CCNA – Day 5

Wide Area Network – is a data communications network system that operates beyond the geographical scope of LAN. It uses facilities provided by service providers, carrier, cable, telecommunications and telephone company.
3 types of Wide Area Network (WAN) Connections:
1. Leased Line – the customer has a dedicated and direct line to the service provider’s network. Advantage includes a dedicated line not affected by other consumer and guaranteed bandwidth/throughput and provides easier Quality of Service (QoS) and traffic management. Disadvantages includes expensive.
2. Circuit-Switched – the internet connection is provided by a telephone company. It can either be a analog model or digital ISDN connection.
Asynchrounous serial connections – analog modem dial-up connections.
Synchronous serial connections – digital Integrated Services Digital Network (ISDN) connections.Has a guaranteed bandwidth.
3. Packet-Switched Connections-Packet-switched WAN services allow you to connect to the provider’s network in much the same way as a PC connects to a hub: When connected, your traffic is affected by other customers’ and theirs by you. This can be an issue sometimes, but it can be managed. The advantage of this shared-bandwidth technology is that with a single physical connection from your router’s serial port, you can establish virtual connections to many other locations around the world. Packet-switched connections use logical circuits to make connections between two sites. These logical circuits are referred to as virtual circuits (VCs). So if you have a lot of branch offices and they are far away from the head office, a packet-switched solution is a good idea.
X.25
The oldest of these four technologies is X.25, which is an ITU-T standard. X.25 is a network layer protocol that runs across both synchronous and asynchronous physical circuits, providing a lot of flexibility for your connection options. X.25 was actually developed to run across unreliable medium. It provides error detection and correction, as well as flow control, at both the data link layer (by LAPB) and the network layer (by X.25). In this sense, it performs a function similar to what TCP, at the transport layer, provides for IP. Because of its overhead, X.25 is best delegated to asynchronous, unreliable connections. If you have a synchronous digital connection, another protocol, such as Frame Relay or ATM, is much more efficient.
Frame Relay
Frame Relay is a digital packet-switched service that can run only across synchronous digital connections at the data link layer. Because it uses digital connections (which have very few errors), it does not perform any error correction or flow control as X.25 does. Frame Relay will, however, detect errors and drops bad frames. It is up to a higher layer protocol, such as TCP, to resend the dropped information.
ATM
ATM is also a packet-switched technology that uses digital circuits. Unlike Frame Relay and X.25, however, this service uses fixed-length (53 byte) packets, called cells, to transmit information. Therefore, this service is commonly called a cell-switched service. It has an advantage over Frame Relay in that it can provide guaranteed throughput and minimal delay for a multitude of services, includingvoice, video, and data. However, it does cost more than Frame Relay services. ATM (sort of an enhanced Frame Relay) can offer a connection guaranteed bandwidth, limited delay, limited number of errors, Quality of Service (QoS), and more. Frame Relay can provide some minimal guarantees to connections, but not to the degree of precision that ATM can. Whereas Frame Relay is limited to 45 Mbps connections, ATM can scale to very high speeds: OC-192 (SONET), for instance, affords about 10 Gbps of bandwidth.

