Virtual LAN (VLAN) routing
1. Virtual LAN (VLAN)
The backbone network technologies we currently use when constructing enterprise networks are generally based on switching and virtual networks. Switching technology changes shared media to exclusive media, greatly improving network speed. Virtual network technology breaks the constraints of the geographical environment. Without changing the physical connection of the network, the workstation can be moved between work groups or subnets at will. The workstations form logical work groups or virtual subnets to improve the operating performance of the information system, balance network data traffic, and rationally utilize hardware and information resources. At the same time, the use of virtual network technology has greatly reduced the burden of network management and maintenance work and reduced network maintenance costs. With the application of virtual network technology, the problem of how to communicate between virtual networks will inevitably arise.
Return to the directory
2. Inter-switch link (ISL) protocol
The ISL (Interior Switching Link) protocol is used to implement VLAN relay between switches. It is a packet marking protocol, and frames sent on support ISL interfaces are composed of a standard Ethernet frame and related VLAN information. As shown in the figure below, data from different VLANs can be transmitted on an ISL-enabled interface.
3. Virtual LAN (VLAN) routing examples
3.1. Example 1:
The device uses a Catalyst5500 switch, and it is equipped with WS-X5530-E3 management engine, and multiple WS-X5225R and WS-X5302 routing switch modules. The WS-X5302 is directly plugged into the switch and is connected to the VLAN on the system backplane through two channels. From the user's perspective, it is considered to be a 1-interface module. This interface supports ISL. There are 3 virtual networks in the switch, named default, qbw, and rgw, and inter-network routing is realized through WS-X5302.
The following is amplified the lower horizontal line, such as set system name 5500C as the command to be set.
Settings are as follows:
Catalyst 5500 configuration:
begin
set password $1$FMFQ$HfZR5DUszVHIRhrz4h6V70
set enablepass $1$FMFQ$HfZR5DUszVHIRhrz4h6V70
set prompt Console>
set length 24 default
set logout 20
set banner motd ^C^C
!
#system
set system baud 9600
set system modem disable
set system name 5500C
set system location
set system contact
!
#ip
set interface sc0 1 10.230.4.240 255.255.255.0 10.230.4.255
set interface sc0 up
set interface sl0 0.0.0.0 0.0.0.0
set interface sl0 up
set arp agingtime 1200
set ip redirect enable
set ip unreachable enable
set ip fragmentation enable
set ip route 0.0.0.0 10.230.4.15 1
set ip alias default 0.0.0.0
!
#Command alias
!
#vtp
set vtp domain hne
set vtp mode server
set vtp v2 disable
set vtp pruning disable
set vtp pruneeligible 2-1000
clear vtp pruneeligible 1001-1005
set vlan 1 name default type ethernet mtu 1500 said 100001 state active
set vlan 777 name rgw type ethernet mtu 1500 said 100777 state active
set vlan 888 name qbw type ethernet mtu 1500 said 100888 state active
set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active
set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state active bridge 0x0 stp ieee
set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active bridge 0x0 stp ibm
set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state active parent 0 ring 0x0 mode srb aremaxhop 7 stemaxhop 7
!
#set boot command
set boot config-register 0x102
set boot system flash bootflash:cat5000-sup3.
!
#module 1 : 2-port 1000BaseLX Supervisor
set module name 1
set vlan 1 1/1-2
set port enable 1/1-2
!
#module 2 : empty
!
#module 3 : 24-port 10/100BaseTX Ethernet
set module name 3
set module enable 3
set vlan 1 3/1-22
set vlan 777 3/23
set vlan 888 3/24
set trunk 3/1 on isl 1-1005
#module 4 empty
!
#module 5 empty
!
#module 6 : 1-port Route Switch
set module name 6
set port level 6/1 normal
set port trap 6/1 disable
set port name 6/1
set cdp enable 6/1
set cdp interval 6/1 60
set trunk 6/1 on isl 1-1005
!
#module 7 : 24-port 10/100BaseTX Ethernet
set module name 7
set module enable 7
set vlan 1 7/1-22
set vlan 888 7/23-24
set trunk 7/1 on isl 1-1005
set trunk 7/2 on isl 1-1005
!
#module 8 empty
!
#module 9 empty
!
#module 10 : 12-port 100BaseFX MM Ethernet
set module name 10
set module enable 10
set vlan 1 10/1-12
set port channel 10/1-4 off
set port channel 10/5-8 off
set port channel 10/9-12 off
set port channel 10/1-2 on
set port channel 10/3-4 on
set port channel 10/5-6 on
set port channel 10/7-8 on
set port channel 10/9-10 on
set port channel 10/11-12 on
#module 11 empty
!
