1.Basic Switch Configuration
2.VTP configuraiton
3.Vlan Router Configuration
4.Inter Vlan Routing
Basic Switch Configuration
ဒီconfiguration အဆင့္မွာဘာေတြပါမလဲဆိုရင္ switch အတြက္ host name,user name,password, enable secret,Telnet (or) SSH အတြက္ Virtual Terminal Line Configuration ေတြပါ၀င္ပါမယ္။
ေအာက္မွာConfiguration ခ်ပံုကိုေရးေပးထားပါတယ္...။
Switch>en
Switch#config t //Entering to Global Configuration Mode
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#host Sw0 //Setting the switch to Host Name
Sw0(config)#username Suse pass abcd //Setting the Username and Password Sw0(config)#enable secret ?
0 Specifies an UNENCRYPTED password will follow
5 Specifies an ENCRYPTED secret will follow
LINE The UNENCRYPTED (cleartext) 'enable' secret
level Set exec level password
Sw0(config)#enable secret sw0 //setting the enable secret
Sw0(config)#line vty 0 10 //Assign the Virtual Terminal Lines
Sw0(config-line)#login local
Switch#config t //Entering to Global Configuration Mode
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#host Sw0 //Setting the switch to Host Name
Sw0(config)#username Suse pass abcd //Setting the Username and Password Sw0(config)#enable secret ?
0 Specifies an UNENCRYPTED password will follow
5 Specifies an ENCRYPTED secret will follow
LINE The UNENCRYPTED (cleartext) 'enable' secret
level Set exec level password
Sw0(config)#enable secret sw0 //setting the enable secret
Sw0(config)#line vty 0 10 //Assign the Virtual Terminal Lines
Sw0(config-line)#login local
က်န္တဲ့ switch နွစ္လံုးသည္လည္းထို႔အတူပဲျဖစ္ပါတယ္။Username,Password နဲ႔ Enable Secret ေတြ သာကြာသြားမွာပါ။ဒါဆိုရင္ေတာ့ Basic Switch Configuration ျပီးျပီလို႔ေျပာလို႔ရပါတယ္။ေနာက္တစ္ခုက VTP နဲ႔ switch port ေတြပါ။switch port ေတြမွာ Access mode ရယ္၊Trunk mode ရယ္ကိုေယဘုယ် အားျဖင့္ႏွစ္မ်ိဳးခြဲနိုင္ပါတယ္။Access Mode Switch Port ေတြကေတ့ာ IP Device(Computer,VOIP Phone,etc..)ေတြကိုခ်ိတ္ဆက္တဲ့ port ေတြျဖစ္ပါတယ္။Trunk Mode Switch Port ေတြကေတာ့ switch to switch (or) switch to Router (or) switch to firewall စသည္ျဖင့္ခ်ိတ္ဆက္တဲ့ Switch Port မ်ား
ျဖစ္ပါတယ္။
VTP configuraiton
VTP ဆိုတာ Vlan Trunking Protocol ျဖစ္ပါတယ္။Switch Port ေတြႀကားမ်ာ Trunking လုပ္ ဖို႔ရန္အသံုးျပဳတာျဖစ္ပါတယ္။Theory အရဆိုရင္ သူ႔ကို Layer 2 messaging protocol လို႔ေခၚဆိုနိုင္ျပီး Vlan ေတြ adding လုပ္တာ Deleting လုပ္တာ modify လုပ္တာေတြကို VTP Server mode ရွိရာ switch ကေနလုပ္ရံုနဲ႔ Client Switch ေတြကို အက်ိဳးသက္ေရာက္မွုရွိေစမွာျဖစ္ပါတယ္။VTP ကိုသာ configure ခ်မထားခဲ့ရင္ အထက္ပါအခ်က္ေတြကို Switch တစ္ခုစီကေန Manual Configure ခ်ေပးရမွာ ပဲျဖစ္ပါတယ္။Topology မွာ switch သံုးခုရွိတဲ့အနက္ Router နဲ႔အနီးဆံုး Switch ကို VTP server mode မွာထား ပါမယ္။က်န္တဲ့နွစ္ခုကိုေတာ့ VTP client mode မွာပဲထားပါမယ္။Default အားျဖင့္ေတာ့ Cisco Catalyst Switch မ်ားဟာ Server Mode ျဖစ္ပါတယ္။VTP ကိုအသံုးျပဳဖုိ႔ရန္ VTP Domain နဲ႔ VTP Password လုိပါတယ္။ဆိုလိုတာကကိုယ့္ ရဲ့ Internal Structure မွာရွိေနတဲ့ Switch မ်ားအားလံုးသည္တူ ညီတဲ့ VTP Domain ေအာက္မွာရွိရမွာျဖစ္ျပီး VTP password လည္းတူရမွာျဖစ္ပါတယ္။Configuration ခ်ပံုကိုေအာက္မွာႀကည့္နုိင္ပါတယ္။
Sw0(config)#vtp mode server //setting vtp mode to server
Device mode already VTP SERVER.
