Lab Topology

You work for a medium-sized IT consultancy firm as a network administrator.

You have recently taken on a new customer, who is building a new office, and needs the network designed and configured.

A network engineer has designed this topology:

A junior staff member has visited the new building, installed the hardware, configured host names and interface descriptions, and connected all links.

 

Lab Files

Part 1 (Initial Config) Part 1 (Initial)
Part 1 (Completed) Part 1 (Completed)
Part 2 Part 2

See general lab information to get started.

 


Scenario #1 – Configuration

The network designer has shown you the topology listed above, and has asked that you complete the configuration.

To do this, they have asked that you complete the tasks below.

Basic Setup

  • Verify or set VTP mode to transparent
  • Confirm that the interface descriptions are set; You can change them if you feel that they are inaccurate
  • Verify that each switch is learning the MAC addresses of the other three switches
  • Enable both CDP and LLDP between all switches

 

VLAN Config

  • Configure four VLANs
    • 110 – Workstations
    • 115 – Voice
    • 120 – Servers
    • 50 – Management
  • Configure all inter-switch links as trunk links
    • Links between SW04/SW02, as well as SW04/SW03 should by dynamic
    • Limit the VLANs on these trunks to the four created earlier
  • Change the native VLAN to 22 between all switches
  • Configure workstation and server interfaces as access ports
    • Assign these ports to the appropriate VLANs

 

Device Management

  • Configure an ‘in-band’ management IP for each switch
    • This should be in the 172.16.50.0 /24 range

 

Solution

Basic Setup

To verify VTP, we can use show vtp status. You will notice that these switches are in the Server operating mode.

We need to change this in configuration mode on all switches:

SW01(config)#vtp mode transparent 
Setting device to VTP Transparent mode for VLANS.

 

We can show the interface descriptions with show interfaces description

SW04#show interfaces description 
Interface Status Protocol Description
Gi0/0 up up Link 1 to SW02
Gi0/1 up up Link 2 to SW02
Gi0/2 up up Link 1 to SW03
Gi0/3 up up Link 2 to SW03
Gi1/0 up up Link to SW01
Gi1/1 up up Servers
Gi1/2 up up Servers
Gi1/3 up up Servers

 

You can check that the MAC addresses of each switch is being learned by using show mac address-table

SW03#show mac address-table 
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
1 5254.0004.2469 DYNAMIC Gi0/0
1 5254.0004.6545 DYNAMIC Gi0/0
1 5254.0006.1f03 DYNAMIC Gi0/1
1 5254.0011.9137 DYNAMIC Gi0/0
1 5254.0015.ec87 DYNAMIC Gi0/0
1 5254.001a.ad8c DYNAMIC Gi0/0
1 5254.001c.4c54 DYNAMIC Gi0/0
1 5254.001e.7902 DYNAMIC Gi0/0
Total Mac Addresses for this criterion: 8

Your results may be different to what I’ve shown here, as your lab will generate different MAC addresses.

If you’d like to quickly see which MAC addresses are on each switch, use this command:

SW03#show interfaces | include address
Hardware is iGbE, address is 5254.0016.9cf6 (bia 5254.0016.9cf6)
Hardware is iGbE, address is 5254.001c.1858 (bia 5254.001c.1858)
Hardware is iGbE, address is 5254.001a.ad8c (bia 5254.001a.ad8c)
Hardware is iGbE, address is 5254.001e.7902 (bia 5254.001e.7902)
Hardware is iGbE, address is 5254.0013.4196 (bia 5254.0013.4196)
Hardware is iGbE, address is 5254.001e.fa19 (bia 5254.001e.fa19)
Hardware is iGbE, address is 5254.0013.44a3 (bia 5254.0013.44a3)
Hardware is iGbE, address is 5254.0005.9c1a (bia 5254.0005.9c1a)

 

Let’s quickly check if CDP and LLDP are already enabled:

SW02#show cdp
Global CDP information:
Sending CDP packets every 60 seconds
Sending a holdtime value of 180 seconds
Sending CDPv2 advertisements is enabled
SW02#
SW02#show lldp
% LLDP is not enabled

Here we can see that CDP is enabled, but LLDP is not. We can easily enable LLDP with lldp run.

Once they’re running, we can use various show cdp and show lldp commands.