#module 12 empty
!
#module 13 empty
!
#switch port analyzer
!set span 1 1/1 both inpkts disable
set span disable
!
#cam
set cam agingtime 1-2,777,888,1003,1005 300
end
5500C> (enable)
WS-X5302 routing module settings:
Router#wri t
Building configuration...
Current configuration:
!
version 11.2
no service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname Router
!
enable secret 5 $1$w1kK$AJK69fGOD7BqKhKcSNBf6.
!
ip subnet-zero
!
interface Vlan1
ip address 10.230.2.56 255.255.255.0
!
interface Vlan777
ip address 10.230.3.56 255.255.255.0
!
interface Vlan888
ip address 10.230.4.56 255.255.255.0
!
no ip classless
!
line con 0
line aux 0
line vty 0 4
password router
login
!
end
Router#
3.1. Example 2:
The switching device still uses a Catalyst5500 switch and installs the WS-X5530-E3 management engine. Multiple WS-X5225R has 3 virtual networks in the switch, namely default, qbw, and rgw. It realizes virtual network routing through the Cisco3640 router. The switch settings are similar to Example 1.
The router Cisco3640 is equipped with an NM-1FE-TX module, which has a fast Ethernet interface that can support ISL. The Cisco3640 fast Ethernet interface is connected to a port that supports ISL on the switch, such as the first interface (port 3/1) in the third slot of the switch.
Router#wri t
Building configuration...
Current configuration:
!
version 11.2
no service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname Router
!
enable secret 5 $1$w1kK$AJK69fGOD7BqKhKcSNBf6.
!
ip subnet-zero
!
interface FastEthernet1/0
!
interface FastEthernet1/0.1
encapsulation isl 1
ip address 10.230.2.56 255.255.255.0
!
interface FastEthernet1/0.2
encapsulation isl 777
ip address 10.230.3.56 255.255.255.0
!
interface FastEthernet1/0.3
encapsulation isl 888
ip address 10.230.4.56 255.255.255.0
!
no ip classless
!
line con 0
line aux 0
line vty 0 4
password router
login
!
end
Router#
Return to the directory
References:
1. Cisco router password recovery
When the password of the Cisco router is modified or forgotten, you can follow the following steps:
1. Press to enter the ROM monitoring status when powering on
2. Press the o command to read the original value of the configuration register
> o The general value is 0x2102
3. Make the following settings to ignore NVRAM boot
>o/r0x**4* Cisco2500 Series Commands
rommon 1 >confreg 0x**4* Cisco2600, 1600 series commands
Normal value is 0x2102
4. Restart the router
>I
rommon 2 >reset
5. In "Setup" mode, answer No
6. Enter privileged mode
Router>enable
7. Download NVRAM
Router>configure memory
8. Restore the original configuration register value and activate all ports
“hostname”#configure terminal
“hostname”(config)#config-register 0x“value”
“hostname”(config)#interface xx
“hostname”(config)#no shutdown
9. Query and record missing passwords
“hostname”#show configuration (show startup-config)
10. Modify the password
“hostname”#configure terminal
“hostname”(config)line console 0
“hostname”(config-line)#login
“hostname”(config-line)#password xxxxxxxxx
“hostname”(config-line)#
“hostname”(config-line)#write memory(copy running-config startup-config)
2. IP address allocation
Address Class Network Host Network Address Range Standard Binary Mask
A 1-126 1111 1111 0000 0000 0000 0000 0000 0000
B 128-191 1111 1111 1111 1111 0000 0000 0000 0000
C 192-223 1111 1111 1111 1111 1111 1111 0000 0000
Number of subnet bits Subnet mask Number of subnet hosts
Class B address
2 255.255.192.0 2 16382
3 255.255.224.0 6 8198
4 255.255.240.0 14 4894
5 255.255.248.0 30 2846
6 255.255.252.0 62 1822
7 255.255.254.0 126 518
8 255.255.255.0 254 254
9 255.255.255.128 518 126
10 255.255.255.192 1822 62
11 255.255.255.224 2846 30
12 255.255.255.240 4894 14
13 255.255.255.248 8198 6
14 255.255.255.252 16382 2
Class C address
2 255.255.255.192 2 62
3 255.255.255.224 6 30
4 255.255.255.240 14 14
5 255.255.255.248 30 6
6 255.255.255.252 62 2
1. Virtual LAN (VLAN)
The backbone network technologies we currently use when constructing enterprise networks are generally based on switching and virtual networks. Switching technology changes shared media to exclusive media, greatly improving network speed. Virtual network technology breaks the constraints of the geographical environment. Without changing the physical connection of the network, the workstation can be moved between work groups or subnets at will. The workstations form logical work groups or virtual subnets to improve the operating performance of the information system, balance network data traffic, and rationally utilize hardware and information resources. At the same time, the use of virtual network technology has greatly reduced the burden of network management and maintenance work and reduced network maintenance costs. With the application of virtual network technology, the problem of how to communicate between virtual networks will inevitably arise.
