These are notes I made while completing JITL‘s Megalab. You can follow along by watching this video and grabbing the PKA file in the description.
I certainly don’t own anything I’ve posted here, which are excerpts from JITL’s PKA file, and Wendell Odom’s books CCNA 200-301: Official Cert Guide, 1st edition vol 1 and vol 2.
Spoiler warning, these notes contain configs.
- In Office A, configure a Layer-2 EtherChannel named PortChannel1 between DSW-A1 and DSW-A2 using a Cisco-proprietary protocol. Both switches should actively try to form an EtherChannel.
“Cisco-proprietary” means PAgP in this case. “Both switches should actively try to form an EtherChannel” means we have to use desirable. Here’s what I mean.
DSW-A1(config-if)#channel-group 1 mode ?
active Enable LACP unconditionally
auto Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally
on Enable Etherchannel only
passive Enable LACP only if a LACP device is detectedUsing desirable on one side, and auto on the other would still result in a LAG being made, but the instructions are explicit here. I’ll set both switches to use desirable.
! DSW-A1 and DSW-A2
int range g1/0/4-5
channel-group 1 mode desirable- In Office B, configure a Layer-2 EtherChannel named PortChannel1 between DSW-B1 and DSW-B2 using an open standard protocol. Both switches should actively try to form an EtherChannel.
Same as network A, just using the IEEE standard LACP instead.
! DSW-B1 and DSW-B2
int range g1/0/4-5
channel-group 1 mode activeLet’s go verify step 1 and 2.
DSW-A1#show etherchannel summary
Flags: D - down P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+----------------------------------------------
1 Po1(SU) PAgP Gig1/0/4(P) Gig1/0/5(P) Looking good! DSW-A2 should show similar results. On network B, you’ll see the same thing but using LACP as the protocol instead.
- Configure all links between Access and Distribution switches, including the EtherChannels, as trunk links.
- Explicitly disable DTP on all ports.
- Set each trunk’s native VLAN to VLAN 1000 (unused).
- In Office A, allow VLANs 10, 20, 40, and 99 on all trunks.
- In Office B, allow VLANs 10, 20, 30, and 99 on all trunks.
I’ll start on the dist switches. Which interfaces should I include?
DSW-A1(config-if-range)#do show cdp neighbor
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
DSW-A2 Por 1 161 3650 Gig 1/0/4
DSW-A2 Por 1 161 3650 Gig 1/0/5
DSW-A2 Por 1 161 3650 Por 1
ASW-A2 Gig 1/0/2 161 S 2960 Gig 0/1
CSW1 Gig 1/1/1 161 3650 Gig 1/1/1
CSW2 Gig 1/1/2 161 3650 Gig 1/1/1
ASW-A3 Gig 1/0/3 161 S 2960 Gig 0/1
ASW-A1 Gig 1/0/1 161 S 2960 Gig 0/1Access switches are on g1/0/1-3. Checking the other dist switches shows they’re using the same ports, so I can copy and paste the following and just change the allowed vlans.
! Office A Dist
int range g1/0/1-3
switchport mode trunk
switchport nonegotiate
switchport trunk native vlan 1000
switchport trunk allowed vlan 10,20,40,99
! Office B Dist
int range g1/0/1-3
switchport mode trunk
switchport nonegotiate
switchport trunk native vlan 1000
switchport trunk allowed vlan 10,20,30,99
! Office A Acc
int range g0/1-2
switchport mode trunk
switchport nonegotiate
switchport trunk native vlan 1000
switchport trunk allowed vlan 10,20,40,99
! Office B Acc
int range g0/1-2
switchport mode trunk
switchport nonegotiate
switchport trunk native vlan 1000
switchport trunk allowed vlan 10,20,30,99- Configure one of each office’s Distribution switches as a VTPv2 server. Use domain name JeremysITLab.
- Verify that other switches join the domain.
- Configure all Access switches as VTP clients.
Side note, VTP use can be dangerous in the real world so doublecheck you’ve disabled VTP before connecting a switch to your network or perish 🙂
Let’s start by setting servers and clients, then we’ll verify.
