Wide Area Network – is a data communications network system that operates beyond the geographical scope of LAN. It uses facilities provided by service providers, carrier, cable, telecommunications and telephone company.
3 types of Wide Area Network (WAN) Connections:
1. Leased Line – the customer has a dedicated and direct line to the service provider’s network. Advantage includes a dedicated line not affected by other consumer and guaranteed bandwidth/throughput and provides easier Quality of Service (QoS) and traffic management. Disadvantages includes expensive.
2. Circuit-Switched – the internet connection is provided by a telephone company. It can either be a analog model or digital ISDN connection.
Asynchrounous serial connections – analog modem dial-up connections.
Synchronous serial connections – digital Integrated Services Digital Network (ISDN) connections.Has a guaranteed bandwidth.
3. Packet-Switched Connections-Packet-switched WAN services allow you to connect to the provider’s network in much the same way as a PC connects to a hub: When connected, your traffic is affected by other customers’ and theirs by you. This can be an issue sometimes, but it can be managed. The advantage of this shared-bandwidth technology is that with a single physical connection from your router’s serial port, you can establish virtual connections to many other locations around the world. Packet-switched connections use logical circuits to make connections between two sites. These logical circuits are referred to as virtual circuits (VCs). So if you have a lot of branch offices and they are far away from the head office, a packet-switched solution is a good idea.
X.25
The oldest of these four technologies is X.25, which is an ITU-T standard. X.25 is a network layer protocol that runs across both synchronous and asynchronous physical circuits, providing a lot of flexibility for your connection options. X.25 was actually developed to run across unreliable medium. It provides error detection and correction, as well as flow control, at both the data link layer (by LAPB) and the network layer (by X.25). In this sense, it performs a function similar to what TCP, at the transport layer, provides for IP. Because of its overhead, X.25 is best delegated to asynchronous, unreliable connections. If you have a synchronous digital connection, another protocol, such as Frame Relay or ATM, is much more efficient.
Frame Relay
Frame Relay is a digital packet-switched service that can run only across synchronous digital connections at the data link layer. Because it uses digital connections (which have very few errors), it does not perform any error correction or flow control as X.25 does. Frame Relay will, however, detect errors and drops bad frames. It is up to a higher layer protocol, such as TCP, to resend the dropped information.
ATM
ATM is also a packet-switched technology that uses digital circuits. Unlike Frame Relay and X.25, however, this service uses fixed-length (53 byte) packets, called cells, to transmit information. Therefore, this service is commonly called a cell-switched service. It has an advantage over Frame Relay in that it can provide guaranteed throughput and minimal delay for a multitude of services, includingvoice, video, and data. However, it does cost more than Frame Relay services. ATM (sort of an enhanced Frame Relay) can offer a connection guaranteed bandwidth, limited delay, limited number of errors, Quality of Service (QoS), and more. Frame Relay can provide some minimal guarantees to connections, but not to the degree of precision that ATM can. Whereas Frame Relay is limited to 45 Mbps connections, ATM can scale to very high speeds: OC-192 (SONET), for instance, affords about 10 Gbps of bandwidth.
Wide Area Network (WAN) Encapsulations – With each WAN solution, there is an encapsulation type. Encapsulations wrap an information envelope around your data that is used to transport your data traffic. If you use leased line as your wide-area networking choice, you can encapsulate your data inside a High-Level Data-Link Control (HDLC) frame, PPP frame, or Serial Line IP (SLIP) frame. For packet-switched networks, you can encapsulate or package your data in X.25 frames, Frame Relay, or Asynchronous Transfer Mode (ATM) frames.
1. Point-to-Point Protocol (PPP)
– Industry standard
– Multilink PPP
– Authentication
2 Types of Point-to-Point Protocol Authentication
1. Password Authentication Protocol (PAP) – PAP goes through a two-way handshake process. In this process, the source sends its username (or hostname) and password, in clear text, to the destination. The destination compares this information with a list of locally stored usernames and passwords. If it finds a match, the destination sends back an accept message. If it doesn’t find a match, it sends back a reject message.
