Download - CCNA Crash Course Day 04
-
8/10/2019 CCNA Crash Course Day 04
1/113
1
-
8/10/2019 CCNA Crash Course Day 04
2/113
2
Layer 2 Switching
Switching breaks up large collision domains intosmaller ones
Collision domain is a network segment with two or
more devices sharing the same bandwidth.
A hub network is a typical example of this type oftechnology
Each port on a switch is actually its own collisiondomain, you can make a much better Ethernet LANnetwork just by replacing your hubs with switches
-
8/10/2019 CCNA Crash Course Day 04
3/113
3
Switching Services
Unlike bridges that use software to create and manage afilter table, switches use Application Specific IntegratedCircuits (ASICs)
Layer 2 switches and bridges are faster than routersbecause they donttake up time looking at the Networklayer header information.
They look at the frames hardware addresses beforedeciding to either forward the frame or drop it.
layer 2 switching so efficient is that no modification tothe data packet takes place
-
8/10/2019 CCNA Crash Course Day 04
4/113
4
How Switches and BridgesLearn Addresses
Bridges and switches learn in the following ways:
Reading the source MAC address of eachreceived frame or datagram
Recording the port on which the MAC addresswas received.
In this way, the bridge or switch learns which addressesbelong to the devices connected to each port.
-
8/10/2019 CCNA Crash Course Day 04
5/113
5
Ethernet Access with Hubs
-
8/10/2019 CCNA Crash Course Day 04
6/113
-
8/10/2019 CCNA Crash Course Day 04
7/113
Address learning
Forward/filter decision
Loop avoidance
Ethernet Switches and Bridges
-
8/10/2019 CCNA Crash Course Day 04
8/113
8
Switch Features
There are three conditions in which a switch will flood aframe out on all ports except to the port on which theframe came in, as follows:
Unknown unicast address
Broadcast frame
Multicast frame
-
8/10/2019 CCNA Crash Course Day 04
9/113
9
MAC Address Table
Initial MAC address table is empty.
-
8/10/2019 CCNA Crash Course Day 04
10/113
10
Learning Addresses
Station A sends a frame to station C.
Switch caches the MAC address of station A to port E0 bylearning the source address of data frames.
The frame from station A to station C is flooded out to all
ports except port E0 (unknown unicasts are flooded).
-
8/10/2019 CCNA Crash Course Day 04
11/113
11
Learning Addresses (Cont.)
Station D sends a frame to station C.
Switch caches the MAC address of station D to port E3 bylearning the source address of data frames.
The frame from station D to station C is flooded out to all ports
except port E3 (unknown unicasts are flooded).
-
8/10/2019 CCNA Crash Course Day 04
12/113
12
Filtering Frames
Station A sends a frame to station C.
Destination is known; frame is not flooded.
-
8/10/2019 CCNA Crash Course Day 04
13/113
13
Station D sends a broadcast or multicast frame.
Broadcast and multicast frames are flooded to all portsother than the originating port.
Broadcast and MulticastFrames
-
8/10/2019 CCNA Crash Course Day 04
14/113
14
Forward/Filter Decision
When a frame arrives at a switch interface, the destinationhardware address is compared to the forward/ filter MAC database.
If the destination hardware address is known and listed in the
database, the frame is sent out only the correct exit interface
If the destination hardware address is not listed in the MACdatabase, then the frame is flooded out all active interfaces exceptthe interface the frame was received on.
If a host or server sends a broadcast on the LAN, the switch willflood the frame out all active ports except the source port.
