Xem mẫu

CertificationZone Page 1 of 5 Date of Issue: 05-01-2001 Lab Exercise 2: Inter-VLAN Routing and Multi-layer Switching by Dan Farkas Introduction Equipment Initial Configuration Part 1: Inter-VLAN Routing Goals Task List Solutions - Part 1 Answers Configurations Part 2: Multi-Layer Switching Goals Task List Solutions - Part 2 Answers Configurations Introduction This is the second lab exercise and should be attempted only after completing the first lab exercise. This lab has two parts. In the first part, a link is configured as an ISL trunk and then inter-VLAN routing is configured. In the second part, Multi-layer Switching is configured and an access list is added. Equipment ● Two Catalyst 5xxx or 6xxx switches with Fast EtherChannel-capable line cards and Supervisor Engine III, FSX, or III FLX module Supervisor engine software Release 4.1(1) or later, NetFlow Feature Card (NFFC), or NFFC II ● Three PCs with NIC cards ● One Cisco 3620, 3640, 7500, 7200, 4500, or 4700 series router with Cisco IOS router software Release 11.3 (2)WA4(4) or later and a Fast Ethernet interface. Initial Configuration http://www.certificationzone.com/studyguides.../?Issue=36&IssueDate=05-01-2001&CP= 11/06/01 CertificationZone Page 2 of 5 Device Switch A Switch B PC-1 PC-2 PC-3 Router IP Addresses 10.1.1.1/24 10.1.1.2/24 10.2.1.1/24 10.2.1.2/24 10.3.1.2/24 VLAN 1 - 10.1.1.254/24 VLAN 2 - 10.2.1.1.254/24 VLAN 3 - 10.3.1.1.254/24 VTP Domain: lab VLAN 1 name: vlan1 VLAN 2 name: vlan2 VLAN 3 name : vlan3 Warning: We assume that Lab Exercise 1 has been completed. If not go back and do it now. Part 1: Inter-VLAN Routing Goals Reconfigure the link between the router and Switch A to be an ISL trunk. Configure inter-VLAN routing on the router. Test with pings. Any device should be able to ping any other device. Task List 1. On the PCs a. Configure appropriate default gateways. 2. On Switch A a. Configure the link that connects to the router with the set trunk on command. b. Use the set ip route default command to set up a default gateway. 3. On Switch B a. Use the set ip route default command to set up a default gateway 4. On the router a. Remove the interface configuration from lab exercise 1. b. Configure and address a sub-interface for each VLAN. http://www.certificationzone.com/studyguides.../?Issue=36&IssueDate=05-01-2001&CP= 11/06/01 CertificationZone Page 3 of 5 5. Ping between devices. Do intra-VLAN pings work? Do inter-VLAN pings work? If any pings fail, something is not right in your configuration. Solutions - Part 1 Answers 5) All pings should work. Configurations {Note: x/y represents slot and port numbers. On the router, 0/0 should be the actual slot and port numbers.} SwitchA(enable)set ip default route 10.1.1.254 SwitchA(enable)set trunk x/y on SwitchB(enable)set ip default route 10.1.1.254 Router(config)#int fa0/0 Router(config-if)#no ip address Router(config-if)#int fa 0/0.1 Router(config-subif)#ip address 10.1.1.254 255.255.255.0 Router(config-subif)#encapsulation isl 1 Router(config-subif)#int fa 0/0.2 Router(config-subif)#ip address 10.2.1.254 255.255.255.0 Router(config-subif)#encapsulation isl 2 Router(config-subif)#int fa 0/0.3 Router(config-subif)#ip address 10.3.1.254 255.255.255.0 Router(config-subif)#encapsulation isl 3 Part 2: Multi-Layer Switching Goals Configure Multi-layer Switching on the router, Switch A, and Switch B. Ping between PC-2 and PC-3. Use show commands to verify MLS operations. Add an access list to the router. Verify a change in flow masks with show commands. Task List 1. On Switch A and Switch B a. Use the set mls enable and set mls include commands to configure MLS. 2. On the router a. Use the mls rp ip, mls rp vtp-domain, and mls rp ip management-interface commands to configure MLS. Make the VLAN 1 interface the management interface. 3. Ping between devices. Do intra-VLAN pings still work? Do inter-VLAN pings still work? If any pings fail, something is not right in your configuration. 4. Wait 256 seconds for all flows to age out of the MLS cache on the switch. 5. Start a continuous stream of pings between PC-2 and PC-3. a. Use the show mls rp command on the router and the show mls entry command on Switch B to verify MLS operation. Note the cache entries on the switch. http://www.certificationzone.com/studyguides.../?Issue=36&IssueDate=05-01-2001&CP= 11/06/01 CertificationZone Page 4 of 5 6. Stop the pings. 7. On the router a. Create Access List 101 with the command access-list 101 permit ip any any. b. Apply it to all sub-interfaces as an outbound access list. c. Use the show mls rp command on the router and the show mls entry command on Switch B to verify MLS operation. Note the cache entries on the switch. Notice any differences? 8. Start a continuous stream of pings between PC-2 and PC-3. a. Use the show mls rp command on the router and the show mls entry command on Switch B to verify MLS operation. Note the cache entries on the switch. Notice any differences? Solutions - Part 2 Answers 3) Yes, all pings should still work 5a) The show mls rp should show you that: • mls is globally enabled • the vtp-domain is lab • the flow mask is destination-ip The show mls entry should show flows from 10.2.1.2 to 10.3.1.2 and from 10.3.1.2 to 10.2.1.2 7c) The show mls rp should show you that the flow mask is source-destination-ip. The show mls entry should show that the cache is empty because the access-list was applied and created MLSP purge messages. 8a) The show mls entry should show flows from 10.2.1.2 to 10.3.1.2 and from 10.3.1.2 to 10.2.1.2 Configurations SwitchA(enable)set mls enable SwitchA(enable)set mls include 10.1.1.254 SwitchB(enable)set mls enable SwitchB(enable)set mls include 10.1.1.254 Router(config)#mls rp ip Router(config)#int fa 0/0.1 Router(config-subif)#mls rp vtp-domain lab Router(config-subif)#mls rp ip Router(config-subif)#mls rp ip management-interface Router(config-subif)#int fa 0/0.2 Router(config-subif)#mls rp vtp-domain lab Router(config-subif)#mls rp ip Router(config-subif)#int fa 0/0.3 Router(config-subif)#mls rp vtp-domain lab Router(config-subif)#mls rp ip Router(config-subif)#exit Router(config)#access-list 101 permit ip any any Router(config)#int fa 0/0.1 Router(config-subif)#ip access-group 101 http://www.certificationzone.com/studyguides.../?Issue=36&IssueDate=05-01-2001&CP= 11/06/01 CertificationZone Page 5 of 5 Router(config-subif)#int fa 0/0.2 Router(config-subif)#ip access-group 101 Router(config-subif)#int fa 0/0.3 Router(config-subif)#ip access-group 101 [IE-LANS2-LS2-F04] [2001-04-20-02] Copyright © 2001 Genium Publishing Corporation ... - tailieumienphi.vn
nguon tai.lieu . vn