Guest

Cisco Catalyst G-L3 Series Switches

Catalyst 2948G-L3 Sample Configurations - Single VLAN, Multi-VLAN, and Multi-VLAN Distribution Layer Connecting to Network Core

Cisco - Catalyst 2948G-L3 Sample Configurations - Single VLAN, Multi-VLAN, and Multi-VLAN Distribution Layer Connecting to Network Core

Document ID: 12020

Updated: Aug 30, 2005

   Print

Introduction

This document provides three sample configurations for the Catalyst 2948G-L3. The configurations are a single-VLAN network, a multi-VLAN network, and a multi-VLAN distribution layer connection to a network core. Each configuration section contains an example topology and explains the creation of the example networks. Additionally, a companion document is available that provides each configuration in its entirety for your review.

Prerequisites

Requirements

There are no specific prerequisites for this document.

Components Used

These switches were used, in a lab environment with cleared configurations, in order to create the examples in this document:

  • Catalyst 2948G-L3 switch-router running Cisco IOS® 12.0(18)W5(22b) software

  • Other Catalyst switches:

    • Catalyst 2900 XL and 3500 XL switches running 12.0(5)WC7 software

    • Catalyst 2948G and 6500 switches running Catalyst OS 7.6(1) software

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

For more information on document conventions, refer to the Cisco Technical Tips Conventions.

Background Information

Consider this information about the Catalyst 2948G-L3 switch:

  • From a configuration standpoint, the Catalyst 2948G-L3 is a router that runs Cisco IOS, and all interfaces are routed interfaces by default.

  • The Catalyst 2948G-L3 does not extend your VLANs. Rather, this switch-router terminates VLANs on a routed interface unless bridging is configured. Bridging interfaces allows you to extend VLANs on the routed interfaces.

  • The Catalyst 2948G-L3 does not support several Layer 2-oriented protocols, such as VTP, DTP, and PAgP, found on other Catalyst switches.

  • Release 12.0(7)W5(15d) and earlier of the Catalyst 2948G-L3 does not support:

    • Data-plane (security) Access-Control Lists (ACLs) on any interfaces. User data traffic cannot be restricted with input or output access lists on the router interfaces—ACLs on the Gigabit Ethernet interfaces are now supported in release 12.0(10)W5(18e).

    • Bridging on 802.1q subinterfaces—Bridging on 802.1q subinterfaces is now supported in release 12.0(10)W5(18e).

    • AppleTalk routing.

    • Port snooping, which is also known as SPAN, port mirroring, promiscuous mode.

Because the Catalyst 2948G-L3 switch does not support bridging on IEEE 802.1q subinterfaces in IOS® release 12.0(7)W5(15d), you cannot bridge a single IP subnet across VLAN 1 in this example, as on ISL subinterfaces in Example 2). Therefore, management for the Catalyst 2948G-L3 is through any IP interface on the switch, while management for the Catalyst 2948G switches is on one of the user VLAN subnets rather than on VLAN 1.

In general, it is not recommended that you put the sc0 management interface in a user VLAN. However, an exception is made in this example because the Catalyst 2948G-L3 does not support bridging on 802.1q subinterfaces in the IOS release used in this example. This exception is also appropriate because the user subnets are relatively small; each subnet contains no more than 126 host addresses.

The configurations on all devices were cleared with the clear config all and write erase commands in order to ensure that there is a default configuration.

