catalogue
Connect two PC s directly to build LAN
Preliminary router configuration
The preliminary configuration of Jiaotong University router is as follows:
The basic configuration of Jiaotong University router is as follows:
The basic configuration of Chongqing University router is as follows:
Static routing configuration of Jiaotong University Router:
Chongqing University router static routing configuration:
Clear static routing configuration:
RIP routing configuration of Jiaotong University Router:
RIP routing configuration of Chongqing University Router:
Clear RIP routing configuration:
OSPF routing configuration of Jiaotong University Router:
OSPF routing configuration of Chongqing University Router:
Port based network address translation PAT
NAT can be implemented in three ways:
The PC configuration data in the topology diagram is as follows:
The router interface configuration data in the topology diagram is as follows:
The router interface configuration of Jiaotong University is as follows:
The router interface configuration of Chongqing University is as follows:
OSPF routing configuration of Jiaotong University Router:
OSPF routing configuration of Chongqing University Router:
Packet loss configuration of Chongqing University Router:
Router PAT configuration of Jiaotong University:
3560 VTP Server configuration:
2960A (left) VTP Client configuration:
2960B (right) VTP Client configuration:
Simple configuration of DHCP, DNS and Web server
Connect two PC s directly to build LAN
Building LAN with switches
Questions 1 and 2:
Pc0 to pc1 and pc3 to pc2 succeeded, and the rest failed.
Question 3:
All the lines were successful.
Switch interface address list
Spanning Tree Protocol
Preliminary router configuration
Description I
Jiaotong University and Chongqing University are obviously two different subnets. The communication between different subnets needs to pass through the router.
There is at least one subnet under each interface of the router. In the figure, we simply plan three subnets:
- The router on the left belongs to Jiaotong University. The switch is used to connect the network of Jiaotong University. The assigned network number is 192.168.1.0/24. The router interface is also the gateway of Jiaotong University network. The assigned IP is 192.168.1.1
- The router on the right belongs to Chongqing University. The switch is used to connect the network of Chongqing University. The assigned network number is 192.168.3.0/24. The router interface is also the gateway of Chongqing University network. The assigned IP is 192.168.3.1
- The two routers are connected by WAN interface, which is also a subnet. The assigned network number is 192.168.2.0/24
Note II
In reality, the connection between Jiaotong University and Chongqing University is remote. The connection is either through the optical fiber interface of the router or through the WAN interface, the so-called "serial" port (as shown in the topology diagram). Generally, it is not connected through twisted pair (why?).
Let's take the WAN port connection through the router as an example to make relevant configuration. Please note: the router we selected does not have a WAN module by default (the name is WIC-1T , etc.), so we need to turn off the router, add it, and then turn it on.
Note III
In the simulated WAN connection, pay attention to the DCE and DTE terminals (there is a prompt on the line when connecting, and the DCE terminal with a clock flag. Please refer to relevant materials for the concepts of DCE and DTE), The clock frequency {64000 shall be configured at the DCE end
Note IV
In reality, it is obvious that the new router cannot be configured remotely. We must connect with the console interface of the router through the serial port of the notebook and make the initial configuration (note that the bit rate is set to 9600) before we can configure remotely through the network. This is also the intention of the notebook connection drawn on the upper left of the figure above.