2. Challenge Handshake Authentication Protocol (CHAP) – CHAP uses a three-way handshake process to perform the authentication. The source sends its username (not its password) to the destination. The destination sends back a challenge, which is a random value generated by the destination. used by the source to find the appropriate password to use for authentication Both sides then take the source’s username, the matching password, and the challenge and run them through the MD5 hashing function. The source then takes the result of this function and sends it to the destination. The destination compares this value to the hashed output that it generated—if the two values match, then the password used by the source must have been the same as was used by the destination, and thus the destination will permit the connection
Configuring PPP Authentication Type:
R1#conf t
R1(config)#interface serial 0/1
!To use Password Authentication Protocol (PAP)
ppp authentication pap
!To use Challenge Handshake Authentication Protocol (CHAP)
ppp authentication chap
!To use PAP first, then if it fails, use CHAP
ppp authentication pap chap
!To use CPAP first, then if it fails, use PAP
ppp authentication chap pap
exit
sample:
R1:
conf t
username R2 password cisco
interface s0/0
encapsulation ppp
ppp authentication pap
ppp pap sent-username R1 password cisco
end
R2:
conf t
username R1 password cisco
interface s0/0
encapsulation ppp
ppp authentication pap
ppp pap sent-username R2 password cisco
end
2 High-Level Data Link Control(HDLC)
– Cisco proprietary
– default encapsulation type on all cisco serial interfaces
3. Frame-Relay
First Hop Redundancy Protocol (FHRP)
1. Hot Standby Router Protocol (HSRP)
– Cisco proprietary protocol
Scenario:
virtual IP: 192.168.10.3
R1 is the main router
R2 is the backup router
Note: HSRP and VRRP is configured on the router interface that supposedly has the default gateway IP address
R1#conf t
R1(config)#interface fa0/0
R1(config-if)#standby 1 ip 192.168.10.3 – we need to configure the HSRP Group and the HSRP virtual IP address. Use group#1 and virtual IP 192.168.10.3
R1(config-if)#standby 1 priority 120 – HSRP priority by default is 100, higher priority is the main router. Configure R1 with 120 priority value.
R1(config-if)#standby 1 preempt – use preemption for R1 to make sure it is the main when turned on
R1(config-if)#no shut
R1(config-if)#end
R1#
verify using:
R1#show standby
note:in Hot Standby Router Protocol (HSRP), the main router is the active router. In HSRP, the middle mac address is always “.0c07.”
R2#conf t
R2(config)#interface fa0/0
R2(config-if)#standby 1 ip 192.168.10.3
R2(config-if)#no shut
R2(config-if)#end
R2#
verify using:
R2#show standby
Note: In Hot Standby Router Protocol (HSRP), the main router the backup router is the standby router
2. Virtual Router Redundancy Protocol (VRRP)
– Industry standard
Virtual Router Redundancy Protocol (VRRP) Configuration:
Scenario
Virtual IP address – 192.168.10.50
R1 is the main router
R2 is the backup router
R1#conf t
R1(config)#interface fa0/0
R1(config-if)# vrrp ip – we need to configure the VRRP Group # and the virtual IP address
R1(config-if)#vrrp priority – vrrp default is 100, we need to set a higher priority for the main router R1
R1(config-if)#vrrp preempt – the parameter preempt allows the selected to be the main router when powered on
R1(config-if)#no shut
R1(config-if)#end
R1
Example:
R1#conf t
R1(config)#interface fa0/0
R1(config-if)#vrrp 1 ip 192.168.10.50
R1(config-if)#vrrp 1 priority 120
R1(config-if)#vrrp 1 preempt
R1(config-if)#no shut
R1(config-if)#end
R1#
verify using:
R1#show vrrp
note:in Virtual Router Redundancy Protocol(VRRP), the main router is the master router and the backup router is the backup router. the middle mac address value is “.5e00.”
