(CCNA) Switching Fundamentals – Part Two
Exercises
Introduction
Lab Topology
Exercise 1 – Trunk Configuration and Dynamic Trunking Protocol – Part I
Exercise 2 – VLAN Trunk Protocol
Exercise 3 – Trunk Configuration and Dynamic Trunking Protocol – Part II
Exercise 4 – Native VLAN Configuration
Review
(CCNA) Switching Fundamentals – Part One
Learning Outcomes
In this module, you will complete the following exercises:
- Exercise 1 – Trunk Configuration and Dynamic Trunking Protocol – Part I
- Exercise 2 – VLAN Trunk Protocol
- Exercise 3 – Trunk Configuration and Dynamic Trunking Protocol – Part II
- Exercise 4 – Native VLAN Configuration
After completing this lab, you will be able to:
- Configure a Trunk Link
- Configure VTP
- Complete Trunk Configuration
- Secure the Native VLAN
Exam Objectives
The following exam objective is covered in this lab:
- 2.2 Configure and verify interswitch connectivity
Lab Topology
During your session, you will have access to the following lab configuration.
Depending on the exercises, you may or may not use all of the devices, but they are shown here in the layout to get an overall understanding of the topology of the lab.
- NYEDGE1 – (Cisco 2911 – Internet Edge Router 1)
- NYEDGE2 – (Cisco 2911 – Internet Edge Router 2)
- NYWAN1 – (Cisco 2911 – WAN Router)
- NYCORE1 – (Cisco 3750v2 – 24PS – Core Switch 1)
- NYCORE2 – (Cisco 3750v2 – 24PS – Core Switch 2)
- NYACCESS1 – (Cisco 2960-24 – Access Switch 1)
- PLABCSCO01 – (Windows Server 2012 R2 – Cisco Tools Server)
Exercise 1 – Trunk Configuration and Dynamic Trunking Protocol – Part I
A trunk is a link, usually between two switches, that transmits frames belonging to two or more VLANs. It is because of trunks that you are able to distribute multiple VLANs throughout multiple switches.
In this exercise, you will learn about configuring a trunk and dynamic trunking protocol.
Learning Outcomes
After completing this exercise, you will be able to:
- Configure a Trunk Link
Your Devices
You will be using the following devices in this lab. Please power these on now.
- NYEDGE1 – (Cisco 2911 – Internet Edge Router 1)
- NYWAN1 – (Cisco 2911 – WAN Router)
- NYCORE1 – (Cisco 3750v2 – 24PS – Core Switch 1)
- NYCORE2 – (Cisco 3750v2 – 24PS – Core Switch 2)
- NYACCESS1 – (Cisco 2960-24 – Access Switch 1)
- PLABCSCO01 – (Windows Server 2012 R2 – Cisco Tools Server)
Task 1 – Configure a Trunk Link
In this task, you will configure a trunk link between the NYCORE1 and NYACCESS1 switches to transmit multiple VLANs between them.
Step 1
Connect to the NYCORE1 switch and begin by creating two VLANs with the following characteristics:
- VLAN 10 name Management
- VLAN 20 name Sales
Type the following commands (press Enter after each command):
NYCORE1#
configure terminal
NYCORE1(config)#
vlan 10
NYCORE1(config-vlan)#
name Management
NYCORE1(config-vlan)#
exit
NYCORE1(config)#
vlan 20
NYCORE1(config-vlan)#
name Sales
NYCORE1(config-vlan)#
exit
You will see the following output:
NYCORE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYCORE1(config)#vlan 10
NYCORE1(config-vlan)#name Management
NYCORE1(config-vlan)#exit
NYCORE1(config)#vlan 20
NYCORE1(config-vlan)#name Sales
NYCORE1(config-vlan)#exit
NYCORE1(config)#
Step 2
Next, examine the lab diagram to determine which interface of the NYCORE1 switch connects with the NYACCESS1 switch. You will see that it is interface FastEthernet 1/0/22. Configure this interface as a trunk by typing the following commands (press Enter after each command):
NYCORE1(config)#
interface fastethernet 1/0/22
NYCORE1(config-if)#
switchport mode trunk
You will see the following output:
NYCORE1(config)#interface fastethernet 1/0/22
NYCORE1(config-if)#switchport mode trunk
Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to "trunk" mode.
NYCORE1(config-if)#
As can be seen from the message above, this attempt has failed. You must first configure the trunk encapsulation before configuring the interface as a trunk.Note: If at any point in this lab you see a VTP_USER_NOTIFICATION appear, please continue with the lab as it does not affect the results.
Step 3
To configure the trunk encapsulation, issue the following commands. Use the ? as below to view all of the options you have for this command.
Type the following commands (press Enter after each command):
NYCORE1(config-if)#
switchport trunk encapsulation ?