Return to the directory
2. Inter-switch link (ISL) protocol
The ISL (Interior Switching Link) protocol is used to implement VLAN relay between switches. It is a packet marking protocol, and frames sent on support ISL interfaces are composed of a standard Ethernet frame and related VLAN information. As shown in the figure below, data from different VLANs can be transmitted on an ISL-enabled interface.
3. Virtual LAN (VLAN) routing examples
3.1. Example 1:
The device uses a Catalyst5500 switch, and it is equipped with WS-X5530-E3 management engine, and multiple WS-X5225R and WS-X5302 routing switch modules. The WS-X5302 is directly plugged into the switch and is connected to the VLAN on the system backplane through two channels. From the user's perspective, it is considered to be a 1-interface module. This interface supports ISL. There are 3 virtual networks in the switch, named default, qbw, and rgw, and inter-network routing is realized through WS-X5302.
The following is amplified the lower horizontal line, such as set system name 5500C as the command to be set.
Settings are as follows:
Catalyst 5500 configuration:
begin
set password $1$FMFQ$HfZR5DUszVHIRhrz4h6V70
set enablepass $1$FMFQ$HfZR5DUszVHIRhrz4h6V70
set prompt Console>
set length 24 default
set logout 20
set banner motd ^C^C
!
#system
set system baud 9600
set system modem disable
set system name 5500C
set system location
set system contact
!
#ip
set interface sc0 1 10.230.4.240 255.255.255.0 10.230.4.255
set interface sc0 up
set interface sl0 0.0.0.0 0.0.0.0
set interface sl0 up
set arp agingtime 1200
set ip redirect enable
set ip unreachable enable
set ip fragmentation enable
set ip route 0.0.0.0 10.230.4.15 1
set ip alias default 0.0.0.0
!
#Command alias
!
#vtp
set vtp domain hne
set vtp mode server
set vtp v2 disable
set vtp pruning disable
set vtp pruneeligible 2-1000
clear vtp pruneeligible 1001-1005
set vlan 1 name default type ethernet mtu 1500 said 100001 state active
set vlan 777 name rgw type ethernet mtu 1500 said 100777 state active
set vlan 888 name qbw type ethernet mtu 1500 said 100888 state active
set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active
set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state active bridge 0x0 stp ieee
set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active bridge 0x0 stp ibm
set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state active parent 0 ring 0x0 mode srb aremaxhop 7 stemaxhop 7
!
#set boot command
set boot config-register 0x102
set boot system flash bootflash:cat5000-sup3.
!
#module 1 : 2-port 1000BaseLX Supervisor
set module name 1
set vlan 1 1/1-2
set port enable 1/1-2
!
#module 2 : empty
!
#module 3 : 24-port 10/100BaseTX Ethernet
set module name 3
set module enable 3
set vlan 1 3/1-22
set vlan 777 3/23
set vlan 888 3/24
set trunk 3/1 on isl 1-1005
#module 4 empty
!
#module 5 empty
!
#module 6 : 1-port Route Switch
set module name 6
set port level 6/1 normal
set port trap 6/1 disable
set port name 6/1
set cdp enable 6/1
set cdp interval 6/1 60
set trunk 6/1 on isl 1-1005
!
#module 7 : 24-port 10/100BaseTX Ethernet
set module name 7
set module enable 7
set vlan 1 7/1-22
set vlan 888 7/23-24
set trunk 7/1 on isl 1-1005
set trunk 7/2 on isl 1-1005
!
#module 8 empty
!
#module 9 empty
!
#module 10 : 12-port 100BaseFX MM Ethernet
set module name 10
set module enable 10
set vlan 1 10/1-12
set port channel 10/1-4 off
set port channel 10/5-8 off
set port channel 10/9-12 off
set port channel 10/1-2 on
set port channel 10/3-4 on
set port channel 10/5-6 on
set port channel 10/7-8 on
set port channel 10/9-10 on
set port channel 10/11-12 on
#module 11 empty
!
