Questions

How to subnet with Inter-VLAN routing?

Tags:
+
0 Votes
Locked

How to subnet with Inter-VLAN routing?

rds41
I have a practice skills exam I need some help with. It is implementing Inter-VLAN routing as well as subnetting. We are given the IP add of 192.168.50.0. We are then given VLAN 10 (30 host ips), VLAN 20 (6 host ips), VLAN 30 (60 host ips) and VLAN 99 (10 host ips/VLAN trunks). She wants us to subnet based on the hosts required for each VLAN. We must address for each of the following: S1 Vlan 99, S2 Vlan 99, R1 loopback, R1 Fa0/1.1, R1 Fa0/1.10, R1 Fa0/1.20 and R1 Fa0/1.99, then 3 host PC's. The way she wants is it that I would subnet VLAN 30 then 10 then 99 then 10. If I need to subnet the VLANs first, how do I come about the S1 and S2 VLAN 99 addresses, as with the R1 loopback and R1 Fa0/1.99? Any help would be greatly appreciated! Thank you and I look forward to being a member on these boards.
  • +
    0 Votes
    rds41

    I know how to subnet, I am just confused in which order to do so. Do I subnet vlans then S1 and S2 vlan 99's, then host PCs?

    +
    0 Votes
    NetMan1958

    My take on it is that it appears that she wants you to calculate the subnets starting with the one that requires the most hosts (VLAN 30) then the one that requires the 2nd most hosts (VLAN 10) and so on down the line. Once you have the subnets calculated, the IP Addresses on the R1 sub-interfaces will be an address out of the subnet you calculated for the respective VLAN. Take VLAN 20 for example, R1 interface Fa0/1.20 will get one of the IPs from the subnet you calculated for VLAN 20 and it will be the default gateway for hosts in that VLAN.

    Did she mention which VLAN(s) she wants the PCs to be in? Start with your subnets and go from there and if you run into trouble, post what you have done so far and I'm sure someone will help you.

    +
    0 Votes
    rds41

    Thanks netman. She did not post which PC goes to which VLAN, but we've been doing it so that VLAN 10 goes to PC1, VLAN 20 goes to PC2, etc.
    VLAN 30 (60 hosts) - 192.168.50.1 - 192.168.50.62 /26 prefix = usable range
    VLAN 10 (30 hosts) - 192.168.50.65 - 192.168.50.94 /27 = usable range
    VLAN 99 (10 hosts) - 192.168.50.97 - 192.168.50.110 /28 = usable range
    VLAN 20 (6 hosts) - 192.168.50.113 - 192.168.50.118 /29 = usable range

    Now this is where I get confused. I still have to configure:
    S1 VLAN 99 IP add -
    S2 VLAN 99 IP add -
    R1 Fa0/0 IP add -
    and PC1, PC2, and PC3

    I'm pretty sure I have it correct up to here. Any more help guys I'd appreciate it. Thanks

    +
    0 Votes
    NetMan1958

    S1 and S2 VLAN 99 IPs will be any of the usable IPs in the subnet you calculated for VLAN 99 (192.168.50.97 - 192.168.50.110) - just be sure to assign each IP to only one device.

    Each PC will get an IP from the subnet you calculated for the VLAN that PC is in. Example, PC1 is in VLAN 10, it gets one of the IPs from 192.168.50.65 - 192.168.50.94.

    +
    0 Votes
    rds41

    Awesome explanation, man. I was looking at it at a more complex approach, I guess. Thank you for your time netman!

    +
    0 Votes
    CG IT

    You said the instructor's instructions are : We must address for each of the following: S1 Vlan 99, S2 Vlan 99, R1 loopback, R1 Fa0/1.1, R1 Fa0/1.10, R1 Fa0/1.20 and R1 Fa0/1.99, then 3 host PC's"

    you can use any address within the subnet address space. Most start with the first and work up to the last.

    these are subinterfaces for roas: R1 Fa0/1.1, R1 Fa0/1.10, R1 Fa0/1.20 and R1 Fa0/1.99

    typically, best practice is to make the subinterface the same as the vlan #. so
    R1 Fa0/1.1 is subinterface # 1 and would correspond to Vlan1 the administrative vlan
    R1Fa0/1.10 is subinterface # 10 and would correspond to Vlan 10. you give that subinterface and address from the 192.168.50.65-94/27 address space [first address]

    so on and so forth.... for hosts [PCs might as well give them the next addresses... so for R1Fa0/1.10 subinterface address would be 192.168.50.65 255.255.255.224
    PCs would be 192.168.50.66 255.255.255.224

    you really don't have to address the vlan...simply create it on the switch and assign switchports to the vlan. then make sure all the pcs that belong in the vlan are plugged in to the correct ports...assuming your using 48 port switches [96 total ports but you have 106 hosts so your short a switch]
    Switch 1 Vlan 1 [administrative vlan] ports 0
    Switch 1 Vlan 20 [6 hosts] switchports 1-6
    Switch 1 Vlan 10 [30 hosts] switchports 7--37
    Switch 1 Vlan 99 [5 hosts] switchports 38-43 [you could give the VLAN an address]
    Switch 2 Vlan 99 [5 hosts] switchports 1-5 [same here but why waste it]
    Switch 2 Vlan 30 [60 hosts] switchports 6-48 [which is 42 hosts sooo..this is where you need another switch for the extra 18 hosts that don't have a switchport..you could use the unused 5 on switch 1 but...still short switchports.]
    so on and so forth

    remember you need a trunk port between switches and switchports on Cisco switches will try to negotiate trunk if it can by default [older 2950s ] so you need either gigabit uplink ports or 1 of the regular switchports for a trunk port.

