<PARA><DROPCAP>R</DROPCAP>outers break up broadcast domains. Layer 2 switches are used to break up collision domains. If you connect all your switches together, they will be in one broadcast domain. You can break up broadcast domains in layer 2 switched networks by creating virtual LANs (VLANs). However, the hosts within a VLAN can communicate only within the same VLAN by default. </PARA>
<PARA>For devices in one VLAN to communicate with devices in a different VLAN, they must be routed through a layer 3 device. This is called <KEYTERM>inter-VLAN</KEYTERM> routing. You can perform inter-VLAN routing with internal route processors in a layer 2 switch or with an external router called an <KEYTERM>external route processor</KEYTERM>. </PARA>
<PARA>In this chapter, we will cover both internal route processors, known as Route Switch Modules (RSMs), and external route processors and how to configure them for inter-VLAN configuration.</PARA>
<SECTION ID="6.1"><TITLE>Routing between VLANs</TITLE>
<PARA><DROPCAP>A </DROPCAP>VLAN's main job is to keep local traffic local, which it does very well. We have already mentioned in this course that you cannot communicate between VLANs without a router (layer 3 device), so understanding the configuration of VLANs and understanding routing go hand in hand.</PARA>
<PARA>Route processors provide the communication that hosts need between VLANs. However, if you are using local VLANs (see <NOBR REF="3">Chapter 3</NOBR> for a thorough explanation), you want to design your networks so at least 80 percent of the users' traffic does not cross over into another VLAN. Therefore, you should design the network so that the users have access to local servers and other needed resources to prevent excessive packets from crossing the route processor. </PARA>
<PARA>VLANs should be configured one for one with IP subnet designs. What this means is that you need to create a subnet mask for your network, then design your VLANs around the subnet design. For example, if you have engineering, marketing, sales, and support departments, you will typically-not always, but typically-create a subnet for each department, making sure you have room for growth. You would then create a VLAN for each department. In <NOBR REF="3">Chapter 3</NOBR>, we discussed the difference between local and end-to-end VLANs. Regardless of the type of VLAN you configure, each of these types would associate with a subnet.</PARA>
<PARA>Each device within a VLAN would have a default gateway of the inter-VLAN device connected to its LAN. The inter-VLAN device would then route any packets with a destination not on the local network. </PARA>
<PARA>Before configuring routing between your VLANs, you need to understand the type of data sharing that is needed. By understanding the user and business needs, you can design the network with load balancing and/or redundant links if needed. </PARA>
<PARA>There are basically three options that you can choose from:</PARA>
<LIST MARK="bullet">
<LISTITEM><PARA>Multiple links</PARA></LISTITEM>
<LISTITEM><PARA>A single trunked link</PARA></LISTITEM>
<SECTION ID="6.1.1" POS="1"><TITLE>Multiple Links and A Single Trunked Link</TITLE>
<!-- <PARA>You can configure your VLANs to communicate by connecting a router interface into a switch port that is configured for each VLAN. Each workstation in the VLAN would have its default gateway configured for this router interface. Figure 6.1 shows how this might look in an internetwork.</PARA> -->
<SLUG NUM="6.1">Figure 6.1: Routers with multiple links [f0601.eps]</SLUG>
<!-- <PARA>This is not a bad solution, but it does not scale well when you have over four or so VLANs. It depends on the type of router you have. For every VLAN, you need to have a router interface (typically FastEthernet or Gigabit Ethernet) so a larger, more expensive router can have more interfaces without being saturated.</PARA>
<PARA>The more VLANs you have, the more router interfaces you have to purchase with the router. Also, you should have a fast router like a high-end (at least a 4700 or 7000 series) router that can route quickly so the router does not become a bottleneck. Cost then becomes the issue with multiple links. </PARA> -->
