Configuración de ACL numeradas extendidas En GNS3

Configuración y aplicación de ACL numeradas extendidas En GNS3

Filtro extendido de ACL basado en la dirección de origen y destino, así como los protocolos de capa 4 TCP y UDP.

1.- Configurar los nombres de host en R1 y R2

2.- Configurar en R1 s1/0 como DCE para proveer un clock rate de

80640kbps a R2 más sus correspondientes direcciones IP.

3.- Configurar una ruta predeterminada estática en el R1 señalando a R2 (sobre la conexión serial entre los dos Routers). Configure también una ruta predeterminada estática en el R3 señalando al R1 vía la conexión serial entre los dos Routers y las interfaces de loopback especificadas en el diagrama.

R1#conf t  

Enter configuration commands, one per line.  End with CNTL/Z.

R1(config)#inter s1/0

R1(config-if)#ip add 172.16.1.1 255.255.255.192

R1(config-if)#no shu

R1(config-if)#

*Mar  1 00:09:59.939: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up

R1(config-if)#

*Mar  1 00:10:00.943: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up

R1(config-if)#clock rate 80640

R2#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

R2(config)#inter s1/0

R2(config-if)#ip add 172.16.1.2 255.255.255.192

R2(config-if)#no shu

R2(config-if)#

*Mar  1 00:10:57.499: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up

R2(config-if)#

*Mar  1 00:10:58.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up

R2(config-if)#do ping 172.16.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/14/24 ms

R2(config-if)#end

R2#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

R2(config)#ip route 0.0.0.0 0.0.0.0 s1/0 172.16.1.1

R2(config)#

R2(config)#inter loop10 

R2(config-if)#ip a

*Mar  1 00:18:45.775: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback10, changed state to up

R2(config-if)#ip add 10.10.10.2 255.255.255.128

R2(config-if)#inter loop20

R2(config-if)#ip 

*Mar  1 00:20:55.915: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback20, changed state to up

R2(config-if)#ip add 10.20.20.2 255.255.255.240

R2(config-if)#inter loop30

R2(config-if)#ip ad 

*Mar  1 00:21:32.163: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback30, changed state to up

R2(config-if)#ip add 10.30.30.2 255.255.255.248

R2(config-if)#end

R2#sh ip inter b

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0/0            unassigned      YES unset  administratively down down    

FastEthernet0/1            unassigned      YES unset  administratively down down    

Serial1/0                  172.16.1.2      YES manual up                    up      

Serial1/1                  unassigned      YES unset  administratively down down    

Serial1/2                  unassigned      YES unset  administratively down down    

Serial1/3                  unassigned      YES unset  administratively down down    

Loopback10                 10.10.10.2      YES manual up                    up      

Loopback20                 10.20.20.2      YES manual up                    up      

Loopback30                 10.30.30.2      YES manual up                    up      

R2#

R1#

R1#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

R1(config)#ip route 0.0.0.0 0.0.0.0 s1/0 172.16.1.2

R1(config)#inter loop10

*Mar  1 00:27:12.687: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback10, changed state to up

R1(config-if)#ip add 172.16.4.1 255.255.255.192

R1(config-if)#exit

R1(config)#inter loop20

*Mar  1 00:27:57.675: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback20, changed state to up

R1(config-if)#ip add 172.17.5.1 255.255.255.248

R1(config-if)#end

R1#

R1#sh ip inter b

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0/0            unassigned      YES unset  administratively down down    

FastEthernet0/1            unassigned      YES unset  administratively down down    

Serial1/0                  172.16.1.1      YES manual up                    up      

Serial1/1                  unassigned      YES unset  administratively down down    

Serial1/2                  unassigned      YES unset  administratively down down    

Serial1/3                  unassigned      YES unset  administratively down down    

Loopback10                 172.16.4.1      YES manual up                    up      

Loopback20                 172.17.5.1      YES manual up                    up      

R1#

R2#ping 172.16.4.1 source loop10

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.4.1, timeout is 2 seconds:

Packet sent with a source address of 10.10.10.2 

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 76/79/84 ms

R2#

R2#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

R2(config)#enable secret CISCO

R2(config)#line vty 0 903

R2(config-line)#password CISCO

R2(config-line)#login

R2(config-line)#end

R2#

*Mar  1 00:35:48.115: %SYS-5-CONFIG_I: Configured from console by console

R2#

R1#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

R1(config)#enable secret CISCO

R1(config)#line vty 0 903

R1(config-line)#end

*Mar  1 00:40:22.755: %SYS-5-CONFIG_I: Configured from console by console

R1#

R2#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

R2(config)#access 170 permit tcp 172.16.4.0 0.0.0.63 10.20.20.0 0.0.0.15 eq telnet 

R2(config)#access-l 170 perm tcp 172.16.4.0 0.0.0.63 10.30.30.0 0.0.0.7 eq telnet

R2(config)#access- 170 perm icmp 172.17.5.0 0.0.0.7 10.10.10.0 0.0.0.127 echo

R2(config)#access 170 perm icmp 172.17.5.0 0.0.0.7 10.10.10.0 0.0.0.127 echo-reply

R2(config)#inter s1/0

R2(config-if)#ip access-group 170 in

R2(config-if)#end

R2#sh ip access-lists 170

Extended IP access list 170

    10 permit tcp 172.16.4.0 0.0.0.63 10.20.20.0 0.0.0.15 eq telnet

    20 permit tcp 172.16.4.0 0.0.0.63 10.30.30.0 0.0.0.7 eq telnet

    30 permit icmp 172.17.5.0 0.0.0.7 10.10.10.0 0.0.0.127 echo

    40 permit icmp 172.17.5.0 0.0.0.7 10.10.10.0 0.0.0.127 echo-reply

R1#

R1#telnet 10.30.30.2 /source-interface loopback10

Trying 10.30.30.2 ... Open

User Access Verification

Password: 

R2>en

Password: 

R2#exit

R1#telnet 10.20.20.2 /source-interface loopback10

Trying 10.20.20.2 ... Open

User Access Verification

Password: 

R2>en

Password: 

R2#exit

R1#ping 10.10.10.2 source loopback20

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:

Packet sent with a source address of 172.17.5.1 

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 76/80/88 ms

R1#

R2#sh ip access-lists 170

Extended IP access list 170

    10 permit tcp 172.16.4.0 0.0.0.63 10.20.20.0 0.0.0.15 eq telnet (234 matches)

    20 permit tcp 172.16.4.0 0.0.0.63 10.30.30.0 0.0.0.7 eq telnet (129 matches)

    30 permit icmp 172.17.5.0 0.0.0.7 10.10.10.0 0.0.0.127 echo (45 matches)

    40 permit icmp 172.17.5.0 0.0.0.7 10.10.10.0 0.0.0.127 echo-reply

R2#exit

R1#

IOS es genial!.