Device mode already VTP SERVER.
Sw0(config)#vtp domain mmuak //setting up vtp domain
Changing VTP domain name from NULL to mmuak
Sw0(config)#vtp pass @@uak //setting up vtp password
Setting device VLAN database password to @@uak
Changing VTP domain name from NULL to mmuak
Sw0(config)#vtp pass @@uak //setting up vtp password
Setting device VLAN database password to @@uak
Sw1(config)#vtp domain mmuak //setting up vtp domain
Domain name already set to mmuak.
Sw1(config)#vtp pass @@uak //setting up vtp password
Setting device VLAN database password to @@uak
Sw1(config)#vtp mode ?
client Set the device to client mode.
server Set the device to server mode.
transparent Set the device to transparent mode.
Sw1(config)#vtp mode client //setting the vtp mode to client
Setting device to VTP CLIENT mode.
Domain name already set to mmuak.
Sw1(config)#vtp pass @@uak //setting up vtp password
Setting device VLAN database password to @@uak
Sw1(config)#vtp mode ?
client Set the device to client mode.
server Set the device to server mode.
transparent Set the device to transparent mode.
Sw1(config)#vtp mode client //setting the vtp mode to client
Setting device to VTP CLIENT mode.
VTP Server နဲ႔ Client ကိုConfigure ခ်လို႔ျပီးသြားပါျပီ။show vtp status ဆိုတဲ့ command ကိုသံုးျပီး VTP ကိုျပန္ႀကည့္နိုင္ပါတယ္။
အေပၚကပံုေလးကေတာ့ VTP Status ကိုျပန္ႀကည့္ထားျခင္းျဖစ္ပါတယ္။အခု Trunk ေတြကုိ Configuration ခ်ဖို႔က်န္ေနပါေသးတယ္။Switch Port ရဲ့ mode မွာ access,dynamic,trunk ေတြရွိတဲ့အ နက္ trunk ကိုေရြးေပးရမွာပါ။Trunk ကို Configuration ခ်ျပီးတာနဲ႔ trunking အတြက္ encapsulation method ကိုပါတစ္ခါတည္း Configure ခ်ေပးရပါမယ္။Cisco Inter Switch Link(ISL),IEEE802.1q Trunking,LAN Emulation Trunking တို႔အနက္မွာ Multi Vendor Support လုပ္တဲ့ IEEE802.1q ကိုပဲ သံုးပါမယ္။ေအာက္မွာ Configuration ခ်ပံုျဖစ္ပါတယ္။
Sw0(config)interface gig0/1
Sw0(config-if)#switchport mode ?
access Set trunking mode to ACCESS unconditionally
dynamic Set trunking mode to dynamically negotiate access or trunk mode
trunk Set trunking mode to TRUNK unconditionally
access Set trunking mode to ACCESS unconditionally
dynamic Set trunking mode to dynamically negotiate access or trunk mode
trunk Set trunking mode to TRUNK unconditionally
Sw0(config-if)#switchport mode trunk
Sw0(config-if)#switchport trunk ?