R2#conf t
R2(config)#interface fa0/0
R2(config-if)#vrrp 1 ip 192.168.10.50
R2(config-if)#no shut
R2(config-if)#end
R2#
verify using:
R1#show vrrp
3. Gateway Load Balancing Protocol (GLBP)
-Cisco proprietary protocol
Cisco Discovery Protocol (CDP)
R1#show cdp neighbors – shows neighboring cisco network devices
R1#show cdp neighbors detail -shows neighboring cisco network devices with detailed information
2 Types of Virtual Circuits
1. Permanent Virtual Circuit (PVC)
-like leased line, always on
2. Switched Virtual Circuit (SVC)
-like DSL, on demand
2 Types of Frame Relay Implementations
1. Multipoint
-one network address for all PVCs
-has split horizon issues
2. Point-to-point
-one network address per PVC
-no split horizon issues
A data link connection identifier (DLCI) is a Frame Relay 10 bit wide link-local virtual circuit identifier used to assign frames to a specific PVC or SVC. It operates at layer 2 data link layer.
Local Management Interface(LMI)
Frame-Relay Lab Command Configuration:
R1#conf t
R1(config)#interface serial 0/0
R1(config-if)#encapsulation frame-relay – initialize the interface for frame-relay
R1(config-if)#no ip address – no ip address for the initialized interface for frame-relay
R1(config-if)#no shut
R1(config-if)#exit
R1(config)#interface serial 0/0.30 point-to-point
R1(config-subif)#ip address 10.0.0.2 255.255.255.0
R1(config-subif)#frame-relay interface-dlci 102
R1(config-fr-dlci)#end
R1#
verify using:
R1#show ip int brief
3 Switch modes
1.Trunk- switch to router, switch to switch
2. Access – switch to end device
3. Dynamic – auto, desirable
General Switch Configurations:
1. Hostname
2. Enable password
3. Line Console Login and Password
4. Line VTY 0 4 Login and Password
5. Interface VLAN 1 IP address
-Management VLAN
-Self IP Address of the switch
example:
SW1:
conf t
interface vlan 1
ip address 192.168.1.2 255.255.255.0
no shut
exit
VERIFY: SW1#show ip interface brief
SW1#show ip int brief | inc Vlan
6. SWITCHPORT MODES
3 MODES
1. TRUNK
2. ACCESS
3. DYNAMIC
==> AUTO
==> DESIRABLE
SYNTAX:
! TO MAKE AN INTERFACE A TRUNK INT
conf t
interface fa0/2
switchport mode trunk
exit
! TO MAKE AN INT AN ACCESS PORT
conf t
interface fa0/5
switchport mode access
exit
! TO MAKE AN INTERFACE A DYNAMIC AUJTO/DESIRABLE
conf t
interface fa0/5
switchport mode dynamic auto
switchport mode dynamic desirable
exit
VERIFY: #SHOW INTERFACE FA0/2 SWITCHPORT
TO VIEW ALL ACTIVE TRUNKS ON A SWITCH
#show interfaces trunk
#show interface status
DEFAULT CONFIGURATION SWITCH INTERFACES
interface fa0/5
switchport mode dynamic auto/desirable
speed auto
duplex auto
exit
7. IP DEFAULT GATEWAY
==> IP ADDRESS OF THE ROUTER THAT HAS THE SAME NETWORK ADDRESS AS THE SWITCH VLAN 1 IP ADDRESS
SW1 SW2
conf t
ip default-gateway 192.168.1.1
exit
8. SWITCHPORT SECURITY
SCENARIO: ALLOW ONLY 1 COMPUTER TO BE CONNECTED ON PORT F0/5 OF SW1, IF A VIOLATION OCCURS, SHUTDOWN THE PORT
NOTE: SWITCHPORT SECURITY, CAN ONLY BE CONFIGURED ON HARD CODED ACCESS PORTS, NEVER ON TRUNK PORTS, NEVER ON DYNAMIC PORTS..