Note V
In the CLI interface of the router, you can see that after the router is started successfully, because there is NO configuration, you will be prompted whether to enter the initial configuration dialog, Select NO because there are many steps
The preliminary configuration of Jiaotong University router is as follows:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#interface FastEthernet0/0 Router(config-if)#ip address 192.168.1.1 255.255.255.0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#line vty 0 4 / / five terminals from 0 to 4 can log in at the same time Router(config-line)#password dswybs / / remote login password Router(config-line)#login Router(config-line)#exit Router(config)#enable password dswybs / / privilege mode password Router(config)#^Z / / exit
| Interface name | IP | Subnet mask |
| Router2 Ethernet port of Jiaotong University | 192.168.1.1 | 255.255.255.0 |
| Router2 WAN port of Jiaotong University | 192.168.2.1 | 255.255.255.0 |
| Router3 Ethernet port of Chongqing University | 192.168.3.1 | 255.255.255.0 |
| Router3 WAN port of Chongqing University | 192.168.2.2 | 255.255.255.0 |
The PC configuration data in the topology diagram is as follows:
| Node name | IP | Subnet mask | gateway |
| Jiaotong University PC0 | 192.168.1.2 | 255.255.255.0 | 192.168.1.1 |
| Jiaotong University PC1 | 192.168.1.3 | 255.255.255.0 | 192.168.1.1 |
| Chongqing University PC2 | 192.168.3.2 | 255.255.255.0 | 192.168.3.1 |
| Chongqing University PC3 | 192.168.3.3 | 255.255.255.0 | 192.168.3. |
The basic configuration of Jiaotong University router is as follows:
Ethernet port:
Router>enable // Enter privileged mode from normal mode Router#configure terminal / / enter global configuration mode Router(config)#interface f0/0 / / enter the configuration Ethernet port mode Router(config-if)#ip address 192.168.1.1 255.255.255.0 / / configure the IP address of the interface Router(config-if)#no shutdown / / activate the interface Router(config-if)#^z / / directly retreat to privileged mode Router#
WAN port:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#int s0/0 / / enter the WAN port configuration mode Router(config-if)#ip address 192.168.2.1 255.255.255.0 / / configure the IP address of the interface Router(config-if)#clock rate 64000 / / it is the DCE terminal. Configure the clock frequency Router(config-if)#no shutdown / / activate the interface Router(config-if)#^z / / directly retreat to privileged mode Router#
The basic configuration of Chongqing University router is as follows:
Ethernet port:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#int f0/0 / / enter the configuration Ethernet port mode Router(config-if)#ip address 192.168.3.1 255.255.255.0 / / configure the IP address of the interface Router(config-if)#no shutdown / / activate the interface Router(config-if)#^z / / directly retreat to privileged mode Router#
WAN port:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#int s0/0 / / enter the WAN port configuration mode Router(config-if)#ip address 192.168.2.2 255.255.255.0 / / configure the IP address of the interface Router(config-if)#no shutdown / / activate the interface Router(config-if)#^z / / directly retreat to privileged mode Router#
Static routing
Static routing is a non adaptive routing protocol, which is manually configured by network managers and cannot be changed according to the change of network topology. Therefore, static routing is simple and efficient, and is suitable for networks with very simple structure.
In the current simple topology, we can use static routing, that is, we can directly tell the router how to get to a network.
When the basic configuration of the above router is successful, use the following command to configure the static routing protocol:
Static routing configuration of Jiaotong University Router:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#ip route 192.168.3.0 255.255.255.0 192.168.2.2 / / tell the router of Jiaotong University that the next hop of the network to 192.168.3.0 is 192.168.2.2 Router(config)#Exit / / exit to privileged mode Router#show ip route / / view the route table
Chongqing University router static routing configuration:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#ip route 192.168.1.0 255.255.255.0 192.168.2.1 / / tell the Chongqing University router that the next hop to 192.168.1.0 is 192.168.2.1 Router(config)#Exit / / exit to privileged mode Router#show ip route / / view the route table
Check the routing table and you can see a route marked "S", where "S" stands for Static.
So far, these PC s can all ping each other!
Dynamic routing RIP
Clear static routing configuration:
- Turn off the router directly. It is equivalent to not saving any configuration, and then reconfiguring IP and other parameters of each interface according to the previous basic configuration (this method is recommended, and you can get familiar with the interface configuration command again);
- Use the {no} command to clear the static route. In the global configuration mode, Jiaotong University router uses no ip route 192.168.3.0 255.255.255.0 192.168.2.2, and Chongqing University router uses no ip route 192.168.1.0 255.255.255.0 192.168.2.1. It is equivalent to canceling the static routing command just configured by using the {no} command.
