CCNA Bootcamp Session 1

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

let's see i don't see anything showing up yet oh there we go all right so i want to thank everybody for stopping by and hanging out with me in this live stream there is about a 20 second 20 to 30 second delay between what i am seeing and or what i'm saying and stuff like that and what you guys will see so if there are is does anything that happens during the live stream and you want me to just be aware of that as we're going forward we'll definitely take a look at those issues as they come up but how's it going everybody awesome thanks pete good stuff we will uh we'll take a few minutes here and uh awesome awesome stuff good deal glad to hear it so we'll take a few minutes here in the beginning just to kind of go over the what we're going to be covering and all that good stuff because it's kind of important to kind of like level set what we're going to be talking about here before we actually get into it but so um so yeah the ccna bootcamp what is the goal or what is my goal here with it and my my goal with the bootcamp isn't necessarily to just force feed anybody anything it's not designed to um go at such a pace that you know you're going along and next thing you know you know you you've missed something i've said so there's we actually are gonna have four two hour sessions this is the first of four so that's what crowdcast limits me to is i can only broadcast live for two hours at a time so our schedule is going to be from basically one o'clock today or a little after one o'clock uh p.m central to uh three o'clock p.m central they're gonna take a little bit of a break because obviously i'm gonna probably want to stop talking for a few minutes and then we'll pick back up at around 3 30ish central time and then we'll finish up around 5 30 ish so nothing you know nothing's locked in stone but i am limited to two hour sessions which is fine no big deal but my goal here is to as we're going through these sessions is whatever questions you guys have whatever topics you guys want to cover that i can provide information on and stuff like that we will do that and that's really the goal here is to take my expertise as a network engineer and pass it on to you guys there's questions you guys have whether it's you know what's a good uh reference for this or you know how do i remember these commands and stuff like that is going to be the answer should be very obvious to you already it's repetition a lot of this up is going to be repetition so that's one of the things that i'm going to be big on as we are moving forward and talking about this stuff i really want everybody to understand that my goal here isn't to force-feed anybody anything right we have four hours today and four hours tomorrow and i'm probably going to continue this thing moving forward so just be aware of that type of stuff and i'm going to actually mute myself for just a second so with that being said uh anytime you guys have a question about anything go ahead and put it in the chat i will keep the chat on my other screen so i can see the the chat as we're going along um i do ask that you keep the question if like if i'm talking about something if i'm moving too quickly for you let me know if i'm if you have a question about something i just covered make sure just remember that there is a delay between when i say something and something shows up on the screen and when you enter your question so it might be a minute later that i get the question and i might have switched topics or so i have no problem spending um a minute or two you know trying to pull extrapolate the information you're trying to ask for and i can go through that so with that being said um i do have a url for everyone to download for i'm gonna go ahead and put that in the the chat you guys can all download this is going to be the even g and the packet tracer topology files so we are going to be building the topology from the ground up so you and i are going to walk through a semi complicated and what i mean by semi-complicated there's routing and switching that's going to be our main focus so you guys can go ahead and download the those files if you have them or if you have access to eve all that type of stuff i will briefly talk about some of the ways that you can make eve work if you're on a if you don't have a dedicated server how you can run it locally on your computer and things like that but if you have packet tracer installed already i'm not really going to be leveraging packet tracer at all because it's so limited but it's a great tool if you are looking to dive into the technology and you're at the ccna level so everybody here i don't know what everybody's certification levels are i'm going to guess more entry level that's fine i can you know i can deal with that that's not that big of a deal what i really want to make sure that everybody understands is that as we're moving forward throughout the the different video or the different sections is that i'm not going to be going super deep into any technology unless there's a reason to base off the questions that i'm getting so i'm not going to do a deep dive into spanning tree i'm not going to do a deep dive into layer 3 routing my my goal is to look at the blueprint of the ccna exam and help you guys understand areas that you're struggling with so if you've taken the ccna exam for example i know there's a couple people on here that have you've taken the ccna and you want to get more information out of it like you struggled in this particular area you know something that doesn't make sense to you or you're struggling with those are the things that i want you to ask me about and i will be more than happy to try to help you try to give you whatever answer i can and and get you over those humps so don't ask me any questions around you know hey this is um if it's not um oh nice but still feel like a fraud that's funny you know what so they have a term for that in the industry it's called imposter syndrome and uh yeah i can completely appreciate and respect that uh that look at it so yeah i can understand that um we'll we'll talk about that though and we have i have no problem having a chat about how that stuff works but if you've taken the ccna and um okay nice pete so don't ask me questions that you saw on the exam um if i feel like it's a question that came from the exam i'm just not gonna i won't answer it um so the question hasn't come up yet but the these sessions are recorded by crowdcast and i will get them and then i will upload them to my youtube channel and then you'll be able to label it ccna bootcamp session one and then session two session three session four i'll upload them to the up into youtube you guys will be able to access them and hopefully that will be a trigger for other folks to want to potentially join in the future so with that being said i'm ready to get started with this i want to get kicked off and stuff like that i'm going to first start off with looking at the ccna ex the blueprint the exam topics and kind of give everybody a high level of what the ccna is about i know you know i know mars got his ccna and pete you're looking to take yours which is fine i'm going to go ahead and bring over a topology file so let me go ahead and adjust this real quick and i'm going to look at the cc so if you are i'll show you the manual navigation let me switch gears over to my desktop so basically what you're going to see here and i know there's a little bit of a delay so i'm going to wait until the um yeah i'm pretty sure you're talking about the um because the delay about getting the videos posted on youtube yep everything will get posted there all right so i'm what we're going to basically go over now is the if you have not already looked at the exam overview or the blueprint for the ccna the 200-30301 exam you definitely need to understand what it is that you're going to be going after first and foremost so there's a lot of material out online for ccna and it's one of those things that when i was studying for ccna there were i don't know probably five or six different vendors out there that were going for it actually let me see if i can't get my screen and screen to work real quick oh there it goes let me do this let me go and make a quick adjustment here to my video cache let me turn off my green screen cancel filters go ahead and just get rid of this there we go close all right so um that's coming from this camera here so one of the things that you're definitely going to want to pay attention to when you're talking about ccna is what is going to be covered that's really important so the ccna actually you know what let me go ahead and do this too i did not think about this ahead of time let me adjust this real quick oh i've got all wrapped up my green screen all right that's better sorry the green screen was just messing with me anyway uh let me go ahead and adjust the size of me down just a little bit just so that i'm not so big and taking up as much screen real estate okay there we go all right gotta love obs right obs is awesome all right so let me go jump over here if you so the navigation to this would be good at cisco.com let me go just do the navigation real quick with you guys so go to cisco.com and then you come down here to the learning and certifications and then you click on certifications right here and then you look at you can scroll down if you'd like but or you can just go to view certifications or explore them i'm going to go click on view certification exams and then you go down do you click on the certifications themselves and you scroll down a little bit and then you have ccna right here which is how i got to most fun part of it is improvising for an effective cup come there you go and then i just clicked on this guy right here and it brings me to this now if you click on the exam overview and you look review the exam topics you're going to be brought over to the cisco learning network and this is what we're going to spend a few minutes going over in understanding so you have a number of topics that you're going to need to understand so i'll start from the top and work my way down a lot of this stuff will be pretty basic that you need to understand so just be aware of what it is that you're diving into so never fundamentals right you're going to need to know the different components different devices the different roles of those devices things like that as you're moving throughout your ccna journey so understand what a router is what understand the layer 2 and layer 3 switches the next generation firewall and intrusion prevention system or ips what's an access point controllers like dna center and the wireless lan controller endpoints like pcs laptops printers and then you have servers right these are going to be the components that are going to connect to the