    +
    0 Votes
    rds41

    Here is what I have, so far:
    S1 VLAN 99 - 192.168.50.97 /28
    S2 VLAN 99 - 192.168.50.98 /28
    R1 Fa0/0 loopback - 192.168.50.0 /24
    R1 Fa0/1.1 - 192.168.50.? I don't know how you get this
    R1 Fa0/1.10 - 192.168.50.64 /27
    R1 Fa0/1.20 - 192.168.50.112 /29
    R1 Fa0/1.30 - 192.168.50.1 /26
    R1 Fa0/1.99 - 192.168.50.96 /28
    PC1 - 192.168.50.65 /27
    PC2 - 192.168.50.113 /29
    PC3 - 192.168.50.2 /26
    Anything I did wrong and how do I come up with the R1 Fa0/1.1 ip? Thanks!

    +
    0 Votes
    NetMan1958

    R1 Fa0/1.99 - 192.168.50.96 /28 won't work as 192.168.50.96 is the subnet address. I would use .97 for this interface and use .99 for S1 VLAN 99.

    I'm a little confused about R1 Fa0/0 loopback - 192.168.50.0 /24 - is the address supposed to go on interface Fa0/0 or on a loopback interface, for example interface loopback1 ?

    +
    0 Votes
    rds41

    Thanks. It just says R1 Fa0/0 OR (Loopback). Does everything else look okay though?

    +
    0 Votes
    rds41

    Also, you said 192.168.50.99 for S1 VLAN 99, what about S2 VLAN 99? Thanks bud you're helping me a ton!

    +
    0 Votes
    CG IT

    just a note: the subinterface for Vlan 1 on R1 needs an address... because not all ports are assigned to a vlan thus they are automatically a member of the default admin Vlan, Vlan 1 and require roas and access to other vlans... so your native Vlan 1 needs subnet addressing

    if you require a trunk between switches, those switchports will automatically be in Vlan 1, but you do need open ports and that you change their mode from access to trunk [or dynamic] to trunk. Vlans automatically get access to the trunk unless you specify otherwise....

    another side note : one of those switches need to be the VTP server and the other VTP client, don't know if the instructor specified that....

    +
    0 Votes
    rds41

    She did not, but I appreciate your help mate. This has helped a lot and I should do fine on my exam. Thank you!

    +
    0 Votes
    NetMan1958

    I'll answer your second question first. You can leave S2 VLAN 99's address at 192.168.50.98 /28. So it looks like this:
    R1 Fa0/1.99 - 192.168.50.97 /28
    S1 VLAN 99 - 192.168.50.99 /28
    S2 VLAN 99 - 192.168.50.98 /28

    Now that I look at it again you used the subnet number for R1 Fa0/1.10 - 192.168.50.64 /27 and R1 Fa0/1.20 - 192.168.50.112 /29 also. It's not a requirement but it is a common convention to assign the first usable IP in a subnet to the default gateway. So I would recommend this:
    R1 Fa0/1.10 - 192.168.50.65 /27
    R1 Fa0/1.20 - 192.168.50.113 /29
    R1 Fa0/1.30 - 192.168.50.1 /26
    R1 Fa0/1.99 - 192.168.50.97 /28

    As for R1 Fa0/0 or loopback you will need to go to the end of the IP's you have already used (192.168.50.119). So the next subnet begins with 192.168.50.120 and the first usable IP will be 192.168.50.121. I didn't see anything about what R1 - Fa0/0 will be used for or how many devices will be on it's subnet but if we assume it only links to one other router, we can use a /30 mask. So R1 - Fa0/0 or loopback get's 192.168.50.121/30.

    The next usable subnet will be 192.168.50.124 with first usable 192.168.50.125. You can assign that to R1 Fa0/1.1. There was no mention if any or how many hosts will be in VLAN 1 so I'm not sure what mask to tell you to use. If we assume that Fa0/1.1 will be the lone device in VLAN 1 you could use a host mask ( /32 ).

    If PC1 is in VLAN 10 you need to assign it an IP from the VLAN 10 range. 192.168.50.66 /27 would work. If PC2 is in VLAN 20, assign it 192.168.50.114 /29. I'll leave it to you to do PC3.

    +
    0 Votes
    rds41

    192.168.50.3 for PC3. I appreciate all of your help mate. I think this should help land me a good grade on my skills final tomorrow. Thank you!

    +
    0 Votes
    rds41

    .2***

    +
    0 Votes
    mudson_gee

    I have a problem with Inter-vlan routing, when i assign the vlans to the hosts as PC1(172.17.10.21) = VLAN 20 PC2(172.17.20.22) = VLAN 30 and PC3(172.17.30.23) = VLAN 10, with this vlan assignment none of the hosts can be able to ping another, they cannot ping the switch they are attached and they cannot ping the router.

    The hosts only ping successfully if the vlan assignment is PC1(172.17.10.21) = VLAN 10 PC2(172.17.20.22) = VLAN 20 and PC3(172.17.30.23) = VLAN 30, to what i understand whenever the vlans are assigment random to the hosts they cant ping one another.