RIP routing configuration of Jiaotong University Router:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#router rip / / enable the RIP routing protocol. Note the router command Router(config-router)#Network 192.168.1.0 / / network 192.168.1.0 is directly connected to me Router(config-router)#Network 192.168.2.0 / / network 192.168.2.0 is directly connected to me Router(config-router)#^z / / directly retreat to privileged mode Router#show ip route / / view the route table
RIP routing configuration of Chongqing University Router:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#router rip / / enable the RIP routing protocol. Note the router command Router(config-router)#Network 192.168.3.0 / / network 192.168.3.0 is directly connected to me Router(config-router)#Network 192.168.2.0 / / network 192.168.2.0 is directly connected to me Router(config-router)#^z / / directly retreat to privileged mode Router#show ip route / / view the route table
Looking at the routing table, you can see a route marked R , which indicates RIP.
So far, these PC s can all ping each other!
Dynamic routing OSPF
Dynamic routing protocol adopts adaptive routing algorithm, which can re optimize the computer routing according to the change of network topology.
The full name of RIP is Routing Information Protocol, which is the representative of distance vector routing (although it is eliminated at present, it can be used as our learning object). Using rip protocol only needs to tell the router which networks are directly connected, and then rip automatically constructs the routing table according to the algorithm.
Because the network we simulated is very simple, we can't use static and dynamic routes at the same time, otherwise we can't see the effect. Therefore, we need to clear the static routes just configured.
Clear RIP routing configuration:
- Turn off the router directly. It is equivalent to that no configuration is saved, and then each interface reconfigures IP and other parameters according to the previous basic configuration
- Clear the RIP route using the {no} command. In the global configuration mode, all routers use the: no router rip} command to clear
OSPF routing configuration of Jiaotong University Router:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#router ospf 1 / / enable OSPF routing protocol. The process number is 1 (you can ignore the concept of process number temporarily) Router(config-router)#Network 192.168.1.0 0.0.255 area 0 / / all hosts belonging to the 192.168.1.0/24 network in autonomous domain 0 (reverse mask) participate in OSPF Router(config-router)#Network 192.168.2.0 0.0.255 area 0 / / all hosts belonging to the 192.168.2.0/24 network in autonomous domain 0 (reverse mask) participate in OSPF Router(config-router)#^z / / directly retreat to privileged mode Router#show ip route / / view the route table
OSPF routing configuration of Chongqing University Router:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#router ospf 1 / / enable OSPF routing protocol. The process number is 1 Router(config-router)#Network 192.168.3.0 0.0.255 area 0 / / all hosts belonging to the 192.168.3.0/24 network in autonomous domain 0 (reverse mask) participate in OSPF Router(config-router)#Network 192.168.2.0 0.0.255 area 0 / / all hosts belonging to the 192.168.2.0/24 network in autonomous domain 0 (reverse mask) participate in OSPF Router(config-router)#^z / / directly retreat to privileged mode Router#show ip route / / view the route table
Looking at the routing table, you can see a route marked O, which means OSPF.
So far, these PC s can all ping each other!
Port based network address translation PAT
Network Address Translation (NAT) is widely used by various Internet service providers, namely ISP s, in their networks, including WiFi networks. The reason is very simple. NAT not only perfectly solves the problem of insufficient lP address, but also can effectively avoid attacks from outside the network and hide and protect computers inside the network.
NAT can be implemented in three ways:
- Static conversion: Static NAT
- Dynamic conversion: Dynamic NAT
- Port multiplexing: OverLoad
Port multiplexing is the most used and flexible. OverLoad refers to not only changing the source IP address of data packets sent to the Internet, but also changing its source port, that is, Port Address Translation (PAT).
Using port multiplexing, all hosts in the internal network can share a legal external IP address to access the Internet, so as to save IP address resources to the greatest extent. At the same time, it can hide all hosts inside the network to effectively avoid attacks from the Internet. Therefore, port multiplexing is the most widely used method in the network.
