Professional Documents
Culture Documents
Net201: Networking With Lab 2: Configuring and Troubleshooting Vlans and Trunking
Net201: Networking With Lab 2: Configuring and Troubleshooting Vlans and Trunking
GRADE
Objectives:
Materials:
Scenario:
Note: The switches used are Cisco Catalyst 2960s with Cisco IOS Release
15.0(2). Other switches and Cisco IOS versions can be used. Depending on the
model and Cisco IOS version, the commands available and output produced
might vary from what is shown in the labs. Also, ensure that the switches have
been erased and have no startup configurations.
PROCEDURES
If you answered no to any of the above questions, why were the pings
unsuccessful?
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
3. Issue the show vlan brief command and verify that the VLANs are assigned
to the correct interfaces.
5. Use the network topology to assign VLANs to the appropriate ports on DCE_SW.
6. Remove the IP address for VLAN 1 on DCE_SW.
7. Configure an IP address for VLAN 99 on DCE_SW according to the addressing
table in Table 2.1.
8. Use the show vlan brief command to verify that the VLANs are assigned to
the correct interfaces.
9. Verify the connectivity using ping command and observe the output.
Is DBA-PC able to ping DCE-PC1? Why?
________________________________________________________________
________________________________________________________________
Is DBA_SW able to ping DCE_SW? Why?
________________________________________________________________
________________________________________________________________
2.2. Use show vlan brief to verify that the VLAN change was made.
Which VLAN is Fa0/24 now associated with?
____________________________________________________________
____________________________________________________________
3. Remove a VLAN ID from the VLAN database.
3.1. Add VLAN 30 to interface Fa0/24 without issuing the VLAN command.
DBA_SW> en
DBA_SW# conf t
DBA_SW(config)# int fa0/24
DBA_SW(config-if)# switchport access vlan 30
DBA_SW(config-if)# end
Note: Current switch technology no longer requires that the vlan command be
issued to add a VLAN to the database. By assigning an unknown VLAN to a port,
the VLAN adds to the VLAN database.
3.2. Verify that the new VLAN is displayed in the VLAN table.
What is the default name of VLAN 30?
____________________________________________________________
Why should you reassign a port to another VLAN before removing the VLAN
from the VLAN database?
________________________________________________________________
________________________________________________________________
________________________________________________________________
Note: You should also receive link status messages on DCE_SW. Check this in
DCE_SW command-line interface (CLI).
1.2. Issue the show vlan brief command on DBA_SW and DCE_SW.
Interface Fa0/1 is no longer assigned to VLAN 1. Trunked interfaces are not
listed in the VLAN table.
1.3. In the global configuration mode, issue the show interfaces trunk
command to view trunked interfaces on each switch. Notice that the mode
on DBA_SW is set to desirable, and the mode on DCE_SW is set to auto.
Note: By default, all VLANs are allowed on a trunk. The switchport trunk
command allows you to control what VLANs have access to the trunk. For this
lab, keep the default settings which allows all VLANs to traverse Fa0/1.
1.4. Verify that VLAN traffic is traveling over trunk interface Fa0/1.
a. Can DBA_SW ping DCE_SW? (yes/no) _____
b. Can DBA-PC ping DCE-PC1? (yes/no) _____
c. Can DBA-PC ping DCE_PC2? (yes/no) _____
d. Can DCE-PC1 ping DCE-PC2? (yes/no) _____
e. Can DBA-PC ping DBA_SW? (yes/no) _____
f. Can DCE-PC1 ping DCE_SW? (yes/no) _____
g. Can DCE_PC2 and DCE_SW? (yes/no) _____
Why might you want to manually configure an interface to trunk mode instead of
using DTP?
________________________________________________________________
________________________________________________________________
________________________________________________________________
DCE_SW> en
DCE_SW# delete vlan.dat
Delete filename [vlan.dat]?
Delete flash:/vlan.dat? [confirm]
DCE_SW#
3. Issue the show flash command to verify that the vlan.dat file has been
deleted.
To initialize a switch back to its default settings, what other commands are
needed?
________________________________________________________________
________________________________________________________________
________________________________________________________________
4. Save your Packet Tracer file as NET201 Lab 2a – Group#
1.3. Examine the switch for trunk configurations using the show interfaces
trunk and the show interfaces fa0/1 switchport commands.
1.5. Correct the errors found regarding Fa0/1 and VLAN 10 on DCE_SW.
DCE_SW> en
DCE_SW# conf t
DCE_SW(config)# interface fa0/1
DCE_SW(config-if)# no shutdown
DCE_SW(config-if)# switchport mode trunk
DCE_SW(config-if)# interface fa0/6
DCE_SW(config-if)# no shutdown
DCE_SW(config-if)# switchport access vlan 10
DCE_SW(config-if)# end
DCE_SW#
1.6. Verify the commands had the desired effects by issuing the appropriate
show commands such as show interfaces trunk and show vlan
brief.