    To make it more clear, vlan 20 is assignment to Interface fa0/11 PC1(172.17.10.21) is directly connected to Interface fa0/11, if you try to ping the router(172.17.1.1) it will not work. Only if you connect PC1 to Interface fa0/6 with vlan 10 this will make successful ping result. if you also try to connect PC1 on Interface fa0/18 which has vlan 30 the ping result will not be successful to the ip address 172.17.1.1

    Below is the configuration and i have also attached the topology diagram, you can download to view, i need you help.

    Switch S1 config
    S1>en
    Password:
    S1#show run
    Building configuration...

    Current configuration : 1777 bytes
    !
    version 12.2
    no service timestamps log datetime msec
    no service timestamps debug datetime msec
    no service password-encryption
    !
    hostname S1
    !
    enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
    !
    no ip domain-lookup
    !
    !
    interface FastEthernet0/1
    switchport trunk native vlan 99
    switchport mode trunk
    !
    interface FastEthernet0/2
    switchport trunk native vlan 99
    switchport mode trunk
    !
    interface FastEthernet0/3
    switchport trunk native vlan 99
    switchport mode trunk
    !
    interface FastEthernet0/4
    switchport trunk native vlan 99
    switchport mode trunk
    !
    interface FastEthernet0/5
    switchport trunk native vlan 99
    switchport mode trunk
    !
    interface FastEthernet0/6
    !
    interface FastEthernet0/7
    !
    interface FastEthernet0/8
    !
    interface FastEthernet0/9
    !
    interface FastEthernet0/10
    !
    interface FastEthernet0/11
    !
    interface FastEthernet0/12
    !
    interface FastEthernet0/13
    !
    interface FastEthernet0/14
    !
    interface FastEthernet0/15
    !
    interface FastEthernet0/16
    !
    interface FastEthernet0/17
    !
    interface FastEthernet0/18
    !
    interface FastEthernet0/19
    !
    interface FastEthernet0/20
    !
    interface FastEthernet0/21
    !
    interface FastEthernet0/22
    !
    interface FastEthernet0/23
    !
    interface FastEthernet0/24
    !
    interface GigabitEthernet1/1
    !
    interface GigabitEthernet1/2
    !
    interface Vlan1
    no ip address
    shutdown
    !
    interface Vlan99
    ip address 172.17.99.11 255.255.255.0
    !
    ip default-gateway 172.17.99.1
    !
    banner motd ^C
    ******************************************************************************** Unauthorized access is prohibited ********************************************************************************^C
    !
    line con 0
    password cisco
    logging synchronous
    login
    !
    line vty 0 4
    password cisco
    login
    line vty 5 15
    password cisco
    login
    !
    !
    end


    S1#
    Switch S2 config
    S2>en
    Password:
    Password:
    S2#show run
    Building configuration...

    Current configuration : 2454 bytes
    !
    version 12.2
    no service timestamps log datetime msec
    no service timestamps debug datetime msec
    no service password-encryption
    !
    hostname S2
    !
    enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
    !
    no ip domain-lookup
    !
    spanning-tree mode rapid-pvst
    !
    interface FastEthernet0/1
    switchport trunk native vlan 99
    switchport mode trunk
    !
    interface FastEthernet0/2
    switchport trunk native vlan 99
    switchport mode trunk
    !
    interface FastEthernet0/3
    switchport trunk native vlan 99
    switchport mode trunk
    !
    interface FastEthernet0/4
    switchport trunk native vlan 99
    switchport mode trunk
    !
    interface FastEthernet0/5
    shutdown
    !
    interface FastEthernet0/6
    switchport access vlan 10
    !
    interface FastEthernet0/7
    switchport access vlan 10
    shutdown
    !
    interface FastEthernet0/8
    switchport access vlan 10
    shutdown
    !
    interface FastEthernet0/9
    switchport access vlan 10
    shutdown
    !
    interface FastEthernet0/10
    switchport access vlan 10
    shutdown
    !
    interface FastEthernet0/11
    switchport access vlan 20
    !
    interface FastEthernet0/12
    switchport access vlan 20
    shutdown
    !
    interface FastEthernet0/13
    switchport access vlan 20
    shutdown
    !
    interface FastEthernet0/14
    switchport access vlan 20
    shutdown
    !
    interface FastEthernet0/15
    switchport access vlan 20
    shutdown
    !
    interface FastEthernet0/16
    switchport access vlan 20
    shutdown
    !
    interface FastEthernet0/17
    switchport access vlan 20
    shutdown
    !
    interface FastEthernet0/18
    switchport access vlan 30
    !
    interface FastEthernet0/19
    switchport access vlan 30
    shutdown
    !
    interface FastEthernet0/20
    switchport access vlan 30
    shutdown
    !
    interface FastEthernet0/21
    switchport access vlan 30
    shutdown
    !
    interface FastEthernet0/22
    switchport access vlan 30
    shutdown
    !
    interface FastEthernet0/23
    switchport access vlan 30
    shutdown
    !
    interface FastEthernet0/24
    switchport access vlan 30
    shutdown
    !
    interface GigabitEthernet1/1
    shutdown
    !
    interface GigabitEthernet1/2
    shutdown
    !
    interface Vlan1
    no ip address
    shutdown
    !
    interface Vlan99
    ip address 172.17.99.12 255.255.255.0
    !
    ip default-gateway 172.17.99.1
    !
    banner motd ^C
    ******************************************************************************** Unauthorized access is prohibited ********************************************************************************^C
    !
    line con 0
    password cisco
    logging synchronous
    login
    !
    line vty 0 4
    password cisco
    login
    line vty 5 15
    password cisco
    login
    !
    !
    end


    S2#
    Switch S3 config
    S3>en
    Password:
    S3#show run
    Building configuration...

