Monday, 22 January 2018

CCNA - Inter-VLAN routing LAB

 LAB: Inter VLAN routing   
Objective: To configure Inter-Vlan routing between two VLANS
Topology:
 
Router f0/0

Router f0/0.1 (sub-interface 1)
192.168.1.1
Router f0/0.2  (sub-interface 2)
192.168.2.1
PC -1
192.168.1.2
PC- 2
192.168.1.3
PC-3
192.168.2.2
PC -4
192.168.2.3
Switch 1 – F0/24
Enable trunk



Switch-1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch-1(config)#vlan 10
Switch-1(config-vlan)#name sales
Switch-1(config-vlan)#exit
Switch-1(config)#vlan 20
Switch-1(config-vlan)#name hr
Switch-1(config-vlan)#exit

Switch-1(config)#interface range fastEthernet 0/1-2
Switch-1(config-if-range)#switchport mode access
Switch-1(config-if-range)#switchport access vlan 10
Switch-1(config-if-range)#exit

Switch-1(config)#interface range fastEthernet 0/3-4
Switch-1(config-if-range)#switchport mode access
Switch-1(config-if-range)#switchport access vlan 20
Switch-1(config-if-range)#exit
Switch-1(config)#exit
Switch-1#
%SYS-5-CONFIG_I: Configured from console by console


Switch-1(config)#interface fastEthernet 0/24
Switch-1(config-if)#switchport mode trunk
Switch-1(config-if)#switchport trunk allowed vlan all
Switch-1(config-if)#exit
Switch-1(config)#exit
Switch-1#

Router Configuration:
Router-1(config)#interface fastEthernet 0/0
Router-1(config-if)#no shutdown
Router-1(config-if)#exit
Router-1(config)#interface fastEthernet 0/0.1
Router-1(config-subif)#encapsulation dot1Q 10
Router-1(config-subif)#ip address 192.168.1.1 255.255.255.0
Router-1(config-subif)#exit
Router-1(config)#interface fastEthernet 0/0.2
Router-1(config-subif)#encapsulation dot1Q 20
Router-1(config-subif)#ip address 192.168.2.1 255.255.255.0
Router-1(config-subif)#exit
Router-1(config)#

Verification



- No comments:

Wednesday, 3 January 2018

CCNA - VLAN - Explanation and Configuration

What is covered?
    In this topic, we will see what a VLAN is and how it is configured in a CISCO switch

What is VLAN?
    VLAN stands for Virtual LAN. By now we have learned that devices connected to a particular switch will be able to communicate with all the other device connected to the same switch. That is because by default all the ports on the switch belong to one VLAN called VLAN1.

Why VLAN?
  • VLAN is used to divide a single big broadcast domain into multiple small broadcast domain. 
  • For example: on a 24 port switch all the ports are assigned to VLAN 1. When One pc sends a frame, it is broadcasted to all the other 23 ports. This takes up the bandwidth.
  • With the help of VLAN, the interfaces can be grouped to create a smaller broadcast domain
  • This provides security at layer 2. Members of One VLAN cannot access resources on another VLAN.



FIG 1: VLAN initial Lab setup

Computer Name
Port connected
IP address
SALES-USER-1
Fa0/1
192.168.1.1
SALES-USER-2
Fa0/2
192.168.1.2
SALES-USER-3
Fa0/3
192.168.1.3
SALES-USER-4
Fa0/4
192.168.1.4
SALES-USER-5
Fa0/5
192.168.1.5
HR-USER-1
Fa0/6
192.168.1.6
HR-USER-2
Fa0/7
192.168.1.7
HR-USER-3
Fa0/8
192.168.1.8
HR-USER-4
Fa0/9
192.168.1.9
HR-SERVER
Fa0/10
192.168.1.10
Table 1 : Lab setup - Ip configuration 

Verify the current VLAN:

Switch>enable
Switch#show vlan brief
VLAN
Name
Status   
Ports
1   
default                       
  active   
Fa0/1, Fa0/2, Fa0/3, Fa0/4,Fa0/5, Fa0/6, Fa0/7, Fa0/8,Fa0/9, Fa0/10, Fa0/11, Fa0/12,Fa0/13, Fa0/14, Fa0/15, Fa0/16,Fa0/17, Fa0/18, Fa0/19, Fa0/20Fa0/21, Fa0/22, Fa0/23, Fa0/24
1002
fddi-default
active   

1003
token-ring-default
active   

1004
fddinet-default
active   

1005
trnet-default
active   

Switch#

Verify Pinging the HR-Server from the SALES-USER-1



 Fig 2: PINGING HR-Server from the SALES-USER-1 (Before Vlan Implementation)
How to stop the SALES user from accessing the HR-SERVER?
  • We can create two VLANs and then assign SALES team to one VLAN and the HR team to another VLAN.
  • In total there can be 1006 VLANS. But as a user, we can create VLAN from 2-1001.
  • All the VLAN information are stored in the flash memory under the file name vlan.dat


How to use VLAN?
Before we start to use the VLANs, we need to create them.
The following are the syntax to create them

Syntax:
Switch(config) # vlan <vlan number>
Switch(config-vlan) # name <name>
Switch(config-vlan) # exit

Example:
Switch(config) # vlan 10
Switch(config-vlan) # name SALES
Switch(config-vlan) # exit
 VERIFY that the VLANs are created successfully:
Switch#show vlan brief
VLAN
Name
Status   
Ports
1   
default                       
  active   
Fa0/1, Fa0/2, Fa0/3, Fa0/4,Fa0/5, Fa0/6, Fa0/7, Fa0/8,Fa0/9, Fa0/10, Fa0/11, Fa0/12,Fa0/13, Fa0/14, Fa0/15, Fa0/16,Fa0/17, Fa0/18, Fa0/19, Fa0/20Fa0/21, Fa0/22, Fa0/23, Fa0/24
10
SALES
active

20
HR
active

1002
fddi-default
active   

1003
token-ring-default
active   

1004
fddinet-default
active   

1005
trnet-default
active   

Switch#

Now that the VLANS are created, we need to assign the port to the VLANs. In order to assign ports to a particular VLAN, first the port needs to be in the access mode and then we can assign the VLAN. The following is the syntax to convert a port to access mode and then to assign the VLAN

Syntax:
Switch(config) # interface <interface type> <interface no>
Switch(config-if) #switchport mode access
Switch(config-if) # switchport access vlan <Vlan ID>
Switch(config) # exit

Example :
Switch(config) # interface fastethernet 0/1
Switch(config-if) #switchport mode access
Switch(config-if) # switchport access vlan 10
Switch(config) # exit

Note: The above command will assign the port fastethernet 0/1 to VLAN 10

To assign a group of ports to a particular command, we can use the interface range command
Example:
Switch(config)#interface range fastEthernet 0/1-5
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10
Switch(config-if-range)#exit

Note : Now configure the VLAN 20 for the Fastethernet ports 0/6 -10

Verify the VLAN configuration

Switch#show vlan brief
VLAN
Name
Status   
Ports
1   
default                       
  active   
Fa0/11, Fa0/12,Fa0/13, Fa0/14, Fa0/15, Fa0/16,Fa0/17, Fa0/18, Fa0/19, Fa0/20Fa0/21, Fa0/22, Fa0/23, Fa0/24
10
SALES
active
Fa0/1, Fa0/2, Fa0/3, Fa0/4,Fa0/5
20
HR
active
Fa0/6, Fa0/7, Fa0/8,Fa0/9, Fa0/10
1002
fddi-default
active   

1003
token-ring-default
active   

1004
fddinet-default
active   

1005
trnet-default
active   

Switch#

Now the configuration has been completed. If the users from one VLAN try to access resources from another VLAN they will not be able to access it. This can be verified by pinging the HR-SERVER from SALES-USER-1 PC.

 Fig 3: PINGING HR-Server from the SALES-USER-1 (After Vlan Implementation)

  
According to the current configuration, the HR-SERVER and SALES-USER-1 pc are in different VLAN and hence they cannot ping each other.

