Home Lab Setup for Newbie (Me)

[Uegrotech]

Hello All,

I'm new to the Cisco realm and I was recently inspired by a coworker to dig in and give it a shot. I am by trade an IT Generalist (Jack of all trades - Master of Nada!) I'm sure alot of ya feel that way. Anyway, I picked up a couple of Cisco 3550-12T Switches. I have 2 and I intend to expand my knowledge with eventually obtaining more devices once I learn and become more fluid with the commands and setup of devices. Anyway, I'll be as descript as possible. Assume the device is out of the box and i have only given it an ip of 192.168.0.10 255.255.255.0 - GW 192.168.0.1 (router ip). I want 7 VLANs -
VLAN 10= 192.168.1.1 (Gi0\2-3), Desktops
VLAN 20=192.168.2.1 (Gi0\4), Servers
VLAN 30=192.168.3.1 (Gi0\5),iScsi
VLAN 40=192.168.4.1 (Gi0/6), Wireless access
VLAN 50=192.168.5.1 (Gi0\7), Wireless access
VLAN 60=192.168.6.1(Gi0\8), Printers
VLAN 70=192.168.7.1 (Gi0\9), Powerline
VLAN 80=192.168.8.1 (Gi0\10) Testing other devices

The default vlan1 does not have an IP.
Port Gi0\12 is a trunk\uplink to the second switch (Same model). I want to be able to ping other devices on other vlans/switches and have internet access from each vlan. I want to setup a VTP server and client since I have 2. I also have a Microsoft server with will provide dhcp and dns services (192.168.0.5). I also have been having trouble connecting devices directly. I cannot seem to connect my laptop directly to a port. But I can connect a D-Link switch. I have tried straight through and crossover cables from my laptop, and still the port isn't active. I've also intended to make Gi0\1 my uplink port to the D-Link router. Here is what I have setup so far.


Building configuration...

Current configuration : 4554 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Ironman
!
enable secret #######
enable password ######
!
no aaa new-model
clock timezone CST -6
clock summer-time CDT recurring
ip subnet-zero
ip routing
!
!
!
crypto pki trustpoint TP-self-signed-3202378368
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3202378368
revocation-check none
rsakeypair TP-self-signed-3202378368
!
!
crypto pki certificate chain TP-self-signed-3202378368
certificate self-signed 01
###%%%###%%%
quit
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface GigabitEthernet0/1
description uplink
no switchport
ip address 192.168.0.2 255.255.255.0
spanning-tree portfast
!
interface GigabitEthernet0/2
description DESKTOPS
switchport access vlan 10
switchport mode dynamic desirable
spanning-tree portfast
!
interface GigabitEthernet0/3
description DESKTOPS
switchport access vlan 10
switchport mode dynamic desirable
spanning-tree portfast
!
interface GigabitEthernet0/4
description SERVERS
switchport access vlan 20
switchport mode dynamic desirable
spanning-tree portfast
!
interface GigabitEthernet0/5
description ISCSI
switchport access vlan 30
switchport mode dynamic desirable
spanning-tree portfast
!
interface GigabitEthernet0/6
description WIRELESS
switchport access vlan 40
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/7
description Wireless
switchport access vlan 50
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/8
description Printers
switchport access vlan 60
switchport mode dynamic desirable
spanning-tree portfast
!
interface GigabitEthernet0/9
description POWERLINE
switchport access vlan 70
switchport mode dynamic desirable
spanning-tree portfast
!
interface GigabitEthernet0/10
switchport access vlan 80
switchport mode dynamic desirable
spanning-tree portfast
!
interface GigabitEthernet0/11
switchport mode dynamic desirable
!
interface GigabitEthernet0/12
description VTP
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.1.1 255.255.255.0
ip helper-address 192.168.0.5
!
interface Vlan20
ip address 192.168.2.1 255.255.255.0
ip helper-address 192.168.0.5
!
interface Vlan30
ip address 192.168.3.1 255.255.255.0
ip helper-address 192.168.0.5
!
interface Vlan40
ip address 192.168.4.1 255.255.255.0
ip helper-address 192.168.0.5
!
interface Vlan50
ip address 192.168.5.1 255.255.255.0
ip helper-address 192.168.0.5
!
interface Vlan60
ip address 192.168.6.1 255.255.255.0
ip helper-address 192.168.0.5
!
interface Vlan70
ip address 192.168.7.1 255.255.255.0
ip helper-address 192.168.0.5
!
interface Vlan80
ip address 192.168.8.1 255.255.255.0
ip helper-address 192.168.0.5
!
ip default-gateway 192.168.0.1
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip http server
ip http secure-server
!
!
!
control-plane
!
!
line con 0
line vty 0 4
password ######
login
line vty 5 15
password #####
login
!
end







