Posted on August 25, 2012 by Michael in Latest News, Tutorials
As you can see by the network diagram above, In this next tutorial I’m going to cover off one of the most common sort of setups with SMB’s. Especially with the recent popularity of VOIP phone systems. I think it’s fair to say most network switches used come straight out the box and straight in to the production environment, with the switch’s default settings. Until that is you wish to install a VOIP system or Guest Wireless. Now you need to make changes, and “section” off the network using VLAN’s.
What we have is:
- 1x DHCP Server (Windows Server 2008 R2)
- 2x Cisco 2950 Switches
- 1x Cisco 1841 Router
The Idea behind it is, currently we have one single VLAN. We need to add another VLAN for a VOIP System going in and this requires Its own DHCP Scope.
- Scope1 – 192.168.10.0/24 (Default VLAN 1 Range)
- Scope2 – 10.10.10.0/24 (VLAN 10 Range)
So let’s get in to this….
I’m going to assume you’ve done the basic housework (setting hostname/passwords etc.) on the switches, and jump straight in to configuring them.
On your first switch we want to end up with the following:
- Switch ports 1-10 (VLAN1) – Default
- Switch ports 11-20 (VLAN10)
- Switch port 23 – Link to Router (R1)
- Switch port 24 – Trunk port to SW2
Technically we don’t need to do anything to ports 1-10 (as they are already members of the default VLAN), the only change I’m going to make here is to configure the ports to use portfast (a feature of STP (Spanning Tree Protocol). Without going in to this in too much detail as STP is a totally different topic, it basically makes the port “active” (Forwarding state) instead of having to wait the 30 seconds for STP to work its magic.
You will also see I’m setting the ports to access ports (again this is a totally different topic and one you will cover in the CCNA).
Now for configuring ports 11-20 I’m going to exactly the same but this time make them members of VLAN 10. There are a few ways to create VLAN’s, the way I’m going to do it is to assign the ports to a member of VLAN 10 and let the VLAN create itself. You could also create the VLAN before, and then move the ports in to the VLAN. If you do it that way you don’t get the information message (like in the below picture) showing you that VLAN 10 doesn’t exist.
I’m now going to create the trunk port (switchport 24) which will be our uplink to SW2
I’m now going to decide which VLAN’s this trunk port will “allow”. In this instance I’m going to allow ALL vlan traffic to pass over this trunk.
I’m now going to move over to switch 2 and configure this. As you’ll see I’ve done it slightly differently, but it still provides the same end result
Finally I’ll configure up the trunk port on SW2
If we do a quick “show vlan brief” you can see which ports are assigned to which VLAN
Now we’ve done this, lets connect SW1 and SW2 up with a cross over cable. Hopefully if the config is correct we should get two green lights appear on both switches.
If we do a “show vlan brief” again, you should notice something is now missing….
That’s right Fa0/24 is now missing. Why? Well now it’s “active” it’s functioning as a trunk port so if we do a “show interfaces trunk”, You will see Fa0/24 is now listed here. We can also see which VLAN’s are allowed to pass through this trunk port.
That’s the switches done for now, so let’s move our attention to the router. We’ve no need for outside access so this router is purely going to be used as the Layer 3 device in this setup. If you are going to have multiple VLAN’s with intervlan routing or single DHCP server with multiple scopes you need a Layer 3 device (be it a router or switch) which knows what to do with Layer 3 traffic. (The OSI layer model is another topic all together, so I am assuming you know the basic’s/differences between Layer 2 and Layer 3 devices). This tutorial is purely for getting you up and running.
On the router, I’m going to be using FastEthernet 0/1 as the inside LAN, this is going to be the default gateway for clients.
As you will see in the below, because we don’t physically have multiple ports for the different VLAN’s what we are going to configure is “sub-interfaces” on the router. We are then going to use the “ip helper” feature so VLAN 10 knows where to forward DHCP packets.
To fully understand this you do need to have a little bit of background on why we do this and how DHCP packets work. Basically when a DHCP client sends a DHCP request packet, it doesn’t have an IP address (obviously) so it uses the all-zeroes address, 0.0.0.0, as the IP source address. It also doesn’t know how to reach the DHCP server, so it uses a general broadcast address, 255.255.255.255, for the destination.