ACLs Inbound Cisco GNS3

Configurar y aplicar Extended Numbered ACLs Inbound en GNS3:

Configurar R1 y R2 para permitir acceso vía telnet.

R2(config)#enable secret CISCO

R2(config)#line vt

R2(config)#line vty 0 903

R2(config-line)#password CISCO

R2(config-line)#login

R2(config-line)#end 

R1(config)#enable secret CISCO

R1(config)#line vt

R1(config)#line vty 0 903

R1(config-line)#password CISCO

R1(config-line)#login

R1(config-line)#end 

Implementar las direcciones IP correspondientes a las interfaces seriales 1/0, en R1 y R2.

R1#conf t

R1(config)#inter se1/0 

R1(config-if)#ip addr 172.16.1.1 255.255.255.192

R1(config-if)#no shut

R2#conf t

R2(config)#inter

R2(config)#interface se1/0

R2(config-if)#ip addr 172.16.1.2 255.255.255.192

R2(config-if)#no shut

Configurar las interfaces loopback 10,20 y 30 y sus correspondientes IPs:

R2(config)#interface loopback 10               

R2(config-if)#ip add 10.10.10.3  255.255.255.128

R2(config-if)#exit

R2(config)#interface loopback 20               

R2(config-if)#ip add 10.20.20.3  255.255.255.240

R2(config-if)#exit

R2(config)#interface loopback 30               

R2(config-if)#ip add 10.30.30.3  255.255.255.248 

Este comando establece una ruta predeterminada para subredes de destino que no están en la tabla de enrutamiento, "gateway del último recurso" configurado en su tabla de rutas IP.

R1(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.2 

R2(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.1 

Access-lists (R1).

R1#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

R1(config)#access-list 150 deny tcp 10.20.20.0 0.0.0.15 any eq telnet

R1(config)#access-list 150 permit tcp 10.30.30.0 0.0.0.7 any eq telnet

R1(config)#access-list 150 permit icmp 10.20.20.0 0.0.0.15 any echo

R1(config)#inter s1/0

R1(config-if)#ip access-group 150 in

R1(config-if)#^Z   

R1#sh ip access-lists 

Extended IP access list 150

    10 deny tcp 10.20.20.0 0.0.0.15 any eq telnet

    20 permit tcp 10.30.30.0 0.0.0.7 any eq telnet

    30 permit icmp 10.20.20.0 0.0.0.15 any echo

    40 permit tcp 10.10.10.0 0.0.0.127 any eq telnet

R2#ping 172.16.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:

UUUUU

Success rate is 0 percent (0/5)

R2#telnet 172.16.1.1 /source- 

R2#telnet 172.16.1.1 /source-interface loopback

R2#telnet 172.16.1.1 /source-interface loopback 20

Trying 172.16.1.1 ... 

% Destination unreachable; gateway or host down

R2#telnet 172.16.1.1 /source-interface loopback 30

Trying 172.16.1.1 ... Open

User Access Verification

Password: 

R1>en

Password: 

R1#exit

[Connection to 172.16.1.1 closed by foreign host]

R2#ping 172.16.1.1 source 10.20.20.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:

Packet sent with a source address of 10.20.20.3 

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 16/21/24 ms

R2#telnet 172.16.1.1 /source-interface loopback 10

Trying 172.16.1.1 ... Open

User Access Verification

Password: 

R1>en

Password: 

R1#exit

Permitir ping a la interface serial 1/0 de R1

R1(config)#access-list 150 permit icmp 172.16.1.0 0.0.0.127 any echo

R1#sh ip access-lists 

Extended IP access list 150

    10 deny tcp 10.20.20.0 0.0.0.15 any eq telnet (3 matches)

    20 permit tcp 10.30.30.0 0.0.0.7 any eq telnet (174 matches)

    30 permit icmp 10.20.20.0 0.0.0.15 any echo (30 matches)

    40 permit tcp 10.10.10.0 0.0.0.127 any eq telnet (111 matches)

    50 permit icmp 172.16.1.0 0.0.0.63 any echo (15 matches)

R1#

R2#ping 172.16.1.1                  

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 76/77/80 ms

R2#

GNS3 es genial!.

Configurar y permitir el enrutamiento inter-VLAN Cisco EVE-NG

En computación, un Router on A Stick (ROAS), es un router que tiene una sola conexión física o lógica a una red. Es un método de ruteo inter-VLAN (redes de área local virtual) donde un router está conectado a un Switch vía un solo cable. El router tiene conexiones físicas a los dominios de broadcast donde uno o más VLAN requieren de enrutamiento entre ellos.

Configurar Sw1 y Sw2 como switches VTP transparentes:

Sw1#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

Sw1(config)#vtp mode Transparent

Setting device to VTP TRANSPARENT mode.

Sw1(config)#vtp domain CISCO

Changing VTP domain name from NULL to CISCO

Sw1(config)#vtp password cisco-vtp

Setting device VLAN database password to cisco-vtp

Sw1(config)#do sh vtp status

VTP Version                     : 2

Configuration Revision          : 0

Maximum VLANs supported locally : 36

Number of existing VLANs        : 5

VTP Operating Mode              : Transparent

VTP Domain Name                 : CISCO

VTP Pruning Mode                : Disabled

VTP V2 Mode                     : Disabled

VTP Traps Generation            : Disabled

MD5 digest                      : 0xC3 0xD3 0x78 0x64 0x81 0xE5 0xE4 0x17

Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00

Sw1(config)#

Sw2#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

Sw2(config)#vtp mode Transparent

Setting device to VTP TRANSPARENT mode.

Sw2(config)#vtp domain CISCO

Changing VTP domain name from NULL to CISCO

Sw2(config)#vtp password cisco-vtp

Setting device VLAN database password to cisco-vtp

Sw2(config)#do sh vtp status

VTP Version                     : 2

Configuration Revision          : 0

Maximum VLANs supported locally : 36

Number of existing VLANs        : 5

VTP Operating Mode              : Transparent

VTP Domain Name                 : CISCO

VTP Pruning Mode                : Disabled

VTP V2 Mode                     : Disabled

VTP Traps Generation            : Disabled

MD5 digest                      : 0xC3 0xD3 0x78 0x64 0x81 0xE5 0xE4 0x17

Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00

Sw2(config)#

Vlans 10,20,30,40 y su nombre correspondiente. Interface e0/0 y e0/1 modo trunk, permitir vlan 1,10,20,30,40. Interface e0/2 access vlan 20.

Sw1#config t

Enter configuration commands, one per line. End with CNTL/Z. 

