Try our training for free.

Gain instant access to our entire IT training library for 1 week. Train anytime on your desktop, tablet, or mobile devices.

Cisco CCNA certification proves your professional worth. It tells prospective employers that you can handle the day-to-day work of running a mid- to large-sized Cisco network....
Cisco CCNA certification proves your professional worth. It tells prospective employers that you can handle the day-to-day work of running a mid- to large-sized Cisco network.

The two-exam CCNA process covers lots of innovative features, which better reflect the skills and knowledge you'll need on the job. Passing both exams is your first step towards higher-level Cisco certification, and trainer Jeremy Cioara has mapped these CCNA training videos to the 640-816 test. This CCNA training is not to be missed.

Here's how one user described Jeremy's training: "By the way, Jeremy Cioara has to be by far one of the BEST Cisco trainers I have ever had the privilege to learn from overall. He not only keeps your attention but his energy is contagious and he provides the information at a level where you grasp it rather easily."

The last day to take the 640-816 exam is Sept. 30, 2013. After that date, the only ICND2 exam available will be 200-101. CBT Nuggets has a training course for the 200-101 exam here.

All trademarks and copyrights are the property of their respective holders.
1. Review: Rebuilding the Small Office Network, Part 1 (33 min)
2. Review: Rebuilding the Small Office Network, Part 2 (28 min)
3. Review: Rebuilding the Small Office Network, Part 3 (23 min)
4. Switch VLANs: Understanding VLANs (16 min)
5. Switch VLANs: Understanding Trunks and VTP (39 min)
6. Switch VLANs: Configuring VLANs and VTP, Part 1 (35 min)
7. Switch VLANs: Configuring VLANs and VTP, Part 2 (39 min)
8. Switch STP: Understanding the Spanning-Tree Protocol (28 min)
9. Switch STP: Configuring Basic STP (21 min)
10. Switch STP: Enhancements to STP (29 min)
11. General Switching: Troubleshooting and Security Best Practices (29 min)
12. Subnetting: Understanding VLSM (18 min)
13. Routing Protocols: Distance Vector vs. Link State (26 min)
14. Routing Protocols: OSPF Concepts (30 min)
15. Routing Protocols: OSPF Configuration and Troubleshooting (39 min)
16. Routing Protocols: EIGRP Concepts and Configuration (32 min)
17. Access-Lists: The Rules of the ACL (27 min)
18. Access-Lists: Configuring ACLs (34 min)
19. Access-Lists: Configuring ACLs, Part 2 (48 min)
20. NAT: Understanding the Three Styles of NAT (20 min)
21. NAT: Command-line NAT Configuration (35 min)
22. WAN Connections: Concepts of VPN Technology (33 min)
23. WAN Connections: Implementing PPP Authentication (34 min)
24. WAN Connections: Understanding Frame Relay (28 min)
25. WAN Connections: Configuring Frame Relay (30 min)
26. IPv6: Understanding Basic Concepts and Addressing (34 min)
27. IPv6: Configuring, Routing, and Interoperating (23 min)
28. Certification: Some Last Words for Test Takers (13 min)
29. Advanced TCP/IP: Working with Binary (25 min)
30. Advanced TCP/IP: IP Subnetting, Part 1 (55 min)
31. Advanced TCP/IP: IP Subnetting, Part 2 (22 min)
32. Advanced TCP/IP: IP Subnetting, Part 3 (19 min)

Review: Rebuilding the Small Office Network, Part 1

Review: Rebuilding the Small Office Network, Part 2

Review: Rebuilding the Small Office Network, Part 3

Switch VLANs: Understanding VLANs

Switch VLANs: Understanding Trunks and VTP

Switch VLANs: Configuring VLANs and VTP, Part 1

Switch VLANs: Configuring VLANs and VTP, Part 2

00:00:00

Welcome to configuring VLANs and VTP Part 2. I plan on picking up right where we have left off where we have the switches added to the network, trunks configured, VTP is running, VLANs are replicating. Now, let's move into some of the VLAN architectural

00:00:14

design, and I have added one more topic that I'd like to talk about in this video because it ties right in, and that is configuring routing between VLANs once we have the VLANs set up and configured. So I have enhanced our network diagram from the previous video, and I went ahead and notated where the trunks were because those are now hard coded in the network. All the other ports are considered

00:00:35

access ports. You'll notice down here, I mentioned the VLANs that are in use, those are the ones that we created in the last video. One is the default VLAN and at this point everything is assigned to the default VLAN, everything is in VLAN 1. Down here, I have the sales VLAN, marketing VLAN, and engineering VLAN that is replicated between switch 1, 2 and 3, all on this network. Now as of right now, those are there and the switches have them, but they're not doing anything. So one of the last steps