SW1:
conf t
default interface range fa0/5 – 8
!
interface fa0/5
! WE NEED TO MAKE THIS INT AN ACCESS PORT FIRST
switchport mode access
!
! WE NEED TO ENABLE THE SWITCHPORT SECURITY FUNCTION ! ! FIRST
!
switchport port-security
!
! WE NEED TO CONFIGURE WHAT IS THE MAXIMUM NUMBER OF ! MAC ADDRESSES TO BE LEARNED ON THIS PORT
!
switchport port-security maximum 1
!
! WE NEED TO CONFIGURE WHAT WILL HAPPEN IF A VVIOALTION ! OCCURS
! OPTIONS: SHUTDOWN, RESTRICT, PROTECT
! SHUTDOWN ==> SHUTS DOWN THE PORT
! RESTRICT AND PROTECT ==> DROPS THE FRAMES
! RESTRICT ==> DROPS FRAMES, SENDS LOGS
! PROTECT ==> DROPS FRAMES, DOES NOT SEND LOGS
!
switchport port-security violation shutdown
exit
VERIFY: #SHOW PORT-SECURITY
CONFIGURING A DYNAMICALLY LEARNED MAC ADDRESS FOR PORT SECURITY
conf t
interface fa0/5
switchport port-security mac-address sticky
exit
VLANS
2 WAYS TO CONFIGURE
1. VLAN CONFIGURATION MODE WAY
==> IS SUPPORTED BY NEWER CISCO SWITCHES
==> EXAMS
2. VLAN DATABASE MODE WAY
==> IS SUPPORTED BY OLDER/LEGACY SWITCHES
==> GNS3
VLAN CONFIGURATION MODE WAY:
conf t
vlan 10
name IT
exit
VLAN DATABASE MODE WAY
enable
vlan database
vlan 10 name IT
exit
HOW TO ASSIGN PORTS TO VLANS??
NOTE: WE CAN ONLY ASSIGN ACCESS PORTS TO VLANS, NEVER TRUNK PORTS.
KASI, PAG ANG ISANG INTERFACE, AY MINEMBER MO SA ISANG VLAN, UNG INTERFACE NA UN WILL ONLY RECEIVE BROADCASTS FROM THAT VLAN ONLY..
TRUNK PORTS, ARE INTERCONNECTION POOINTS PAPUNTANG IBANG SWITCH, TRUNK PORTS SHOULD RECEIVE BROADCASTS FROM ALL VVLANS.. SO HINDI MO SYA PEDENG I-ASSIGN SA ISANG VLAN LANG.
ACTUALLY, A NG ISANG TRUNK PORT AY MEMBER NG LAHAT NG VLAN..
SW1:
conf t
interface fa0/4
! WE NEED TO MAKE THIS INTERFACE AN ACCESS PORT FIRST
switchport mode access
! TO ASSIGN THIS INTERFACE TO A VLAN
! switchport access vlan
! TO ASSIGN THIS INTERFACE TO VLAN 10
!switchport access vlan 10
no shut
exit
FOR SIMILAR COMMANDS OVER A RANGE OF PORTS, WE CAN USE THE INTERFACE RANGE COMMAND
SW1:
