2.Configure, verify, and troubleshoot VLANs (normal/extended range) spanning multiple switches

Alright, so the coming topics are getting more complicated and I feel good to explain more complicated topics. What is VLAN? First, let us remember the word “virtual” would be a great help, it means we created just a conceptual LAN but it doesn’t necessarily to be a physical LAN. The scenario goes like this let say you are an  engineering staff of Robinsons Beta and there was a massive hiring for engineering positions, however there are  only limited stations available for new hired employees in Robinsons Beta but you’re company has another building at Robinsons Alpha. VLAN could be a great help in such way that new hired engineering staff would have equal access to engineering department even though they will be designated to Robinsons Alpha. Robinsons Alpha is usually designated for Sales department. VLAN could be a great help to segments the department even though the members of department are in different physical location.

656565

I have here another network wherein hosts are group according to department. Since I already explained the concept of switching, let us try to pretend that we don’t have VLAN or let us try to imagine the absence of VLAN. Let say that PC1 of Sales team would like to communicate of PC0 of sales, what will happen is that PC1 will send an ARP request with his MAC address as the source and broadcast address because PC1 doesn’t know MAC address of PC0. The thing here is that switch will broadcast the message to all host connected to its ports and even engineering and accounting department would get the broadcast message of sales team. If that is the case, the network will be inefficient and slow, also security is at risk if just one station or PC was hacked and then all other departments will be affected.

The main goal of VLAN is to divide logical networks into broadcast domains. Let us remember that a switch is a big broadcast domain, thus increasing the number of broadcast domains means reducing its size.

How it works? We create VLAN groups and let the switch informed that on this vlan, you can only send a broadcast to these ports. So if we PC1 from Sales would like to communicate to PC0 of Sales as well, it will send an ARP request with PC1’s MAC address and a broadcast message will be only sent to the SALES VLAN up until we get a response from PC0.

Types of VLAN

1.) Default VLAN–> all unassigned ports will go here first, By default, you would see that if we don’t assign VLAN names yet to the ports, it will go first to VLAN1. To verify it use “show vlan br” command:

Switch#show vlan br

VLAN Name Status Ports

—- ——————————– ——— ——————————-

1 default active Fa0/1, Fa1/1, Fa2/1, Fa3/1

Fa4/1, Fa5/1, Fa6/1, Fa7/1

Fa8/1, Fa9/1

1002 fddi-default active

1003 token-ring-default active

1004 fddinet-default active

1005 trnet-default active

2.) Data VLAN –> user VLAN

–> it carries user-generated traffic

3.) Native VLAN –> supports traffic coming from many VLAS as well as untagged traffic

4.) Management VLAN –> to access the management capabilities of a switch

5.) Voice VLAN –> mostly prioritized is voice traffic

How to configure?

Step 1 Name the vlan using this series of configuration:

enable
configure terminal
vlan xx
name ( your preferred VLAN name)
exit

For the above set-up, we will use configuration:

ena
conf t
vlan 10
name SALES
exit
!
vlan 20
name ACCOUNTING
exit
!
vlan 30
name ENGINEERING
exit

and if we verify it using show vlan br, we would see:
Switch#show vlan br

VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa0/1, Fa1/1, Fa2/1, Fa3/1
Fa4/1, Fa5/1, Fa6/1, Fa7/1
Fa8/1, Fa9/1
10 SALES active
20 ACCOUNTING active
30 ENGINEERING active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active

We would see that ports are not assigned yet, so we can assign vlan to ports using this configuration

enable
conf t
interface fastEthernet 0/1

!go to interace first
switchport mode access

! assigning this interface as an end-user or access
switchport access vlan 10

! assigning the vlan
exit

then you would see that VLAN 10 has port 0/1 already

VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa1/1, Fa2/1, Fa3/1, Fa4/1
Fa5/1, Fa6/1, Fa7/1, Fa8/1
Fa9/1
10 SALES active Fa0/1
20 ACCOUNTING active
30 ENGINEERING active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active

After all other configurations, we would see that:

Switch(config)#do show vlan br

VLAN Name Status Ports

—- ——————————– ——— ——————————-

1 default active Fa4/1, Fa5/1, Fa8/1, Fa9/1

10 SALES active Fa0/1, Fa1/1

20 ACCOUNTING active Fa6/1, Fa7/1

30 ENGINEERING active Fa2/1, Fa3/1

1002 fddi-default active

1003 token-ring-default active

1004 fddinet-default active

1005 trnet-default active

All vlans are already assigned and unassigned vlans are tagged at VLAN1.

