Some networks want no VLAN 1 access from non-VLAN 1 hosts and some networks require management access to VLAN 1 from any other VLAN using access-lists to control who may have ac-cess to
Trang 1Lab 5.3.7 Etherchannel Misconfiguration Troubleshooting
Fa 0/12 Trunk 802.1q
Crossover Connection
ALSwitch 10.1.1.3
2900XL-Ent
DLSwitch
10.1.1.2
4006 L3
Client 10.1.10.2/24
DLRouter
10.1.1.1
VLAN 1 Network : 10.1.1.0/24 VLAN 1 Gateway : 10.1.1.1 VLAN 10 Network : 10.1.10.0/24 VLAN 10 Gateway : 10.1.10.1
Objective
Switch management includes the ability to communicate to all switches through
a routed environment This requires that all switches be properly configured with the necessary TCP/IP settings Some networks want no VLAN 1 access from non-VLAN 1 hosts and some networks require management access to VLAN 1 from any other VLAN using access-lists to control who may have ac-cess to VLAN 1 from other VLAN’s
Scenario
As the Enterprise Network Administrator, you have a medium switched net-work The network is functioning well Network administrator workstations are located on VLAN 1 This VLAN is used to manage network switches and
routers Administrators would like to administrate the network devices from VLAN 10 so you change their access switch ports to VLAN10 and their work-station IP addresses They report they are unable to communicate to any devices on VLAN 1 from VLAN 10 except the DLRouter at 10.1.1.1
Lab Tasks
Cable the lab as shown in the diagram
Clear the DLRouter configuration using the following commands:
Router#erase start
Erasing the nvram filesystem will remove all files! Continue? [confirm]y[OK]
Erase of nvram: complete
Router#reload
Proceed with reload? [confirm]y
Clear the DLSwitch configuration using the following commands:
Console> (enable) clear config all
This command will clear all configurations in NVRAM
This command will cause ifIndex to be reassigned on the next system startup
Trang 2Do you want to continue (y/n) [n]? y
2001 Jun 16 12:29:45 %PAGP-5-PORTFROMSTP:Port 2/1 left bridge port 2/1
.2001 Jun 16 12:29:45 %PAGP-5-PORTFROMSTP:Port 2/2 left bridge port 2/2
2001 Jun 16 12:29:45 %PAGP-5-PORTFROMSTP:Port 2/3 left bridge port 2/3
Console> (enable) reset
This command will reset the system
Do you want to continue (y/n) [n]? y
Clear the ALSwitch configuration and VLAN database using the following com-mands:
ALSwitch#clear start
Erasing the nvram filesystem will remove all files! Continue? [confirm]y[OK]
Erase of nvram: complete
ALSwitch#delete vlan.dat
Delete filename [vlan.dat]?
Delete flash:vlan.dat? [confirm]y
ALSwitch#reload
Proceed with reload? [confirm]y
Load the configuration file called Lab5-3-7-DLRouterBrokenConfig.txt into
the DLRouter router
Load the file called Lab5-3-7-DLSwitchBrokenConfig.txt into the DLSwitch
switch
Load the file called Lab5-3-7-ALSwitchBrokenConfig.txt into the ALSwitch
switch
Configure the client with the ip address, default gateway, and subnet mask listed in the diagram
Step 1
Define your problem From the management workstation ping all interfaces on VLAN 1 and VLAN 10
Step 2
Gather the Facts
Based on the current information you have, issue the following commands to narrow down your possibilities
Console into each device and ping the interfaces on VLAN1 and VLAN10 Ping from the ALSwitch
ALSwitch#ping 10.1.10.1
Trang 3Type escape sequence to abort
Sending 5, 100-byte ICMP Echos to 10.1.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/202/1001 ms
ALSwitch#ping 10.1.1.1
Type escape sequence to abort
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/6/26 ms
ALSwitch#ping 10.1.1.2
Type escape sequence to abort
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/9/11 ms
ALSwitch#ping 10.1.10.2
Type escape sequence to abort
Sending 5, 100-byte ICMP Echos to 10.1.10.2, timeout is 2 seconds:
Success rate is 0 percent (0/5)
Ping from the DLSwitch
DLSwitch> (enable) ping 10.1.10.2
10.1.10.2 PING Statistics
5 packets transmitted, 0 packets received, 100% packet loss
DLSwitch> (enable) ping 10.1.1.2
!!!!!
10.1.1.2 PING Statistics
5 packets transmitted, 5 packets received, 0% packet loss
round-trip (ms) min/avg/max = 1/2/7
DLSwitch> (enable) ping 10.1.1.1
!!!!!
10.1.1.1 PING Statistics
5 packets transmitted, 5 packets received, 0% packet loss
round-trip (ms) min/avg/max = 6/7/8
DLSwitch> (enable) ping 10.1.10.1
!!!!!
10.1.10.1 PING Statistics
5 packets transmitted, 5 packets received, 0% packet loss
round-trip (ms) min/avg/max = 7/8/12
Ping from the DLRouter
DLRouter#ping 10.1.1.3
Type escape sequence to abort
Sending 5, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms
DLRouter#ping 10.1.1.2
Type escape sequence to abort
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms
DLRouter#ping 10.1.10.2
Type escape sequence to abort
Sending 5, 100-byte ICMP Echos to 10.1.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
Trang 4Step 3
Based on your observations there appears to be a problem with communica-tions to/from the management workstation So the problem appears to be at the router
Step 4
List the possible causes of this problem Use the information you have and your knowledge of switches and routers to isolate the problem
Step 5
Create an Action Plan
Step 6
Implement the Action Plan
Step 7
Observe the Results of the Action Plan
Step 8
Document your work