General Configuration Tasks

On the Catalyst switches running Cisco IOS such as the Catalyst 2948G-L3, Catalyst 2900 XL, and Catalyst 3500 XL switches, this basic configuration must be applied to each switch:

Router#calendar set 18:00:00 Aug 1 2003
Router#clock set 18:00:00 Aug 1 2003
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname 2948G-L3
2948G-L3(config)#clock timezone PST -8
2948G-L3(config)#clock calendar-valid
2948G-L3(config)#service timestamps log datetime localtime msec
2948G-L3(config)#service timestamps debug datetime localtime msec
2948G-L3(config)#enable secret <password>
2948G-L3(config)#line vty 0 4
2948G-L3(config-line)#password <password>
2948G-L3(config-line)#exit
2948G-L3(config)#no logging console
2948G-L3(config)#^Z
2948G-L3#

Note: 

  • The calendar set command sets the time and date on the switch's internal calendar chip (this command does not apply to the Catalyst 2900 XL and Catalyst 3500 XL switches).

  • The clock set command sets the time and date for the switch clock.

  • The hostname command sets the host name for the switch.

  • The clock calendar-valid command tells the switch to set the clock date and time with the date and time stored in the calendar chip at the next reload (this command does not apply to the Catalyst 2900 XL and Catalyst 3500 XL switches).

  • The service timestamps log datetime localtime msec and the service timestamps debug datetime localtime msec commands aid in management and help you troubleshoot because these commands timestamp syslog and debug output with the current date and time (to the millisecond).

  • The enable secret <password> command defines a password in order to enter privileged mode on the switch. The enable secret command uses a one-way cryptographic MD5 hashing function which is encrypted when a show running-config is used.

  • The line vty 0 4 command enters into line configuration mode so you can define a password for incoming Telnet sessions on the virtual terminal (vty) lines.

  • The password command defines a password in order to enter normal mode on the switch through a Telnet session on the vty lines.

  • The no logging console command prevents syslog messages on the terminal console. The command is used in these examples in order to simplify the screen captures.

On CatOS switches, such as the Catalyst 2948G and the Catalyst 6506, this basic configuration must be applied to each switch:

Console> (enable) set time 09/01/03 18:00:00
Mon Sep 1 2003, 18:00:00
Console> (enable) set system name 2948G-01
System name set.
2948G-01> (enable) set system location <location>
System location set.
2948G-01> (enable) set system contact sysadmin@corp.com
System contact set.
2948G-01> (enable) set logging console disable
System logging messages will not be sent to the console.
2948G-01> (enable) set password
Enter old password:
Enter new password:
Retype new password:
Password changed.
2948G-01> (enable) set enablepass
Enter old password:
Enter new password:
Retype new password:
Password changed.
2948G-01> (enable)
  • The set time command sets the date and time on the switch.

  • The set system commands specify information about the switch, such as name, location, and contact.

  • The set logging console disable command prevents syslog messages on the terminal console. The command is used in these examples in order to simplify the screen captures.

  • The set password command defines a password for incoming Telnet sessions on the switch.

  • The set enablepass command defines a password in order to enter privileged mode on the switch.

Example 1: Single VLAN Network

In this example, the Catalyst 2948G-L3 is deployed as a second switch in an existing single-VLAN network. The network already consists of workstations and a server connected to a Catalyst 3548 XL. The Catalyst 2948G-L3 was purchased in order to allow the company to eventually migrate to a routed network with multiple VLANs (see Example 2).

This configuration is applied to the switches:

  • IP addresses are assigned to the switches for management.

  • The switches are connected with a two-port Gigabit EtherChannel link.

  • All interfaces on the Catalyst 2948G-L3 are assigned to a single bridge-group.

  • End hosts and servers are attached to the Fast Ethernet ports on the Catalyst 3548 XL and the Catalyst 2948G-L3.

  • Spanning-tree is disabled on all interfaces of the Catalyst 2948G-L3 with end-stations attached.

  • Spanning-tree portfast is enabled on all ports of the Catalyst 3548 XL that you plan to connect to an end station..

  • End hosts and servers are all in a single IP subnet (10.1.1.0/24).

Single VLAN Network Diagram

29-30a.gif

Configure the Switches for Management

This output shows how to configure IP addresses on the Catalyst 3548 XL for management purposes. Later in this example, a Bridge Virtual Interface (BVI) is configured on the Catalyst 2948G-L3 in order to allow Telnet access.

