration )ith other s)itches based on ad5ertisements recei5ed o5er trunk 'inks! VTP ser5er is the de"au't mode! VTP c'ient VTP c'ients beha5e the same )a( as VTP ser5ers, but (ou cannot create, change, or de'ete VLANs on a VTP c'ient! VTP transparent s)itches do not participate in VTP! A VTP transparent s)itch does not ad5ertise its VLAN con"iguration nor s(nchroni2e its VLAN con"iguration based on recei5ed ad5ertisements! Transparent s)itches do "or)ard VTP ad5ertisements that the( recei5e out their trunk ports in VTP Version 2!
VTP transparent
Ase the s$o% vtp status command on an( s)itch! The output shou'd be simi'ar to the "o''o)ing samp'e "or DLS1! !LS"# show vtp status %T& %ersion ; running %T&" (%T&* capa:le Configuration 8e'ision ; ) 6a<imum %L$Ns supported locall4 ; "))Num:er of e<isting %L$Ns ; %T& =perating 6ode ; Ser'er %T& !omain Name ; %T& &runing 6ode ; !isa:led %T& %* 6ode ; !isa:led %T& Traps 2eneration ; !isa:led 6!- digest ; )<-/ )<C! )<,) )<.- )<.+ )<-1 )<,/ )<9! Configuration last modified :4 ).).).) at )#)#)) ));));)) Local updater 5! is ").".".")" on interface %l" (lowest num:ered %L$N interface found
Page 0 o" 1/
CCNPv6 SWITCH :ecause no VLAN con"igurations )ere made, a'' settings are the de"au'ts! Notice that the VTP mode is ser5er mode! The number o" e?isting VLANs is the "i5e bui't-in VLANs! The 34/% s)itch supports 1,%%4 ma?imum VLANs 'oca''(! The 2./% s)itch supports 244 VLANs! The con"iguration re5ision is %, and the de"au't VTP 5ersion is 1! A'' s)itches in the VTP domain must run the same VTP 5ersion! The importance o" the con"iguration re5ision number is that the s)itch )ith the highest re5ision number in VTP ser5er mode propagates VLAN in"ormation o5er trunked ports! *5er( time VLAN in"ormation is modi"ied and sa5ed in the VLAN database or 5'an!dat "i'e, the re5ision number is increased b( one )hen the user e?its "rom VLAN con"iguration mode! u'tip'e s)itches in the VTP domain can be in VTP ser5er mode! These s)itches can be used to manage a'' other s)itches in the VTP domain! This is suitab'e "or sma''-sca'e net)orks )here the VLAN in"ormation is sma'' and easi'( stored in a'' s)itches! #n a 'arge net)ork, the administrator must determine )hich s)itches make the best VTP ser5ers! The net)ork administrator shou'd se'ect s)itches to "unction as VTP ser5ers! The other s)itches in the VTP domain can be con"igured as c'ients! The number o" VTP ser5ers shou'd be consistent based on the amount o" redundanc( desired in the net)ork!
Step 3 Con&igure ,TP on t$e s%itc$es'

