CEG 4185: Computer Network Design Lab 3: Configuring VLANs O

School of Information Technology and Engineering (SITE)
CEG 4185: Computer Network Design
Lab 3: Configuring VLANs
Objective
In this lab you will learn to configure VLANS using CISCO Catalyst switches.
Background
The following material is courtesy of the CISCO Manual on Configuring VTP and Virtual LANs,
Chapter 2 of the Catalyst 2900 Series XL Enterprise Edition Software Configuration Guide.
CISCO Virtual Trunk Protocol (VTP)
There are some particular terms that are important to understand before a VLAN can be configured.
The first of these is what is known as VTP or Virtual Trunk Protocol. VTP is a Layer 2 messaging
protocol that maintains VLAN configuration consistency by managing the addition, deletion, and
renaming of VLANs on a network-wide basis. VTP minimizes misconfigurations and configuration
inconsistencies that can cause several problems, such as duplicate VLAN names, incorrect VLAN-type
specifications, and security violations. A VTP domain (also called a VLAN management domain) is
one switch or several interconnected switches sharing the same VTP domain. A switch is configured to
be in only one VTP domain.
When you make a change to the VLAN configuration on a VTP server, the change is propagated to all
switches in the VTP domain. VTP advertisements are transmitted out all trunk connections, including
Inter-Switch Link (ISL), IEEE 802.1Q, IEEE 802.10, and ATM LAN Emulation (LANE).
You can configure a Catalyst 2900 series XL switch to be in one of the following VTP modes:
VTP server---In this mode, you can create, modify, and delete VLANs and specify other configuration
parameters (such as VTP version) for the entire VTP domain. VTP servers advertise their VLAN
configurations to other switches in the same VTP domain and synchronize their VLAN configurations
with other switches based on advertisements received over trunk links.
VTP client---In this mode, VTP clients behave like VTP servers, but you cannot create, change, or
delete VLANs on a VTP client.
VTP transparent---In this mode, VTP transparent switches do not participate in VTP. A VTP
transparent switch does not advertise its VLAN configuration and does not synchronize its VLAN
configuration based on received advertisements. However, transparent switches do forward VTP
advertisements that they receive from other switches. You can create, modify, and delete VLANs.
The following global domain information is distributed in VTP advertisements: VTP domain name,
VTP configuration revision number, Update identity and update timestamp, and MD5 digest. The
Page 1 of 6
following VLAN information is distributed in VTP advertisements for each configured VLAN: VLAN
ID, VLAN name, VLAN type, and VLAN state.
VTP is more crucial when configuring VLANs across multiple switches. It will be used for section B
in the lab.
Virtual LAN Basics
A VLAN is a group of end stations with a common set of requirements, independent of physical
location. VLANs have the same attributes as a physical LAN but allow you to group end stations even
if they are not physically located on the same LAN segment. VLANs on switches limit unicast,
multicast, and broadcast traffic flooding. Flooded traffic originating from a particular VLAN is only
flooded out other ports belonging to that VLAN.
Ports that belong to VLANs are configured with a membership mode that determines what kind of
traffic each port carries and how many VLANs it can belong to. The table below lists the membership
modes and characteristics.
Membership Mode
Static-Access
Multi-VLAN
Dynamic Access
Trunk (ISL or IEEE 802.1Q)
VLAN Membership Characteristics
Port can belong to one VLAN and is manually assigned. This is
the default and simplest VLAN configuration.
Port can belong to up to 64 VLANs and is manually assigned. A
multi-VLAN port cannot be configured when there is a trunk
configured on the switch.
Can belong to one VLAN and is dynamically assigned by a
VLAN Membership Policy Server (VMPS).
A trunk is a member of all VLANs in the VLAN database by
default, but membership can be limited by configuring the
allowed-VLAN list.
Procedure
Two groups should be paired as shown below. Each group will work with 3 workstations and 1 CISCO
Catalyst 2940 switch.