On the Catalyst 3548 XL:

3548XL#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
3548XL(config)#interface vlan 1
3548XL(config-if)#ip address 10.1.1.2 255.255.255.0
3548XL(config-if)#management

!--- The management command specifies that the VLAN 1 interface be the 
! --- active management interface for the switch. 

3548XL(config-if)#^Z
3548XL#

Configure the Gigabit EtherChannel

This output shows how to configure the Gigabit Ethernet interfaces on the Catalyst 2948G-L3 and the Catalyst 3548 XL in order to form a Gigabit EtherChannel link between the two devices:

On the Catalyst 2948G-L3:

2948G-L3#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
2948G-L3(config)#interface port-channel 1

! --- The interface port-channel 1 command creates a logical 
interface for the Gigabit EtherChannel.

2948G-L3(config-if)#exit
2948G-L3(config)#interface gig 49
2948G-L3(config-if)#no shutdown
2948G-L3(config-if)#no negotiation auto

!--- The no negotiation auto command turns off port negotiation 
on the Gigabit Ethernet interfaces.
!--- This is required in order to connectto the Catalyst 2900 XL and 3500 XL switches. 

2948G-L3(config-if)#channel-group 1

!--- The channel-group 1 command adds the physical Gigabit Ethernet 
interface to the logical port channel interface. 
!--- The port channel interface number and the channel group number must match. 
In this example both are "1".

2948G-L3(config-if)#exit
2948G-L3(config)#interface gig 50
2948G-L3(config-if)#no shutdown
2948G-L3(config-if)#no negotiation auto
2948G-L3(config-if)#channel-group 1
2948G-L3(config-if)#^Z
2948G-L3#

You can verify the configuration with the show interface port-channel # command:

2948G-L3#show interface port-channel 1
Port-channel1 is up, line protocol is up
  Hardware is GEChannel, address is 0030.40d6.4107 (bia 0000.0000.0000)
  MTU 1500 bytes, BW 2000000 Kbit, DLY 10 usec, rely 255/255, load 1/255
  Encapsulation ARPA, loopback not set, keepalive set (10 sec)
  Half-duplex, Unknown Speed, Media type unknown, Force link-up
  ARP type: ARPA, ARP Timeout 04:00:00
    No. of active members in this channel: 2
        Member 0 : GigabitEthernet49
        Member 1 : GigabitEthernet50
  Last input 00:00:57, output never, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/300, 0 drops
  5 minute input rate 329000 bits/sec, 151 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     168606 packets input, 46372552 bytes, 0 no buffer
     Received 2 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 watchdog, 0 multicast
     0 input packets with dribble condition detected
     164 packets output, 62046 bytes, 0 underruns(0/0/0)
     0 output errors, 0 collisions, 0 interface resets
     0 babbles, 0 late collision, 0 deferred
 
2948G-L3#

On the Catalyst 3548 XL:

3548XL#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
3548XL(config)#interface gig 0/1
3548XL(config-if)#no negotiation auto

!--- The no negotiation auto command turns off 
port negotiation on the Gigabit Ethernet interfaces. 

3548XL(config-if)#port group 1

!--- The port group 1 command adds the physical 
Gigabit Ethernet interface to the port group 1. 

3548XL(config-if)#exit
3548XL(config)#interface gig 0/2
3548XL(config-if)#no negotiation auto
3548XL(config-if)#port group 1
3548XL(config-if)#^Z
3548XL#

You can verify the configuration with the show port group command:

3548XL#show port group
Group  Interface              Transmit Distribution
-----  ---------------------  ---------------------
    1  GigabitEthernet0/1     source address
    1  GigabitEthernet0/2     source address
3500xl-servers#

Configure Bridging

This output shows how to configure the Catalyst 2948G-L3 for bridging.

  • All of the Fast Ethernet interfaces are assigned to a single bridge-group.

