Rochester Institute of Technology Department of Networking, Security, and Systems Administration

4050-515/4055-815 Lab 7 Basic VLANs Instructions 20094 Page 1 of 8

Basic VLANS Sign Offs

Name ____________________

Activity 5 Connecting VLANs 5.1 (5 pts) Routing across VLANs working. _________________________

Activity 10 Additional Commands & Recovery

1) (3pts) Password removed from switch

____________________________

2) (2pts) Switch is write erased

____________________________

Rochester Institute of Technology Department of Networking, Security, and Systems Administration

4050-515/4055-815 Lab 7 Basic VLANs Instructions 20094 Page 2 of 8

This Page Intentionally Left Blank

Rochester Institute of Technology Department of Networking, Security, and Systems Administration

4050-515/4055-815 Lab 7 Basic VLANs Instructions 20094 Page 3 of 8

4050-515/4050-815 Lab 7 Basic VLANS

Overview
A variety of VLANs will be configured to demonstrate collision and broadcast domain isolation, spanning tree protocol (STP) implementation, and the impact of broadcast storms. Activity 1 - Configuration 1) Configure the IP addresses of your three bench PCs on the same network as the switch (See step 4). Attach each one to a port on the 3550 switch on your bench. Use port 1 and 2 for PC 1 & PC3.Use port 14 for PC2. 2) Setup HyperTerminal, console into, and power up the 3550 Switch> 3) At the prompt, type enable. Switch> enable Switch# 4) Experiment with the show commands. Note that they are similar to those on the 2651s. Now, give the switch an IP address. Switch# configure terminal Switch(config)# interface vlan1 Switch(config-if)# ip address 10.10X.100.B4 255.255.255.0 (where X = 0 for startrek, X = 1 for Oz, and B = bench_number) Switch(config-if)# no shutdown Switch(config-if)# exit 5) Configure the switch for telnet access as follows: Switch(config)# line vty 0 15 Switch(config-line)# password netlab Switch(config-line)# enable password benchB (where B = bench_number)

Rochester Institute of Technology Department of Networking, Security, and Systems Administration

4050-515/4055-815 Lab 7 Basic VLANs Instructions Activity 2 - Telnet to Switch From the command prompt on PC2, telnet into your switch using: 10.10X.100.B4 Password: netlab Switch> enable Password: benchB Activity 3 - Configuring VLANs 1) Configure two VLANs using PC2, the telnet session. Switch# config t Switch(config)# vlan 101 Switch(config-if)# exit Switch(config)# interface range f0/1 5 Switch(config-if-range)# switchport access vlan 101 Switch(config-if-range)# exit Switch(config)# 2) Now use the help system to determine how to add a single port to a VLAN 101. Add port 6 to VLAN 101 now. 3) Next, create VLAN 102 and place ports 7 12 in that new VLAN. 4) Using the Show VLAN command capture the information about your VLAN configuration. Save the output from this command for your lab report. 5) What command will give you complete port information? Include the output for your configured 3550 ports. 20094 Page 4 of 8

Rochester Institute of Technology Department of Networking, Security, and Systems Administration

4050-515/4055-815 Lab 7 Basic VLANs Instructions Activity 4 - VLAN Topology 1) Connect PC1 to VLAN 101. Connect PC2 and PC3 to VLAN 102. Note that you will have to use your HyperTerm window to console into the 3550 for any further configuration modifications. 2) Attempt to ping between PC 1 and PC 2, and also between PC2 and PC3. Remember, all three PCs are configured for the same IP network . Capture in both VLANs. How far does unicast, multicast and broadcast traffic travel? a. Are all nodes within a VLAN able to see all the unicast and broadcast traffic generated within VLAN boundaries? Use your experiment to explain. b. Are all nodes within one VLAN able to see all the unicast and broadcast traffic generated from the other VLAN? Use your experiment to explain. 20094 Page 5 of 8

c. Why did we configure the PCs to be in the same IP network for these experiments? Activity 5 Connecting VLANs 1) Interconnect VLANs 101 and 102 using a router. Since both interfaces of the router cannot be attached to the same IP network, create another IP network address for the router interface on VLAN 102. 2) Move PC3 into the new IP domain (ie change his IP address). Do not change any cabling or the IP address of PC2. 3) Draw a labeled picture of your topology at this point. It will help you understand what is going on. Why did we design the topology this way? What were we trying to prove? 4) Now, repeat the investigations of Activity 4. 5) Prior to Activity 6, remove the router between the VLANs.

Rochester Institute of Technology Department of Networking, Security, and Systems Administration

4050-515/4055-815 Lab 7 Basic VLANs Instructions Activity 6 - VLAN Modifications 1) Move ports from one VLAN to the other and record the method (commands) you use to accomplish this. For example, move one of the ports from vlan 102 into vlan 101. Activity 7 - Broadcast Storms with STP Enabled 1) Capture a BPDU in each VLAN and determine what parameter(s) is different. 2) Generate broadcast traffic by continually pinging a non-existent address. 3) Connect two ports together in one VLAN using a crossover cable and note that the lights stay green. a. What happened as a result of your broadcast traffic when you connected the two ports together? b. Why didnt a broadcast storm occur? Be very specific. c. How can you prove there was no broadcast storm? Provide the proof. Activity 8 - Broadcast Storms with STP Disabled 1) Disconnect the crossover cable between the two ports. 2) Using either the console port or a telnet session to your switch, disable the STP on the ports connected to the crossover cable. Use the following method or another you discover. Switch(config)# interface f0/port Switch(config-if)# spanning-tree bpdufilter enable 20094 Page 6 of 8

Rochester Institute of Technology Department of Networking, Security, and Systems Administration

4050-515/4055-815 Lab 7 Basic VLANs Instructions 20094 Page 7 of 8

Note: Enabling bpdufilter on this interface (i.e. VLAN 101) means the switch will filter out or prevent, BPDUs from participating in the STP. There are other ways to disable STP, you may use the method you are most comfortable with. 3) Clear all ARP tables and begin packet capture on a PC equipped with Wireshark. (PC2) 4) Reconnect the cable between the 2 ports in the vlan and generate broadcast traffic by once again pinging a non-existent address. 5) What happens? Be sure to record activities at the switch and with Wireshark. How long did it take for the results to become clear? What were the indications? Hint: Take a look at the Wireshark alarm log. This activity tends to hammer the NICs as well. To recover from this you can power off the pcs or you can try connecting a crossover between the pcs to wake them up. After the storm they appear to be fearful of further communication with the outside world. 6) Disconnect the cable in preparation for the next activity.

Activity 9 - STP Enable 1) The loop created with the crossover cable in Activity 8 resulted in a broadcast storm. This can be remedied by disabling the BPDU filter. 2) When complete, reconnect the two switch ports and repeat the ping exercise from Activity 8 to make sure your switch is operating properly. Activity 10. Additional Commands & Recovery 1) Name your VLANs something clever. Record the command used to name your VLAN and provide a screen capture which shows me the name of your VLAN. 2) Remove your VLANs from the switch. Record the command used to remove your VLANs and provide a screen capture that shows your VLANs have been removed.

Rochester Institute of Technology Department of Networking, Security, and Systems Administration

4050-515/4055-815 Lab 7 Basic VLANs Instructions 20094 Page 8 of 8

3) Return all ports to the management VLAN. How did you do this? Provide a screen capture that shows you have done this. 4) Remove the password from the 3550. Record the command used to do this. 5) Issue the following command: Switch# write erase