-
8/10/2019 CCNA Crash Course Day 04
15/113
15
Learning Mac Address
-
8/10/2019 CCNA Crash Course Day 04
16/113
16
Learning Mac Address
-
8/10/2019 CCNA Crash Course Day 04
17/113
17
Learning Mac Address
-
8/10/2019 CCNA Crash Course Day 04
18/113
18
Learning Mac Address
-
8/10/2019 CCNA Crash Course Day 04
19/113
19
Learning Mac Address
-
8/10/2019 CCNA Crash Course Day 04
20/113
20
Learning Mac Address
-
8/10/2019 CCNA Crash Course Day 04
21/113
21
Learning Mac Address
-
8/10/2019 CCNA Crash Course Day 04
22/113
22
Forward/Filter PC3 to PC1
-
8/10/2019 CCNA Crash Course Day 04
23/113
23
Forward/Filter PC3 to PC2
-
8/10/2019 CCNA Crash Course Day 04
24/113
24
Loop Avoidance
Redundant links betweenswitches are a good ideabecause they help preventcomplete network failures
in the event one link stopsworking
However, they often causemore problems becauseframes can be flooded
down all redundant linkssimultaneously
This creates network loops
-
8/10/2019 CCNA Crash Course Day 04
25/113
25
Network Broadcast Loops
A manufacturing floor PC sent anetwork broadcast to request aboot loader
The broadcast was first receivedby switch sw1 on port 2/1
The topology is redundantlyconnected; therefore, switch sw2receives the broadcast frame aswell on port 2/1
Switch sw2 is also receiving acopy of the broadcast frameforwarded to the LAN segmentfrom port 2/2 of switch sw1.
In a small fraction of the time,we have four packets. Theproblem grows exponentiallyuntil the network bandwidth issaturated
-
8/10/2019 CCNA Crash Course Day 04
26/113
26
Multiple Frame Copies
-
8/10/2019 CCNA Crash Course Day 04
27/113
27
-
8/10/2019 CCNA Crash Course Day 04
28/113
28
Overview
Redundancy in a network is extremely importantbecause redundancy allows networks to be fault tolerant.
Redundant topologies based on switches and bridges
are subject to broadcast storms, multiple frametransmissions, and MAC address database instability.
Therefore network redundancy requires careful planning
and monitoring to function properly.
The Spanning-Tree Protocol is used in switchednetworks to create a loop free network
-
8/10/2019 CCNA Crash Course Day 04
29/113
29
Provides a loop-free redundant network topology by
placing certain ports in the blocking state.
Spanning-Tree Protocol
-
8/10/2019 CCNA Crash Course Day 04
30/113
30
Spanning Tree Protocol
Spanning Tree Protocol resides in Data link Layer
Ethernet bridges and switches can implement the IEEE 802.1DSpanning-Tree Protocol and use the spanning-tree algorithm to
construct a loop free network.
-
8/10/2019 CCNA Crash Course Day 04
31/113
-
8/10/2019 CCNA Crash Course Day 04
32/113
32
Selecting the Root Bridge
The first decision that all switches in the network make, is to identify theroot bridge.
When a switch is turned on, the spanning-tree algorithm is used to identifythe root bridge. BPDUs are sent out with the Bridge ID (BID).
The BID consists of a bridge priority that defaults to 32768 and the switchbase MAC address.
When a switch first starts up, it assumes it is the root switch and sendsBPDUs. These BPDUs contain BID.
All bridges see these and decide that the bridge with the smallest BID valuewill be the root bridge.
A network administrator may want to influence the decision by setting theswitch priority to a smaller value than the default.
-
8/10/2019 CCNA Crash Course Day 04
33/113
33
Spanning Tree Protocol Terms
BPDU Bridge Protocol Data Unit (BPDU) - All the switches exchange information to use in theselection of the root switch
Bridge ID- The bridge ID is how STP keeps track of all the switches in the network. It is determined bya combination of the bridge priority (32,768 by default on all Cisco switches) and the base MAC address.
Root Bridge-The bridge with the lowest bridge ID becomes the root bridge in the network.
Nonroot bridge- These are all bridges that are not the root bridge.
Root port- The root port is always the link directly connected to the root bridge or the shortest path tothe root bridge. If more than one link connects to the root bridge, then a port cost is determined bychecking the bandwidth of each link.
Designated port- A designated port is one that has been determined as having the best (lowest) cost.
A designated port will be marked as a forwarding port
Nondesignated Port - A nondesignated port is one with a higher cost than the designated port.Nondesignated ports are put in blocking mode
Forwarding Port - A forwarding port forwards frames
Blocked Port - A blocked port is the port that will not forward frames, in order to prevent loops
-
8/10/2019 CCNA Crash Course Day 04
34/113
34
Bpdu = Bridge Protocol Data Unit
(default = sent every two seconds)
Root bridge = Bridge with the lowest bridge ID
Bridge ID =
In the example, which switch has the lowest bridge ID?
