Solved: Want to know The below configuration.

brijendrasaini · ‎08-28-2017

Current configuration : 8526 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname EH_NSK_BSMT_CORE_1
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret level 7 5 $1$xnW.$BQ1PVxTNgQz8Xuh9vHrQz/
enable secret 5 $1$aD8K$HUu4nb4POzquF3N5swJ2q0
!
username apollo privilege 7 password 7 060506324F41
username aponsk secret 5 $1$LfJb$xJX3yzs/9ocGzo0fH5WhP1
!
!
no aaa new-model
system mtu routing 1500
ip routing
!
!
no ip domain-lookup
vtp domain cisco
vtp mode transparent
!
track 2 ip sla 1 reachability
!
!
crypto pki trustpoint TP-self-signed-2888160000
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2888160000
revocation-check none
rsakeypair TP-self-signed-2888160000
!
!
crypto pki certificate chain TP-self-signed-2888160000
certificate self-signed 01
3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32383838 31363030 3030301E 170D3933 30333031 30303031
32365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 38383831
36303030 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B9F1 1463F262 85D2B673 5E8DEE11 A9C8E619 C27A3DFD 09A92765 BA204B66
3D1FA4C7 F884E6FA 4BA22039 BFC0E9A1 50C15ACE ABBEDA3C DC63B961 C13FD737
947A6904 7336AF64 F4D7317D 15F7A229 11759ADB 6F62C775 DB8F5908 C64BC694
2BE1B3C0 AC168F09 BB720ACB 05F26C84 045B6135 314C04BA 64EE580F 9F273634
4AF10203 010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603
551D1104 17301582 1345485F 4E534B5F 42534D54 5F434F52 455F312E 301F0603
551D2304 18301680 14F7EBD9 E1BFC02C 69C3F8A1 0C5B3FAB 75AB9F53 80301D06
03551D0E 04160414 F7EBD9E1 BFC02C69 C3F8A10C 5B3FAB75 AB9F5380 300D0609
2A864886 F70D0101 04050003 81810070 6168D715 887BDE38 039974F2 6ADC433B
4C66C2E8 8E39BB49 198E13CD 8271AB36 C98175FD 186FFCD5 1269C8D3 EBF12948
926067C2 77DA06F1 9B1D96BA 58110FAA 6FBDF07F AF62185A 0A11705A 880A0D0D
56D826EF B4E1E621 C028DA96 F7F3019A 55D95C1C A4C89461 93AEB53D 8324D298
98216FFB 00574999 29947080 563280
quit
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 0
!
!
!
!
vlan internal allocation policy ascending
!
vlan 10
name BIO_EQUIP
!
vlan 20
name SERVER
!
vlan 30
name UNUSED
!
vlan 40
name USER_NON_INT
!
vlan 50
name USER_INT
!
vlan 53
name DC_NSK
!
!
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache
shutdown
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/4
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/5
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/6
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/7
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/8
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/9
switchport access vlan 40
switchport mode access
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
switchport access vlan 50
switchport mode access
!
interface GigabitEthernet0/12
switchport access vlan 40
switchport mode access
!
interface GigabitEthernet0/13
switchport access vlan 40
switchport mode access
!
interface GigabitEthernet0/14
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet0/15
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet0/16
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet0/17
switchport access vlan 53
switchport mode access
!
interface GigabitEthernet0/18
switchport access vlan 50
!
interface GigabitEthernet0/19
switchport access vlan 50
switchport mode access
!
interface GigabitEthernet0/20
switchport access vlan 40
switchport mode access
!
interface GigabitEthernet0/21
description ***Reliance_MPLS_4Mbps***
no switchport
ip address 172.20.136.137 255.255.255.252
spanning-tree portfast
!
interface GigabitEthernet0/22
no switchport
ip address 172.20.136.142 255.255.255.252
!
interface GigabitEthernet0/23
description ***Vodafone_P2P_4mbps***
no switchport
ip address 172.20.40.142 255.255.255.252
!
interface GigabitEthernet0/24
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/3
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/4
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface TenGigabitEthernet1/1
!
interface TenGigabitEthernet1/2
!
interface Vlan1
ip address 10.40.139.194 255.255.255.192
ip access-group INT_BLOCK in
standby 1 ip 10.40.139.193
standby 1 priority 105
standby 1 preempt
!
interface Vlan10
ip address 10.40.139.2 255.255.255.192
standby 10 ip 10.40.139.5
standby 10 priority 105
standby 10 preempt
!
interface Vlan20
ip address 10.40.139.66 255.255.255.192
standby 20 ip 10.40.139.65
standby 20 priority 105
standby 20 preempt
!
interface Vlan30
ip address 10.40.139.130 255.255.255.192
ip access-group INT_BLOCK in
standby 30 ip 10.40.139.129
standby 30 priority 105
standby 30 preempt
!
interface Vlan40
ip address 10.40.136.2 255.255.255.128
ip helper-address 10.40.139.70
standby 40 ip 10.40.136.1
standby 40 priority 105
standby 40 preempt
!
interface Vlan50
ip address 10.40.136.130 255.255.255.128
ip helper-address 10.40.139.70
standby 50 ip 10.40.136.129
standby 50 priority 105
standby 50 preempt
!
interface Vlan53
ip address 10.53.32.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.20.136.141
ip route 10.40.0.0 255.255.0.0 172.20.40.141
ip route 10.40.33.75 255.255.255.255 172.20.136.138
ip route 172.18.1.0 255.255.255.0 172.20.40.141
ip http server
ip http secure-server
!
ip access-list extended INT_BLOCK
permit ip any 10.0.0.0 0.255.255.255
permit ip any 172.16.0.0 0.15.255.255
permit ip any 192.168.0.0 0.0.255.255
permit ip 10.40.136.128 0.0.0.127 any
!
ip sla 1
icmp-echo 172.20.40.141 source-ip 172.20.40.142
ip sla schedule 1 life forever start-time now
!