    Current configuration : 1941 bytes
    !
    version 12.2
    no service timestamps log datetime msec
    no service timestamps debug datetime msec
    no service password-encryption
    !
    hostname S3
    !
    enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
    !
    no ip domain-lookup
    !
    !
    interface FastEthernet0/1
    switchport trunk native vlan 99
    switchport mode trunk
    !
    interface FastEthernet0/2
    switchport trunk native vlan 99
    switchport mode trunk
    !
    interface FastEthernet0/3
    switchport trunk native vlan 99
    switchport mode trunk
    !
    interface FastEthernet0/4
    switchport trunk native vlan 99
    switchport mode trunk
    !
    interface FastEthernet0/5
    shutdown
    !
    interface FastEthernet0/6
    shutdown
    !
    interface FastEthernet0/7
    shutdown
    !
    interface FastEthernet0/8
    shutdown
    !
    interface FastEthernet0/9
    shutdown
    !
    interface FastEthernet0/10
    shutdown
    !
    interface FastEthernet0/11
    shutdown
    !
    interface FastEthernet0/12
    shutdown
    !
    interface FastEthernet0/13
    shutdown
    !
    interface FastEthernet0/14
    shutdown
    !
    interface FastEthernet0/15
    shutdown
    !
    interface FastEthernet0/16
    shutdown
    !
    interface FastEthernet0/17
    shutdown
    !
    interface FastEthernet0/18
    shutdown
    !
    interface FastEthernet0/19
    shutdown
    !
    interface FastEthernet0/20
    shutdown
    !
    interface FastEthernet0/21
    shutdown
    !
    interface FastEthernet0/22
    shutdown
    !
    interface FastEthernet0/23
    shutdown
    !
    interface FastEthernet0/24
    shutdown
    !
    interface GigabitEthernet1/1
    shutdown
    !
    interface GigabitEthernet1/2
    shutdown
    !
    interface Vlan1
    no ip address
    shutdown
    !
    interface Vlan99
    ip address 172.17.99.13 255.255.255.0
    !
    ip default-gateway 172.17.99.1
    !
    banner motd ^C
    ******************************************************************************** Unauthorized access is prohibited ********************************************************************************^C
    !
    line con 0
    password cisco
    logging synchronous
    login
    !
    line vty 0 4
    password cisco
    login
    line vty 5 15
    password cisco
    login
    !
    !
    end


    S3#
    Router config
    R1#show run
    Building configuration...

    Current configuration : 1050 bytes
    !
    version 12.4
    no service timestamps log datetime msec
    no service timestamps debug datetime msec
    no service password-encryption
    !
    hostname R1
    !
    !
    !
    enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    no ip domain-lookup
    !
    !
    !
    !
    !
    !
    interface FastEthernet0/0
    no ip address
    duplex auto
    speed auto
    shutdown
    !
    interface FastEthernet0/1
    no ip address
    duplex auto
    speed auto
    !
    interface FastEthernet0/1.1
    encapsulation dot1Q 1
    ip address 172.17.1.1 255.255.255.0
    !
    interface FastEthernet0/1.10
    encapsulation dot1Q 10
    ip address 172.17.10.1 255.255.255.0
    !
    interface FastEthernet0/1.20
    encapsulation dot1Q 20
    ip address 172.17.20.1 255.255.255.0
    !
    interface FastEthernet0/1.30
    encapsulation dot1Q 30
    ip address 172.17.30.1 255.255.255.0
    !
    interface FastEthernet0/1.99
    encapsulation dot1Q 99 native
    ip address 172.17.99.1 255.255.255.0
    !
    interface Vlan1
    no ip address
    shutdown
    !
    ip classless
    !
    !
    !
    !
    !
    !
    !
    line con 0
    password cisco
    login
    line vty 0 4
    password cisco
    login
    line vty 5 15
    password cisco
    login
    !
    !
    !
    end


    R1#

    +
    0 Votes
    CG IT

    and native vlan 99?

    for labbing, I would have left the native vlan as 1. used the Gi ports as trunk ports between switches, and used a Gi port on one of the switches as the trunk to the router.

    and did you specify what vlans can access the trunk link? have to put in the switchport trunk vlan allowed "all" command.

    what port on what switch is the trunk port to the router? that port needs the switchport trunk vlan allowed all command to allow all vlans to access the trunk link. note: the trunk link between switches also need the "all" command to allow vlans access to that trunk link which in turn allows access to the trunk link to the router.

    once that works, then you can specify which vlans are allowed, test that....

    what's the route table look like ? CLI router: sh ip route

    you can do a debug on the trunk links and post that.... or do a sh int trunk to show what the trunk links are and what's allowed. [that's on the switches]

    The router needs a route table with your subnets to route between them so when it gets tagged frames from vlans on the trunk link, it knows what to do with them.

