Config Lab: Layer 3 Switching 1

Wendell Odom
By Wendell Odom September 17, 2021 11:05

This next lab asks you to enable layer 3 switching in a couple of distribution layer switches. This lab is pretty far reaching as well, asking for some VLAN trunking configuration and VLAN creation. Because it is such a comprehensive lab, rather than the usual 5-10 minute exercise, plan on 15 minutes to do this one in a text editor. Dig in and enjoy!

All about Config Labs

The blog has a series of lab exercises called “Config Labs.” Each lab presents a topology with the relevant initial configuration for each device. The lab also lists new requirements, after which you should create the additional configuration to meet those requirements. You can do the lab on paper, in a text editor, or use software tools like Cisco Packet Tracer or Cisco Modeling Labs.

Once you have created your answer, you can click various tabs at the bottom of this post to see the lab answers, comments about the lab, and other helpful information.

The Lab Exercise

Requirements

In this design, you will create the routing configuration required to support four user VLANs. Two user VLANs exist on switch Access1 (VLANs 10 and 20), and two user VLANs exist on switch Access2 (VLANs 30 and 40). The two distribution switches route between those VLANs, using a link between the two switches to route packets between the distribution switches.

The specific rules for this lab are:

  • Configure the access switches (Access1 and Access2):
    • As layer 2 switches
    • Create the necessary VLANs per the figure
    • Assume VTP Transparent mode is in use on all switches
    • Configure the ports on the bottom of the access switches (in the figure) to be access ports in the listed VLANs
  • Configure trunks:
    • Make the link from switch Dist1 to Access1 a manual 802.1Q trunk
    • Make the link from switch Dist2 to Access2 a manual 802.1Q trunk
    • (Do NOT make the Dist1 to Dist2 link a trunk)
  • Configure the distribution switches (Dist1 and Dist2)
    • As layer 3 switches
    • Use SVIs for the switches’ layer 3 interfaces (that is, VLAN interfaces)
    • Use the IP addresses listed in the figure
    • Create the necessary VLANs per the figure
    • Assume VTP transparent mode
  • Configure the link between the distribution switches
    • Do not trunk on this link
    • Make this link an access link in VLAN 50
    • Route between switches Dist1 and Dist2 over this link between the switches
  • Administratively enable all SVI/VLAN interfaces
  • Note that OSPF has been pre-configured in preparation for your layer 3 switching configuration

 

Figure 1: Switch Square Topology

 

Initial Configuration

Examples 1, 2, 3, and 4 show the beginning configuration state of Dist1, Dist2, Access1, and Access2.

 

Example 1: Dist1 Config

 

Example 2: Dist2 Config

 

Example 3: Access1 Config

 

Example 4: Access2 Config

Answer Options - Click Tabs to Reveal

You can learn a lot and strengthen real learning of the topics by creating the configuration – even without a router or switch CLI. In fact, these labs were originally built to be used solely as a paper exercise!

To answer, just think about the lab. Refer to your primary learning material for CCNA, your notes, and create the configuration on paper or in a text editor. Then check your answer versus the answer post, which is linked at the bottom of the lab, just above the comments section.

You can also implement the lab using the Cisco Packet Tracer network simulator. With this option, you use Cisco’s free Packet Tracer simulator. You open a file that begins with the initial configuration already loaded. Then you implement your configuration and test to determine if it met the requirements of the lab.

(Use this link for more information about Cisco Packet Tracer.)

Use this workflow to do the labs in Cisco Packet Tracer:

  1. Download the .pkt file linked below.
  2. Open the .pkt file, creating a working lab with the same topology and interfaces as the lab exercise.
  3. Add your planned configuration to the lab.
  4. Test the configuration using some of the suggestions below.

Download this lab’s Packet Tracer File

You can also implement the lab using Cisco Modeling Labs – Personal (CML-P). CML-P (or simply CML) replaced Cisco Virtual Internet Routing Lab (VIRL) software in 2020, in effect serving as VIRL Version 2.

If you prefer to use CML, use a similar workflow as you would use if using Cisco Packet Tracer, as follows:

  1. Download the CML file (filetype .yaml) linked below.
  2. Import the lab’s CML file into CML and then start the lab.
  3. Compare the lab topology and interface IDs to this lab, as they may differ (more detail below).
  4. Add your planned configuration to the lab.
  5. Test the configuration using some of the suggestions below.

Download this lab’s CML file!

 

Network Device Info:

This table lists the interfaces used in the lab exercise documentation that differ from those used in the sample CML file.