1. Cable the network topology as shown in Figure 2.1 using Packet Tracer
network simulator software.
4. Configure PC hosts (Refer to the addressing table (Table 2.1) for PC host
address information)
5. Test connectivity. Verify that the PC hosts can ping one another.
5.1. Can DBA-PC ping DCE-PC1? YES
1.2. Issue the show vlan brief command to verify VLAN assignments.
3.2. Verify that the new VLAN is displayed in the VLAN table.
What is the default name of VLAN 30?
VLAN30-MANAGEMENT
3.3. In the global configuration mode, issue a no vlan 30 command to
remove VLAN 30 from the VLAN database.
3.4. Issue the show vlan brief command. Fa0/24 was assigned to VLAN
30.
Why should you reassign a port to another VLAN before removing the
VLAN from the VLAN database?
We should reassign the port to another VLAN before removing the
VLAN from the VLAN database because the interface port assigned to the
VLAN 30 which is removed from the VLAN database are unavailable for
the port will used it should be assigned to another VLAN.
1.3. In the global configuration mode, issue the show interfaces trunk
command to view trunked interfaces on each switch. Notice that the
mode on DBA_SW is set to desirable, and the mode on DCE_SW
is set to auto.
1.4. Verify that VLAN traffic is traveling over trunk interface Fa0/1.
a. Can DBA_SW ping DCE_SW? (yes/no) YES
b. Can DBA-PC ping DCE-PC1? (yes/no) YES
1. Determine if the VLAN database exists. Issue the show flash command to
determine if a vlan.dat file exists in flash.
2. Delete the VLAN database.
3. Issue the show flash command to verify that the vlan.dat file has been
deleted.
To initialize a switch back to its default settings, what other commands are
needed?
The other commands are needed to initialize a switch back to its
default settings is erase startup-config and reload commands. It is also
needed command issued after the delete vlan.dat command.
Task 1. Set Up the Topology and Initialize Devices (CLI commands, results, or
answers to some question)
DCE_SW
Switch> en
Switch# sh run
Building configuration...
Switch#
DASTE_SW
Switch> en
Switch# sh run
Building configuration...
DASTE_SW
Switch> en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# hostname DASTE_SW
DASTE_SW(config)#
DASTE_SW
DASTE_SW(config)# no ip domain-look up
DCE_SW(config-if)#
%LINK-5-CHANGED: Interface Vlan1, changed state to up
DASTE_SW
DASTE_SW# conf t
Enter configuration commands, one per line. End with CNTL/Z.
DASTE_SW(config)# int vlan 1
DASTE_SW(config-if)# ip add 192.168.1.3 255.255.255.0
DASTE_SW(config-if)# no shut
DASTE_SW(config-if)#
%LINK-5-CHANGED: Interface Vlan1, changed state to up
DASTE_SW
DASTE_SW(config)# line con 0
DASTE_SW(config-line)# password dastegreen
DASTE_SW(config-line)# login
DASTE_SW(config-line)# exit
DASTE_SW(config)# line vty 0 15
DASTE_SW(config-line)# password dastegreen
DASTE_SW(config-line)# login
DASTE_SW(config-line)# exit
DASTE_SW(config)#end
4.4. Assign (“dce” at DCE_SW and “daste” at DASTE_SW) as the
privileged EXEC password.
DCE_SW
DCE_SW(config)# service password-encryption
DCE_SW(config)# enable password dce
DASTE_SW
DASTE_SW(config)# service password-encryption
DASTE_SW(config)# enable password daste
DCE_SW#
DASTE_SW
DASTE_SW(config)# line con 0
DASTE_SW(config-line)# password dastegreen
DASTE_SW(config-line)# login
DASTE_SW(config-line)# logging synchronous
DASTE_SW(config-line)# line vty 0 15
DASTE_SW(config-line)# password dastegreen
DASTE_SW(config-line)# exit
DASTE_SW(config)# end
DASTE_SW#
%SYS-5-CONFIG_I: Configured from console by console
DCE_SW(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
DCE_SW#
DASTE_SW
DASTE_SW> en
Password:
DASTE_SW# conf t
Enter configuration commands, one per line. End with CNTL/Z.
