We will devote today's lesson to VLAN settings, that is, we will try to do everything that we talked about in previous lessons. Now we will look at 3 questions: creating a VLAN, assigning ports to a VLAN, and browsing the VLAN database.
Let's open the Cisco Packer tracer program window with the logical topology of our network that I have drawn.
0 computers PC2 and PC0 are connected to the first switch SW1, united in a VLAN10 network with an IP address range of 192.168.10.0/24. Accordingly, the IP addresses of these computers will be 192.168.10.1 and 192.168.10.2. Usually people identify the VLAN number by the third octet of the IP address, in our case it is 10, however, this is not a mandatory condition for designating networks, you can assign any VLAN ID, but this order is accepted in large companies, because it makes it easier to configure the network.
Next is the switch SW1, which is connected to the VLAN20 network with an IP address of 192.168.20.0/24 with two laptops Laptop1 and Laptop2.
VLAN10 is located on the 1st floor of the company's office and represents the network of the sales department management. The marketer's laptop Laptop0, which belongs to VLAN0, is connected to the same SW20 switch. This network extends to the 2nd floor, where other employees are located, and is connected to the sales department, which can be located in another building or on the 3rd floor of the same office. There are 3 more computers installed here - PC2,3 and 4, which are part of the VLAN10 network.
The VLAN10 network, like VLAN20, must ensure uninterrupted communication for all employees, regardless of the fact that they are located on different floors or in different buildings. This is the concept of the network we will consider today.
Let's start setting it up and start with PC0. By clicking on the icon, we will enter the network settings of the computer and enter the IP address 192.168.10.1 and the subnet mask 255.255.255.0. I do not enter the default gateway address, because it is needed to exit one local network to another, and in our case we will not deal with the OSI layer 3 settings, we are only interested in layer 2, and we are not going to consider routing traffic to another net.
We are going to configure the intranet and only those hosts that are part of it. We will then move on to PC2 and do the same as for the first PC. Now let's see if I can ping PC1 from PC0. As you can see, the ping goes through, and the computer with the IP address 192.168.10.2 confidently returns packets. Thus, we have successfully established a connection between PC0 and PC1 via a switch.
To understand why we succeeded, let's go to the switch settings and look at the VLAN table.
Technically, this switch has 5 VLANs: VLAN1 by default, as well as 1002,1003,1004, 1005, 4 and 1. If you look at the last 24 networks, you can see that they are not supported and are marked unsupported. These are virtual networks of the old technology - fddi, fddinet, trnet. Currently they are not used, but according to the technical requirements, they are still included in new devices. Thus, in fact, our switch has by default only one virtual network - VLAN2, so all ports of any Cisco switch out of the box are configured for this network. These are 1 Fast Ethernet ports and XNUMX Gigabit Ethernet ports. This greatly facilitates the compatibility of new switches, because by default they are all part of the same VLANXNUMX.
We need to remap ports that are configured to work with VLAN1 by default to work with VLAN10. Packet Tracer shows that in our case, these are ports Fa0 and Fa0 / 2.
Let's go back to switch SW0 and configure these two ports. To do this, I use the configure terminal command to enter the global configuration mode, and enter the configuration command for this interface - int fastEthernet 0/1. I need to set this port to access because it is an access port and I use the switchport mode access command.
This port is configured as a static access port, but if I connect another switch to it, then thanks to the use of the DTP protocol, it will go into dynamic trunk mode. By default, this port belongs to VLAN1, so I need to use the switchport access vlan 10 command. In this case, the system will give us a message that VLAN10 does not exist and needs to be created. If you remember, in the VLAN database we have only one network - VLAN1, and there is no VLAN10 network there. But we requested the switch to provide access to VLAN10, so we received an error message.
Therefore, we need to create VLAN10 and assign this access port to it. After that, if you go to the VLAN database, you can see the newly created VLAN0010, which is in the active state and which owns the Fa0 / 1 port.
We did not make any changes to the computer, but simply configured the switch port to which it is connected. Now let's try to ping the IP address 192.168.10.2, which we successfully did a few minutes ago. It didn't work because the port that PC0 is connected to now belongs to VLAN10, and the port associated with PC1 still belongs to VLAN1, and there is no connection between the two networks. In order to establish communication between these computers, both ports must be configured to work with VLAN10. I enter global configuration mode again and do the same for switchport f0/2.
