CCIE Pursuit Blog

June 3, 2008

Configuring VLAN Assignments from the Network Diagram

Filed under: Cisco,Cisco Certification,IOS,Lab Tips,Switching — cciepursuit @ 8:58 am
Tags: , ,

In many of the Internetwork Expert labs you are asked to create VLAN assignments based on the information in the network diagram.  Here is my two step process for accomplishing that task.

1) Issue ‘show ip int br | e ass’ command and look for SVIs and routed ports. 

Rack22SW1#sh ip int br | e ass
Interface              IP-Address      OK? Method Status                Protocol
Vlan7                  155.22.7.7      YES manual down                  down
Vlan67                 155.22.67.7     YES manual down                  down
Vlan79                 155.22.79.7     YES manual down                  down
FastEthernet0/13
        155.22.37.7     YES manual up                    up
Loopback0              150.22.7.7      YES manual up                    up

For SVIs, if they are down then add the appropriate VLANs:

Rack22SW1(config)#vlan 7,67,79
Rack22SW1(config-vlan)#exit

Wait a bit while STP comes up and then verify that the SVIs come up (you should be using this time to start on step 2):

00:37:29: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan7, changed state to up
00:37:29: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan67, changed stateto up
00:37:29: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan79, changed stateto up

Rack22SW1(config-if)#do sh ip int br | e ass
Interface              IP-Address      OK? Method Status                Protocol
Vlan7                  155.22.7.7      YES manual up                    up
Vlan67                 155.22.67.7     YES manual up                    up
Vlan79
                 155.22.79.7     YES manual up                    up
FastEthernet0/13        155.22.37.7     YES manual up                    up
Loopback0              150.22.7.7      YES manual up                    up

For the routed ports, find out what port the other side of the link terminates on (‘show cdp neighbor’ or check physical wiring diagram).  If it is a router or another routed switchport, then just verify the IP address and make sure that the port is up.  IF it is a layer 2 switchport, then you will need to add the VLAN to that switchport.  For instance, if sw1 fa0/13 is a routed switchport in VLAN 123:

Rack22SW1(config)#do sh run int fa0/13
Building configuration…

Current configuration : 88 bytes
!
interface FastEthernet0/13
 no switchport
 ip address 155.22.123.7 255.255.255.0

end

Rack22SW1(config)#do sh cdp neigh fa0/13
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
                  S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone

Device ID            Local Intrfce         Holdtme   Capability    Platform   Port ID
Rack22SW2           Fas 0/13              161            S I      WS-C3560-2Fas0/13

Rack22SW2(config)#int fa0/13
Rack22SW2(config-if)#switch access vlan 123
% Access VLAN does not exist. Creating vlan 123

2) Using the physical wiring diagram and/or CDP, find the ports that connect to the routers:

Rack22SW1(config)#do sh cdp neigh | e SW
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
                  S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone

Device ID            Local Intrfce         Holdtme   Capability    Platform   Port ID
Rack22R1            Fas 0/1               169           R S I     2610XM    Fas0/0
Rack22R3            Fas 0/3               170           R S I     2611XM    Fas0/0
Rack22R5            Fas 0/5               169           R S I     2611XM    Fas0/0

Using the network topology find out which VLAN each router port is in and assign the appropriate VLAN to the interface [NOTE: I like to look at the configuration of each switchport before configuring them just in case there is something funky from the initial configuration].  In this case, r1 fa0/0 is in VLAN 146 and r5 fa0/0 is in VLAN 58. sw1 fa0/3 is a routed IP interface so we can leave it alone.]