Sw1(config)#interface e0/0

Sw1(config-if)#switchport mode trunk

Sw1(config-if)#exit

Sw1(config)#vlan 10

Sw1(config-vlan)#name SALES

Sw1(config-vlan)#exit

Sw1(config)#vlan 20

Sw1(config-vlan)#name STATIC

Sw1(config-vlan)#exit

Sw1(config)#vlan 30

Sw1(config-vlan)#name ADMIN

Sw1(config-vlan)#exit

Sw1(config)#interface e0/0

Sw1(config-if)#switchport trunk allowed vlan 1,10,20,30,40

Sw1(config)#vlan 40

Sw1(config-vlan)#name VoIP 

Sw1(config-vlan)#exit

Sw1(config)#interface e0/1 

Sw1(config-if)#switchport mode trunk 

Sw1(config-if)#switchport trunk allowed vlan 1,10,20,30,40

Sw1(config-if)#exit

Sw1(config)#interface e0/2 

Sw1(config-if)#switchport mode access 

Sw1(config-if)#switchport access vlan 20 

Sw1(config-if)#end

Sw1#

Verificar interfaces trunk en sw1:

Sw1#sh interfaces trunk

Port        Mode          Encapsulation  Status      Native vlan

Et0/0       on               802.1q         trunking      1

Et0/1       on               802.1q         trunking      1

Port        Vlans allowed on trunk

Et0/0       1,10,20,30,40

Et0/1       1,10,20,30,40

Port        Vlans allowed and active in management domain

Et0/0       1,10,20,30,40

Et0/1       1,10,20,30,40

Port        Vlans in spanning tree forwarding state and not pruned

Et0/0       1,10,20,30,40

Et0/1       1,10,20,30,40

Sw1#

Vlans Switch 1:

Sw1#sh vlan b

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                         active    Et0/3

10   SALES                       active

20   STATIC                      active    Et0/2

30   ADMIN                      active

40   VoIP                            active

1002 fddi-default               act/unsup

1003 token-ring-default     act/unsup

1004 fddinet-default          act/unsup

1005 trnet-default              act/unsup

Sw1#

Vlans 10,20,30,40 y su nombre correspondiente. Interface e0/0 modo trunk, permitir vlan 1,10,20,30,40. Interface e0/1 access vlan 30, interface e0/2 access vlan 40.

Sw2#config t

Enter configuration commands, one per line. End with CNTL/Z.

Sw2(config)#interface e0/0 

Sw2(config-if)#switchport mode trunk 

Sw2(config-if)#exit

Sw2(config)#vlan 10 

Sw2(config-vlan)#name SALES 

Sw2(config-vlan)#exit

Sw2(config)#vlan 20 

Sw2(config-vlan)#name STATIC 

Sw2(config-vlan)#exit

Sw2(config)#vlan 30 

Sw2(config-vlan)#name ADMIN 

Sw2(config-vlan)#exit

Sw2(config)#vlan 40 

Sw2(config-vlan)#name VoIP 

Sw2(config-vlan)#exit 

Sw2(config)#interface e0/0 

Sw1(config-if)#switchport trunk allowed vlan 1,10,20,30,40

Sw2(config)#interface e0/1 

Sw2(config-if)#switchport mode access 

Sw2(config-if)#switchport access vlan 30 

Sw2(config-if)#exit

Sw2(config)#interface e0/2

Sw2(config-if)#switchport mode access 

Sw2(config-if)#switchport access vlan 40 

Sw2(config-if)#^Z

Sw2#

Verificar interfaces trunk en sw2:

Sw2#show interfaces trunk

Port        Mode          Encapsulation  Status     Native vlan

Et0/0       on              802.1q         trunking      1

Port        Vlans allowed on trunk

Et0/0       1,10,20,30,40

Port        Vlans allowed and active in management domain

Et0/0       1,10,20,30,40

Port        Vlans in spanning tree forwarding state and not pruned

Et0/0       1,10,20,30,40

Sw2#

Vlans en switch2:

Sw2#sh vlan b

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Et0/3

10   SALES                        active

20   STATIC                       active

30   ADMIN                       active    Et0/1

40   VoIP                            active    Et0/2

1002 fddi-default               act/unsup

1003 token-ring-default     act/unsup

1004 fddinet-default          act/unsup

1005 trnet-default              act/unsup

Sw2#

Router On A Stick (ROAS) en R1:

R1#config t

Enter configuration commands, one per line. End with CNTL/Z. 

R1(config)#interface e0/0

R1(config-if)#description "Connected a Sw1 Trunk e0/1" 

R1(config-if)#no shutdown

R1(config-if)#exit

R1(config)#interface e0/0.10 

R1(config-subif)#description Subinterface Para VLAN 10 

R1(config-subif)#encapsulation dot1Q 10

R1(config-subif)#ip address 10.0.10.1 255.255.255.240 R1(config-subif)#exit

R1(config)#interface e0/0.20 

R1(config-subif)#description Subinterface Para VLAN 20 

R1(config-subif)#encapsulation dot1Q 20

R1(config-subif)#ip address 10.0.20.1 255.255.255.128 

R1(config-subif)#exit

R1(config)#interface e0/0.30

R1(config-subif)#description Subinterface Para VLAN 30 

R1(config-subif)#ip address 10.0.30.1 255.255.255.248 

R1(config-subif)#exit

R1(config)#interface e0/0.40 

R1(config-subif)#description Subinterface Para VLAN 40 

R1(config-subif)#encapsulation dot1Q 40 

R1(config-subif)#ip address 10.0.40.1 255.255.255.224 

R1(config-subif)#end

R1#

Verificar configuración:

R1#show ip interface brief

R1#sh ip interface b

Interface                  IP-Address      OK? Method Status                Protocol

Ethernet0/0                unassigned      YES NVRAM  up                    up

Ethernet0/0.10             10.0.10.1       YES NVRAM  up                    up

Ethernet0/0.20             10.0.20.1       YES NVRAM  up                    up

Ethernet0/0.30             10.0.30.1       YES NVRAM  up                    up

Ethernet0/0.40             10.0.40.1       YES NVRAM  up                    up

Ethernet0/1                unassigned      YES NVRAM  administratively down down

Ethernet0/2                unassigned      YES NVRAM  administratively down down

Ethernet0/3                unassigned      YES NVRAM  administratively down down

R1#

Dirección IP 10.0.10.2/28 (Vlan 10):

Sw2#conf t

Sw2(config)#interface vlan10

Sw2(config-if)#ip address 10.0.10.2 255.255.255.240 

Sw2(config-if)#no shutdown

Sw2(config)#^Z

Sw2#

Comprobar:

Sw2#sh ip interface b

Interface              IP-Address      OK? Method Status                Protocol

Ethernet0/0            unassigned      YES unset  up                    up

Ethernet0/1            unassigned      YES unset  up                    up

Ethernet0/2            unassigned      YES unset  up                    up

Ethernet0/3            unassigned      YES unset  administratively down down

Vlan1                  unassigned      YES unset  administratively down down

Vlan10                 10.0.10.2       YES manual up                    up

Vlan20                 unassigned      YES unset  administratively down down

Vlan30                 unassigned      YES unset  administratively down down

Vlan40                 unassigned      YES unset  administratively down down

Sw2#

Ping, comprobar conectividad:

R1#ping 10.0.10.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.10.2, timeout is 2 seconds: .!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 1/3/4 ms 

R1#ping 10.0.20.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.20.2, timeout is 2 seconds: .!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 1/3/4 ms 

R1#ping 10.0.30.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.30.3, timeout is 2 seconds: .!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 1/3/4 ms 

R1#ping 10.0.40.4

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.40.4, timeout is 2 seconds: .!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 1/3/4 ms

Archivos de configuración de todos los dispositivos:

Sw1#sh run

Building configuration...

