Vlan Labs 1

Vlan:- Scenario-Based Question
VLAN LAB
Switch Command
Switch(config)#int range fa0/1-5
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10
% Access VLAN does not exist. Creating vlan 10
Switch(config-if-range)#int range fa0/6-10
Switch(config-if-range)#swicthport mode access
Switch(config-if-range)#do sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gig0/1, Gig0/2
10 VLAN0010 active Fa0/1, Fa0/2, Fa0/3, Fa0/4,Fa0/5
20 VLAN0020 active Fa0/6, Fa0/7, Fa0/8, Fa0/9,Fa0/10

Switch>en
Switch#
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vlan 10
Switch(config-vlan)#name IT
Switch(config-vlan)#vlan 20
Switch(config-vlan)#name Production
Switch(config-vlan)#do sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gig0/1, Gig0/2
10 IT active Fa0/1, Fa0/2, Fa0/3, Fa0/4,Fa0/5
20 Production active Fa0/6, Fa0/7, Fa0/8, Fa0/9,Fa0/1
Switch>en
Switch#conf t
Switch(config)#int gi0/1
Switch(config-if)#switchport mode ?
access -Set trunking mode to ACCESS unconditionally
dynamic- Set trunking mode to dynamically negotiate access or trunk mode
trunk -Set trunking mode to TRUNK unconditionally
Switch(config-if)#switchport mode trunk
Switch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up

Switch(config-if)#end
Switch#
%SYS-5-CONFIG_I: Configured from console by console
Router Commands
Router>en
Router#conf t
Router(config)#int g0/0.10
Router(config-subif)#encapsulation ?
dot1Q IEEE 802.1Q Virtual LAN
Router(config-subif)#encapsulation dot1q ?
<1-4094> IEEE 802.1Q VLAN ID
Router(config-subif)#encapsulation dot1q 10
Router(config-subif)#ip address 10.10.0.1 255.0.0.0
Router(config-subif)#int g0/0.20
Router(config-subif)#encapsulation dot1q 20
Router(config-subif)#ip address 20.20.0.1 255.0.0.0
Router#conf t
Router(config)#int g0/0
Router(config-if)#no shut
Router(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
%LINK-5-CHANGED: Interface GigabitEthernet0/0.10, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.10, changed state to up
%LINK-5-CHANGED: Interface GigabitEthernet0/0.20, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.20, changed state to up