We still use the topology of Chongqing Jiaotong University and Chongqing University for PAT experiment. We need to ensure that the routing of the two schools has been configured successfully. Whether static routing or dynamic routing is used, we give a complete configuration process as follows: set the routers of the two schools to use OSPF protocol, simulate Jiaotong University to use internal IP address (192.168.1.0 / 24), and simulate Chongqing University to use external IP address (8.8.8.0 / 24), The external IP address (202.202.240.0 / 24) is used between the two routers to implement PAT at the exit of Jiaotong University, that is, the WAN port.
The PC configuration data in the topology diagram is as follows:
| Node name | IP | Subnet mask | gateway |
| Jiaotong University PC0 | 192.168.1.2 | 255.255.255.0 | 192.168.1.1 |
| Jiaotong University PC1 | 192.168.1.3 | 255.255.255.0 | 192.168.1.1 |
| Chongqing University PC2 | 8.8.8.2 | 255.255.255.0 | 8.8.8.1 |
| Chongqing University PC3 | 8.8.8.3 | 255.255.255.0 | 8.8.8.1 |
The router interface configuration data in the topology diagram is as follows:
| Interface name | IP | Subnet mask | |
| Router2 Ethernet port of Jiaotong University | 192.168.1.1 | 255.255.255.0 | |
| Router2 WAN port of Jiaotong University | 202.202.240.1 | 255.255.255.0 | |
| Router3 Ethernet port of Chongqing University | 8.8.8.1 | 255.255.255.0 | |
| Router3 WAN port of Chongqing University | 202.202.240.2 | 255.255.255.0 | |
The router interface configuration of Jiaotong University is as follows:
Ethernet port:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#int f0/0 / / enter the configuration Ethernet port mode Router(config-if)#ip address 192.168.1.1 255.255.255.0 / / configure IP address Router(config-if)#no shutdown / / activate the interface
WAN port:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#int s0/0 / / enter the WAN port configuration mode Router(config-if)#ip address 202.202.240.1 255.255.255.0 / / configure IP address Router(config-if)#clock rate 64000 / / it is the DCE terminal. Configure the clock frequency Router(config-if)#no shutdown / / activate the interface
The router interface configuration of Chongqing University is as follows:
Ethernet port:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#int f0/0 / / enter the configuration Ethernet port mode Router(config-if)#ip address 8.8.8.1 255.255.255.0 / / configure IP address Router(config-if)#no shutdown / / activate the interface
WAN port:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#int s0/0 / / enter the WAN port configuration mode Router(config-if)#ip address 202.202.240.2 255.255.255.0 / / configure IP address Router(config-if)#no shutdown / / activate the interface
OSPF routing configuration of Jiaotong University Router:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#router ospf 1 / / enable OSPF routing protocol. The process number is 1 (you can ignore the concept of process number temporarily) Router(config-router)#Network 192.168.1.0 0.0.255 area 0 / / all hosts belonging to the 192.168.1.0/24 network in autonomous domain 0 (reverse mask) participate in OSPF Router(config-router)#Network 202.202.240.0 0.0.255 area 0 / / all hosts belonging to the 202.202.240.0/24 network in autonomous domain 0 (reverse mask) participate in OSPF
OSPF routing configuration of Chongqing University Router:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#router ospf 1 / / enable OSPF routing protocol. The process number is 1 Router(config-router)#Network 202.202.240.0 0.0.255 area 0 / / all hosts belonging to the 202.202.240.0/24 network in autonomous domain 0 (reverse mask) participate in OSPF Router(config-router)#Network 8.8.8.0 0.0.255 area 0 / / all hosts belonging to the 8.8.8.0/24 network in autonomous domain 0 (reverse mask) participate in OSPF
At this time, these PCs can all ping each other! For example, using PC0 (192.168.1.2) to ping Chongqing University's PC2 (8.8.8.2) should be successful.
Next, we will look at the routers of Chongqing University as the backbone routers in the Internet, so these routers will not forward packets with internal / private IP addresses (directly discarded). We simulate the process of packet loss by implementing access control ACL on Chongqing University router, that is, discarding packets from Jiaotong University (private IP address).