00:01:06

that we have to take is to assigning the ports to the VLAN. Now, before I do that I want to do a little test. I want to bring up a command prompt here. Let me just, I'll do a start, run, CMD. Got my command prompt up. Now, this computer right here is the 192.168.1.50. You can see I have the ethernet adapter lab. This is the IP address

00:01:29

that I am using. It is, the, the computer I'm showing you right now is this guy right here, 1.50. So as of right now that PC is able to ping this PC, and well anything else in the network. Let me just verify that. I will do a ping 192.168.1.20. That's the other PC. Sure enough, I am able to ping. That's, that's reaching

00:01:50

from here to here. Let's just do a couple more test pings. I'm going to ping from here to 192.168.1.2. Sure enough that is successful. And one more, I'm just going to do to 192.168.1.1, right up here. Okay, good. That is all verified working because every port

00:02:14

is assigned to the same VLAN. So let's think about network architecture here. As soon as I type in ping 192.168.1.20, this sends out an ARP broadcast, right, to the entire VLAN saying, hello, who is 192.168.1.20? This computer receives the broadcast, responds and says, that's me, here's my MAC address, and now that PC comes over and pings the device and is able to reach that device. So we're good. We are verified

00:02:41

working between our connections. Now, let's move down to step number 4 here, assigning ports to the VLAN. This switch is attached or sorry, this is PC is attached to switch number 3 on Fast Ethernet 0/A. So I want to jump over there. Go to switch 3. I will do a show VLAN, and I can see that this one still does have the three VLANs we created; sales, marketing and engineering. However,

00:03:09

everything is assigned to Fast Ethernet 0/8 or sorry, to VLAN 1, including fast ethernet 0/8. I will do a show run interface fa0/8, and I can see this is set up to switch port mode access. It's an access port that is a non-trunking device. So, what I'm going to do is assign that. Let's move

00:03:29

that PC, the one I was just pinging from, into the sales VLAN. The way we do that is get into global config mode, into interface Fast Ethernet 0/8. I'm going to type in, well we've already, usually I'll type in switch port mode access, but we've already got that in there so that's okay. So I'll type in switch port access. Since this is an access port, it is going to

00:03:54

access and then I just type in VLAN and what number of VLAN I would like it to access. So I could say the VLAN 10, enter. Now at that point, I have now moved this PC into a new VLAN and we're going to be building this network diagram as we go. It's going to stay there. We have this PC that is now

00:04:14

in VLAN 10. Everything else is in VLAN 1. Now at this point, I'm going to just bring that command prompt right back up again, the one I was doing all those test pings from. Let's see if I can ping 192.168.1.20. Again, the PC right next to it. Nothing. Let's see, destination host is unreachable, not going to

00:04:37

happen. Timed out. Not, you know, the, the ping is failing. Let's hit the up arrow and try pinging 1.1. Nothing. Control-C, 1.2, nothing. I can tell you, nothing is going to work because we have segmented this into a separate VLAN. And remember when we do that, a VLAN equals a subnet equals a broadcast domain. That PC even thought it's plugged into the same switch

00:05:01

is completely isolated from the network, okay. Now, what I'm going to do just, just to prove this, as of right now, I'll jump back here, do that test ping to 1.20 one more time. We can see it's failing because that PC is in a separate VLAN. So when they ARP broadcasts, remember it's a broadcast that goes out, it goes to everything in VLAN 10, which is just this PC. So it goes nowhere. Nobody receives the ARP message. Now, what if

00:05:27

we add this PC into VLAN 10 as well? Well, let's check it out and see what happens. I'm going jump over to my Tera Term connection here, Control-Shift-6 X back to my access server switch 2. Now, that PC, the 1.20 is plugged into Fast Ethernet 0/8 on switch 2 as well. Now, that one I have a remote connection to. I'm sitting on 1.50. The PC at 1.20 is remotely controlled so I'll bring up that prompt. That's the remote session with the 1.20. I will do an IP config just to verify. There it is, 192.168.1.20. I am gonna ping. Let's do 192.168.1.1. Good because we're still on the, the VLAN 1 on this PC. 1.2, good, life is peachy. Now, I am going to hit the up arrow and ping 1.50, verified dead because that is the PC that is in a separate VLAN. So let's

00:06:28

do this, I'm going to minimize this guy down, bring up my switch 2, go into interface, oh, let me do a show VLAN just to verify. We've got the sales VLAN here as well. I'm going to go into interface Fast Ethernet 0/8 and do switch port access VLAN 10. Done. What that has done is now moved this computer into the same VLAN as this PC. Now, remember these