NYCORE1(config-if)#
switchport trunk encapsulation dot1q
You will see the following output:
NYCORE1(config-if)#switchport trunk encapsulation ?
dot1q Interface uses only 802.1q trunking encapsulation when trunking
isl Interface uses only ISL trunking encapsulation when trunking
negotiate Device will negotiate trunking encapsulation with peer on
interface
NYCORE1(config-if)#switchport trunk encapsulation dot1q
NYCORE1(config-if)#
The options for encapsulation are isl, dot1q, and negotiate. Here you will use the dot1q option for encapsulation.Note: The Inter-Switch Link or ISL protocol is a Cisco proprietary trunk encapsulation protocol. It has been overtaken by open standard IEEE 802.1q as the preferred trunk encapsulation protocol.
Step 4
Now attempt once again to configure this port as a trunk port.
Type the following commands (press Enter after each command):
NYCORE1(config-if)#
switchport mode trunk
NYCORE1(config-if)#
exit
NYCORE1(config)#
exit
NYCORE1#
exit
You will see the following output:
NYCORE1(config-if)#switchport mode trunk
NYCORE1(config-if)#
*Mar 1 00:46:08.643: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/22, changed state to down
*Mar 1 00:46:11.671: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/22, changed state to up
NYCORE1(config-if)#exit
NYCORE1(config)#exit
NYCORE1#exit
NYCORE1#
The port has now been configured as a trunk port. Notice that the interface was brought down and came back up. This is because, by default, the other end of the link is connected to an interface that has DTP enabled.Note: In order for a trunk to function, it must be configured as a trunk on both ends of the link. By default, switchport interfaces have the Dynamic Trunking Protocol or DTP function active. This means that ports will negotiate between them to successfully create either an access or a trunk link depending on the configuration on each end. In this case, the NYCORE1 end is configured as a trunk, and the NYACCESS1 end is configured to auto-negotiate with DTP, so the access link was torn down and a trunk link was negotiated. For more information on what combination of configurations on each end will result in what type of link, review your course material, or use your favorite search engine to research this topic further.
Step 5
To verify this configuration, examine the trunk that you configured by issuing the following command:
NYCORE1#
show interface trunk
Press Enter.
You will see the following output:
NYCORE1#show interface trunk
Port Mode Encapsulation Status Native vlan
Fa1/0/22 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa1/0/22 1-4094
Port Vlans allowed and active in management domain
Fa1/0/22 1,10,20
Port Vlans in spanning tree forwarding state and not pruned
Fa1/0/22 1,10,20
NYCORE1#
Notice that the port is on, which means that auto-negotiation is not active, with an encapsulation protocol of 802.1q, and it has a status of trunking. This information indicates that the trunk has been created successfully. Notice also the Native vlan, which is 1. You will examine this later in this lab.
The above output also indicates which VLANs are transmitted over this trunk:
- The Vlans allowed on trunk indicates that the whole range of possible VLANs is allowed on this trunk. This is the default setting for newly created trunks.
- The Vlans allowed and active in management domain shows the VLANs that currently exist on the switch and that are being transmitted over the trunk.
- The Vlans in spanning tree forwarding state and not pruned statement is beyond the scope of this lab.
Step 6
Next, you will configure the trunk so that only VLANs 10 and 20 are allowed over it. Type the following commands (press Enter after each command):
NYCORE1#
configure terminal
NYCORE1(config)#
interface fastethernet 1/0/22
NYCORE1(config-if)#
switchport trunk allowed vlan 10,20
NYCORE1(config-if)#
exit
NYCORE1(config)#
exit
You will see the following output:
NYCORE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYCORE1(config)#interface fastethernet 1/0/22
NYCORE1(config-if)#switchport trunk allowed vlan 10,20
NYCORE1(config-if)#exit
NYCORE1(config)#exit
NYCORE1#
Note: When listing VLANs in the above command, there is no space after the “,”. If you were to list more VLANs in such a command, you would type switchport trunk allowed vlan 10,20,30,40,50 without spaces after the “,”.
Step 7
Verify this change with the following command:
NYCORE1#
show interface trunk
Press Enter.
You will see the following output:
NYCORE1#show interface trunk
Port Mode Encapsulation Status Native vlan
Fa1/0/22 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa1/0/22 10,20
Port Vlans allowed and active in management domain
Fa1/0/22 10,20
Port Vlans in spanning tree forwarding state and not pruned
Fa1/0/22 10,20
NYCORE1#
Now only VLANs 10 and 20 are allowed and are active over the trunk.
Step 8
Although you have configured the trunk on NYCORE1 and you have seen that the trunk is active, it is not yet correctly passing traffic. This is because the allowed VLANs have not been configured on the other end of the link.
Examine the lab diagram and determine which interface of the NYACCESS1 is at the other end of the trunk. You should see that this is interface FastEthernet 0/24. If you remember from previous steps, the trunk is currently functioning because it has DTP active by default.
Connect to NYACCESS1 switch.
Verify the DTP settings on this interface by issuing the following command:Note: If the NYACCESS1 switch appears with the “>” prompt, use the enable command to enter the privileged EXEC mode (#).
