In this lab, you will create and resolve many layer-2 problems. The problems may include:
Interfaces assigned to the wrong VLANs
Mismatched trunking ports
Mismatched VTP domains
Mismatched VTP passwords
Incompatible VTP modes
Tools and Materials:
- GNS3 Simulator
- The base topology for this lab from Canvas.
Setup:
For this lab download the GNS3 configuration from Canvas.
Configuration Steps
- Configure Trunks
- Configure VTP
a. Vtp domain nku.edu
b. Vtp version 3
c. Configure “nA” switch as Primary VTP server with “vtp primary vlan” command - Create VLANs 2 and 3 on the Primary VTP server
a. You should only have to do this on the primary VTP server. If steps 1 and 2 were done correctly, the new VLANs will propagate to the other three switches. - Configure IP addresses for each switch in VLAN 1
a. Switches should be able to ping each other after this. You should also be able to telnet between switches at this point. - Assign interfaces to VLANs on both “B” switches
- Configure IP addresses (ifconfig) for the four test Linux PCs
a. Pings between PCs in the same VLAN should work after this
Helpful Command Examples for VPC Configuration
ip ARG … [OPTION]
Configure the current VPC’s IP settings
ARG …:
address [mask] [gateway]
address [gateway] [mask]
Set the VPC’s ip, default gateway ip and network mask
Default IPv4 mask is /24, IPv6 is /64. Example:
ip 10.1.1.70/26 10.1.1.65 set the VPC’s ip to 10.1.1.70,
the gateway to 10.1.1.65, the netmask to 255.255.255.192.
In tap mode, the ip of the tapx is the maximum host ID
of the subnet. In the example above the tapx ip would be
10.1.1.126
mask may be written as /26, 26 or 255.255.255.192
auto Attempt to obtain IPv6 address, mask and gateway using SLAAC
dhcp [OPTION] Attempt to obtain IPv4 address, mask, gateway, DNS via DHCP
-d Show DHCP packet decode
-r Renew DHCP lease
-x Release DHCP lease
dns ip Set DNS server ip, delete if ip is ‘0’
domain NAME Set local domain name to NAME
Helpful Command Examples for Trunk Configuration
• SWn_A#show int e0/0 switchport
• SWn_A#show int trunk
• SWn_A(config)#int e0/0
• SWn_A(config-if)#switchport trunk encapsulation dot1q
• SWn_A(config-if)#switchport mode trunk
Helpful Command Examples for VLAN Configuration
• SWn_B#show vlan
• SWn_B(config)#int vlan 1
• SWn_B(config-if)#ip address 10.251.1.252 255.255.255.0
• SWn_B(config-if)#no shutdown
• SWn_B(config)#vlan 2
• SWn_B(config-vlan)#name VLAN2
• SWn_B config-vlan)#end
• SWn_B(config)#int e1/1
• SWn_B(config-if)#switchport access vlan 2
Run VTP version 3 on all of your switches. Also, set the VTP domain name to nku.edu. The commands are:
• SWn_B(config)#vtp version 3
• SWn_B(config)#vtp domain nku.edu
In addition, set Switch-nA as the primary VTP version 3 server. That command is:
• SWn_A#vtp primary vlan
Many of the commands above are just examples. You will need to decide the exact commands for each switch or laptop.
Since switches default to VTP server mode, you should only have to configure VLANs on the primary server switch assuming you have the trunks configured correctly. To confirm that all the switches are in VTP server mode, you can use the show vtp status command on each switch. Use show vlan brief to be sure that you have VLAN 2 and VLAN 3 on all four switches.
When you have everything configured, test to make sure that both PCs in VLAN 2 can ping each other and both PCs in VLAN 3 can ping each other. Also make sure all of the switches can ping each other on their VLAN 1 IP addresses.
That’s all of the setup. Now on to the problems you will create and fix. Remember that if two PCs are in the same subnet, they must also be in the same VLAN in order to be able to communicate with each other. Let’s break that and see the symptoms.
Interfaces assigned to wrong VLANs
- Ping PC 31 from PC 32. It should be successful.
- On SWn_B, configure the interface e1/0 to use VLAN 1.
- Repeat the ping from step 1. It fails. Why?
- Run the “show vlan brief” from the console on SWn_B. Think about how you would use these commands to diagnose this particular problem.
- Put e1/0 back into VLAN 3.
Q1. Copy the output of show vtp status and show vlan brief commands on each switch into the lab document.
VTP Configuration Issues
Remember that in order for VTP to work between switches, trunks must be up, VTP domain names must match, and VTP passwords must match (if configured). Also, VTP modes must be configured properly.
Mismatched-Trunking ports:
- Change e0/1 (uplink between A and B) on SWn_A to use switchport mode access.
• SWn_A(config)#int e0/1
• SWn_A(config-if)#switchport mode access - Try the ping commands again between the laptops that are connected to the same VLANs and see if the ping returns successful.
- Add a VLAN to the primary VTP server.
Q2. Did it propagate to all the clients? - Run the following show commands on the console for SWn_A. Think about how you would use these commands to diagnose this particular problem.
• SWn_A#show int status
• SWn_A#show int trunk
• SWn_A#show int e0/1 switchport
• SWn_A#show vlan - Put int e0/1 on SWn_A back in trunking mode. Re-test to make sure all pings are successful.
VTP mode Client:
- Change every switch except SWn_A to use a vtp mode of client. SWn_A should remain in vtp mode server. For example:
• SWn+1_A/B(config)#vtp mode client
• SWn+1_A/B(config)#vtp domain nku.edu - Use show vtp status to make sure SWn_A is still in vtp mode server with a vtp domain name of nku.edu. On your topology diagram, make a note of which switch is the server.
- Try to create a new VLAN (vlan 4) on the server switch and see if it propagates properly to the other switches.
- Try to create a new VLAN on one of the client switches. It doesn’t work.
Q3. Why not?
VTP Mode Transparent:
- Change the vtp mode of SWn+1_A to transparent.
• SWn+1_A(config)#vtp mode transparent - Now try to create a new VLAN on the vtp server and see if it propagates to the other switches.
- Create a new VLAN on the transparent switch and see if it propagates to the other switches.
- Create a new VLAN on the server switch and see if it propagates to the other switches.
Q4. Does the VLAN created on the vtp server propagate to the switch that is transparent?
Q5. Does the VLAN created on the transparent switch propagate to the other switches?
Mismatched VTP domain name:
- Change the vtp domain name on one of the client switches
• SWn_A/B (config)#vtp domain google.com - Now try to create a new VLAN on the server switch and see if it reflects on all the switches.
• SWn_A/B (config)#vlan 10
• SWn_A/B (config-vlan)name VLAN10
• SWn_A/B (config-vlan)exit - On the client with a domain name of google.com, use show vtp status to see the domain name.
Q6. Copy the output of the show vtp status command in response to this question. - Change the domain name on the misconfigured client back to nku.edu and ensure that the new VLAN propagates properly.
Mismatched VTP Passwords:
- Add a vtp password to the server switch
- SWn_A/B#vtp password cisco
- Add a new VLAN to the primary VTP server.
Q7. Does it propagate to the clients? - Fix the clients so that VLANs added to the server will propagate to other switches.