00:06:59

are trunk ports, so if this one sends an ARP broadcast saying, hey, who is this certain IP address?; that will cross the trunk with a 802.1q tag saying, I'm a part of VLAN 10. Hits this, travels down this trunk, and will come out to every port that is in VLAN 10, which should be this one and it should receive that ARP broadcast. So now that I've transitioned that over to

00:07:21

VLAN 10, I will bring up that remote session again. I will hit the up arrow, you can see before it was failing on the ping to 1.50. Hit the up arrow, do it again, and now we are successful. We can see that those, those two PCs are now able to reach each other, but look at what happened. As soon as I try and ping 1.2, dead now. Control-C, 1.1, dead. I think I've proven my point that when you segment into separate VLANs, you are really segmenting networks. Those are now on a completely separate network. So

00:07:56

remember I have said, a VLAN equals a subnet equals a broadcast domain. What I want to do is come up with a scheme to make routing possible. The first thing I want to do is I want to transition this guy over to VLAN 20 just because it would be good to have a couple of VLANs going. We can set up routing between

00:08:17

all of them to allow VLANs to reach each other. So let me bring up my prompt. Just hit the up arrow. We're still on that same switch, and I'll just say, you are in VLAN 20. Do a show VLAN and I can see there's my Fast Ethernet 0/8 segmented into VLAN 20. So with that in place, we've got these two computers that are totally isolated from the rest. They can't ping

00:08:39

each other. They can't ping anything in VLAN 1 up here. So we are dead in the water. Now, what we need to do any time we create VLANs is do some subnetting. The most common thing I see, and I think it's a great idea, is to create subnets that match VLANs number, VLAN numbers. Let me, let me talk, show you what I'm talking about. I have got VLAN 1 right now and VLAN 1 is 192.168.1.0. I'll type all this up as we perfect our network diagram so it looks prettier. So that's VLAN 1. I have got VLAN 10 which is currently, you know, assigned the IP address, 192.168.1 but you can't have that. Every VLAN needs

00:09:25

to be a subnet, so we will have this one be 192.168.10.0/24. That's what I mean when I'm talking about VLAN numbers equaling the subnet numbers. I kind of like, like the idea of using a 10 in the address so I can quickly relate VLAN 10 to that. VLAN 20; we'll make 192.168.20.0/24, okay. So we've got this new subnetting scheme that we've got in place. I'll need to go in and change all the

00:09:59

IP addresses. I might as well do that here. At this point, you probably know how to change IP addresses. Okay, you know how to change IP addresses, but I'll do it here just because I've got the recording going. This is Windows Vista. So maybe in Windows

00:10:14

Vista you haven't changed IP addresses. The manage network connections because right now I've got my wireless and local. I'll go to the properties for the local. Now, this one is going to move to VLAN 20. So we'll say this is 192.168.20.20. Now, just change them over to a different subnet. Now, I haven't set up a

00:10:36

default gateway yet, but if I do, I'm gonna make it 20.1 that it, it's able to use. Click OK, okay on there and we've got that IP address changed. I will change the IP address on my computer later because there's some tricks I need to do on that because that's what I'm recording on so it will kind of hold up my recording if I do that. So this one is now going to be changed over to 20.20. And when we are setting up routing between VLANs we really have three separate options.

00:11:03

Those three options are, number one; using a separate port to each VLAN, two, a router-on-a-stick. That is its technical name, not a, it's like a corn dog router. It's, that's, I'm not making that up. You can Google that and you'll find router-on-a-stick

00:11:18

configurations. And third is layer 3 switching. Now, at the CCNA level, before I describe each one of these, you are expected to do one and two from this list. The CCNP will actually move into layer 3 switching. But I'm telling you, layer 3 switching is so easy. I think I am gonna show it to you in this video. So first off, separate

00:11:42

port to each VLAN. Now, you can see that we've got a little example here. We've got two VLANs, VLAN 50 and 51. This computer up here will say 1.50 is assigned to VLAN 50, and this computer right here, 2.50, is assigned to VLAN 51. Now, we could go to our router and plug it in to a switch, put one port into VLAN 50 and, you know, assign that port to VLAN 50 right here on the switch. Put the other port into VLAN 51, and assign that port to that respective VLAN. Configure

00:12:15

these with respective IP addresses from each subnet. For instance, 1.1 is from the subnet we're using here for the 1.50 and 2.1 is from this subnet we're using here for 2.50. So what we would do is set the default gateway on this PC to that IP address that, you know, within its VLAN. The default gateway in here would be this IP address.