Packet loss configuration of Chongqing University Router:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#Access list 1 deny 192.168.1.0 0.0.255 / / create ACL 1, discard / do not forward all packets from the 192.168.1.0/24 network Router(config)#Access list 1 allow any / / add ACL 1 rules and forward packets from all other networks Router(config)#int s0/0 / / configure WAN port Router(config-if)#IP access group 1 in / / implement the rules in ACL 1 on the WAN port for incoming packets. In fact, if the WAN port receives packets from 192.168.1.0/24 IP, it will be discarded
At this time, using PC0 (192.168.1.2) in Jiaotong University to ping PC2 (8.8.8.2) in Chongqing University will not succeed, and the unreachable information of the destination host will be displayed
Next, let's start implementing PAT. That is, we will convert the internal / private IP address to the external / public IP address at the exit of Jiaotong University router, so that the source IP of the packet will not be discarded by Chongqing University router, so the network is connected.
Router PAT configuration of Jiaotong University:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#Access list 1 permit 192.168.1.0 0.0.255 / / create ACL 1 to allow all packets from the 192.168.1.0/24 network Router(config)#ip nat inside source list 1 interface s0/0 overload / / the IP from the ACL will implement PAT on the WAN interface Router(config)#int f0/0 / / configure Ethernet port Router(config-if)#ip nat inside / / configure the Ethernet port as the internal port of PAT Router(config)#int s0/0 / / configure WAN port Router(config-if)#ip nat outside / / configure the WAN port as the external port of PAT
Now, use the PC0 (192.168.1.2) inside Jiaotong University to ping the PC2 (8.8.8.2) of Chongqing University again, then it is OK.
Virtual LAN VLAN
Switch VLAN configuration:
Switch>en Switch#conf t Switch(config)#vlan 10 / / create a VLAN with id 10 (by default, all interfaces of the switch belong to VLAN 1 and cannot be used) Switch(config-vlan)#name computer / / set the alias of VLAN Switch(config-vlan)#exit Switch(config)#int vlan 10 / / the VLAN is a subnet. Set its IP as the subnet gateway Switch(config-if)#ip address 192.168.0.1 255.255.255.0 Switch(config-if)#exit Switch(config)#vlan 20 / / create a VLAN with id 20 Switch(config-vlan)#name communication / / set alias Switch(config-vlan)#exit Switch(config)#int vlan 20 Switch(config-if)#ip addr 192.168.1.1 255.255.255.0 Switch(config-if)#exit Switch(config)#vlan 30 / / create a VLAN with id 20 Switch(config-vlan)#name electronic / / set alias Switch(config-vlan)#exit Switch(config)#int vlan 30 Switch(config-if)#ip add 192.168.2.1 255.255.255.0 Switch(config-if)#exit Switch(config)#int range f0/1-8 / / group configuration interface (1-8) Switch(config-if-range)#switchport mode access / / set to access mode Switch(config-if-range)#switchport access vlan 10 / / classified into VLAN 10 Switch(config-if-range)#exit Switch(config)#int range f0/9-16 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 20 Switch(config-if-range)#exit Switch(config)#int range f0/17-24 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 30 Switch(config-if-range)#^Z Switch#show vlan / / view the VLAN partition
So far, we have divided three VLANs on the switch (excluding the default VLAN 1).
