MDH Lab – Basic Trunking & VTP

Topologi

lab2-1

Objectives

  • Set up a VTP domain
  • Create and maintain VLANs
  • Configure ISL and 802.1Q trunking

Background  

VLANs logically segment a network by function, team, or application, regardless of the physical location of the users. End stations in a particular IP subnet are often associated with a specific VLAN. VLAN membership on a switch that is assigned manually for each interface is known as static VLAN membership. Trunking, or connecting switches, and the VLAN Trunking Protocol (VTP) are technologies that support VLANs.

VTP manages the addition, deletion, and renaming of VLANs on the entire network from a single central switch.  Note: This lab uses Cisco WS-C2960-24TT-L switches with the Cisco IOS image c2960-lanbasek9-mz.122- 46.SE.bin, and Catalyst 3560-24PS with the Cisco IOS image c3560-advipservicesk9-mz.122-46.SE.bin.

You can use other switches (such as a 2950 or 3550) and Cisco IOS Software versions if they have comparable capabilities and features. Depending on the switch model and Cisco IOS Software version, the commands available and output produced might vary from what is shown in this lab.

Genomförande

Första labben av ~10 vi fått från MDH att genomföra närmaste 2 veckorna. De första verkar väldigt basic dock så får se hur långt jag hinner idag, skönt att vara igång och konfa lite och släppa teorin 😉

Det är ingen idé att börja med VTP då det kräver fungerande trunk-länkar för att kunna utbyta paket, så vi tar trunkarna & vlan1 först.

S1

Switch(config)#hostname S1
S1(config)#line con 0
S1(config-line)#logging synchronous
S1(config-line)#int range fa0/1 - 2
S1(config-if-range)#switchport trunk encapsulation dot1q 
S1(config-if-range)#switchport mode dynamic desirable 
S1(config-if-range)#description To S2
S1(config-if-range)#int range fa0/3 - 4
S1(config-if-range)#switchport trunk encapsulation isl
S1(config-if-range)#switchport mode dynamic desirable
S1(config-if-range)#description To S3
S1(config)#int vlan 1
S1(config-if)#ip add 10.1.1.101 255.255.255.0
S1(config-if)#no shut

S3

Switch(config)#hostname S3
S3(config)#line con 0
S3(config-line)#logging synchronous 
S3(config-line)#exit
S3(config)#int range fa0/1 - 2
SS3(config-if-range)#switchport trunk encapsulation dot1q
S3(config-if-range)#switchport mode dynamic desirable 
S3(config-if-range)#description to S2
S3(config-if-range)#int range fa0/3 - 4
S3(config-if-range)#switchport trunk encapsulation ISL
S3(config-if-range)#switchport mode dynamic auto
S3(config-if-range)#description to S1
S3(config-if-range)#end
S3(config)#int vlan1
S3(config-if)#ip add 10.1.1.102 255.255.255.0
S3(config-if)#no shut

S2

Switch(config)#hostname S2
S2(config)#line con 0
S2(config-line)#logging synchronous 
S2(config-line)#exit
S2(config)#inte range fa0/1 - 2
S2(config-if-range)#switchport mode dynamic auto
S2(config-if-range)#description to S1
S2(config-if-range)#int range fa0/3 - 4
S2(config-if-range)#switchport mode dynamic auto
S2(config-if-range)#description to S3
S2(config)#int vlan 1
S2(config-if)#ip add 10.1.1.103 255.255.255.0
S2(config-if)#no shut

S2 är en 2960 och har ej stöd för ISL, vi behöver därför endast sätta dynamic auto på upplänkarna mot S1 & S3.

S1#sh interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 desirable 802.1q trunking 1
Fa0/2 desirable 802.1q trunking 1
Fa0/3 desirable isl trunking 1
Fa0/4 desirable isl trunking 1

Allt ok så långt, vi tar och sätter S1 som VTP-server & skapar vlanen där, S2+S3 konfas som VTP klienter.

