Hands-On Labs

In these hands-on labs, you will configure a 4000 series switch, two 2950 switches, and one 2621 router to provide ISL routing between VLANs.

You will complete the following labs:

• Lab 6.1: External Inter-VLAN Routing

• Lab 6.2: Internal Inter-VLAN Routing

In both of the labs, refer to Figure 6.3 for configuring inter-VLAN communication.

Figure 6.3: Configuring inter-VLAN communication for the hands-on labs

Lab 6.1: External Inter-VLAN Routing

In this lab, you’ll configure the 2621 with ISL routing. First you’ll configure the two 2950 switches, then the 4000 switch, and then the 2621 router.

Configuring the 2950A Switch

Start by configuring the basic features of the switch, including the hostname, passwords, and IP configuration. After that, you will configure the VTP parameters and set the trunks. This is straightforward, and is largely a repeat of previous configurations that you have undertaken.

1. Plug into the 2950A console port.

2. Enter privileged mode by typing enable.

3. Enter configuration mode and set the hostname:

   #config t (config)#hostname 2950A 

4. Set the user mode and privileged mode passwords:

   2950A(config)#enable password level 1 terry 2950A(config)#enable secret jack 

5. Set the IP address of the switch by using the IP address assigned in Figure 6.3. Set the default gateway address by using interface f0/0 of the 2621 as the gateway:

   2950A(config)#ip address 172.16.1.3 255.255.255.0 2950A(config)#ip default-gateway 172.16.1.1 

6. Verify the IP configuration on the switch by typing show ip.

7. Set the VTP domain to globalnet and then make the switch a VTP client so that when you set the VLANs on the 4000 switch, the 2950A switch will automatically be updated with VLAN information:

   2950A(config)#vtp domain globalnet 2950A(config)#vtp client 

8. Set the FastEthernet interfaces to trunk on so that all VLAN information will be sent down both links from the 4000 series switch:

   2950A(config)#int fa0/11 2950A(config-if)#trunk on 2950A(config-if)#int fa0/12 2950A(config-if)#trunk on 

9. Configure the FastEthernet connection to the 4000 series switch to be full-duplex:

   2950A(config)#int fa0/11 2950A(config-if)#duplex full 2950A(config-if)#int fa0/12 2950A(config-if)#duplex full 

Configuring the 2950B Switch

The configuration of the second switch is very similar to the first, and involves the basic switch naming and addressing, plus setting up VTP and the trunks.

1. Plug into the 2950B switch console.

2. Enter privileged mode by typing enable.

3. Enter configuration mode and set the hostname:

   #config t (config)#hostname 2950B 

4. Set the user mode and privileged mode passwords:

   2950B(config)#enable password level 1 terry 2950B(config)#enable secret jack 

5. Set the IP address of the switch by using the IP address assigned in Figure 6.3. Set the default gateway address by using interface f0/0 of the 2621 as the gateway:

   2950B(config)#ip address 172.16.1.4 255.255.255.0 2950B(config)#ip default-gateway 172.16.1.1 

6. Verify the IP configuration on the switch by typing show ip.

7. Set the VTP domain to globalnet and then make the switch a VTP client so that when you set the VLANs on the 4000 switch, the 2950B switch will automatically be updated with VLAN information:

   2950B(config)#vtp domain globalnet 2950B(config)#vtp client 

8. Set the FastEthernet interfaces to trunk on so that all VLAN information will be sent down both links from the 4000 series switch:

   2950B(config)#int fa0/11 2950B(config-if)#trunk on 2950B(config-if)#int fa0/12 2950B(config-if)#trunk on 

9. Configure the FastEthernet connection to the 4000 series switch to be full-duplex:

   2950B(config)#int fa0/11 2950B(config-if)#duplex full 2950B(config-if)#int fa0/12 2950B(config-if)#duplex full 

10. Set the ports to configure an EtherChannel bundle when the 4000 series is configured. This can be run only on the Supervisor card or a specific EtherChannel card. EtherChannel will be run only on the 2950B connection to the 4000 switch.

    2950B(config-if)#port-channel mode on 

Configuring the 4000 Series Switch

Now move on to the larger switch. This switch is running CatOS, and you have to remember to change back to the relevant command set. Configure the basic switch parameters, and set up VTP and the trunks.

1. Connect your console cable to the 4000 series switch and press Enter. Press Enter at the password prompt; then, again at the password prompt, type enable and press Enter.

2. Set the hostname of the switch:

   #(enable)set system name Cat4000>

3. Set the user mode and privileged mode passwords:

   Cat4000>(enable)set password [press enter] Enter old password: [press enter] Enter new password: [this doesn’t show] Retype new password: [this doesn’t show] Password changed. Cat4000> (enable)set enablepass Enter old password:[press enter] Enter new password: [this doesn’t show] Retype new password: [this doesn’t show] Password changed. Cat4000> (enable)

4. Set the IP address and default gateway of the switch:

   Cat4000>(enable)set int sc0 172.16.1.2 255.255.255.0 Cat4000>(enable)set ip route default 172.16.1.1 

5. Verify this configuration by typing show int.

6. Set the VTP domain name to globalnet and the mode to server:

   Cat4000>(enable)set vtp domain globalnet mode server 

7. Set all ports connected to the 2950 switches as 100Mbps and full-duplex. The two ports on the Supervisor engine are labeled 1/1 and 1/2 and run in only 100Mbps, so only the duplex can be set on those ports.

