You work for a medium-sized IT consultancy firm as a network administrator.
You have recently taken on a new customer, who is building a new office, and needs the network designed and configured.
A network engineer has designed this topology:
A junior staff member has visited the new building, installed the hardware, configured host names and interface descriptions, and connected all links.
|Part 1 (Initial Config)||Part 1 (Initial)|
|Part 1 (Completed)||Part 1 (Completed)|
|Part 2||Part 2|
See general lab information to get started.
Scenario #1 – Configuration
The network designer has shown you the topology listed above, and has asked that you complete the configuration.
To do this, they have asked that you complete the tasks below.
- Verify or set VTP mode to transparent
- Confirm that the interface descriptions are set; You can change them if you feel that they are inaccurate
- Verify that each switch is learning the MAC addresses of the other three switches
- Enable both CDP and LLDP between all switches
- Configure four VLANs
- 110 – Workstations
- 115 – Voice
- 120 – Servers
- 50 – Management
- Configure all inter-switch links as trunk links
- Links between SW04/SW02, as well as SW04/SW03 should by dynamic
- Limit the VLANs on these trunks to the four created earlier
- Change the native VLAN to 22 between all switches
- Configure workstation and server interfaces as access ports
- Assign these ports to the appropriate VLANs
- Configure an ‘in-band’ management IP for each switch
- This should be in the 172.16.50.0 /24 range
To verify VTP, we can use show vtp status. You will notice that these switches are in the Server operating mode.
We need to change this in configuration mode on all switches:
SW01(config)#vtp mode transparent
Setting device to VTP Transparent mode for VLANS.
We can show the interface descriptions with show interfaces description.
SW04#show interfaces description
Interface Status Protocol Description
Gi0/0 up up Link 1 to SW02
Gi0/1 up up Link 2 to SW02
Gi0/2 up up Link 1 to SW03
Gi0/3 up up Link 2 to SW03
Gi1/0 up up Link to SW01
Gi1/1 up up Servers
Gi1/2 up up Servers
Gi1/3 up up Servers
You can check that the MAC addresses of each switch is being learned by using show mac address-table
SW03#show mac address-table
Mac Address Table
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 5254.0004.2469 DYNAMIC Gi0/0
1 5254.0004.6545 DYNAMIC Gi0/0
1 5254.0006.1f03 DYNAMIC Gi0/1
1 5254.0011.9137 DYNAMIC Gi0/0
1 5254.0015.ec87 DYNAMIC Gi0/0
1 5254.001a.ad8c DYNAMIC Gi0/0
1 5254.001c.4c54 DYNAMIC Gi0/0
1 5254.001e.7902 DYNAMIC Gi0/0
Total Mac Addresses for this criterion: 8
Your results may be different to what I’ve shown here, as your lab will generate different MAC addresses.
If you’d like to quickly see which MAC addresses are on each switch, use this command:
SW03#show interfaces | include address
Hardware is iGbE, address is 5254.0016.9cf6 (bia 5254.0016.9cf6)
Hardware is iGbE, address is 5254.001c.1858 (bia 5254.001c.1858)
Hardware is iGbE, address is 5254.001a.ad8c (bia 5254.001a.ad8c)
Hardware is iGbE, address is 5254.001e.7902 (bia 5254.001e.7902)
Hardware is iGbE, address is 5254.0013.4196 (bia 5254.0013.4196)
Hardware is iGbE, address is 5254.001e.fa19 (bia 5254.001e.fa19)
Hardware is iGbE, address is 5254.0013.44a3 (bia 5254.0013.44a3)
Hardware is iGbE, address is 5254.0005.9c1a (bia 5254.0005.9c1a)
Let’s quickly check if CDP and LLDP are already enabled:
Global CDP information:
Sending CDP packets every 60 seconds
Sending a holdtime value of 180 seconds
Sending CDPv2 advertisements is enabled
% LLDP is not enabled
Here we can see that CDP is enabled, but LLDP is not. We can easily enable LLDP with lldp run.
Once they’re running, we can use various show cdp and show lldp commands.