If you wonder what are those vlan 1002-1005, those are cisco default vlan for fddi and token ring, these vlans are not used nowadays but since it was included as default vlan a long time ago, we cannot delete these vlans.

You wondered that the title shows that “Configure, verify, and troubleshoot VLANs (normal/extended range) ”

Let me give you the range of vlans you can have

0,4095–> Reserved ; For system used only. You cannot see or use these vlans

1- >  the native VLAN ( in Normal Range) You can use but you cannot delete

2-1001/ 1006-4094 –> Normal Range; You can delete, add and manage vlans

1002-1005 –> FDDI and token ring default VLAN; You cannot delete these VLANS

Configuring Layer 3 VLAN

The question is what if an Engineering staff has disputes in payroll? Yes, he can relay the information to his supervisor  but then the Accounting department is the best team that can help him. So we need VLANS to communicate to one another, since VLANS are designed to separate networks, it seems like a layer 3 device in order for VLANs to communicate to one another but it doesn’t necessarily mean that we need a router. There are layer 3 switch that can also perform routing. So it means, we can designate IP address to VLANS. I assigned different subnets for each department:

192.168.1.0/24 – sales
192.168.2.0/24 engineering
192.168.3.0/24 accounting

I also assigned IP address to host of engineering and accounting department

ping1.PNG

What I did is that PC2 tried to ping PC3 which they share the same VLAN and the ping is successful. But tried to ping PC4 which is on Engineering VLAN and the ping was not successful. Let us try to do the same process as we assigned IP address to VLAN.

enable
configure terminal
interface vlan 20
! we got to the vlan interface
description ENGINEERING
! assigning description would be a great help for analysis
ip address 192.168.2.1 255.255.255.0
! we use the first usable vlan as it acts as gateway
no shut exit

enable
configure terminal
interface vlan 30
description ACCOUNTING
ip address 192.168.3.1 255.255.255.0
no shut exit

enable
configure terminal
interface vlan 10
description SALES
ip address 192.168.1.1 255.255.255.0
no shut exit

Upon verifying:

Switch(config-if)#do show run | begin ip address

no ip address

shutdown

!

interface Vlan10

description SALES

mac-address 0001.63de.6803

ip address 192.168.1.1 255.255.255.0

!

interface Vlan20

description ENGINEERING

mac-address 0001.63de.6801

ip address 192.168.2.1 255.255.255.0

!

interface Vlan30

description ACCOUNTING

mac-address 0001.63de.6802

ip address 192.168.3.1 255.255.255.0

Ok I’m about to post something about ping test result and I feel really embarassed that hosts from different vlans are not communicating, then after I ate my breakfast, I came to realize that I am using layer 2 switch and therefore layer 3 operations will not operate. Huhuhu!

Switch#show version

Cisco Internetwork Operating System Software

IOS ™ PT3000 Software (PT3000-I6Q4L2-M), Version 12.1(22)EA4, RELEASE SOFTWARE (fc1)

Copyright (c) 1986-2006 by cisco Systems, Inc.

Compiled Fri 12-May-06 17:19 by pt_team

Image text-base: 0x80010000, data-base: 0x80562000

ROM: Bootstrap program is is C2950 boot loader

Switch uptime is 3 hours, 7 minutes, 4 seconds

System returned to ROM by power-on

Cisco WS-CSwitch-PT (RC32300) processor (revision C0) with 21039K bytes of memory.

Processor board ID FHK0610Z0WC

Last reset from system-reset

Running Standard Image

10 FastEthernet/IEEE 802.3 interface(s)

63488K bytes of flash-simulated non-volatile configuration memory.

Base ethernet MAC Address: 0001.63DE.68D5

Motherboard assembly number: 73-5781-09

Power supply part number: 34-0965-01

Motherboard serial number: FOC061004SZ

Power supply serial number: DAB0609127D

Model revision number: C0

Motherboard revision number: A0

Model number: WS-CSwitch-PT

–More–

*****************************END OF BLOG****************************

Advertisements

2 thoughts on “2.Configure, verify, and troubleshoot VLANs (normal/extended range) spanning multiple switches”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s