allowed Set allowed VLAN characteristics when interface is in trunking mode
encapsulation Set trunking encapsulation when interface is in trunking mode
native Set trunking native characteristics when interface is in trunking mode
Sw0(config-if)#switchport trunk encapsulation ?
dot1q Interface uses only 802.1q trunking encapsulation when trunking
Sw0(config-if)#switchport trunk encapsulation dot1q
က်န္တဲ့ Trunking switch port မ်ားကိုလည္းအထက္ပါအတိုင္းပဲ Configuration ခ်ေပးရမွာျဖစ္ပါတယ္။
ေနာက္တစ္ခုကေတာ့ Vlan access port မ်ား Assign လုပ္ရမွာပါ။Topology ပံုထဲကအတိုင္းပဲ Assign လုပ္ပါမယ္။
Sw0(config)#vlan 20 //adding Vlan 20 to switch Sw0
Sw0(config-vlan)#name AA_Department //Naming Vlan 20
Sw0(config-vlan)#exit
Sw0(config)#vlan 30 //adding Vlan 30 to switch Sw0
Sw0(config-vlan)#name BB_Department //Naming Vlan 30
Sw0(config-vlan)#exit
Sw0(config)#vlan 40 //adding Vlan 40 to switch Sw0
Sw0(config-vlan)#name CC_Department //Naming Vlan40
Sw0 switch ဟာ VTP Server ျဖစ္တာေႀကာင့္ အျခား Client switch ေတြကိုပါ အက်ိဳးသက္ေရာက္မႈရွိ မွာျဖစ္ပါတယ္။Sw0 မွာ VLan ေတြကို adding လုပ္လိုက္တာေႀကာင့္ ထို Vlan မ်ားကိုအျခား client switch ေတြျဖစ္တဲ့ Sw1 နဲ႔ Sw2 တို႔မွာပါ Automatic သိသြားမွာပါ။အဲ့ေနာက္မွာ switch အသီးသီးကို Vlan Access Port ေတြ Assign လုပ္ေပးရပါမယ္။Topology Diagram ထဲကအတိုင္း Assign လုပ္ပါ မယ္။
Sw0#config t
Enter configuration commands, one per line. End with CNTL/Z.
Sw0(config)#interface f0/2
Sw0(config-if)#switchport mode access
Sw0(config-if)#switchport access vlan ?
<1-1005> VLAN ID of the VLAN when this port is in access mode
Sw0(config-if)#switchport access vlan 20
Enter configuration commands, one per line. End with CNTL/Z.
Sw0(config)#interface f0/2
Sw0(config-if)#switchport mode access
Sw0(config-if)#switchport access vlan ?
<1-1005> VLAN ID of the VLAN when this port is in access mode
Sw0(config-if)#switchport access vlan 20
Sw0(config-if)#interface f0/3
Sw0(config-if)#switchport mode access
Sw0(config-if)#switchport access vlan 20
Sw0(config-if)#switchport mode access
Sw0(config-if)#switchport access vlan 20
Sw0(config-if)#int range f0/4-5
Sw0(config-if-range)#switchport mode access
Sw0(config-if-range)#switchport access vlan 30
Sw0(config-if-range)#switchport mode access
Sw0(config-if-range)#switchport access vlan 30
Sw0(config-if-range)#int range f0/6-7
Sw0(config-if-range)#switchport mode access
Sw0(config-if-range)#switchport access vlan 40
Sw0(config-if-range)#switchport mode access
Sw0(config-if-range)#switchport access vlan 40
က်န္တဲ့ switch မ်ားမွာရွိတဲ့ switch port မ်ားကိုလည္း အထက္ပါအတိုင္းပဲအသီးသီးသတ္မွတ္ေပးရမွာပါ။ switch ေတြမွာ switch port မ်ားကို Direct IP Address သတ္မွတ္တာမ်ိဳးလုပ္လို႔ရမွာမဟုတ္ပါ။သို႔ရာ တြင္ switch ကို manage လုပ္ရန္(သို႔မဟုတ္) gateway Address သတ္မွတ္ရန္ logical Vlan interface မ်ားကိုေတာ့ IP သတ္မွတ္လို႔ရပါတယ္။ေအာက္ပါအတိုင္းျဖစ္ပါတယ္။
Sw0(config)#int vlan ?