GroupA
Wks
Wks
Wks
Group B
Wks
Wks
Router
Workstation
Wks
Switch
Page 2 of 6
Each group at a work bench (Group A, Group B) will configure their workstations to be on separate
subnets as shown below.
Workstation
Wks 1 (Group A)
Wks 2 (Group A)
Wks 3 (Group A)
Wks 4 (Group B)
Wks 5 (Group B)
Wks 6 (Group B)
IP Address
192.168.1.2
192.168.1.3
192.168.1.4
192.168.10.12
192.168.10.13
192.168.10.14
IP Mask
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
IP Gateway
192.168.1.1
192.168.1.1
192.168.1.1
192.168.10.1
192.168.10.1
192.168.10.1
Use the first 3 ports of the switch to connect the workstations as represented below.
Switch
….
Wks1|4
Wks2|5
Wks3|6
Connecting the Network
In order to make certain that the workstations are talking to each other, it is not necessary to configure
the switch at all. Just simply connect your workstation’s Ethernet cable into the appropriate switch’s
port and after setting up the static IP addresses of the workstations you should be able to Ping any of
the workstations connected to the switch. Do this and confirm that you can PING all the workstations.
Configuring the Switch
In order to allow any workstation to be able to configure a switch you can enable telnet access to a
switch by first configuring its default IP address and setting up a password for telnet access. Connect
one of the workstation’s serial communication cable to the switch’s console port and do the following.
Configuring the switch’s IP address
switch> enable
switch # conf t
switch(config)# int vlan1
switch(config-if)# ip address ip-address mask
switch(config-if)# exit
switch(config)# exit
switch # show int vlan1
Go to privileged EXEC mode
Enter into terminal configuration mode
Configure interface VLAN1 (Default Interface)
Set the switches IP address
Exit the interface level
Exit the configuration level
Verify the IP address
Configure the switch’s IP address to be 192.168.1.100 for Group A and 192.168.10.100 for Group B.
Page 3 of 6
Section A: Creating a Static-Access VLAN on a switch
Configuring the switch for VLANs
Each VLAN has a unique, four-digit ID that can be a number from 1 to 1001. To add a VLAN to the
VLAN database, assign a number and name to the VLAN. If you do not specify the VLAN type, the
VLAN is an Ethernet VLAN. To add a VLAN, perform this task from privileged EXEC mode:
switch> enable
switch # vlan database
switch(vlan)# vlan vlan-id name vlan-name
switch(vlan)# exit
switch # show vlan name vlan-name
Go to privileged EXEC mode
Enter VLAN configuration mode
Add a VLAN and assign a number and name to it
Exit the VLAN set up
Verify the VLAN configuration
1. For Group A configure a VLAN with the vlan-id of 20 and give it the vlan-name of “groupA”
while for Group B configure a VLAN with the vlan-id of 30 and give it the vlan-name of
“groupB”.
Now it is time to assign Static-Access Ports to a VLAN. You will assign the first 2 ports of the switch
to the VLAN that you defined previously. A static-access port belongs to one VLAN only.
switch> enable
switch # conf t
switch(config)# interface interface-id
switch(config-if)# switchport mode access
switch(config-if)# switchport access vlan
vlan-id
switch(config-if)# exit
switch(config)# exit
switch # show interface interface-id
switchport
Go to privileged EXEC mode
Enter into terminal configuration mode
Enter interface configuration for interface-id
Define the VLAN membership mode for this port
Assign the port to the VLAN
Exit the interface level
Exit the configuration level
Verify the VLAN configuration.
2. Configure ports 1 and 2 on the switch to belong to the VLAN you created in question 2.
3. Notice that only ports 1 & 2 were configured to be part of the VLAN. On each terminal you can
view the ARP table by typing the command on a DOS window arp –a.
4. Erase the ARP table on the workstations by entering the command arp –d *. Check to make certain
all the ARP values are empty. Now try to ping Wks3|6 from the others or vice versa. You will
notice that it won’t work.