00:12:39

So if 192.168.1.50 pinged 2.50, it would actually go out of the switch, reach the router on Fast Ethernet 0/0, the router would to look at it and say, oh, well, you're going out this interface, into the same switch on VLAN 51 and come out and ping this device. Now, the problem with doing

00:12:58

a separate port to each VLAN is it's just not practical nor is it scalable. Meaning the more VLANs you add, it is not uncommon in, in companies to have 50, 60 different VLANs. I mean there's just not a router that exists that has 50 or 60 different Fast Ethernet ports, and if it did, it would just be insanely expensive. So what, you know, it's, it's first off not

00:13:22

really practical interface wise. It's just ugly wiring wise because you're wasting a switch port for every single router connection that you need to have and so on. So it works, it's doable but not practical. That's why CISCO came out with a router-on-a-stick.

00:13:37

That's, that's the name. What it does is configure a trunk connection to the router. Now, remember a trunk connection forwards all VLAN traffic. So when this computer wants to reach its default gateway, you know, 1.1, it will come out across the trunk. When this one wants to reach its default gateway, it will come

00:13:58

out the trunk as well. Now, there are some configuration thoughts that have to go into this as in, you know, what IP address are you going to give that interface and how are you going to set that all up. But that, I've got a separate slide just for that. So I'm going to

00:14:10

save that discussion till then. The last kind of method that we can use to route between VLANs is a layer 3 switch. What this is is a router inside of a switch. You'll, you'll hear this term slung around all over the place, layer 3 switching, layer 3 switching. A lot of people say multilayer switching. It is a router inside of the switch. It's, it's like

00:14:33

this concept, I wish I could animate this and imagine me putting my hand right here and just going err-ugh and smooshing that router into the switch because that's exactly what a layer 3 switch is, a router inside of a switch. Instead of having an outside router, we create VLAN interfaces on that layer 3 switch that is reachable by everything inside of that VLAN. So

00:15:01

for example, if this, this computer right here is assigned to VLAN 51 and I chose 192.168.2.0 as the subnet for VLAN 51, well I could create a virtual interface on this switch called interface VLAN 51 and give it an IP address which is immediately reachable by this PC and it can come into that switch just like it would be, you know, coming into this router right here or coming into this router right here and say, I would like to reach, you know, this other PC? And the switch would say, great, let me just switch over here to the separate VLAN, and now you're able to reach that separate subnet. You know, while we're

00:15:36

here, I'm, I'm really going to spend a lot of time on the router-on-a-stick configuration because that's what the CCNA exam expects you to do, and you'll see a lot in, in lab environments and, and even in the real world. So let me show you the layer 3 switching right now. I'm going to, this is kind of on the fly so

00:15:55

forgive me if it completely blows up. I'm going to bring out our network diagram back over. This switch right here is a layer 3 switch. And just to give you a general idea, these are layer 2 switches. They don't have layer 3 capabilities. So layer 2 switch, general price of about, you know, approximately, we'll say 400 bucks for a brand new 24-port layer 2 managed switch. Now, that is a pretty decent price. Layer 3 switch, for the same amount of port, same speed, 100 meg per second, layer 3 switch is probably at about 2,400 bucks, they're the same bucks. It costs that much more because it's a huge software upgrade that allows your switch to do routing capabilities. So

00:16:43

switch number 1 is a layer 3 switch. So let me show you how you would set one up. I'm going to grab my configuration window. Like I said, it's kind of on the fly. So as of right now, let's see. Is this going to work? Yeah, we'll see, hmm. Down here I have

00:17:02

VLAN 20, right, which I went at and re-assigned this, this PC in that VLAN. 192.168.20.20 is its IP address. Now, as of right now that's totally isolated from the rest of the network because everything is assigned to VLAN 1, which is 192.168.1.0. Well, if I was configuring a layer 3 switch, what I could do is go up to switch 1, let me do that right now, and I am going to do a show IP interface brief. Now, you can see it has

00:17:32

one interface in VLAN 1, 192.168.1.10. That's its IP address we're using to telnet to it and so on. But watch what I am gonna do. I am going into interface VLAN 20. Now, remember when we created VLANs, right, in the previous video, we didn't type interface VLAN 20, we just typed in VLAN 20. That creates a VLAN. Interface VLAN 20 creates a new layer 3 interface for that VLAN. Let me move on with this configuration, and then

00:18:03

I will explain how it works. I'm going to give this, the IP address, 192.168.20.1. 255.255.255.0, okay. Now, I am gonna do a show, show IP interface brief now that I have done that and notice we have got a switch with two VLAN interfaces, VLAN 1 and VLAN 20. Now, there's one more command I need to do on a, on a switch. This is the layer 3 command, IP routing. What that does is that it says, turn on the routing