<!-- </SECTION>
<SECTION ID="6.1.2"><TITLE>A Single Trunked Link</TITLE>
<PARA>Another possible solution to routing between VLANs is creating a trunked link on a switch and then using a frame tagging protocol such as ISL or 802.1q (which are used to identify frames as they traverse FastEthernet and Gigabit Ethernet links) on the router. Cisco calls this solution "router on a stick."</PARA>
<PARA>Figure 6.2 shows how the internetwork might look with a single trunked link for all VLANs. </PARA> -->
<!-- <SLUG NUM="6.2">Figure 6.2: Single trunked link for all VLANs [f0602.eps]</SLUG> -->
<!-- <PARA>This solution uses only one router interface on the router, but it also puts all the traffic on one interface. You really have to have a fast router to do this. Also, to even perform this function, you need at minimum a FastEthernet interface on a 2600 series router. ISL does not work on 10BaseT interfaces, nor would you want to run this on 10BaseT because it is processor and bandwidth intensive. </PARA> -->
<PARA>There are some really nice high-end routers that provide multi-layer switching by communicating to a NetFlow Feature Card (NFFC) in the Cisco Catalyst 5000 series of switches. The routers must have the IOS versions of 11.3.4 or later and run the MultiLayer Switch Protocol (MLSP). The routers that support this are the 7500, 7200, 4500, and 4700 series of routers. </PARA>
<PARA><KEYTERM>Route Switch Modules (RSMs)</KEYTERM> are also called <KEYTERM>internal route processors</KEYTERM> because the processing of layer 3 packets is internal to a switch. You need to add an RSM to a layer 2 device-for example, a 5000 Catalyst switch-to be able to provide switching of layer 3 packets without a router. </PARA>
<PARA>An RSM makes layer 2 switches a multi-layer switch and can integrate layer 2 and layer 3 functionality in a single box. The 5000 series uses the RSM or a <KEYTERM>Route Switch Feature Card (RSFC)</KEYTERM>, and the 6000 series uses the Multilayer Switch Module (MSM) to perform this function. The RSM, RSFC, and MSM are configured in exactly the same way on the switch.</PARA>
<PARA>The RSM is a module plugged directly into the switch, which runs the Cisco IOS in order to perform inter-VLAN communication. The 5000 series switch sees the RSM as a single trunked port and a single MAC address. In other words, it appears as a router on a stick to the switch. The RSM interface to the switch is through VLAN 0 and VLAN 1. VLAN 0 is not accessible to the administrator. The RSM uses two channels, and VLAN 0 maps to channel 0, which supports communication between the RSM and the Catalyst 5000 series default VLAN (VLAN 1). VLAN 1 maps to channel 1. The MAC address assigned to the RSM is from the Programmable Read Only Memory (PROM) on the line communication processor (LCP). This MAC address is used to identify the slot of the RSM and for diagnostics. The MAC addresses for VLAN 1 are assigned from a PROM that contains 512 MAC addresses. All routing interfaces except VLAN 0 use the base MAC address.</PARA>
<PARA>The RSFC is a daughter card for the Supervisor Engine II G and Supervisor III G cards. The RSFC is a fully functioning router running the Cisco IOS. </PARA>
<PARA>The MSM uses four full-duplex Gigabit Ethernet interfaces to connect to the switch and looks like an external router to the switch. These four interfaces can be four separate links for four different VLANs, or they can be trunked and configured as one load-balanced link running EtherChannel and ISL or 802.1q. Subinterfaces are then used to configure each VLAN. </PARA>
</SECTION>
</SECTION>
<SECTION ID="6.2"><TITLE>Inter-Switch Link Routing</TITLE>
<PARA><DROPCAP>T</DROPCAP>he best solution to inter-VLAN routing is to provide a Gigabit Ethernet router interface for each VLAN. However, we have found that this can be cost prohibitive. What if you have 500 VLANs? Can you really afford a router with 500 Gigabit Ethernet ports? That would be an interesting configuration. </PARA>