Spanning-Tree ProtocolRoot Bridge Selection
-
8/10/2019 CCNA Crash Course Day 04
35/113
35
One root bridge per network
One root port per nonroot bridge
One designated port per segment
Nondesignated ports are unused
Spanning-Tree Operation
S l i h
-
8/10/2019 CCNA Crash Course Day 04
36/113
36
Selecting the Root Port
The STP cost is an accumulated total path cost based on the ratedbandwidth of each of the linksThis information is then used internally to select the root port for thatdevice
-
8/10/2019 CCNA Crash Course Day 04
37/113
37
One root bridge per network
One root port per nonroot bridge
One designated port per segment
Nondesignated ports are unused
Spanning-Tree Operation
-
8/10/2019 CCNA Crash Course Day 04
38/113
38
Switching Methods
1. Cut-Through (Fast Forward)The frame is forwarded through the switch before the entire frame isreceived. At a minimum the frame destination address must be read beforethe frame can be forwarded. This mode decreases the latency of thetransmission, but also reduces error detection.
2. Fragment-Free (Modified Cut-Through)Fragment-free switching filters out collision fragments before forwardingbegins. Collision fragments are the majority of packet errors. In Fragment-Free mode, the switch checks the first 64 bytes of a frame.
3. Store-and-ForwardThe entire frame is received before any forwarding takes place. Filters areapplied before the frame is forwarded. Most reliable and also most latencyespecially when frames are large.
-
8/10/2019 CCNA Crash Course Day 04
39/113
39
Switching Methods
-
8/10/2019 CCNA Crash Course Day 04
40/113
40
-
8/10/2019 CCNA Crash Course Day 04
41/113
41
Physical Startup of the Catalyst Switch
Switches are dedicated, specialized computers, which contain a CPU,RAM, and an operating system.
Switches usually have several ports for the purpose of connectinghosts, as well as specialized ports for the purpose of management.
A switch can be managed by connecting to the console port to viewand make changes to the configuration.
Switches typically have no power switch to turn them on and off.They simply connect or disconnect from a power source.
Verifying Port LEDs During Switch
-
8/10/2019 CCNA Crash Course Day 04
42/113
43
Verifying Port LEDs During SwitchPOST
Once the power cable is connected, the switch initiates aseries of tests called the power-on self test (POST).
POST runs automatically to verify that the switch functionscorrectly.
The System LED indicates the success or failure of POST.
-
8/10/2019 CCNA Crash Course Day 04
43/113
44
Switch Command Modes
Switches have several command modes.
The default mode is User EXEC mode, which ends in a greater-than character (>).
The commands available in User EXEC mode are limited to thosethat change terminal settings, perform basic tests, and displaysystem information.
The enablecommand is used to change from User EXEC mode
to Privileged EXEC mode, which ends in a pound-sign character (#).
The configure command allows other command modes to beaccessed.
-
8/10/2019 CCNA Crash Course Day 04
44/113
45
Show Commands in User-Exec Mode
-
8/10/2019 CCNA Crash Course Day 04
45/113
46
Tasks
Setting the passwords (Password must be between 4and 8 characters)
Setting the hostname
Configuring the IP address and subnetmask
Erasing the switch configurations
S tti S it h H t
-
8/10/2019 CCNA Crash Course Day 04
46/113
47
Setting Switch HostnameSetting Passwords on Lines
-
8/10/2019 CCNA Crash Course Day 04
47/113
48
Switch Configuration
There are two reasons to set the IP address information on the switch:
To manage the switch via Telnet or other management software
To configure the switch with different VLANs and other network functions
See the default IP configuration = show IP command
Configure IP Addresssw1(config-if)#interface vlan 1
sw1(config-if)#ip address 10.0.0.1 255.0.0.0
sw1(config-if)#no shut
sw1(config-if)#exit
sw1(config)ip default-gateway 10.0.0.254
-
8/10/2019 CCNA Crash Course Day 04
48/113
49
Configuring Interface Descriptions
You can administratively set a name for each interface on theswitches
SW1#config tEnter configuration commands, one per line. End with CNTL/ZSW1(config)#int e0/1
SW1(config-if)#description Finance_VLANSW1(config-if)#int f0/26SW1(config-if)#description trunk_to_Building_4SW1(config-if)#
Setting Port SecuritySw1(config-if)#switchport port-security mac-address mac-address
Now only this one MAC address is allowed on this switch port
-
8/10/2019 CCNA Crash Course Day 04
49/113
50
Switch Configuration
Connect two machine to a switch
To view the MAC table
sw1#show mac-address-table dynamic
Sw1#sh spanning-tree
Sw1(config)#spanning-tree vlan 1 priority ?
