Multi-Layer Switching, Routed and SVI Interfaces

Daniel Morgan 28th October, 2011 Mr. Pete Marino Net 272 Lab 7

This lab covered several main topics involved in multilayer switching and a small portion of routing protocols. The main focus used port manipulations and creating routed and SVI interfaces on several layer 3 switches. This was all meshed together with inter-VLAN routing in the Distribution switches which provided redundancy between the Core and the Access layer. This lab required at least 4 multilayer switches, one router and 3 layer 2 switches along with 6 workstations. All connections ran through Ethernet cables. All Layer 3 interfaces utilized EIGRP as the dynamic routing protocol with the router working as an ISP whose loopback provided the final gateway. Full connectivity between the VLAN's 1,100,200,300 finalized the lab along with monitoring of routing, modified interfaces, and traffic flow. As far as the initial configuration went, it was pretty similar to previous ones. Although this was a larger topology the setup remained relatively similar. Starting with connecting the devices with crossover cables between like devices and straight through for those leading to the workstations and router. Al packets were encapsulated with Ethernet protocols. To improve efficiency the Core routers used an aggregated EtherChannel connection with 2 links bundled leading to the Router from Core 2. This lab consisted of 3 working VLAN's: Engineering (100), Marketing(200), and Finance(300). The links between the Access layer and Distribution layer were all truncated via 802.1q. The first Figure displays a full visual diagram of the topology, included are the IP addressing required for connectivity of all ports. Figure 7-1

The next Figure lays in detail the configuration commands required from scratch to connectivity of inter-VLAN's. Figure 7-2
(SHOW RUN of DS1/DS2)
**VTP Conf. DS1(config)#vtp mode client DS1(config)#vtp domain cisco Changing VTP domain name from lab to cisco DS1(config)#vtp pass cisco Setting device VLAN database password to cisco **Sho run interface FastEthernet0/1 no switchport ip address 172.1.0.45 255.255.255.252 ! interface FastEthernet0/2 no switchport ip address 172.1.0.41 255.255.255.252 ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/14 ! interface FastEthernet0/15 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/16 ! interface FastEthernet0/17 switchport trunk encapsulation dot1q switchport mode trunk ! interface Vlan1 ip address 172.1.0.3 255.255.255.240 ! interface Vlan100 ip address 172.1.0.17 255.255.255.248 ! interface Vlan200 ip address 172.1.0.25 255.255.255.248 ! interface Vlan300 ip address 172.1.0.33 255.255.255.248 ***DS2_3560_5(config)#ip routing DS1(config)#ip routing

(ACCESS LAYER COMMANDS)

ACC2_2960_2(config)#interface vlan 1 ACC2_2960_2(config-if)#ip address 172.1.0.6 255.255.255.240 ACC2_2960_2(config)#ip default-gateway 172.1.0.3 interface FastEthernet0/1 switchport access vlan 100 switchport mode access spanning-tree portfast !

interface FastEthernet0/2 switchport access vlan 300 switchport mode access spanning-tree portfast ACC2_2960_2(config)#do sho int trunk Port Fa0/15 Fa0/16 Port Fa0/15 Mode on on Encapsulation 802.1q 802.1q Status trunking trunking Native vlan 1 1

Vlans allowed on trunk 1,100,200,300

(CORE SWITCHES)
Core1_3560_6(config)#do show run interface Port-channel2 no switchport ip address 172.1.0.57 255.255.255.252 interface FastEthernet0/1 no switchport no ip address channel-group 2 mode active ! interface FastEthernet0/2 no switchport no ip address channel-group 2 mode active ! interface FastEthernet0/3 no switchport ip address 172.1.0.50 255.255.255.252 ! interface FastEthernet0/4 no switchport ip address 172.1.0.42 255.255.255.252 ! interface Vlan1 ip address 172.1.0.1 255.255.255.240

Although many of these commands entered into the switches were CCNA level or learned in previous CCNP labs, they added a twist of challenge since they were performed on layer 3 systems which required certain commands to ensure operation like the Ip routing command that tells the switch to perform layer 3 functions. The 3560 switches assume they are full switches until this command wakes them up. Inter-VLAN routing using Switch Virtual Interfaces has far exceeded the use of using Router on a stick implementations for its hardware-based speeds. Instead of requiring an an actual interface to be used and trunk lines like a router it only requires specific VLAN's enabled with IP addresses corresponding to them. Although there are many benefits using L3 devices such as increased packet flow/bandwidth the main disadvantage is providing funds for an expensive device. After the SVI's were created to manage the Acces switches and their corresponding VLAN's the links between the Distribution and Core Switches needed to be address and the Router. The solution to integrate both the switches and routers to have routes between one another was using Cisco's routing protocol EIGRP. Although its beyond the scope of this lab to explain EIGRP this link provided will allow for further research: (http://en.wikipedia.org/wiki/Enhanced_Interior_Gateway_Routing_Protocol) When configuring the 3560 switches for routing they assume they switchports and must be reconfigured to route. When entering the interfaces the command no switchport is required, followed by the IP address and possibly no shut. After the Distribution and Core switches were

configured for routing the 2 links between the Core switches needed an Layer 3 EtherChannel initiated. The process is relatively similar to setting up a layer 2 EtherChannel yet requires an Ip address on either side of the switches to act as the Aggregated Interface. This next Figure show's an example of the process. Figure 7-3 (Example Router) Router# configure terminal
Router(config)# interface port-channel 1 Router(config-if)# ip address 172.32.52.10 255.255.255.0 Router(config-if)# end