Wide Area Network (WAN) Encapsulations – With each WAN solution, there is an encapsulation type. Encapsulations wrap an information envelope around your data that is used to transport your data traffic. If you use leased line as your wide-area networking choice, you can encapsulate your data inside a High-Level Data-Link Control (HDLC) frame, PPP frame, or Serial Line IP (SLIP) frame. For packet-switched networks, you can encapsulate or package your data in X.25 frames, Frame Relay, or Asynchronous Transfer Mode (ATM) frames.
1. Point-to-Point Protocol (PPP)
– Industry standard
– Multilink PPP
– Authentication
2 Types of Point-to-Point Protocol Authentication
1. Password Authentication Protocol (PAP) – PAP goes through a two-way handshake process. In this process, the source sends its username (or hostname) and password, in clear text, to the destination. The destination compares this information with a list of locally stored usernames and passwords. If it finds a match, the destination sends back an accept message. If it doesn’t find a match, it sends back a reject message.
2. Challenge Handshake Authentication Protocol (CHAP) – CHAP uses a three-way handshake process to perform the authentication. The source sends its username (not its password) to the destination. The destination sends back a challenge, which is a random value generated by the destination. used by the source to find the appropriate password to use for authentication Both sides then take the source’s username, the matching password, and the challenge and run them through the MD5 hashing function. The source then takes the result of this function and sends it to the destination. The destination compares this value to the hashed output that it generated—if the two values match, then the password used by the source must have been the same as was used by the destination, and thus the destination will permit the connection
Configuring PPP Authentication Type:
R1#conf t
R1(config)#interface serial 0/1
!To use Password Authentication Protocol (PAP)
ppp authentication pap
!To use Challenge Handshake Authentication Protocol (CHAP)
ppp authentication chap
!To use PAP first, then if it fails, use CHAP
ppp authentication pap chap
!To use CPAP first, then if it fails, use PAP
ppp authentication chap pap
exit
sample:

R1:
conf t
username R2 password cisco
interface s0/0
encapsulation ppp
ppp authentication pap
ppp pap sent-username R1 password cisco
end

R2:
conf t
username R1 password cisco
interface s0/0
encapsulation ppp
ppp authentication pap
ppp pap sent-username R2 password cisco
end

2 High-Level Data Link Control(HDLC)
– Cisco proprietary
– default encapsulation type on all cisco serial interfaces

3. Frame-Relay

First Hop Redundancy Protocol (FHRP)
1. Hot Standby Router Protocol (HSRP)
– Cisco proprietary protocol

Scenario:
virtual IP: 192.168.10.3
R1 is the main router
R2 is the backup router
Note: HSRP and VRRP is configured on the router interface that supposedly has the default gateway IP address

R1#conf t
R1(config)#interface fa0/0
R1(config-if)#standby 1 ip 192.168.10.3 – we need to configure the HSRP Group and the HSRP virtual IP address. Use group#1 and virtual IP 192.168.10.3
R1(config-if)#standby 1 priority 120 – HSRP priority by default is 100, higher priority is the main router. Configure R1 with 120 priority value.
R1(config-if)#standby 1 preempt – use preemption for R1 to make sure it is the main when turned on
R1(config-if)#no shut
R1(config-if)#end
R1#
verify using:
R1#show standby
note:in Hot Standby Router Protocol (HSRP), the main router is the active router. In HSRP, the middle mac address is always “.0c07.”

R2#conf t
R2(config)#interface fa0/0
R2(config-if)#standby 1 ip 192.168.10.3
R2(config-if)#no shut
R2(config-if)#end
R2#
verify using:
R2#show standby
Note: In Hot Standby Router Protocol (HSRP), the main router the backup router is the standby router

2. Virtual Router Redundancy Protocol (VRRP)
– Industry standard
Virtual Router Redundancy Protocol (VRRP) Configuration:
Scenario
Virtual IP address – 192.168.10.50
R1 is the main router
R2 is the backup router
R1#conf t
R1(config)#interface fa0/0
R1(config-if)# vrrp ip – we need to configure the VRRP Group # and the virtual IP address
R1(config-if)#vrrp priority – vrrp default is 100, we need to set a higher priority for the main router R1
R1(config-if)#vrrp preempt – the parameter preempt allows the selected to be the main router when powered on
R1(config-if)#no shut
R1(config-if)#end
R1
Example:
R1#conf t
R1(config)#interface fa0/0
R1(config-if)#vrrp 1 ip 192.168.10.50
R1(config-if)#vrrp 1 priority 120
R1(config-if)#vrrp 1 preempt
R1(config-if)#no shut
R1(config-if)#end
R1#
verify using:
R1#show vrrp
note:in Virtual Router Redundancy Protocol(VRRP), the main router is the master router and the backup router is the backup router. the middle mac address value is “.5e00.”
R2#conf t
R2(config)#interface fa0/0
R2(config-if)#vrrp 1 ip 192.168.10.50
R2(config-if)#no shut
R2(config-if)#end
R2#
verify using:
R1#show vrrp