Current configuration : 1150 bytes

!

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

service compress-config

!

hostname Sw1

!

boot-start-marker

boot-end-marker

!

!

!

no aaa new-model

clock timezone CET 1 0

no ipv6 cef

ipv6 multicast rpf use-bgp

!

no ip domain-lookup

ip cef

!

!

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

!

!

!

vlan internal allocation policy ascending

!

!

!

!

!

!

!

!

!

!

interface Ethernet0/0

 switchport trunk encapsulation dot1q

 switchport trunk allowed vlan 1,10,20,30,40

 switchport mode trunk

 duplex auto

!

interface Ethernet0/1

 switchport trunk encapsulation dot1q

 switchport trunk allowed vlan 1,10,20,30,40

 switchport mode trunk

 duplex auto

!

interface Ethernet0/2

 switchport access vlan 20

 switchport mode access

 duplex auto

!

interface Ethernet0/3

 duplex auto

!

interface Vlan10

 no ip address

 shutdown

!

interface Vlan20

 no ip address

 shutdown

!

interface Vlan30

 no ip address

 shutdown

!

interface Vlan40

 no ip address

 shutdown

!

!

no ip http server

!

!

!

!

!

control-plane

!

!

line con 0

 logging synchronous

line aux 0

line vty 0 4

 login

!

end

Sw2#sh run

Building configuration...

Current configuration : 1278 bytes

!

! Last configuration change at 20:05:49 CET Mon Mar 29 2021

!

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

service compress-config

!

hostname Sw2

!

boot-start-marker

boot-end-marker

!

!

!

no aaa new-model

clock timezone CET 1 0

no ipv6 cef

ipv6 multicast rpf use-bgp

!

no ip domain-lookup

ip cef

!

!

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

!

!

!

vlan internal allocation policy ascending

!

!

!

!

!

!

!

!

!

!

interface Ethernet0/0

 switchport trunk encapsulation dot1q

 switchport trunk allowed vlan 1,10,20,30,40

 switchport mode trunk

 duplex auto

!

interface Ethernet0/1

 switchport access vlan 30

 switchport trunk encapsulation dot1q

 switchport mode access

 duplex auto

!

interface Ethernet0/2

 switchport access vlan 40

 switchport mode access

 duplex auto

!

interface Ethernet0/3

 switchport mode access

 shutdown

 duplex auto

!

interface Vlan1

 no ip address

 shutdown

!

interface Vlan10

 ip address 10.0.10.2 255.255.255.240

!

interface Vlan20

 no ip address

 shutdown

!

interface Vlan30

 no ip address

 shutdown

!

interface Vlan40

 no ip address

 shutdown

!

!

no ip http server

!

!

!

!

!

control-plane

!

!

line con 0

 logging synchronous

line aux 0

line vty 0 4

!

end

Sw2#

R1#sh run

Building configuration...

Current configuration : 1561 bytes

!

! Last configuration change at 20:13:31 CET Mon Mar 29 2021

!

version 15.7

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

!

!

no aaa new-model

!

!

!

clock timezone CET 1 0

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

no ip domain lookup

ip cef

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

!

!

!

redundancy

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface Ethernet0/0

 description "Connected a Sw1 Trunk e0/1"

 no ip address

 duplex auto

!

interface Ethernet0/0.10

 description -Subinterface For VLAN 10"

 encapsulation dot1Q 10

 ip address 10.0.10.1 255.255.255.240

!

interface Ethernet0/0.20

 description -Subinterface For VLAN 20"

 encapsulation dot1Q 20

 ip address 10.0.20.1 255.255.255.128

!

interface Ethernet0/0.30

 description -Subinterface For VLAN 30"

 encapsulation dot1Q 30

 ip address 10.0.30.1 255.255.255.248

!

interface Ethernet0/0.40

 description -Subinterface For VLAN 40"

 encapsulation dot1Q 40

 ip address 10.0.40.1 255.255.255.224

!

interface Ethernet0/1

 no ip address

 shutdown

 duplex auto

!

interface Ethernet0/2

 no ip address

 shutdown

 duplex auto

!

interface Ethernet0/3

 no ip address

 shutdown

 duplex auto

!

ip forward-protocol nd

!

!

no ip http server

no ip http secure-server

!

ipv6 ioam timestamp

!

!

!

control-plane

!

!

!

!

!

!

!

!

line con 0

 logging synchronous

line aux 0

line vty 0 4

 login

 transport input none

!

!

end

R1#

R2#sh run

Building configuration...

Current configuration : 1006 bytes

!

! Last configuration change at 15:16:01 CET Mon Mar 29 2021

!

version 15.7

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R2

!

boot-start-marker

boot-end-marker

!

!

!

no aaa new-model

!

!

!

clock timezone CET 1 0

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

ip cef

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

!

!

!

redundancy

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface Ethernet0/0

 ip address 10.0.20.2 255.255.255.128

 duplex auto

!

interface Ethernet0/1

 no ip address

 shutdown

 duplex auto

!

interface Ethernet0/2

 no ip address

 shutdown

 duplex auto

!

interface Ethernet0/3

 no ip address

 shutdown

 duplex auto

!

ip forward-protocol nd

!

!

no ip http server

no ip http secure-server

!

ipv6 ioam timestamp

!

!

!

control-plane

!

!

!

!

!

!

!

!

line con 0

 logging synchronous

line aux 0

line vty 0 4

 login

 transport input none

!

!

end

R2#

R3#sh run

Building configuration...

Current configuration : 1013 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R3

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

clock timezone CET 1

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip source-route

!

!

!

!

ip cef

multilink bundle-name authenticated

!

!

!

!

!

!

interface Ethernet0/0

 ip address 10.0.30.3 255.255.255.224

!

interface Ethernet0/1

 no ip address

 shutdown

!

interface Ethernet0/2

 no ip address

 shutdown

!

interface Ethernet0/3

 no ip address

 shutdown

!

interface Serial1/0

 no ip address

 serial restart-delay 0

!

interface Serial1/1

 no ip address

 shutdown

 serial restart-delay 0

!

interface Serial1/2

 no ip address

 shutdown

 serial restart-delay 0

!

interface Serial1/3

 no ip address

 shutdown

 serial restart-delay 0

!

ip forward-protocol nd

!

no ip http server

!

!

line con 0

 logging synchronous

line aux 0

line vty 0 4

 login

!

exception data-corruption buffer truncate

end

R3#

R4#sh run

Building configuration...

Current configuration : 1013 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R4

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

clock timezone CET 1

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip source-route

!

!

!

!

ip cef

multilink bundle-name authenticated

!

!

!

!

!

!

interface Ethernet0/0

 ip address 10.0.40.4 255.255.255.224

!

interface Ethernet0/1

 no ip address

 shutdown

!

interface Ethernet0/2

 no ip address

 shutdown

!

interface Ethernet0/3

 no ip address

 shutdown

!

interface Serial1/0

 no ip address

 serial restart-delay 0

!

interface Serial1/1

 no ip address

 shutdown

 serial restart-delay 0

!

interface Serial1/2

 no ip address

 shutdown

 serial restart-delay 0

!

interface Serial1/3

 no ip address

 shutdown

 serial restart-delay 0

!

ip forward-protocol nd

!

no ip http server

!

!

line con 0

 logging synchronous

line aux 0

line vty 0 4

 login

!

exception data-corruption buffer truncate

end

R4#

Cisco es genial!.

OSPF Vlan 30 Cisco

1.- https://gnulinuxcodigo.blogspot.com/2021/03/implementar-vlsm-en-una-red-vlan.html

2.- https://gnulinuxcodigo.blogspot.com/2021/03/vlans-trunk-routing-roas-cisco.html

3.- https://gnulinuxcodigo.blogspot.com/2021/02/cisco-ospf.html

4.- https://gnulinuxcodigo.blogspot.com/2021/03/ospf-vlan-30-cisco.html

Implementar VLAN 30 y comprobar conectividad. El proceso es el mismo para VLAN 40, excepto las interfaces Trunk que ya permiten el paso de VLAN 40:

1.- Switch Access interfaces Fa0/1 y Fa0/2 Allowed vlans 1,10,20,30,40.

2.- Core1 interfaces Trunk - Gig1/0/1, Gig1/0/2, Gig1/0/14, Gig1/0/15 - Permitir vlans 1,10,20,30,40

3.- Core2 interfaces Gig1/0/2, Gig1/0/14 , Gig1/0/15 Permitir vlans 1,10,20,30,40

4.- Router 2 crear vlan 30 (ROAS) - interface gigabitEthernet 0/1.30 y asignar direccionamiento IP.

5.- Switch SW-VA interface Fa0/1 Allowed vlans 1,10,20,30,40 y  

switchport access vlan 30 interface fastEthernet 0/3

6.- Router 1 R1-NV crear vlan 30 - interface gigabitEthernet 0/0.30 y asignar direccionameinteo IP.

7.- Comprobar conectividad.

Access#sh inter

Access#sh interfaces tr

Access#sh interfaces trunk 

Port        Mode         Encapsulation  Status        Native vlan

Fa0/1       on           802.1q         trunking      1

Fa0/2       on           802.1q         trunking      1

Port        Vlans allowed on trunk

Fa0/1       1,10,20

Fa0/2       1,10,20

Port        Vlans allowed and active in management domain

Fa0/1       1,10,20

Fa0/2       1,10,20

Port        Vlans in spanning tree forwarding state and not pruned

Fa0/1       1,10,20

Fa0/2       none

Access#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

Access(config)#inter

Access(config)#interface range fa

Access(config)#interface range fastEthernet 0/1-2

Access(config-if-range)#sw

Access(config-if-range)#switchport trunk allo

Access(config-if-range)#switchport trunk allowed vlan 1,10,20,30,40

Access(config-if-range)#^Z

Access#

%SYS-5-CONFIG_I: Configured from console by console

Access#wri

Building configuration...

[OK]

Access#sh inter

Access#sh interfaces tr

Access#sh interfaces trunk 

Port        Mode         Encapsulation  Status        Native vlan

Fa0/1       on           802.1q         trunking      1

Fa0/2       on           802.1q         trunking      1

Port        Vlans allowed on trunk

Fa0/1       1,10,20,30,40

Fa0/2       1,10,20,30,40

Port        Vlans allowed and active in management domain

Fa0/1       1,10,20,30,40

Fa0/2       1,10,20,30,40

Port        Vlans in spanning tree forwarding state and not pruned

Fa0/1       none

Fa0/2       none

Access#wri

Building configuration...

[OK]

Access#

Core1#sh interfaces trunk 

Port        Mode         Encapsulation  Status        Native vlan

Gig1/0/1    on           802.1q         trunking      1

Gig1/0/2    on           802.1q         trunking      1

Gig1/0/14   on           802.1q         trunking      1

Gig1/0/15   on           802.1q         trunking      1

Port        Vlans allowed on trunk

Gig1/0/1    1,10,20

Gig1/0/2    1,10,20

Gig1/0/14   1,10,20

Gig1/0/15   1,10,20

Port        Vlans allowed and active in management domain

Gig1/0/1    1,10,20

Gig1/0/2    1,10,20

Gig1/0/14   1,10,20

Gig1/0/15   1,10,20

Port        Vlans in spanning tree forwarding state and not pruned

Gig1/0/1    1,10,20

Gig1/0/2    1,10,20

Gig1/0/14   1,10,20

Gig1/0/15   1,10,20

Core1#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

Core1(config)#interfaces range gi

Core1(config)#inter

Core1(config)#interface range

Core1(config)#interface range g

Core1(config)#interface range gigabitEthernet 1/0/1-2

Core1(config-if-range)#sw

Core1(config-if-range)#switchport tr

Core1(config-if-range)#switchport trunk all

Core1(config-if-range)#switchport trunk allowed vlan 1,10,20,30,40

Core1(config-if-range)#exit

Core1(config)#interface range gigabitEthernet 1/0/14-15

Core1(config-if-range)#switchport trunk allowed vlan 1,10,20,30,40

Core1(config-if-range)#^Z

Core1#

%SYS-5-CONFIG_I: Configured from console by console

Core1#wri

Building configuration...

Compressed configuration from 7383 bytes to 3601 bytes[OK]

[OK]

Core1#sh inter

Core1#sh interfaces tr

Core1#sh interfaces trunk 

Port        Mode         Encapsulation  Status        Native vlan

Gig1/0/1    on           802.1q         trunking      1

Gig1/0/2    on           802.1q         trunking      1

Gig1/0/14   on           802.1q         trunking      1

Gig1/0/15   on           802.1q         trunking      1

Port        Vlans allowed on trunk

Gig1/0/1    1,10,20,30,40

Gig1/0/2    1,10,20,30,40

Gig1/0/14   1,10,20,30,40

Gig1/0/15   1,10,20,30,40

Port        Vlans allowed and active in management domain

Gig1/0/1    1,10,20,30,40

Gig1/0/2    1,10,20,30,40

Gig1/0/14   1,10,20,30,40

Gig1/0/15   1,10,20,30,40

Port        Vlans in spanning tree forwarding state and not pruned

Gig1/0/1    none

Gig1/0/2    none

Gig1/0/14   none

Gig1/0/15   none

Core1#

Core2#sh interfaces trunk 

Port        Mode         Encapsulation  Status        Native vlan

Gig1/0/2    on           802.1q         trunking      1

Gig1/0/14   on           802.1q         trunking      1

Gig1/0/15   on           802.1q         trunking      1

Port        Vlans allowed on trunk

Gig1/0/2    1,10,20

Gig1/0/14   1,10,20

Gig1/0/15   1,10,20

Port        Vlans allowed and active in management domain

Gig1/0/2    1,10,20

Gig1/0/14   1,10,20

Gig1/0/15   1,10,20

Port        Vlans in spanning tree forwarding state and not pruned

Gig1/0/2    1,10,20

Gig1/0/14   1,10,20

Gig1/0/15   none

Core2#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

Core2(config)#inter

Core2(config)#interface g

Core2(config)#interface gigabitEthernet 1/0/2

Core2(config-if)#sw

Core2(config-if)#switchport tr

Core2(config-if)#switchport trunk all

Core2(config-if)#switchport trunk allowed vlan 1,10,20,30,40

Core2(config-if)#^Z

Core2#

%SYS-5-CONFIG_I: Configured from console by console

Core2#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

Core2(config)#inter

Core2(config)#interface g

Core2(config)#interface range gigabitEthernet 1/0/14-15

Core2(config-if-range)#sw

Core2(config-if-range)#switchport tr

Core2(config-if-range)#switchport trunk all

Core2(config-if-range)#switchport trunk allowed vlan 1,10,20,30,40

Core2(config-if-range)#^Z

Core2#

%SYS-5-CONFIG_I: Configured from console by console

Core2#wri

Building configuration...

Compressed configuration from 7383 bytes to 3601 bytes[OK]

[OK]

Core2#sh inter

Core2#sh interfaces tr

Core2#sh interfaces trunk 

Port        Mode         Encapsulation  Status        Native vlan

Gig1/0/2    on           802.1q         trunking      1

Gig1/0/14   on           802.1q         trunking      1

Gig1/0/15   on           802.1q         trunking      1

Port        Vlans allowed on trunk

Gig1/0/2    1,10,20,30,40

Gig1/0/14   1,10,20,30,40

Gig1/0/15   1,10,20,30,40

Port        Vlans allowed and active in management domain

Gig1/0/2    1,10,20,30,40

Gig1/0/14   1,10,20,30,40

Gig1/0/15   1,10,20,30,40

Port        Vlans in spanning tree forwarding state and not pruned

Gig1/0/2    1,10,20,30,40

Gig1/0/14   none

Gig1/0/15   none

Core2#

R2-VA#sh ip interface b

Interface              IP-Address      OK? Method Status                Protocol 

GigabitEthernet0/0     10.16.7.6       YES manual up                    up 

GigabitEthernet0/1     unassigned      YES unset  up                    up 

GigabitEthernet0/1.10  10.16.8.1       YES manual up                    up 

GigabitEthernet0/1.20  10.16.10.1      YES manual up                    up 

GigabitEthernet0/2     unassigned      YES unset  administratively down down 

FastEthernet0/0/0      unassigned      YES unset  up                    down 

FastEthernet0/0/1      unassigned      YES unset  up                    down 

FastEthernet0/0/2      unassigned      YES unset  up                    down 

FastEthernet0/0/3      unassigned      YES unset  up                    down 

Loopback0              2.2.2.2         YES manual up                    up 

Vlan1                  unassigned      YES unset  administratively down down

R2-VA#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

R2-VA(config)#inter

R2-VA(config)#interface g

R2-VA(config)#interface gigabitEthernet 0/1.30

R2-VA(config-subif)#

%LINK-5-CHANGED: Interface GigabitEthernet0/1.30, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1.30, changed state to up

R2-VA(config-subif)#ip add

R2-VA(config-subif)#ip address 10.16.12.1 255.255.254.0

% Configuring IP routing on a LAN subinterface is only allowed if that

subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q,

or ISL vLAN.

R2-VA(config-subif)#encapsulation dot1Q 

% Incomplete command.

R2-VA(config-subif)#encapsulation dot1Q 30

R2-VA(config-subif)#ip address 10.16.12.1 255.255.254.0

R2-VA(config-subif)#exit

R2-VA(config)#

R2-VA#wri

Building configuration...

[OK]

R2-VA#sh ip inter

R2-VA#sh ip interface b

Interface              IP-Address      OK? Method Status                Protocol 

GigabitEthernet0/0     10.16.7.6       YES manual up                    up 

GigabitEthernet0/1     unassigned      YES unset  up                    up 

GigabitEthernet0/1.10  10.16.8.1       YES manual up                    up 

GigabitEthernet0/1.20  10.16.10.1      YES manual up                    up 

GigabitEthernet0/1.30  10.16.12.1      YES manual up                    up 

GigabitEthernet0/2     unassigned      YES unset  administratively down down 

FastEthernet0/0/0      unassigned      YES unset  up                    down 

FastEthernet0/0/1      unassigned      YES unset  up                    down 

FastEthernet0/0/2      unassigned      YES unset  up                    down 

FastEthernet0/0/3      unassigned      YES unset  up                    down 

Loopback0              2.2.2.2         YES manual up                    up 

Vlan1                  unassigned      YES unset  administratively down down

R2-VA#

SW-VA#sh interfaces trunk 

Port        Mode         Encapsulation  Status        Native vlan

Fa0/1       on           802.1q         trunking      1

Port        Vlans allowed on trunk

Fa0/1       1,10,20,30,40

Port        Vlans allowed and active in management domain

Fa0/1       1,10,20,30,40

Port        Vlans in spanning tree forwarding state and not pruned

Fa0/1       1,10,20,30,40

SW-VA#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

SW-VA(config)#inter

SW-VA(config)#interface fa

SW-VA(config)#interface fastEthernet 0/3

SW-VA(config-if)#sw

SW-VA(config-if)#switchport mode

SW-VA(config-if)#switchport mode acc

SW-VA(config-if)#switchport mode access 

SW-VA(config-if)#sw

SW-VA(config-if)#switchport ac

SW-VA(config-if)#switchport access vlan 30

SW-VA(config-if)#^Z

SW-VA#

%SYS-5-CONFIG_I: Configured from console by console

SW-VA#wri

Building configuration...

[OK]

SW-VA#

R1-NV#sh ip interface b

Interface              IP-Address      OK? Method Status                Protocol 

GigabitEthernet0/0     unassigned      YES unset  up                    up 

GigabitEthernet0/0.10  10.16.0.1       YES manual up                    up 

GigabitEthernet0/0.20  10.16.2.1       YES manual up                    up 

GigabitEthernet0/1     10.16.7.5       YES manual up                    up 

GigabitEthernet0/2     193.37.255.2    YES DHCP   up                    up 

FastEthernet0/0/0      unassigned      YES unset  up                    down 

FastEthernet0/0/1      unassigned      YES unset  up                    down 

FastEthernet0/0/2      unassigned      YES unset  up                    down 

FastEthernet0/0/3      unassigned      YES unset  up                    down 

Serial0/1/0            unassigned      YES unset  down                  down 

Serial0/1/1            unassigned      YES unset  down                  down 

Loopback0              1.1.1.1         YES manual up                    up 

Vlan1                  unassigned      YES unset  administratively down down

R1-NV#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

R1-NV(config)#inter

R1-NV(config)#interface g

R1-NV(config)#interface gigabitEthernet 0/0.30

R1-NV(config-subif)#

%LINK-5-CHANGED: Interface GigabitEthernet0/0.30, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.30, changed state to up

R1-NV(config-subif)#ip add

R1-NV(config-subif)#ip address 10.16.4.1 255.255.254.0

% Configuring IP routing on a LAN subinterface is only allowed if that

subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q,

or ISL vLAN.

R1-NV(config-subif)#encap

R1-NV(config-subif)#encapsulation do

R1-NV(config-subif)#encapsulation dot1Q 30

R1-NV(config-subif)#ip address 10.16.4.1 255.255.254.0

R1-NV(config-subif)#^Z

R1-NV#

%SYS-5-CONFIG_I: Configured from console by console

R1-NV#wri

Building configuration...

[OK]

R1-NV#

R1-NV#sh ip interface b

Interface              IP-Address      OK? Method Status                Protocol 

GigabitEthernet0/0     unassigned      YES unset  up                    up 

GigabitEthernet0/0.10  10.16.0.1       YES manual up                    up 

GigabitEthernet0/0.20  10.16.2.1       YES manual up                    up 

GigabitEthernet0/0.30  10.16.4.1       YES manual up                    up 

GigabitEthernet0/1     10.16.7.5       YES manual up                    up 

GigabitEthernet0/2     193.37.255.2    YES DHCP   up                    up 

FastEthernet0/0/0      unassigned      YES unset  up                    down 

FastEthernet0/0/1      unassigned      YES unset  up                    down 

FastEthernet0/0/2      unassigned      YES unset  up                    down 

FastEthernet0/0/3      unassigned      YES unset  up                    down 

Serial0/1/0            unassigned      YES unset  down                  down 

Serial0/1/1            unassigned      YES unset  down                  down 

Loopback0              1.1.1.1         YES manual up                    up 

Vlan1                  unassigned      YES unset  administratively down down

R1-NV#

Cisco es genial!.

VLANs Trunk Routing ROAS Cisco

1.- https://gnulinuxcodigo.blogspot.com/2021/03/implementar-vlsm-en-una-red-vlan.html

2.- https://gnulinuxcodigo.blogspot.com/2021/03/vlans-trunk-routing-roas-cisco.html

3.- https://gnulinuxcodigo.blogspot.com/2021/02/cisco-ospf.html

4.- https://gnulinuxcodigo.blogspot.com/2021/03/ospf-vlan-30-cisco.html

1.- Permitir solo las vlan 1,10,20 en las interfaces Trunk

2.- Interfaz que conecta a Core 1 cambiar a GigabitEthernet 

2.- Eliminar las Vlans y direcciones IPs.

3.- Gig0/0 no shut

3.- En el router R1-NV implementar Router On A Stick (ROAS), trunking encapsulation dot1Q

4.- Comprobar conectividad

Escenario actual:

R1-NV#sh interfaces tr

R1-NV#sh interfaces trunk 

Port        Mode         Encapsulation  Status        Native vlan

Fa0/0/0     on           802.1q         trunking      1

Port        Vlans allowed on trunk

Fa0/0/0     1

Port        Vlans allowed and active in management domain

Fa0/0/0     1

Port        Vlans in spanning tree forwarding state and not pruned

Fa0/0/0     1

R1-NV#sh ip inter

R1-NV#sh ip interface b

Interface              IP-Address      OK? Method Status                Protocol 

GigabitEthernet0/0     unassigned      YES manual administratively down down 

GigabitEthernet0/1     unassigned      YES unset  administratively down down 

GigabitEthernet0/2     193.37.255.2    YES DHCP   up                    up 

FastEthernet0/0/0      unassigned      YES unset  up                    up 

FastEthernet0/0/1      unassigned      YES unset  up                    down 

FastEthernet0/0/2      unassigned      YES unset  up                    down 

FastEthernet0/0/3      unassigned      YES unset  up                    down 

Serial0/1/0            unassigned      YES manual down                  down 

Serial0/1/1            unassigned      YES unset  down                  down 

Vlan1                  unassigned      YES unset  administratively down down 

Vlan10                 10.16.0.1       YES manual up                    up 

Vlan20                 10.16.2.1       YES manual up                    up 

Vlan30                 10.16.4.1       YES manual up                    up 

Vlan40                 10.16.6.1       YES manual up                    up

R1-NV#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

R1-NV(config)#inter

R1-NV(config)#no interface vlan 10

R1-NV(config)#

%LINK-5-CHANGED: Interface Vlan10, changed state to administratively down

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to down

R1-NV(config)#no interface vlan 20

R1-NV(config)#

%LINK-5-CHANGED: Interface Vlan20, changed state to administratively down

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to down

R1-NV(config)#no interface vlan 30

R1-NV(config)#

%LINK-5-CHANGED: Interface Vlan30, changed state to administratively down

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to down

R1-NV(config)#no interface vlan 40

R1-NV(config)#

%LINK-5-CHANGED: Interface Vlan40, changed state to administratively down

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan40, changed state to down

R1-NV(config)#do wri

Building configuration...