<PARA>Cisco to the rescue! You can use either one FastEthernet or one Gigabit Ethernet interface for all your VLANs. Cisco has created the proprietary protocol Inter-Switch Link (ISL) to allow routing between VLANs with only one Ethernet interface. To run ISL, you need to have two VLAN-capable FastEthernet or Gigabit Ethernet devices, such as a Cisco 5000 switch and a 7000 series router. </PARA>
<PARA>Remember from <NOBR REF="3">Chapter 3</NOBR> that ISL is a way of explicitly tagging VLAN information onto an Ethernet frame? This tagging information allows VLANs to be multiplexed over a trunk link through an external encapsulation method. By running ISL, you can interconnect multiple switches and still maintain VLAN information as traffic travels between switches on trunk links.</PARA>
<PARA>You can configure inter-VLAN routing with either an external router or an internal route processor that can be placed in a slot of a Catalyst switch. In this section, we'll take a look at both options.</PARA>
<SECTION ID="6.2.1.1"><TITLE>External </TITLE>
<PARA>An external layer 3 device can be used to provide routing between VLANs. You can use almost any router to perform this function, but FastEthernet or Gigabit Ethernet is suggested. If you have many small VLANs that perform at least 80 percent or more of their network function on the local VLAN, then you can probably get away with a 10Mbps Ethernet connection into each VLAN. Still, you should get FastEthernet if you can. </PARA>
<PARA>The external router can be configured to have one Ethernet interface for each VLAN, or you can use trunking protocols like ISL or 802.1q to configure one FastEthernet or Gigabit Ethernet for all the VLANs that use subinterfaces. These subinterfaces give you an extremely flexible solution for providing routing between VLANs. To perform ISL routing on a single interface, the interface must be at least a FastEthernet interface that supports ISL routing. The Cisco 2600 is the least expensive router that can perform this function. </PARA>
<PARA>To configure ISL routing on a single interface, you must configure subinterfaces. These are configured by using the <INLINECODEVARIABLE>type int.subinterface_number</INLINECODEVARIABLE> command. Here is an example on a 2600 router with a FastEthernet interface:</PARA>
<PARA>Notice the amount of subinterfaces available (4.2 billion). You can choose any number that feels good because they are only locally significant to the router. However, we usually like to choose the VLAN number for ease of administration. Notice that the prompt on the router is now telling you that you are configuring a subinterface (<INLINECODE>config-subif</INLINECODE>). </PARA>
<PARA>Once you configure the subinterface number you want, you then need to define the type of encapsulation you are going to use. Here is an example of the different types of trunking protocols you can use:</PARA>
<CODELINE> isl Inter Switch Link - Virtual LAN encapsulation</CODELINE>
<CODELINE> sde IEEE 802.10 Virtual LAN - Secure Data Exchange</CODELINE>
<CODELINE> tr-isl Token Ring Inter Switch Link - Virtual LAN encapsulation</CODELINE></CODESNIPPET>
<PARA>You're not done yet. You need to tell the subinterface which VLAN it is a member of, and you provide this information on the same line as the encapsulation command. Here is an example:</PARA>
<CODELINE> <1-1000> Virtual LAN Identifier.</CODELINE></CODESNIPPET>
<PARA>Notice that you can configure the subinterface to be a part of any VLAN up to 1000. The dot1q encapsulation is for the IEEE standard 802.1q trunking. ISL is for ISL encapsulation. </PARA>
<PARA>After you choose the interface and encapsulation type and VLAN number, configure the IP address this subinterface is a member of. The complete configuration would look like this:</PARA>
<PARACONTINUED>The above configuration is for subinterface f0/0.1 to VLAN 1. You would create a subinterface for each VLAN. You can verify your configuration with the <INLINECODE>show running-config</INLINECODE> command: </PARACONTINUED>
<CODESNIPPET><CODELINE>!</CODELINE>
<CODELINE>interface FastEthernet0/0.1</CODELINE>
<CODELINE> encapsulation isl 1</CODELINE>