conf t
interface range f0/4 – 5
switchport mode access
switchport access vlan 10
no shut
exit
VERIFY: #SHOW VLAN ==> REAL SWITCHES
#SHOW VLAN-SWITCH ==> GNS3
Virtual Trunking Protocol (VTP) – Cisco proprietary
3 VTP modes
1. Server – default VTP mode, can add, can edit, can delete VLANs.
2. Client – No add, no edit, no delete VLANs
3. Transparent-can add, can edit, can delete VLANs, config revision number is always zero.
VTP CONFIGURATION
SCENARIO:
SW1 = SERVER
SW2 = CLIENT
VTP DOMAIN ==> mydomain
VTP PASSWORD ==> mypass
VLAN CONFIGURATION MODE WAY
conf t
! TO MAKE THIS A SERVER
vtp mode server
! TO MAKE THIS A VTP CLIENT
vtp mode client
! TO MAKE THIS VTP TRANSPARENT
vtp mode transparent
! TO CONFIGURE THE DOMAIN NAME
vtp domain mydomain
! TO CONFIGURE THE PASSWORD
vtp password mypass
exit
VERIFY: #show vtp status
#show vtp password VLAN CONFIGURATION MODE WAY
conf t
! TO MAKE THIS A SERVER
vtp mode server
! TO MAKE THIS A VTP CLIENT
vtp mode client
! TO MAKE THIS VTP TRANSPARENT
vtp mode transparent
! TO CONFIGURE THE DOMAIN NAME
vtp domain mydomain
! TO CONFIGURE THE PASSWORD
vtp password mypass
exit
VERIFY: #show vtp status
#show vtp password
VTP DATABASE MODE WAY
enable
vlan database
vtp server
vtp client
vtp transparent
vtp domain mydomain
vtp password mypass
exit
#show vlan brief
conf t
vlan 54
name test54
exit
=====
NOTE: ONLY VLAN NAMES ARE PROPAGATED ON A VTP UPDATE, PORT ASSIGNMENTS SHOYULD BE DOONE MANUALLY
SW2:
conf t
interface range f0/3 – 4
switchport mode access
switchport access vlan 10
no shut
exit
interface range f0/5 – 6
switchport mode access
switchport access vlan 20
no shut
exit
interface fa0/7
switchport mode access
switchport access vlan 30
no shut
exit
VERIFY: #show vlan brief
Trunking Encapsulation
1. Interswitch Link (ISL) – Cisco proprietary
2. 8
CONFIGURING TRUNKING ENCAPSULATIONS
2 T YPES
1. ISL
2. 802.1Q / DOT1Q
SW1:
conf t
interface fa0/3
switchport mode trunk
switchport trunk encapsulation dot1q
exit
VERIFY: #SHOW INT F0/3 SWITCHPORT
INTERVLAN ROUTING / ROUTER-ON-A-STICK CONFIG
R1:
conf t
! WE NEED TO INITIALIZE THE NANAY INTERFACE FIRST
interface fa0/0
no ip address
no shut
exit
interface fa0/0.1
! WE NEED TO INFORM THE ROUTER WHICH TRUNKING ! ENCAPSULATION TO USE 802.1Q/ISL, AND ASSIGGN THIS ! SUBINT TO A VLAN FIRST
!
! encapsulation dot1q
!
! TO ASSIGN THIS SUBINT TO VLAN 1
!
encapsulation dot1q 1
!
ip address 192.168.1.1 255.255.255.0
exit
TESTING:
FROM R1, PING SW1
R1#ping 192.168.1.2
R1#ping 192.168.1.3
R1:
conf t
interface fa0/0.10
encapsulation dot1q 10
ip address 192.168.10.1 255.255.255.0
exit
interface fa0/0.20
encapsulation dot1q 20
ip address 192.168.20.1 255.255.255.0
exit
VERIFY: #SHOW IP INT BRIEF
MULTILAYER SWITCHING LAB
SW1:
enable
conf t
hostname SW1
!
CONFIGURE TRUNKING FIRST ON SW1
SW1:
conf t
interface range fa1/2 – 3
switchport mode trunk
switchport trunk encapsulation dot1q
no shut
exit
CONFIGURE VLANS
SW1:
enable
vlan database
vlan 10
vlan 20
vlan 30
vlan 40
exit
VERIFY: #show vlan-switch
L3SW:
enable
conf t
hostname L3SW
!