* ************************************************************************* *
* *
*****************************************************************************
^C
banner motd ^CC$
" Welcome to Apollo Hospital"
^C
privilege interface level 7 shut
privilege interface level 7 no shut
privilege configure level 7 interface gi
privilege exec level 7 show
privilege exec level 7 show run
privilege exec level 7 show tech-support
privilege exec level 7 config t
!
line con 0
password 7 045802150C2E
login
line vty 0 4
password 7 045802150C2E
login local
line vty 5 15
password 7 045802150C2E
login local
!
ntp server 10.40.139.70
end

Julio E. Moisa · ‎08-28-2017

Hi

The question is not clear, but this switch could be active HSRP switch for these vlans because it is using highest priority than 100 (default)

Basically you are creating an SVI (interface vlan) for these networks, and in order to be able to use it you must create the VLAN, now this VLAN must be passing between a trunk interface between the switches used for HSRP.

For example for the VLAN 10 who has the subnet 10.40.139.0/26

interface Vlan10 <--- SVI
ip address 10.40.139.2 255.255.255.192 <---- IP address for the active HSRP
standby 10 ip 10.40.139.5 <---- Virtual IP, it is usually the gateway for the network in this case for: 10.40.139.0/26
standby 10 priority 105 <--- Priority, higher priority is preferred to be the active HSRP.
standby 10 preempt <--- It is used to return be the active once the devices or SVI is up again.

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

Julio E. Moisa · ‎08-28-2017

Hi Brijendra,

No worries :-) Im happy to assist you

Ok about why there are many VLANs, well the VLANs are used to separate traffic from subnets, for example, you can have a VLAN for IT, Accounting, HR, Management, Execute team, etc. This is a method to provide security, limit the broadcast domains, etc.

Now if you want to enable communication between VLANs you have to deploy a Layer 3 devices like a router, multilayer switch or firewalls.

On your switch I can see several VLANs, I think they are created for specific users, a good practices is create a description for each VLAN, you can use the command show vlan or show vlan brief to identify the VLANs created on the switch.

There are VLANs created by default: Vlan 1, 1002-1005. These VLAN cannot be deleted but they can be disabled through SVI, for example to disable the VLAN 1 (And you must do that for security reasons) you can execute:

interface vlan 1
shutdown

Additional to be implemented for user subnets, the VLANs can be used to enable a Layer 3 point to point between 2 multilayer switches and with that you can run routing protocols between them to know other subnets located in different devices.

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

Julio E. Moisa · ‎08-28-2017

Hi Brijendra,

Yes, the interfaces: Gi0/11, Gi0/18, Gi0/19 are used over the VLAN 50, now in some cases you will see the ports associated to other VLAN as well, the reason is you can configure the voice vlan on the same interface, example:

Vlan 100
name DATA

Vlan 101

name VOICE

interface g1/0/1

switchport

switchport access vlan 100

switchport voice vlan 101

switchport mode access

no shutdown

About the other question:

The following interface is working in Trunk mode, The Trunk interfaces are used to interconnect 2 switches and pass through it the VLANs.

interface GigabitEthernet0/8
switchport trunk encapsulation dot1q
switchport mode trunk

The following ports are destinated to be used by end users. G0/9 is associated to VLAN 40, G0/10 is using the default VLAN (VLAN 1), G0/11 is associated to the VLAN 50.