Device Lab Port  CML Port
Dist1 G1/1/1 G0/1
Dist1 G1/1/2 G0/2
Dist2 G1/1/1 G0/1
Dist2 G1/1/2 G0/2
Access1 G1/1/1 G0/1
Access1 G1/0/1 G0/3
Access1 G1/0/2 G0/2
Access2 G1/1/1 G0/1
Access2 G1/0/1 G0/3
Access2 G1/0/2 G0/2

Lab Answers Below: Spoiler Alert

Lab Answers: Configuration (Click Tab to Reveal)

Answers

Figure 1: Switch Square Topology

 

Example 1: Dist1 Config

 

Example 2: Dist2 Config

 

Example 3: Access1 Config

 

Example 4: Access2 Config

Commentary, Issues, and Verification Tips (Click Tabs to Reveal)

Commentary

Layer 3 switching has become the preferred method for layer 3 forwarding in LANs as compared with using routers. Layer 3 switching relies of LAN switching hardware that often performs both layer 2 and layer 3 forwarding at higher capacities (more messages per second) than comparable routers. Also, using layer 3 switches instead of routers avoids having to use the Router-on-a-Stick method required for routers, which sends packets over a link to a router and then back out that same physical link. As a result, many campus and data center networks are built with switches only, with routers sitting only at the edge of the WAN.

With this lab you were tasked with configuring switches as both layer 2 and layer 3. The access switches will utilize only their layer 2 features while their distribution counterparts will use both their layer 2 and layer 3 features. In this case, the layer 3 distribution switches could act as gateways for PCs attached to the access switch interfaces.

Begin by looking at the configuration of the Access1 switch and the two access VLANs. Two interfaces will be access ports that connect to two different LANs. To create the two VLANs use the vlan 10 and vlan 20 commands. (Note that you could configure both in one command with the vlan 10,20 command as shown in Example 3.) To configure interface GigabitEthernet0/2 into VLAN 10 use the switchport access vlan 10, to configure interface GigabiEthernet0/3 into VLAN 20 use the switchport access vlan 20 command.

Similarly, switch Access2 switch has two access VLANs, 30 and 40, and would be configured with similar commands: vlan 30,  vlan 40 and on the respective interfaces, switchport access vlan 30 and switchport access vlan 40.

To create trunks between Access1 and Dist1, plus Acces2 and Dist2, the requirements asked for a manually configured trunk. Basically that means to use the switchport mode trunk interface subcommand on the interfaces on both ends of the trunk.

The distribution switch configuration is a bit more complex as it uses trunks, access ports and layer 3 VLAN interfaces.

At the distribution layer of the design, first consider switch Dist1 and its three VLANs: 10, 20, and 50. Dist1 will need to route for the subnets defined on those three VLANs. First, Dist1 must know about the three VLANs (not VLAN interfaces), so the configuration includes the vlan 10,20,50 command, which defines all three VLANs as if you had typed the vlan 10, vlan 20 and vlan 50 commands separately.

Next, you need to configure a matching VLAN interface for each VLAN with the associated interface subcommands. In each case, you need to configure the IP address as shown in the figure. Also, some switches start with VLAN interfaces in a shutdown state, so to make sure the interface comes up, use the no shutdown command. Example 1 lists the details.

Each of the two distribution switches must also enable layer 3 switching. On some models of switches, the switch first requires that the switching ASIC be enabled to support IPv4 routing with a command like the sdm prefer command, followed by a reload exec command. (This lab does not show that part of the configuration). The switch also needs to have IPv4 routing enabled, which requires the ip routing global configuration command. (That command is listed in the configuration in both Example 1 and Example 2.)

The final part of the configuration on Dist1 calls for the Dist1 to Dist2 link to be an access link in VLAN 50. So, configure Dist1 interface GigabitEthernet0/1 into VLAN 50 use the switchport access vlan 50 command.

Moving on to switch Dist2, it uses similar logic to Dist1, but with different details. Dist2 routes for the subnets sitting on VLANs 30, 40 and 50. As a result, you need to create the VLANs by using the the vlan 30, vlan 40 and vlan 50 commands. Then, as on Dist1, you would enable IPv4 routing (ip routing), create a VLAN interface corresponding to each VLAN (for instance, interface vlan 30), then configure an IP address (for instance, ip address 10.10.30.1 255.255.255.0), and enable the interface (no shutdown).

Known Issues in this Lab

This section of each Config Lab Answers post hopes to help with those issues by listing any known issues with Packet Tracer related to this lab. In this case, the issues are:

# Summary Detail
1 None No known issues related to this lab.

 

Why Would Cisco Packet Tracer Have Issues?

(Note: The below text is the same in every Config Lab.)