<CODELINE> ip address 172.16.10.1 255.255.255.0</CODELINE>
<CODELINE>!</CODELINE></CODESNIPPET>
</SECTION>
<SECTION ID="6.2.1.2"><TITLE>Internal</TITLE>
<PARA>If you do not have an external router or if you have many VLANs, you should use a Route Switch Module (RSM) or Route Switch Feature Card (RSFC) to provide the layer 3 routing for your 5000 series switch. </PARA>
<PARA>The first thing you need to type in is the <INLINECODE>show module</INLINECODE> command so you can see the RSM. Notice in the switch output below that the 5000 switch has an RSFC in slot 1, but it is in module 15. This information will allow you to connect and configure the internal route processor:</PARA>
<PARA>Not only does the command <INLINECODE>show module</INLINECODE> provide the module and slot that each card is in, it provides the serial number and the modules' MAC addresses. Once you find the module number, you can then connect to that module using the <INLINECODE>session</INLINECODE> command. Here is an example:</PARA>
<CODELINE>Escape character is '^]'.</CODELINE></CODESNIPPET>
<PARA>You are now connected to the internal route processor and can continue to configure the device like any other router. Notice in the router output below that we set the hostname and routing protocol as well: </PARA>
<PARA>As we mentioned, the route processor looks like any Cisco router, which is a really nice feature. It's just as important to configure the routing protocols on this device as it is to configure them on any other router.</PARA>
<PARA>Before we continue with configuring VLANs on the internal route processor, let's take a look at another 5000 series switch that has a Route Switch Module:</PARA>
<PARA>Notice that the RSM on the 5000 series is in module 5. To configure the RSM, we would type <INLINECODEUSERINPUT>session 5</INLINECODEUSERINPUT>, as shown below:</PARA>
<PARACONTINUED>Once we have entered the CLI of the RSM, you can see that the Router# prompt appears just as it does on the RSFC. They are configured exactly the same. </PARACONTINUED>
<SECTION ID="6.2.1.2.1"><TITLE>Creating VLANs on an RSM</TITLE>
<PARA>Instead of creating subinterfaces as you would with an external router, you configure each VLAN with the <INLINECODE>int vlan </INLINECODE><INLINECODEVARIABLE>#</INLINECODEVARIABLE> command. Here is an example of how to configure the processor to route between three VLANs:</PARA>
<PARACONTINUED>The interesting part of the configuration is the necessary <INLINECODE>no shutdown</INLINECODE> command for each VLAN interface. Notice in the configuration above that we only performed a <INLINECODE>no shut</INLINECODE> on interface vlan 3. Take a look at the output of interface vlan 2:</PARACONTINUED>
<CODESNIPPET><CODELINE>ToddRSM#<EMPHASIS FORMAT="bold">sh int vlan 2</EMPHASIS></CODELINE>
<CODELINE>Vlan2 is administratively down, line protocol is down</CODELINE>
<CODELINE> Hardware is Cat5k RP Virtual Ethernet, address is 0030.f2c8.1138 (bia 0030.f2c8.1138)</CODELINE></CODESNIPPET>
<PARACONTINUED>It is important to think of each VLAN interface as a separate interface that needs an <INLINECODE>IP address</INLINECODE> and a <INLINECODE>no shutdown</INLINECODE> performed, just as with any other router interface. </PARACONTINUED>
<PARA>You can then verify your configuration with the <INLINECODE>show running-config</INLINECODE> command: </PARA>
<PARA>To view the routing table on the internal processor, use the <INLINECODE>show ip route</INLINECODE> command:</PARA>
<CODESNIPPET><CODELINE>ToddRSM#<EMPHASIS FORMAT="bold">sh ip route</EMPHASIS></CODELINE>
<CODELINE>Codes: C - connected, S - static, I - IGRP, R - RIP, M - [output cut]</CODELINE>
<CODELINE>Gateway of last resort is not set</CODELINE>
<CODELINE></CODELINE>
<CODELINE> 172.16.0.0/24 is subnetted, 3 subnets</CODELINE>
<CODELINE>C 172.16.3.0 is directly connected, Vlan3</CODELINE>
<CODELINE>C 172.16.2.0 is directly connected, Vlan2</CODELINE>
<CODELINE>C 172.16.1.0 is directly connected, Vlan1</CODELINE>
<CODELINE>C 127.0.0.0/8 is directly connected, Vlan0</CODELINE>
<CODELINE>ToddRSM#</CODELINE></CODESNIPPET>