 Note: Communication between two VLANs can be enabled. This we will see in later chapters.

Commands for troubleshooting or Verifying:
There are times when the configuration does not work as expected. This is not the time to panic but instead, embrace the challenge and identify the issue

To check if your VLAN is configured, use the following command

Switch# show vlan

To check the configuration of a particular port
Switch# sh interfaces fastEthernet 0/1 switchport

Example:
Switch# show interfaces fastEthernet 0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 10 (SALES)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
Switch#

DOWNLOAD : 

Packet tracer : Here 
- 7 comments:

Tuesday, 2 January 2018

CCNA - ETHERCHANNEL - Lab


Lab: EtherChannel Configuration

Objective: To demonstrate the configuration of EtherChannel

Topology: 

Set up the lab as per the configuration given below.

Click here to download the pre-configured Packet tracer.

Fig 1 : Initial Lab setup for EtherChannel Configuration 


Configuration: 

Switch1: EtherChannel Configuration

Switch1>enable
Switch1#Configure Terminal
Switch1(config)#Interface range fastethernet 0/23-24
Switch1(config-if-range)#channel-group 5 mode ?
  active     Enable LACP unconditionally
  auto       Enable PAgP only if a PAgP device is detected
  desirable  Enable PAgP unconditionally
  on         Enable Etherchannel only
  passive    Enable LACP only if a LACP device is detected
Switch1(config-if-range)#channel-group 5 mode desirable
Switch1(config-if-range)#exit

Switch 2: EtherChannel Configuration 

Switch2>enable
Switch2#configure terminal
Switch2(config)#interface range fastEthernet 0/23-24
Switch2(config-if-range)#channel-group 5 mode auto
Switch2(config-if-range)#exit
Switch2(config-if)#switchport mode trunk
Switch2(config-if-range)#exit

After the configuration the topology will look like this:

Fig 2 : Final Lab setup for EtherChannel Configuration 

Note : The F0/23 on switch 1 will be turned on if the configuration is done correctly.

Verification:

Apply the command on both switch.

Switch#show etherchannel summary 
Flags:  D - down        P - in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port


Number of channel-groups in use: 1
Number of aggregators:           1

Group  Port-channel  Protocol    Ports
------+-------------+-----------+----------------------------------------------

 5      Po5(SD)           PAgP   Fa0/23(P) Fa0/24(P) 

To know more information about the PortChannel, use the following command
                   
Switch#show etherchannel port-channel 
                Channel-group listing:
                ----------------------

Group: 5
----------
                Port-channels in the group:
                ---------------------------

Port-channel: Po5
------------

Age of the Port-channel   = 00d:00h:10m:02s
Logical slot/port   = 2/5       Number of ports = 2
GC                  = 0x00000000      HotStandBy port = null
Port state          = Port-channel
Protocol            =   PAGP
Port Security       = Disabled

Ports in the Port-channel:

Index   Load   Port     EC state        No of bits
------+------+------+------------------+-----------
  0     00     Fa0/24   Desirable-Sl       0
  0     00     Fa0/23   Desirable-Sl       0
Time since last port bundled:    00d:00h:09m:00s    Fa0/23
- No comments:

CCNA - ETHERCHANNEL - Understanding and Configuration


What is EtherChannel?

    EtherChannel combines certain individual ports from the switch to form a single logical link. They provide redundancy  and load balancing and also enable us to make the full use of bandwidth. 

To better understand EtherChannel look at the following STP:

           In the above network setup, one link is purposely made down by the STP protocol to avoid looping. Both the cables are FastEthernet. They have a total of 200 Mbps bandwidth (100 Mbps each). However with STP in place we will not be able to use the only 100 Mbps as only one link is active and all the other links will be in the blocking state due to STP. 

Etherchannel will help us to use the total available bandwidth and also make sure that no looping is formed.
  • EtherChannel will combine the multiple physical link into one logical link.
  • EtherChannel helps with load balancing traffic over the logical link
  • It can use up to 8 links to create the logical link.