00:18:38

capabilities of the switch. It is like a big light switch inside of that switch that just went click and it's now able to run routing capabilities. So remember this, this PC that wasn't able to reach anything before? Let me go back to it. Where is it at? Right here. I'm going to

00:18:54

bring up a command prompt on that PC. It's kind of out of your window, but I'll bring it up right here. Do an ipconfig and I can see I have got 192.168.20.20 is the IP address. Notice the default gateway, 20.1. It's the same IP address I gave the layer 3 switch. Let me ping it. Hmm, oh, just like, now like I said, this was on the fly.

00:19:24

But there it is. It just takes a second to respond the first time. There we go. We've got the, the ping coming back successfully. So 20.1 is responding. Now, who is 20.1? Check it out. I am going to type in telnet 192.168.20.1. Forgive the characters kind of glitching. This is

00:19:39

a remote session so it's with the remote PC so it is a little glitchy on the graphics. So I telnet over and check out, oh, man. Look at where I am, I am on switch 1. Switch 1 is now responding to that IP address that I just gave it. So here's the big picture. This switch has an IP address in each VLAN.

00:20:00

192.168.1.10 is in VLAN 1. It also has 192.168.2.1/24 that is in VLAN 20. Since it's a router inside, I can actually go from this PC into the switch as my default gateway. The switch gets it on its layer 3 routed interface and says, well let me route you over to VLAN 1. Check it out. I'm going to jump back over to, so where was I? This remote session with the PC. I am gonna ping 192.168.20.1, again my default gateway.

00:20:38

Now, let me ping 192.168.1.10. No, yes, yes, no. Dah! Failure. No, I'm just, it fell apart. I just, I, I thought of something as soon as, as soon as I put this together. The problem as of right now is that all of these other devices in VLAN 1 don't know that this 192.168.20.x subnet exists. Meaning I haven't turned on a routing protocol that's advertising that to some, everybody else. So if I were to actually do a trace

00:21:18

route and follow packets, I would be able to see that the packets can reach devices in VLAN 1, but because I haven't set up true routing to where they know that the 20.x subnet exists, that should be 20.1, the 20.x subnet exists, they, they don't know where to send it back. So the, the, the end to end ping isn't gonna work

00:21:41

but the concept is still good. I am telling you, this is great. This is, it's great stuff. That is how you can configure a layer 3 switch, which is just adding VLAN interfaces to the switch and it's then able to route between them just like, just like this except it's all inside of the switch.

00:21:59

Alright, now that I've shown you how a layer 3 switch works, let's talk about how we do it at the CCNA level. Understanding a router-on-a-stick. This is a viable method to route between VLANs that actually works quite well, and I'll tell you why. First, it looks very inefficient, but it actually works very well. The

00:22:19

devices that are plugged into the separate VLANs, we have VLAN 50 up here, VLAN 51, and just for the sake of argument, VLAN 50 is 192.168.1.0/24 and VLAN 51 is 192.168.2.0/24. So those are the subnets that are assigned. These PCs are placed in those VLANs.

00:22:41

A router-on-a-stick will enable a trunk link between the router and the switch, meaning all VLAN traffic is being sent. But the problem is, remember I said a VLAN equals a subnet. So if a VLAN equals a subnet, what IP address do you give the router's interface? The answer is none. The physical

00:23:05

interface itself does not get a IP address. We create sub-interfaces of that interface. Now, this is a brand new concept to this track. Sub-interfaces allow you to take one interface and break it into many. As a matter of fact, let's jump back to our network diagram here, which is getting a little messy. I have to clean it up. This router right here, router 2, I plan on being a router-on-a-stick. The one requirement that

00:23:35

you need to have for a router-on-a-stick is it has to be a fast ethernet interface or greater. That's why I'm not using router 1 is that is a 10 meg interface, just ethernet. That is not allowed to do a router-on-a-stick because it needs more bandwidth. There's a lot

00:23:49

of traffic that will be coming in and out. So with this router-on-a-stick concept, we can split that one interface on router 2 into multiple sub-interfaces that allow router 2 to receive packets on one sub-interface and route them right back around on another. So let me bring up the configuration window.

00:24:10

Now, I'm going to open a session to router 2. Oops, I've got my switches open right now. Ignore that. That's a issue with my access server. So I am going to get into router 2, do a show IP interface brief. Now as of right now it has an IP address on Fast Ethernet 0/0 which is 192.168.1.2. That is, that is the known IP address that we've been using on VLAN 1. What I'm going to do is step it up a notch and start creating sub-interfaces.