    +
    0 Votes
    mudson_gee

    Thank you very much for your concern.
    vlan 99 has been assign as the native vlan:
    interface Vlan99
    ip address 172.17.99.13 255.255.255.0
    !
    ip default-gateway 172.17.99.1

    and about the trunking, what i did is S2 has 3 host attached to it on interface fa0/6(vlan 10, 172.17.30.23), fa0/11(vlan 20 172.17.10.21), fa0/18(vlan 30 172.17.20.22). check the above document config.
    Switch S1 has a trunk interface fa0/1 which i enable the vlan all command on the interface.

    and on the router, i doubt if the problem is not from the inter-vlan routing.

    +
    0 Votes
    CG IT

    the router can't route packets if it doesn't know ...

  • +
    0 Votes
    rds41

    I know how to subnet, I am just confused in which order to do so. Do I subnet vlans then S1 and S2 vlan 99's, then host PCs?

    +
    0 Votes
    NetMan1958

    My take on it is that it appears that she wants you to calculate the subnets starting with the one that requires the most hosts (VLAN 30) then the one that requires the 2nd most hosts (VLAN 10) and so on down the line. Once you have the subnets calculated, the IP Addresses on the R1 sub-interfaces will be an address out of the subnet you calculated for the respective VLAN. Take VLAN 20 for example, R1 interface Fa0/1.20 will get one of the IPs from the subnet you calculated for VLAN 20 and it will be the default gateway for hosts in that VLAN.

    Did she mention which VLAN(s) she wants the PCs to be in? Start with your subnets and go from there and if you run into trouble, post what you have done so far and I'm sure someone will help you.

    +
    0 Votes
    rds41

    Thanks netman. She did not post which PC goes to which VLAN, but we've been doing it so that VLAN 10 goes to PC1, VLAN 20 goes to PC2, etc.
    VLAN 30 (60 hosts) - 192.168.50.1 - 192.168.50.62 /26 prefix = usable range
    VLAN 10 (30 hosts) - 192.168.50.65 - 192.168.50.94 /27 = usable range
    VLAN 99 (10 hosts) - 192.168.50.97 - 192.168.50.110 /28 = usable range
    VLAN 20 (6 hosts) - 192.168.50.113 - 192.168.50.118 /29 = usable range

    Now this is where I get confused. I still have to configure:
    S1 VLAN 99 IP add -
    S2 VLAN 99 IP add -
    R1 Fa0/0 IP add -
    and PC1, PC2, and PC3

    I'm pretty sure I have it correct up to here. Any more help guys I'd appreciate it. Thanks

    +
    0 Votes
    NetMan1958

    S1 and S2 VLAN 99 IPs will be any of the usable IPs in the subnet you calculated for VLAN 99 (192.168.50.97 - 192.168.50.110) - just be sure to assign each IP to only one device.

    Each PC will get an IP from the subnet you calculated for the VLAN that PC is in. Example, PC1 is in VLAN 10, it gets one of the IPs from 192.168.50.65 - 192.168.50.94.

    +
    0 Votes
    rds41

    Awesome explanation, man. I was looking at it at a more complex approach, I guess. Thank you for your time netman!

    +
    0 Votes
    CG IT

    You said the instructor's instructions are : We must address for each of the following: S1 Vlan 99, S2 Vlan 99, R1 loopback, R1 Fa0/1.1, R1 Fa0/1.10, R1 Fa0/1.20 and R1 Fa0/1.99, then 3 host PC's"

    you can use any address within the subnet address space. Most start with the first and work up to the last.

    these are subinterfaces for roas: R1 Fa0/1.1, R1 Fa0/1.10, R1 Fa0/1.20 and R1 Fa0/1.99

    typically, best practice is to make the subinterface the same as the vlan #. so
    R1 Fa0/1.1 is subinterface # 1 and would correspond to Vlan1 the administrative vlan
    R1Fa0/1.10 is subinterface # 10 and would correspond to Vlan 10. you give that subinterface and address from the 192.168.50.65-94/27 address space [first address]

    so on and so forth.... for hosts [PCs might as well give them the next addresses... so for R1Fa0/1.10 subinterface address would be 192.168.50.65 255.255.255.224
    PCs would be 192.168.50.66 255.255.255.224

    you really don't have to address the vlan...simply create it on the switch and assign switchports to the vlan. then make sure all the pcs that belong in the vlan are plugged in to the correct ports...assuming your using 48 port switches [96 total ports but you have 106 hosts so your short a switch]
    Switch 1 Vlan 1 [administrative vlan] ports 0
    Switch 1 Vlan 20 [6 hosts] switchports 1-6
    Switch 1 Vlan 10 [30 hosts] switchports 7--37
    Switch 1 Vlan 99 [5 hosts] switchports 38-43 [you could give the VLAN an address]
    Switch 2 Vlan 99 [5 hosts] switchports 1-5 [same here but why waste it]
    Switch 2 Vlan 30 [60 hosts] switchports 6-48 [which is 42 hosts sooo..this is where you need another switch for the extra 18 hosts that don't have a switchport..you could use the unused 5 on switch 1 but...still short switchports.]
    so on and so forth

    remember you need a trunk port between switches and switchports on Cisco switches will try to negotiate trunk if it can by default [older 2950s ] so you need either gigabit uplink ports or 1 of the regular switchports for a trunk port.