   Cat4000> (enable) set port duplex 1/1 full Port(s) 1/1 set to full-duplex. Cat4000> (enable) set port duplex 1/2 full Port(s) 1/2 set to full-duplex. Cat4000> (enable) set port speed 2/1 100 Port(s) 2/1 speed set to 100Mbps. Cat4000> (enable) set port speed 2/2 100 Port(s) 2/2 speed set to 100Mbps. Cat4000> (enable) set port duplex 2/1 full Port(s) 2/1 set to full-duplex. Cat4000> (enable) set port duplex 2/2 full Port(s) 2/2 set to full-duplex. Cat4000> (enable)

8. It is possible that the ports on the 4000 have been disabled because of mismatched port configurations between the 2950 and 4000. Type the command show port slot/port to see the status. If it is disabled, use the set port enable slot/port command.

   Cat4000> (enable) set port enable 1/1 Port 1/1 enabled.

9. Configure trunking on all ports connected to the 2950A and 2950B switches:

   Cat4000> (enable) set trunk 2/1 on isl Port(s) 2/1 trunk mode set to on. Port(s) 2/1 trunk type set to isl. Cat4000> (enable) set trunk 2/2 on isl Port(s) 2/2 trunk mode set to on. Port(s) 2/2 trunk type set to isl. Cat4000> (enable) set trunk 1/1 on isl Port(s) 1/1 trunk mode set to on. Port(s) 1/1 trunk type set to isl. Cat4000> (enable) set trunk 1/2 on isl Port(s) 1/2 trunk mode set to on. Port(s) 1/2 trunk type set to isl. 

10. Verify that the trunk ports are working by typing show trunk:

    Cat4000>(enable)show trunk Port   Mode     Encapsulation Status  Native vlan -------- ----------- ------------- --------- --------  1/1   on      isl      trunking   1  1/2   on      isl      trunking   1  2/1   on      isl      trunking   1  2/2   on      isl      trunking   1  5/1   on      isl      trunking   1 [output cut]

11. Configure EtherChannel on both ports connected to the 2950B switch:

    Cat4000> (enable) set port channel 1/1-2 on Port(s) 1/1-2 channel mode set to on.

12. Verify that the EtherChannel is working by typing show port channel:

    Cat4000> (enable) show port channel Port Status   Channel  Channel   Neighbor    Neighbor          mode   status   device      port ----- ---------- --------- ----------- -------------- -----  1/1 connected on    channel  cisco 2950 2950B A  1/2 connected on    channel  cisco 2950 2950A B ----- ---------- --------- ----------- --------------- ----- Cat4000> (enable)

13. At this point, the three switches should be up and working, and you should be able to ping all devices in the 172.16.1.0 network:

    Cat4000> (enable) ping 172.16.1.3 172.16.1.3 is alive Cat4000> (enable) ping 172.16.1.4 172.16.1.4 is alive

Configuring VLANs

Because the 4000 series switch is a VTP server and the two 2950 switches are VTP clients, you can configure VLANs on just the 4000 series switch, and the 4000 switch will automatically update the VLAN information on the 2950 switches.

1. On the 4000 series switch console, create two new VLANs:

VLAN 2: Sales  VLAN 3: Admin  Cat4000> (enable) set vlan 2 name Sales

Vlan 2 configuration successful Cat4000> (enable) set vlan 3 name Admin Vlan 3 configuration successful Cat4000>(enable)

1. Type the command show vlan to view the configured VLANs on the switch:

   Cat4000>(enable)show vlan VLAN Name        Status  IfIndex Mod/Ports, Vlans ---- --------------  --------- ------- ------------------- 1  default       active  5    2/3-12 2  Sales        active  10 3  Admin        active  11 1002 fddi-default     active  6 1003 token-ring-default  active  9 1004 fddinet-default   active  7 1005 trnet-default    active  8    1003 [output cut]

2. Verify that VTP is up and running correctly by telneting into 2950A and 2950B and typing show vlan. The same VLANs should appear if VTP is working properly. If not, verify that you spelled the VTP domain the same on all switches.

3. Configure Host A to be in VLAN 1, Host B to be in VLAN 2, and Host C to be in VLAN 3:

   2950A#config t Enter configuration commands, one per line. End with CNTL/Z. 2950A(config)#int e0/1 2950A(config-if)#vlan-membership static 1 2950A(config-if)#int e0/2 2950A(config-if)#vlan-membership static 2 2950B#config t Enter configuration commands, one per line. End with CNTL/Z. 2950B(config)#int e0/2 2950B(config-if)#vlan-membership static 3 

4. Type the show vlan command on the 2950B switch and verify that e0/2 is a member of VLAN 3. Type the same command on 2950A and verify that e0/1 is a member of VLAN 1 and that e0/2 is a member of VLAN 2.