Requirements:

  1. Duplex : Should be on the same duplex.
  2. Speed : All the links should be on the same speed. (i.e., Either all should be on FastEthernet or GigabitEthernet)
  3. Access /Trunk  : All the ports should be configured as Access port or trunk port. But it is suggested that they are configured as trunk port. This way it is easy to configure VLANS.
  • Access ports : Should be on the same VLANs as all other ports
  • Trunk ports : Should have same allowed VLANs on both sides and same Native VLAN.

How to configure EtherChannel?

There are two ways to configure EtherChannel
  • Manually
  • Dynamically
    • PAgP (Port Aggregation Protocol)
      • It is a Cisco proprietary protocol.
      • Can be implemented between two Cisco devices.
    • LACP (Link Aggregation Control Protocol)
      • It is an open standard protocol.
      • Can be used to connect between Cisco/non-Cisco device to another Cisco/non-Cisco device. 

Different mode available for configuration

 Manual : We need to enable the EtherChannel manually using the keyword 'ON'
PAgP:
  •  Desirable: Actively negotiate PAgP with the neighbour. They will ask/ negotiate with the neighbour to form EtherChannel. It will also reply to request initiated from other side to form Etherchannel.
  • Auto : Passively listens for PAgP. They will respond to request initiated from other side to form Etherchannel.
  • In order to form Etherchannel using PAgP, at least one side has to be on Desirable. If both sides are on 'Auto' then they will never for EtherChannel.

LACP:

  • Active: Actively negotiate LACP with the neighbour. They will negotiate with the neighbour to form EtherChannel. They will also reply to request initiated from other side to form Etherchannel.
  • Passive  : Passively listens for PAgP. They will respond to request initiated from other side to form Etherchannel.
  • In order to form Etherchannel using LACP, at least one side has to be on Active. If both sides are on 'Passive' then they will never for EtherChannel.

Some Successful combination of EtherChannel are

  • On - On
  • Desirable - Desirable
  • Desirable - Auto
  • Active -Active
  • Active Passive

Code to understand : Channel-group 12 mode ?

Channel-group 12 : This is the Port Channel number. The significance of the number is local to the router.
Mode : This is where the protocol is mentioned (Desirable / auto/Active/Passive)

Sample config:
Switch1(config-if-range)#channel-group 5 mode ?
active Enable LACP unconditionally
auto Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally
on Enable Etherchannel only
passive Enable LACP only if a LACP device is detected

Configuration code :

Switch 1:
Switch1>enable
Switch1#Configure Terminal
Switch1(config)#Interface range fastethernet 0/23-24
Switch1(config-if-range)#channel-group 5 mode ?
  active     Enable LACP unconditionally
  auto       Enable PAgP only if a PAgP device is detected
  desirable  Enable PAgP unconditionally
  on         Enable Etherchannel only
  passive    Enable LACP only if a LACP device is detected
Switch1(config-if-range)#channel-group 5 mode desirable
Switch1(config-if-range)#exit
Switch1(config)#interface port-channel 5
Switch1(config-if)#switchport mode trunk
Switch1(config-if-range)#exit

Switch 2:
Switch2>enable
Switch2#configure terminal
Switch2(config)#interface range fastEthernet 0/23-24
Switch2(config-if-range)#channel-group 5 mode auto
Switch2(config-if-range)#exit
Switch2(config)#interface port-channel 5
Switch2(config-if)#switchport mode trunk
Switch2(config-if-range)#exit


Verification commands:

show etherchannel summary  : This command is used to see the status of the EtherChannel. This will show the protocol name and the ports involved.

 Switch1#show etherchannel summary 




Show Ip interface brief: This will show the Port-channel as a separate interface 

Switch1#show ip interface brief 



Download the PDF copy from HERE 

- No comments:
Subscribe to: Posts (Atom)

CCNA 200-301 Ebooks download

CCNA 200-301 Official Cert Guide - Volume 1 - Download CCNA 200-301 Official Cert Guide - Volume 2 - Download CCNA 200-301 Portable G...