Let's look at the VLAN table again. Now we can see that VLAN10 is configured on ports Fa0/1 and Fa0/2. As you can see, now the ping is successful, because both ports of the SW0 switch to which the devices are connected belong to the same network. Let's try to change the name of the network to indicate its purpose. If we want to make any changes to a VLAN, we must enter that network's configuration.
To do this, I type vlan 10 and you can see that the command line prompt has changed from Switch (config) # to Switch (config-vlan) #. If we enter a question mark, the system will show us only 3 possible commands: exit, name and no. I can assign a network name with the name command, reset the commands to their default state by typing no, or save my changes with the exit command. So I enter the commands name SALES and exit.
If you look at the VLAN database, you can be sure that our commands have been executed and the former VLAN10 is now called SALES - the sales department. So, we connected 2 computers of our office to the created network of the sales department. Now you need to create a network for the marketing department. In order to connect Laptop0 to this network, you need to enter its network settings and enter the IP address 192.168.20.1 and the subnet mask 255.255.255.0, we do not need a default gateway. Then you need to return to the switch settings, enter the port settings with the int fa0 / 3 command and enter the switchport mode access command. The next command will be switchport access vlan 20.
We again receive a message stating that such a VLAN does not exist and needs to be created. You can go the other way - I will exit the Switch port configuration (config-if), go to Switch (config) and enter the vlan 20 command, thereby creating a VLAN20 network. That is, you can first create a VLAN20 network, give it the name MARKETING, save the changes with the exit command, and then configure the port for it.
If you enter the VLAN database with the sh vlan command, you can see the MARKETING network we created and the corresponding port Fa0 / 3. I will not be able to ping computers from this laptop for two reasons: we have different VLANs and our devices belong to different subnets. Since they belong to different VLANs, the switch will drop laptop packets directed to another network, because it does not have a port that belongs to VLAN20.
As I said, the company is expanding, there is not enough small office on the ground floor, so they place the marketing department on the 2nd floor of the building, install computers there for 2 employees and want to provide communication with the marketing department on the first floor. To do this, you must first create a trunk between two switches - the Fa0 / 4 port of the first switch and the Fa0 / 1 port of the second switch. To do this, I enter the SW0 settings and enter the commands int f0 / 4 and switchport mode trunk.
There is a switchport trunk enc encapsulation command, but it is not used in new switches, because by default they use 802.1q protocol encapsulation technology. However, older models of Cisco switches used the proprietary ISL protocol, which is no longer used, since now all switches understand the .1Q protocol. Thus, you no longer need to use the switchport trunk enc command.
If you now go into the VLAN database, you can see that the Fa0 / 4 port has disappeared from it. This is because this table lists only access ports that belong to a specific VLAN. In order to see the trunk ports of the switch, you must use the sh int trunk command.
In the command line window, we see that the Fa0/4 port is enabled, encapsulates using the 802.1q protocol, and belongs to native vlan 1. As we know, if this trunk port receives untagged traffic, it automatically forwards it to native vlan 1. In the next lesson, we'll talk about setting up native vlan, for now, just remember what the trunk settings look like for this device.
Now I go to the second switch SW1, enter the int f0 / 1 settings mode and repeat the port settings sequence similar to the previous case. Two ports Fa0 / 2 and Fa0 / 3, to which the laptops of the marketing department employees are connected, must be configured for access mode and assigned to the VLAN20 network.
In the previous case, we individually configured each switch port, and now I want to show you how to speed up this process using a command line template. You can enter a command to configure the range of interfaces int range f0/2-3, which will cause the command line prompt to change to Switch (config-if-range)#, and you can enter the same parameter or apply the same command to specified range of ports, for example, simultaneously for 20 ports.
In the previous example, we used the same switchport mode access and switchport access vlan 10 commands several times for several switch ports. These commands can only be entered once using a range of ports. Now I will enter the commands switchport mode access and switchport access vlan 20 for the selected port range.
Since VLAN20 does not yet exist, the system will create it automatically. I type exit to save my changes and ask them to show me the VLAN table. As you can see, ports Fa0/2 and Fa0/3 are now part of the newly created VLAN20.
Now I will configure the IP addresses of the laptops on the second floor of our office: Laptop1 will receive the address 192.168.20.2 and the subnet mask 255.255.255.0, and Laptop2 will receive the IP address 192.168.20.3. Let's check the network performance by pinging the first laptop from the second one. As you can see, the ping is successful because both devices are part of the same VLAN and are connected to the same switch.
However, the laptops of the marketing department on the first and second floors are connected to different switches, although they are in the same VLAN. Let's check how the connection between them is provided, for this I ping the laptop on the first floor from Laptop2, which has an IP address of 192.168.20.1. As you can see, everything works without problems despite the fact that laptops are connected to different switches. Communication is carried out due to the fact that both switches are connected by a trunk.