Router# configure terminal

Router(config)# interface range fastethernet 5/6 -7 Router(config-if)# channel-group 2 mode desirable Router(config-if)# end
Core1_3560_6#show etherchannel sum Flags: D - down P - in port-channel Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------2 Po2(RU) LACP Fa0/1(P) Fa0/2(P)

This lab required EIGRP setup with the discretion for the teams to assign autonomous system numbers along with the IP addressing that was already created early on. Figure 7-4 displays the commands written to achieve this as well as full access to every port in the network. Figure 7-4 (EIGRP)
(Setup) Core1_3560_6# router eigrp 1 network 172.1.0.0 0.0.0.15 network 172.1.0.40 0.0.0.3 network 172.1.0.48 0.0.0.3 network 172.1.0.56 0.0.0.3 auto-summary (Convergence) 172.1.0.0/16 is variably subnetted, 9 subnets, 3 masks D 172.1.0.44/30 [90/30720] via 172.1.0.41, 00:04:15, FastEthernet0/4 C 172.1.0.40/30 is directly connected, FastEthernet0/4 D 172.1.0.32/29 [90/28416] via 172.1.0.49, 00:04:15, FastEthernet0/3 [90/28416] via 172.1.0.41, 00:04:15, FastEthernet0/4 C 172.1.0.56/30 is directly connected, Port-channel2 D 172.1.0.52/30 [90/30720] via 172.1.0.49, 00:04:15, FastEthernet0/3 C 172.1.0.48/30 is directly connected, FastEthernet0/3 D 172.1.0.0/28 [90/28416] via 172.1.0.49, 00:04:16, FastEthernet0/3 [90/28416] via 172.1.0.41, 00:04:16, FastEthernet0/4 D 172.1.0.24/29 [90/28416] via 172.1.0.49, 00:04:16, FastEthernet0/3 [90/28416] via 172.1.0.41, 00:04:16, FastEthernet0/4 D 172.1.0.16/29 [90/28416] via 172.1.0.49, 00:04:16, FastEthernet0/3 [90/28416] via 172.1.0.41, 00:04:16, FastEthernet0/4 Core1_3560_6#ping 172.1.0.41 (Pings) Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.1.0.41, timeout is 2 seconds: !!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms Core1_3560_6#ping 172.1.0.49 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.1.0.49, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms Core1_3560_6#ping 172.1.0.58 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.1.0.58, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms Core1_3560_6#

Lastly after the multilayer network was finished with configurations it was time to monitor the operations of spanning-tree and EIGRP neighbor relationships. The Distribution switches would show their SVI interfaces and their routed interfaces performing required tasks. When looking at several parts of this lab topology it would appear from an untrained eye that its very redundant in the event of link failures yet there is one key link that holds the gateway to the external networks. Although this network is highly reliable for local connections there is only one link leaving Core 2 that reaches the ISP router. In the event that a bulldozer disrupts this line all access is lost. Figure 7-5 displays the monitoring commands used at various parts of the network. In conclusion there is a lack or redundancy or lack of HSRP integreated. Figure 7-5 (Spanning-tree)
ACC2_2960_2#sho spanning-tree active VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Port 15 (FastEthernet0/15) VLAN0100 Spanning tree enabled protocol ieee Root ID Priority 32868 Address 0018.ba12.4f00 Port 15 (FastEthernet0/15) DS1#sh span VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0018.ba12.4f00 This bridge is the root VLAN0100 Spanning tree enabled protocol ieee Root ID Priority 32868 Address 0018.ba12.4f00 This bridge is the root

(SVI & Routed Int.)

DS1# sh int vlan100 Vlan100 is up, line protocol is up Hardware is EtherSVI, address is 0018.ba12.4f41 (bia 0018.ba12.4f41)<-Notice the SVI HW Internet address is 172.1.0.17/29

DS2_3560_5#show ip int f0/1 FastEthernet0/1 is up, line protocol is up Internet address is 172.1.0.49/30 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Multicast reserved groups joined: 224.0.0.10 <--Shows this is using EIGRP routing

(EIGRP Neighbor, Top)

Core1_3560_6#show ip eigrp ne IP-EIGRP neighbors for process 1 H Address Interface 0 1 172.1.0.41 172.1.0.49 Fa0/4 Fa0/3 Hold Uptime SRTT (sec) (ms) 12 00:06:57 17 14 00:09:32 552 Q Cnt 200 0 3312 0 RTO Seq Type Num 48 68

Core1_3560_6#show ip eigrp int IP-EIGRP interfaces for process 1 Interface Fa0/4 Fa0/3 Po2 Vl1 Peers 1 1 0 0 Xmit Queue Un/Reliable 0/0 0/0 0/0 0/0 Mean SRTT 17 552 0 0 Pacing Time Un/Reliable 0/1 0/1 0/1 0/1 Multicast Flow Timer 50 2756 0 0 Pending Routes 0 0 0 0

Core1_3560_6#show ip eigrp top IP-EIGRP Topology Table for AS(1)/ID(172.1.0.57) Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - reply Status, s - sia Status P 172.1.0.44/30, 2 successors, FD is 30720 via 172.1.0.58 (30720/28160), Port-channel2 via 172.1.0.41 (30720/28160), FastEthernet0/4 via 172.1.0.49 (30976/28416), FastEthernet0/3 P 172.1.0.40/30, 1 successors, FD is 28160 via Connected, FastEthernet0/4 P 172.1.0.32/29, 2 successors, FD is 28416 via 172.1.0.49 (28416/2816), FastEthernet0/3 via 172.1.0.41 (28416/2816), FastEthernet0/4 P 172.1.0.60/30, 1 successors, FD is 30720 via 172.1.0.58 (30720/28160), Port-channel2