Inter-Vlan Routing
Configure vlan as usual.
In Switch1 configure trunk port for Gi0/1 and Fa0/10
Connect both the switch on same port number of individual switch
VTP Configuration
(It is Mandatory to make Fa0/10 as a trunk port in switch1)
Switch1 configuration
Switch>en
Switch#
Switch#conf t
Switch(config)#vtp ?
domain -Set the name of the VTP administrative domain.
mode -Configure VTP device mode
password -Set the password for the VTP administrative domain
version -Set the adminstrative domain to VTP version
Switch(config)#vtp mode ?
client -Set the device to client mode.
server -Set the device to server mode.
transparent -Set the device to transparent mode.
Switch(config)#vtp mode server
Device mode already VTP SERVER.
version- Set the adminstrative domain to VTP version
Switch(config)#vtp domain ?
WORD- The ascii name for the VTP administrative domain.
Switch(config)#vtp domain mylabs
Changing VTP domain name from NULL to mylabs
Switch(config)#vtp password ?
WORD -The ascii password for the VTP administrative domain.
Switch(config)#vtp password test1
Setting device VLAN database password to test1
Switch(config)#int ra fa0/13-16
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#do sh vlan
Switch# sh vtp status
Switch2 Configuration
Switch>en
Switch#conf t
Mode- Configure VTP device mode
Password- Set the password for the VTP administrative domain
Switch(config)#vtp mode ?
client -Set the device to client mode.
server -Set the device to server mode.
transparent -Set the device to transparent mode.
Switch(config)#vtp mode client
Setting device to VTP CLIENT mode.
Switch(config)#vtp domain ?
WORD -The ascii name for the VTP administrative domain.
Switch(config)#vtp domain mylabs
Domain name already set to mylabs.
Mode-Configure VTP device mode
Switch(config)#vtp password ?
WORD The ascii password for the VTP administrative domain.
Switch(config)#vtp password test1
Setting device VLAN database password to test1
Switch(config)#do sh vlan
(Note:- After typing do sh vlan command you will notice that new vlan 40 that you created
previously is being reflected in switch2 but you need to add ports manually.)
First configure dynamic routing using RIP protocol and make sure all are communicating with one
another.Then type the following command
Lab:-Creating Standard access-list(Standard Access-List are always applied at the destination PC)
Router>en
Router#
Router# conf t
Router(config)#access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
Router(config)#access-list 25 ?
deny -Specify packets to reject
permit -Specify packets to forward
remark -Access list entry comment
Router(config)#access-list 25 deny ?
A.B.C.D -Address to match
any -Any source host
host -A single host address
Router(config)#access-list 25 deny host ?
A.B.C.D -Host address
Router(config)#access-list 25 deny host 192.168.48.10 ?
{where 192.168.48.10 is the source PC address}
Router(config)#access-list 25 deny host 192.168.48.10
Router(config)#access-list 25 permit ?
host -A single host address
Router(config)#access-list 25 permit any ?
<cr>
Router(config)#access-list 25 permit any
Router(config)#int gi0/0(Destination PC interface from router to switch)
Router(config-if)#ip access-group ?
<1-199> IP access list (standard or extended)
WORD -Access-list name
Router(config-if)#ip access-group 25 ?
in -inbound packets
out -outbound packets
Router(config-if)#ip access-group 25 out ?
<cr>
Router(config-if)#ip access-group 25 out
Router(config-if)#^Z
Router#
Router#sh access-list
Standard IP access list 25
10 deny host 192.168.48.10
20 permit any
Removing ACL
Router(config)#do sh access-list 25
Standard IP access list 25
deny host 192.168.48.10 (16 match(es))
permit any (8 match(es))
Router(config)#no access-list 25
Router(config)#do sh access-list 25
Router(config)#int gi0/0
Router(config-if)#no ip access-group 25 out
Configuring Extended ACL
{Before applying ext-ACL make sure your source PC is able to connect destination router through
telnet}
Router>en
Router#conf t
<1-99> -IP standard access list
<100-199> -IP extended access list
Router(config)#access-list 120 deny ?
ahp -Authentication Header Protocol
eigrp -Cisco's EIGRP routing protocol
esp -Encapsulation Security Payload
gre -Cisco's GRE tunneling
icmp -Internet Control Message Protocol
ip -Any Internet Protocol
ospf -OSPF routing protocol
tcp -Transmission Control Protocol
udp -User Datagram Protocol
Router(config)#access-list 120 deny tcp ?
A.B.C.D -Source address
host- A single source host
Router(config)#access-list 120 deny tcp host 192.168.48.20 ?{where 192.168.48.20 is the source
PC address}
A.B.C.D -Destination address
any -Any destination host
eq -Match only packets on a given port number
gt -Match only packets with a greater port number
host -A single destination host
lt -Match only packets with a lower port number
neq- Match only packets not on a given port number
range -Match only packets in the range of port numbers
Router(config)#access-list 120 deny tcp host 192.168.48.20 host 192.168.38.2 ?{where
192.168.30.2 is the destination router interface address used for telnet connection}
dscp -Match packets with given dscp value
eq -Match only packets on a given port number
established -established
gt -Match only packets with a greater port number
lt- Match only packets with a lower port number
neq- Match only packets not on a given port number
precedence- Match packets with given precedence value
range -Match only packets in the range of port numbers
<cr>
Router(config)#access-list 120 deny tcp host 192.168.48.20 host 192.168.38.2 eq ?
<0-65535> -Port number
ftp- File Transfer Protocol (21)
pop3 -Post Office Protocol v3 (110)
smtp -Simple Mail Transport Protocol (25)
telnet -Telnet (23)
www -World Wide Web (HTTP, 80)
Router(config)#access-list 120 deny tcp host 192.168.48.20 host 192.168.38.2 eq 23 ?
dscp -Match packets with given dscp value
established -established
precedence- Match packets with given precedence value
<cr>
Router(config)#access-list 120 deny tcp host 192.168.48.20 host 192.168.38.2 eq 23
Router(config)#access-list 120 deny tcp host 192.168.48.20 host 192.168.68.1 eq 23 {where
192.168.68.1 is the destination router other interface address}
ahp -Authentication Header Protocol
eigrp -Cisco's EIGRP routing protocol
esp -Encapsulation Security Payload
gre -Cisco's GRE tunneling
icmp -Internet Control Message Protocol
ip -Any Internet Protocol
ospf -OSPF routing protocol
Router(config)#access-list 120 permit ip ?
A.B.C.D- Source address
host -A single source host
Router(config)#access-list 120 permit ip any ?
A.B.C.D -Destination address
any -Any destination host
host -A single destination host
Router(config)#access-list 120 permit ip any any
Router(config)#int gi 0/0{where gi0/0 is the source router internal interface}
Router(config-if)#ip access-group 120 in
Router#sh access-list 120
Extended IP access list 120
deny tcp host 192.168.48.20 host 192.168.38.2 eq telnet
deny tcp host 192.168.48.20 host 192.168.68.1 eq telnet
permit ip any any
Static and Dynamic NAT