Can I connect between Laptop2 and PC0? No, I can't because they belong to different VLANs. Now let's set up a network of PC2,3,4 computers, for which we first create a trunk between the second switch Fa0/4 and the third switch Fa0/1.
I go into SW1 settings and type config t followed by int f0/4 followed by switchport mode trunk and exit. Similarly, I configure the third switch SW2. We have created a trunk, and you can see that after the settings took effect, the color of the ports changed from orange to green. Now you need to configure the Fa0/2,0/3,0/4 ports to which the sales department computers belonging to the VLAN10 network are connected. To do this, I enter the SW2 switch settings, select the f0 / 2-4 port range and apply the switchport mode access and switchport access vlan 10 commands to them. Since there is no VLAN10 network on these ports, it is created by the system automatically. If you look at the VLAN database of this switch, you can see that the Fa0 / 2,0 / 3,0 / 4 ports now belong to the VLAN10 network.
After that, you need to configure the network for each of these 3 computers by entering IP addresses and subnet masks. PC2 gets IP address 192.168.10.3, PC3 gets IP address 192.168.10.4, and PC4 gets IP address 192.168.10.5.
To answer the question of whether our network is working, let's ping the PC0 computer on the first floor from the PC4 computer located on the 3rd floor or in another building. The ping failed, so let's try to figure out why we couldn't do it.
When we tried to ping Laptop0 from Laptop2, everything worked fine, even though the laptops were connected to different switches. Why, now that our sales department computers are just as accurately connected to different switches connected by a trunk, does the ping fail? In order to understand the cause of the problem, you need to remember how the switch works.
When we send a packet from PC4 to switch SW2, it sees that the packet arrives at port Fa0/4. The switch checks its database and finds that port Fa0/4 belongs to VLAN10. After that, the switch tags the frame with the network number, that is, it attaches the VLAN10 header to the traffic packet, and sends it over the trunk to the second switch SW1. This switch "reads" the header and sees that the packet is for VLAN10, looks into its VLAN database and, finding that there is no VLAN10 there, drops the packet. Thus, PC2,3 and 4 devices can communicate with each other without problems, but an attempt to establish communication with PC0 and PC1 computers fails, because the SW1 switch does not know anything about the VLAN10 network.
We can easily fix this problem by going into the SW1 settings, creating a VLAN10 network using the vlan 10 command and entering its name MARKETING. Let's try to repeat the ping - you can see that the first three packets are dropped, and the fourth passes successfully. This is because the switch first checked the IP addresses and determined the MAC address, it took a certain time, so the first three packets were discarded by a timeout. Now the connection is established, because the switch has completed its MAC address table and directs the packets directly to the required address.
All I did to fix the problem was go to the intermediate switch settings and create a VLAN10 network there. Thus, even if the network is not directly connected to the switch, it still needs to know about all the networks involved in network connections. However, if your network has a hundred switches, you will not physically be able to go into the settings of each and manually configure the VLAN IDs. That's why we use the VTP protocol, the configuration of which will be discussed in the next video tutorial.
So, today we covered everything we planned: how to create VLANs, how to assign ports to VLANs, and how to view the VLAN database. To create networks, we enter the global switch configuration mode and use the vlan <number> command, we can also assign a name to the created network using the name <name> command.
We can also create VLANs in another way by entering interface mode and using the switchport access vlan <number> command. If there is no network with this number, it will be created automatically by the system. Remember to use the exit command after making changes to the initial settings, otherwise they will not be saved in the VLAN database. You can then assign ports to specific VLANs using the appropriate commands.
The switchport mode access command switches the interface to static access-port mode, after which the corresponding VLAN number is assigned to the port with the switchport access vlan <number> command. To view the VLAN database, use the show vlan command, which must be entered in user EXEC mode. To view a list of trunk ports, use the show int trunk command.
Thank you for staying with us. Do you like our articles? Want to see more interesting content? Support us by placing an order or recommending to friends, 30% discount for Habr users on a unique analogue of entry-level servers, which was invented by us for you: (available with RAID1 and RAID10, up to 24 cores and up to 40GB DDR4).
Dell R730xd 2 times cheaper? Only here in the Netherlands! Dell R420 - 2x E5-2430 2.2Ghz 6C 128GB DDR3 2x960GB SSD 1Gbps 100TB - from $99! Read about
Source: habr.com