#module 12 empty
!
#module 13 empty
!
#switch port analyzer
!set span 1 1/1 both inpkts disable
set span disable
!
#cam
set cam agingtime 1-2,777,888,1003,1005 300
end
5500C> (enable)
WS-X5302 routing module settings:
Router#wri t
Building configuration...
Current configuration:
!
version 11.2
no service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname Router
!
enable secret 5 $1$w1kK$AJK69fGOD7BqKhKcSNBf6.
!
ip subnet-zero
!
interface Vlan1
ip address 10.230.2.56 255.255.255.0
!
interface Vlan777
ip address 10.230.3.56 255.255.255.0
!
interface Vlan888
ip address 10.230.4.56 255.255.255.0
!
no ip classless
!
line con 0
line aux 0
line vty 0 4
password router
login
!
end
Router#
3.1. Example 2:
The switching device still uses a Catalyst5500 switch and installs the WS-X5530-E3 management engine. Multiple WS-X5225R has 3 virtual networks in the switch, namely default, qbw, and rgw. It realizes virtual network routing through the Cisco3640 router. The switch settings are similar to Example 1.
The router Cisco3640 is equipped with an NM-1FE-TX module, which has a fast Ethernet interface that can support ISL. The Cisco3640 fast Ethernet interface is connected to a port that supports ISL on the switch, such as the first interface (port 3/1) in the third slot of the switch.
Router#wri t
Building configuration...
Current configuration:
!
version 11.2
no service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname Router
!
enable secret 5 $1$w1kK$AJK69fGOD7BqKhKcSNBf6.
!
ip subnet-zero
!
interface FastEthernet1/0
!
interface FastEthernet1/0.1
encapsulation isl 1
ip address 10.230.2.56 255.255.255.0
!
interface FastEthernet1/0.2
encapsulation isl 777
ip address 10.230.3.56 255.255.255.0
!
interface FastEthernet1/0.3
encapsulation isl 888
ip address 10.230.4.56 255.255.255.0
!
no ip classless
!
line con 0
line aux 0
line vty 0 4
password router
login
!
end
Router#
Return to the directory
References:
1. Cisco router password recovery
When the password of the Cisco router is modified or forgotten, you can follow the following steps:
1. Press to enter the ROM monitoring status when powering on
2. Press the o command to read the original value of the configuration register
> o The general value is 0x2102
3. Make the following settings to ignore NVRAM boot
>o/r0x**4* Cisco2500 Series Commands
rommon 1 >confreg 0x**4* Cisco2600, 1600 series commands
Normal value is 0x2102
4. Restart the router
>I
rommon 2 >reset
5. In "Setup" mode, answer No
6. Enter privileged mode
Router>enable
7. Download NVRAM
Router>configure memory
8. Restore the original configuration register value and activate all ports
“hostname”#configure terminal
“hostname”(config)#config-register 0x“value”
“hostname”(config)#interface xx
“hostname”(config)#no shutdown
9. Query and record missing passwords
“hostname”#show configuration (show startup-config)
10. Modify the password
“hostname”#configure terminal
“hostname”(config)line console 0
“hostname”(config-line)#login
“hostname”(config-line)#password xxxxxxxxx
“hostname”(config-line)#
“hostname”(config-line)#write memory(copy running-config startup-config)
2. IP address allocation
Address Class Network Host Network Address Range Standard Binary Mask
A 1-126 1111 1111 0000 0000 0000 0000 0000 0000
B 128-191 1111 1111 1111 1111 0000 0000 0000 0000
C 192-223 1111 1111 1111 1111 1111 1111 0000 0000
Number of subnet bits Subnet mask Number of subnet hosts
Class B address
2 255.255.192.0 2 16382
3 255.255.224.0 6 8198
4 255.255.240.0 14 4894
5 255.255.248.0 30 2846
6 255.255.252.0 62 1822
7 255.255.254.0 126 518
8 255.255.255.0 254 254
9 255.255.255.128 518 126
10 255.255.255.192 1822 62
11 255.255.255.224 2846 30
12 255.255.255.240 4894 14
13 255.255.255.248 8198 6
14 255.255.255.252 16382 2
Class C address
2 255.255.255.192 2 62
3 255.255.255.224 6 30
4 255.255.255.240 14 14
5 255.255.255.248 30 6
6 255.255.255.252 62 2