3. Gateway Load Balancing Protocol (GLBP)
-Cisco proprietary protocol

Cisco Discovery Protocol (CDP)
R1#show cdp neighbors – shows neighboring cisco network devices
R1#show cdp neighbors detail -shows neighboring cisco network devices with detailed information

2 Types of Virtual Circuits
1. Permanent Virtual Circuit (PVC)
-like leased line, always on
2. Switched Virtual Circuit (SVC)
-like DSL, on demand

2 Types of Frame Relay Implementations
1. Multipoint
-one network address for all PVCs
-has split horizon issues
2. Point-to-point
-one network address per PVC
-no split horizon issues
A data link connection identifier (DLCI) is a Frame Relay 10 bit wide link-local virtual circuit identifier used to assign frames to a specific PVC or SVC. It operates at layer 2 data link layer.
Local Management Interface(LMI)
Frame-Relay Lab Command Configuration:
R1#conf t
R1(config)#interface serial 0/0
R1(config-if)#encapsulation frame-relay – initialize the interface for frame-relay
R1(config-if)#no ip address – no ip address for the initialized interface for frame-relay
R1(config-if)#no shut
R1(config-if)#exit
R1(config)#interface serial 0/0.30 point-to-point
R1(config-subif)#ip address 10.0.0.2 255.255.255.0
R1(config-subif)#frame-relay interface-dlci 102
R1(config-fr-dlci)#end
R1#
verify using:
R1#show ip int brief

3 Switch modes
1.Trunk- switch to router, switch to switch
2. Access – switch to end device
3. Dynamic – auto, desirable
General Switch Configurations:
1. Hostname
2. Enable password
3. Line Console Login and Password
4. Line VTY 0 4 Login and Password
5. Interface VLAN 1 IP address
-Management VLAN
-Self IP Address of the switch
example:
SW1:
conf t
interface vlan 1
ip address 192.168.1.2 255.255.255.0
no shut
exit
VERIFY: SW1#show ip interface brief

SW1#show ip int brief | inc Vlan
6. SWITCHPORT MODES

3 MODES
1. TRUNK

2. ACCESS

3. DYNAMIC
==> AUTO
==> DESIRABLE

SYNTAX:
! TO MAKE AN INTERFACE A TRUNK INT
conf t
interface fa0/2
switchport mode trunk
exit

! TO MAKE AN INT AN ACCESS PORT
conf t
interface fa0/5
switchport mode access
exit

! TO MAKE AN INTERFACE A DYNAMIC AUJTO/DESIRABLE
conf t
interface fa0/5
switchport mode dynamic auto
switchport mode dynamic desirable
exit

VERIFY: #SHOW INTERFACE FA0/2 SWITCHPORT

TO VIEW ALL ACTIVE TRUNKS ON A SWITCH
#show interfaces trunk

#show interface status

DEFAULT CONFIGURATION SWITCH INTERFACES
interface fa0/5
switchport mode dynamic auto/desirable
speed auto
duplex auto
exit

7. IP DEFAULT GATEWAY
==> IP ADDRESS OF THE ROUTER THAT HAS THE SAME NETWORK ADDRESS AS THE SWITCH VLAN 1 IP ADDRESS

SW1 SW2
conf t
ip default-gateway 192.168.1.1
exit

8. SWITCHPORT SECURITY

SCENARIO: ALLOW ONLY 1 COMPUTER TO BE CONNECTED ON PORT F0/5 OF SW1, IF A VIOLATION OCCURS, SHUTDOWN THE PORT

NOTE: SWITCHPORT SECURITY, CAN ONLY BE CONFIGURED ON HARD CODED ACCESS PORTS, NEVER ON TRUNK PORTS, NEVER ON DYNAMIC PORTS..