<1-1005> Vlan interface number
<1-1005> Vlan interface number
Sw0(config)#int vlan 1
Sw0(config-if)#ip addr 192.168.0.2 255.255.255.0
Vlan Router Configuration
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname VlanRouter //setting up the host name to Router
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname VlanRouter //setting up the host name to Router
VlanRouter(config)#username Admin password @dmi@
VlanRouter(config)#enable secret @vlan //setting up the enable secret to Router
VlanRouter(config)#line vty 0 10 //setting up the virtual terminal line to Router
VlanRouter(config-line)#login local
VlanRouter(config)#int f0/0 //entering the interface f0/0
VlanRouter(config-if)#no shutdown //doing the interface up
VlanRouter(config-if)#int f0/0.1 //configure the sub-interface for Vlan
VlanRouter(config-if)#encapsulation dot1q 20 //configure encapsulation for Vlan 20
VlanRouter(config-if)#ip addr 192.168.20.1 255.255.255.0 //gate-way for Vlan 20
VlanRouter(config-if)#int f0/0.2 //configure the sub-interface for next Vlan
VlanRouter(config-if)#encapsulation dot1q 30 //configure encapsulation for Vlan 30
VlanRouter(config-if)#ip addr 192.168.30.1 255.255.255.0 //gate-way for Vlan30
VlanRouter(config-if)#int f0/0.3 //configure the sub-interface for next Vlan
VlanRouter(config-if)#encapsulation dot1q 40 //configure encapsulation for Vlan 40
VlanRouter(config-if)#ip address 192.168.40.1 255.255.255.0 //gate-way for Vlan40
VlanRouter(config-if)#int f0/0.4 //configure the sub-interface for native Vlan
VlanRouter(config-if)#encapsulation dot1q 1 //configure the sub-interface for native Vlan
VlanRouter(config-if)#ip address 192.168.0.1 255.255.255.0 //gate-way for native Vlan
အခုဆိုရင္ Vlan တစ္ခုခ်င္းစီအတြက္ Gate-way နဲ႔ Sub-interface ေတြသတ္မွတ္ျပီးပါျပီ။လက္ရွိအေျခေနမွာ host တစ္ခုခ်င္းစီကို static IP ေပးျပီးေတာ့ပဲျဖစ္ေစ၊DHCP နဲ႔ပဲျဖစ္ေစသံုးလို႔ရပါျပီ။သို႔ေသာ္ DHCP အတြက္ Vlan Router မွာထပ္ျပီး Configuration ခ်ေပးရအံုးမွာပါ။ေအာက္မွာေရးေပးထားတဲ့ပံုစံအတုိင္းပါပဲ။
VlanRouter(config)#ip dhcp pool ?
WORD Pool name
VlanRouter(config)#ip dhcp pool Vlan20_DHCP //Pool Name for Vlan 20
VlanRouter(dhcp-config)#network 192.168.20.0 255.255.255.0 //Network for Vlan 20
VlanRouter(dhcp-config)#default-router ?
A.B.C.D Router's IP address
VlanRouter(dhcp-config)#default-router 192.168.20.1 //Default gate-way for Vlan 20
VlanRouter(dhcp-config)#exit
VlanRouter(config)#ip dhcp ?
