Pages

Wednesday, March 24, 2010

EtherChannel, Trunking, VTP, VLANs and Access port - GNS3 and VPCs

mentor_vlan



























we'll start with setup EtherChannel between S1 and S2
use the range for of the interface for easy setup
S1(config)#interface rang fa 1/14 - 15
S1(config-if-range)#channel-group 1 mode on

Creating a port-channel interface Port-channel1
*Mar  1 00:23:53.623: %EC-5-BUNDLE: Interface Fa1/14 joined port-channel Po1
*Mar  1 00:23:53.683: %EC-5-BUNDLE: Interface Fa1/15 joined port-channel Po1
*Mar  1 00:23:56.579: %LINEPROTO-5-UPDOW
we getting this feedback on the screen, indicating that this EtherChannel is up.
we have created a virtual interface of EtherChannel called Port-Channel1, or Po1
let's verify this by show etherchannel summary, here you can more detail such as interfaces that intercipated in this group
S2#show etherchannel summary
Flags:  D - down        P - in port-channel
        I - stand-alone s - suspended
        R - Layer3      S - Layer2
        U - in use
Group Port-channel  Ports
-----+------------+-----------------------------------------------------------
1     Po1(SU)     Fa1/14(P)  Fa1/15(P)
now our EtherChannel are ready, let's create a trunk across this EtherChannel to carry the VLAN between both switches.
first we'll define the format or encapsulation of trunk, we are using dot1q
then we configure the mode of the port/interface to be in trunk mode
S1(config)#interface port-channel 1
S1(config-if)#switchport trunk encapsulation dot1q
S1(config-if)#switchport mode trunk
conf on SW2 also
now let's verify we do have our trunk setup
S2#show interfaces trunk
Port      Mode         Encapsulation  Status        Native vlan
Po1       on           802.1q         trunking      1
Port      Vlans allowed on trunk
Po1       1-1005
Port      Vlans allowed and active in management domain
Po1       1
Port      Vlans in spanning tree forwarding state and not pruned
Po1       1
now that we have trunk, next we create VTP Domain to centralize the VLANs management.
to make sure each switch can exchange the VLAN database, the VTP domain name must be the same, we'll also add password to it for more security
SW1 will be the server, while SW2 are the client, every VLAN created in server will advertised to the client.
S1#vlan database
S1(vlan)#vtp domain lab
Changing VTP domain name from NULL to lab
S1(vlan)#vtp server
S1(vlan)#vtp password cisco
Setting device VLAN database password to cisco.
S1(vlan)#
S2(vlan)#vtp domain lab
S2(vlan)#vtp client
Setting device to VTP CLIENT mode.
S2(vlan)#vtp password cisco
Setting device VLAN database password to cisco.
S2(vlan)#
now let's create a few VLAN on VTP server to see is it successfully propagated accross the trunk
S1(vlan)#vlan 10 name IT
VLAN 10 modified:
    Name: IT
S1(vlan)#vlan 20 name Eng
VLAN 20 added:
    Name: Eng
show vlan-switch to make sure it's created an exist on both SW1 and Sw2
S1#show vlan-switch
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa1/0, Fa1/1, Fa1/2, Fa1/3
                                                Fa1/4, Fa1/5, Fa1/6, Fa1/7
                                                Fa1/8, Fa1/9, Fa1/10, Fa1/11
                                                Fa1/12, Fa1/13
10   IT                               active
20   Eng                              active
...
S2#show vlan-switch
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa1/0, Fa1/1, Fa1/2, Fa1/3
                                                Fa1/4, Fa1/5, Fa1/6, Fa1/7
                                                Fa1/8, Fa1/9, Fa1/10, Fa1/11
                                                Fa1/12, Fa1/13
10   IT                               active
20   Eng                              active
yes, now we are confimed that SW2 learn all the VLANs from SW1.
ok, now we'll configure the access port for IT and Eng
S1(config)#interface fastEthernet 1/0
S1(config-if)#switchport access vlan 10
S1(config)#interface fastEthernet 1/1
S1(config-if)#switchport access vlan 20
S2(config)#interface fastEthernet 1/0
S2(config-if)#switchport access vlan 10
S2(config)#interface fastEthernet 1/1
S2(config-if)#switchport access vlan 20
make sure all those port are fall into their right VLAN accordingly, use show vlan-switch
S2#show vlan-switch
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa1/2, Fa1/3, Fa1/4, Fa1/5
                                                Fa1/6, Fa1/7, Fa1/8, Fa1/9
                                                Fa1/10, Fa1/11, Fa1/12, Fa1/13
10   IT                               active    Fa1/0
20   Eng                              active    Fa1/1
now it's time to test the connectivity, IT pc should be able to access IT server, so do the Eng
configure ip address on VPCS as below (just put any address for the gateway, we don't need it yet because in this lab we don't do routing between different VLAN)
IT pc : 192.168.10.1
Eng pc : 192.168.20.1
IT server : 192.168.10.100
Eng server : 192.168.20.100
VPCS 1 >ip 192.168.10.1 192.168.10.99 24
PC1 : 192.168.10.1 255.255.255.0 gateway 192.168.10.99
VPCS 1 >2
VPCS 2 >ip 192.168.20.1 192.168.20.99 24
PC2 : 192.168.20.1 255.255.255.0 gateway 192.168.20.99
VPCS 2 >3
VPCS 3 >ip 192.168.10.100 192.168.10.99 24
PC3 : 192.168.10.100 255.255.255.0 gateway 192.168.10.99
VPCS 3 >4
VPCS 4 >ip 192.168.20.100 192.168.20.99 24
PC4 : 192.168.20.100 255.255.255.0 gateway 192.168.20.99
make sure all machine in the same VLAN can ping to each other
VPCS 1 >ping 192.168.10.100
192.168.10.100 icmp_seq=1 time=47.804 ms
192.168.10.100 icmp_seq=2 time=27.366 ms
192.168.10.100 icmp_seq=3 time=11.526 ms
192.168.10.100 icmp_seq=4 time=15.531 ms
192.168.10.100 icmp_seq=5 time=21.648 ms
VPCS 2 >ping 192.168.20.100
192.168.20.100 icmp_seq=1 time=40.551 ms
192.168.20.100 icmp_seq=2 time=16.720 ms
192.168.20.100 icmp_seq=3 time=34.366 ms
192.168.20.100 icmp_seq=4 time=16.558 ms
192.168.20.100 icmp_seq=5 time=49.387 ms
if you try to ping to another VLAN, should receive this error because we don't configure any inter-VLAN routing
VPCS 1 >ping 192.168.20.1
host (192.168.10.99) not reachable