What am I missing? Do I have too much? I've only been doing this for about a month, so be easy on me.

 

[Viconsul]

Hi,

Could you post the output of

show ver

on the two switches?

-Viconsul

 

[Uegrotech]

Cisco IOS Software, C3550 Software (C3550-IPSERVICESK9-M), Version 12.2(44)SE6, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Mon 09-Mar-09 20:28 by gereddy
Image text-base: 0x00003000, data-base: 0x012A99FC

ROM: Bootstrap program is C3550 boot loader

Spiderman uptime is 2 minutes
System returned to ROM by power-on
System image file is "flash:c3550-ipservicesk9-mz.122-44.SE6/c3550-ipservicesk9-mz.122-44.SE6.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco WS-C3550-12T (PowerPC) processor (revision A0) with 65526K/8192K bytes of memory.
Processor board ID FAA0603S01M
Last reset from warm-reset
Running Layer2/3 Switching Image

Ethernet-controller 1 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 2 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 3 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 4 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 5 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 6 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 7 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 8 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 9 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 10 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 11 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 12 has 1 Gigabit Ethernet/IEEE 802.3 interface

12 Gigabit Ethernet interfaces

The password-recovery mechanism is enabled.
384K bytes of flash-simulated NVRAM.
Base ethernet MAC Address: 00:08:7C:3D:95:80
Motherboard assembly number: 73-5527-11
Power supply part number: NONE
Motherboard serial number: FAA0503KFYK
Power supply serial number: DAB055003T2
Model revision number: A0
Model number: WS-C3550-12T
System serial number: FAA0603S01M
Configuration register is 0x10F


and




Cisco IOS Software, C3550 Software (C3550-IPSERVICESK9-M), Version 12.2(44)SE6, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Mon 09-Mar-09 20:28 by gereddy
Image text-base: 0x00003000, data-base: 0x012A99FC

ROM: Bootstrap program is C3550 boot loader

Ironman uptime is 5 minutes
System returned to ROM by power-on
System image file is "flash:c3550-ipservicesk9-mz.122-44.SE6/c3550-ipservicesk9-mz.122-44.SE6.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco WS-C3550-12T (PowerPC) processor (revision L0) with 65526K/8192K bytes of memory.
Processor board ID CHK0653W02Q
Last reset from warm-reset
Running Layer2/3 Switching Image

Ethernet-controller 1 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 2 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 3 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 4 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 5 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 6 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 7 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 8 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 9 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 10 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 11 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 12 has 1 Gigabit Ethernet/IEEE 802.3 interface

12 Gigabit Ethernet interfaces

The password-recovery mechanism is enabled.
384K bytes of flash-simulated NVRAM.
Base ethernet MAC Address: 00:0B:BE:E0:6A:80
Motherboard assembly number: 73-5527-15
Power supply part number: 34-0967-01
Motherboard serial number: CAT06520EHM
Power supply serial number: DCA065139TU
Model revision number: L0
Motherboard revision number: A0
Model number: WS-C3550-12T
System serial number: CHK0653W02Q
Configuration register is 0x10F

 

[gm85]

Hi Uegrotech,
Let's break this down in to separate sections. The 3550-12T is a great device to get you started with L3 switching.

I want to be able to ping other devices on other vlans/switches and have internet access from each vlan.

You have the basics in there, which is good. I see you have created interfaces for each vlan. Along with defining the interfaces, have you created each vlan? Issue the command "show vlan" and see if VLANs 10-80 appear. If not, go back to config mode and issue:

vlan 10
 name desktops
vlan 20
 name servers

etc.