<PARACONTINUED>OK, the most interesting part about the difference between the RSM and an external router is the presence of VLAN0. Notice in the <INLINECODE>show ip route</INLINECODE> output above that VLAN0 is connected via 127.0.0.0/8, which is a diagnostic IP address. Remember that VLAN0 cannot be accessed by an administrator and is used to provide support for the communication between the RSM and the Catalyst 5000 switch. </PARACONTINUED>
</SECTION>
<SECTION ID="6.2.1.2.2"><TITLE>Assigning MAC Addresses to VLAN Interfaces</TITLE>
<PARA>The RSM uses only one global MAC address for all VLAN interfaces on the device. If you want to assign a specific MAC address to a VLAN interface, use the <INLINECODE>mac-address</INLINECODE> command. You may want to configure this option to enhance the operation of the RSM interface. Here is an example:</PARA>
<CODELINE> ip address 172.16.2.1 255.255.255.0</CODELINE></CODESNIPPET>
</SECTION>
<SECTION ID="6.2.1.2.3"><TITLE>Defining a Default Gateway</TITLE>
<PARA>One thing to keep in mind before configuring ISL on your switches is that the switches must be configured correctly with an IP address, subnet mask, and default gateway. Understand that this has nothing to do with routing because the switches work only at layer 2. However, the switches need to communicate with IP through the network. Remember that this will not affect data that is passing through the switch. You can think of layer 2 switches as being just like any host on the network. To be able to send packets off the local network, you need to have a default gateway configured. </PARA>
<PARA>To configure a default gateway on a 5000 series switch, use the <INLINECODE>set ip route</INLINECODE> command: </PARA>
<CODESNIPPET><CODELINE>Todd5000> (enable) <EMPHASIS FORMAT="bold">set ip route 0.0.0.0 172.16.1.1</EMPHASIS></CODELINE>
<CODELINE>Route added.</CODELINE></CODESNIPPET>
<PARA>You can also use the command <INLINECODE>set ip route default 172.16.1.1</INLINECODE>, which will configure the route the same as the <INLINECODE>set ip route 0.0.0.0 172.16.1.1</INLINECODE> will.<INLINECODE> </INLINECODE></PARA>
<NOTE>The 1900 switch <INLINECODE>default-gateway</INLINECODE> command was covered in <NOBR REF="2">Chapter 2</NOBR>. </NOTE>
</SECTION>
</SECTION>
</SECTION>
</SECTION>
<SECTION ID="6.3"><TITLE>Summary</TITLE>
<PARA><DROPCAP>I</DROPCAP>n this chapter, we described inter-VLAN routing issues and solutions. Because routers are needed to allow hosts on different networks to communicate, you also need to remember that a layer 3 device, either an external router or an internal route processor, is needed to allow inter-VLAN communication. </PARA>
<PARA>We discussed both internal route processors, known as Route Switch Modules (RSMs), and external route processors and showed you how to use them for inter-VLAN configuration.</PARA>
<TABULARENTRY>Sets a specific MAC address on an interface</TABULARENTRY>
</TABULARROW>
</TABULARBODY>
</TABULARDATA>
</SECTION>
</SECTION>
<TESTSECTION ID="6.4"><TITLE>Written Lab</TITLE>
<!-- <PARA>Complete this lab by writing out the answers to the following questions.</PARA>
<TESTDATA>
<TESTBLOCK><QUESTIONBLOCK><QUESTION>Write the command to configure ISL routing for VLAN 1 with an IP address of 172.16.10.0 on FastEthernet interface 0/0. </QUESTION></QUESTIONBLOCK></TESTBLOCK>
<TESTBLOCK><QUESTIONBLOCK><QUESTION>Write the command to view the different type of cards in a 5000 series switch.</QUESTION></QUESTIONBLOCK></TESTBLOCK>
<TESTBLOCK><QUESTIONBLOCK><QUESTION>Write the command to connect to an RSM module in slot 3.</QUESTION></QUESTIONBLOCK></TESTBLOCK>
<TESTBLOCK><QUESTIONBLOCK><QUESTION>Write the command to configure two VLANs on an RSM. VLAN 1 has an IP address of 172.16.1.1, and VLAN 2 has an IP address of 172.16.2.1. </QUESTION></QUESTIONBLOCK></TESTBLOCK>
<TESTBLOCK><QUESTIONBLOCK><QUESTION>Write the command to set a hardware address on the VLAN 2 interface of 4004.0144.0011.</QUESTION></QUESTIONBLOCK></TESTBLOCK>
<TESTBLOCK><QUESTIONBLOCK><QUESTION>What type of link is needed to run ISL routing on a FastEthernet interface?</QUESTION></QUESTIONBLOCK></TESTBLOCK>