Sw1(config)#spanning-tree vlan 1 priority 4096
Erase the configuration
-
8/10/2019 CCNA Crash Course Day 04
50/113
51
-
8/10/2019 CCNA Crash Course Day 04
51/113
52
VLANs
A VLAN is a logical grouping of network users andresources connected to administratively defined ports ona switch.
Ability to create smaller broadcast domains within a layer
2 switched internetwork by assigning different ports onthe switch to different subnetworks.
Frames broadcast onto the network are only switchedbetween the ports logically grouped within the same
VLAN By default, no hosts in a specific VLAN can communicate
with any other hosts that are members of another VLAN,
For Inter VLAN communication you need routers
VLAN
-
8/10/2019 CCNA Crash Course Day 04
52/113
53
VLANs
VLAN implementation combines Layer 2 switching and Layer 3 routingtechnologies to limit both collision domains and broadcast domains.
VLANs can also be used to provide security by creating the VLANgroups according to function and by using routers to communicate
between VLANs.
A physical port association is used to implement VLAN assignment.
Communication between VLANs can occur only through the router.
This limits the size of the broadcast domains and uses the router todetermine whether one VLAN can talk to another VLAN.
NOTE: This is the only way a switch can break up a broadcast domain!
-
8/10/2019 CCNA Crash Course Day 04
53/113
54
A VLAN = A Broadcast Domain = Logical Network (Subnet)
VLAN Overview
Segmentation
Flexibility
Security
-
8/10/2019 CCNA Crash Course Day 04
54/113
55
History
11 Hosts are connected to the switchAll From same Broadcast domainNeed to divide them in separate logical segmentHigh broadcast traffic reasons
ARP
DHCPSAPXWindowsNetBIOS
-
8/10/2019 CCNA Crash Course Day 04
55/113
56
Definition
Logically Defined community of interest that limits aBroadcast domain
LAN are created on the software of Switch
All devices in a VLAN are members of the samebroadcast domain and receive all broadcasts
The broadcasts, by default, are filtered from all ports on
a switch that are not members of the same VLAN.
-
8/10/2019 CCNA Crash Course Day 04
56/113
57
Security
A Flat internetworkssecurity used to be tackled by connecting hubsand switches together with routers
This arrangement is ineffective because
Anyone connecting physical network could access network resourceslocated on that physical LAN
Can observe the network traffic by plugging network analyzer into theHUB
Users could join a workgroup by just plugging their workstations intothe existing hub
By creating VLANsadministrators have control over each port and
user
H VLAN Si lif N t k
-
8/10/2019 CCNA Crash Course Day 04
57/113
58
How VLANs Simplify NetworkManagement
If we need to break the broadcast domain we need to connect arouter
By usingVLANswe can divide Broadcast domain at Layer-2
A group of users needing high security can be put into a VLAN sothat no users outside of the VLAN can communicate with them.
As a logical grouping of users by function, VLANs can be consideredindependent from their physical locations.
-
8/10/2019 CCNA Crash Course Day 04
58/113
59
VLAN Memberships
VLAN created based on port is known as Static VLAN.
VLAN assigned based on hardware addresses into adatabase, is called a dynamic VLAN
-
8/10/2019 CCNA Crash Course Day 04
59/113
60
VLAN Membership Modes
-
8/10/2019 CCNA Crash Course Day 04
60/113
-
8/10/2019 CCNA Crash Course Day 04
61/113
62
Dynamic VLANs
A dynamic VLAN determines a nodesVLAN assignmentautomatically
Using intelligent management software, you can baseVLAN assignments on hardware (MAC) addresses.