! set server on DSW-A1 and DSW-B1
vtp version 2
vtp domain JeremysITLab
vtp mode server
! set client on all access switches
vtp mode client
! verify on ASW-A3
ASW-A3#show vtp status
VTP Version capable : 1 to 2
VTP version running : 2
VTP Domain Name : JeremysITLab
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 0001.C7C3.9E00
Configuration last modified by 0.0.0.0 at 2-28-93 07:08:55
Feature VLAN :
--------------
VTP Operating Mode : Client
Maximum VLANs supported locally : 255
Number of existing VLANs : 9
Configuration Revision : 8
MD5 digest : 0xCC 0xE4 0x7E 0x95 0x53 0xF6 0xE0 0xA3
0x8E 0xBB 0x86 0xB0 0xE9 0x1C 0xA2 0xF7 We can see the domain has been set and the VTP operating mode is Client. Perfect! Let’s add some vlans to propagate.
- In Office A, create and name the following VLANs on one of the Distribution switches. Ensure that VTP propagates the changes.
- VLAN 10: PCs
- VLAN 20: Phones
- VLAN 40: Wi-Fi
- VLAN 99: Management
We’ll setup vlans on our VTP server DSW-A1.
! set vlans
vlan 10
name PCs
vlan 20
name Phones
vlan 40
name Wi-Fi
vlan 99
name ManagementChecking on a client switch should now show those vlans.
! verify on ASW-A3
ASW-A3#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
10 PCs active
20 Phones active
40 Wi-Fi active
99 Management active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
...- In Office B, create and name the following VLANs on one of the Distribution switches. Ensure that VTP propagates the changes.
- VLAN 10: PCs
- VLAN 20: Phones
- VLAN 30: Servers
- VLAN 99: Management
Pretty similar to step 5. I’ll create and name the vlans on our VTP server DSW-B1, then check to see if they’ve been created on a VTP client.
! set vlans
vlan 10
name PCs
vlan 20
name Phones
vlan 30
name Servers
vlan 99
name ManagementOkay, now verifying…
! verify on ASW-B3
ASW-B3#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
10 PCs active
20 Phones active
30 Servers active
99 Management active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
...- Configure each Access switch’s access port.
- LWAPs will not use FlexConnect
- PCs in VLAN 10, Phones in VLAN 20
- SRV1 in VLAN 30
- Manually configure access mode and explicitly disable DTP
What the heck is FlexConnect? I’ve never heard of that.
FlexConnect: An AP at a remote site can locally switch traffic between an SSID and a
VLAN if its CAPWAP tunnel to the WLC is down and if it is configured to do so.1
Oh, this just means that the AP must connect to the WLC. We should account for that when we’re setting up switchports. Links to LWAPs should be access ports on vlan 99. LWAP is on int f0/1.
! ASW-A1 and ASW-B1
int f0/1
switchport mode access
switchport nonegotiate
switchport access vlan 99ASW-A2, A3, and B2 all connect to an IP phone. These will need an access and voice vlan configured.
! ASW-A2, ASW-A3, ASW-B2
int f0/1
switchport mode access
switchport nonegotiate
switchport access vlan 10
switchport voice vlan 20Last, ASW-B3 connects to a server. We’ll configure the switchport in access mode on vlan 30.
! ASW-B3
int f0/1
switchport mode access
switchport nonegotiate
switchport access vlan 30- Configure ASW-A1’s connection to WLC1.
- It must support the Wi-Fi and Management VLANs.
- The Management VLAN should be untagged.
- Disable DTP.
A good hint here is that the link needs multiple vlans. That means this is a trunk.
Second, the management vlan should be untagged, which means we need to set native vlan to 99.
! ASW-A1
int f0/2
switchport mode trunk
switchport nonegotiate
switchport trunk native vlan 99
switchport trunk allowed vlan 40,99- Administratively disable all unused ports on Access and Distribution switches.
This is just good practice. Let’s go find all the ports we want to target. We can pipe the output of show ip int brief and choose to exclude the word “up” to only select down ports.
ASW-A1#show ip int brief | exc up
Interface IP-Address OK? Method Status Protocol
FastEthernet0/3 unassigned YES manual down down
FastEthernet0/4 unassigned YES manual down down
FastEthernet0/5 unassigned YES manual down down
FastEthernet0/6 unassigned YES manual down down
...Nice. Here’s all the shut commands.
! ASW-A1
int range f0/3-24
shut
do write
! All other access switches
int range f0/2-24
shut
do write
! Dist switches
int range g1/0/6-24,g1/1/3-4
shut
do writeThat’s all for Part 2!
- Odom, Wendell. “Chapter 27: Analyzing Cisco Wireless Architectures” in CCNA 200-301: Official Cert Guide: Vol 1, 647 ↩︎