<TESTBLOCK><QUESTIONBLOCK><QUESTION>What is the IEEE version of ISL?</QUESTION></QUESTIONBLOCK></TESTBLOCK>
<TESTBLOCK><QUESTIONBLOCK><QUESTION>True/False: You can assign a MAC address to a VLAN ISL interface.</QUESTION></QUESTIONBLOCK></TESTBLOCK>
<TESTBLOCK><QUESTIONBLOCK><QUESTION>How many VLANs can you create with subinterfaces on a FastEthernet interface?</QUESTION></QUESTIONBLOCK></TESTBLOCK>
<TESTBLOCK><QUESTIONBLOCK><QUESTION>What command would you use to see the configuration on a Catalyst 5000 switch?</QUESTION></QUESTIONBLOCK></TESTBLOCK>
</TESTDATA> -->
<SLUG NONUM="w1"/>
</TESTSECTION>
<SECTION ID="6.5"><TITLE>Hands-On Lab</TITLE>
<PARA>In this lab, you will configure a 5000 series switch, two 1900 switches, and one 2621 router to provide ISL routing between VLANs. </PARA>
<PARA>In this first lab, you'll configure the 2621 with ISL routing. You'll start with configuring the two 1900 switches, then the 5000 switch, and then the 2621 router. </PARA>
<SECTION ID="6.5.1.1"><TITLE>Configuring the 1900A Switch</TITLE>
<LIST MARK="number">
<LISTITEM><PARA>Plug into the 1900A console port and press k to enter the CLI.</PARA></LISTITEM>
<LISTITEM><PARA>Enter privileged mode by typing <INLINECODEUSERINPUT>enable</INLINECODEUSERINPUT>.</PARA></LISTITEM>
<LISTITEM><PARA>Enter configuration mode and set the hostname.</PARA>
<LISTITEM><PARA>Set the IP address of the switch by using the IP address assigned in Figure 6.3. Set the default gateway address by using the interface f0/0 of the 2621 as the gateway.</PARA>
<LISTITEM><PARA>Verify the IP configuration on the switch by typing <INLINECODEUSERINPUT>show ip</INLINECODEUSERINPUT>.</PARA></LISTITEM>
<LISTITEM><PARA>Set the VTP domain to SwitchSim and then make the switch a VTP client so that when you set the VLANs on the 5000 switch, the 1900A switch will automatically be updated with VLAN information.</PARA>
<LISTITEM><PARA>Set the FastEthernet interfaces to trunk on so that all VLAN information will be sent down both links from the 5000 series switch. </PARA>
<LISTITEM><PARA>Set the IP address of the switch by using the IP address assigned in Figure 6.3. Set the default gateway address by using the interface f0/0 of the 2621 as the gateway.</PARA>
<LISTITEM><PARA>Verify the IP configuration on the switch by typing <INLINECODEUSERINPUT>show ip</INLINECODEUSERINPUT>.</PARA></LISTITEM>
<LISTITEM><PARA>Set the VTP domain to Routersim and then make the switch a VTP client so that when you set the VLANs on the 5000 switch, the 1900B switch will automatically be updated with VLAN information.</PARA>
<LISTITEM><PARA>Set the FastEthernet interfaces to trunk on so that all VLAN information will be sent down both links from the 5000 series switch. </PARA>
<LISTITEM><PARA>Set the ports to configure an EtherChannel bundle when the 5000 series is configured. This can be run only on the supervisor card or a specific EtherChannel card. EtherChannel will be run only on the 1900B connection to the 5000 switch. </PARA>
<SECTION ID="6.5.1.3"><TITLE>Configuring the 5000 Series Switch</TITLE>
<LIST MARK="number">
<LISTITEM><PARA>Connect your console cable to the 5000 series switch and press Enter. Press Enter at the password prompt, then again at the password prompt, type <INLINECODEUSERINPUT>enable</INLINECODEUSERINPUT> and press Enter.</PARA></LISTITEM>
<LISTITEM><PARA>Set the hostname of the switch.</PARA>
<LISTITEM><PARA>Set all ports connected to the 1900 switches as 100Mbps and full duplex. The two ports on the supervisor engine are labeled 1/1 and 1/2 and only run in 100Mbps, so only the duplex can be set on those ports. </PARA>
<CODESNIPPET><CODELINE>Cat5000> (enable) <EMPHASIS FORMAT="bold">set port duplex 1/1 full</EMPHASIS></CODELINE>
<CODELINE>Port(s) 1/1-2 set to full-duplex.</CODELINE>
<CODELINE>Cat5000> (enable) <EMPHASIS FORMAT="bold">set port duplex 1/2 full</EMPHASIS></CODELINE>
<CODELINE>Port(s) 1/1-2 set to full-duplex.</CODELINE>
<CODELINE>Cat5000> (enable) <EMPHASIS FORMAT="bold">set port speed 2/1 100</EMPHASIS></CODELINE>
<CODELINE>Port(s) 2/1 speed set to 100Mbps.</CODELINE>