Dynamic VLAN need VLAN Management Policy Server(VMPS) server
-
8/10/2019 CCNA Crash Course Day 04
62/113
-
8/10/2019 CCNA Crash Course Day 04
63/113
64
LAB Deleting VLAN
port1 port5
To delete VLANSw(config)# no vlan 2Sw(config)# no vlan 3
To bring port back to VLAN 1Sw(config-if)#switchport mode accesSw(config-if)#switch port access vlan1For a RangeSw(config)#int range fastethernet 0/1 - 5Sw(config-if)#switch port access vlan1
-
8/10/2019 CCNA Crash Course Day 04
64/113
-
8/10/2019 CCNA Crash Course Day 04
65/113
66
Types of Links
Access links
This type of link is only part of one VLAN
Its referred to as the native VLAN of the port.
Any device attached to an access link is unaware of a VLAN
Switches remove any VLAN information from the frame beforeits sent to an access-link device.
Trunk links
Trunks can carry multiple VLANs
These carry the traffic of multiple VLANs
Atrunk link is a 100- or 1000Mbps point-to-point link betweentwo switches, between a switch and router.
-
8/10/2019 CCNA Crash Course Day 04
66/113
67
Access links
-
8/10/2019 CCNA Crash Course Day 04
67/113
68
Trunk links
-
8/10/2019 CCNA Crash Course Day 04
68/113
69
Frame Tagging
Can create VLANs to span more than one connected switch Hosts are unaware of VLAN When host A Create a data unit and reaches switch, the switch adds a
Frame tagging to identify the VLAN Frame tagging is a method to identify the packet belongs to a particular
VLAN Each switch that the frame reaches must first identify the VLAN ID from the
frame tag It finds out what to do with the frame by looking at the information in the
filter table Once the frame reaches an exit to an access link matching the framesVLAN
ID, the switch removes the VLAN identifier
-
8/10/2019 CCNA Crash Course Day 04
69/113
70
Frame Tagging Methods
There are two frame tagging methods Inter-Switch Link (ISL)
IEEE 802.1Q
Inter-Switch Link (ISL)
proprietary to Cisco switches used for Fast Ethernet and Gigabit Ethernet links only
IEEE 802.1Q
Created by the IEEE as a standard method of frametagging
it actually inserts a field into the frame to identify the VLAN
If youre trunking between a Cisco switched link and adifferent brand of switch, you have to use 802.1Q for thetrunk to work.
-
8/10/2019 CCNA Crash Course Day 04
70/113
-
8/10/2019 CCNA Crash Course Day 04
71/113
72
LAB-Creating Trunk
Create two VLAN's on eachswitches
#vlan database
sw(vlan)#vlan 2 name red
sw(vlan)#vlan 3 name blue
sw(vlan)#exit
sw#config tsw(config)#int fastethernet 0/1
sw(config-if)#switch-portaccess vlan 2
sw(config)#int fastethernet 0/4
sw(config-if)#switch-portaccess vlan 3
To see Interface status
#show interface status
10.0.0.3
10.0.0.4
1 2 3 41 2 3 4
10.0.0.1
10.0.0.2
24 12
Trunk Port Configuration
sw#config t
sw(config)#int fastethernet 0/24
sw(config-if)#switchport trunkencapsulation dot1q
sw(config-if)#switchport mode trunk
* 2950 Only dot1q Encapsulation
Assigning Access Ports to a
-
8/10/2019 CCNA Crash Course Day 04
72/113
73
Assigning Access Ports to aVLAN
Switch(config)#interface gigabitethernet 1/1
Enters interface configuration mode
Switch(config-if)#switchport mode access
Configures the interface as an access port
Switch(config-if)#switchport access vlan 3
Assigns the access port to a VLAN
Verifying the VLAN
-
8/10/2019 CCNA Crash Course Day 04
73/113
74
y gConfiguration
Switch#show vlan [id | name][vlan_num | vlan_name]
VLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/5, Fa0/7
Fa0/8, Fa0/9, Fa0/11, Fa0/12Gi0/1, Gi0/2