NYACCESS1#
show interface trunk
Press Enter.
You will see the following output:
NYACCESS1#show interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/24 auto 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/24 1-4094
Port Vlans allowed and active in management domain
Fa0/24 1
Port Vlans in spanning tree forwarding state and not pruned
Fa0/24 1
NYACCESS1#
You can see that the Mode is auto, which means DTP is functioning.
Step 9
Next, change the trunking mode on FastEthernet 0/24 to trunk. This will essentially turn off the use of DTP and will have both ends of the link explicitly configured as trunks.
Type the following commands (press Enter after each command):
NYACCESS1#
configure terminal
NYACCESS1(config)#
interface fastethernet 0/24
NYACCESS1(config-if)#
switchport mode trunk
NYACCESS1(config-if)#
exit
NYACCESS1(config)#
exit
The output will be as follows:
NYACCESS1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYACCESS1(config)#interface fastethernet 0/24
NYACCESS1(config-if)#switchport mode trunk
NYACCESS1(config-if)#exit
NYACCESS1(config)#exit
NYACCESS1#
Notice that there are no syslog messages indicating that the link went down. This is to be expected because the state of the link has not changed, just the method by which that state is achieved.
Step 10
The next step involves allowing the appropriate VLANs to traverse the trunk. Take a look at the VLANs that have been configured on the NYACCESS1 switch by entering the following command:
NYACCESS1#
show vlan brief
Press Enter.
You will see the following output:
NYACCESS1#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Gi0/1
Gi0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
NYACCESS1#
You’ll notice that VLANs 10 and 20 are missing. In fact, the switch is in its default VLAN configuration.
One method of configuration would be to manually configure VLANs 10 and 20 and then allow them on the appropriate trunk. However, imagine you have a large organization with sixty or seventy VLANs and 25 switches. It would be a nightmare to configure all of those switches with all of those VLANs, not to mention the high probability of mistakes.
Another option, which you will use here is to use the VLAN Trunk Protocol or VTP. In the next section, you will configure VTP, and then you will return to complete the trunk configuration.
Exercise 2 – VLAN Trunk Protocol
VTP is a protocol that functions in a client server model. One device, in this case, NYCORE1, will be configured as the server where all VLAN configurations are made. Client devices, in this case, NYACCESS1, receives the information about the VLANs, created and automatically create them in their own VLAN databases.
In this exercise, you will learn about configuring VTP.
Learning Outcomes
After completing this exercise, you will be able to:
- Configure VTP
Your Devices
You will be using the following devices in this lab. Please power these on now.
- NYEDGE1 – (Cisco 2911 – Internet Edge Router 1)
- NYWAN1 – (Cisco 2911 – WAN Router)
- NYCORE1 – (Cisco 3750v2 – 24PS – Core Switch 1)
- NYCORE2 – (Cisco 3750v2 – 24PS – Core Switch 2)
- NYACCESS1 – (Cisco 2960-24 – Access Switch 1)
- PLABCSCO01 – (Windows Server 2012 R2 – Cisco Tools Server)
Task 1 – Configuring VTP
In this task, you will configure VTP between the NYCORE1 and NYACCESS1 switches so that VLAN information from the former will be propagated automatically to the latter.
Step 1
Connect to NYCORE1 and view the current VTP configuration with the following command:
NYCORE1#
show vtp status
Press Enter.
Below is the default VTP configuration of a switch:
NYCORE1#show vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 08cc.683f.2f00
Configuration last modified by 0.0.0.0 at 3-1-93 00:33:23
Local updater ID is 0.0.0.0 (no valid interface found)
Feature VLAN:
--------------
VTP Operating Mode : Server
Maximum VLANs supported locally : 1005
Number of existing VLANs : 7
Configuration Revision : 2
MD5 digest : 0x3A 0x3F 0xBE 0xD2 0x26 0x14 0x1C 0xFB
0x78 0x64 0x76 0x38 0x71 0xFE 0xC9 0xA9
NYCORE1#
Look over the VTP configuration. To set up VTP on this switch, the following configuration will be implemented:
- VTP Version number: 3
- VTP Domain Name: vtp.practice-labs.com
- VTP operating mode: server
- VTP password: cisco
Note: VTP has three versions. It is always best to use the latest version. However, switches are always backward compatible in order to function on networks with older equipment. Version three offers compatibility with extended range VLANs, private VLANs and provides features that protect against the unwanted overwriting of the VLAN database. Other features include password encryption as well. To further research VTP versions, use your favorite search engine.
Step 2
To configure the NYCORE1 switch with the above parameters, type the following commands (press Enter after each command):
NYCORE1#
configure terminal
NYCORE1(config)#
vtp domain vtp.practice-labs.com
NYCORE1(config)#
vtp mode server
NYCORE1(config)#
vtp version 3
NYCORE1(config)#
vtp password cisco
NYCORE1(config)#
exit
You will see the following output:
NYCORE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYCORE1(config)#vtp domain vtp.practice-labs.com
Changing VTP domain name from NULL to vtp.practice-labs.com
NYCORE1(config)#
*Mar 1 02:33:46.327: %SW_VLAN-6-VTP_DOMAIN_NAME_CHG: VTP domain name changed to vtp.practice-labs.com.