excluded-address Prevent DHCP from assigning certain addresses
pool Configure DHCP address pools
VlanRouter(config)#ip dhcp exc 192.168.20.1 192.168.20.100 //Excluded-address for Vlan 20
Inter Vlan Routing
က်န္တဲ့ Vlan မ်ားကိုလည္း အထက္ပါအတိုင္း DHCP ကို Configure ခ်ေပးနိုင္ပါတယ္။သို႔မဟုတ္ IP Address မ်ားကို Manual Assign လုပ္ခ်င္လည္းလုပ္နိုင္ပါတယ္။ဒီေနရာမွာ excluded-address ကို 100 လို႔ထားခဲ့တဲ့အ တြက္ DHCP ေတာင္းတဲ့အခ်ိန္မွာ 192.168.20.101 ကေနစျပီးအလုပ္လုပ္မွာျဖစ္ပါတယ္။သို႔ရာတြင္လက္ရွိ အေျခေနထိ Vlan တစ္ခုနဲ႔တစ္ခု Route လုပ္နုိင္ျခင္းမရွိေသးပါ။ထို႔အတြက္ Vlan တစ္ခုနဲ႔တစ္ခု Route နုိင္ ရန္ျပဳလုပ္ေပးရပါအံုးမယ္။ထို႔အတြက္ switch တစ္ခုခ်င္းစီမွာ Default Gate Way ေတြလုိပါတယ္။Default Gate Way ကို Native VLan ထဲမွာပဲထားပါမယ္။
Sw0(config)#int vlan 1 //Native Vlan Interface for Sw0 Switch
Sw0(config-if)#ip addr 192.168.0.2 255.255.255.0 //Native Vlan Interface Address(gate way)
Sw0(config-if)#no shut //doing up Vlan Interface for Sw0 Switch
%LINK-5-CHANGED: Interface Vlan1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
Sw1(config)#int vlan 1 //Native Vlan Interface for Sw1 Switch
Sw1(config-if)#ip addr 192.168.0.3 255.255.255.0 //Native Vlan Interface Address(gate way)
Sw1(config-if)#no shut //doing up Vlan Interface for Sw0 Switch
%LINK-5-CHANGED: Interface Vlan1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
Sw2(config)#int vlan 1 //Native Vlan Interface for Sw0 Switch
Sw2(config-if)#ip addr 192.168.0.4 255.255.255.0 //Native Vlan Interface Address(gate way)
Sw2(config-if)#no shut //doing up Vlan Interface for Sw0 Switch
%LINK-5-CHANGED: Interface Vlan1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up Switch ေတြအတြက္ လိုအပ္တဲ့ Gate way ေတြကိုသတ္မွတ္ေပးျပီးျပီျဖစ္လို႔ Vlan အခ်င္းခ်င္း Route ဖို႔ပဲက်န္ပါေတာ့တယ္။Route တဲ႔ေနရာမွာ အနီးဆံုး switch ရဲ့ gate-way ကိုပဲ Next Host Address အျဖစ္ ယူပါ့မယ္..။ေအာက္ပါ command အတုိင္းပါပဲ။
VlanRouter(config)#ip route 0.0.0.0 0.0.0.0 192.168.0.2 //Route configuration for Inter Vlan Routing
ဒါဆိုရင္ Vlan ခ်င္းခ်င္း Route ႏိုင္ပါျပီ။Vlan Router မွာ Routing Table ရဲ့ Status ကိုေအာက္ပါအတုိင္းျပန္ ႀကည့္နိုင္ပါတယ္။
VlanRouter#sh ip route
Gateway of last resort is 192.168.0.2 to network 0.0.0.0
C 192.168.0.0/24 is directly connected, FastEthernet0/0.4
C 192.168.20.0/24 is directly connected, FastEthernet0/0.1
C 192.168.30.0/24 is directly connected, FastEthernet0/0.2
C 192.168.40.0/24 is directly connected, FastEthernet0/0.3
S* 0.0.0.0/0 [1/0] via 192.168.0.2
Vlan မ်ားကို 192.168.0.2 မွတစ္ဆင့္ Route လုပ္ထားတာကိုေတြ႕ရမွာပါ။ဒါဆိုရင္ေတာ့ InterVlan Routing ပီးပါျပီ။ေနာက္ Access-list ေတြကိုသံုးျပီး ဘယ္ Vlan ကေတာ့ျဖင့္ Internet မသံုးနုိင္ပါ၊Telnet ကို Access မလုပ္ေစခ်င္ပါ၊အျခား Vlan တစ္ခုခုအား Access မလုပ္ေစခ်င္ပါ စသည္ျဖင့္သတ္မွတ္နုိင္ပါတယ္။
ေလးစားစြာျဖင့္
Win Tun Hlaing