00:24:44

I'm going to type in interface Fast Ethernet 0/0., and I'm going to hit a question mark. Hoo Nelly, look at that, up to 4 billion 294 million 670 or 900, a big number, a huge number of sub-interfaces. Now, if you actually try to create that many, I'm sure your router would eventually run out of memory. The

00:25:09

point of giving you such a big range is allowing you to pick whatever interface number that you want. Let, let me jump back to our network diagram here. As a matter of fact, hang on one second. I've got a network diagram that I have already pretty done for just what we're about to do. I have router 2's Fast, Fast Ethernet 0/0 that still communicates with VLAN 1. You can mentally think VLAN 1 right there. But I'm gonna create two sub-interfaces, Fast Ethernet 0/0.10, which will communicate with VLAN 10, and Fast Ethernet 0/0.20, which will communicate with VLAN 20. Now, I'm going to need to configure a trunk port that moves from Fast Ethernet 0/4 on switch 3 to router 2 in order for this to happen because otherwise it's not gonna to send VLAN 10 and 20 traffic down to router 2. But before I configure the trunk port, let me get router 2 set up the rest of the way. We've got right at the, the sub-interface part, so I can type in sub-interface Fast Ethernet 0/0.20. As soon as I do that, notice it takes me into this subif configuration mode where it's just magically created a brand new interface for me. I'll give it the IP address

00:26:22

192.168.20.1 and hit enter. Oh, I can't type these commands out of order. It says, configuring IP routing on a LAN sub-interface is only allowed if that sub-interface is already part of the an IEEE 802.10, IEEE 802.1q or ISL VLAN. Meaning I need to tell this router that this sub-interface will respond to packets coming for a specific VLAN. The way I do that is I

00:26:54

type in encapsulation, I have to spell it right, encapsulation.1q and then tell it what VLAN it responds for, VLAN 20. Now, oh, it just gives you a little warning. By the way, if your interface doesn't support baby giant frames, maximum MTU, you know, and so on, I'll talk about what that message means in just a moment. Let me finish this configuration. I've got encapsulation.1q 20 saying, this sub-interface responds for VLAN 20. I will hit the up arrow twice and now assign that IP address without any problem.

00:27:30

Drop back out, type in interface Fast Ethernet 0/0.10. Let's create the sub-interface that's going to respond for VLAN 10. Hit the up arrow a couple times, get back my command for encapsulation.1q 20. Now, let's say, this one is 10. Now, just a side note, I don't need to make this sub-interface number match the actual VLAN it works for. It's really good

00:27:54

practice. It avoids a lot of confusion, but this is the command that actually tells the router that Fast Ethernet 0/0.10 responds for packets to VLAN 10. I could make that sub-interface, you saw the range, 4 billion 200 million if I wanted to. But this is what ties it to VLAN 10. Now, I'll hit the up arrow, shoot back over here, do 10.1. So now, if I hit Control-Z and do a show IP interface brief, I have a router here that now has interfaces for VLAN 1, that's Fast Ethernet 0/0, VLAN 10 and VLAN 2 with a respective IP address from that VLAN. Now, all I have to do is assign, and I lost

00:28:41

my dotted lines there when I changed network diagrams. I I need to assign this PC from VLAN 10, an IP address from that VLAN which is 10.50, I typed it out there, and to put its default gateway to point, chooo, right there to 192.168.10.1. This PC over here in VLAN 20 will be assigned an IP address from that VLAN and point to this, choooo, as its default gateway, 20.1. So when these ping each other, now you can see why it got the name router-on-a-stick, this message will cross a trunk link through the trunk link, down through the switch, over to the router, into the interface responding for VLAN 20, 20.1. It will do some loop around in that router, come back out on VLAN 10. It's tagged as being part of VLAN 10, pass these trunks, whoops, make a U-turn because it missed the, the exit point, and come down and ping this device in VLAN 10. Now, with all this in place, I want to make sure I answer the big why. Why on earth are we going

00:29:49

through all of this hassle to create these VLANs and segment these computers and all that? Well, think back to our original point of why we have VLANs in the first place. Number one is to reduce the size of our networks. The more PCs you have on a network,

00:30:04

if everything stays on VLAN 1, the broadcast amount keeps getting greater and greater and greater. So these PCs will start flooding the network with broadcasts. So by breaking them into VLAN 10 and VLAN 20, all the broadcasts for VLAN 10 stay on VLAN 10 and VLAN 20 stays on VLAN 20. The second reason why is as soon as I have them going through a router, and we haven't talked about how to do this yet, but we can do it and we'll do it later in the series, is we can set up a access list that prevents VLAN 10 computers from reaching VLAN 20. I can set an access boundary to say that maybe only these computers could cross that boundary or, or this computer during this certain time of day can access that but, you know, other times of the day can't. There's a lot you can do with access