network so obviously routers and layer 2 and layer 3 switches are going to be infrastructure devices providing connectivity next generation firewalls are going to do things like well deep packet inspection and preventing traffic preventing something from somewhere talking to something else so on and so forth you have access points you know providing wireless connectivity whether it is a autonomous access point whether it's standalone you know most people here probably have a access point that is standalone meaning that you have to con connect into it and you have to set it up to where it's got a pre-shared key in its own ssid and voila there you go and you have the other option of an access point which is commonly referred to as a lightweight access point or an l-wap and basically the the idea behind that is i want to not individually control the access point per device right i don't want to have to go into ap1 and configure and monitor and administrate it i don't have to do something for ap2 ap3 etc where with lightweight access points you configure them in such a way to point to a controller which would be the wireless lan controller or the will see and the will see is going to be where all the centralized config is right you're gonna the access points are going to register with the controller and then once they have registered with the controller you're going to go and start pushing like ap groups and the ssids and all that type of stuff that goes along with that then we're going to talk then you have to think about the network topology architectures there's a lot of things that come into play with architecture today and if you talk to anybody that's got config about you know a two a two tier or three tier two tier would be commonly referred to as a collapsed core where you have your core and distribution layers are running on the same devices and then your three tier is going to be where you have a dedicated core a dedicated distribution and dedicated access layer so you also have spine leaf spine leaf is going to be where you're connecting your leafs to your spines now there's a big differentiation here this right here is going to be your campus lan where all of you guys for the most part are going to be studying right you're going to be studying core distribution access or collapse core where core and distribution are on the same devices and then your access is always going to be southbound or downstream of your collapsed core and then you have the data center the data center is going to be where a spine leaf is going to come into play spine leaf meaning that you have a spine and a leaf connecting each other together so your leaves are going to be connected to the spines spines will be connected to other leafs but the spines aren't connected and the leafs are not connected there are some use cases where the leaves would be connected to each other depending on what it is you're trying to accomplish but for right now we're going to pretend like you're not going to connect your leaf switches for anybody that's interested in knowing more about that you can feel free to take a look at my vxlan series that's on my youtube channel where we focus heavily on the spine leaf architecture and basically the topology that i'm walking you guys through on the channel is just that it's spine leaf then you have lan right the wide area network this is a huge topic area because this is going to be where you're going to connect things like to the internet and connect to things like the mpls service provider and so on and so forth so lan in and of itself is so vast that there are people that literally spend their entire careers focusing on wan connectivity because when you get into the corporate lan the local area network you're not going to have to spend a ton of time in different areas you're going to spend hang on one second is my phone ringing nope somebody was politely sending me a message let me go ahead and clear my notifications sorry about that you've got a lot of different capabilities out there that revolve around the land right so you've got uh internet as it can be a win you have private land through like an mpls service provider or if you're reaching out to like an itsp and internet telephony service provider to do your phone calls if you're doing sip and things like that then you also have anything that you want to run over the public internet like for example site-to-site vpn remote access vpn if you're doing uh dmvpn flex vpn all these things are stuff that you'll learn later on in your careers and and further on training when you get into like ccnp for encore and rc those are going to be areas that you're going to be focusing on now on the flip side of that so far we've talked about the corporate land connectivity types we've talked about spine leaf we've talked about land right so what just i'll i'll take a quick poll would it be easier for me to do some whiteboarding as i'm going through this and kind of just draw it out as i'm going versus just high-level talk about it because i have no problem whiteboarding some of the stuff out and trying to draw like paint the picture for you would that be easier for you guys i'll wait a second for the delay to catch up but because i can totally do that and i'm fine with it matter of fact i'll get it ready to go go to a medium size i'm figuring that you guys are going to probably want me to whiteboard a little bit and i've got no problem okay well as long as you guys are okay with the following on the topic if there's any questions i can dive deeper into into any area so um we have the small office home office you could also refer to this as a small branch office okay does it matter okay cool as long as you guys are understanding what it is i'm trying to convey that's the important part because i don't want to leave anybody behind you know not understanding what i'm talking about so if you have a question about something please ask so we have the small office home office this could be um okay whiteboarding is fine with you okay well i'll throw some whiteboarding in now so let's i only need one person to give me a thumbs up so you've got your cord and your your core distribution and your access will be your three tier and you've got your core and distribution and then your access this will be your two tier right and then you would connect these guys together let's draw another one out like this and then you would connect these guys together like this and like that and like so so you have a lot of interconnectivity two tier would be connecting straight down like that so these are things that you would need to make sure that you would understand architecturally so your spine weave is going to be more like this where you have your leaf you have your spine you have another spine you have a leaf and you have your leaf and then you connect these guys together like so this is going to be your spine leaf the spines don't connect to the spines the leaves don't connect to the leaves oh i've forgot i'm like right in the way here so that's basically how these would come together now if i was to clear the screen and talk about this in the terms of the wan you have a couple of different options here you've got you've got your hq location right you've got your hq and then you have some sort of internet connectivity we're using internet connectivity for commodity based internet for just reachability purposes and then we have things like mpls right so we have these guys connected and let's say for example we have r1 and we have r2 that connects back into the hq network and then r1 and r2 are connected to each other and then r1 and r2 are connected to the internet r1 and r2 are both connected to mpls and then you're going to have your branch office over here you have a branch office over here maybe you have a a second dc over here and then these guys all connect into the network like so right and so you start building out the topology and the infrastructure so that you have reachability everywhere is a cable capable that could mess a mess could mess n3 oh met a mesh three tier with spine leaf um yes you can and that's actually a really good question so what they refer to that typically and when you're talking a three tier with spine and leaf you're talking a you have your spine you have your spine you have your leaf a leaf and a leaf and you connect these guys all together they can do this and actually i'm actually glad you asked that because when you're talking a large data center maybe this is dc1 right and then you have dc2 sitting over here and maybe this is on the same location maybe this is a geographically different maybe it's you know you got a campus with multiple buildings and each data each camp each building has its own data center and let's say we have a a spine and a leaf and a spine or another leaf over here well what you could do to bring this back to a another level architecture you could have a super spine deployed where your spines connect together like this right and then you have your connectivity going along like so so yes you could you could mesh your three tier with spine and leaf that is possible to do the but i will caution you on this type of stuff in saying that when you're meshing the super spine methodology if you've ever heard of vxlan and i have not released the video yet for this but it has been recorded there is the concept of a multi-fabric multi-pod and then you have multi-site depending on how you're trying to deploy your vxlan solution the reason i go with vxlan is because a lot of your solutions nowadays like sda and software-defined access with dna center or aci they leverage vxlan for communication so it is nsx for vsphere and what you would end up having is you would have connections to everybody else right actually we changed my color over to the yellow green you'd have all these connections going to everybody else right so depending on the scale right you'd have all these connections to everybody else as you can see this becomes kind of a nightmare to try to scale right as you can see where there's a better way of doing it super spine would be good in an event where you have say through multiple data centers existing in the same location and you want to have a higher level architecture where you have another level above your spines to do connectivity to say the internet or something like that you could pull that off but typically speaking you're not going to do that although it is a supported architecture if you wanted to do that just be aware that you can run into problems as you're going forward so typically speaking you wouldn't do that what you would do especially specifically in a design where let me go switch over to my me erase this out real quick what you would do instead in an environment like this is you would use one second here while i clean this up let me switch back over to