NYCORE1(config)#vtp mode server
Device mode already VTP Server for VLANS.
NYCORE1(config)#vtp version 3
*Mar 1 02:34:04.094: %SW_VLAN-6-OLD_CONFIG_FILE_READ: Old version 2 VLAN configuration file detected and read OK. Version 3 files will be written in the future
NYCORE1(config)#vtp password cisco
Setting device VTP password to cisco
NYCORE1(config)#exit
NYCORE1#
As you initiate the commands, you will see various messages indicating the changes that you are making.Note: You cannot change the VTP version to 3 unless you first create a VTP domain.
Step 3
Verify the VTP configuration once again, by entering the following command:
NYCORE1#
show vtp status
Press Enter.
You will see the following output:
NYCORE1#show vtp status
VTP Version capable : 1 to 3
VTP version running : 3
VTP Domain Name : vtp.practice-labs.com
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 08cc.683f.2f00
Feature VLAN:
--------------
VTP Operating Mode : Server
Number of existing VLANs : 7
Number of existing extended VLANs : 0
Maximum VLANs supported locally : 1005
Configuration Revision : 0
Primary ID : 0000.0000.0000
Primary Description :
MD5 digest : 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
Feature MST:
--------------
VTP Operating Mode : Transparent
Feature UNKNOWN:
--------------
VTP Operating Mode : Transparent
NYCORE1#
Because you activated VTP v3, some additional features are shown in the output, which is outside the scope of this lab. You can see, however, that the configuration that you implemented has been applied.
Step 4
Next, view the VTP configuration on the NYACCESS1 switch.
Connect to NYACCESS1 switch and issue the following command:
NYACCESS1#
show vtp status
Press Enter.
You will see the following output:
NYACCESS1#show vtp status
*Mar 1 02:41:05.085: %SYS-5-CONFIG_I: Configured from console bshow vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name : vtp.practice-labs.com
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 2834.a2b7.7980
Configuration last modified by 0.0.0.0 at 3-1-93 00:33:23
Local updater ID is 0.0.0.0 (no valid interface found)
Feature VLAN:
--------------
VTP Operating Mode : Server
Maximum VLANs supported locally : 64
Number of existing VLANs : 7
Configuration Revision : 2
MD5 digest : 0xDA 0x70 0xB4 0x31 0x5F 0x34 0x24 0x7F
0xEA 0xB7 0x4F 0xF0 0x6F 0x90 0x26 0x1C
NYACCESS1#
Almost everything is as expected except for the VTP Domain Name. You will notice that it has changed. When the VTP domain name of a switch is empty, it will join the first VTP domain it learns about. Because it is connected to the NYCORE1 switch with this VTP domain name, it automatically joins that domain.
Step 5
Next, configure the remaining VTP parameters to make NYACCESS1 a VTP client.
Type the following commands (press Enter after each command):
NYACCESS1#
configure terminal
NYACCESS1(config)#
vtp version 3
NYACCESS1(config)#
vtp password cisco
NYACCESS1(config)#
vtp mode client
NYACCESS1(config)#
exit
You will see the following output:
NYACCESS1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYACCESS1(config)#vtp version 3
*Mar 1 02:48:23.289: %SW_VLAN-6-OLD_CONFIG_FILE_READ: Old version 2 VLAN configuration file detected and read OK. Version 3 files will be written in the future
NYACCESS1(config)#vtp password cisco
Setting device VTP password to cisco
NYACCESS1(config)#vtp mode client
Setting device to VTP Client mode for VLANS.
NYACCESS1(config)#exit
NYACCESS1#
Step 6
The VTP configuration should be complete. After several seconds, the VLANs from the NYCORE1 switch will have been sent to NYACCESS1 and inserted into the VLAN database.
To confirm this, view the VLANs on the NYACCESS1 switch by entering the following command:
NYACCESS1#
show vlan brief
Press Enter.
The output will be as follows:
NYACCESS1#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Gi0/1
Gi0/2
10 Management active
20 Sales active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup
NYACCESS1#
VLANs 10 and 20 have been successfully added to the VLAN database.Note: If you do not see VLANs 10 or 20, carry on with the exercise, it will appear after making NYCORE1 the primary server.
Step 7
Next, you will see what happens when you create a new VLAN on a switch that is configured as a VTP client.
Type the following commands (press Enter after each command) on the NYACCESS1 switch:
NYACCESS1#
configure terminal
NYACCESS1(config)#
vlan 30
NYACCESS1(config)#
exit
You will see the following output:
NYACCESS1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYACCESS1(config)#vlan 30
VTP VLAN configuration not allowed when device is in CLIENT mode.