00:30:51

control and access list. And as soon as you put things in separate VLANs and route between them, that becomes an option. Without it, you have no hope for security between those two devices on the same VLAN. So at that point, we now have the sub-interfaces configured on the router. Let

00:31:08

me go back. I mentioned I was going to talk about this. To the message that it, it brought up, it says, if the interface doesn't support baby giant frames, maximum MTU of the interface has to be reduced by 4 bytes on both sides of the connection to properly transmit or receive large packets. Please refer to documentation

00:31:25

and so on. What that means is normally on a ethernet network, the biggest packet you can send is 1500 bytes. That is the largest packet size that you can. But when you slip a shim, remember the tag, you put a little shim, a 4-byte shim on a trunk link to identify what VLAN it belongs to, you've actually increased the packet size to 1504 bytes. That's what people consider a, it's kind of a funny name, a baby giant. It's, it's not, it's not way big, it is just kind of

00:32:03

big. It's bigger than what you normally send. So it's saying the router and the switch has to be able to support that, and in this case they do. Since they're both CISCO, as soon as you set this up, they automatically adjust the maximum transmission unit down to 1496 bytes. So if you add the tag back in, it, it goes to that maximum ethernet it can handle which is 1500 bytes. So that's what that message is all about.

00:32:26

Now, I need to go to the other side in order to make this work and configure switch number 1 with a trunk link going over to that router. So let me bring up my console connection to that switch, switch 3. I got it right here. And I'm going to type in, let's do a show CDP neighbors,

00:32:45

and we can see that router 2 is attached to Fast Ethernet 0/4, and I can see that, that connection is there. What I'm going to do is go under that interface, interface Fast Ethernet 0/4 and do a switch port mode trunk, which converts it over from an access port over to a trunk, thus matching my little red T that I have on the line there. That is now

00:33:08

trunking so that all the VLAN traffic will go to that router. Now, what I have left to do is to attempt to ping from this PC. Let's, let's ping and see if we can reach that sub-interface on the router 2. Then I'd like to start pinging into other VLANs because since router 2 is a router, it will be able to route us in Fast Ethernet 0/20 and then it can come right back out, you know, Fast Ethernet 0/0 into VLAN 1, or it could come out Fast Ethernet 0/10 and reach VLAN 10 devices over here. So let's, let's try that. I'm going to bring up my connection. This is the PC. I'll do that ipconfig.

00:33:48

This is the 20.20 PC that is in VLAN 20. Let's see if we can ping our default gateway, 192.168.20.1. By the way, if you're curious, I removed that layer 3 switch configuration during one of the, the breaks in my recording, and you can see that I can ping 192.168.20.1, which is my default gateway, which is the router-on-a-stick.

00:34:11

Now, I'm going to try and ping 192.168.10.1 which is the IP address of the other sub-interface through the router, not just to the router. So I'm going to do 10.1, hit enter, and sure enough we're getting there. Let's do this, let's ping 192.168.1.1, which is a IP address over on VLAN 1, but it's not going to work.

00:34:42

I think of these things too late. The reason why it's not going to work, here again this is the same exact thing that happened with the layer 3 switching. Let's do a packet trace here. When I ping 192.168.1.1, it comes to its default gateway and says, oh, 20.1, you are received. Let me send you out onto VLAN 1. So it goes out, you know, comes out of here, on to VLAN 1, comes up, it's actually reaching 1.1 which is this router up here, and when the router gets it, it's going, who's 192.168.1.20? Meaning I don't have a route for 192.168.1.20. Let me, let me actually take you over to router 1. I'm just going to step this up a big level right here. I'm going to go to

00:35:26

router 1, oh! I have an old, old access server where I actually have to clear lines multiple times, and sometimes it just does that and gives me a bunch of errors. Alright, there we go. So we've got router 1. I'm going to do a show IP route on router 1. Now, you can see that it knows about 192.168.1.0, .2.0, and.3.0 because it's learned about this via RIP. It's learned about this because it's a

00:35:55

connected interface. So what I would like to do is I would like to add a static route on router 1 that tells it about the 192.168.20 subnet, the one that we just created over here in VLAN 20. And I'm going to say to reach that that subnet, use the next hop IP address of 1.2, which it can get to, which is the router-on-a-stick which is able to route to VLAN 20. So here's how that's going to look. Go on to router 1, do IP route 192.168.20.0. That's the subnet we're trying to reach, the new VLAN.