Cisco Packet Tracer (CPT) simulates Cisco routers and switches. However, CPT does not run the same software that runs in real Cisco routers and switches. Instead, developers wrote CPT to predict the output a real router or switch would display given the same topology and configuration – but without performing all the same tasks, an actual device has to do. On a positive note, CPT requires far less CPU and RAM than a lab full of devices so that you can run CPT on your computer as an app. In addition, simulators like CPT help you learn about the Cisco router/switch user interface – the Command Line Interface (CLI) – without having to own real devices.

CPT can have issues compared to real devices because CPT does not run the same software as Cisco devices. CPT does not support all commands or parameters of a command. CPT may supply output from a command that differs in some ways from what an actual device would give. Those differences can be a problem for anyone learning networking technology because you may not have experience with that technology on real gear – so you may not notice the differences. So this section lists differences and issues that we have seen when using CPT to do this lab.

Beyond comparing your answers to this lab’s Answers post, you can test in Cisco Packet Tracer (CPT) or Cisco Modeling Labs (CML). In fact, you can and should explore the lab once configured. For this lab, once you have completed the configuration, try these verification steps. 

On the distribution switches:

  1. Check that the VLANs have been created by using the show vlan brief command.
  2. Check that the VLAN interfaces were configured with the show ip interfaces brief and/or show running-config commands.
  3. Check that the trunks are operational using the show interfaces trunk command.

On the Access switches:

  1. Check that the VLANs have been created and assigned properly using the show vlan brief command.
  2. Verify that the trunks are operational using the show interfaces trunk command.

More Labs with Related Content!

Config Lab: ROAS Basics 1
Config Lab: Layer 3 Switching 2
Wendell Odom
By Wendell Odom September 17, 2021 11:05
Write a comment

8 Comments

  1. almeidajoaodealmeida December 5, 03:24

    Hi Mr. Wendell, I have a few doubts…:
    1. What would it be the result if we configured de interfaces that link Dist1 & Dist2 as routed ports?
    2. If we configured the link between Dist1 & Dist2 as a trunk

    Reply to this comment
    • certskills December 8, 14:11

      Hello again,
      Great questions.
      I think you’ll see that a similar lab, https://blog.certskills.com/clab152, does what you describe in your #2. It has two distribution switches, asks for layer 3 switching using SVIs. As a result, you need a layer 2 path between the two switches, and the lab asks for trunking between dist1 and dist 2.
      As for your #1, this lab (https://blog.certskills.com/clab302/) is similar enough to be of some help. But to answer your question, you do not create the SVIs, but configure the physical ports on each end of the Dist1-Dist2 link as Layer 3 ports (no switchport), configure IP addresses, and you’re done.
      The rule of thumb, generally, is this: if you need to route to endpoints that connect to Layer 2 ports, you need an SVI. But if you need to connect two layer 3 switches, or a layer 3 switch and a router, so you have a point-point routed connection, use routed ports. That lab 302 link above is a lab that focuses on the routed port.
      Hope this helps,
      Wendell

      Reply to this comment
  2. Chris January 14, 09:28

    Hi, is it true that if a switch recieves a frame with a destination mac address where there is another mac address in the mac address table, the switch still broadcasts out on all ports to find the mac address it’s looking for?

    Reply to this comment
    • certskills January 14, 14:17

      Chris,
      If I’m understanding your statement, then the answer is yes.
      More specifically to clarify…
      The MAC table list MAC A in the table, but not MAC B.
      A frame arrives with destination of MAC B.
      Therefore, the switch “floods” the frame out all ports (except the port in which the frame arrived.)
      The presence/absence of the MAC table entry for MAC address A is unrelated to the decision when forwarding a frame sent to MAC address B, no matter what information about MAC A is in the table.

      Reply to this comment
  3. Emil February 7, 11:46

    I think there’s a typo in the answer config for the distribution switches on line 5, and access switches on line 3: shouldn’t it be interface GigabitEthernet1/1/1 (instead of interface GigabitEthernet0/1)?

    Reply to this comment
    • Emil February 7, 11:47

      Also, the instructions say “Note that RIPv2 has been pre-configured in preparation for your layer 3 switching configuration,” but I think you meant OSPF.

      Reply to this comment
      • Punya Athma May 9, 03:32

        Exactly I too puzzled by these two very visible print errors slipped through the proofreading perhaps!!!!
        Will be very happy to learn from you actually what happened.

        Reply to this comment
      • certskills May 12, 08:57

        Hi Emil,
        Thanks! Yep, looks like a review step was missed when we migrated this lab. The older version used different interface IDs and those had not been updated in the blog post. My mistake. Should all be fixed now. Thanks for the heads up.
        Regards,
        Wendell

        Reply to this comment
View comments

Write a comment

Leave a Reply to almeidajoaodealmeida Cancel reply

Subscribe

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

Search

Categories