Rack22SW1(config)#int fa0/1
Rack22SW1(config-if)#sw ac vla 146
% Access VLAN does not exist. Creating vlan 146

Rack22SW1(config-if)#do sh run int fa0/3
Building configuration…

Current configuration : 86 bytes
!
interface FastEthernet0/3
 no switchport
 ip address 155.22.37.7 255.255.255.0

end

Rack22SW1(config-if)#int fa0/5
Rack22SW1(config-if)#sw ac vla 58
% Access VLAN does not exist. Creating vlan 58

Once you are done you should verify your layer 2 configuration by pinging across each VLAN (assuming that all trunking has been built).  If your pings fail, check your layer 2 transit path as well as the other endpoint’s interface (I’ve wasted much labtime troubleshooting my L2 network only to discover that the router port is shutdown).  You can also verify your access VLAN configuration with the following command (assuming all links are FastEthernet):

Rack22SW1#sh vlan br | i Fa
1    default                          active    Fa0/2, Fa0/4, Fa0/6, Fa0/7
                                                Fa0/8, Fa0/9, Fa0/10, Fa0/11
                                                Fa0/12, Fa0/22, Fa0/23, Fa0/24
58   VLAN0058                         active    Fa0/5
146  VLAN0146                         active    Fa0/1

Anyhoo…I hope that this helps.  I’ll return to “full blogging mode” tonight.

Advertisements

4 Comments »

  1. friends i have a doute

    there are two switches S1 and S2

    s1 and s2 are connected through etherchanel trunk link(lacp)

    a router is connected to S1s fast 0/8

    R6

    interface Ethernet0/1
    no ip address
    half-duplex
    !
    interface Ethernet0/1.77
    encapsulation dot1Q 17 native
    ip address 200.200.200.1 255.255.255.0

    SW1

    interface FastEthernet0/8
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 17
    switchport mode trunk
    switchport nonegotiate

    interface range FastEthernet0/1-2
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 17
    switchport mode trunk
    channel-group 23 mode active

    interface Port-channel23
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 17
    switchport mode trunk

    SW2

    interface FastEthernet0/8
    switchport access vlan 17

    interface range FastEthernet0/1-2
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 17
    switchport mode trunk
    channel-group 23 mode active

    interface Port-channel23
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 17
    switchport mode trunk

    R3

    interface Ethernet0/1
    ip address 200.200.200.2 255.255.255.0
    no sh

    Comment by vivek — June 4, 2008 @ 12:29 am | Reply

  2. hello friends , MY problem is with native vlan

    2 routers and 2 switches
    ————————————————
    I want to ping to 200.200.200.2 from r6
    its not ping , i dont know what the problem ..
    i failed the lab because of this QUESTION…

    ————————————————
    R6—–>SW1 fast 0/8

    R3——> Sw2 fast 0/8

    SW1( fa0/1)——–>sw2(fast0/1)|LACP |
    SW1( fa0/2)——–>sw2(fast0/2)|LACP |

    ————————————————

    R6

    interface Ethernet0/1
    no ip address
    half-duplex
    !
    interface Ethernet0/1.77
    encapsulation dot1Q 17 native
    ip address 200.200.200.1 255.255.255.0
    ———————————————–
    SW1

    interface FastEthernet0/8
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 17
    switchport mode trunk
    switchport nonegotiate

    interface range FastEthernet0/1-2
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 17
    switchport mode trunk
    channel-group 23 mode active

    interface Port-channel23
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 17
    switchport mode trunk
    ————————————————
    SW2

    interface FastEthernet0/8
    switchport access vlan 17

    interface range FastEthernet0/1-2
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 17
    switchport mode trunk
    channel-group 23 mode active

    interface Port-channel23
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 17
    switchport mode trunk
    ———————————————–
    R3

    interface Ethernet0/1
    ip address 200.200.200.2 255.255.255.0
    no sh

    ————————————————

    Comment by rahul — June 4, 2008 @ 12:38 am | Reply

  3. Thanks
    A useful and precise approach I think.
    What I would add is a strict control on the trunk ports specially if you have the requirement of using the minimum required
    VLANS. Because of dyn desi when DTP is on many
    ports will revert to trunks automatically and as soon as you define the domain all the vlans could go anywhere unless you establish a precise order of operations.
    Some of the trunks could be preconfig to add another variable. Layer 2 is critical also psychologically I have just started the lab and I want layer 2 to function properly and quickly, it adds not many score points but it is vital.

    Comment by Giorgio P. — June 5, 2008 @ 2:40 am | Reply

  4. Rahul did you find a solution to your question?

    Comment by Failed too — March 11, 2009 @ 7:57 pm | Reply


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: