This is an exercise for us students to make sure we know how to do everything we mentionned in the previous chapters up until now, so we start from this network here:
Not much has been done besides:
So we need to:
Initial pkt file here.
first we give a static ip to each PC as well as give them their default gateway
PC0 and PC2 (VLAN 10): PC1 and PC3 (VLAN 20):Now that we took care of the PCs, we move onto the switches:
First we configure the VLANs on both switches:
left AND right switch:
>en
#conf t
config#vlan 10
config-vlan#name LEFT
config-vlan#ex
config#vlan 20
config-vlan#name RIGHT
config-vlan#ex
config#int range fa0/1-10
config if range#switchport mode access
config if range#switchport access vlan 10
config if range#ex
config#int range fa0/11-20
config if range#switchport mode access
config if range#switchport access vlan 20
config if range#ex
config#ex
#copy run start
#show vlan
Here we see that both VLANs are active on both switches:
Now packets that are coming from PCs are getting into the switches, where they will be given their proper VLAN tag, therefore the switchport mode trunk is needed in between the 2 switches on gig0/2 and between switches-routers on gig0/1:
left AND right switch:
Switch#conf t
Switch(config)#int range gig0/1-2
Switch(config-if-range)#switchport mode trunk
Switch(config-if-range)#no shutdown
Switch(config-if-range)#exit
Switch(config)#exit
Switch#copy run start
Switch#exit
Switch>
First we configure the VLAN Gateways on both routers using dot1Q encapsulation (we also enable both the virtual AND the physical interfaces):
Router1 (VLAN 10)
>en
#conf t
config#int gig0/1.10
config-subif#encapsulation dot1Q 10
config-subif#ip address 10.10.10.1 255.255.255.0
config-subif#no shutdown
config-subif#ex
config#int gig0/1
config-if#no shutdown
config-if#ex
config#ex
#copy run start
#ex
>
Router2 (VLAN 20)
>en
#conf t
config#int gig0/1.20
config-subif#encapsulation dot1Q 20
config-subif#ip address 10.10.20.1 255.255.255.0
config-subif#no shutdown
config-subif#ex
config#int gig0/1
config-if#no shutdown
config-if#ex
config#ex
#copy run start
#ex
>
So we get this result:
Now we need to setup the serial connection in between the 2 routers on Se0/3/0 (10.99.99.1-2/30) (the /30 mask is 255.255.255.252) we only need 2 hosts there, so /30 is fitting:
Router1
>en
#conf t
config#int se0/3/0
config-if#ip address 10.99.99.1 255.255.255.252
config-if#no shut
config-if#ex
config#ex
#copy run start
#ex
>
Router2
>en
#conf t
config#int se0/3/0
config-if#clock rate 64000
config-if#ip address 10.99.99.2 255.255.255.252
config-if#no shut
config-if#ex
config#ex
#copy run start
#ex
>
And we get this result:
We test connectivity within both vlans:
and we see that both PCs in both VLANs are able to ping their own gateway, but we also see that they are not able to ping hosts from the other VLANs, proving that they are in fact separated:
You guessed it, now it's time to make sure both VLANs can communicate to each other thanks to static routing, hence this chapter's title.
The point here is to make sure the packets that come from VLAN 10 must be able to reach VLAN 20's gateway thanks to the serial connection in between the 2 routers, and the same thing with VLAN 20's packets must be able to reach VLAN 10's gateway. As we saw on Chapter 3 we can use static routing to do so:
Reminder: the static routing syntax is as follows:
#ip route <network-to-reach> <mask-of-network-to-reach> <next-hop>
Router1 (VLAN 10):
>en
#conf t
config#ip route 10.10.20.0 255.255.255.0 10.99.99.2
config#exit
#copy run start
#exit
>
Router2 (VLAN 20):
>en
#conf t
config#ip route 10.10.10.0 255.255.255.0 10.99.99.1
config#exit
#copy run start
#exit
>
Now that's done, we test the connection again:
And that's it ! we have been able to make the 2 VLANs communicate with each other thanks to static routing on both routers.
You can download the finished pkt file here.
Next chapter ???
Until there is Nothing left.
Creative Commons Zero: No Rights Reserved
Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
Contact: nihilist@contact.nowhere.moe (PGP)