00:36:30

255.255.255.0 and our next hop IP address will be 192.168.1.2 which is the IP address right here of router 2. Enter. So at this point, I should at least be able to ping 192.168.20.1, which is the default gateway on router 2, to reach VLAN 20. And sure enough I am. So now let's jump back here. You can see the, the ping was just

00:36:55

failing for 1.1. Hit the up arrow, try it one more time, and now we are successful. The reason I wanted to do that, and I wanted to make sure that ping is working, is because I want to do a trace route, trace route to 192.168.1.1. Watch what's going to happen here. Oh, stupid Windows Vista.

00:37:19

It turns on name resolution for trace route. Where is it? Right there, -d. Do not resolve addresses to names. So I'm going to do a trace route, trace route -d 192.168.1.1. Otherwise, it just takes forever because it's saying, what name, you know, belongs to 192.168.1.1? So I do that and right there, look at that. It shows

00:37:49

where you, where you're going to. First hop, 192.168.20.1. That's our router-on-a-stick. Second hop is there. So that proves that we're going through our router-on-a stick to get there rather than just being able to get directly there, and I, I think you saw it just based on the pings and tests I was doing that you're not able to, to ping from a VLAN without router capabilities. So that is, that is a router-on-a-stick.

00:38:13

And what I'm planning on doing is putting up this VLAN screen and keeping these machines permanently in VLAN 10 and VLAN 20. Now this machine I'm not really going to test in this one, because like I said it's the one that I'm recording on. If I change its IP address, things will start blowing up.

00:38:29

But that, that will, I'll, I'll reconfigure before the next video, and it will be our second host that is able to ping between the two VLANs and between the rest of the network. Forgive me, I know we went a little longer in that video, but it was good stuff. It really puts all the VLAN concepts

00:38:47

together in, into what VLANs are designed to do. So to wrap this series, this mini series on VLANs and and VTP up, we walked through and enhanced our network. We added a few switches. We configured trunking. We set up VTP to replicate the VLANs, and then we configured the VLANs themselves, VLAN 10, 20 and 30 to replicate between the switches. In this video, we assigned those switchboards to

00:39:12

their respective VLANs, 10 and 20 in this case, and then configured routing on the VLANS using a router-on-a-stick. Now, as I'm going through the series, each concept is building upon the last, so we're gonna keep the VLANs there throughout the rest of the series. It will help us get comfortable with them and also give us

Switch STP: Understanding the Spanning-Tree Protocol

Switch STP: Configuring Basic STP

Switch STP: Enhancements to STP

General Switching: Troubleshooting and Security Best Practices

Subnetting: Understanding VLSM

Routing Protocols: Distance Vector vs. Link State

Routing Protocols: OSPF Concepts

Routing Protocols: OSPF Configuration and Troubleshooting

Routing Protocols: EIGRP Concepts and Configuration

Access-Lists: The Rules of the ACL

Access-Lists: Configuring ACLs

Access-Lists: Configuring ACLs, Part 2

NAT: Understanding the Three Styles of NAT

NAT: Command-line NAT Configuration

WAN Connections: Concepts of VPN Technology

WAN Connections: Implementing PPP Authentication

WAN Connections: Understanding Frame Relay

WAN Connections: Configuring Frame Relay

IPv6: Understanding Basic Concepts and Addressing

IPv6: Configuring, Routing, and Interoperating

Certification: Some Last Words for Test Takers

Advanced TCP/IP: Working with Binary

Advanced TCP/IP: IP Subnetting, Part 1

Advanced TCP/IP: IP Subnetting, Part 2

Advanced TCP/IP: IP Subnetting, Part 3

Please help us improve by sharing your feedback on training courses and videos. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus
16 hrs 32 videos

COURSE RATING

Basic Plan Features


Speed Control
Included in this course
Play videos at a faster or slower pace.

Bookmarks
Included in this course
Pick up where you left off watching a video.

Notes
Included in this course
Jot down information to refer back to at a later time.

Closed Captions
Included in this course
Follow what the trainers are saying with ease.

NuggetLab
Files/materials that supplement the video training

Premium Plan Features


Practice Exams
These practice tests help you review your knowledge and prepare you for exams.

Virtual Lab
Use a virtual environment to reinforce what you are learning and get hands-on experience.

Offline Training
Included in this course
Our mobile apps offer the ability to download videos and train anytime, anywhere offline.

Accountability Coaching
Included in this course
Develop and maintain a study plan with assistance from coaches.
Jeremy Cioara
Nugget trainer since 2003