    +
    0 Votes
    rds41

    Here is what I have, so far:
    S1 VLAN 99 - 192.168.50.97 /28
    S2 VLAN 99 - 192.168.50.98 /28
    R1 Fa0/0 loopback - 192.168.50.0 /24
    R1 Fa0/1.1 - 192.168.50.? I don't know how you get this
    R1 Fa0/1.10 - 192.168.50.64 /27
    R1 Fa0/1.20 - 192.168.50.112 /29
    R1 Fa0/1.30 - 192.168.50.1 /26
    R1 Fa0/1.99 - 192.168.50.96 /28
    PC1 - 192.168.50.65 /27
    PC2 - 192.168.50.113 /29
    PC3 - 192.168.50.2 /26
    Anything I did wrong and how do I come up with the R1 Fa0/1.1 ip? Thanks!

    +
    0 Votes
    NetMan1958

    R1 Fa0/1.99 - 192.168.50.96 /28 won't work as 192.168.50.96 is the subnet address. I would use .97 for this interface and use .99 for S1 VLAN 99.

    I'm a little confused about R1 Fa0/0 loopback - 192.168.50.0 /24 - is the address supposed to go on interface Fa0/0 or on a loopback interface, for example interface loopback1 ?

    +
    0 Votes
    rds41

    Thanks. It just says R1 Fa0/0 OR (Loopback). Does everything else look okay though?

    +
    0 Votes
    rds41

    Also, you said 192.168.50.99 for S1 VLAN 99, what about S2 VLAN 99? Thanks bud you're helping me a ton!

    +
    0 Votes
    CG IT

    just a note: the subinterface for Vlan 1 on R1 needs an address... because not all ports are assigned to a vlan thus they are automatically a member of the default admin Vlan, Vlan 1 and require roas and access to other vlans... so your native Vlan 1 needs subnet addressing

    if you require a trunk between switches, those switchports will automatically be in Vlan 1, but you do need open ports and that you change their mode from access to trunk [or dynamic] to trunk. Vlans automatically get access to the trunk unless you specify otherwise....

    another side note : one of those switches need to be the VTP server and the other VTP client, don't know if the instructor specified that....

    +
    0 Votes
    rds41

    She did not, but I appreciate your help mate. This has helped a lot and I should do fine on my exam. Thank you!

    +
    0 Votes
    NetMan1958

    I'll answer your second question first. You can leave S2 VLAN 99's address at 192.168.50.98 /28. So it looks like this:
    R1 Fa0/1.99 - 192.168.50.97 /28
    S1 VLAN 99 - 192.168.50.99 /28
    S2 VLAN 99 - 192.168.50.98 /28

    Now that I look at it again you used the subnet number for R1 Fa0/1.10 - 192.168.50.64 /27 and R1 Fa0/1.20 - 192.168.50.112 /29 also. It's not a requirement but it is a common convention to assign the first usable IP in a subnet to the default gateway. So I would recommend this:
    R1 Fa0/1.10 - 192.168.50.65 /27
    R1 Fa0/1.20 - 192.168.50.113 /29
    R1 Fa0/1.30 - 192.168.50.1 /26
    R1 Fa0/1.99 - 192.168.50.97 /28

    As for R1 Fa0/0 or loopback you will need to go to the end of the IP's you have already used (192.168.50.119). So the next subnet begins with 192.168.50.120 and the first usable IP will be 192.168.50.121. I didn't see anything about what R1 - Fa0/0 will be used for or how many devices will be on it's subnet but if we assume it only links to one other router, we can use a /30 mask. So R1 - Fa0/0 or loopback get's 192.168.50.121/30.

    The next usable subnet will be 192.168.50.124 with first usable 192.168.50.125. You can assign that to R1 Fa0/1.1. There was no mention if any or how many hosts will be in VLAN 1 so I'm not sure what mask to tell you to use. If we assume that Fa0/1.1 will be the lone device in VLAN 1 you could use a host mask ( /32 ).

    If PC1 is in VLAN 10 you need to assign it an IP from the VLAN 10 range. 192.168.50.66 /27 would work. If PC2 is in VLAN 20, assign it 192.168.50.114 /29. I'll leave it to you to do PC3.

    +
    0 Votes
    rds41

    192.168.50.3 for PC3. I appreciate all of your help mate. I think this should help land me a good grade on my skills final tomorrow. Thank you!

    +
    0 Votes
    rds41

    .2***

    +
    0 Votes
    mudson_gee

    I have a problem with Inter-vlan routing, when i assign the vlans to the hosts as PC1(172.17.10.21) = VLAN 20 PC2(172.17.20.22) = VLAN 30 and PC3(172.17.30.23) = VLAN 10, with this vlan assignment none of the hosts can be able to ping another, they cannot ping the switch they are attached and they cannot ping the router.

    The hosts only ping successfully if the vlan assignment is PC1(172.17.10.21) = VLAN 10 PC2(172.17.20.22) = VLAN 20 and PC3(172.17.30.23) = VLAN 30, to what i understand whenever the vlans are assigment random to the hosts they cant ping one another.

    To make it more clear, vlan 20 is assignment to Interface fa0/11 PC1(172.17.10.21) is directly connected to Interface fa0/11, if you try to ping the router(172.17.1.1) it will not work. Only if you connect PC1 to Interface fa0/6 with vlan 10 this will make successful ping result. if you also try to connect PC1 on Interface fa0/18 which has vlan 30 the ping result will not be successful to the ip address 172.17.1.1

    Below is the configuration and i have also attached the topology diagram, you can download to view, i need you help.

    Switch S1 config
    S1>en
    Password:
    S1#show run
    Building configuration...