SW1:
conf t
default interface range fa0/5 – 8
!
interface fa0/5
! WE NEED TO MAKE THIS INT AN ACCESS PORT FIRST
switchport mode access
!
! WE NEED TO ENABLE THE SWITCHPORT SECURITY FUNCTION ! ! FIRST
!
switchport port-security
!
! WE NEED TO CONFIGURE WHAT IS THE MAXIMUM NUMBER OF ! MAC ADDRESSES TO BE LEARNED ON THIS PORT
!
switchport port-security maximum 1
!
! WE NEED TO CONFIGURE WHAT WILL HAPPEN IF A VVIOALTION ! OCCURS
! OPTIONS: SHUTDOWN, RESTRICT, PROTECT
! SHUTDOWN ==> SHUTS DOWN THE PORT
! RESTRICT AND PROTECT ==> DROPS THE FRAMES
! RESTRICT ==> DROPS FRAMES, SENDS LOGS
! PROTECT ==> DROPS FRAMES, DOES NOT SEND LOGS
!
switchport port-security violation shutdown
exit

VERIFY: #SHOW PORT-SECURITY

CONFIGURING A DYNAMICALLY LEARNED MAC ADDRESS FOR PORT SECURITY

conf t
interface fa0/5
switchport port-security mac-address sticky
exit
VLANS

2 WAYS TO CONFIGURE
1. VLAN CONFIGURATION MODE WAY
==> IS SUPPORTED BY NEWER CISCO SWITCHES
==> EXAMS
2. VLAN DATABASE MODE WAY
==> IS SUPPORTED BY OLDER/LEGACY SWITCHES
==> GNS3

VLAN CONFIGURATION MODE WAY:
conf t
vlan 10
name IT
exit

VLAN DATABASE MODE WAY
enable
vlan database
vlan 10 name IT
exit

HOW TO ASSIGN PORTS TO VLANS??

NOTE: WE CAN ONLY ASSIGN ACCESS PORTS TO VLANS, NEVER TRUNK PORTS.

KASI, PAG ANG ISANG INTERFACE, AY MINEMBER MO SA ISANG VLAN, UNG INTERFACE NA UN WILL ONLY RECEIVE BROADCASTS FROM THAT VLAN ONLY..

TRUNK PORTS, ARE INTERCONNECTION POOINTS PAPUNTANG IBANG SWITCH, TRUNK PORTS SHOULD RECEIVE BROADCASTS FROM ALL VVLANS.. SO HINDI MO SYA PEDENG I-ASSIGN SA ISANG VLAN LANG.

ACTUALLY, A NG ISANG TRUNK PORT AY MEMBER NG LAHAT NG VLAN..

SW1:
conf t
interface fa0/4
! WE NEED TO MAKE THIS INTERFACE AN ACCESS PORT FIRST
switchport mode access
! TO ASSIGN THIS INTERFACE TO A VLAN
! switchport access vlan
! TO ASSIGN THIS INTERFACE TO VLAN 10
!switchport access vlan 10
no shut
exit

FOR SIMILAR COMMANDS OVER A RANGE OF PORTS, WE CAN USE THE INTERFACE RANGE COMMAND

SW1:
conf t
interface range f0/4 – 5
switchport mode access
switchport access vlan 10
no shut
exit

VERIFY: #SHOW VLAN ==> REAL SWITCHES
#SHOW VLAN-SWITCH ==> GNS3

Virtual Trunking Protocol (VTP) – Cisco proprietary
3 VTP modes
1. Server – default VTP mode, can add, can edit, can delete VLANs.
2. Client – No add, no edit, no delete VLANs
3. Transparent-can add, can edit, can delete VLANs, config revision number is always zero.
VTP CONFIGURATION

SCENARIO:
SW1 = SERVER
SW2 = CLIENT
VTP DOMAIN ==> mydomain
VTP PASSWORD ==> mypass