Static NAT Configuration
Router(config)#ip nat ?
inside -Inside address translation
outside -Outside address translation
pool -Define pool of addresses
Router(config)#ip nat inside ?
source -Source address translation
Router(config)#ip nat inside source ?
list -Specify access list describing local addresses
static -Specify static local->global mapping
Router(config)#ip nat inside source static ?
A.B.C.D- Inside local IP address
Router(config)#ip nat inside source static 192.168.48.10 20.20.0.100 ?
{where 192.168.48.10 is source PC address which is private IP ,20.20.0.100 is public IP for
translation }
Router(config)#ip nat inside source static 192.168.48.20 20.20.0.110 {where 192.168.48.20 is
the source IP of another PC which is private IP and 20.20.0.110 is the public IP that need to be
translated}
Router(config)#int gi 0/0{where gi 0/0 is the interface connected from Router-Switch}
Router(config-if)#ip nat inside
Router(config-if)#int gi0/1{where gi0/1 is the interface connected from Router-Router}
Router(config-if)#ip nat outside
Router#
Router#
Router#sh ip nat translation
Pro Inside global Inside local Outside local Outside global
--- 20.20.0.100 192.168.48.10 --- ---
--- 20.20.0.110 192.168.48.20 --- ---
Now go to your PC machine and ping to different PC to send data packets.After then repeat the
same command to see the translation of NAT.
icmp 20.20.0.100:57 192.168.48.10:57 192.168.58.20:57 192.168.58.20:57
icmp 20.20.0.100:58 192.168.48.10:58 192.168.58.20:58 192.168.58.20:58
icmp 20.20.0.100:59 192.168.48.10:59 192.168.58.20:59 192.168.58.20:59
icmp 20.20.0.100:60 192.168.48.10:60 192.168.58.20:60 192.168.58.20:60
--- 20.20.0.100 192.168.48.10 --- ---
--- 20.20.0.110 192.168.48.20 --- ---
Dynamic Nat
Router#conf t
<1-99> -IP standard access list
<100-199>- IP extended access list
permit- Specify packets to forward
host- A single host address
Router(config)#access-list 50 permit 192.168.48.0 0.0.0.255 ?
{where 192.168.48.0 is the network of source machine.
0.0.0.255 is the wild card mask.}
Router(config)#access-list 50 permit 192.168.48.0 0.0.0.255
Router(config)#ip nat pool mypool ?
{where mypool is pool name.}
A.B.C.D- Start IP address
Router(config)#ip nat pool mypool 20.20.0.100 ?
A.B.C.D -End IP address
Router(config)#ip nat pool mypool 20.20.0.100 20.20.0.150 ?
Netmask- Specify the network mask
Router(config)#ip nat pool mypool 20.20.0.100 20.20.0.120 netmask 255.255.255.192
Router(config)#ip nat ?
inside -Inside address translation
outside -Outside address translation
pool -Define pool of addresses
Router(config)#ip nat inside source ?
list -Specify access list describing local addresses
static- Specify static local->global mapping
Router(config)#ip nat inside source list 50 ?
interface -Specify interface for global address
pool -Name pool of global addresses
Router(config)#ip nat inside source list 50 pool ?
WORD- Name pool of global addresses
Router(config)#ip nat inside source list 50 pool mypool ?
Overload- Overload an address translation
<cr>
Router(config)#ip nat inside source list 50 pool mypool
Router(config)#int gi 0/0
Router(config-if)#int gi 0/1
Router#
Go to PC machine and ping and then type sh command for nat translation.
Router#
icmp 20.20.0.100:61 192.168.48.10:61 192.168.58.20:61 192.168.58.20:61
icmp 20.20.0.100:62 192.168.48.10:62 192.168.58.20:62 192.168.58.20:62
icmp 20.20.0.100:63 192.168.48.10:63 192.168.58.20:63 192.168.58.20:63
icmp 20.20.0.100:64 192.168.48.10:64 192.168.58.20:64 192.168.58.20:64
icmp 20.20.0.110:10 192.168.48.20:10 192.168.58.20:10 192.168.58.20:10
icmp 20.20.0.110:11 192.168.48.20:11 192.168.58.20:11 192.168.58.20:11
icmp 20.20.0.110:9 192.168.48.20:9 192.168.58.20:9 192.168.58.20:9
--- 20.20.0.100 192.168.48.10 --- ---
--- 20.20.0.110 192.168.48.20 --- ---
PAT OverLoad
Router>en
Router#conf t
Deny- Specify packets to reject
Permit- Specify packets to forward
Remark- Access list entry comment
A.B.C.D- Address to match
Any- Any source host
Host- A single host address
Router(config)#access-list 30 permit 192.168.58.0 0.0.0.63
Router(config)#ip nat pool firstpool 20.20.10.30 20.20.10.30 netmask 255.255.255.192
Router(config)#ip nat inside source list 30 pool firstpool ?
Overload- Overload an address translation
<cr>
Router(config)#ip nat inside source list 30 pool firstpool overload
Router(config)#int gi 0/0
Router(config-if)#int gi0/2
Now go to PC machine and ping with other PC and then type sh command to get the translation
icmp 20.20.10.30:1 192.168.58.20:1 192.168.68.20:1 192.168.68.20:1
icmp 20.20.10.30:2 192.168.58.20:2 192.168.68.20:2 192.168.68.20:2
icmp 20.20.10.30:3 192.168.58.20:3 192.168.68.20:3 192.168.68.20:3
icmp 20.20.10.30:4 192.168.58.20:4 192.168.68.20:4 192.168.68.20:4