The network configuration of PC under each VLAN and the connected switch interface are as follows:
| machine name | Connected interface | VLAN | IP | Subnet mask | gateway |
| PC0 | F0/1 | VLAN 10 | 192.168.0.2 | 255.255.255.0 | 192.168.0.1 |
| PC1 | F0/2 | VLAN 10 | 192.168.0.3 | 255.255.255.0 | 192.168.0.1 |
| PC2 | F0/17 | VLAN 30 | 192.168.2.2 | 255.255.255.0 | 192.168.2.1 |
| PC3 | F0/9 | VLAN 20 | 192.168.1.2 | 255.255.255.0 | 192.168.1.1 |
| PC4 | F0/10 | VLAN 20 | 192.168.1.3 | 255.255.255.0 | 192.168.1.1 |
| PC5 | F0/18 | VLAN 30 | 192.168.2.3 | 255.255.255.0 | 192.168.2.1 |
| PC6 | F0/19 | VLAN 30 | 192.168.2.4 | 255.255.255.0 | 192.168.2.1 |
Virtual LAN management VTP
VTP (VLAN Trunk Protocol) is the VLAN relay protocol. VTP maintains the uniformity of VLAN configuration through ISL frame or Cisco private DTP frame (refer to relevant materials). It is also known as virtual LAN trunk protocol. It is Cisco private protocol. VTP uniformly manages, adds, deletes and adjusts VLANs, and automatically broadcasts information to other switches in the network.
In addition, VTP reduces the configurations that may cause security problems. As long as the corresponding settings are made in the VTP Server, the VTP Client will automatically learn the VLAN information on the VTP Server.
These VLANs 1# can communicate with each other, that is, these VLANs can also belong to each other. As mentioned earlier, in reality, we must divide VLANs for performance, management and security.
Now our requirement is to create two VLANs, and then make PC0 and PC1 belong to VLAN 2, and PC1 and PC3 belong to VLAN 3.
We will do the following work on the core switch 3560:
- Set to "server" mode and VTP domain to "server" cqjtu
- New VLAN 2, network number 192.168.1.0/24, gateway 192.168.1.1
- New VLAN 3, network number 192.168.2.0/24, gateway 192.168.2.1
3560 VTP Server configuration:
Switch>en Switch#conf t Switch(config)#hostname 3560 / / change the switch name (optional) 3560(config)#vtp domain cqjtu / / set the VTP domain name to cqjtu 3560(config)#vtp mode server / / set it to VTP server mode 3560(config)#VLAN 2 / / create a new VLAN 2 3560(config-vlan)#name computer / / set the alias of VLAN 2 (optional) 3560(config-vlan)#exit 3560(config)#VLAN 3 / / rebuild VLAN 3 3560(config-vlan)#name communication / / set the alias of VLAN 2 (optional) 3560(config-vlan)#exit 3560(config)#int vlan 2 / / configure interface VLAN 2, which will be the gateway of the subnet (on the left) 3560(config-if)#ip address 192.168.1.1 255.255.255.0 3560(config-if)#exit 3560(config)#int vlan 3 / / configure interface VLAN 3, which will be the gateway of the subnet (on the right) 3560(config-if)#ip address 192.168.2.1 255.255.255.0
We will do the following work on the left switch 2960A:
- Join a VTP domain named {cqjtu}
- Configure the Gigabit interface g0/1 connected to the core switch 3560 to the "trunk" mode
- Divide the interface # f0/1 # into # VLAN 2 #
- Divide the interface # f0/2 # into # VLAN 3 #
2960A (left) VTP Client configuration:
Switch>en Switch#conf t Switch(config)#hostname 2960A / / change the switch name (optional) 2960A(config)#vtp domain cqjtu / / join a VTP domain named cqjtu 2960A(config)#vtp mode client / / set the mode to VTP client 2960A(config)#int g0/1 / / configure the g0/1 Gigabit interface connected to the core switch 3560 2960A(config-if)#switchport mode trunk / / set the interface to trunk mode 2960A(config-if)#switchport trunk allowed vlan all / / allow trunking for all VLANs 2960A(config-if)#exit 2960A(config)#int f0/1 / / configure interface 1 2960A(config-if)#switchport mode access / / set the interface to normal access mode 2960A(config-if)#switchport access vlan 2 / / divide the interface into VLAN 2 2960A(config-if)#exit 2960A(config)#int f0/2 / / configure interface 2 2960A(config-if)#switchport mode access / / set the interface to normal access mode 2960A(config-if)#switchport access vlan 3 / / divide the interface into VLAN 3