I want to setup a VTP server and client since I have 2.

This can be done with the commands:

vtp version 2
vtp mode server
vtp doman <issue a string for the vtp domain name>

on one switch

vtp version 2
vtp mode client
vtp doman <issue a string for the vtp domain name>

on the other switch. The VTP client will take a copy of the vlan database from the VTP server whenever are changes are made.

I also have a Microsoft server with will provide dhcp and dns services (192.168.0.5).

You have the ip helper-address in place, which is all you need as long as there is connectivity.

I also have been having trouble connecting devices directly.
I cannot seem to connect my laptop directly to a port. But I can connect a D-Link switch.
I have tried straight through and crossover cables from my laptop, and still the port isn't active.

Is a link being established? (Port LED turns green)? Ports 1-10 are 10/100/1000 and Ports 11/12 are 1000 Only (due to the GIBCs). The 3550, however is non auto-negotiate, so you need to use the right cable if attaching to a computer or another switch (that doesn't support auto-negotiate).

I'd also recommend changing (for the time being) the dynamic ports to access ports by using the command switchport mode access on 2,3,4,5,8,9,10

If you are finding you are receiving a link, but not obtaining an address, this may be due to the routing you have on your d-link router. The 3550 has a routed interface to 192.168.0.0, however devices on that subnet may not know how to route back to the switch. Since the computers on the 192.168.0.0 network use the d-link (192.168.0.1) as the default gateway, the d-link, needs to know of a route to the other networks. Have you created a static-route on the d-link router for 192.168.1.0 - 192.168.8.0 to use 192.168.0.10 as the next hop?

You can look at using a routing protocol down the road, but a static route would be best just to get it up and running.

Have you also tried issuing a static IP to a computer attached to the switch? that way you can make sure the basic connectivity is working (outside of the DHCP server, Helper address, and routing from the 192.168.0.0 network).

 

[Uegrotech]

Thank you ahead. Now back to business... I resolved the issue about my laptop not connecting. I changed the configuration of my Ethernet adapter . I changed the duplex to of the adapter to full 100. Now it connects just fine and i can ping the other vlan ip's. I used a desktop and programmed a static ip of 192.168.0.1 to it. i can ping that from the laptop. i also have a device attached to the 192.168.6.1 vlan. i gave that an ip of 192.168.6.10. i can ping that from the laptop too.

now the problem is, when i attach the D-link router (DIR 825) via the LAN side, i cannot pint 192.168.0.1. Do i have to flush the switch of MAC info somehow. When i plug in the desktop again, i can ping that all day long. DHCP hasnt worked yet, but one problem at a time. Also i changed the ports to access ports. I'm not sure how to create a static route on the Dlink. The router only offers routing with the WAN interface.

what sorta routing protocol should i consider enabling? and how?

 

[gm85]

It COULD be the ARP table, but it most likely is due to the route not existing on the D-Link back to the other networks. You can clear the ARP table by using the command clear arp.

I took a look at the manual for your D-Link router and on the router's web interface, and you want to go to the Advanced > Routing page.

Create a static route with the following information:
Destination IP: 192.168.6.0
Netmask: 255.255.255.0
Gateway: 192.168.0.10
Metric: 1
Interface: LAN

Test from the 192.168.6.x network and see if you can ping the router and ping the internet. If it works, change the route to the following specifications:

Destination IP: 192.168.0.0
Netmask: 255.255.0.0
Gateway: 192.168.0.10
Metric: 1
Interface: LAN

This will route all data to 192.168.x.x to the switch. The exception is any traffic to 192.168.0.0 network since the router automatically has a route in it's routing table to indicate it is directly connected to that network.

(Routing Tables with overlapping subnets route using the most-specific routing entry used. That's why the 0.0.0.0 0.0.0.0 is considered the default route, as it is the most-broad route and picked last.)

 

[gm85]

As a follow-up, It looks like the DIR-825 does not allow routes to the LAN interface, so you probably won't be able to use it to pass traffic to your switch.