CONFIGURE TRUNKING ON L3SW
L3SW:
conf t
interface range fa1/2 – 3
switchport mode trunk
switchport trunk encapsulation dot1q
no shut
exit
VERIFY: #SHOW INTERFACES TRUNK
CONFIGURE VLANS
L3SW:
enable
vlan database
vlan 10
vlan 20
vlan 30
vlan 40
exit
VERIFY: #SHOW VLAN-SWITCH
CONFIGURE THE SVIs ON L3SW
L3SW:
conf t
interface vlan 1
ip address 192.168.1.1 255.255.255.0
no shut
exit
interface vlan 10
ip address 192.168.10.1 255.255.255.0
no shut
exit
interface vlan 20
ip address 192.168.20.1 255.255.255.0
no shut
exit
interface vlan 30
ip address 192.168.30.1 255.255.255.0
no shut
exit
interface vlan 40
ip address 192.168.40.1 255.255.255.0
no shut
exit
VERIFY: #show ip int brief | inc Vlan
NOTE: SERV1 IS A MEMBER OF VLAN 10
WE NEED TO CONFIGURE SW1 PARA UNG F1/0 NYA (INTERFACE KUNG SAAN NAKADIKIT SI SERV1) DAPAT MEMBER NG VLAN 10
SW1:
conf t
interface fa1/0
switchport mode access
switchport access vlan 10
no shut
exit
VERIFY: #SHOW VLAN-SWITCH
SERV1:
enable
conf t
hostname SERV1
!
CONFIGURE THE F0/0 INTERFACE OF SERV1 TO HAVE AN IP ADDRESS THAT IS A MEMBER OF VLAN 10 NETWORK
SERV1:
conf t
interface fa0/0
ip address 192.168.10.2 255.255.255.0
no shut
exit
WE NEED TO CONFIGURE A DEFAULT GATEWAY IP ADDRESS, COUNTERPART SA ROUTER, DEFAULT ROUTE
DEFAULT GW IP ADDRESS ==> 192.168.10.1
SERV1:
conf t
ip route 0.0.0.0 0.0.0.0 192.168.10.1
TESTING: FROM SERV1, PING DEF. GW IP NYA
SERV1:#ping 192.168.10.1
LAGYAN NG IP ADDRESS SI L3SW:
L3SW:
conf t
interface fa1/4
no switchport
ip address 10.0.0.1 255.255.255.0
no shut
exit
VERIFY : #show ip int brief
MAIN:
enable
conf t
hostname MAIN
!
interface fa1/4
no switchport
ip address 10.0.0.2 255.255.255.0
no shut
exit
TESTING:
FROM MAIN, PING L3SW
MAIN#ping 10.0.0.1
WE CAN THEN CONFIGURE ROUTING BETWEEN L3SW AND MAIN ROUTER
L3SW:
conf t
! WE NEED TO ACTIVATE THE IP ROUTING ! FUNCTION FIRST
!
ip routing
!
router eigrp 100
network 192.168.0.0 0.0.255.255
network 10.0.0.0
no auto-summary
exit
MAIN:
conf t
router eigrp 100
network 10.0.0.0
no auto-summary
exit
VERIFY: #SHOW IP ROUTE
TESTING:
FROM MAIN, PING SERV1
MAIN#ping 192.168.10.2
MAIN:
conf t
interface serial 0/0
ip address 20.0.0.1 255.255.255.0
clock rate 128000
no shut
exit
BRANCH:
enable
conf t
hostname BRANCH
!
interface serial 0/0
ip address 20.0.0.2 255.255.255.0
no shut
exit
VERIFY: #show ip int brief
TESTING:
FROM BRANCH, PING MAIN
BRANCH: #ping 20.0.0.1
WE CAN THEN CONFIGURE EIGRP 100
MAIN:
conf t
router eigrp 100
network 20.0.0.0
no auto-summary
exit
BRANCH:
conf t
router eigrp 100
network 20.0.0.0
no auto-summary
exit
VERIFY: #SHOW IP ROUTE
FROM BRANCH, PING SERV1
BRANCH#ping 192.168.10.2
CONFIGURING A DHCP SERVER
DHCP POOL ==> 10network
NETWORK ADDRESS ==> 192.168.10.0/24
DEFAULT GATEWAY ==> 192.168.10.1
DNS SERVER ==> 2.2.2.2
DHCP EXCLUDED ADDRESSES
192.168.10.1 – 192.168.10.9
MAIN:
conf t
! WE NEED TO TURN ON THE DHCP SERVICE
!