2 VLAN0002 active51 VLAN0051 active52 VLAN0052 active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------1 enet 100001 1500 - - - - - 1002 1003
2 enet 100002 1500 - - - - - 0 051 enet 100051 1500 - - - - - 0 052 enet 100052 1500 - - - - - 0 0
Remote SPAN VLANs------------------------------------------------------------------------------Primary Secondary Type Ports------- --------- ----------------- ------------------------------------------
Verifying the VLAN Port
-
8/10/2019 CCNA Crash Course Day 04
74/113
75
y gConfiguration
Switch#show running-config interface {fastethernet |gigabitethernet} slot/port
Displays the running configuration of the interface
Switch#show interfaces [{fastethernet | gigabitethernet}slot/port] switchport
Displays the switch port configuration of the interface
Switch#show mac-address-table interface interface-id[vlanvlan-id] [ | {begin | exclude | include} expression]
Displays the MAC address table information for the specified
interface in the specified VLAN
-
8/10/2019 CCNA Crash Course Day 04
75/113
A messaging system that advertises VLAN configuration information
Maintains VLAN configuration consistency throughout a commonadministrative domain
Sends advertisements on trunk ports only
VTP Protocol Features
-
8/10/2019 CCNA Crash Course Day 04
76/113
77
VLAN Trunking Protocol (VTP)
Benefits of VTPConsistent VLAN configuration across all switches in
the network
Accurate tracking and monitoring of VLANsDynamic reporting of added VLANs to all switches in
the VTP domain
-
8/10/2019 CCNA Crash Course Day 04
77/113
78
Forwardsadvertisements
Synchronizes
Not saved inNVRAM
Creates VLANs
Modifies VLANs
Deletes VLANs
Sends/forwardsadvertisements
Synchronizes Saved in NVRAM
Creates VLANs
Modifies VLANs
Deletes VLANs
Forwardsadvertisements
Does notsynchronize
Saved in NVRAM
VTP Modes
VTP Operation
-
8/10/2019 CCNA Crash Course Day 04
78/113
79
VTP Operation
VTP advertisements are sent as multicast frames.
VTP servers and clients are synchronized to the latest update identifiedrevision number.
VTP advertisements are sent every 5 minutes or when there is a change.
-
8/10/2019 CCNA Crash Course Day 04
79/113
80
VTP Pruning
VTP pruning provides a way for you to preservebandwidth by configuring it to reduce the amount ofbroadcasts, multicasts, and unicast packets.
If Switch A doesnthave any ports configured for VLAN5, and a broadcast is sent throughout VLAN 5, thatbroadcast would not traverse the trunk link to Switch A.
By default, VTP pruning is disabled on all switches.
Pruning is enabled for the entire domain
VTP Pruning
-
8/10/2019 CCNA Crash Course Day 04
80/113
81
Increases available bandwidth by reducing unnecessary flooded traffic
Example: Station A sends broadcast, and broadcast is flooded only toward
any switch with ports assigned to the red VLAN
VTP Pruning
-
8/10/2019 CCNA Crash Course Day 04
81/113
C ti VTP D i
-
8/10/2019 CCNA Crash Course Day 04
82/113
83
wg_sw_1900#configure terminal
Enter configuration commands, one per line. End with CNTL/Zwg_sw_1900(config)#vtp transparentwg_sw_1900(config)#vtp domain switchlab
wg_sw_1900(config)#vtp [server | transparent | client] [domaindomain-name] [trap {enable | disable}] [passwordpassword][pruning {enable | disable}]
Creating a VTP Domain
Catalyst 1900
Catalyst 2950
wg_sw_2950#vlan databasewg_sw_2950(vlan)#vtp [ server | client | transparent ]wg_sw_2950(vlan)#vtp domain domain-namewg_sw_2950(vlan)#vtp passwordpasswordwg_sw_2950(vlan)#vtp pruning
-
8/10/2019 CCNA Crash Course Day 04
83/113
Verifying the VTP
-
8/10/2019 CCNA Crash Course Day 04
84/113
85
Verifying the VTPConfiguration (Cont.)