9 comments:

  1. Hi,
    I have a question for u.
    I ve seen that u ve created the etherchannel and u put encapsulation and switchport mode trunk commands under port channel.
    But we can also do it under interface range commands which we use to create channel-group.What i meant to say, can we use the following configuration to create etherchannel without configuring anything under port channel interface.

    interface range fa1/14 - 15
    switchport trunk encap dot1q
    switchport mode trunk
    channel-group 1 mode on

    .............
    please do reply as early as possible.
    thnxx

    ReplyDelete
  2. Hi
    it is possible with GNS3 to make etherchannel Layer 3 ?
    for example to join to a core layer and applied routing.

    thanks in advanced
    Arturo from Chile

    ReplyDelete
  3. Which router and IOS u r using for R1 and R2 in the figure....???

    ReplyDelete
  4. @Arturo - yes, you can

    @Riaz - i'm not really remember, but it should be 3600 or 3700 series, w/ 12.4 IOS . but the most important part is, you need to add switch module to it to make it work as a L3 switch

    ReplyDelete
  5. Which module do I need to add, to have layer 3 ?

    ReplyDelete
  6. GNS3 doesn't support layer 3 etherchannel.

    ReplyDelete
  7. budy, what IOS and Switch Module did you use to create this L2 Etherchannel ? thanks in advance..

    ReplyDelete
  8. L2 Etherchannel can be created on GNS3 using c3640-jk9s-mz.124-16.bin IOS. L3 doesn't work since channel-group command doesn't show up on a routed interface.

    ReplyDelete