Section B: Configuring VLAN Trunks
In this part of the lab you will investigate how you can connect the 2 switches and define a common
VLAN across the switches. A trunk is a point-to-point link that transmits and receives traffic between
switches or between switches and routers. Trunks carry the traffic of multiple VLANs and can extend
VLANs across an entire network. 100BaseT and Gigabit Ethernet trunks use Cisco ISL or industrystandard IEEE 802.1Q to carry traffic for multiple VLANs over a single link.
Page 4 of 6
Choose one of unused and non-static ports on the switch to be a trunk (perhaps the last port on the
switch). The following commands are used to configure a port to be a trunk.
switch> enable
switch # conf t
switch(config)# interface interface-id
switch(config-if)# switchport mode trunk
switch(config-if)# exit
switch(config)# exit
switch # show interface interface-id
switchport
Go to privileged EXEC mode
Enter into terminal configuration mode
Enter interface configuration for interface-id
Define the VLAN membership mode for this port
as trunk
Exit the interface level
Exit the configuration level
Verify the VLAN configuration.
5. Configure the last port on your switch to support 802.1Q trunking. It is now necessary to define the
allowed VLANs on the trunk. The following commands are used to define which VLANs that will
be supported on the trunk that you defined previously. That means you need to configure the
interface that you defined as the trunk.
switch> enable
switch # conf t
switch(config)# interface interface-id
switch(config-if)# switchport mode trunk
Go to privileged EXEC mode
Enter into terminal configuration mode
Enter interface configuration for interface-id
Define the VLAN membership mode for this port
as trunk
switch(config-if)# switchport trunk allowed Define the VLANs that are not allowed to
vlan remove vlan-list
transmit and receive on the port. The
vlan-list parameter is a range of VLAN IDs
separated by a hyphen or specific VLAN
IDs separated by commas.
switch(config-if)# switchport trunk allowed Define the VLANs that are allowed to
vlan add vlan-list
transmit and receive on the port.
switch(config-if)# exit
Exit the interface level
switch(config)# exit
Exit the configuration level
switch # show interface interface-id Verify the VLANs allowed to transmit on the trunk.
switchport
6. By default, all VLANs, 1 to 1005, are allowed on each trunk. To restrict the traffic a trunk carries,
use the remove vlan-list parameter to remove specific VLANs from the allowed list. Configure the
trunk to only support the VLANs 20 & 30 that were defined by Groups A & B. Don’t forget that
you are going to try to support the VLAN defined by the other group as well.
At this point each group will need to configure a new VLAN that corresponds to the VLAN number
of the other group and add 2 unused ports from the switch to this VLAN. A diagram of the
configuration that you need to build is represented below. Note: Notice that workstations 3 & 6 have
now been connected to the switch of the other group. The alternative is to keep them on your switch
and interchange their IP addresses so that they are configured to the proper subnet of the
corresponding VLAN.
Page 5 of 6
TRUNK
Wks1
Switch A
Switch B
….
….
Wks2
Wks6
VLAN 30
Wks4
Wks5
Wks3
VLAN 20
7. Erase the ARP tables on the workstations by entering the command arp –d *. Check to make
certain all the ARP values are empty. Now try to ping the workstations in your VLAN and confirm
that you can PING the workstations in the same VLAN and cannot PING those that are not on the
same VLAN. Show to the TA that you have been able to do this to the TA.
Questions
1. When you verify the VLAN configuration (step 1), what is printed out to confirm that the VLAN
was created?
2. What is the output that confirms the ports have been assigned properly (step 2)?
3. What do you see when you type “arp –a” from a workstation (step 3)?
4. Explain why the Ping command is not successful in section step 4?
5. What statements in step 6 confirm that the said VLANS are now supported?
6. In theory, is it possible to connect 2 switches representing 2 different subnets physically using an
Ethernet cable in effect creating 2 subnets on one LAN segment? This would mean that hosts on
one subnet cannot communicate with the other but IP broadcasts from one subnet are heard by the
other subnet. If this can be done, why do we then bother with VLANS and not use this solution?
Page 6 of 6
Download PDF