  • Spanning tree is disabled in order to prevent various end-station startup issues.

  • The logical port-channel interface is assigned to the bridge-group on the Catalyst 2948G-L3. If you assign the bridge-group to the port-channel interface, VLAN 1 traffic on the 3548 XL can pass to the 2948G-L3 bridged interfaces.

  • Integrated Routing & Bridging (IRB) is enabled and a Bridge Virtual Interface (BVI) is configured to allow Telnet access to the Catalyst 2948G-L3.

Note: Disabling spanning-tree on a bridged router interface is not the same as enabling spanning-tree portfast on a switch port. The router does not block the port if BPDUs are received from a switch or bridge mistakenly connected to the interface. Be careful to connect only workstations or other end-hosts to interfaces with spanning tree disabled. Do not disable spanning tree on the port if you plan to connect a hub or switch to the port.

2948G-L3#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
2948G-L3(config)#bridge irb

!--- The bridge irb command enables Integrated Routing & Bridging on the router,
!---  which allows you to configure a BVI interface.

2948G-L3(config)#bridge 1 protocol ieee

!--- The bridge 1 protocol ieee command enables bridging with the IEEE 
!--- 802.1d spanning-tree protocol.

2948G-L3(config)#bridge 1 route ip

!--- The bridge number route ip command configures an IP address on the BVI
!--- so you can Telnet into the router.
 
2948G-L3(config)#interface bvi 1 
2948G-L3(config-if)#ip address 10.1.1.1 255.255.255.0
2948G-L3(config-if)#exit
2948G-L3(config)#interface fast 1
2948G-L3(config-if)#no shutdown
2948G-L3(config-if)#bridge-group 1

!--- The bridge-group 1 command adds the Fast Ethernet and port-channel 
interfaces to bridge group 1.

2948G-L3(config-if)#bridge-group 1 spanning-disabled

!--- The bridge-group 1 spanning-disabled command disables spanning tree 
on the Fast Ethernet interfaces.

2948G-L3(config-if)#exit
2948G-L3(config)#interface fast 2
2948G-L3(config-if)#no shutdown
2948G-L3(config-if)#bridge-group 1
2948G-L3(config-if)#bridge-group 1 spanning-disabled

. . .

2948G-L3(config)#interface fast 48
2948G-L3(config-if)#no shutdown
2948G-L3(config-if)#bridge-group 1
2948G-L3(config-if)#bridge-group 1 spanning-disabled
2948G-L3(config-if)#exit
2948G-L3(config)#interface port-channel 1
2948G-L3(config-if)#bridge-group 1
2948G-L3(config-if)#^Z
2948G-L3#

You can verify the configuration with these commands:

  • show bridge group—shows information on the interfaces in the bridge group.

  • show spanning-tree—shows spanning-tree configuration and state information.

2948G-L3#show bridge group

Bridge Group 1 is running the IEEE compatible Spanning Tree protocol

   Port 4 (FastEthernet1) of bridge group 1 is forwarding
   Port 5 (FastEthernet2) of bridge group 1 is forwarding
   Port 6 (FastEthernet3) of bridge group 1 is down

. . .

   Port 51 (FastEthernet48) of bridge group 1 is forwarding
   Port 54 (Port-channel1) of bridge group 1 is forwarding

2948G-L3#show spanning-tree

 Bridge group 1 is executing the IEEE compatible Spanning Tree protocol
  Bridge Identifier has priority 32768, address 0030.40d6.4007
  Configured hello time 2, max age 20, forward delay 15
  We are the root of the spanning tree
  Topology change flag not set, detected flag not set
  Times:  hold 1, topology change 35, notification 2
          hello 2, max age 20, forward delay 15
  Timers: hello 1, topology change 0, notification 0
  bridge aging time 300

Port 4 (FastEthernet1) of Bridge group 1 is disabled
   Port path cost 19, Port priority 128
   Designated root has priority 32768, address 0030.40d6.4007
   Designated bridge has priority 32768, address 0030.40d6.4007
   Designated port is 4, path cost 0
   Timers: message age 0, forward delay 0, hold 0
   BPDU: sent 0, received 0
   
. . .
 