All the ports configured in access mode are destined to be used by end users, and also they can be used to interconnect 2 devices with routing protocols.

interface GigabitEthernet0/9
switchport access vlan 40
switchport mode access
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
switchport access vlan 50
switchport mode access

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

Rob Ingram · ‎08-28-2017

Hi,

There does not appear to be a question. What do you want do know about the configuration?

brijendrasaini · ‎08-28-2017

how hsrp is working and vlan is there how they working.

Julio E. Moisa · ‎08-28-2017

Hi

The question is not clear, but this switch could be active HSRP switch for these vlans because it is using highest priority than 100 (default)

Basically you are creating an SVI (interface vlan) for these networks, and in order to be able to use it you must create the VLAN, now this VLAN must be passing between a trunk interface between the switches used for HSRP.

For example for the VLAN 10 who has the subnet 10.40.139.0/26

interface Vlan10 <--- SVI
ip address 10.40.139.2 255.255.255.192 <---- IP address for the active HSRP
standby 10 ip 10.40.139.5 <---- Virtual IP, it is usually the gateway for the network in this case for: 10.40.139.0/26
standby 10 priority 105 <--- Priority, higher priority is preferred to be the active HSRP.
standby 10 preempt <--- It is used to return be the active once the devices or SVI is up again.

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

brijendrasaini · ‎08-28-2017

hi julio thanks for replay i am new in ccna thats why i have lots of question,

i m not understand why to much vlan are there and how they work can u plaese guide me

REgards

Brijendra

Julio E. Moisa · ‎08-28-2017

Hi Brijendra,

No worries :-) Im happy to assist you

Ok about why there are many VLANs, well the VLANs are used to separate traffic from subnets, for example, you can have a VLAN for IT, Accounting, HR, Management, Execute team, etc. This is a method to provide security, limit the broadcast domains, etc.

Now if you want to enable communication between VLANs you have to deploy a Layer 3 devices like a router, multilayer switch or firewalls.

On your switch I can see several VLANs, I think they are created for specific users, a good practices is create a description for each VLAN, you can use the command show vlan or show vlan brief to identify the VLANs created on the switch.

There are VLANs created by default: Vlan 1, 1002-1005. These VLAN cannot be deleted but they can be disabled through SVI, for example to disable the VLAN 1 (And you must do that for security reasons) you can execute:

interface vlan 1
shutdown

Additional to be implemented for user subnets, the VLANs can be used to enable a Layer 3 point to point between 2 multilayer switches and with that you can run routing protocols between them to know other subnets located in different devices.

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

brijendrasaini · ‎08-28-2017

hi julio,

Thanks i m happy i have vlan as below :-

EH_NSK_BSMT_CORE_1#show vlan brief

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/10, Gi1/1, Gi1/2, Gi1/3, Gi1/4
10 BIO_EQUIP active
20 SERVER active Gi0/14, Gi0/15, Gi0/16
30 UNUSED active
40 USER_NON_INT active Gi0/9, Gi0/12, Gi0/13, Gi0/20
50 USER_INT active Gi0/11, Gi0/18, Gi0/19
53 DC_NSK active Gi0/17
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup

According to above if port number gi0/11,18,19 only use for vlan 50

and more what is difference between below,according to me one use for making trunk link and second give access to vlan

interface GigabitEthernet0/8
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/9
switchport access vlan 40
switchport mode access
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
switchport access vlan 50
switchport mode access

Julio E. Moisa · ‎08-28-2017

Hi Brijendra,

Yes, the interfaces: Gi0/11, Gi0/18, Gi0/19 are used over the VLAN 50, now in some cases you will see the ports associated to other VLAN as well, the reason is you can configure the voice vlan on the same interface, example:

Vlan 100
name DATA

Vlan 101

name VOICE

interface g1/0/1

switchport

switchport access vlan 100

switchport voice vlan 101

switchport mode access

no shutdown

About the other question:

The following interface is working in Trunk mode, The Trunk interfaces are used to interconnect 2 switches and pass through it the VLANs.

interface GigabitEthernet0/8
switchport trunk encapsulation dot1q
switchport mode trunk

The following ports are destinated to be used by end users. G0/9 is associated to VLAN 40, G0/10 is using the default VLAN (VLAN 1), G0/11 is associated to the VLAN 50.

All the ports configured in access mode are destined to be used by end users, and also they can be used to interconnect 2 devices with routing protocols.

interface GigabitEthernet0/9
switchport access vlan 40
switchport mode access
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
switchport access vlan 50
switchport mode access

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

brijendrasaini · ‎08-28-2017

Really thanks julio.

Regards

Brijendra

Julio E. Moisa · ‎08-28-2017

You are welcome my friend,

If you have other questions or doubts please don't hesitate to contact me.

Have a great day

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<