   2950B#show vlan VLAN Name       Status   Ports ---------------------------------------------------- 1  default     Enabled  1, 3-12, AUI, A, B 2  Sales      Enabled 3  Admin      Enabled  2 [output cut] 2950A#show vlan VLAN Name       Status   Ports ---------------------------------------------------- 1  default     Enabled  1, 3-12, AUI, A, B 2  Sales      Enabled  2 3  Admin      Enabled [output cut]

5. Configure each host with the following IP addresses:

Host A: 172.16.1.5/24 default gateway 172.16.1.1

Host B: 172.16.2.2/24 default gateway 172.16.2.1

Host C: 172.16.3.2/24 default gateway 172.16.3.1

1. Try pinging from host to host. This should fail. However, you should be able to ping from Host A to all switches in the network, and all switches should be able to ping to Host A because they are all in the same VLAN. To enable hosts in different VLANs to communicate, you need to configure inter-VLAN routing.

Configuring the 2621 Router

The 2621 router will provide the inter-VLAN routing and enable the hosts to communicate with each other.

1. Go to the privileged mode of the router and enter global configuration mode:

   Router>enable Router#configure terminal Router(config)#

2. Set the hostname and passwords on the 2621 router:

   Router(config)#hostname 2621A 2621A(config)#enable secret jack 2621A(config)#line console 0 2621A(config-line)password console 2621A(Config-line)login 2621A(config)#line vty 0 4 2621A(config-line)password telnet 2621A(Config-line)login 

3. Configure the FastEthernet interface to run ISL routing for all three VLANs:

   2621A(config-line)#exit 2621A(config)#interface f0/0.1 2621A(config-subif)#encapsulation isl 1 2621A(config-subif)#ip address 172.16.1.1 255.255.255.0 2621A(config-subif)#interface f0/0.2 2621A(config-subif)#encapsulation isl 2 2621A(config-subif)#ip address 172.16.2.1 255.255.255.0 2621A(config-subif)#interface f0/0.3 2621A(config-subif)#encapsulation isl 3 2621A(config-subif)#ip address 172.16.3.1 255.255.255.0 2621A(config-subif)#interface f0/0 2621A(config-if)#no shutdown 2621A(config-if)#

4. Before this will work, you need to set the port on the 4000 to trunk mode. Go to the 4000 switch and configure the port:

   Cat4000> (enable) set trunk 2/3 on Port(s) 2/3 trunk mode set to on. Cat4000> (enable)

5. Test the configuration by pinging to all devices from the router:

   2621A#ping 172.16.3.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.3.2, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/  max = 1/1/4 ms 2621A#ping 172.16.1.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.3, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/ max = 4/5/8 ms 2621A#ping 172.16.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.2.2, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/ max = 4/5/8 ms 2621A#ping 172.16.1.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.2.2, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/ max = 4/5/8 ms 2621A#ping 172.16.1.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.2.2, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/ max = 4/5/8 ms 2621A#

6. Verify that all hosts can communicate by pinging from host to host.

   Tip

   The reason for less than 100 percent success rate is that the IP hosts have not communicated before and the first ping timed out waiting for the ARP protocol to resolve the hardware addresses of each device. If you like, you can type show arp before and after the ping and see the comparison between a populated and an empty arp cache.

Lab 6.2: Internal Inter-VLAN Routing

In this second lab, you’ll configure the L3SM in the 4000 switch for inter-VLAN routing using ISL. The 2950s will be configured first, then the 4000. The 2621 router is not needed in this lab.

1. Unplug the 2621 router from the 4000 series switch. The hosts should no longer be able to ping each other.

2. Configure the L3SM on the 4000 series switch to provide inter-VLAN routing.

3. Start by connecting to the L3SM through the 4000 console:

   Cat4000> (enable) session 3 Trying Router-3… Connected to Router-3. Escape character is '^]'. Router>

   Tip

   Remember to use the show module command to identify the correct slot for your switching module

4. Configure three VLAN interfaces, one for each VLAN configured in the switched internetwork:

   Router>enable Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname 4000L3SM 4000L3M(config)#interface vlan 1 4000L3SM(config-if)#ip address 172.16.1.1 255.255.255.0 4000L3SM(config-if)#no shutdown 4000L3SM(config-if)#interface vlan 2 4000L3SM(config-if)#ip address 172.16.2.1 255.255.255.0 4000L3SM(config-if)#no shutdown 4000L3SM(config-if)#interface vlan 3 4000L3SM(config-if)#ip address 172.16.3.1 255.255.255.0 4000L3SM(config-if)#no shutdown 

5. Verify that the L3SM is working by pinging between hosts.