5/1 al 27/1 del 2010, Academia local Cisco, Rosario
Instructor: Ernesto Vilarrasa
Administración / Spanning tree /
VLAN / Wireless
LAN / Seguridad
Parte 2
Expansión de la red:
Supongamos debemos escalar nuestra red a mas dispositivos mediante otro switch, hasta el momento nuestra
configuración VLAN es:
SW_1#sh vlan
VLAN Name Status Ports
---- -------------------------------- ---------
-------------------------------
1
default
active Fa0/21
10 vlan10 active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
20 vlan20 active Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16,
Fa0/17, Fa0/18
Fa0/19, Fa0/20
30 seguridad active
Fa0/22, Fa0/23, Fa0/24, Gig1/1, Gig1/2
Agregamos un nuevo switch,
cuyo port de uplink es Gig 1/1 ( otra opción sería un port uplink por
cada Vlan ):
SW_1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW_1(config)#int gi 1/1
SW_1(config-if)#switchport
mode trunk definimos la encapsulación como 802.1q
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1,
changed state to up
SW_1(config-if)#end
VLAN Name Status Ports
---- -------------------------------- ---------
-------------------------------
1
default
active Fa0/21
10 vlan10 active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6,
Fa0/7, Fa0/8
Fa0/9, Fa0/10
20 vlan20 active Fa0/11, Fa0/12,
Fa0/13, Fa0/14
Fa0/15, Fa0/16,
Fa0/17, Fa0/18
Fa0/19, Fa0/20
30 seguridad active Fa0/22, Fa0/23, Fa0/24, Gig1/2
En la vlan 30 ya no pertenece la interface Gig 1/1
Verificamos:
SW_1#show runn
---resumido----
interface FastEthernet0/23
switchport access vlan 30
!
interface FastEthernet0/24
switchport access vlan 30
!
interface
GigabitEthernet1/1
switchport mode trunk Este port
aparece como TRUNK y por lo tanto, pasarán datos de todas las vlan
!
interface GigabitEthernet1/2
switchport access vlan 30
!
---resumido----
SW_1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW_2(config)#int gig 1/1
SW_2(config-if)#switchport
mode trunk definimos la encapsulación como 802.1q
SW_2(config-if)#end
SW_2#
%SYS-5-CONFIG_I: Configured from console by console
SW_2#sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig1/2 la interface Gig 1/1 ya no pertenece a la
vlan 1
Ahora, deberíamos configurar las vlan en el nuevo SW_1,
ó, configurar un protocolo de intercambio de
información inter-vlan:
SW_1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW_1(config)#vtp
domain cisco definimos un dominio VTP
Domain name already set to cisco.
SW_1(config)#vtp
pass cisco definimos un password de autenticación
Setting device VLAN database password to cisco
SW_1(config)#^Z
SW_1#
SW_2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW_2(config)#vtp
domain cisco definimos un dominio VTP
Changing VTP domain name from NULL to cisco
SW_2(config)#vtp
mode client definimos el modo de trabajo ( por default el modo es server )
Setting device to VTP CLIENT mode.
SW_2(config)#vtp
pass cisco definimos un password de autenticación
Setting device VLAN database password to cisco
SW_2(config)#end
SW_2#sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig1/2
10 vlan10 active se autoconfiguraron las vlan a travez de
VTP
20 vlan20 active
30 seguridad active
SW_2#show vtp status verificamos VTP
VTP Version : 2
Configuration Revision : 7
Maximum VLANs supported locally : 255
Number of existing VLANs : 8
VTP Operating Mode : Client
VTP Domain Name : cisco
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x04 0x1E 0x9D 0x97
0x1D 0x3D 0xF2 0x7C
Configuration last modified by 0.0.0.0 at 3-1-93 00:02:08
SW_2#
Para verificar el funcionamiento de VTP,
creamos una nueva vlan:
SW_1(config)#vlan 50 SW_1(config-vlan)#name
pruebas
SW_1(config-vlan)#end
SW_1#
SW_2#sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig1/2
10 vlan10 active
20 vlan20 active
30 seguridad active
50 pruebas active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
SW_2#show vtp status verificamos
VTP
VTP Version : 2
Configuration
Revision : 9 verificamos el aumento de revisión VTP
Maximum VLANs supported locally : 255
Number of existing VLANs : 9
VTP Operating Mode : Client
VTP Domain Name : cisco
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x6B 0x99 0x77 0xA6 0x98 0xAF 0xCB 0xCB
Configuration last modified by 0.0.0.0 at 3-1-93 00:32:43
SW_2#
Hasta el momento NO tenemos comunicación entre las
distintas vlan.
Diferencias de configuración
para la línea Catalyst 2950:
sw4#vlan database
sw4(vlan)#vtp domain cisco
Changing VTP domain name from NULL
to cisco
sw4(vlan)#vtp client
Setting device to VTP CLIENT mode.
sw4(vlan)#vtp pass cisco
Setting device VLAN database
password to cisco.
sw4(vlan)#exit
In CLIENT state, no apply
attempted.
Exiting....
sw4#sh vlan
VLAN Name Status Ports
----
-------------------------------- --------- -------------------------------
1 default active
Fa0/1, Fa0/2, Fa0/3, Fa0/4,
Fa0/5, Fa0/6, Fa0/7, Fa0/8,
Fa0/9, Fa0/10, Fa0/11
10 vlan10
active
20 vlan20
active
30 vlan30
active
40 vlan40
active
60 vlan60
active
--More--
sw4#
www.vilarrasa.com.ar
(2010)
Rosario, Argentina