VLAN CONFIGURATION MODE WAY

conf t
! TO MAKE THIS A SERVER
vtp mode server
! TO MAKE THIS A VTP CLIENT
vtp mode client
! TO MAKE THIS VTP TRANSPARENT
vtp mode transparent
! TO CONFIGURE THE DOMAIN NAME
vtp domain mydomain
! TO CONFIGURE THE PASSWORD
vtp password mypass
exit

VERIFY: #show vtp status
#show vtp password VLAN CONFIGURATION MODE WAY

conf t
! TO MAKE THIS A SERVER
vtp mode server
! TO MAKE THIS A VTP CLIENT
vtp mode client
! TO MAKE THIS VTP TRANSPARENT
vtp mode transparent
! TO CONFIGURE THE DOMAIN NAME
vtp domain mydomain
! TO CONFIGURE THE PASSWORD
vtp password mypass
exit

VERIFY: #show vtp status
#show vtp password

VTP DATABASE MODE WAY

enable
vlan database
vtp server
vtp client
vtp transparent
vtp domain mydomain
vtp password mypass
exit

#show vlan brief

conf t
vlan 54
name test54
exit

=====
NOTE: ONLY VLAN NAMES ARE PROPAGATED ON A VTP UPDATE, PORT ASSIGNMENTS SHOYULD BE DOONE MANUALLY

SW2:
conf t
interface range f0/3 – 4
switchport mode access
switchport access vlan 10
no shut
exit
interface range f0/5 – 6
switchport mode access
switchport access vlan 20
no shut
exit
interface fa0/7
switchport mode access
switchport access vlan 30
no shut
exit

VERIFY: #show vlan brief

Trunking Encapsulation
1. Interswitch Link (ISL) – Cisco proprietary
2. 8
CONFIGURING TRUNKING ENCAPSULATIONS

2 T YPES
1. ISL
2. 802.1Q / DOT1Q

SW1:
conf t
interface fa0/3
switchport mode trunk
switchport trunk encapsulation dot1q
exit

VERIFY: #SHOW INT F0/3 SWITCHPORT

INTERVLAN ROUTING / ROUTER-ON-A-STICK CONFIG

R1:
conf t
! WE NEED TO INITIALIZE THE NANAY INTERFACE FIRST
interface fa0/0
no ip address
no shut
exit
interface fa0/0.1
! WE NEED TO INFORM THE ROUTER WHICH TRUNKING ! ENCAPSULATION TO USE 802.1Q/ISL, AND ASSIGGN THIS ! SUBINT TO A VLAN FIRST
!
! encapsulation dot1q
!
! TO ASSIGN THIS SUBINT TO VLAN 1
!
encapsulation dot1q 1
!
ip address 192.168.1.1 255.255.255.0
exit

TESTING:
FROM R1, PING SW1
R1#ping 192.168.1.2

R1#ping 192.168.1.3

R1:
conf t
interface fa0/0.10
encapsulation dot1q 10
ip address 192.168.10.1 255.255.255.0
exit
interface fa0/0.20
encapsulation dot1q 20
ip address 192.168.20.1 255.255.255.0
exit

VERIFY: #SHOW IP INT BRIEF

MULTILAYER SWITCHING LAB

SW1:
enable
conf t
hostname SW1
!

CONFIGURE TRUNKING FIRST ON SW1

SW1:
conf t
interface range fa1/2 – 3
switchport mode trunk
switchport trunk encapsulation dot1q
no shut
exit

CONFIGURE VLANS

SW1:
enable
vlan database
vlan 10
vlan 20
vlan 30
vlan 40
exit

VERIFY: #show vlan-switch

L3SW:
enable
conf t
hostname L3SW
!