NYACCESS1(config)#exit
NYACCESS1#
VLANs can no longer be manipulated from a VTP client. All changes must occur at the VTP server.
Step 8
Connect to the NYCORE1 switch, which is the VTP server, and attempt to add a new VLAN there.
Type the following commands (press Enter after each command):
NYCORE1#
configure terminal
NYCORE1(config)#
vlan 30
NYCORE1(config)#
exit
You will see the following output:
NYCORE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYCORE1(config)#vlan 30
VTP VLAN configuration not allowed when device is not the primary server for vlan database.
NYCORE1(config)#exit
NYCORE1#
Again, you are unable to create the VLAN. This is because VTP version 3 requires you to make the server a primary VTP server. To do so, make sure you are in privilege executive mode and issue the following command and press Enter when asked to confirm:
NYCORE1#
vtp primary
Press Enter.Alert: It may take several seconds for the command to execute so be patient.
You will see the following output:
NYCORE1#vtp primary
This system is becoming primary server for feature vlan
No conflicting VTP3 devices found.
Do you want to continue? [confirm]
NYCORE1#
*Mar 1 03:04:37.148: %SW_VLAN-4-VTP_PRIMARY_SERVER_CHG: 08cc.683f.2f00 has become the primary server for the VLAN VTP feature
NYCORE1#
Step 9
Now attempt once again to add a new VLAN.
To do this, type the following commands (press Enter after each command). If successful, name it Test:
NYCORE1#
configure terminal
NYCORE1(config)#
vlan 30
NYCORE1(config-vlan)#
name Test
NYCORE1(config-vlan)#
exit
NYCORE1(config)#
exit
You will see the following output:
NYCORE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYCORE1(config)#vlan 30
NYCORE1(config-vlan)#name Test
NYCORE1(config-vlan)#exit
NYCORE1(config)#exit
NYCORE1#
You have successfully created the VLAN.
Step 10
Connect to the NYACCESS1 switch and see if the VLAN you created has been added to the database there.
To do this, enter the following command:
NYACCESS1#
show vlan brief
Press Enter.
You will see the following output:
NYACCESS1#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Gi0/1
Gi0/2
10 Management active
20 Sales active
30 Test active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup
NYACCESS1#
The Test VLAN has been added successfully.
You have successfully configured VTP, and all of the necessary VLANs have automatically been propagated from NYCORE1 to the NYACCESS1 switch.
In the next section, you will complete the trunk configuration that you began at the beginning of this exercise.
Exercise 3 – Trunk Configuration and Dynamic Trunking Protocol – Part II
In Exercise 1, you partially configured a trunk link between NYCORE1 and NYACCESS1. The configuration was completed on the NYCORE1 side, however, not on the NYACCESS1 side. You configured VTP in Exercise 2 so that NYCORE1 will automatically share its VLANs with NYACCESS1.
Learning Outcomes
After completing this exercise, you will be able to:
- Complete Trunk Configuration
Your Devices
You will be using the following devices in this lab. Please power these on now.
- NYEDGE1 – (Cisco 2911 – Internet Edge Router 1)
- NYWAN1 – (Cisco 2911 – WAN Router)
- NYCORE1 – (Cisco 3750v2 – 24PS – Core Switch 1)
- NYCORE2 – (Cisco 3750v2 – 24PS – Core Switch 2)
- NYACCESS1 – (Cisco 2960-24 – Access Switch 1)
- PLABCSCO01 – (Windows Server 2012 R2 – Cisco Tools Server)
Task 1 – Completing Trunk Configuration
Now that NYACCESS1 has the appropriate VLANs configured, you can finish the trunk configuration.
At the end of Exercise 5, you had successfully configured interface FastEthernet 0/24 on NYACCESS1 as a trunk.
Step 1
Connect to NYACCESS1 and configure the FastEthernet 0/24 interface to allow VLANs 10 and 20.
To do this, type the following commands (press Enter after each command):
NYACCESS1#
configure terminal
NYACCESS1(config)#
interface fastethernet 0/24
NYACCESS1(config-if)#
switchport trunk allowed vlan 10,20
NYACCESS1(config-if)#
exit
NYACCESS1(config)#
exit
You will see the following output:
NYACCESS1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYACCESS1(config)#interface fastethernet 0/24
NYACCESS1(config-if)#switchport trunk allowed vlan 10,20
NYACCESS1(config-if)#exit
NYACCESS1(config)#exit
NYACCESS1#
Step 2
Take a look at the trunk interface with the following command to verify your configuration:
NYACCESS1#
show interface trunk
Press Enter.
You will see the following output:
NYACCESS1#show interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/24 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/24 10,20
Port Vlans allowed and active in management domain
Fa0/24 10,20
Port Vlans in spanning tree forwarding state and not pruned
Fa0/24 10,20
NYACCESS1#
The VLANs have been added successfully to the trunk.Note: When entering commands that allow VLANs on trunks, you are essentially overwriting any previously allowed VLAN configuration. The command removes any other allowed VLANs that may have been configured and allows only those in the command. In order to add allowed VLANs to an already existing list, use this format of the command: switchport trunk allowed vlan add XX where XX is the VLAN ID. Review your course material or use a search engine to research this topic further.