Port 55 (Port-channel1) of Bridge group 1 is forwarding
   Port path cost 3, Port priority 128
   Designated root has priority 32768, address 0030.40d6.4007
   Designated bridge has priority 32768, address 0030.40d6.4007
   Designated port is 55, path cost 0
   Timers: message age 0, forward delay 0, hold 0
   BPDU: sent 1000, received 0

 2948G-L3#

Configure End-Station Ports

Now, spanning-tree portfast is enabled on the ports on the Catalyst 3548 XL:

3548XL#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
3548XL(config)#interface fast 0/1
3548XL(config-if)#spanning-tree portfast
3548XL(config-if)#exit
3548XL(config)#interface fast 0/2
3548XL(config-if)#spanning-tree portfast

. . .

3548XL(config)#interface fast 0/48          
3548XL(config-if)#spanning-tree portfast
3548XL(config-if)#^Z
3548XL#

You can verify the configuration with the show spanning-tree interface command:

3548XL#show spanning-tree interface fast 0/1
Interface Fa0/1 (port 13) in Spanning tree 1 is FORWARDING
   Port path cost 100, Port priority 128
   Designated root has priority 32768, address 00d0.5868.eb81
   Designated bridge has priority 32768, address 00d0.5868.eb81
   Designated port is 13, path cost 0
   Timers: message age 0, forward delay 0, hold 0
   BPDU: sent 0, received 0
   The port is in the portfast mode
3548XL#

Save the Switch Configurations

Make sure you save the running configuration to NVRAM (startup configuration) on all switches so that the configuration is retained across a reload.

On the Catalyst 2948G-L3:

2948G-L3#copy running-config startup-config
Destination filename [startup-config]? 
Building configuration...
[OK]
2948G-L3#

On the Catalyst 3548 XL:

3548XL#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...

3548XL#

Full Device Configurations

The full configurations for the devices used in Example 1.

Example 2: Multi-VLAN Network

In this example, the Catalyst 2948G-L3 is deployed as an inter-VLAN router in a network composed of several other switches, which include a Catalyst 3548 XL, a Catalyst 3512 XL, and a Catalyst 2924 XL.

The network consists of four VLANs and IP subnets, as well as a fifth IP subnet used for end-hosts attached to the bridged interfaces on the Catalyst 2948G-L3.

End-stations are attached to the Catalyst 2948G-L3, the Catalyst 3548 XL, and the Catalyst 2924 XL switches. Servers are connected to the Catalyst 3512 XL.

This configuration is applied to the switches:

  • IP addresses and default gateways are assigned to the switches for management.

  • The Catalyst 2948G-L3 and Catalyst 3512 XL switches are connected with a two-port Gigabit EtherChannel link.

  • The Catalyst 2948G-L3 and Catalyst 3548 XL switches are connected with a four-port Fast EtherChannel link.

  • The Catalyst 2948G-L3 and Catalyst 2924 XL switches are connected with a single Fast Ethernet link.

  • All switch-to-switch connections are configured as ISL trunks.

  • VLAN 1 traffic is bridged throughout the network, so that management for all switches occurs on a single IP subnet (subnet 10.1.1.0/24).

  • Interface FastEthernet 1 through 43 on the Catalyst 2948G-L3 are assigned to a single bridge-group for end-station connections with IP subnet 10.200.200.0/24.

  • Spanning-tree is disabled on all interfaces of the Catalyst 2948G-L3, with end-stations attached.

  • Interface FastEthernet 0/1 through 0/24 on the Catalyst 3548 XL switch belong to VLAN 10 (10.10.10.0/24).