Change the VTP domain name on DLS1 to S-LA: using the vtp do)ain command! #" the VTP 5ersion de"au'ts to 1, set it manua''( to 5ersion 2 using the vtp version command! !LS"(config # vtp domain SWL ! Changing %T& domain name from N7LL to S>L$9 !LS"(config # vtp version 2 Note@ The ne)est VTP 5ersion, VTP53, is not supported b( the #1S used on the s)itches in this 'ab! <o)e5er, it is supported in #1S 5ersions 12!2+42,S* and ne)er on a'' p'at"orms e'igib'e "or this #1S +2./%, 34/%, 3B4%, etc!,! VTP53 has impro5ements in three maCor areas! :etter administrati5e contro' o5er )hich de5ice is a''o)ed to update other de5icesD 5ie) o" the VLAN topo'og(! The chance o" unintended and disrupti5e changes is signi"icant'( reduced, and a5ai'abi'it( is increased! Eunctiona'it( "or the VLAN en5ironment has been signi"icant'( e?panded! #n addition to supporting the ear'ier #SL VLAN range "rom 1 to 1%%1, the ne) 5ersion supports the )ho'e #*** $%2!1& VLAN range up to 0%.4! #n addition to supporting the concept o" norma' VLANs, VTP 5ersion 3 can trans"er in"ormation regarding Pri5ate VLAN +PVLAN, structures! The third area o" maCor impro5ement is support "or databases other than VLAN +"or e?amp'e, ST,!
Set up the s)itches so that the distribution 'a(er s)itches are in VTP ser5er mode, and the access 'a(er s)itches are in VTP c'ient mode! Set the 5ersion number to 2 on the DL s)itches! !LS"(config # vtp mode server !e'ice mode alread4 %T& SE8%E8. :ecause the de"au't mode is ser5er, (ou recei5e a message on DLS1 stating that the de5ice mode is a'read( VTP ser5er! $LS"(config # vtp mode client Setting de'ice to %T& CL5ENT mode. Note 6ou cannot modi"( the 5ersion in VTP c'ient mode Ase the s$o% vtp status command on either o" the AL s)itches! The output shou'd be simi'ar to the "o''o)ing samp'e "or ALS1!
CCNPv6 SWITCH $LS"# show vtp status %T& %ersion ; running %T&" (%T&* capa:le Configuration 8e'ision ; ) 6a<imum %L$Ns supported locall4 ; *-Num:er of e<isting %L$Ns ; %T& =perating 6ode ; Client %T& !omain Name ; %T& &runing 6ode ; !isa:led %T& %* 6ode ; !isa:led %T& Traps 2eneration ; !isa:led 6!- digest ; )<-/ )<C! )<,) )<.- )<.+ )<-1 )<,/ )<9! Configuration last modified :4 ).).).) at )#)#)) ));));)) Notice that (ou do not see the VTP domain name that (ou set up on DLS1! :ecause no trunks are set up bet)een the s)itches, the( ha5e not started to distribute an( VLAN in"ormation! There is no #P address +%!%!%!%, or time 'isted "or the 'ast con"iguration modi"ication!
Step 6 Con&igure trunking'

The s$o% inter&aces s%itc$port command 'ists the con"igured mode o" each port in detai'! The "o''o)ing partia' samp'e output is "or a 2./% s)itch on Ea%FB! $LS"# show interfaces fast"thernet 0#$ switchport Name; (a)// Switchport; Ena:led $dministrati'e 6ode; d4namic auto =perational 6ode; static access $dministrati'e Trun3ing Encapsulation; dot"? =perational Trun3ing Encapsulation; nati'e Negotiation of Trun3ing; =n $ccess 6ode %L$N; " (default Trun3ing Nati'e 6ode %L$N; " (default $dministrati'e Nati'e %L$N tagging; ena:led %oice %L$N; none $dministrati'e pri'ate#'lan host#association; none $dministrati'e pri'ate#'lan mapping; none $dministrati'e pri'ate#'lan trun3 nati'e %L$N; none $dministrati'e pri'ate#'lan trun3 Nati'e %L$N tagging; ena:led $dministrati'e pri'ate#'lan trun3 encapsulation; dot"? $dministrati'e pri'ate#'lan trun3 normal %L$Ns; none $dministrati'e pri'ate#'lan trun3 pri'ate %L$Ns; none =perational pri'ate#'lan; none Trun3ing %L$Ns Ena:led; $LL &runing %L$Ns Ena:led; *#"))" Capture 6ode !isa:led Capture %L$Ns $llowed; $LL &rotected; false 7n3nown unicast :loc3ed; disa:led 7n3nown multicast :loc3ed; disa:led $ppliance trust; none Ports on the 2./% and 34/% s)itches are set to d(namic auto b( de"au't! This means that the( are )i''ing to negotiate a trunk )ith the neighborG ho)e5er, i" both sides are set to d(namic auto, the 'ink )i'' remain in access mode! This can be done b( con"iguring one end o" the trunk using the s%itc$port )ode trunk command! 1n the 34/% s)itches, (ou a'so need to con"igure the trunk encapsu'ation )ith the s%itc$port
Page / o" 1/
CCNPv6 SWITCH trunk encapsulation command! The 34/% s)itch can use either #nter-S)itch Link +#SL, or $%2!1& encapsu'ation, )hereas the 2./% s)itch on'( supports $%2!1&! 9e"er to the 'ab diagram "or )hich ports to set up as trunks and the t(pe o" encapsu'ation to use! Con"igure on'( the inter"aces on DLS1 and ALS1 )ith the s%itc$port )ode trunk command, and 'ea5e DLS2 and ALS2 as the de"au't port t(pes "or East *thernet inter"aces %F.8%F12! East *thernet %FB and %F$ o" DLS2 a'so need to be con"igured )ith the s%itc$port )ode trunk command "or the trunks connecting DLS2 and ALS2! The 2./% and 34/% s)itches ha5e a range command that (ou can use to designate mu'tip'e indi5idua' ports or a continuous range o" ports "or an operation! Ase the inter&ace range command to con"igure a'' trunk ports at once "or trunking! The "o''o)ing is a samp'e con"iguration "or the $%2!1& and #SL trunk ports on DLS1! !LS"(config # interface range fast"thernet 0#$ % 10 !LS"(config#if#range # switchport trun& encapsulation dot1' !LS"(config#if#range # switchport mode trun& !LS"(config # interface range fast"thernet 0#11 % 12 !LS"(config#if#range # switchport trun& encapsulation isl !LS"(config#if#range # switchport mode trun& The "o''o)ing is a samp'e con"iguration "or the trunk ports on ALS1! $LS"(config # interface range fast"thernet 0#$ ( 12 $LS"(config#if # switchport mode trun& The "o''o)ing is a samp'e con"iguration "or the trunk ports on DLS2! !LS*(config # interface range fast"thernet 0#$ % ) !LS*(config#if#range # switchport trun& encapsulation dot1' !LS*(config#if#range # switchport mode trun& Note@ This 'ab uses d(namic trunking protoco' +DTP, to negotiate trunking, )hich can 'ead to securit( issues! #n genera', )hen con"iguring trunks, it is a good practice to deacti5ate DTP using the s%itc$port nonegotiate command and con"igure a'' trunks statica''(!
Step 4 ,eri&y trunk con&iguration'