CONFIGURE TRUNKING ON L3SW

L3SW:
conf t
interface range fa1/2 – 3
switchport mode trunk
switchport trunk encapsulation dot1q
no shut
exit

VERIFY: #SHOW INTERFACES TRUNK

CONFIGURE VLANS

L3SW:
enable
vlan database
vlan 10
vlan 20
vlan 30
vlan 40
exit

VERIFY: #SHOW VLAN-SWITCH

CONFIGURE THE SVIs ON L3SW

L3SW:
conf t
interface vlan 1
ip address 192.168.1.1 255.255.255.0
no shut
exit
interface vlan 10
ip address 192.168.10.1 255.255.255.0
no shut
exit
interface vlan 20
ip address 192.168.20.1 255.255.255.0
no shut
exit
interface vlan 30
ip address 192.168.30.1 255.255.255.0
no shut
exit
interface vlan 40
ip address 192.168.40.1 255.255.255.0
no shut
exit

VERIFY: #show ip int brief | inc Vlan

NOTE: SERV1 IS A MEMBER OF VLAN 10

WE NEED TO CONFIGURE SW1 PARA UNG F1/0 NYA (INTERFACE KUNG SAAN NAKADIKIT SI SERV1) DAPAT MEMBER NG VLAN 10

SW1:
conf t
interface fa1/0
switchport mode access
switchport access vlan 10
no shut
exit

VERIFY: #SHOW VLAN-SWITCH

SERV1:
enable
conf t
hostname SERV1
!

CONFIGURE THE F0/0 INTERFACE OF SERV1 TO HAVE AN IP ADDRESS THAT IS A MEMBER OF VLAN 10 NETWORK

SERV1:
conf t
interface fa0/0
ip address 192.168.10.2 255.255.255.0
no shut
exit

WE NEED TO CONFIGURE A DEFAULT GATEWAY IP ADDRESS, COUNTERPART SA ROUTER, DEFAULT ROUTE

DEFAULT GW IP ADDRESS ==> 192.168.10.1

SERV1:
conf t
ip route 0.0.0.0 0.0.0.0 192.168.10.1

TESTING: FROM SERV1, PING DEF. GW IP NYA

SERV1:#ping 192.168.10.1

LAGYAN NG IP ADDRESS SI L3SW:

L3SW:
conf t
interface fa1/4
no switchport
ip address 10.0.0.1 255.255.255.0
no shut
exit

VERIFY : #show ip int brief

MAIN:
enable
conf t
hostname MAIN
!
interface fa1/4
no switchport
ip address 10.0.0.2 255.255.255.0
no shut
exit

TESTING:
FROM MAIN, PING L3SW
MAIN#ping 10.0.0.1

WE CAN THEN CONFIGURE ROUTING BETWEEN L3SW AND MAIN ROUTER

L3SW:
conf t
! WE NEED TO ACTIVATE THE IP ROUTING ! FUNCTION FIRST
!
ip routing
!
router eigrp 100
network 192.168.0.0 0.0.255.255
network 10.0.0.0
no auto-summary
exit

MAIN:
conf t
router eigrp 100
network 10.0.0.0
no auto-summary
exit

VERIFY: #SHOW IP ROUTE

TESTING:
FROM MAIN, PING SERV1
MAIN#ping 192.168.10.2

MAIN:
conf t
interface serial 0/0
ip address 20.0.0.1 255.255.255.0
clock rate 128000
no shut
exit

BRANCH:
enable
conf t
hostname BRANCH
!
interface serial 0/0
ip address 20.0.0.2 255.255.255.0
no shut
exit

VERIFY: #show ip int brief

TESTING:
FROM BRANCH, PING MAIN
BRANCH: #ping 20.0.0.1

WE CAN THEN CONFIGURE EIGRP 100

MAIN:
conf t
router eigrp 100
network 20.0.0.0
no auto-summary
exit

BRANCH:
conf t
router eigrp 100
network 20.0.0.0
no auto-summary
exit

VERIFY: #SHOW IP ROUTE

FROM BRANCH, PING SERV1
BRANCH#ping 192.168.10.2

CONFIGURING A DHCP SERVER

DHCP POOL ==> 10network
NETWORK ADDRESS ==> 192.168.10.0/24
DEFAULT GATEWAY ==> 192.168.10.1
DNS SERVER ==> 2.2.2.2
DHCP EXCLUDED ADDRESSES
192.168.10.1 – 192.168.10.9