  • Interface fast 0/25 through fast 0/44 on the Catalyst 3548 XL switch belong to VLAN 20 (10.20.20.0/24).

  • All Fast Ethernet interfaces on the Catalyst 2924 XL switch belong to VLAN 30 (10.30.30.0/24).

  • All Fast Ethernet interfaces on the Catalyst 3512 XL switch belong to VLAN 100 (10.100.100.0/24).

  • Spanning-tree portfast is enabled on all interfaces of the Catalyst 3548 XL, Catalyst 3512 XL, and Catalyst 2924 XL switches.

Multi-VLAN Network Diagram

29-30b.gif

Configure the Switches for Management

On the Catalyst 3512 XL, 3548 XL, and 2924 XL switches, the VLAN 1 management interface is defined and an IP address and default gateway are assigned.

On the Catalyst 2948G-L3, the BVI interface in the 10.1.1.0/24 subnet, configured later in this example, is used as the management IP interface.

On the Catalyst 3512 XL:

3512XL#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
3512XL(config)#interface vlan 1
3512XL(config-if)#ip address 10.1.1.2 255.255.255.0
3512XL(config-if)#management
3512XL(config-if)#exit
3512XL(config)#ip default-gateway 10.1.1.1

!--- The ip default-gateway command defines the default gateway IP address 
!--- for the IP management protocol stack on the switch.

3512XL(config)#^Z
3512XL#

Note: The IP address used for the default gateway is 10.1.1.1. This is the IP address of the BVI interface that is used as the management VLAN for all switches (configured later in this example) on the Catalyst 2948G-L3 switch.

On the Catalyst 3548 XL:

3548XL#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
3548XL(config)#interface vlan 1
3548XL(config-if)#ip address 10.1.1.3 255.255.255.0
3548XL(config-if)#management
3548XL(config-if)#exit
3548XL(config)#ip default-gateway 10.1.1.1
3548XL(config)#^Z
3548XL#

On the Catalyst 2924 XL:

2924XL#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
2924XL(config)#interface vlan 1
2924XL(config-if)#ip address 10.1.1.4 255.255.255.0
2924XL(config-if)#management
2924XL(config-if)#exit
2924XL(config)#ip default-gateway 10.1.1.1
2924XL(config)#^Z
2924XL#

Configure VLANs

In this example, the three XL switches are configured in VTP transparent mode because a VTP domain cannot be extended across the Catalyst 2948G-L3.

On the Catalyst 3512 XL:

3512XL#vlan database
3512XL(vlan)#vtp transparent
Setting device to VTP TRANSPARENT mode.
3512XL(vlan)#vlan 100 name Server-Farm
VLAN 100 added:
    Name: Server-Farm
3512XL(vlan)#exit
APPLY completed.
Exiting....
3512XL#

You can verify the VLAN configuration with the show vtp status and the show vlan commands:

3512XL#show vtp status
VTP Version                     : 2
Configuration Revision          : 0
Maximum VLANs supported locally : 254
Number of existing VLANs        : 6
VTP Operating Mode              : Transparent
VTP Domain Name                 :
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0xF8 0x7C 0x75 0x25 0x01 0x2A 0x92 0x72
Configuration last modified by 0.0.0.0 at 3-1-93 00:01:25
3512XL#show vlan
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4,
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8,
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12,
                                                Gi0/1, Gi0/2
100  Server-Farm                      active
1002 fddi-default                     active
1003 token-ring-default               active
1004 fddinet-default                  active
1005 trnet-default                    active

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        1002   1003
100  enet  100100     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        1      1003
1003 tr    101003     1500  1005   0      -        -    srb      1      1002
1004 fdnet 101004     1500  -      -      1        ibm  -        0      0
1005 trnet 101005     1500  -      -      1        ibm  -        0      0
3512XL#

On the Catalyst 3548 XL:

3548XL#vlan database
3548XL(vlan)#vtp transparent
Setting device to VTP TRANSPARENT mode.
3548XL(vlan)#vlan 10 name Host-Vlan-1
VLAN 10 added:
    Name: Host-Vlan-1
3548XL(vlan)#vlan 20 name Host-Vlan-2
VLAN 20 added:
    Name: Host-Vlan-2
3548XL(vlan)#exit
APPLY completed.
Exiting....
3548XL#

You can verify the VLAN configuration with the show vtp status and the show vlan commands.

On the Catalyst 2924 XL:

2924XL#vlan database
2924XL(vlan)#vtp transparent
Setting device to VTP TRANSPARENT mode.
2924XL(vlan)#vlan 30 name Host-Vlan-3
VLAN 30 added:
    Name: Host-Vlan-3
2924XL(vlan)#exit
APPLY completed.
Exiting....
2924XL#

You can verify the VLAN configuration with the show vtp status and the show vlan commands.

Configure the EtherChannels Between Switches

This output shows how to configure the two-port Gigabit EtherChannel link between the Catalyst 2948G-L3 and the Catalyst 3512 XL, and the four-port Fast EtherChannel link between the Catalyst 2948G-L3 and the Catalyst 3548 XL:

On the Catalyst 2948G-L3:

2948G-L3#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
2948G-L3(config)#interface port-channel 1
2948G-L3(config-if)#exit
2948G-L3(config)#interface gig 49
2948G-L3(config-if)#no shutdown
2948G-L3(config-if)#no negotiation auto
2948G-L3(config-if)#channel-group 1
2948G-L3(config-if)#exit
2948G-L3(config)#interface gig 50
2948G-L3(config-if)#no shutdown
2948G-L3(config-if)#no negotiation auto
2948G-L3(config-if)#channel-group 1
2948G-L3(config-if)#exit
2948G-L3(config)#interface port-channel 2
2948G-L3(config-if)#exit
2948G-L3(config)#interface fast 45
2948G-L3(config-if)#no shutdown
2948G-L3(config-if)#channel-group 2
2948G-L3(config-if)#exit
2948G-L3(config)#interface fast 46
2948G-L3(config-if)#no shutdown
2948G-L3(config-if)#channel-group 2
2948G-L3(config-if)#exit
2948G-L3(config)#interface fast 47
2948G-L3(config-if)#no shutdown
2948G-L3(config-if)#channel-group 2
2948G-L3(config-if)#exit
2948G-L3(config)#interface fast 48
2948G-L3(config-if)#no shutdown
2948G-L3(config-if)#channel-group 2
2948G-L3(config-if)#^Z
2948G-L3#

Note: The Gigabit EtherChannel to the Catalyst 3512 XL uses interface port-channel 1; the Fast EtherChannel to the Catalyst 3548 XL uses interface port-channel 2.

You can verify the configuration with the show interface port-channel # command.

On the Catalyst 3512 XL:

3512XL#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
3512XL(config)#interface gig 0/1
3512XL(config-if)#no negotiation auto
3512XL(config-if)#port group 1
3512XL(config-if)#exit
3512XL(config)#interface gig 0/2
3512XL(config-if)#no negotiation auto
3512XL(config-if)#port group 1
3512XL(config-if)#^Z
3512XL#

On the Catalyst 3548 XL:

3548XL#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
3548XL(config)#interface fast 0/45
3548XL(config-if)#port group 1
3548XL(config-if)#exit
3548XL(config)#interface fast 0/46
3548XL(config-if)#port group 1
3548XL(config-if)#exit
3548XL(config)#interface fast 0/47
3548XL(config-if)#port group 1
3548XL(config-if)#exit
3548XL(config)#interface fast 0/48
3548XL(config-if)#port group 1
3548XL(config-if)#^Z
3548XL#

You can verify the configuration on the Catalyst 3512 XL and the Catalyst 3548 XL with the show port group command.