Ase the sho) inter"aces "ast*thernet %FB s)itchport command on ALS2! $LS*# show interfaces fast"thernet 0#$ switchport Name; (a)// Switchport; Ena:led $dministrati'e 6ode; d4namic auto =perational 6ode; trun3 $dministrati'e Trun3ing Encapsulation; dot"? =perational Trun3ing Encapsulation; dot"? Negotiation of Trun3ing; =n $ccess 6ode %L$N; " (default Trun3ing Nati'e 6ode %L$N; " (default $dministrati'e Nati'e %L$N tagging; ena:led %oice %L$N; none $dministrati'e pri'ate#'lan host#association; none $dministrati'e pri'ate#'lan mapping; none $dministrati'e pri'ate#'lan trun3 nati'e %L$N; none
A'' contents are Cop(right 7 1..282%13 Cisco S(stems, #nc! A'' rights reser5ed! This document is Cisco Pub'ic #n"ormation! Page B o" 1/
CCNPv6 SWITCH $dministrati'e pri'ate#'lan trun3 $dministrati'e pri'ate#'lan trun3 $dministrati'e pri'ate#'lan trun3 $dministrati'e pri'ate#'lan trun3 =perational pri'ate#'lan; none Trun3ing %L$Ns Ena:led; $LL &runing %L$Ns Ena:led; *#"))" Capture 6ode !isa:led Capture %L$Ns $llowed; $LL Nati'e %L$N tagging; ena:led encapsulation; dot"? normal %L$Ns; none pri'ate %L$Ns; none
&rotected; false 7n3nown unicast :loc3ed; disa:led 7n3nown multicast :loc3ed; disa:led $ppliance trust; none Notice that administrati5e mode on Ea%FB is sti'' the de"au't d(namic auto! Ea%FB on ALS2 is operating as a trunk, because port Ea%FB o" DLS2 )as con"igured using the s)itchport mode trunk command! 1nce this command )as issued, trunking )as negotiated bet)een the t)o s)itch ports! Ase the s$o% inter&aces trunk command on DLS1! !LS"# show interfaces trun& &ort (a)// (a)/0 (a)/1 (a)/") (a)/"" (a)/"* &ort (a)// (a)/0 (a)/1 (a)/") (a)/"" (a)/"* &ort (a)// (a)/0 (a)/1 (a)/") (a)/"" &ort (a)/"* &ort (a)// (a)/0 (a)/1 (a)/") (a)/"" (a)/"* 6ode on on on on on on Encapsulation 0)*."? 0)*."? 0)*."? 0)*."? isl isl Status trun3ing trun3ing trun3ing trun3ing trun3ing trun3ing Nati'e 'lan " " " " " "
%lans allowed on trun3 "#,)1, "#,)1, "#,)1, "#,)1, "#,)1, "#,)1, %lans allowed and acti'e in management domain " " " " " %lans allowed and acti'e in management domain " %lans in spanning tree forwarding state and not pruned " " " " " none
Page $ o" 1/
CCNPv6 SWITCH Note@ :( de"au't, a'' VLANs are a''o)ed on a'' trunks! 6ou can e?p'icit'( contro' )hich VLANs are a''o)ed on a trunk b( using the s%itc$port trunk allo%ed vlan vlan-id command on the inter"ace at each end o" the trunk! #n addition, (ou can speci"( a nati5e VLAN other than the de"au't VLAN 1, using the s%itc$port trunk native vlan vlan-id command! These t)o measures can he'p reduce the possibi'it( o" VLAN attacks!
Ase the s$o% inter&aces trunk command on DLS2! !LS*# show interfaces trun& &ort (a)// (a)/0 (a)/1 (a)/") (a)/"" (a)/"* &ort (a)// (a)/0 (a)/1 (a)/") (a)/"" (a)/"* &ort (a)// (a)/0 (a)/1 (a)/") (a)/"" &ort (a)/"* &ort (a)// (a)/0 (a)/1 (a)/") (a)/"" (a)/"* 6ode on on auto auto auto auto Encapsulation 0)*."? 0)*."? n#0)*."? n#0)*."? n#isl n#isl Status trun3ing trun3ing trun3ing trun3ing trun3ing trun3ing Nati'e 'lan " " " " " "
%lans allowed on trun3 "#,)1, "#,)1, "#,)1, "#,)1, "#,)1, "#,)1, %lans allowed and acti'e in management domain " " " " " %lans allowed and acti'e in management domain " %lans in spanning tree forwarding state and not pruned " " " " " "
Notice the high'ighted portion o" the abo5e output "rom DLS2 )here it indicates that these ports became trunks b( negotiation! Eor e?amp'e, port Ea%F. mode is Auto and encapsu'ation is n-$%2!1H! The =n> indicates the $%2!1H encapsu'ation )as negotiated! The connected ports o" the respecti5e s)itches )ere con"igured using the s%itc$port )ode trunk command!
Step 5 Con&igure access ports'