I wonder if there is a custom firmware for the router that would allow it to be configured.

The D-Link also doesn't offer any dynamic routing protocols (like RIP).

 

[gm85]

And one final thing: I found this site that said while you can't use the GUI, you can still pass it in through a URL:

http://jk0.org/2010/08/27/d-link-dir-825-static-routes/

So try logging into the router. Paste this line for the static route to 192.168.6.0/24

http://192.168.0.1/Advanced/Routing.shtmlconfig.route_table

[0].enabled=true&config.route_table[0].used=1&config.route_table[0].entry_name=Cisco&config.route_table[0].dest_ip=192.168.6.0&config.route_table[0].metric=1&config.route_table[0].dlink=LAN&config.route_table[0].subnet=255.255.255.0&config.route_table[0].gw=192.168.0.10

If that works, try pasting this line for changing the static route to 192.168.0.0/16

http://192.168.0.1/Advanced/Routing.shtmlconfig.route_table

[0].enabled=true&config.route_table[0].used=1&config.route_table[0].entry_name=Cisco&config.route_table[0].dest_ip=192.168.0.0&config.route_table[0].metric=1&config.route_table[0].dlink=LAN&config.route_table[0].subnet=255.255.0.0&config.route_table[0].gw=192.168.0.10

 

[Uegrotech]

Thank you folks, once again. I've been humbled! I will give this a shot and let you know of the results. In the meantime, I've been contemplating replacing my wireless router with cisco components and just go all out on a cisco lab. With the things i'm learning to do and with the help of people like you folks, I feel inspired to learn more. I do have some criteria that i must maintain in regards to lab equipment being incorporated into my home usage. One thing for sure, I gotta keep it at least gigabit speed. I've invested quite a bit into maintaining that for wired devices. So, I was thinking of things I would like;
1. Cisco Router with gigabit LAN side
2. Maybe a Cisco wireless router
3. A cisco access point
4. an ASA device
5. If you have an ASA device, do you need a Pix

Can Y'all reccommend some models I can pick up on Ebay for cheap - not wealthy here. oh, as far as the router\wireless router, the wan side needs to connect either usb or ethernet (cable modem).

 

[Uegrotech]

Well, I tried to program my router and it did not work. It would reset my connection and nothing would show up on the Advanced networking page of the dlink. This is a DLINK 825 version A1. none of the ddrt softwares work with this version, but it does the later versions. So off to cisco device shopping. Dang!

any suggestions?

 

[gm85]

There are a couple options available.

For the cheap / value side, you could look at an 871w, 1811 or an 1841.

You could probably get the 1841 for a good price. These devices are the past-generation, so you'll probably max out at about 40mbps between the Lan and Internet (with services enabled).
If you were to look at the 1841, you could also get the HWIC-AP later on and add wireless to the device. If you find a good auction, you could probably pick up an 871w or 1841 for under $100. These devices have Fast Ethernet ports.
The 1841 does not have built-in switch and you would most likely do your switching with the 3550, however you could always add a HWIC-4ESW if you REALLY wanted a built-in switch on the router.

If you want something a little more powerful, you could go with a 3825. You will be looking around $230 - $250, however the device has 2 gigabit ports and can handle anything a residential connection throws at it. You can also add the HWIC-AP and HWIC-4ESW to the device too.

If you were to get a dedicated router, I'd recommend placing your 192.168.0.0 network on a VLAN on the switch so you can get gigabit switching between that network and your other VLANS.

 

[Uegrotech]

well I did some uber shopping and found a 3825 for $113.00. picked up an empty Cisco lab rack for $30.00. also ordered some ears/tabs for the devices. and i found a local guy selling a linksys e1200 for $25.00. That one maybe be steep in comparison to the cisco router, but i got it today, and the rest will be coming over the week.

tomorrow I will load the static routing entries. In the meantime, can you tell me what version and type of bin file should I download from cisco for the router? I plan to update it if possible/necessary.

 

[Uegrotech]

Cant sleep. I tried it with the Linksys. It works, but this was until i get the real router. Might as well learn how to program one of those.... Yahoooooo.