9. Small office configuration scenario with VLAN and internet access nr. 3

image_pdfimage_print

New network scenario consist of one branch router with default routing to ISP. WAN internet access use PPP serial link with old PAP authentication. Office hosts are separated in 3 VLAN. Vlan 1 remain default, VLAN 2 is staff and for guests is reserved guest VLAN 3. Administrator use Admin Laptop for direct console CLI access. Switched network remain very simple, there is only one switch extended with old hub Hub0 (clients C and D share same subnet but also same collision domain).

  • Serial link with PPPencapsulation and PAP authentication:
    On Office router:
        username ISP password 0 cisco
                  interface Serial0/0/0
                  ip address 209.165.200.225 255.255.255.252
                  encapsulation ppp
                  ppp authentication pap
                  ppp pap sent-username Office password 0 cisco

             On ISP router:
                  username Office password 0 cisco

                  interface Serial0/0/0
                  ip address 209.165.200.226 255.255.255.252
                  encapsulation ppp
                  ppp authentication pap
                  ppp pap sent-username ISP password 0 cisco
                  clock rate 64000
 
  • loop back interface on ISP router for testing remote connectivity
        interface Loopback0
        ip address 198.160.131.1 255.255.255.0
     
  • static route in ISP pointing to Office inside global (public) address
        ip route 209.165.201.0 255.255.255.224 Serial0/0/0 
     
  • default routing to ISP
        ip route 0.0.0.0 0.0.0.0 Serial0/0/0
     
  • static NAT and NAT with interface serial 0/0/0 overload PAT for local hosts internet connectivity
        ip nat inside source list NAT interface Serial0/0/0 overload
        ip nat inside source static 10.0.4.254 209.165.201.1 
        ip access-list standard NAT
        permit 10.0.0.0 0.0.255.255
     
  • DHCP address assignment for all VLAN clients
        ip dhcp excluded-address 10.0.1.1 10.0.1.9
        ip dhcp excluded-address 10.0.2.1 10.0.2.9
        ip dhcp excluded-address 10.0.3.1 10.0.3.9
        !
        ip dhcp pool VLAN1
        network 10.0.1.0 255.255.255.0
        default-router 10.0.1.1
        dns-server 10.0.4.254
        ip dhcp pool VLAN2
        network 10.0.2.0 255.255.255.0
        default-router 10.0.2.1
        dns-server 10.0.4.254
        ip dhcp pool VLAN3
        network 10.0.3.0 255.255.255.0
        default-router 10.0.3.1
        dns-server 10.0.4.254
     
  • inter VLAN routing with router-on-a-stick 
        interface FastEthernet0/0
        no ip address
        duplex auto
        speed auto
        !
        interface FastEthernet0/0.1
        encapsulation dot1Q 1 native
        ip address 10.0.1.1 255.255.255.0
        ip nat inside
        !
       interface FastEthernet0/0.2
       encapsulation dot1Q 2
       ip address 10.0.2.1 255.255.255.0
       ip nat inside
       !
       interface FastEthernet0/0.3
       encapsulation dot1Q 3
       ip address 10.0.3.1 255.255.255.0
       ip nat inside
     
Preconfigured scenario you can download from here (PKT 5.2 and above). Network topology show next picture

Interesting part of this scenario is shared network segment using hub for  extension switched LAN. Our interests is in switching table of Switch0. We can ask: how will be mac-address-table finally populated? At first we must ping devices on network that will populate switching (mac.address-table).Example of ping from Office router to all network device:


Our Switch0 mac-address-table look like this

Two or more PC assigned to one switch port in address table (switching table) is example of shared network segment connected on port fa0/20. But we can not examine from this that this is next switch or hub  (you must use CDP show cdp neighbors or show interface fa0/20 that is in full or half duplex mode).

Switch port assignment to appropriate VLAN examine show vlan brief command issued on switch0

Switch port fa0/1 is excluded from list because is trunk port connecting switch and Office router in router-on-a-stick inter vlan. For port fa0/1 state examination we can use show interface fa0/1 switch port CLI command

Native (default) VLAN is 1 that is default switch out of box configuration and trunk encapsulation is dot1q.

Same command issued on access port fa0/20 result in output:

Port is bounded with VLAN 2 as you can see on topology diagram and from show vlan brief CLI command output.

Please remember that there is also one show command for trunk ports examination – it is show interface trunk

Share the article via the network
Translate »