A port on the 2./% s)itch can operate in one o" three modes, and a port on the 34/% s)itch can operate in one o" "i5e modes! Ase the s%itc$port )ode 6 command "or inter"ace East *thernet %F/ in inter"ace con"iguration mode to 5ie) the modes! The "o''o)ing command output is "or a 2./% s)itch! $LS"(config # interface fast"thernet 0#*
A'' contents are Cop(right 7 1..282%13 Cisco S(stems, #nc! A'' rights reser5ed! This document is Cisco Pub'ic #n"ormation! Page . o" 1/
CCNPv6 SWITCH $LS"#(config#if # switchport access Set trun3ing mode d4namic Set trun3ing mode trun3 Set trun3ing mode mode + to $CCESS unconditionall4 to d4namicall4 negotiate access or trun3 mode to T87N@ unconditionall4
The "o''o)ing command output is "or a 34/% s)itch! !LS"(config # interface fast"thernet 0#* !LS"(config#if # switchport mode + access Set trun3ing mode to $CCESS unconditionall4 dot"?#tunnel set trun3ing mode to T7NNEL unconditionall4 d4namic Set trun3ing mode to d4namicall4 negotiate access or trun3 mode pri'ate#'lan Set the mode to pri'ate#'lan host or promiscuous trun3 Set trun3ing mode to T87N@ unconditionall4 The East *thernet ports connected to the hosts on the net)ork can be set up as static access because the( are not to be used as trunk ports! Ase the s%itc$port )ode access command to set the access mode on the East *thernet %F/ port on a'' "our s)itches in the pod! The "o''o)ing is a samp'e con"iguration "or the access port on ALS1! $LS"(config # interface fast"thernet 0#* $LS"(config#if # switchport mode access Ase the s$o% inter&aces command "or East *thernet %F/ to 5eri"( the con"iguration! The "o''o)ing command is "or a 34/% s)itch! !LS"# show interfaces fast"thernet 0#* switchport Name; (a)/. Switchport; Ena:led $dministrati'e 6ode; static access =perational 6ode; down $dministrati'e Trun3ing Encapsulation; negotiate Negotiation of Trun3ing; =ff $ccess 6ode %L$N; " (default Trun3ing Nati'e 6ode %L$N; " (default $dministrati'e Nati'e %L$N tagging; ena:led %oice %L$N; none $dministrati'e pri'ate#'lan host#association; none $dministrati'e pri'ate#'lan mapping; none $dministrati'e pri'ate#'lan trun3 nati'e %L$N; none $dministrati'e pri'ate#'lan trun3 Nati'e %L$N tagging; ena:led $dministrati'e pri'ate#'lan trun3 encapsulation; dot"? $dministrati'e pri'ate#'lan trun3 normal %L$Ns; none $dministrati'e pri'ate#'lan trun3 pri'ate %L$Ns; none =perational pri'ate#'lan; none Trun3ing %L$Ns Ena:led; $LL &runing %L$Ns Ena:led; *#"))" Capture 6ode !isa:led Capture %L$Ns $llowed; $LL &rotected; false 7n3nown unicast :loc3ed; disa:led 7n3nown multicast :loc3ed; disa:led $ppliance trust; none Note that administrati5e mode has no) changed to static access and that trunking negotiation is o""! The East *thernet %F/ ports on a'' "our s)itches are no) statica''( set to connect to a host de5ice!
Page 1% o" 1/
CCNPv6 SWITCH
Step 7 ,eri&y ,TP con&iguration'

:e"ore con"iguring the VLANs, 5eri"( the VTP con"iguration )ithin the domain b( using the s$o% vtp status command on ALS1 and ALS2! The "o''o)ing samp'e output is "rom ALS1! $LS"# show vtp status %T& %ersion ; running %T&* Configuration 8e'ision ; " 6a<imum %L$Ns supported locall4 ; *-Num:er of e<isting %L$Ns ; %T& =perating 6ode ; Client %T& !omain Name ; S>L$9 %T& &runing 6ode ; !isa:led %T& %* 6ode ; Ena:led %T& Traps 2eneration ; !isa:led 6!- digest ; )<!" )<C) )<+. )<(1 )<C, )<+E )</+ )<$) Configuration last modified :4 ").".".")" at +#"#1+ ));"*;,+ The "o''o)ing samp'e output is "rom ALS2! $LS*# show vtp status %T& %ersion ; running %T&* Configuration 8e'ision ; " 6a<imum %L$Ns supported locall4 ; *-Num:er of e<isting %L$Ns ; %T& =perating 6ode ; Client %T& !omain Name ; S>L$9 %T& &runing 6ode ; !isa:led %T& %* 6ode ; Ena:led %T& Traps 2eneration ; !isa:led 6!- digest ; )<!" )<C) )<+. )<(1 )<C, )<+E )</+ )<$) Configuration last modified :4 ").".".")" at +#"#1+ ));"*;,+ At this point, a'' s)itches in the 'ab are in VTP domain S-LA: and ha5e "i5e e?isting VLANs! A'' are running VTP 5ersion 2! DLS1 and DLS2 are con"igured as VTP ser5ers, and ALS1 and ALS2 are con"igured as c'ients! Note@ 6ou can 'imit the VLAN tra""ic passed bet)een s)itches using VTP pruning! Pruning increases a5ai'ab'e band)idth b( restricting "'ooded tra""ic to those trunk 'inks that the tra""ic must use to access the destination de5ices! 6ou can enab'e VTP pruning on a s)itch in VTP ser5er mode using the vtp pruning command! Eor e?amp'e, i" a VLAN is not de"ined on access s)itch ALS1 but is de"ined on distribution s)itches DLS1 and DLS2, the VLAN )i'' be pruned "rom the trunk 'inks bet)een ALS1 and the distribution s)itches but not "rom the 'ink bet)een the t)o distribution s)itches!
Step #8 Con&igure ,-.Ns by assigning port )e)bers$ip'

VLANs can be con"igured on a s)itch in di""erent )a(s, depending on the t(pe o" s)itch used and the Cisco #1S 5ersion! An o'der )a( to con"igure VLANs is to use the VLAN database! This method is being deprecated and is no 'onger recommended! <o)e5er, the VLAN database is sti'' accessib'e "or those )ho choose to use it! Eor e?amp'e, the "o''o)ing command is "or a 34/% s)itch! !LS"# vlan database A >arning; 5t is recommended to configure %L$N from config mode, as %L$N data:ase mode is :eing deprecated. &lease consult user documentation for configuring %T&/%L$N in config mode.
CCNPv6 SWITCH A more current method to create a VLAN is to assign a port to a VLAN that does not (et e?ist! #" the s)itch is in VTP Ser5er or Transparent mode, it automatica''( creates the VLAN to the port that it has been assigned to! VLAN 1 is the management VLAN b( de"au't! :( de"au't, a'' ports are set to d(namic mode and their access VLAN is set to 1! There is no need to create a VLAN 1, assign ports to it, or to set the mode o" each port! According to the 'ab diagram, VLANs 1%%, 11%, and 12% must be created, and port / must be assigned to each VLAN! 6ou )i'' create VLANs 1%% and 11% on the distribution s)itches using the port assignment method! 6ou )i'' create VLAN 12% "or the access s)itches using g'oba' con"iguration commands and then assign ports to those VLANs! Ase the s%itc$port access vlan command to assign port / on DLS1 and DLS2, according to the diagram! Port East *thernet %F/ o" DLS1 )i'' be assigned to VLAN 1%%, and East *thernet %F/ on DLS2 )i'' be assigned to VLAN 11%! The "o''o)ing command is "or the 34/% s)itches! !LS"(config # interface ,ast"thernet 0#* !LS"(config#if#range # switchport access vlan 100 A $ccess %L$N does not e<ist. Creating 'lan ")) VLAN 1%% )as created at the same time port / )as assigned to it! Con"igure DLS2 in the manner simi'ar to DLS1, but this time use VLAN 11%! !LS*(config # interface ,ast"thernet 0#* !LS*(config#if#range # switchport access vlan 110 A $ccess %L$N does not e<ist. Creating 'lan "") #ssue the s$o% vlan command on DLS1 to 5eri"( that VLANs 1%% and 11% ha5e been created! The output shou'd be simi'ar to the "o''o)ing output! !LS"# show vlan %L$N Name Status &orts #### ################################ ######### ############################# " default acti'e (a)/", (a)/*, (a)/+, (a)/, (a)/-, (a)/"+, (a)/", (a)/"-, (a)/"., (a)/"/, (a)/"0 (a)/"1, (a)/*), (a)/*", (a)/** (a)/*+, (a)/*,, 2i)/", 2i)/* ")) %L$N)")) acti'e (a)/. "") %L$N)"") acti'e "))* fddi#default act/unsup "))+ to3en#ring#default act/unsup ")), fddinet#default act/unsup "))- trnet#default act/unsup %L$N #### " ")) "") "))* %L$N #### "))+ ")), T4pe ##### enet enet enet fddi T4pe ##### tr fdnet S$5! ########## "))))" "))")) "))"") ")"))* S$5! ########## ")"))+ ")")), 6T7 ##### "-)) "-)) "-)) "-)) 6T7 ##### "-)) "-)) &arent ###### # # # # &arent ###### # # 8ingNo ###### # # # # 8ingNo ###### # # 9ridgeNo ######## # # # # 9ridgeNo ######## # # Stp #### # # # # Stp #### # ieee 9rdg6ode ######## # # # # 9rdg6ode ######## # # Trans" ###### ) ) ) ) Trans" ###### ) ) Trans* ##### ) ) ) ) Trans* ##### ) )
Page 12 o" 1/
CCNPv6 SWITCH "))- trnet ")"))"-)) # # # i:m # ) )
8emote S&$N %L$Ns ############################################################################# &rimar4 Secondar4 T4pe &orts ####### ######### ################# ######################################### :ecause VLAN 1%% and 11% )ere not named, the s)itch automatica''( assigns de"au't names, )hich are VLAN%1%% and VLAN%11%! Note that on DLS1, port Ea%F/ is acti5e in VLAN 1%%! A s$o% vlan command issued on DLS2 shou'd sho) port Ea%F/ acti5e in VLAN 11%!
Step ## Con&igure ,-.Ns in con&iguration )ode'

Another )a( o" creating VLANs is to create them in con"iguration mode )ithout assigning port membership! 6ou can create a VLAN in g'oba' con"iguration mode using the vlan command! :ecause ALS1 and ALS2 are con"igured "or VTP c'ient mode and it is not possib'e to create a VLAN )hen a s)itch is in c'ient mode, (ou must create the VLAN on the s)itch that is acting as a ser5er "or the net)ork! The VLAN then propagates to the other s)itches that are in c'ient mode! #ssue the vlan command in g'oba' con"iguration mode on DLS1! !LS"(config # vlan 120 Ports sti'' need to be assigned to VLAN 12%! Port assignment to a VLAN is an inter"ace con"iguration operation! Ase the s%itc$port access vlan command on East *thernet %F/ o" ALS1 and ALS2 to con"igure ports "or VLAN 12%! $LS"(config # interface fast"thernet 0#* $LS"(config#if # switchport access vlan 120 $LS*(config # interface fast"thernet 0#* $LS*(config#if # switchport access vlan 120 Ase the s$o% vlan command to 5eri"( the creation o" VLAN 12%, )ith port Ea%F/ assigned to it! The output shou'd be simi'ar to the "o''o)ing! $LS"# show vlan %L$N Name Status &orts #### ############################## ######### ############################# " default acti'e (a)/", (a)/*, (a)/+, (a)/, (a)/-, (a)/"+, (a)/",, (a)/"(a)/"., (a)/"/, (a)/"0, (a)/"1 (a)/*), (a)/*", (a)/**, (a)/*+ (a)/*,, 2i)/", 2i)/* ")) %L$N)")) acti'e "") %L$N)"") acti'e "*) %L$N)"*) acti'e (a)/. "))* fddi#default act/unsup "))+ to3en#ring#default act/unsup ")), fddinet#default act/unsup "))- trnet#default act/unsup %L$N T4pe S$5! 6T7 &arent 8ingNo 9ridgeNo Stp 9rdg6ode Trans" Trans* #### ##### ########## ##### ###### ###### ######## #### ######## ###### #####
CCNPv6 SWITCH " ")) "") "*) "))* %L$N #### "))+ ")), "))enet enet enet enet fddi T4pe ##### tr fdnet trnet "))))" "))")) "))"") "))"*) ")"))* S$5! ########## ")"))+ ")")), ")"))"-)) "-)) "-)) "-)) "-)) 6T7 ##### "-)) "-)) "-)) # # # # # &arent ###### # # # # # # # # 8ingNo ###### # # # # # # # # 9ridgeNo ######## # # # # # # # # Stp #### # ieee i:m # # # # # 9rdg6ode ######## sr: # # ) ) ) ) ) Trans" ###### ) ) ) ) ) ) ) ) Trans* ##### ) ) )
8emote S&$N %L$Ns ############################################################################# &rimar4 Secondar4 T4pe &orts ####### ######### ################# #########################################
Step #( C$ange t$e ,-.N na)es'