SW01#show cdp neighbors 
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID Local Intrfce Holdtme Capability Platform Port ID
SW04 Gig 0/1 160 R S I Gig 1/0
SW02 Gig 0/0 138 R S I Gig 0/3
SW03 Gig 0/2 163 R S I Gig 0/0

Total cdp entries displayed : 3

 

SW01#show lldp neighbors 
Capability codes:
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other

Device ID Local Intf Hold-time Capability Port ID
SW03 Gi0/2 120 R Gi0/0
SW04 Gi0/1 120 R Gi1/0
SW02 Gi0/0 120 R Gi0/3

Total entries displayed: 3

 

VLAN Configuration

Firstly, create the VLANs

SW04(config)#vlan 110
SW04(config-vlan)#name Workstations
SW04(config-vlan)#vlan 115
SW04(config-vlan)#name Voice
SW04(config-vlan)#vlan 120
SW04(config-vlan)#name Servers
SW04(config-vlan)#vlan 50
SW04(config-vlan)#name Management

 

We can configure the trunks, and allow the VLANs in one process:

SW01(config)#int gi0/0
SW01(config-if)#switchport trunk encapsulation dot1q
SW01(config-if)#switchport mode trunk
SW01(config-if)#switchport trunk allowed vlan 110,115,120,50

To do this dynamically:

SW03(config-if)#int gi0/3
SW03(config-if)#switchport trunk encapsulation dot1q
SW03(config-if)#switchport mode dynamic desirable
SW03(config-if)#switchport trunk allowed vlan 110,115,120,50

And to verify that this is working:

SW04#show interfaces trunk

Port Mode Encapsulation Status Native vlan
Gi0/0 desirable 802.1q trunking 1
Gi0/1 desirable 802.1q trunking 1
Gi0/2 desirable 802.1q trunking 1
Gi0/3 desirable 802.1q trunking 1
Gi1/0 on 802.1q trunking 1

 

To change the native VLAN to 22, we first need to create VLAN 22:

SW04(config)#vlan 22
SW04(config-vlan)#name Native VLAN

Then, we change the native VLAN on each trunk link:

SW01(config)#int gi0/0
SW01(config-if)#switchport trunk native vlan 22

 

Now to configure the workstation access ports:

SW01(config)#interface range gi1/1-3
SW01(config-if-range)#switchport mode access
SW01(config-if-range)#switchport access vlan 110

And the servers:

SW04(config)#interface range gi1/1-3
SW04(config-if-range)#switchport mode access
SW04(config-if-range)#switchport access vlan 120

 

Device Management

Setting a management IP is something that we haven’t covered yet in this series.

In this case we can create a vlan interface, and assign an IP to it:

SW01(config)#interface vlan 50
SW01(config-if)#
*Feb 22 05:48:17.130: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan50, changed state to down
SW01(config-if)#ip address 172.16.50.1 255.255.255.0
SW01(config-if)#no shut

There’s a couple of things to notice here. Firstly, when the interface is created, it transitions to the down state, and doesn’t come up. Why does this happen? Because the interface is shutdown by default. That’s why we issue the no shut command.

Second, the subnet mask is 255.255.255.0. This corresponds to /24. If you’re not familiar with that, then maybe have a quick review of the fundamentals series.

 

We can verify this config by pinging the other switches:

SW02#ping 172.16.50.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.50.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 4/4/5 ms

 

You might wonder why the first of the five pings fails. This is because the switch is using ARP to find the MAC that corresponds with this IP.

Cisco IOS has a very short ping timeout, so the first ping fails before the ARP process completes.

 


Scenario #2

Within the first week of this network going live, one of your customer’s employees has made some changes and broken the network.

You have been called in to find the problems and fix them.

The listed problems are:

  • SW01 cannot be managed on it’s management IP
  • Phones connected to SW01 do not work
  • Untagged packets cannot flow through SW04
  • The link between SW02 and SW04 is not working
  • The link between SW02 and SW03 is not working
  • The link between SW03 and SW04 is not working
  • None of the servers can be accessed

 

Solution

Here is a checklist that you can use when troubleshooting basic switching issues:

  • Is the VLAN defined on all the switches that need it?
  • Is the VLAN allowed on all interfaces that need it?
  • When trunk links are involved, are both ends trunking?
  • Is the native VLAN the same on both ends?

 

If you can’t work out the issues from that, here is a list of what’s broken:

SW01

  • VLAN 115 is shut down – This prevents the phones working
  • VLAN 50 is not defined – This prevents the switch from being managed

 

SW02

  • Native VLAN is 1 on all trunk links – The other switches use VLAN 22
  • DTP to SW04 is dynamic auto – This is part of the reason the links are not working

 

SW03

  • gi0/1 is shutdown – This is why the link is not working

 

SW04

  • Server VLAN has been pruned on all trunks – This is why servers are not accessible
  • DTP to SW02 is set to dynamic auto – This is the other part of the reason the trunk link is not working (auto on both ends)
  • DTP to SW03 is not configured, trunking is manually configured – This is a mismatch in settings