Step 3
In order to test to see if the trunk is successfully passing traffic, you must first configure some devices on VLANs 10 and 20 on both the NYCORE1 and the NYACCES1 switch. You will use the following devices, and you will place the ports they are connected to within the appropriate VLAN:
- NYEDGE1 VLAN10
- NYCORE2 VLAN10
- NYWAN1 VLAN 20
- PLABCSCO01 VLAN 20
First, configure the appropriate ports on NYCORE1. Looking at the lab diagram, you can see that port FastEthernet 1/0/1 connects to NYEDGE1 should be on VLAN 10, and FastEthernet 1/0/2 connects to NYWAN1 and should be on VLAN 20.
Connect to NYCORE1 switch and type the following commands (press Enter after each command):
NYCORE1#
configure terminal
NYCORE1(config)#
interface fastethernet 1/0/1
NYCORE1(config-if)#
switchport mode access
NYCORE1(config-if)#
switchport access vlan 10
NYCORE1(config-if)#
exit
NYCORE1(config)#
interface fastethernet 1/0/2
NYCORE1(config-if)#
switchport mode access
NYCORE1(config-if)#
switchport access vlan 20
NYCORE1(config-if)#
exit
NYCORE1(config)#
exit
You will see the following output:
NYCORE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYCORE1(config)#interface fastethernet 1/0/1
NYCORE1(config-if)#switchport mode access
NYCORE1(config-if)#switchport access vlan 10
NYCORE1(config-if)#exit
NYCORE1(config)#interface fastethernet 1/0/2
NYCORE1(config-if)#switchport mode access
NYCORE1(config-if)#switchport access vlan 20
NYCORE1(config-if)#exit
NYCORE1(config)#exit
NYCORE1#
Step 4
Next, configure the appropriate ports on NYACCESS1. Looking at the lab topology, you can see that port FastEthernet 0/23 connects to NYCORE2 and should be on VLAN 10, and FastEthernet 0/1 connects to PLABCSCO01 should be on VLAN 20.
Connect to NYACCESS1 and type the following commands (press Enter after each command):
NYACCESS1#
configure terminal
NYACCESS1(config)#
interface fastethernet 0/23
NYACCESS1(config-if)#
switchport mode access
NYACCESS1(config-if)#
switchport access vlan 10
NYACCESS1(config-if)#
exit
NYACCESS1(config)#
interface fastethernet 0/1
NYACCESS1(config-if)#
switchport mode access
NYACCESS1(config-if)#
switchport access vlan 20
NYACCESS1(config-if)#
exit
NYACCESS1(config)#
exit
You will see the following output:
NYACCESS1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYACCESS1(config)#interface fastethernet 0/23
NYACCESS1(config-if)#switchport mode access
NYACCESS1(config-if)#switchport access vlan 10
NYACCESS1(config-if)#exit
NYACCESS1(config)#interface fastethernet 0/1
NYACCESS1(config-if)#switchport mode access
NYACCESS1(config-if)#switchport access vlan 20
NYACCESS1(config-if)#exit
NYACCESS1(config)#exit
NYACCESS1#
Note: You may have noticed that the VLAN 1 interface has gone down on the NYACCESS switch. This is normal behavior. The VLAN 1 interface is what is known as a Switched Virtual Interface or SVI. Switches, by their very nature, are layer 2 devices and thus do not function with IP addresses. However, it is necessary to connect to them and manage them remotely. IP connectivity is achieved via the SVI. A prerequisite for the SVI to be in an up state is that at least one active port must be on the VLAN of the SVI. Otherwise, the SVI goes down. SVIs are used for other purposes as well, and you can use your favorite search engine to research them further.
Step 5
You are now ready to test your trunk configuration. For your convenience, the following is a list of IP addresses that each device is assigned with as well as the VLAN that you assigned to its port so that you can test connectivity using ping:
- NYEDGE1 – VLAN 10 – 192.168.16.1
- NYWAN1 – VLAN 20 – 192.168.16.2
- NYCORE2 – VLAN 10 – 192.168.16.4
- PLABCSCO01 – VLAN 20 – 192.168.16.10
Before testing, make sure the PLABCSCO01 server is on.
Connect to NYEDGE1 and ping all three other devices. You should only get a response from NYCORE2 which is on the same VLAN.Note: If the NYEDGE1 router appears with the “>” prompt, use the enable command to enter the privileged EXEC mode (#).