[OK]

R1-NV(config)#^Z

R1-NV#

%SYS-5-CONFIG_I: Configured from console by console

R1-NV#sh ip inter

R1-NV#sh ip interface b

Interface              IP-Address      OK? Method Status                Protocol 

GigabitEthernet0/0     unassigned      YES manual administratively down down 

GigabitEthernet0/1     unassigned      YES unset  administratively down down 

GigabitEthernet0/2     193.37.255.2    YES DHCP   up                    up 

FastEthernet0/0/0      unassigned      YES unset  up                    up 

FastEthernet0/0/1      unassigned      YES unset  up                    down 

FastEthernet0/0/2      unassigned      YES unset  up                    down 

FastEthernet0/0/3      unassigned      YES unset  up                    down 

Serial0/1/0            unassigned      YES manual down                  down 

Serial0/1/1            unassigned      YES unset  down                  down 

Vlan1                  unassigned      YES unset  administratively down down

R1-NV#

R1-NV#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

R1-NV(config)#inter

R1-NV(config)#interface g

R1-NV(config)#interface gigabitEthernet 0/0

R1-NV(config-if)#no shut

R1-NV(config-if)#

%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up

R1-NV(config-if)#exit

R1-NV(config)#inter

R1-NV(config)#interface g

R1-NV(config)#interface gigabitEthernet 0/0.10

R1-NV(config-subif)#

%LINK-5-CHANGED: Interface GigabitEthernet0/0.10, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.10, changed state to up

R1-NV(config-subif)#enca

R1-NV(config-subif)#encapsulation do

R1-NV(config-subif)#encapsulation dot1Q 10

R1-NV(config-subif)#ip add

R1-NV(config-subif)#ip address 10.16.0.1 255.255.255.0

R1-NV(config-subif)#exit

R1-NV(config)#interface gigabitEthernet 0/0.20

R1-NV(config-subif)#

%LINK-5-CHANGED: Interface GigabitEthernet0/0.20, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.20, changed state to up

R1-NV(config-subif)#encapsulation dot1Q 20

R1-NV(config-subif)#ip address 10.16.2.1 255.255.255.0

R1-NV(config-subif)#exit

R1-NV(config)#do sh ip inter

R1-NV(config)#do sh ip inter b

Interface              IP-Address      OK? Method Status                Protocol 

GigabitEthernet0/0     unassigned      YES manual up                    up 

GigabitEthernet0/0.10  10.16.0.1       YES manual up                    up 

GigabitEthernet0/0.20  10.16.2.1       YES manual up                    up 

GigabitEthernet0/1     unassigned      YES unset  administratively down down 

GigabitEthernet0/2     193.37.255.2    YES DHCP   up                    up 

FastEthernet0/0/0      unassigned      YES unset  up                    down 

FastEthernet0/0/1      unassigned      YES unset  up                    down 

FastEthernet0/0/2      unassigned      YES unset  up                    down 

FastEthernet0/0/3      unassigned      YES unset  up                    down 

Serial0/1/0            unassigned      YES manual down                  down 

Serial0/1/1            unassigned      YES unset  down                  down 

Vlan1                  unassigned      YES unset  administratively down down

R1-NV(config-if)#exit

R1-NV(config)#interface gigabitEthernet 0/0.10

R1-NV(config-subif)#

%LINK-5-CHANGED: Interface GigabitEthernet0/0.10, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.10, changed state to up

R1-NV(config-subif)#encapsulation do

R1-NV(config-subif)#encapsulation dot1Q 10

R1-NV(config-subif)#ip add

R1-NV(config-subif)#ip address 10.16.0.1 255.255.255.0

R1-NV(config-subif)#exit

R1-NV(config)#interface gigabitEthernet 0/0.20

R1-NV(config-subif)#

%LINK-5-CHANGED: Interface GigabitEthernet0/0.20, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.20, changed state to up

R1-NV(config-subif)#encapsulation dot1Q 20

R1-NV(config-subif)#ip address 10.16.2.1 255.255.255.0

R1-NV(config-subif)#exit

R1-NV(config)#do sh ip inter

R1-NV(config)#do sh ip inter b

Interface              IP-Address      OK? Method Status                Protocol 

GigabitEthernet0/0     unassigned      YES manual up                    up 

GigabitEthernet0/0.10  10.16.0.1       YES manual up                    up 

GigabitEthernet0/0.20  10.16.2.1       YES manual up                    up 

GigabitEthernet0/1     unassigned      YES unset  administratively down down 

GigabitEthernet0/2     193.37.255.2    YES DHCP   up                    up 

FastEthernet0/0/0      unassigned      YES unset  up                    down 

FastEthernet0/0/1      unassigned      YES unset  up                    down 

FastEthernet0/0/2      unassigned      YES unset  up                    down 

FastEthernet0/0/3      unassigned      YES unset  up                    down 

Serial0/1/0            unassigned      YES manual down                  down 

Serial0/1/1            unassigned      YES unset  down                  down 

Vlan1                  unassigned      YES unset  administratively down down

Ping desde el router R1 hacia PC10

R1-NV#ping 10.16.0.10

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.16.0.10, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/1 ms

R1-NV#ping 10.16.2.10

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.16.2.10, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/1 ms

Comprobando conectividad:

R1-NV#

R1-NV#ping 10.16.0.10

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.16.0.10, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/1 ms

R1-NV#ping 10.16.2.10

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.16.2.10, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/1 ms

R1-NV#

Ping desde PC20 VLAN 20

C:\>ipconfig

FastEthernet0 Connection:(default port)

   Link-local IPv6 Address.........: FE80::201:63FF:FE51:CDBB

   IP Address......................: 10.16.2.10

   Subnet Mask.....................: 255.255.255.0

   Default Gateway.................: 10.16.2.1

C:\>ping 10.16.2.1

Pinging 10.16.2.1 with 32 bytes of data:

Reply from 10.16.2.1: bytes=32 time<1ms TTL=255

Reply from 10.16.2.1: bytes=32 time<1ms TTL=255

Reply from 10.16.2.1: bytes=32 time=3ms TTL=255

Reply from 10.16.2.1: bytes=32 time<1ms TTL=255

Ping statistics for 10.16.2.1:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 3ms, Average = 0ms

C:\>ping 10.16.0.10

Pinging 10.16.0.10 with 32 bytes of data:

Reply from 10.16.0.10: bytes=32 time<1ms TTL=127

Reply from 10.16.0.10: bytes=32 time=1ms TTL=127

Reply from 10.16.0.10: bytes=32 time<1ms TTL=127

Reply from 10.16.0.10: bytes=32 time<1ms TTL=127

Ping statistics for 10.16.0.10:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 1ms, Average = 0ms

C:\>tracert 10.16.0.10

Tracing route to 10.16.0.10 over a maximum of 30 hops: 

  1   0 ms      0 ms      0 ms      10.16.2.1

  2   0 ms      0 ms      0 ms      10.16.0.10

Trace complete.

C:\>

Ping desde PC10 VLAN 10

Cisco es genial!.