    Current configuration : 1777 bytes
    !
    version 12.2
    no service timestamps log datetime msec
    no service timestamps debug datetime msec
    no service password-encryption
    !
    hostname S1
    !
    enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
    !
    no ip domain-lookup
    !
    !
    interface FastEthernet0/1
    switchport trunk native vlan 99
    switchport mode trunk
    !
    interface FastEthernet0/2
    switchport trunk native vlan 99
    switchport mode trunk
    !
    interface FastEthernet0/3
    switchport trunk native vlan 99
    switchport mode trunk
    !
    interface FastEthernet0/4
    switchport trunk native vlan 99
    switchport mode trunk
    !
    interface FastEthernet0/5
    switchport trunk native vlan 99
    switchport mode trunk
    !
    interface FastEthernet0/6
    !
    interface FastEthernet0/7
    !
    interface FastEthernet0/8
    !
    interface FastEthernet0/9
    !
    interface FastEthernet0/10
    !
    interface FastEthernet0/11
    !
    interface FastEthernet0/12
    !
    interface FastEthernet0/13
    !
    interface FastEthernet0/14
    !
    interface FastEthernet0/15
    !
    interface FastEthernet0/16
    !
    interface FastEthernet0/17
    !
    interface FastEthernet0/18
    !
    interface FastEthernet0/19
    !
    interface FastEthernet0/20
    !
    interface FastEthernet0/21
    !
    interface FastEthernet0/22
    !
    interface FastEthernet0/23
    !
    interface FastEthernet0/24
    !
    interface GigabitEthernet1/1
    !
    interface GigabitEthernet1/2
    !
    interface Vlan1
    no ip address
    shutdown
    !
    interface Vlan99
    ip address 172.17.99.11 255.255.255.0
    !
    ip default-gateway 172.17.99.1
    !
    banner motd ^C
    ******************************************************************************** Unauthorized access is prohibited ********************************************************************************^C
    !
    line con 0
    password cisco
    logging synchronous
    login
    !
    line vty 0 4
    password cisco
    login
    line vty 5 15
    password cisco
    login
    !
    !
    end


    S1#
    Switch S2 config
    S2>en
    Password:
    Password:
    S2#show run
    Building configuration...

    Current configuration : 2454 bytes
    !
    version 12.2
    no service timestamps log datetime msec
    no service timestamps debug datetime msec
    no service password-encryption
    !
    hostname S2
    !
    enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
    !
    no ip domain-lookup
    !
    spanning-tree mode rapid-pvst
    !
    interface FastEthernet0/1
    switchport trunk native vlan 99
    switchport mode trunk
    !
    interface FastEthernet0/2
    switchport trunk native vlan 99
    switchport mode trunk
    !
    interface FastEthernet0/3
    switchport trunk native vlan 99
    switchport mode trunk
    !
    interface FastEthernet0/4
    switchport trunk native vlan 99
    switchport mode trunk
    !
    interface FastEthernet0/5
    shutdown
    !
    interface FastEthernet0/6
    switchport access vlan 10
    !
    interface FastEthernet0/7
    switchport access vlan 10
    shutdown
    !
    interface FastEthernet0/8
    switchport access vlan 10
    shutdown
    !
    interface FastEthernet0/9
    switchport access vlan 10
    shutdown
    !
    interface FastEthernet0/10
    switchport access vlan 10
    shutdown
    !
    interface FastEthernet0/11
    switchport access vlan 20
    !
    interface FastEthernet0/12
    switchport access vlan 20
    shutdown
    !
    interface FastEthernet0/13
    switchport access vlan 20
    shutdown
    !
    interface FastEthernet0/14
    switchport access vlan 20
    shutdown
    !
    interface FastEthernet0/15
    switchport access vlan 20
    shutdown
    !
    interface FastEthernet0/16
    switchport access vlan 20
    shutdown
    !
    interface FastEthernet0/17
    switchport access vlan 20
    shutdown
    !
    interface FastEthernet0/18
    switchport access vlan 30
    !
    interface FastEthernet0/19
    switchport access vlan 30
    shutdown
    !
    interface FastEthernet0/20
    switchport access vlan 30
    shutdown
    !
    interface FastEthernet0/21
    switchport access vlan 30
    shutdown
    !
    interface FastEthernet0/22
    switchport access vlan 30
    shutdown
    !
    interface FastEthernet0/23
    switchport access vlan 30
    shutdown
    !
    interface FastEthernet0/24
    switchport access vlan 30
    shutdown
    !
    interface GigabitEthernet1/1
    shutdown
    !
    interface GigabitEthernet1/2
    shutdown
    !
    interface Vlan1
    no ip address
    shutdown
    !
    interface Vlan99
    ip address 172.17.99.12 255.255.255.0
    !
    ip default-gateway 172.17.99.1
    !
    banner motd ^C
    ******************************************************************************** Unauthorized access is prohibited ********************************************************************************^C
    !
    line con 0
    password cisco
    logging synchronous
    login
    !
    line vty 0 4
    password cisco
    login
    line vty 5 15
    password cisco
    login
    !
    !
    end


    S2#
    Switch S3 config
    S3>en
    Password:
    S3#show run
    Building configuration...