MAIN:
conf t
! WE NEED TO TURN ON THE DHCP SERVICE
!
service dhcp
!
ip dhcp pool 10network
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 2.2.2.2
exit
! ip dhcp excluded-address
!
ip dhcp excluded-address 192.168.10.1 192.168.10.9
exit

VERIFY: #show ip dhcp pool

TESTING:
SI SERV1 MANGHIHINGI NG IP ADDRESS SA DHCP SERVER

PAKITANGGAL MUNA UNG IP ADDRESS SA F0/0

SERV1:
conf t
interface fa0/0
no ip address
exit
no ip routing
ip routing
exit

VERIFY: #show ip int brief

#show ip route

SI SERV1 AY MANGHIHINGI NG IP ADDRESS SA MAIN

SERV1:
conf t
interface fa0/0
ip address dhcp
no shut
exit

VERIFY: #show ip int brief

>> WE CONFIGURE A DHCP HELPER ADDRESS

DHCP HELPER ADDRESS
==> INFORM A ROUTER/L3SWITCH THAT IF IT RECEIVES A DHCP BROADCAST REQUEST ON AN INTERFACE, TO NOT DROP THE PACKET, INSTEAD, FORWARD THE DHCP BROADCAST REQUEST TO A PREDETERMINED IP ADDRESS OF A DHCP SERVER..

L3SW:
conf t
interface vlan 10
! ip helper-address
!
ip helper-address 10.0.0.2
exit

SERV1#SHOW IP INT BRIEF

SERV1#SHOW IP ROUTE

===
SI SERV2 NAMAN MANGHIHINGI NG IP ADDRESS

MEMBER SYA NG VLAN 20, SO DAPAT UNG INTERFACE NA DINIDIKITAN NYA SA SW1, MEMBER NG VVLAN 20

SW1:
conf t
interface fa1/1
switchport mode access
switchport access vlan 20
no shut
exit

VERIFY:#SHOW VLAN-SWITCH

MAIN:

DHCP POOL ==> 20network
NETWORK ADDRESS ==> 192.168.20.0/24
DEFAULT GW IP ==> 192.168.20.1
DNS SERVER ==> 2.2.2.2
EXCLUDED ADDRESSES ==>
192.168.20.1 – 192.168.20.9

MAIN:
conf t
ip dhcp pool 20network
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 2.2.2.2
exit
ip dhcp excluded-address 192.168.20.1 192.168.20.9
exit

VERIFY: #SHOW IP DHCP POOL

>> CONFIGURE THE HELPER ADDRESS ON L3SW

L3SW:
conf t
interface vlan 20
ip helper-address 10.0.0.2
exit

SERV2:
enable
conf t
hostname SERV2
!
interface fa0/0
ip address dhcp
no shut
exit

VERIFY: #SHOW IP INT BRIEF

TESTING:
FROM SERVV2, PING SERV1
SERV2#ping 192.168.10.10

HRRP AND VRRP

L3SW:
conf t
interface vlan 10
standby 1 ip 192.168.10.5
standby 1 priority 120
standby 1 preempt
exit
interface vlan 20
standby 1 ip 192.168.20.5
standby 1 priority 120
standby 1 preempt
exit

ETHERCHANNEL CONFIGURATION

SW1 L3SW:
conf t
interface range f1/2 – 3
channel-group 1 mode on
exit

PVST CONFIGURATION

PRIMARY ROOT BRIDGE
SW1 => VLAN 10, VLAN 20
SW2 => VLAN 30, VLAN 40

SECONDARY ROOT BRIDGE
SW1 => VLAN 30, VLAN 40
SW2 ==> VLAN 10, VLAN 20

SW1:
conf t
spanning-tree vlan 10 root primary
spanning-tree vlan 30 root secondary
exit

VERIFY: #SHOW SPANNING-TREE VLAN 10

VERIFY: #SHOW ETHERCHANNEL PORT-CHANNEL

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s