Type the following commands (press Enter after each command):
NYEDGE1#
ping 192.168.16.2
NYEDGE1#
ping 192.168.16.4
NYEDGE1#
ping 192.168.16.10
The output will be as follows:
NYEDGE1#ping 192.168.16.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.16.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
NYEDGE1#ping 192.168.16.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.16.4, timeout is 2 seconds:
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 1/1/1 ms
NYEDGE1#ping 192.168.16.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.16.10, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
NYEDGE1#
You only get a response from NYCORE2, which means that the communication can only have occurred over the trunk link between NYACCESS1 and NYCORE1.Note: The lab topology shows that NYCORE2 has two links between it and NYCORE1. For the purposes of this lab, these two links have been shut down to ensure that there is only one path that the NYCORE2 device can take to reach NYEDGE1. You can confirm this by examining the ports on the NYCORE2 switch.
Step 6
Connect to NYWAN1 and ping all three other devices. This time, you should only get a response from PLABCSCO01, which is on the same VLAN.
Type the following commands (press Enter after each command):
NYWAN1#
ping 192.168.16.1
NYWAN1#
ping 192.168.16.4
NYWAN1#
ping 192.168.16.10
You will see the following output:
NYWAN1#ping 192.168.16.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.16.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
NYWAN1#ping 192.168.16.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.16.4, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
NYWAN1#ping 192.168.16.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.16.10, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
NYWAN1#
Once again, you get a response only from PLABCSCO01, which is on the same VLAN. This communication can only have occurred over the trunk link.
You have successfully configured and verified the trunk configuration.
Exercise 3 – Trunk Configuration and Dynamic Trunking Protocol – Part II
In Exercise 1, you partially configured a trunk link between NYCORE1 and NYACCESS1. The configuration was completed on the NYCORE1 side, however, not on the NYACCESS1 side. You configured VTP in Exercise 2 so that NYCORE1 will automatically share its VLANs with NYACCESS1.
Learning Outcomes
After completing this exercise, you will be able to:
- Complete Trunk Configuration
Your Devices
You will be using the following devices in this lab. Please power these on now.
- NYEDGE1 – (Cisco 2911 – Internet Edge Router 1)
- NYWAN1 – (Cisco 2911 – WAN Router)
- NYCORE1 – (Cisco 3750v2 – 24PS – Core Switch 1)
- NYCORE2 – (Cisco 3750v2 – 24PS – Core Switch 2)
- NYACCESS1 – (Cisco 2960-24 – Access Switch 1)
- PLABCSCO01 – (Windows Server 2012 R2 – Cisco Tools Server)
Task 1 – Completing Trunk Configuration
Now that NYACCESS1 has the appropriate VLANs configured, you can finish the trunk configuration.
At the end of Exercise 5, you had successfully configured interface FastEthernet 0/24 on NYACCESS1 as a trunk.
Step 1
Connect to NYACCESS1 and configure the FastEthernet 0/24 interface to allow VLANs 10 and 20.
To do this, type the following commands (press Enter after each command):
NYACCESS1#
configure terminal
NYACCESS1(config)#
interface fastethernet 0/24
NYACCESS1(config-if)#
switchport trunk allowed vlan 10,20
NYACCESS1(config-if)#
exit
NYACCESS1(config)#
exit
You will see the following output:
NYACCESS1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYACCESS1(config)#interface fastethernet 0/24
NYACCESS1(config-if)#switchport trunk allowed vlan 10,20
NYACCESS1(config-if)#exit
NYACCESS1(config)#exit
NYACCESS1#
Step 2
Take a look at the trunk interface with the following command to verify your configuration:
NYACCESS1#
show interface trunk
Press Enter.
You will see the following output:
NYACCESS1#show interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/24 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/24 10,20
Port Vlans allowed and active in management domain
Fa0/24 10,20
Port Vlans in spanning tree forwarding state and not pruned
Fa0/24 10,20
NYACCESS1#
The VLANs have been added successfully to the trunk.Note: When entering commands that allow VLANs on trunks, you are essentially overwriting any previously allowed VLAN configuration. The command removes any other allowed VLANs that may have been configured and allows only those in the command. In order to add allowed VLANs to an already existing list, use this format of the command: switchport trunk allowed vlan add XX where XX is the VLAN ID. Review your course material or use a search engine to research this topic further.
Step 3
In order to test to see if the trunk is successfully passing traffic, you must first configure some devices on VLANs 10 and 20 on both the NYCORE1 and the NYACCES1 switch. You will use the following devices, and you will place the ports they are connected to within the appropriate VLAN:
- NYEDGE1 VLAN10
- NYCORE2 VLAN10
- NYWAN1 VLAN 20
- PLABCSCO01 VLAN 20
First, configure the appropriate ports on NYCORE1. Looking at the lab diagram, you can see that port FastEthernet 1/0/1 connects to NYEDGE1 should be on VLAN 10, and FastEthernet 1/0/2 connects to NYWAN1 and should be on VLAN 20.