<CODELINE>Cat5000> (enable) <EMPHASIS FORMAT="bold">set port speed 2/2 100</EMPHASIS></CODELINE>
<CODELINE>Port(s) 2/2 speed set to 100Mbps.</CODELINE>
<CODELINE>Cat5000> (enable) <EMPHASIS FORMAT="bold">set port duplex 2/1 full</EMPHASIS></CODELINE>
<CODELINE>Port(s) 2/1 set to full-duplex.</CODELINE>
<CODELINE>Cat5000> (enable) <EMPHASIS FORMAT="bold">set port duplex 2/2 full</EMPHASIS></CODELINE>
<CODELINE>Port(s) 2/2 set to full-duplex.</CODELINE>
<LISTITEM><PARA>It is possible that the ports on the 5000 may have been disabled because of mismatched port configurations between the 1900 and 5000. Type the command <INLINECODEUSERINPUT>show port slot/port</INLINECODEUSERINPUT> to see the status. If it is disabled, use the <INLINECODE>set port enable slot/port</INLINECODE> command.</PARA>
<CODESNIPPET><CODELINE>Cat5000> (enable) <EMPHASIS FORMAT="bold">set port enable 1/1</EMPHASIS></CODELINE>
<LISTITEM><PARA>At this point, the three switches should be up and working and you should be able to ping all devices in the 172.16.1.0 network.</PARA>
<PARA>Because the 5000 series switch is a VTP server and the two 1900 switches are VTP clients, you can configure VLANs on just the 5000 series switch and the 5000 switch will automatically update the VTP NVRAM on the 1900 switches. </PARA>
<LIST MARK="number">
<LISTITEM><PARA>On the 5000 series switch console, create two new VLANs.</PARA>
<LIST MARK="none">
<LISTITEM><PARA>VLAN 2: Sales</PARA></LISTITEM>
<LISTITEM><PARA>VLAN 3: Admin</PARA></LISTITEM>
</LIST>
<CODESNIPPET><CODELINE>Cat5000> (enable) <EMPHASIS FORMAT="bold">set vlan 2 name Sales</EMPHASIS></CODELINE>
<LISTITEM><PARA>Verify that VTP is up and running correctly by telneting into 1900A and 1900B and typing <INLINECODEUSERINPUT>show vlan</INLINECODEUSERINPUT>. The same VLANs should appear if VTP if working properly. If not, verify that you spelled the VTP domain the same on all switches.</PARA></LISTITEM>
<LISTITEM><PARA>Configure HostA to be in VLAN 1, HostB to be in VLAN 2, and HostC to be in VLAN 3.</PARA>
<LISTITEM><PARA>Type the <INLINECODEUSERINPUT>show vlan</INLINECODEUSERINPUT> command on the 1900B switch and verify that e0/2 is a member of VLAN 3. Type the same command on 1900A and verify that e0/1 is a member of VLAN 1 and e0/2 is a member of VLAN 2. </PARA>
<LISTITEM><PARA>Try pinging from host to host. This should fail. However, you should be able to ping from HostA to all switches in the network, and all switches should be able to ping to HostA because they are all in the same VLAN. To allow hosts in different VLANs to communicate, you need to configure inter-VLAN routing. </PARA></LISTITEM>
</LIST>
</SECTION>
<SECTION ID="6.5.1.5"><TITLE>Configuring the 2621 Router</TITLE>
<PARA>The 2621 router will provide the inter-VLAN routing and allow the hosts to communicate with each other. </PARA>
<LIST MARK="number">
<LISTITEM><PARA>Go to the privilege mode of the router and enter global configuration mode.</PARA>
<CODELINE>Type escape sequence to abort.</CODELINE>
<CODELINE>Sending 5, 100-byte ICMP Echos to 172.16.2.2, timeout is 2 seconds:</CODELINE>
<CODELINE>.!!!!</CODELINE>
<CODELINE>Success rate is 80 percent (4/5), round-trip min/avg/ max = 4/5/8 ms</CODELINE>
<CODELINE>2621A#</CODELINE></CODESNIPPET>
<PARA> The reason for the 80% success rate is that the IP hosts have not communicated before and the first ping timed out waiting for the ARP protocol to resolve the hardware addresses of each device. </PARA></LISTITEM>
<LISTITEM><PARA>Verify that all hosts can communicate by pinging from host to host.</PARA></LISTITEM>
<PARA>In this second lab, you'll configure the RSM in the 5000 switch for inter-VLAN routing using ISL. The 1900s will be configured first, then the 5000s. The 2621 router will not be needed in this lab. </PARA>
<LIST MARK="number">
<LISTITEM><PARA>Unplug the 2621 router from the 5000 series switch. The hosts should no longer be able to ping each other. </PARA></LISTITEM>
<LISTITEM><PARA>Configure the RSM on the 5000 series switch to provide inter-VLAN routing. Use the <INLINECODE>show module</INLINECODE> command to view the RSM card location. </PARA>