S1

S1(config)#vlan 100
S1(config-vlan)#name ServerFarm1
S1(config-vlan)#vlan 110
S1(config-vlan)#name ServerFarm2
S1(config-vlan)#vlan 120
S1(config-vlan)#name Net-Eng
S1(config-vlan)#exit
S1(config)#vtp mode server
Device mode already VTP SERVER.
S1(config)#vtp domain CCIE 
Changing VTP domain name from NULL to CCIE
S1(config)#vtp password cc1e
Setting device VLAN database password to cc1e
S1(config)#vtp version 2

S3

S3(config)#vtp mode client
Setting device to VTP CLIENT mode.
S3(config)#vtp domain CCIE
Domain name already set to CCIE. <- Kom ihåg att VTP-clienter automatiskt byter till den domän som annonseras om de inte redan är med i en domän.
S3(config)#vtp password cc1e
Setting device VLAN database password to cc1e
S3(config)#vtp version 2 <- Annonseras av VTP-servern
Cannot modify version in VTP client mode

S2

S2(config)#vtp mode client
Setting device to VTP CLIENT mode.
S2(config)#vtp password cc1e
Setting device VLAN database password to cc1e
S2#sh vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8
 Fa0/9, Fa0/10, Fa0/11, Fa0/12
 Fa0/13, Fa0/14, Fa0/15, Fa0/16
 Fa0/17, Fa0/18, Fa0/19, Fa0/20
 Fa0/21, Fa0/22, Fa0/23, Fa0/24
 Gi0/1, Gi0/2
100 ServerFarm1 active 
110 ServerFarm2 active 
120 Net-Eng active 
1002 fddi-default act/unsup 
1003 token-ring-default act/unsup 
1004 fddinet-default act/unsup 
1005 trnet-default act/unsup

Sen kan vi väl även ta och slänga in några interface i respektive vlan med grundläggande säkerhetsfunktioner.

S1

S1(config)#int range fa0/5 - 10
S1(config-if-range)#switchport mode access
S1(config-if-range)#switchport access vlan 100
S1(config-if-range)#spanning-tree portfast
S1(config-if-range)#description ServerFarm1, vlan 100
S1(config-if-range)#switchport port-security 
S1(config-if-range)#switchport port-security violation shutdown
S1(config-if-range)#switchport port-security max 1

S3

S3(config)#int range fa0/5 - 10
S3(config-if-range)#switchport mode access
S3(config-if-range)#switchport access vlan 120
S3(config-if-range)#spanning-tree portfast 
S3(config-if-range)#description Net-Eng
S3(config-if-range)#switchport port-security 
S3(config-if-range)#switchport port-security violation shutdown
S3(config-if-range)#switchport port-security max 1

S2

S2(config)#int range fa0/5 - 10
S2(config-if-range)#switchport mode access
S2(config-if-range)#switchport access vlan 110
S2(config-if-range)#spanning-tree portfast
S2(config-if-range)#description ServerFarm2, vlan 110
S2(config-if-range)#switchport port-security 
S2(config-if-range)#switchport port-security violation shutdown 
S2(config-if-range)#switchport port-security max 1

Klart! Har tyvärr inga hostar jag kan testa mot men genom show interface trunk, show vlan, show vtp status kan vi verifera att allt ser ok ut.

S1#sh vtp status
VTP Version : running VTP2
Configuration Revision : 4
Maximum VLANs supported locally : 1005
Number of existing VLANs : 8
VTP Operating Mode : Server
VTP Domain Name : CCIE
VTP Pruning Mode : Disabled
VTP V2 Mode : Enabled
VTP Traps Generation : Disabled
MD5 digest : 0x27 0x6D 0xB4 0x0D 0xA5 0xB5 0x1E 0x45 
Configuration last modified by 0.0.0.0 at 3-1-93 01:06:54
Local updater ID is 0.0.0.0 (no valid interface found)

S1#sh interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 desirable 802.1q trunking 1
Fa0/2 desirable 802.1q trunking 1
Fa0/3 desirable isl trunking 1
Fa0/4 desirable isl trunking 1

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/11, Fa0/12, Fa0/13, Fa0/14
 Fa0/15, Fa0/16, Fa0/17, Fa0/18
 Fa0/19, Fa0/20, Fa0/21, Fa0/22
 Fa0/23, Fa0/24, Gi0/1, Gi0/2
100 ServerFarm1 active Fa0/5, Fa0/6, Fa0/7, Fa0/8
 Fa0/9, Fa0/10
110 ServerFarm2 active 
120 Net-Eng active 
1002 fddi-default act/unsup 
1003 trcrf-default act/unsup 
1004 fddinet-default act/unsup 
1005 trbrf-default act/unsup