Connect to NYCORE1 switch and type the following commands (press Enter after each command):
NYCORE1#
configure terminal
NYCORE1(config)#
interface fastethernet 1/0/1
NYCORE1(config-if)#
switchport mode access
NYCORE1(config-if)#
switchport access vlan 10
NYCORE1(config-if)#
exit
NYCORE1(config)#
interface fastethernet 1/0/2
NYCORE1(config-if)#
switchport mode access
NYCORE1(config-if)#
switchport access vlan 20
NYCORE1(config-if)#
exit
NYCORE1(config)#
exit
You will see the following output:
NYCORE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYCORE1(config)#interface fastethernet 1/0/1
NYCORE1(config-if)#switchport mode access
NYCORE1(config-if)#switchport access vlan 10
NYCORE1(config-if)#exit
NYCORE1(config)#interface fastethernet 1/0/2
NYCORE1(config-if)#switchport mode access
NYCORE1(config-if)#switchport access vlan 20
NYCORE1(config-if)#exit
NYCORE1(config)#exit
NYCORE1#
Step 4
Next, configure the appropriate ports on NYACCESS1. Looking at the lab topology, you can see that port FastEthernet 0/23 connects to NYCORE2 and should be on VLAN 10, and FastEthernet 0/1 connects to PLABCSCO01 should be on VLAN 20.
Connect to NYACCESS1 and type the following commands (press Enter after each command):
NYACCESS1#
configure terminal
NYACCESS1(config)#
interface fastethernet 0/23
NYACCESS1(config-if)#
switchport mode access
NYACCESS1(config-if)#
switchport access vlan 10
NYACCESS1(config-if)#
exit
NYACCESS1(config)#
interface fastethernet 0/1
NYACCESS1(config-if)#
switchport mode access
NYACCESS1(config-if)#
switchport access vlan 20
NYACCESS1(config-if)#
exit
NYACCESS1(config)#
exit
You will see the following output:
NYACCESS1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYACCESS1(config)#interface fastethernet 0/23
NYACCESS1(config-if)#switchport mode access
NYACCESS1(config-if)#switchport access vlan 10
NYACCESS1(config-if)#exit
NYACCESS1(config)#interface fastethernet 0/1
NYACCESS1(config-if)#switchport mode access
NYACCESS1(config-if)#switchport access vlan 20
NYACCESS1(config-if)#exit
NYACCESS1(config)#exit
NYACCESS1#
Note: You may have noticed that the VLAN 1 interface has gone down on the NYACCESS switch. This is normal behavior. The VLAN 1 interface is what is known as a Switched Virtual Interface or SVI. Switches, by their very nature, are layer 2 devices and thus do not function with IP addresses. However, it is necessary to connect to them and manage them remotely. IP connectivity is achieved via the SVI. A prerequisite for the SVI to be in an up state is that at least one active port must be on the VLAN of the SVI. Otherwise, the SVI goes down. SVIs are used for other purposes as well, and you can use your favorite search engine to research them further.
Step 5
You are now ready to test your trunk configuration. For your convenience, the following is a list of IP addresses that each device is assigned with as well as the VLAN that you assigned to its port so that you can test connectivity using ping:
- NYEDGE1 – VLAN 10 – 192.168.16.1
- NYWAN1 – VLAN 20 – 192.168.16.2
- NYCORE2 – VLAN 10 – 192.168.16.4
- PLABCSCO01 – VLAN 20 – 192.168.16.10
Before testing, make sure the PLABCSCO01 server is on.
Connect to NYEDGE1 and ping all three other devices. You should only get a response from NYCORE2 which is on the same VLAN.Note: If the NYEDGE1 router appears with the “>” prompt, use the enable command to enter the privileged EXEC mode (#).
Type the following commands (press Enter after each command):
NYEDGE1#
ping 192.168.16.2
NYEDGE1#
ping 192.168.16.4
NYEDGE1#
ping 192.168.16.10
The output will be as follows:
NYEDGE1#ping 192.168.16.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.16.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
NYEDGE1#ping 192.168.16.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.16.4, timeout is 2 seconds:
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 1/1/1 ms
NYEDGE1#ping 192.168.16.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.16.10, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
NYEDGE1#
You only get a response from NYCORE2, which means that the communication can only have occurred over the trunk link between NYACCESS1 and NYCORE1.Note: The lab topology shows that NYCORE2 has two links between it and NYCORE1. For the purposes of this lab, these two links have been shut down to ensure that there is only one path that the NYCORE2 device can take to reach NYEDGE1. You can confirm this by examining the ports on the NYCORE2 switch.
Step 6
Connect to NYWAN1 and ping all three other devices. This time, you should only get a response from PLABCSCO01, which is on the same VLAN.
Type the following commands (press Enter after each command):
NYWAN1#
ping 192.168.16.1
NYWAN1#
ping 192.168.16.4
NYWAN1#
ping 192.168.16.10
You will see the following output:
NYWAN1#ping 192.168.16.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.16.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
NYWAN1#ping 192.168.16.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.16.4, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
NYWAN1#ping 192.168.16.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.16.10, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
NYWAN1#
Once again, you get a response only from PLABCSCO01, which is on the same VLAN. This communication can only have occurred over the trunk link.
You have successfully configured and verified the trunk configuration.
Comments