This is where the router (or layer 3 switch) comes in to play. The router must replace the source address with its own IP address, for the interface that received the request. It replaces the destination address with the address specified in the “ip helper-address” command. (So the packet now has a “from” address of 10.10.10.254. This then gets sent to the IP helper Address to which the server then looks at it’s DHCP scopes and matches up 10.10.10.254 with the 10.10.10.0/24 scope, which in turn hands out an IP from this range)
The client device’s MAC address is included in the payload of the original DHCP request packet, so the router doesn’t need to do anything to ensure that the server receives this information.
The DHCP server now has enough information to assign an address from the correct address pool, since it now knows what the originating subnet was for the DHCP request. Simple right!?
Anyway let continue with the configuration of the router, once again I’m going to assume you’ve done the basic housekeeping commands, and proceed to configure the FastEthernet 0/1 interface and sub interface.
You will notice when configuring the sub interface, you specifically tell the sub interface what number vlan it’s meant to be tagging. (ignore the message regarding baby giant frames)
So in the above we have configured FE0/1 with an ip address of 192.168.10.254, and the subinterface with an IP address of: 10.10.10.254, with VLAN 10 tagging.
Finally let’s put the IP helper address in on the sub interface
Right then, now this configuration is done let’s get on to testing it. First I need to make sure I can ping both IP addresses on the router from the Server:
Now we can get on to testing this setup.
I’ve already configured the server with the two DHCP scopes I will be using:
First I’m going to make sure we can get an IP address on default VLAN (so I’ll be connecting in to switchport 1 on SW1 first)
I’m using a standard windows 7 laptop for this called Michael2510p. Now it’s connected run a quick ipconfig to see if it’s picked up an IP address
Everything looks OK from the client side, let’s logon to the server and check the DHCP leases on the server
Everything looks good for the default VLAN. Just to be sure, I’m now going to connect in to switchport 1 on SW2. I’m also going to adjust the DHCP scope so the laptop should now pickup the address 192.168.10.20 (this is just to verify both switches can get an IP lease from the default VLAN)
Let’s connect the laptop backup and see what is issues to the laptop this time.
As you can see the laptop has been assigned the IP we expected, so as far as VLAN 1 is concerned everything looks good.
Right, now i’m going to plug in to port 14 on SW1 (which is a member of VLAN 10) so we should now get an ip address in the 10.10.10.0/24 range
Oh dear, something isn’t right.
So lets troubleshoot what it could be. Maybe it’s the IP Helper address? instead of pointing to 192.168.10.1 lets move it to 10.10.10.254 (the default gateway for VLAN 10), and lets see what happens
Right lets run an ipconfig /renew and test again
Oh dear still not working. So maybe it wasn’t the IP helper address. Well that’s correct, if you think about it, there isn’t actually a DHCP server located at 10.10.10.254 is there? It’s located on 192.168.10.1. So this was never going to fix the problem. So lets put it back to how it was
So what an earth could it be? We know the the uplink between the switches is fine (because we can get an IP address in VLAN1 when plugged in to either switch). This also means the link back to the router is fine for VLAN1.
But hang on a minute what about VLAN10? Lets just rewind a bit, we haven’t actually configured the port on SW1 which connects to the router (switchport 23). So at the moment it’s acting as a normal link (which is why VLAN1) is working, as this is it’s default behaviour. What we need to do is specify that this port is actually a TRUNK port, and then allow (which ever VLAN’s required) to pass.
So lets give that ago
Now lets run ipconfig /renew on the laptop and see what happens….
Success! Lets just verify this on the server
So we now know we can get access to the DHCP server from BOTH Vlans on SW1. But what about SW2? Well lets change the scope to start from 10.10.10.20 and plug in to port 20 (a member of VLAN 10)
Lets run a ipconfig /renew on the laptop again and see what happens
This is now looking a lot better! lets just check on the server
Success!
Well there we are, we now have two separate VLAN’s, each running their own subnet easily managed from the one DHCP server
Tidak ada komentar:
Posting Komentar