The VLANs ha5e not been named (et! Naming VLANs can he'p net)ork administrators identi"( the "unctiona'it( o" those VLANs! To add names, use the na)e command in VLAN con"iguration mode! The "o''o)ing is a samp'e con"iguration "or naming the three VLANs created in the domain! !LS"(config # vlan !LS"(config#'lan # !LS"(config#'lan # !LS"(config # 'lan !LS"(config#'lan # !LS"(config#'lan # !LS"(config # vlan !LS"(config#'lan # !LS"(config#'lan # !LS"# show vlan %L$N Name Status &orts #### ################################ ######### ############################### " default acti'e (a)/", (a)/*, (a)/+, (a)/, (a)/-, (a)//, (a)/0, (a)/1 (a)/"), (a)/"", (a)/"*, (a)/"+ (a)/",, (a)/"-, (a)/"., (a)/"/ (a)/"0, (a)/"1, (a)/*), (a)/*" (a)/**, (a)/*+, (a)/*,, 2i)/" 2i)/* ")) Ser'er#(arm#" acti'e (a)/. "") Ser'er#(arm#* acti'e "*) Net#Eng acti'e "))* fddi#default act/unsup "))+ to3en#ring#default act/unsup ")), fddinet#default act/unsup "))- trnet#default act/unsup %L$N T4pe S$5! 6T7 &arent 8ingNo 9ridgeNo Stp 9rdg6ode Trans" Trans* #### ##### ########## ##### ###### ###### ######## #### ######## ###### ######
100 name Server%,arm%1 e-it 110 name Server%,arm%2 e-it 120 name .et%"ng e-it
Ase the s$o% vlan command on DLS1 to 5eri"( that the ne) names ha5e been added!
CCNPv6 SWITCH " ")) "") %L$N #### "*) "))* "))+ ")), "))enet enet enet T4pe ##### enet fddi tr fdnet trnet "))))" "))")) "))"") S$5! ########## "))"*) ")"))* ")"))+ ")")), ")"))"-)) "-)) "-)) 6T7 ##### "-)) "-)) "-)) "-)) "-)) # # # &arent ###### # # # # # # # # 8ingNo ###### # # # # # # # # 9ridgeNo ######## # # # # # # # # Stp #### # # # ieee i:m # # # 9rdg6ode ######## # # # # # ) ) ) Trans" ###### ) ) ) ) ) ) ) ) Trans* ###### ) ) ) ) )
8emote S&$N %L$Ns ############################################################################## &rimar4 Secondar4 T4pe &orts ####### ######### ################# #######################################
Step #* C$ange t$e ,-.N status to deactivate ports'