service dhcp
!
ip dhcp pool 10network
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 2.2.2.2
exit
! ip dhcp excluded-address
!
ip dhcp excluded-address 192.168.10.1 192.168.10.9
exit
VERIFY: #show ip dhcp pool
TESTING:
SI SERV1 MANGHIHINGI NG IP ADDRESS SA DHCP SERVER
PAKITANGGAL MUNA UNG IP ADDRESS SA F0/0
SERV1:
conf t
interface fa0/0
no ip address
exit
no ip routing
ip routing
exit
VERIFY: #show ip int brief
#show ip route
SI SERV1 AY MANGHIHINGI NG IP ADDRESS SA MAIN
SERV1:
conf t
interface fa0/0
ip address dhcp
no shut
exit
VERIFY: #show ip int brief
>> WE CONFIGURE A DHCP HELPER ADDRESS
DHCP HELPER ADDRESS
==> INFORM A ROUTER/L3SWITCH THAT IF IT RECEIVES A DHCP BROADCAST REQUEST ON AN INTERFACE, TO NOT DROP THE PACKET, INSTEAD, FORWARD THE DHCP BROADCAST REQUEST TO A PREDETERMINED IP ADDRESS OF A DHCP SERVER..
L3SW:
conf t
interface vlan 10
! ip helper-address
!
ip helper-address 10.0.0.2
exit
SERV1#SHOW IP INT BRIEF
SERV1#SHOW IP ROUTE
===
SI SERV2 NAMAN MANGHIHINGI NG IP ADDRESS
MEMBER SYA NG VLAN 20, SO DAPAT UNG INTERFACE NA DINIDIKITAN NYA SA SW1, MEMBER NG VVLAN 20
SW1:
conf t
interface fa1/1
switchport mode access
switchport access vlan 20
no shut
exit
VERIFY:#SHOW VLAN-SWITCH
MAIN:
DHCP POOL ==> 20network
NETWORK ADDRESS ==> 192.168.20.0/24
DEFAULT GW IP ==> 192.168.20.1
DNS SERVER ==> 2.2.2.2
EXCLUDED ADDRESSES ==>
192.168.20.1 – 192.168.20.9
MAIN:
conf t
ip dhcp pool 20network
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 2.2.2.2
exit
ip dhcp excluded-address 192.168.20.1 192.168.20.9
exit
VERIFY: #SHOW IP DHCP POOL
>> CONFIGURE THE HELPER ADDRESS ON L3SW
L3SW:
conf t
interface vlan 20
ip helper-address 10.0.0.2
exit
SERV2:
enable
conf t
hostname SERV2
!
interface fa0/0
ip address dhcp
no shut
exit
VERIFY: #SHOW IP INT BRIEF
TESTING:
FROM SERVV2, PING SERV1
SERV2#ping 192.168.10.10
HRRP AND VRRP
L3SW:
conf t
interface vlan 10
standby 1 ip 192.168.10.5
standby 1 priority 120
standby 1 preempt
exit
interface vlan 20
standby 1 ip 192.168.20.5
standby 1 priority 120
standby 1 preempt
exit
ETHERCHANNEL CONFIGURATION
SW1 L3SW:
conf t
interface range f1/2 – 3
channel-group 1 mode on
exit
PVST CONFIGURATION
PRIMARY ROOT BRIDGE
SW1 => VLAN 10, VLAN 20
SW2 => VLAN 30, VLAN 40
SECONDARY ROOT BRIDGE
SW1 => VLAN 30, VLAN 40
SW2 ==> VLAN 10, VLAN 20
SW1:
conf t
spanning-tree vlan 10 root primary
spanning-tree vlan 30 root secondary
exit
VERIFY: #SHOW SPANNING-TREE VLAN 10
VERIFY: #SHOW ETHERCHANNEL PORT-CHANNEL