SW01#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
SW04 Gig 0/1 160 R S I Gig 1/0
SW02 Gig 0/0 138 R S I Gig 0/3
SW03 Gig 0/2 163 R S I Gig 0/0
Total cdp entries displayed : 3
SW01#show lldp neighbors
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Intf Hold-time Capability Port ID
SW03 Gi0/2 120 R Gi0/0
SW04 Gi0/1 120 R Gi1/0
SW02 Gi0/0 120 R Gi0/3
Total entries displayed: 3
Firstly, create the VLANs
We can configure the trunks, and allow the VLANs in one process:
SW01(config-if)#switchport trunk encapsulation dot1q
SW01(config-if)#switchport mode trunk
SW01(config-if)#switchport trunk allowed vlan 110,115,120,50
To do this dynamically:
SW03(config-if)#switchport trunk encapsulation dot1q
SW03(config-if)#switchport mode dynamic desirable
SW03(config-if)#switchport trunk allowed vlan 110,115,120,50
And to verify that this is working:
SW04#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Gi0/0 desirable 802.1q trunking 1
Gi0/1 desirable 802.1q trunking 1
Gi0/2 desirable 802.1q trunking 1
Gi0/3 desirable 802.1q trunking 1
Gi1/0 on 802.1q trunking 1
To change the native VLAN to 22, we first need to create VLAN 22:
SW04(config-vlan)#name Native VLAN
Then, we change the native VLAN on each trunk link:
SW01(config-if)#switchport trunk native vlan 22
Now to configure the workstation access ports:
SW01(config)#interface range gi1/1-3
SW01(config-if-range)#switchport mode access
SW01(config-if-range)#switchport access vlan 110
And the servers:
SW04(config)#interface range gi1/1-3
SW04(config-if-range)#switchport mode access
SW04(config-if-range)#switchport access vlan 120
Setting a management IP is something that we haven’t covered yet in this series.
In this case we can create a vlan interface, and assign an IP to it:
SW01(config)#interface vlan 50
*Feb 22 05:48:17.130: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan50, changed state to down
SW01(config-if)#ip address 172.16.50.1 255.255.255.0
There’s a couple of things to notice here. Firstly, when the interface is created, it transitions to the down state, and doesn’t come up. Why does this happen? Because the interface is shutdown by default. That’s why we issue the no shut command.
Second, the subnet mask is 255.255.255.0. This corresponds to /24. If you’re not familiar with that, then maybe have a quick review of the fundamentals series.
We can verify this config by pinging the other switches:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.50.1, timeout is 2 seconds:
Success rate is 80 percent (4/5), round-trip min/avg/max = 4/4/5 ms
You might wonder why the first of the five pings fails. This is because the switch is using ARP to find the MAC that corresponds with this IP.
Cisco IOS has a very short ping timeout, so the first ping fails before the ARP process completes.
Within the first week of this network going live, one of your customer’s employees has made some changes and broken the network.
You have been called in to find the problems and fix them.
The listed problems are:
- SW01 cannot be managed on it’s management IP
- Phones connected to SW01 do not work
- Untagged packets cannot flow through SW04
- The link between SW02 and SW04 is not working
- The link between SW02 and SW03 is not working
- The link between SW03 and SW04 is not working
- None of the servers can be accessed
Here is a checklist that you can use when troubleshooting basic switching issues:
- Is the VLAN defined on all the switches that need it?
- Is the VLAN allowed on all interfaces that need it?
- When trunk links are involved, are both ends trunking?
- Is the native VLAN the same on both ends?
If you can’t work out the issues from that, here is a list of what’s broken:
- VLAN 115 is shut down – This prevents the phones working
- VLAN 50 is not defined – This prevents the switch from being managed
- Native VLAN is 1 on all trunk links – The other switches use VLAN 22
- DTP to SW04 is dynamic auto – This is part of the reason the links are not working
- gi0/1 is shutdown – This is why the link is not working
- Server VLAN has been pruned on all trunks – This is why servers are not accessible
- DTP to SW02 is set to dynamic auto – This is the other part of the reason the trunk link is not working (auto on both ends)
- DTP to SW03 is not configured, trunking is manually configured – This is a mismatch in settings