white what you would do instead is in the vxlan solution specifically they have what they call a border gateway and you have a border gateway over here and you connect your spines to the border gateways and then the border gateways connect to each other and what ends up happening then is you will be able to take all of your vxlan and layer 2 vpn connectivity and basically what you're going to do is you're going to connect your leafs and your spine or your border gateways they'll all form the excellent tunnels to your border gateways the border gateways will form the excellent tunnels there and then these guys will form connections this way and by doing it this way if a if mac address a is learned here and is on the same subnet as something over here and you've got mac address b b will be learned over here and a will be learned over here but this is a more this is actually a rather advanced deployment method so just be aware that this is like probably the the most i wouldn't say the most advanced but it's a more advanced solution and deployment it took me a while to understand this and then go through all the deployment methodologies to go through it it was kind of a pain but yes i know it's a long-winded answer for your question but you can do it and there's a couple of things you have to be aware of when you're doing that but good question i like that keep that type of stuff coming guys i really enjoy those type of questions so we have that and then let me go back over here real briefly to the small office home office and the on premises and the cloud because this is where i'm going to tie it all back together so you have a you have your hq location you have your r1 and you have r2 and they're tied together like this and then you have internet and you have mpls and then you have your branch office branch office and then you have your uh dc one for example and then you connect these guys to this like so no worries panos so we have that now let's say this is an on-prem or a private cloud these are definitely options that are out there so when i'm when we talk about on-prem meaning that the data center physically is attached to our network so that doesn't physically doesn't have to mean that it's sitting over here you could have the dc sitting at the hq location right and you know you could have some sort of land cloud that connects into it so you have multiple connections to it but the bottom line is when we're talking about how on-prem comes into play it's something that is you own in a building that you're maintaining that's the first one now you could also have cloud let's say we have i'm just going to put aws here in the middle because it's probably the most well-known azure's pretty close to it as well but obviously not the same thing so you'd have internet and mpls connections into your aws infrastructure as well and there's multiple ways of pulling that off so this would be where you put your cloud right if the cloud's going to be connected through internet and mpls maybe you only do maybe you only have and the question i get a lot is well how common is mpls is mpls everywhere and the answer is no not every customer every client you're going to go work with is going to run mpls is that a bad thing well not necessarily but the cool thing about it is is when you are dealing with mpls is there is a um you do get more capabilities through mpls than you would if you were going over the internet like you get to maintain your quality of service your service level agreements and that type of stuff are maintained end to end throughout the mpls backbone because you can that's one of the key things that makes mpls different than just commodity internet internet doesn't care about your qos markings so stuff like that does come into play and when you understand it you're that much better off with it so just be aware that you can run an entire network op network on internet or you can do it over mpls it's up to you and how you want to do it is it really popular in sp as far as i am oh it's really popular yes uh yeah it is it's very popular that's one of the big things in the sp world when i was studying for the sp track that qos was huge and so was multicast multicast is huge in the sp network so yes you are 100 right about that all right so keep the questions coming if you have them i'm going to keep right on going we have a couple of things in terms of connectivity we have different types of cabling technologies we have connections shared media and point to point for ethernet and then poe i'm not going to spend a lot of time on this because this is more stuff that you guys can do some research on your own but uh just be aware of the different types of poe there's poe poe plus upoe you know 15 watts 30 watts 60 something watts so on and so forth i'm not going to spend a lot of time on cabling because none of you guys are here to be layer one technicians nobody wants to do that as a full-time job that's studying for ccna you're you're aware of it but it's not your main focus and i don't think anybody would disagree with me on that and some ip addressing so i'm not going to spend any time diving into ip addressing both i usually get hung up with people on architecture and stuff like that so something i definitely want to lay out i'm not going to dive very much into wi-fi but if you guys have questions about wi-fi let me know i'll try to answer them i'm not a wi-fi expert i know a little bit about a little bit but i'm going to spend the majority of my time in the network access ipconnectivity services and security that's where i have the most amount of experience so let me talk briefly about the switching concepts in terms of how that stuff works and we'll go from there and then we'll talk a little bit more i'm going to start getting into the the actual meat and taters because i have a topology for you guys to to work through and i'm going to start setting stuff up and getting stuff configured here in the next few minutes so when we talk about mac learning and aging by default the switch doesn't have any mac addresses learned right it's everything here is dynamically learned through a protocol you guys should have heard about by now which is arp the address resolution protocol so as endpoints try to communicate with each other right if i have pc1 and i have a switch that he connects to and he's on one port and i have pc2 over here and they connect to each other and they're in the 10.1.1.0 24 network and i've got the mac address of one and in macro versus two eventually they're gonna have to figure out each other so if i want to send a ping to this ip address sorry if i want to send a ping to this ip address then i'm to send the ping but the switch doesn't know where the mac address sits right so he's going to send an arp message out because the pc doesn't know the mac address right and you need to know both the ip and the mac in order for layer 2 and layer three networking to work effectively i get that question a lot in terms of why do i need both um so just be aware video stopped for you oh hopefully it's fixed now you might have to refresh marco but you you send an arp request out you get the the the arp request is sent out all 255s and you end up getting uh the devices every device will get it in the vlan but when they start to decapsulate it and they realize that the destination ip address isn't theirs they just discard it when the device that does own that okay cool so when the device that does own that mac address or that ip address receives it he's gonna send an arp reply back with his mac address and that's how you learn about mac address one here and mac address two here and that's how they're able to figure that stuff out and that's how mac learning works now mac aging by default the mac yeah that's it i can start i can build in the mac address table aging timer is 300 seconds five minutes right five minutes that mac address is going to stay learned and you'll be able to as long as there's active traffic coming from that device the mac address will be learned okay makes sense but can i adjust this you can do i recommend you do it depends on the environment if the environment is super secure i've actually dropped this down to the minimums and i don't remember what that is off top of my head but 300 seconds can be dropped down to 30 seconds it depends on the device now we have when it comes to frame switching there's a couple of different types of frame switching you have uh store and forward you and you have cut through there's a couple of other ones out there but these are the two that are most common story forward means that you're going to receive the entire data flow from a device you're going to take the fur take the entire layer to header and you're going to run a check on to make sure that it's good to go and then as long as it's good to go and you've run all your checks to make sure that the frame isn't bad you're going to immediately start forwarding it at that point so but this one takes longer but it's got a higher degree of error checking and so therefore your any errors in the network should drop when you do this cut through switching is different cut through switching is you're going to take the data in you're going to take the first 64 bytes of the traffic and you're immediately going to start sending it here it's cut through it's not waiting on this hat this this one here has a lower error percentage this one has a higher error percentage but when we're talking about networks today it's it's kind of a wash now back in the day you know mid to early 2000s you know even in the the mid 2010s this was more common but now that switching has become you know 10 and 25 and 100 gigabit it's pretty uncommon for that to be a major issue nowadays frame flooding we've actually just talked about that with um with arp because if you have other switches that are connected down here they're gonna learn one and two on that guy and then if you have another switch over here you're gonna learn one and two on that port so on and so forth so as the network grows the mac addresses will continue to be learned as you progress the mac address table there's going to be a mac address table per vlan that's going to be created and this is how separation of traffic is done right and that's one of the things that i see a lot of people struggle with especially when they start dealing with segmentation people need to understand that the moment you create a vlan a vlan equals a mac address table and a spanning tree protocol instance and this is super important because when you're looking at this when you're dealing with endpoints so pc1 and pc2 are in this vlan pc one is going to have mac one pc2 is going to have mac 2. this these mac addresses are going to get learned by the mac address table right and then the spanning tree protocol for that particular vlan is going to run spanning tree to make sure there's no loops on a per vlan basis so if you've got a hundred vlans you're going to have a hundred spanning tree protocol instances now in a large scale environment you're going to want to make sure that your layer two environment is as small as possible route as soon as you can bridge where you must rot where you can is the methodology and the idea with that is if you're in a really large environment and you're doing lots and lots of mac address propagation that could be problematic so keep those things in mind when we're talking about how things tie in together because i see a lot i've seen some environments in my pa in the past that were like wow why are they doing it this way or are you trying to argue with them well no i shouldn't say argue you try to explain why what they're doing doesn't make any sense anymore and they should migrate sometimes they're good about it sometimes they're not so keep those things in mind when you're talking about spanning tree and vlans and mac addresses and things like that because at the end of the day it's basic layer two connectivity that you're trying to implement and that stuff is important for all your other higher level layers to work layer three won't work if layer two is not squared away and that's really important to understand we'll talk about that here in just a couple of minutes when we get into the config so with that being said the next thing i'm going to go ahead and talk about is the difference between data and voice and then we're going to talk about the default vlan and then connectivity and then we'll uh briefly touch on the pri on the native vlan because it's something that i see a lot of people struggle with so we'll basically cover that in as much detail as we need to now data is going to be the switch port access command the voice will be the switchport voicevlan command now the difference between these two i get a common question i get is do i need to configure a trunk from my switch port that connects down to my my pc and to my my phone as a trunk link no you do not and you shouldn't do that because that implies vlan tagging and we're not trying to tag our vlans we're not trying to connect to another switch we're not trying to maintain the mac address table between two switches we are trying to get access to two different networks when traffic is received in on your switchport access command meaning it's going to be the data vlan the pc or the server is not going to tag their traffic they don't tag their traffic so therefore there's no reason for you to worry about trying to match on a tag as soon as traffic i'll draw this out real quick the idea here is this if i have pc1 sitting here and he's connected to this port right there and if i have a switch going up here and another connection up here like this if this guy's mac address is one macro does one is going to get learned and let's say this is gig 0 0. you're gonna get macrodesk one it'll be learned on gig zero slash zero and that information will be propagated up the trunk link over to here and this guy will learn it and he'll learn let's say this is gig zero slash three you'll learn mac address one on gate zero slash three now because that's how the the propagation works the tagging only exists right here that's all that's all that tagging exists on is the trunk link connectivity between the switches as soon as the traffic is received by the other switch it's going to remove the 802.12 header so the 82.q header is removed and all you have is a layer 2 information source and destination mac address all that type of stuff the voicemail is a little bit different because the phone is going to automatically tag its traffic with certain qos markings specifically in the class of service you're going to mark it with a value of 5 which in the type of service is going to be expedited forwarding meaning i am voice traffic i am latency sensitive i need to have as much throughput to get from point a to point b as i can so the voice vlan the traffic is going to get marked with voiceover i'm sorry qos marking and there's going to be some other stuff that goes into play if you want to know more about how to differentiate the voice vlan look up the internal vlan go to do a little bit of research on that google that you'll find what i'm talking about i'm not going to go into a ton of detail here on that because this is not a voice course the default vlan vlan 1 right everybody's favorite vlan i've walked into more environments than i can shake a stick at and vlan 1 is the vlan that's deployed and i'm like like really guys um why why you do me like that but it is the case the native vlan the native elaine by default is also vlan 1. what does native mean native means what native meaning native means untagged can i change the native vlan yes you can and where do you do that on the trunk link you would define whatever tagging you want so if the native vlan you want on a per trunk basis is going to be vlan 100 guess what vlan 100 as it crosses the switch connectivity won't be tagged simple as that there's really nothing more to it than that do i recommend changing your native vlan that's up to you i've gotten into discussions about it before i honestly have no hardcore opinion on it do what you want if you want to change your native vlan go right ahead if you do want to keep it the same by all means go ahead but if you change it make sure that it matches on both ends just be aware of those type of things all right so i'm going to go ahead and i am going to switch gears a little bit and we're going to move into some some config we're going to dive into how we're going to get the configuration in place we're going to walk through some of the configuration options that are here we're going to get some basic layer 2 networking going if anybody has any questions feel free to let me know but i'm gonna go ahead and switch over to my eve topology so we're gonna spend the majority of our time here and my goal is to get this entire topology um layer two networking and play hsrp all that type of stuff is gonna come into play here and this is basically what we're gonna be spending the majority of our time on we're gonna dive into routing we're going to dive into getting connectivity out to the internet and stuff like that so as we progress forward this is where the rubber is really going to meet the road and what i want you guys to be good at right this is um there was a comment made earlier that uh i earned my ccna back in april but still feel like a fraud well guess what you want to not feel like a fraud this is the type of stuff that you need to be able to do um day in and day out this should be the area that you spend the majority of your time in is being good in this stuff and that will make you feel less like a fraud and more like a engineer because you passed your ccna right we want to you want to feel good about the the past right the the win of passing the ccna i remember when i passed mine it was my son's birthday in 2013 i passed ccna and i was over the moon happy right because it took a long time it took me three attempts before i passed it so don't feel bad if you took it more than once so as we're progressing forward we're gonna get go through a bunch of different configuration options and things like that um i did post a um let's see here i did post a link to a google drive link that you guys will have access to so if you want to dive into that you can and pull it down and we will go through and work through it there's also a packet tracer file the packet tracer file is right here um if you don't have even g you can certainly use packet tracer i might use this for doing a little bit of wireless stuff because i can't do that in eve but for the most part we're going to be doing everything in packet tracer all right everything in eve that's what i meant to say so i'm also going to set up a couple of packet captures down the road we're going to get into some dynamic routing some static routing a little bit of nat and all that good stuff that goes along with it and we'll take it a little bit beyond what you guys need to know in terms of routing but the goal is to walk you through the config what's going on where how it operates that type of stuff and go from there if you guys have any questions at any point in time continue to keep asking and i will do my best to try to answer them so the first thing that we're going to have to do is we have a couple of different vlans right we want to set up the networking so that we have the capability of switch 6 and switch 7 are going to be basically our core switches or our i should say our collapsed core because i don't have another tier of switches above it and then we have switch 8 which is going to be our axis layer switch and all of our pcs connect to it eventually our goal will be to set up intervene land routing so vlan 10 can talk to vlan 20. and then we're also going to set up connectivity to r1 i did not label these yet ahead of time but we will take a look at that do will the configurations in eve work and package tracer they will um just about everything that we're going to be talking about in e should work in packet tracer uh there might be a few commands that might not be available but i'd say 90 plus percent of what we're doing will be supported in eve so actually before i get into that let me talk briefly about how you can make this work if you have a decent sized pc let's say you've got uh what am i running on this guy i am running a pull up device manager real quick i am running on my personal computer i am running where's my cpus i'm running an 8 core i7 9700k right so it's it's pretty beefy so if you were to download even g the community version which is what this guy is run this in the community version and dedicate for and download the uh the the ova if you were to go out and grab it is vmware workstation player so let me go ahead and just pull that up real quick and i will put the link in the description so vmware workstation player download if you were to grab this right here it is not a paid product it is a free product that you can use and essentially what you would do with it i'll go ahead and just talk about this briefly downward workstation 16 player for windows you download it it is a free to run unless you are going to be running workstation pro for doing additional things workstation player will allow you to run one vm and one vm only and you'll be able to install even g into your workstation player and then you'll be able to import that eve topology that i've got working right now so this is free everything i'm showing you to right now to run is free the only thing you might uh the only thing you'll have to spring for would be the um would be the cisco modeling labs or the cml images you pay the 200 bucks to for that and that would be let me go do a quick search for that as well uh cisco modeling labs personal let me click on this guy real quick this would be the other thing you'd want to get is this guy cml so cml you pay the 200 bucks and then you get access to all of these images and i'm using these images right here in my lab so you'll be able to download them and be able to run them inside of your eve server and be good to go um right now i'm currently using the default settings so i'm using four cpus and eight gigs of ram and if i was to let me go ahead and i'll share these in the the chat so you guys will have access to them the zip file has a pkt file which correct there is a there's no zip files the zip file that's in that google drive that i shared with you is the e file not the packet tracer so i'm running currently on the default setup and i'm using 60 cpu and 20 ram so your pc will start to crawl a little bit when you start running this but at least you'll have the ability of running real ios which is always going to be a game changer all right so we're gonna my goal here let me go ahead and pull up and do a uh a text with me go ahead and add a text box here so my workflow is going to be we're going to set up vlans trunks vtp server client we're going to set up stp or rapid stp we're going to set up hsrp we're going to set up layer 3 switching hsrp and that should wrap up over the next hour hopefully we'll get that done before three o'clock but that's basically what it is that i'm gonna be walking you guys through as we move forward so i'm going to have this laid out here so you guys will see let me go ahead and just edit this real quick and align that save we'll bring this to the front and i'll put him up here in the upper left so we we know the flow that we're going to go through i will save these for later working on building a workstation pc awesome good stuff cool beans all right so the first thing we're going to go through and do in um to right now is we're going to configure switch 6 and switch 7 for some vlans we're going to go ahead and actually before i do that i'm going to configure switch 8 just to give you guys an idea of how some of this stuff works i'll do a basic config i'm going to go to global config and create vlan 10 i'm going to name it vlan 10 and then i'm going to put uh gig zero gig one slash zero and gig one slash one i'll put them into vlan 10 so interface range gig one zero through one and i'll say switch port access vlan 10 switch port mode of switch port mode of access and then spanning to report fast so it immediately transitions into forwarding and then what i'll do is on a pc 11 and 12 i'm going to say ip is going to be 10.1.10.11 24 and pc12 and type in ip will be 10.1.10.12 24. just like that now if i go back over here to switch six and i'm sorry switch eight and i do a show vlan brief i can see that those two ports are now instead of unit 10 if i do show mac address table dynamic i don't see anything showing up inside of vlan 10 yet but if i was to go to pc 11 and ping 10.1.10.12 i can get the ping right away and if i go back over here to switch 8 and hit the up arrow i'm going to see both macros showing up inside of my mac address table for that specific vlan so that's basically that's as simple as it gets in terms of networking like that you should be able to do this with your your eyes closed create a vlan apply to supports put a couple pcs into give them some ip dresses and voila right now we're going to take this a step further and i'm going to configure switch six and switch seven with vlan 10 and vlan uh 20 and then we're going to configure the trunks oh i forgot to mention i'm going to go ahead and uh trunk vtp i will do rapid stp and then i'll do i will do an lacp port channel like i said i hope to get everything done in the next hour i don't think we're gonna have a problem with that though and i'm not in any real big hurry either if you guys have questions on stuff we can definitely answer them so let's go to switch six and i'm gonna go to global config i'm gonna do show vlan brief and obviously we don't have vlan 10 created so i'm going to create vlan 10 i'm going to give it a name of vlan 10. i'm gonna say vlan 20. that's short little pause you get when you guys see it is the vlan being created and i'll put in here vlan 20 and now that's good to go so i have the vlan created the next thing i have to go do and i'm going to create that on just one v on one switch because when you have vtp in your environment or you're going to be leveraging vtp in your environment you should only be making your vlan modifications to one switch because if you have them configured on both at some point in the future there will be a problem where traffic will get the vlans you have created in one switch won't line up with the other one and then you'll get a vtp update so it makes more sense to have vtp working on just one switch and then propagating your updates to another all the other ones versus you having two different switches that you have to update so i've got the v of the vlans created here and if i do show cdp neighbor i should see switch 7 and switch 8. i have two connections to switch eight and i have one connection to switch seven what i'm gonna do is i'm gonna take the interface range command and i'm gonna configure all of my interfaces here on switch six and seven to be trunk links so i'm gonna type in interface interface range gig zero zero through two and i'm gonna type in switch port trunk encapsulation encapsulation.1q and then switch port mode of trunk okay now i'm gonna go ahead and say do show history and i'm gonna take these same config commands and i'm going to dump them onto switch seven just gonna go ahead and paste them in real quick awesome now because i've done that i've basically sped the process up of getting the trunking configuration in play if i was to look at switch 8 now i didn't configure any trunking on switch 8 at all i just created the vlan applied it to the ports and now i have the ip or the mac address is showing up in my mac or my vlans if i do a or my mac address table excuse me so by coming into a show interface trunk guess what i see i see gig zero zero one two and three they're in the mode of auto which means that they are going to be automatically negotiating using dtp or dynamic trunking protocol and i see n-802.1q which means that the northbound switch or in this case here switch 6 and switch 7 are configuring all their ports as trunk links using the 802.1q encapsulation method and that information is being pushed down to these switches or switch eight and this would work for if i had more switches associated here but i only have one for simplicity so that information is being pushed down to switch 8 switch 8 learns that and now i have a bunch of trunk links the next thing for me to go do would be to set up vtp so i'm going to go to and the reason why this would be important is because i want to propagate vlan 20 down so i can get pc13 and pc14 online so i'm going to go over to switch six i'm going to exit out of the range command i'm typing vtp domain and i always call this ccna something very simple right now the vtp domain has been changed to ccna and if i look at switch 7 now remember i didn't configure anything on switch 7 other than the trunk links i didn't configure any vlans at all and if i do show vlan brief guess what i have i have the vlans are brought over the reason the re the reason the vlans were brought over was as soon as i create a vtp domain that information is broadcasted out all the trunk links to all the other switches and by doing that vlan switch 7 and switch 8 will both learn any vlan information they didn't already have so if i was to do a do show vtp status you're going to see that my vtp domain is going to be ccna and you can see that the number of existing vlans is seven the configuration revision is two which means there's been two changes i've added two vlans vlan 10 and vlan 20. if i go to switch 8 it'll be the same thing if i hit the up arrow on this one right here i should see 10 and 20. now if we do a show vlan brief i have vlan 10 and 20 now which is what i want to see if i show vtp status i can see the same information right ccna is the domain name now because switch 8 are all the switches running as vtp servers yes they are all i was just about to get to that great question they are all running in the mode of server right so what i want to do is obviously change that because i don't want to have all of my access layer switches running in the mode of server if i'm actively using vtp right so on switch 8 i'm going to go here type in vtp mode is going to be client right or in the newer versions of ios you can actually turn vtp off completely your mileage may vary and uh use at your own risk so basically if you're okay with manually configuring vlans that would be the ideal way to go most customers that i've worked with in production they turn vtp off so keep those type of things in mind now with vtp mode client turned on if i wanted to create vlan 21 it's going to say vtp vlan configuration not allowed when device is in client mode in other words i can't create vlans right if i wanted to create another vlan i'd have to go up to switch 6 or switch 7 and configure it as such right and that could be problematic now what i'm going to do is on switch six seven and eight i'm going to configure a vtp version three so most of you guys haven't seen this or if you have it's a refresher so vtp question mark version and i'm going to put in three that's going to take a couple seconds and it says old old version 2 vlan configuration file detected and read okay version 3 files will be written in the future awesome thanks for the heads up and i'm going to do this to all of my switches drop that in like that and then drop this in like that all right now if i do show v vtp status you're going to see now a little bit of a different look and feel right [Music] i can see that i'm running version 3 my domain is ccna still i'm in the operational mode of client and you can see the number of existing vlans extended to vlans excuse me which is going to be vlan's 1005 through or do show v lan brief 1006 through 4094 i don't have any extended vlans they send the vlans or anything in the 1000 or higher range anything normal range vlans is gonna be one through one thousand and one so i can't really do anything configuration wise here so if i wanted to make a change anywhere in my environment here's what i'm going to do i'm going to go and configure one of my switches to be the vtp server right i'm going to come up and type in vtp primary for vlans and i'm going to hit the enter key and it says this system is becoming primary server for future vlan what that means is only switch 6 will be allowed to create vlans switch 7 will not be able to do that switch 8 will not be able to do that it says no conflicting vtp 3 devices found so what it did is it queried switch 7 and switch 8 and said hey guys are either one of you primary for creating vlans for the feature of vlan and we can see that if we look back over here in switch eight if i scroll up here you notice that the feature now vtb operating was in transparent mode for both of these guys but nothing's going on all right there's no this guy right here isn't showing like that my primary id is showing up as zeros now if i hit the up arrow sometimes this changes sometimes it does not i might have to trigger an update but switch six is actually sorry confirm it and then hit the up arrow again okay and now notice how it now it changes and it says the primary id is going to be this mac address so it knows who the primary guy is and this will change and then you'll see that any of the updates need to come through only switch 6 will be allowed to create vlans in the environment so it's a much tighter way of doing the configuration keep these things in mind when you're looking at how to roll it out so some cool stuff to enhance your environment if you need to run spanish or vtp this is basically how you would go about doing that now if we were to look at the show spanning tree what are we already in we're already in rapid spanning tree protocol rep a rapid pvst is a i'm sorry before i go any further anybody have any questions about what we've covered so far i've covered vlans trunking and vtp any questions so far before i move on i just want to you know just keep on trucking if not that's fine but i just want to make sure i don't leave anybody i don't think there is but hey you know what you never know all right so i don't think there's any questions but if you have them go ahead and drop them into the chat and i will go ahead and uh answer them if you have them i don't think there's any questions but you never know so why rstp and not pbst great question so time that's the number one reason so rapid pvst you are looking at between two and four seconds for convergence versus 30 to 50 seconds with convergence depending on the environment so when rapid pbst doesn't rely strictly on timers like pbst does it relies on a what they call a proposal and acknowledgement methodology and basically the way that that works is you have uh you have switch 6 and switch 7 are technically upstream or core distribution devices of switch 8. no no problems there right so if something happens in the environment with regular pvst i'm going to have to wait i'm going to put ports into blocking mode and then once the 20 second max age timer which is basically blocking mode kicks into play i'm going to then wait in the forwarding delay for both listening and learning so it's 50 seconds it's almost a solid minute of waiting around right and that in a normal environment in today's networks that's like unheard of like you don't run regular spanning tree in any environment today in regular pvst because it's just too slow people are looking for reconvergence to be much much faster so you run pbs rp rstp rstp is going to say okay this is what i've got going on here i've got a couple of ports and he's going to become the root bridge he'll send that information down to switch eight switch switch eight will go through a process of blocking ports to make sure that to try to figure out how the topology is laid out and this is all done by bpdu if i was to look up the cisco rapid expanding tree protocol let me see if i can't find this doc here this is kind of a difficult topic to explain but essentially i will redirect you to this url i'll do this in the chat real quick you can go ahead and read up on regular spanish or rapid pbst but essentially you're trying to not rely on timers to for reconvergence you're trying to act like a routing protocol where one switch is trying to communicate with another switch saying hey this is what i've got going on the other switch is saying oh okay no problem let me go ahead and do my thing and we'll go ahead and make sure that we're loop free but it happens like in a couple of seconds versus waiting a minute for traffic to circle and stuff like that so um to be honest with you it's not the most straightforward topic to understand but it's been a long time since i've read into it so i don't remember the specifics but the main reason for it is speed is number one obviously the term rapid now if you are diving into something like multiple spanning tree protocol or mstp it works along the same lines right we end up having connectivity to a couple of different devices and we want to make sure that the topology is loop free but we don't want to have well we have lots of vlans well the problem with regular spanning tree protocol is that for every vlan that you create you create another stp instance and then you end up having to send bpdus on your switches to any of the other switches out the trunk links now this isn't a bad thing in most cases if you've got a small number of vlans it's only uh you know 10 or 15 bpdus but if you have a couple hundred vlans you're going to be sending a couple hundred bpdus out each link multiple spanning tree protocol sends one and it's a conca it's a basically a bulk push you're sending one bpdu but you're sending a list of vlans in that update saying hey this is all the vlans that i have i don't believe that's on the blueprint yeah it's just a rapid pbst so we're going to go and configure primary and secondary and then uh the port states forwarding and blocking and that's pretty much it we're not going to go into much more detail than that but if you want to read up on what i would recommend you do is read up on the basics to how both regular pbst works and how rapid works and just understand the differences right that's the real big thing because at the end of the day my suspicion or my guess if i had to go on a limb here would be that uh yeah exactly i would say that the majority of what you're going to be tasked with doing is like can you identify which switch is the root bridge or how would you define the root bridge what would you do to actually set it up that type of stuff is what they're going to ask you at the ccna level at the ccnp level they might take it a little bit deeper but to be honest with you if you understand some of the basics and you read just on the the beginning parts of the theory you'll be surprised at how easy this stuff is as you can see it's only it's a handful of commands per technology that we've talked about so far so it's nothing super involved as you can already tell so um what i'm going to do is on switch 6 and switch 7 is i'm going to configure switch 6 to be the root bridge for vlan 10 and vlan switch 7 to be the root bridge for vlan 20 but then to be the the backups of each other so essentially what we'll end up having is this guy will be for vlan 10 this will be root primary and then vlan 20 this will be root secondary and same thing with here vlan 10 this will be root secondary and for vlan 20 this will be root primary that's what we're going to go configure right now and get them squared away so let's go ahead and knock that out real quick i'm going to go to uh vlan or sorry spanning tree vlan 10 that's going to be root primary and vlan 20 is going to be root secondary but it's that simple there's really nothing more to it than that and do the same thing as switch seven we're going to type in vlan spanning tree vlan 10 root prime or root secondary and the man 20 root primary just like that pretty simple stuff and we're in good shape so with that being said we're good to go that's that's fanny tree now is there a lot of other details that you can go through sure there's a lot let me go ahead and back up my mic just a little bit there are a lot of other things that you could dive into and do a show spanning tree and um all the details for this so just at a high level for vlan 10 on switch 7 so we're looking at switch 7 for vlan 10 we can see that the rapid pbst is turned on and you would use the command spanning tree mode rapid pbst to configure this it's on by default which is the what should be there you have the the root r the local information is right here right so this is my local i'm sorry yes i'm sorry though this is the root this is the root information so it's the root id and it's saying the cost is four and it's telling you in order to reach the root bridge the root port is out gig zero slash two which is this interface right here which points to switch six and if i was look at my my local i had the the address of seven and i have a priority of 28 672. so this priority right here and this priority right here basically what they mean is you deducted 4096 off of the 32768 that you started with so if i am a secondary so if i am finding the uh sorry if i'm primary my primary i'm going to take 3 2 7 6 8 and i'm going to subtract 81.92 if i am secondary i'm going to take 32768 and i'm going to deduct 4096 from it by doing this i'm able to very easily configure my devices accordingly right so it's just a simple it's just a macro right nothing nothing fancy but the cool thing is is it gives me a specific detail i don't have to set configure the priority you use a route secondary route primary everybody's happy right it gets the job done and that's really all there is to it in terms of the operations so that's pretty much how that comes into play now is there any question okay so doing this overrides the blocked ports and utilizes both redundant connections as traffic flow for their vlan that is the idea yes so when you have the deployment set up the way that we're doing it when you're trying to drive traffic a certain direction with spanning tree this is how you would do that you would start to open up ports and it's logical blocking based off of the vlan itself so if i was to come down here um i'm gonna get since this is a root bridge i'm gonna get a lot of designated and a lot of a lot of root port my report is going to point me towards the root bridge for specific vlans in this case here vlan 1. if i was to look at switch 8 though and do a show spanning tree you're going to see a little bit of a different output on here for my connections i'm going to see gig zero slash zero right is going to be root port for and this is you know sorry let me go look at vlan 10. if i look at this i'm going to see gig zero zero as my root port to reach switch six which connects me to root switch six but you'll notice that gig one two and three are all blocking right these are all blocking so the other connection my secondary connection to switch six and my secondary my two connections to switch seven they're all blocked which is what spanish tree is going to do it's going to block the ports so because it's going to block the ports we have to take that into consideration if i do the same thing for b920 it's going to be a very similar look and feel the only difference between the two is that gig 2 is my lowest port id connecting to switch 7. so it is the root bridge for vlan 20. gig zero zero gig zero one are bl are blocked and gig zero three are blocked but um because the blue their uh gig zero zero and g01 are blocked because switch six is not my rupridge four switch or vlan 20 but switch seven is so i can only have one root port even though i have multiple connections now i'm not a big fan of this so typically speaking what i like to do is i like to convert this over to a port channel so that's the next thing we're going to do we're going to set up lacp port channels between switch 7 and switch eight and switch six and switch eight this is going to allow me to take and give myself more flexibility i'm still gonna have blocked ports but i'm not gonna be blocking on a single port i'm gonna be actually allowing traffic to that's going towards the root bridge to use geek02 and gig003 because they're going to be member ports of the port channel so what i'm going to do is on switch 8 i'm going to go to global config interface range gig zero slash zero through three and i'm gonna shut them down give that a couple seconds to do its thing and i'm gonna configure four channels switch six will be the same thing interface range gig zero zero through one shut them down i find it's easier to shut them down than just let them run and then negotiate i find it's easier to shut them down configure them and then they'll be able to do their thing interface range 0 0 through 1 shut so i'm going to go over to switch 6 and in here i'm going to type in the channel protocol is going to be lacp and the channel group i'm going to give it a number and i'll say here i'll do 68 first channel switch switch 6 and switch 8 and i'll say the mode will be active so enable lacp unconditionally and what it's telling me is that range gig zero slash zero do show run interface gig zero slash zero hmm that's weird i'm not exactly sure what it's telling me it's kind of a weird error i don't think i've ever seen oh let me use a different number then let me just use channel group one and mode of active there we go so the number was wrong all right so i'm going to go ahead and say no shut on this side and on the switch eight side i'm gonna go to interface range gig zero zero through one channel protocol will be lacp channel group and i'll say one mode of active and then i'm going to go ahead and say no shut because i've got the the configuration setup the way that i do the port channels will automatically inherit the config of the underlying member interfaces and so the port channel there goes the port channel if i go to switch six same thing so do show ether channel summary and both of my ports are in a port channel okay let me go ahead and do the same thing on switch seven type in channel protocol is going to be lacp channel group will be mode channel group 1 mode of active and no shut switch eight same thing so interface range gig zero slash two through three type in switch ports or i'm sorry uh channel protocol lacp channel group 2 mode active and then i'm going to no shut these guys so this will get a connection online let me go ahead and clear the screen off real quick so that i don't have any garbage on there the poor channel should come online here just in a moment now once this is done and there it goes now if i come back down here and i do a show spanning tree for vlan 10 you're going to have the port channel 1 is going to be the root for vlan 10 but i'm going to have 4 channel 2 will be in blocking mode and if i do a show ether channel summary you're going to see that port channel 1 has gig00 and g01 in it and are i'm gonna be able to load balance traffic over both links because of how everything is laid out poor channel two same thing and if i hit the up arrow and i look at vlan 20 i just have flip-flopped my connection to where i'm uh looking at poor channel one that's weird why does it say designated oh um that's just weird because that's just that's just what is figured out so we're in good shape it's blocked to port elsewhere so that is basically how that would come into play and become operational so that is that any questions on spanning tree or lacp before we move into setting up layer 3 switching and hsrp well you guys are i'm gonna go ahead and configure vlan 20 on gig one slash two and one slash three on switch eight so i'm gonna do show vlan brief and i'm gonna do interface range gig one slash two through three and type switch port access vlan 20 switch port mode of access spanning tree port fast and then i'm going to go ahead and get pc13 and pc14 ip address ip of 10.1.20.13 24. and i p of 10.1.20.14.24 just like that and i'm going to do a ping to 10.1.20.13. let's make sure that show vlan brief show spanning tree vlan 20 okay so that should be working okay all right let's try that one more time there we go so the arp table had to be built awesome so we can do a show mac address table dynamic for vlan 20. all right so we're good to go all right so there's doesn't it there's any questions coming in or any topics that anything else you would want to break down so i feel like we're in a good spot right now what i'm going to go ahead and do is i'm going to transition into layer 3 switching so we're going to configure switch 6 and switch 7 to have default to be the default gateways of our environment and all that good stuff so let me go ahead and make a quick adjustment to my topology you guys can do this as well i'm just going to to add a little bit of context to what i've got going on here and i'm going to put in here the ip address that i'm going to be using which will be 10.1.6.0 24. and that's going to go right there and then i'm going to copy and paste that or i should say duplicate it and i'm going to edit this one this will be 10.2.7 just like that save all right so this will be some of the subnetting we're going to put into play and this will allow us to do things like dynamic routing and some static routing and things like that so all right so it doesn't look like there's any questions which is awesome um if i'm uh must be doing everything right then all righty good stuff okay so i'm gonna go ahead and get layer three switching configured on switch six and switch seven and the way that i'm gonna do that is on switch six oh that's that's cute oh looks like we have a little bit of a problem here show ether channel summary huh that's cute oh you know i bet you i know why it's giving me these problems because of the fact that um i don't have these guys configured as they're not hardcoded as trunk ports so show interfaces trunk that's cute so let me go that's cute there's like there's no configuring it says show run real quick they should be configured as trunks are set up as trunks anyway uh the port channel it's like the config okay so i'm gonna have to go configure them as trunk links real quick was the ether channel channel group number thing a bug why could you why couldn't i use 68 um i think that is a bug on this particular platform i've never seen that before now that that was weird uh interface range gig zero zero through three type in uh switch port trunk and cap.1q switch port mode of trunk and that should that'll bring those guys down once they renegotiate they'll be okay just like that and if we do or show interfaces trunk there they go so we're good to go there alright so that fixes that so little things like that can come back to bite you all good so just make sure you're um make sure your devices are configured appropriately uh just so you guys know i will be taking the running configurations of the switches and the routers and stuff like that i will put them into the uh into the google drive link that i shared with you guys that'll be in the in there so you guys will be able to basically see what i did to configure everything so you'll have the final configs as well so i'm gonna go ahead and on switch six and switch to seven i'm gonna go create two svis i'll create that's an spi for vlan 10 and an svi for vlan 20. i will configure 6 and 7 as the ip addresses so 10.1.10.6 10.1.20.6 so on and so forth and then we'll be able to set up hsrp i prefer to use the dot 254 ip address when i set up hsrp you can use whatever ip address you want but i just happen to like to 254 because it's the last ip in the range so i'm going to type in interface vlan 10 i'm going to say the ip address here will be 10.1.10.6 24. and you can see that if we do show ip interface brief that the svis on a real switch are by default shut down where packet tracer that will be automatically turned on so just be aware of stuff like that when you're playing with it and we'll make this one here 20.6 so i'm going to go ahead and no shut this guy interface vlan 10 no shut and so do show ip interface brief all right let me go ahead and configure switch 7 to be the same so interface vlan 10 ip address here will be 10.1.10.7 24. and no shut interface vlan 20 ip address here of 10.1.20.7 24 and no shutter all right now that we have that in play and we do show ip interface brief now we can begin our hsrp setup so i'm going to start on vlan 10 interface vlan 10 i'm going to type in standby and then the vlan in this case here will be vlan 10 the ip that i'm going to use is going to be 10.1.10.254 and i'm going to go ahead and set the priority on this guy to where you should tie it configuration wise so that whatever your root bridge is for that vlan the primary root bridge that should also be your hsrp default gateway so you should i'll try to tie it into the same box so as you can see when active i'm going to say the priority is going to be 255. and i'm going to say preemption so in the event that there's a failure you can always fail back i'm going to do interface vlan 20 and this will be 20 20 and then i will say standby 20 with the priority here will be uh we'll say 60 or you could put it at whatever value you want it's up to you and then i'll say preempt so i'm going to go ahead and do show run real quick on those interfaces just so we can see what they look like down here at the bottom is where they're going to show up so as we can see vlan 10 has been set as the primary default gateway through hsrp and then we have vlan 10 is the preemptable one which means that if switch 6 dies and then comes back online when it dies switch 7 will take over for it when switch six comes back online it's going to say to switch seven hey man let me go ahead and take back over and switch seven will be like all right cool and then he will relinquish his capability and put it back on switch six that's basically how the preemption piece works it's pretty simple let me go ahead and do the same thing on switch seven so interface vlan 10 or type in standby 10 ip will be 10.1.10.254. i'm going to put the priority here of 60 and we're going to put in 10 pre-empt and then interface vlan 20 standby 20 ip of 10.1.20.254. we're going to put in the priority of 255 and preempt okay that's our hsrp config it's pretty simple as you can see the hsrp is starting to work and if i was to jump out of global config and do a show standby brief we can see that once it's done doing its figure it out stuff there it goes so what i'm saying for vlan 10 is switch 7 is standby for vlan 10 where vlan uh switch six is the active forwarder for vlan 10. and then i'm going to come down to for switch for vlan 20 switch 7 is the active forwarder for vlan 20 and switch 6 is the backup so if something happens on switch 6 for vlan 10 vlan switch 7 will take over for it when switch 6 comes back online you can fail back there are some caveats that go into play with this but for the most part it's pretty straightforward so i don't have it on my list of things to do but i'm going to go ahead and configure dhcp on switch and switch six and switch seven for my pcs so now i'll let them get up their ip assist or dhcp so on switch six i'm gonna go ahead and get him squared away he'll be a dhcp server so we'll switch seven so i'm gonna type in ipdhcp and the pool i'll give it a name and this will be vlan 10. the network i'm going to set up for this guy is going to be 10.1.10.0 24. the default router will be 10.1.10.254 and my dns server will be quad 8. something as simple as that i'm going to do vlan 20 same thing the network will be 10.1.20.0 the default router will be 10.1.20.254. it's something like load balancing correct yeah that's that's one way you could look at it for sure and we'll set the dns server to be quad 8. and i'm going to say that ipdtp excluded address is going to be 10.1.10. uh 6 through 10.1.10.7 oops not no dash and then i'm also going to put in here dot 254 and then do the same thing for 20. just like that now the cool thing about this is i can do show run pipe section dhcp and i can literally just copy and paste this stuff out of the switch it makes it that simple so when you've got it configured like this it's easier just to copy and paste it out grab it on one box and then paste it into the other switch 7 just like this and paste all right so now i'm just going to go down to my pcs and i'll type in ip will be dhcp ipdtp and then you should see the door process kick in and you should get an ip address through dhcp which he does 10.1.10.1 with the gateway of 10.1.10.254. so on switch 6 i'm going to go ahead and do a is it common to use layer 3 switches as a dhcp server it can be yes so you can put it on whatever box you want to be honest with you i just happen to be putting it in play here because it makes it easier to configure but there's actually a number of companies that i work for that where they put it centrally and then you configure your default gateway your sbi you just point to the ip address on the dhcp server and you just do dhcp relay both will work i'm just you this is just easy for me to do i'm going to do a debug of dhcp detail so we're going to see the dhcp or server i debug ipdhcp server and we'll say events so i'm going to go ahead and do the same thing to pc12 but we're going to watch the communication go back and forth i'm going to type in ipdhcp and as it goes through the door process we're going to see the ip addressing process go through the discover offer request i need knowledge and now he's got an ip address as well all right so pc13 is gonna be the same thing i'm gonna go ahead and set the ip let me go ahead and switch seven do the same thing i'm gonna jump out of global config and type in debug ip dhcp server events pc13 i'm going to type in ipdhcp he's going to go through its process and we can see the communication going out and going from there if i jump back over to switch six i do a show ipdp binding we can see that there is some bindings and we can see that switch sixes happen is becoming the the dhcp server so we're still if i was to do a show ip dhcp binding we're seeing it on both but that's okay there's nothing wrong with that uh switch 6 is active switch 7 is also seeing it but eventually these will go away when the state of selecting is never bypassed or you've never progressed past the state of selecting eventually this will timeout but the reason why i have both of them configured is so that if switch 6 dies switch 7 will take over let's go ahead and pc third pc 14 ipdtp and that will be pretty much the the end of the road for us with all this setup all right that that's pretty much it folks there's really all that's left to it um i'm going to go ahead and i'm going to do a ping to 10.1.20.254 and i should be able to ping my default gateway now the question i have for everybody before we wrap up here is will i be able to ping between my vlans that is a question that i have for all of you undebug all and then on debug all if we do a show ip route i have connectivity setting up here do show ip route here i have connectivity there so the question i have is will i be able to do interview land routing should i be able to ping between my vlans let's go ahead and ping 10.1.10.254. i can ping that i'm going to pause here for just a moment and let you guys weigh in on that what do you guys think okay you would think yes that's a definitely an informed decision there pete if you don't feel comfortable or if you don't think it's gonna work that's okay too but i'm gonna go with pete on this one it should work so i'm gonna go ahead and i'm gonna grab an ip address from pc13 you don't think it's gonna work okay fair enough i'm gonna grab this ip address right here come back over here to pc11 i'm going to go ahead and ping paste that in there and i can absolutely ping between my vlans and the reason why i can is i'll go ahead and grab my pen tool here and i'll do a little bit of whiteboard in here i am right here on pc11 my default gateway is sitting up here of 10.1.10 oops that's supposed to be a four not a nine and then i've also got another default gateway of 10.1.20.254. and that's for pc13 so what did i just show you guys on my switches right i have both of these guys in the riding table right and i have ip routing enabled and no i do not need to set up static routes in order for this to work as long as you have connected subnets in your writing table you have layer 3 capability layer 3 is 100 supported here and we just did a ping between our vlans you don't need static routes to rot between your vlans you just need to make sure that whatever device your gateway sits on that especially if you're doing a layer 3 switching or router on a stick which we're not doing here you need to be able to go up to your default gateway and rot in between it so what's happening here is i come in this way actually let me let me erase this and make this a different color this will be easier for you guys to see and differentiate you change this over to sky blue then i have pc13 sitting here his default gateway is 10.1.20.254. what's happening is when traffic from pc 11 comes in and hits the switch goes up to this guy and it's actually received in on this svi it comes in on 10.1.10.254 and a layer 3 lookup is done what's the source the source is 10.1.10.1 what's the destination the destination is 10.1.20.1 do i have a route for that yep i sure do right here i have a route right there for it that means that i'm going to be able to route from 10.1.10.254 to 10.1.20.254 and my traffic is going to go down the link here and directly to pc3 or pc13 so yes i can ping between them all day long and that's what you need to keep in mind is as long as you have active routes you'll be good to go now if i have ip routing turned off or disabled no inter vlan routing interview land writing will not work if i do not have ip routing turned on and ip routing is what enables the layer 3 switching capability to do its job that's how that comes into play if you don't have ip writing turned on layer 3 switching will not work make sense hopefully not clear it's as clear as mud we'll dive into this into some more we'll take a look at some static routing in the next section and dive into how that stuff works and all that good stuff that goes along with it i have about eight minutes left on this section and then we're gonna uh take a little bit of a break we'll come back and we'll finish up we'll do some basic basic routing we'll set up some basic nat can you set up acls on switch 8 make some sense to me okay uh layer two acls yes on switch eight because there's no layer three ip addresses on switch eight i could configure one uh okay you got it good um that's all good man that's why you're here right so uh switch 8 would not be able to do any layer 3 access lists unless there was a layer 3 interface well then it would be certain specific use cases you wouldn't really you unders you understand all right cool i like the confirmation so i would normally do if i wanted to filter traffic between pc11 and pc13 i had to do that on the default gateway i'd have to create a layer 3 acl that's going to be associated to the sbi we could talk about that more when we get into tomorrow's session we're not gonna have time to do it today because i only have two more hours to go but uh that's basically how you can how you can set it up so we will take a look at that tomorrow the rest of uh the rest of today's session uh the next session that we're gonna do um we're gonna dive into let me go ahead and add to this i'm gonna um we're going to go and do static routing the concepts of that we're going to do basic nat or pat as you commonly refer to it and then we're going to get into the very basics of eigrp pretty simple stuff we'll go through that tomorrow i'm looking at doing ospf i'm looking at doing acls and more detail stuff like that so if you guys have any additional questions on stuff we can definitely cover those areas as we move forward and stuff like that so um unless there's more questions i'm going to go ahead and call this session i've only got a few minutes left and we will circle back at about 3 30 ish we'll dive back into our next section and dive into all that stuff alrighty so with that being said i'm watching the preview there's a little bit of a lag i wish i could get rid of that but it is what it is all right so with that being said i'm going to go ahead and wrap it up and we're going to be good to go i will see all of you in about half an hour ish might be a little longer than that but about half an hour i will will be working on the same files for the next session or will be a new one same file yep and the cool thing about it is is once the the videos are released or once i have the downloads i will up them upload them to youtube or youtube yeah for sure and that's the whole benefit to the

Info

Channel: Rob Riker's Tech Channel

Views: 1,635

Rating: undefined out of 5

Keywords:

Id: KoeTGkehF40

Channel Id: undefined

Length: 116min 57sec (7017 seconds)

Published: Wed Jun 02 2021