Switch#show vtp counters
Switch#show vtp counters
VTP statistics:Summary advertisements received : 7
Subset advertisements received : 5Request advertisements received : 0Summary advertisements transmitted : 997Subset advertisements transmitted : 13Request advertisements transmitted : 3Number of config revision errors : 0Number of config digest errors : 0
Number of V1 summary errors : 0
VTP pruning statistics:Trunk Join Transmitted Join Received Summary advts received from
non-pruning-capable device---------------- ---------------- ---------------- ---------------------------Fa5/8 43071 42766 5
VLAN t VLAN
-
8/10/2019 CCNA Crash Course Day 04
85/113
86
VLAN to VLAN
If you want to connect between twoVLANs you need a layer 3 device
R t Sti k
-
8/10/2019 CCNA Crash Course Day 04
86/113
87
Router on Stick
10.0.0.3
20.0.0.3
1 2 3 41 2 3 4
10.0.0.220.0.0.2
24 12
Create two VLAN's on eachswitches
#vlan database
sw(vlan)#vlan 2 name red
sw(vlan)#vlan 3 name blue
sw(vlan)#exit
sw#config tsw(config)#int fastethernet 0/1
sw(config-if)#switch-portaccess vlan 2
sw(config)#int fastethernet 0/4
sw(config-if)#switch-portaccess vlan 3
To see Interface status
#show interface status
Trunk Port Configuration
sw#config t
sw(config)#int fastethernet 0/24
sw(config-if)#switchport trunkencapsulation dot1q
sw(config-if)#switchport mode trunk
Router Configuration
R1#config t
R1(config)#int fastethernet 0/0.1
R1(config-if)#encapsulation dot1q 2
R1(config-if)#ip address 10..0.0.1 255.0.0.0
R1(config-if# No shut
R1(config-Iif)# EXIT
R1(config)#int fastethernet 0/0.2
R1(config-if)# encapsulation dot1q 3R1(config-if)#ip address 20..0.0.1 255.0.0.0
R1(config-if# No shut
Router-Switch Port to be made as Trunk
sw(config)#int fastethernet 0/9
sw(config-if)#switchport trunk enacapsulationdot1q
sw(config-if)#switchport mode trunk
10.0.0.1
20.0.0.1FA0/0
9
-
8/10/2019 CCNA Crash Course Day 04
87/113
88
Fig. 3 NAT (TI1332EU02TI_0003 New Address Concepts, 7)
New Addressing Concepts
-
8/10/2019 CCNA Crash Course Day 04
88/113
89
Problems with IPv4
Shortage of IPv4 addresses
Allocation of the last IPv4 addresses was for the year 2005
Address classes were replaced by usage of CIDR, but this is not sufficient
Short term solutionNAT: Network Address Translator
Long term solution
IPv6 = IPng (IP next generation)
Provides an extended address range
Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
NAT: Network Address Translator
-
8/10/2019 CCNA Crash Course Day 04
89/113
90
NAT
Translates between local addresses and public ones
Many private hosts share few global addresses
Public Network
Uses public addresses
Public addresses are
globally unique
Private NetworkUses private address range
(local addresses)
Local addresses may not
be used externally
Fig. 4 How does NAT work? (TI1332EU02TI_0003 New Address Concepts, 9)
-
8/10/2019 CCNA Crash Course Day 04
90/113
Inside/O tside
-
8/10/2019 CCNA Crash Course Day 04
91/113
92
Inside/Outside
-
8/10/2019 CCNA Crash Course Day 04
92/113
NAT Addressing Terms
-
8/10/2019 CCNA Crash Course Day 04
93/113
94
NAT Addressing Terms
Outside Global
The termoutsiderefers to an address used for a host outsidean enterprise, the Internet.
An outside global is the actual IP address assigned to a host that
resides in the outside network, typically the Internet.
Outside Local
NAT uses an outside local address to represent the outside host
as the packet is sent through the private network. This address is outside private, outside host with a private
address
Network Address Translation
-
8/10/2019 CCNA Crash Course Day 04
94/113
95
Network Address Translation
An IP address is either local or global. Local IP addresses are seen in the inside network.
-
8/10/2019 CCNA Crash Course Day 04
95/113
Static NAT
-
8/10/2019 CCNA Crash Course Day 04
96/113
97
Static NAT
Static NAT - Mapping an unregistered IP address to a registered IPaddress on a one-to-one basis. Particularly useful when a deviceneeds to be accessible from outside the network.
In static NAT, the computer with the IP address of 192.168.32.10
will always translate to 213.18.123.110.
Dynamic NAT
-
8/10/2019 CCNA Crash Course Day 04
97/113
98
Dynamic NAT
Dynamic NAT - Maps an unregistered IP address to a registered IPaddress from a group of registered IP addresses.