DASTE_SW(config)# vlan 10
DASTE_SW(config-vlan)# name STUDENTS
DASTE_SW(config-vlan)# vlan 20
DASTE_SW(config-vlan)# name FACULTY
DASTE_SW(config-vlan)# vlan 30
DASTE_SW(config-vlan)# name GUEST
DASTE_SW(config-vlan)# interface fa0/1
DASTE_SW(config-if)# switchport mode trunk
DASTE_SW(config-if)# switchport trunk allowed vlan 1,10,2,30
DASTE_SW(config-if)# !switchport trunk allowed vlan 1,10,20,30
DASTE_SW(config-if)# interface range fa0/2-24
DASTE_SW(config-if-range)# switchport mode access
DASTE_SW(config-if-range)# shutdown
DASTE_SW#
DASTE_SW
DASTE_SW# copy run start
Destination filename [startup-config]?
Building configuration...
[OK]
DASTE_SW#
PC>
1.2. After verifying that DCE-PC was configured correctly, examine the
DCE_SW switch to find possible configuration errors by viewing a
summary of the VLAN information. Enter the show vlan brief
command.
DCE_SW> en
Password:
DCE_SW# show vlan brief
1.3. Examine the switch for trunk configurations using the show interfaces
trunk and the show interfaces fa0/1 switchport commands.
DCE_SW
DCE_SW# show interfaces trunk
DASTE_SW
DASTE_SW# show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1
DCE_SW# conf t
Enter configuration commands, one per line. End with CNTL/Z.
DCE_SW(config)# interface fa0/1
DCE_SW(config-if)# no shutdown
DCE_SW(config-if)# switchport mode trunk
DCE_SW(config-if)# interface fa0/6
DCE_SW(config-if)# no shutdown
DCE_SW(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/6, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/6,
changed state to up
DCE_SW(config-if)# switchport access vlan 10
DCE_SW(config-if)# end
DCE_SW#
%SYS-5-CONFIG_I: Configured from console by console
DCE_SW#
1.6. Verify the commands had the desired effects by issuing the
appropriate show commands such as show interfaces trunk and
show vlan brief.
DCE_SW
DCE_SW> en
Password:
DCE_SW# show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1
DASTE_SW> en
Password:
DASTE_SW# conf t
Enter configuration commands, one per line. End with CNTL/Z.
DASTE_SW(config)# interface range fa0/6-12
DASTE_SW(config-if-range)# switchport access vlan 10
DASTE_SW(config-if-range)# interface fa0/11
DASTE_SW(config-if)# no shutdown
DASTE_SW(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/11, changed state to up
DASTE_SW(config-if)# end
DASTE_SW#
%SYS-5-CONFIG_I: Configured from console by console
DASTE_SW#
1.2. On DCE_SW, assign the port for DCE-PC to VLAN 20. Execute the
commands needed to complete the configuration.
DCE_SW> en
Password:
DCE_SW# conf t
Enter configuration commands, one per line. End with CNTL/Z.
DCE_SW(config)# int fa0/6
DCE_SW(config-if)# switchport mode access
DCE_SW(config-if)# switchport access vlan 20
DCE_SW(config-if)# end
DCE_SW#
%SYS-5-CONFIG_I: Configured from console by console
DCE_SW#
1.3 Issue a show vlan brief to verify that the port for DCE-PC has been
assigned to VLAN 20
DCE_SW# show vlan brief
VLAN Name Status Ports
---- -------------------------------- ---------
-------------------------------
1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5
2 VLAN0002 active Fa0/13, Fa0/14, Fa0/15,
Fa0/16
Fa0/17, Fa0/18
10 STUDENTS active Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12
20 FACULTY active Fa0/6
30 GUEST active Fa0/19, Fa0/20, Fa0/21,
Fa0/22
Fa0/23, Fa0/24
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
DCE_SW#
DASTE_SW(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/18, changed state to up
DASTE_SW(config-if)# exit
DASTE_SW(config)# int fa0/1
DASTE_SW(config-if)# switchport trunk allowed vlan remove 2
DASTE_SW(config-if)# switchport trunk allowed vlan add 20
DASTE_SW(config-if)# end
DASTE_SW#
%SYS-5-CONFIG_I: Configured from console by console
More importantly, you'll see three types of port status for troubleshooting VLANs that are
not communicating on the trunk: "Vlans allowed on trunk," "Vlans allowed and active in
management domain," and "Vlans in crossing tree forwarding state and not pruned." The
bottom line here is, if your VLAN is not showing up in all three of these lists, you either
have a VLAN that is not allowed on the trunk per the configuration command, the local-
switch trunk configuration, or the remote-switch trunk configuration.
Finally, if you are troubleshooting problems with Cisco phones, the problem may be that
they are not configured for the proper voice VLAN. Cisco phones have a unique feature
that essentially allows them to trunk two VLANs on a single port. One VLAN is for voice
traffic and the other is for PC traffic. The switch connects to the phone and another
Ethernet connection from the phone to the PC is used. Each desk or cube uses a single
cable, yet the phone and PC reside in separate VLANs.