The de"au't status o" VLAN 1 and user-created VLANs is Iacti5eI! A VLAN can be made 'oca''( inacti5e b( entering the command s$utdo%n ,-.N 9, )here J is the number o" the 5'an to be shut do)n! This )i'' cause a'' ports on a s)itch in a particu'ar VLAN to stop transmitting data! Shutting do)n the VLAN on a s)itch does not in"'uence its state on other s)itches in a VTP domain! Shutdo)n the Net-*ng VLAN 12% on ALS1, )ait a "e) moments, e?it 5'an con"iguration mode and then issue the s$o% vlan brie& command! The status shou'd change to =actF'shut>! $LS"(config # shutdown vlan 120 $LS"# show vlan brief %L$N Name Status &orts #### ################################ ######### ############################### " default acti'e (a)/", (a)/*, (a)/+, (a)/, (a)/-, (a)//, (a)/0, (a)/1 (a)/"), (a)/"", (a)/"*, (a)/"+ (a)/",, (a)/"-, (a)/"., (a)/"/ (a)/"0, (a)/"1, (a)/*), (a)/*" (a)/**, (a)/*+, (a)/*,, 2i)/" 2i)/* ")) Ser'er#(arm#" acti'e (a)/. "") Ser'er#(arm#* acti'e "*) Net#Eng act/lshut "))* fddi#default act/unsup "))+ to3en#ring#default act/unsup ")), fddinet#default act/unsup "))- trnet#default act/unsup 9eacti5ate a'' ports in ALS1 Net-*ng VLAN 12% using the no s$utdo%n command in VLAN con"iguration mode! $LS"(config # no shutdown vlan 120 6ou can a'so put a VLAN into =suspend> status! The IsuspendI state is con"igured in the VLAN con"iguration mode using the command state suspend! Suspending a VLAN causes a'' ports in that VLAN throughout the VTP domain to stop trans"erring data!
CCNPv6 SWITCH Suspend Net-*ng VLAN 12% on DLS1, )ait a "e) moments, e?it VLAN con"iguration mode and then issue the s$o% vlan brie& command! The status shou'd change to =suspended>! !LS"(config # vlan 120 !LS"(config#'lan # state suspend !LS"# show vlan brief %L$N Name Status &orts #### ################################ ######### ############################### " default acti'e (a)/", (a)/*, (a)/+, (a)/, (a)/-, (a)//, (a)/0, (a)/1 (a)/"), (a)/"", (a)/"*, (a)/"+ (a)/",, (a)/"-, (a)/"., (a)/"/ (a)/"0, (a)/"1, (a)/*), (a)/*" (a)/**, (a)/*+, (a)/*,, 2i)/" 2i)/* ")) Ser'er#(arm#" acti'e (a)/. "") Ser'er#(arm#* acti'e "*) Net#Eng suspended "))* fddi#default act/unsup "))+ to3en#ring#default act/unsup ")), fddinet#default act/unsup "))- trnet#default act/unsup 9eacti5ate VLAN 12% using the state active command in VLAN con"iguration mode! !LS"(config # vlan 120 !LS"(config#'lan # state active Note@ The suspend state is ad5ertised b( VTP )hi'e the 'shut state is not! The state suspend command can be issued on an( s)itch in the VTP domain! #t does not ha5e to be issued on the VTP ser5er! :oth options can be used to temporari'( take a particu'ar VLAN out o" operation )hich can be use"u' in certain scenarios - especia''( "or guests, in"reHuent'( used con"erence rooms and simi'ar dep'o(ments!
Step #/ Prepare &or t$e ne1t lab'

Prepare "or the ne?t 'ab b( remo5ing a'' the VLAN in"ormation and con"igurations! The VLAN database and startup con"iguration need to be de'eted! Note Tra""ic bet)een VLANs must be routed! #nter-VLAN routing )i'' be co5ered in a 'ater 'ab!
Page 1/ o" 1/

Ccnpv6 Switch Lab2-1 Vlans Student

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Ccnpv6 Switch Lab2-1 Vlans Student

Hochgeladen von

Copyright:

Verfügbare Formate

CCNPv6 SWITCH

Step # Prepare t$e s%itc$es &or t$e lab'

Step ( Con&igure basic s%itc$ para)eters'

Step * +isplay t$e s%itc$ de&ault ,-.N in&or)ation'

Step / 01a)ine ,TP in&or)ation'

Step 3 Con&igure ,TP on t$e s%itc$es'

Step 6 Con&igure trunking'

Step 4 ,eri&y trunk con&iguration'

Step 5 Con&igure access ports'

Step 7 ,eri&y ,TP con&iguration'

Step #8 Con&igure ,-.Ns by assigning port )e)bers$ip'

CCNPv6 SWITCH "))- trnet ")"))"-)) # # # i:m # ) )

Step ## Con&igure ,-.Ns in con&iguration )ode'

Step #( C$ange t$e ,-.N na)es'

Step #* C$ange t$e ,-.N status to deactivate ports'

Step #/ Prepare &or t$e ne1t lab'

Das könnte Ihnen auch gefallen