In dynamic NAT, the computer with the IP address 192.168.32.10will translate to the first available address in the range from213.18.123.100 to 213.18.123.150.
Overloading NAT with PAT (NAPT)
-
8/10/2019 CCNA Crash Course Day 04
98/113
99
Overloading NAT with PAT (NAPT)
Overloading - A form of dynamic NAT that maps multiple unregisteredIP addresses to a single registered IP address by using different ports.This is known also as PAT (Port Address Translation), single addressNAT or port-level multiplexed NAT.
In overloading, each computer on the private network is translated tothe same IP address (213.18.123.100), but with a different portnumber assignment..
Static NAT Configuration
-
8/10/2019 CCNA Crash Course Day 04
99/113
100
Static NAT Configuration
For each interface you need to configure INSIDE or OUTSIDE
Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
E0B
A 10.0.0.1
S0
200.0.0.1
C
Internet10.0.0.2
10.0.0.3
10.0.0.254
R1(config)#Int fastethernet 0/0R1(config-if)# IP NAT insideR1(config-if)##Int s 0/0
R1(config-if)# IP NAT outsideR1(config-if)# ExitR1(config)# ip NAT inside source static 10.0.0.1 200.0.0.1To see the tableR1(config)#show ip nat translationsR1(config)#show ip nat statistics
INSIDE/OUTSIDE
-
8/10/2019 CCNA Crash Course Day 04
100/113
101
INSIDE/OUTSIDE
Dynamic NAT
-
8/10/2019 CCNA Crash Course Day 04
101/113
102
Dynamic NAT
Dynamic NAT sets up a pool of possible inside globaladdresses and defines criteria for the set of insidelocal IP addresses whose traffic should be translatedwith NAT.
The dynamic entry in the NAT table stays in there aslong as traffic flows occasionally.
If a new packet arrives, and it needs a NAT entry, butall the pooled IP addresses are in use, the routersimply discards the packet.
Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
Dynamic NAT
-
8/10/2019 CCNA Crash Course Day 04
102/113
103
Dynamic NAT
Instead of creating static IP, create a pool of IPAddress, Specify a range
Create an access list and permit hosts
Link Access list to the Pool
Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
-
8/10/2019 CCNA Crash Course Day 04
103/113
PAT
-
8/10/2019 CCNA Crash Course Day 04
104/113
105
PAT
Overloading an inside global address NAT overload only one global IP shared among all hosts
Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
E0B
A 10.0.0.1
C
10.0.0.2
10.0.0.3
10.0.0.254 200.0.0.1Internet
Shared Global IP
200.0.0.1:1025
200.0.0.1:1026
200.0.0.1:1027
PAT
-
8/10/2019 CCNA Crash Course Day 04
105/113
106
PAT
PAT
-
8/10/2019 CCNA Crash Course Day 04
106/113
107
PAT
PAT
-
8/10/2019 CCNA Crash Course Day 04
107/113
108
PAT
PAT
-
8/10/2019 CCNA Crash Course Day 04
108/113
109
PAT
PAT
-
8/10/2019 CCNA Crash Course Day 04
109/113
110
PAT
PAT
-
8/10/2019 CCNA Crash Course Day 04
110/113
111
PAT
PAT
-
8/10/2019 CCNA Crash Course Day 04
111/113
112
PAT
-
8/10/2019 CCNA Crash Course Day 04
112/113
PAT LAB
-
8/10/2019 CCNA Crash Course Day 04
113/113
PAT LAB
R1#config t
R1(config)# int e 0
R1(config-if)# ip nat insde
R1(config)# int s 0
R1(config-if)# ip nat outside
R1(config)#access-list 1 permit 192.168.10.0 0.0.0.255
R1(config)#ip nat inside source list 1 interface s 0 overload
To see host to host ping configure static ordynamic routing
S0S0E0
E0
192.168.10.2
A B
200.0.0.2
192.168.10.1
200.0.0.1
192.168.20.2
192.168.20.1
R2#config t
R2(config)# int e 0
R2(config-if)# ip nat insde
R2(config)# int s 0
R2(config-if)# ip nat outside
R2(config)#access-list 1 permit 192.168.20.0 0.0.0.255
R2(config)#ip nat inside source list 1 interface s 0 overload
To see host to host ping configure static ordynamic routing