In some situations, the voice VLAN may either not be configured on the port or is
configured for the incorrect voice VLAN. Not having the correct voice VLAN configured
on the problematic port can mean the difference between a working or non-working
phone. If the phone uses DHCP to receive an IP address, the voice VLAN requires a
special DHCP option configuration that points the phone to a TFTP server, where it can
download the necessary phone configuration file. This file is used to properly register the
phone to the Cisco Call Manager. It’s also possible that you have access controls or
firewall rules that only allow access from voice VLANs to Call Managers and voice mail
servers. To quickly verify the access and voice VLAN configured on a specific switch
port, simply use the show run interface command followed by the type and switch port
number. These are our observation from the experiment we work on in this lab
experiment.
QUESTIONS AND ANSWERS
Questions:
Answers:
In this activity Configuring and troubleshooting VLAN and Trunking, we are task
to accomplish the given objectives. Doing this lab experiment is challenging but also fun
because we tend to discover things about types of networking. And for this activity we
create a network that will configure devices to connect to VLAN’s. The main use o
VLANs is to contain broadcasts. To move traffic between VLANs you need a Layer 3
device to route packets. Endways VLANs are used when devices always need to belong
to the same VLAN no matter where the device is located typically for security reasons.
Local VLANs are substantially based and are used to break up broadcast domains.
Local VLANs don't extend beyond a building's access and distribution layers. VLANs can
be associated to a switch interface either dynamically or statically. Dynamic VLANs use
a VMPS server to associate users to VLANs, but require a lot of upfront configuration.
However, a user can be plugged in to a switch port anywhere in the network and be
associated to the correct VLAN dynamically. Static VLANs are easier to configure, but
are more difficult to manage if users are continually moving around in the network.
To create a VLAN, use the vlan command. To associate an interface to a VLAN, use
the switchport mode access and switchport access vlan commands. The show
vlan command displays your configured VLANs. Trunks are used to add VLAN
information to frames as they are transported between switches and other devices.
These methods that we used are complex ones because we have to connect the
devices to the switch which are VLAN but following the procedures guide us to get the
correct output of the program. Generally, there are two ways to look at a trunk line. In
telephony, the term trunk refers to connections between offices or distribution facilities.
These connections represent an increased number of lines or time division multiplexed
connections.
VLANs are a basic tool for creating network boundaries. While they can create
challenges regarding the forwarding of traffic, they can be a powerful tool for handling
security and quality of service concerns. This chapter discussed the operation of VLANs
and the methods used for propagating VLANs throughout a larger topology. When
deploying VLANs and trunks, there are several design considerations to take into
account. One must address the basic questions. As topologies and the VLANs grow, so
does the complexity. It is important to review the default operation and configuration of
network elements in order to ensure that locally created configurations do not place the
network at risk. A physical network security measure was implemented in the form of an
electronic combination lock of which a circuit was finally built that had the ability to open
three different doors using a password and activate an alarm when the password is
inputted wrongly three times. The password can be changed when there is a breach of
security depending on the program written. This project can be used to improve network
security in general as implementing VLANs improves the network performance and
electronic combination lock provides physical security to the organization’s network such
as banks, hospitals, rooms or offices has any confidential information on their systems
especially the server room of the network topology.
These lab experiment was not quite easy for all of us because there are a lot of things
really hard to understand so we sometimes make mistakes and do it again from the
start. But as we go and do these experiment it gets easier somehow because were
repeating the process on and on till we arrived in the correct pattern.
REFERENCES
https://www.networkcomputing.com/network-security/vlan-troubleshooting-
commands
Bansal, R.K., V. Gupta and R. Malhotra, 2010. Performance analysis of wired
and wireless LAN using soft computing techniques-a review. Global J. Comput.
Sci. Technol., 10: 67-71.
Begg, L., W. Lui, K. Pawlikowski, S. Perera and H. Sirisena, 2006. Survey of
simulators of next generation networks for studying availability and resilience.
Technical Report TR-COCS 05/06, Department of Computer Science and
Software Engineering, Univeristy of Canterbury, Christchurch, New Zealand.
Chen, S., J. Xu, R.K. Iyer and K. Whisnant, 2002. Evaluating the security threat
of firewall data corruption caused by instruction transient errors. Proceedings of
the International Conference on Dependable Systems and Network, June 23-26,
2002, Washington, DC., pp: 495-504.
Chen, X. and X. Chen, 2012. Study on layout strategy of transit hub network.
Proceedings of the International Conference on Industrial Control and Electronics
Engineering, August 23-25, 2012, Xi'an, China, pp: 258-261.