Reading: Finish me!
In this lab, you will configure routing between two VLANs using a "router on a stick."
The Packet Tracer model for this lab can be made by modifying the model you created for Lab #8. If you choose to do this, record the commands you used to make the necessary adjustments. Also note that the steps below are written on the assumption you will build a new model from scratch. If you modify the existing Lab #8 model, you will have to adjust the order of the steps somewhat (up to where you configure the router).
Using Packet Tracer, construct the following network:
| Device | Interface | IP Address | Subnet Mask | Default Gateway |
|---|---|---|---|---|
| R1 | G0/1.1 | 192.168.1.1 | 255.255.255.0 | N/A |
| G0/1.10 | 192.168.1.10 | 255.255.255.0 | N/A | |
| G0/1.20 | 192.168.1.20 | 255.255.255.0 | N/A | |
| Lo0 | 209.165.200.225 | 255.255.255.224 | N/A | |
| S1 | VLAN 1 | 192.168.1.11 | 255.255.255.0 | 192.168.1.1 |
| S2 | VLAN 1 | 192.168.1.12 | 255.255.255.0 | 192.168.1.1 |
| PC-A | FE0 | 192.168.10.3 | 255.255.255.0 | 192.168.10.1 |
| PC-B | FE0 | 192.168.20.3 | 255.255.255.0 | 192.168.20.1 |
Here are the switch port assignments:
| Port | Assignment | Network |
|---|---|---|
| S1 Fa0/1 | 802.1Q Trunk | N/A |
| S2 Fa0/1 | 802.1Q Trunk | N/A |
| S1 Fa0/5 | 802.1Q Trunk | N/A |
| S1 Fa0/6 | VLAN 10 Student | 192.168.10.0/24 |
| S2 Fa0/18 | VLAN 20 Faculty | 192.168.20.0/24 |
As with the previous lab, use 2960-24TT switches and a 1941 router. Be careful to connect each line to the indicated interface.
As usual, configure the basic settings (Global Settings and Console Access; you do not need to configure remote access for this lab) on all the devices.
Configure the network interfaces and default gateways (on the switches and the PCs) using the addresses shown in the addressing table. On the router do not configure the G0/1 interface yet, but configure the loopback interface. Note to instructor: The loopback address is not used in this lab; it should be removed!
Create the faculty and student VLANs on both switches, and assign the switch ports connected to the PCs to the appropriate VLAN.
Use the show vlan command on both switches to verify your work.
Define a trunk between the two switches, and define a trunk between S1 and the router. Let the two trunks carry all VLANs of interest (1, 10, and 20). At this point, the switches should be able to ping each other, but the PCs should not be able to ping anything (why not?)
On the router use the commands below to create and configure sub-interfaces:
R1(config)# interface g0/1.1 R1(config-subif)# encapsulation dot1Q 1 R1(config-subif)# ip address 192.168.1.1 255.255.255.0 R1(config-subif)# interface g0/1.10 R1(config-subif)# encapsulation dot1Q 10 R1(config-subif)# ip address 192.168.10.1 255.255.255.0 R1(config-subif)# interface g0/1.20 R1(config-subif)# encapsulation dot1Q 20 R1(config-subif)# ip address 192.168.20.1 255.255.255.0 R1(config-subif)# exit R1(config)# interface g0/1 R1(config-if)# no shutdown R1(config-if)# exit
These commands create three virtual interfaces associated with a single physical interface. The encapsulation protocol is then specified as IEEE 802.1q (meaning tagged Ethernet frames). Finally, a layer-3 IP address is assigned to each virtual interface.
At this point, the two PCs should be able to ping the corresponding sub-interface on the router (i.e., the sub-interface that is in the same IP subnetwork). They should also be able to ping the loopback interface on the router, but still not be able to ping each other (why?).
Now configure OSPF on the router in the usual way to route between all the IP networks it knows about. After doing this, the PCs should be able to ping each other (why?). Verify that at this point the PCs can ping the SVIs in the switches.
On the router, configure an ACL that allows systems on the Faculty subnetwork access to the SVIs, but blocks all others. You can use either a "standard" ACL or an "extended" ACL (your choice). Apply the ACL to the proper outgoing sub-interface.
Verify that the student and faculty PCs can still ping each other, that the faculty PC can still ping the SVIs, but that the student PCs can no longer ping the SVIs.
Note that VLANs are being used here to partition systems into various classes, regardless of their physical location on the network. ACLs are then used to control access to resources based on class membership.
For this lab, submit your final PacketTracer model, along with a document containing the commands you used to configure your devices, and your answers to the questions. The preferred document format is PDF, but Word, ODT, or plain text is also acceptable.
Last Revised: 2023-11-01
© Copyright 2023 by Peter Chapin <peter.chapin@vermontstate.edu>