Vlan Labs 1

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Vlan Labs 1

Uploaded by

Copyright:

Available Formats

Vlan:- Scenario-Based Question

Switch(config)#int range fa0/1-5

Switch(config-if-range)#switchport mode access

Switch(config-if-range)#switchport access vlan 10

% Access VLAN does not exist. Creating vlan 10

Switch(config-if-range)#int range fa0/6-10

Switch(config-if-range)#swicthport mode access

Switch(config-if-range)#switchport access vlan 20

% Access VLAN does not exist. Creating vlan 20

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/11, Fa0/12, Fa0/13, Fa0/14

Fa0/15, Fa0/16, Fa0/17, Fa0/18

Fa0/19, Fa0/20, Fa0/21, Fa0/22

Fa0/23, Fa0/24, Gig0/1, Gig0/2

10 VLAN0010 active Fa0/1, Fa0/2, Fa0/3, Fa0/4,Fa0/5

20 VLAN0020 active Fa0/6, Fa0/7, Fa0/8, Fa0/9,Fa0/10

Enter configuration commands, one per line. End with CNTL/Z.

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/11, Fa0/12, Fa0/13, Fa0/14

Fa0/15, Fa0/16, Fa0/17, Fa0/18

Fa0/19, Fa0/20, Fa0/21, Fa0/22

Fa0/23, Fa0/24, Gig0/1, Gig0/2

10 IT active Fa0/1, Fa0/2, Fa0/3, Fa0/4,Fa0/5

20 Production active Fa0/6, Fa0/7, Fa0/8, Fa0/9,Fa0/1

Enter configuration commands, one per line. End with CNTL/Z.

access -Set trunking mode to ACCESS unconditionally

dynamic- Set trunking mode to dynamically negotiate access or trunk mode

trunk -Set trunking mode to TRUNK unconditionally

Switch(config-if)#switchport mode trunk

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up

%SYS-5-CONFIG_I: Configured from console by console

Enter configuration commands, one per line. End with CNTL/Z.

dot1Q IEEE 802.1Q Virtual LAN

<1-4094> IEEE 802.1Q VLAN ID

Router(config-subif)#ip address 10.10.0.1 255.0.0.0

Router(config-subif)#ip address 20.20.0.1 255.0.0.0

Enter configuration commands, one per line. End with CNTL/Z.

%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up

%LINK-5-CHANGED: Interface GigabitEthernet0/0.10, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.10, changed state to up

%LINK-5-CHANGED: Interface GigabitEthernet0/0.20, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.20, changed state to up

Configure vlan as usual.

In Switch1 configure trunk port for Gi0/1 and Fa0/10

Connect both the switch on same port number of individual switch

(It is Mandatory to make Fa0/10 as a trunk port in switch1)

Static and Dynamic NAT

You might also like