    Current configuration : 1941 bytes
    !
    version 12.2
    no service timestamps log datetime msec
    no service timestamps debug datetime msec
    no service password-encryption
    !
    hostname S3
    !
    enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
    !
    no ip domain-lookup
    !
    !
    interface FastEthernet0/1
    switchport trunk native vlan 99
    switchport mode trunk
    !
    interface FastEthernet0/2
    switchport trunk native vlan 99
    switchport mode trunk
    !
    interface FastEthernet0/3
    switchport trunk native vlan 99
    switchport mode trunk
    !
    interface FastEthernet0/4
    switchport trunk native vlan 99
    switchport mode trunk
    !
    interface FastEthernet0/5
    shutdown
    !
    interface FastEthernet0/6
    shutdown
    !
    interface FastEthernet0/7
    shutdown
    !
    interface FastEthernet0/8
    shutdown
    !
    interface FastEthernet0/9
    shutdown
    !
    interface FastEthernet0/10
    shutdown
    !
    interface FastEthernet0/11
    shutdown
    !
    interface FastEthernet0/12
    shutdown
    !
    interface FastEthernet0/13
    shutdown
    !
    interface FastEthernet0/14
    shutdown
    !
    interface FastEthernet0/15
    shutdown
    !
    interface FastEthernet0/16
    shutdown
    !
    interface FastEthernet0/17
    shutdown
    !
    interface FastEthernet0/18
    shutdown
    !
    interface FastEthernet0/19
    shutdown
    !
    interface FastEthernet0/20
    shutdown
    !
    interface FastEthernet0/21
    shutdown
    !
    interface FastEthernet0/22
    shutdown
    !
    interface FastEthernet0/23
    shutdown
    !
    interface FastEthernet0/24
    shutdown
    !
    interface GigabitEthernet1/1
    shutdown
    !
    interface GigabitEthernet1/2
    shutdown
    !
    interface Vlan1
    no ip address
    shutdown
    !
    interface Vlan99
    ip address 172.17.99.13 255.255.255.0
    !
    ip default-gateway 172.17.99.1
    !
    banner motd ^C
    ******************************************************************************** Unauthorized access is prohibited ********************************************************************************^C
    !
    line con 0
    password cisco
    logging synchronous
    login
    !
    line vty 0 4
    password cisco
    login
    line vty 5 15
    password cisco
    login
    !
    !
    end


    S3#
    Router config
    R1#show run
    Building configuration...

    Current configuration : 1050 bytes
    !
    version 12.4
    no service timestamps log datetime msec
    no service timestamps debug datetime msec
    no service password-encryption
    !
    hostname R1
    !
    !
    !
    enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    no ip domain-lookup
    !
    !
    !
    !
    !
    !
    interface FastEthernet0/0
    no ip address
    duplex auto
    speed auto
    shutdown
    !
    interface FastEthernet0/1
    no ip address
    duplex auto
    speed auto
    !
    interface FastEthernet0/1.1
    encapsulation dot1Q 1
    ip address 172.17.1.1 255.255.255.0
    !
    interface FastEthernet0/1.10
    encapsulation dot1Q 10
    ip address 172.17.10.1 255.255.255.0
    !
    interface FastEthernet0/1.20
    encapsulation dot1Q 20
    ip address 172.17.20.1 255.255.255.0
    !
    interface FastEthernet0/1.30
    encapsulation dot1Q 30
    ip address 172.17.30.1 255.255.255.0
    !
    interface FastEthernet0/1.99
    encapsulation dot1Q 99 native
    ip address 172.17.99.1 255.255.255.0
    !
    interface Vlan1
    no ip address
    shutdown
    !
    ip classless
    !
    !
    !
    !
    !
    !
    !
    line con 0
    password cisco
    login
    line vty 0 4
    password cisco
    login
    line vty 5 15
    password cisco
    login
    !
    !
    !
    end


    R1#

    +
    0 Votes
    CG IT

    and native vlan 99?

    for labbing, I would have left the native vlan as 1. used the Gi ports as trunk ports between switches, and used a Gi port on one of the switches as the trunk to the router.

    and did you specify what vlans can access the trunk link? have to put in the switchport trunk vlan allowed "all" command.

    what port on what switch is the trunk port to the router? that port needs the switchport trunk vlan allowed all command to allow all vlans to access the trunk link. note: the trunk link between switches also need the "all" command to allow vlans access to that trunk link which in turn allows access to the trunk link to the router.

    once that works, then you can specify which vlans are allowed, test that....

    what's the route table look like ? CLI router: sh ip route

    you can do a debug on the trunk links and post that.... or do a sh int trunk to show what the trunk links are and what's allowed. [that's on the switches]

    The router needs a route table with your subnets to route between them so when it gets tagged frames from vlans on the trunk link, it knows what to do with them.

    +
    0 Votes
    mudson_gee

    Thank you very much for your concern.
    vlan 99 has been assign as the native vlan:
    interface Vlan99
    ip address 172.17.99.13 255.255.255.0
    !
    ip default-gateway 172.17.99.1

    and about the trunking, what i did is S2 has 3 host attached to it on interface fa0/6(vlan 10, 172.17.30.23), fa0/11(vlan 20 172.17.10.21), fa0/18(vlan 30 172.17.20.22). check the above document config.
    Switch S1 has a trunk interface fa0/1 which i enable the vlan all command on the interface.

    and on the router, i doubt if the problem is not from the inter-vlan routing.

    +
    0 Votes
    CG IT

    the router can't route packets if it doesn't know ...