We will do the same on the right switch 2960B:
- Join a domain named}cqjtu# VTP
- Configure the Gigabit interface g0/1 connected to the core switch 3560 to the "trunk" mode
- Divide the interface # f0/1 # into # VLAN 2 #
- Divide the interface # f0/2 # into # VLAN 3 #
2960B (right) VTP Client configuration:
witch>en Switch#conf t Switch(config)#hostname 2960B / / change the switch name (optional) 2960B(config)#vtp domain cqjtu / / join a VTP domain named cqjtu 2960B(config)#vtp mode client / / set the mode to VTP client 2960B(config)#int g0/1 / / configure the g0/1 Gigabit interface connected to the core switch 3560 2960B(config-if)#switchport mode trunk / / set the interface to trunk mode 2960B(config-if)#switchport trunk allowed vlan all / / allow trunking for all VLANs 2960B(config-if)#exit 2960B(config)#int f0/1 / / configure interface 1 2960B(config-if)#switchport mode access / / set the interface to normal access mode 2960B(config-if)#switchport access vlan 2 / / divide the interface into VLAN 2 2960B(config-if)#exit 2960B(config)#int f0/2 / / configure interface 2 2960B(config-if)#switchport mode access / / set the interface to normal access mode 2960B(config-if)#switchport access vlan 3 / / divide the interface into VLAN 3
So far, each switch is configured.
The switches, interfaces and network configurations connected to each PC are as follows:
| machine name | Connected switches and interfaces | VLAN | IP | Subnet mask | gateway |
| PC0 | 2960A-F0/1 | VLAN 2 | 192.168.1.2 | 255.255.255.0 | 192.168.1.1 |
| PC1 | 2960A-F0/2 | VLAN 3 | 192.168.2.2 | 255.255.255.0 | 192.168.2.1 |
| PC2 | 2960B-F0/1 | VLAN 2 | 192.168.1.3 | 255.255.255.0 | 192.168.1.1 |
| PC3 | 2960B-F0/2 | VLAN 3 | 192.168.2.3 | 255.255.255.0 | 192.168.2.1 |
The VTP configuration is now complete. The same VLAN can be ping ed, but different VLANs can't (even under the same switch, such as PC0 to PC1), and it can facilitate unified planning and management.
Communication between VLAN s
VTP only provides convenience for us to divide and manage VLANs. According to the above tests, we still can't communicate between VLANs.
Because by default, communication between VLANs is not allowed. At this time, we need the so-called single arm router to forward it between VLANs!
The core switch 3560 we use is a layer 3 switch, which can work in the network layer, also known as the routing switch, that is, it has the routing function and can carry out this forwarding operation.
3560 switch configuration:
3560>en 3560#conf t 3560(config)#int g0/1 / / configure the interface connecting the 2960A switch on the left 3560(config-if)#switchport trunk encapsulation dot1q / / encapsulating VLAN protocol 3560(config-if)#switchport mode trunk / / set to relay mode 3560(config-if)#switchport trunk allowed vlan all / / forward between all VLANs 3560(config-if)#exit 3560(config)#int g0/2 / / configure the interface connecting the 2960B switch on the right 3560(config-if)#switchport trunk encapsulation dot1q / / encapsulating VLAN protocol 3560(config-if)#switchport mode trunk / / set to relay mode 3560(config-if)#switchport trunk allowed vlan all / / forward between all VLANs 3560(config-if)#exit 3560(config)#ip routing / / enable routing forwarding
Simple configuration of DHCP, DNS and Web server
Build the following simple topology.
In this topology, both servers and clients are connected to the same switch. For simplicity, the Server-PT serves as DHCP, DNS and Web servers at the same time. Each client does not need to be configured and will automatically obtain the network configuration.
Click the Server icon in the CPT topology diagram, set its static IP address to {19.89.6.4/24, and then select} Service} for the following related configurations:
| machine name | Configuration item | explain |
| Server | HTTP | Just turn it on |
| Server | DNS | 19.89.6.4: www.google.com,www.baidu.com |
| Server | DHCP | Address pool start address: 19.89.6.10/24, and return DNS address |
| PC | network configuration | Automatic acquisition |