Configure Bridging

This output shows how to configure the Catalyst 2948G-L3 for bridging. Interfaces FastEthernet 1 through 43 are assigned to a single bridge-group (bridge-group 200) and spanning tree is disabled on these interfaces.

Because inter-VLAN routing is required, Integrated Routing & Bridging (IRB) must be enabled with the bridge irb command. In addition, in order to route traffic between the bridged interfaces on the Catalyst 2948G-L3 and the other VLANs in the network, a Bridge Virtual Interface (BVI) are created.

Finally, a second bridge-group and BVI interface are created for the management VLAN. In the Configuring the ISL Trunks Between Switches section, the VLAN 1 subinterfaces are joined to this bridge-group to create a single Layer 2 domain for switch management.

On the Catalyst 2948G-L3:

2948G-L3#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
2948G-L3(config)#bridge irb

!--- The bridge irb command enables Integrated Routing & Bridging on 
!--- the router, which allows you to route traffic within the bridge groups.

2948G-L3(config)#bridge 200 protocol ieee
2948G-L3(config)#bridge 200 route ip

!--- The bridge number route ip command allows you to route IP traffic 
!--- between the BVI interface and the other IP interfaces on the router.

2948G-L3(config)#interface bvi 200
2948G-L3(config-if)#ip add 10.200.200.1 255.255.255.0
2948G-L3(config-if)#exit
2948G-L3(config)#interface fast 1
2948G-L3(config-if)#no shutdown
2948G-L3(config-if)#bridge-group 200
2948G-L3(config-if)#bridge-group 200 spanning-disabled

. . .

2948G-L3(config)#interface fast 43
2948G-L3(config-if)#no shutdown
2948G-L3(config-if)#bridge-group 200
2948G-L3(config-if)#bridge-group 200 spanning-disabled
2948G-L3(config-if)#exit
2948G-L3(config)#bridge 1 protocol ieee
2948G-L3(config)#bridge 1 route ip
2948G-L3(config)#interface bvi 1

!--- BVI created for management

2948G-L3(config-if)#ip add 10.1.1.1 255.255.255.0
2948G-L3(config-if)#^Z
2948G-L3#

Configure the ISL Trunks Between Switches

There are three ISL trunks in this example. Two are configured on EtherChannels, and one is configured on a single physical interface.

In order to configure trunking on the Catalyst 2948G-L3, subinterfaces are added under the main interface. One subinterface is added for each VLAN transmitted on the trunk. In this example, the VLAN 1 subinterfaces are bridged together in order to form a single Layer 2 domain for switch management. This is achieved with IP subnet 10.1.1.0/24.

The remaining VLANs, VLANs 10, 20, 30, and 100, are terminated at the Catalyst 2948G-L3 routed subinterfaces.

On the Catalyst 2948G-L3:

2948G-L3#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
2948G-L3(config)#interface port-channel 1.1
2948G-L3(config-subif)#encapsulation isl 1

!--- The encapsulation isl vlan command specifies the encapsulation type 
!--- (ISL) and the VLAN to receive on the subinterface. 

2948G-L3(config-subif)#bridge-group 1
2948G-L3(config-subif)#exit
2948G-L3(config)#interface port-channel 1.100
2948G-L3(config-subif)#encapsulation isl 100
2948G-L3(config-subif)#ip address 10.100.100.1 255.255.255.0
2948G-L3(config-subif)#exit
2948G-L3(config)#interface port-channel 2.1
2948G-L3(config-subif)#encapsulation isl 1
2948G-L3(config-subif)#bridge-group 1
2948G-L3(config-subif)#exit
2948G-L3(config)#interface port-channel 2.10
2948G-L3(config-subif)#encapsulation isl 10
2948G-L3(config-subif)#ip address 10.10.10.1 255.255.255.0
2948G-L3(config-subif)#exit
2948G-L3(config)#interface port-channel 2.20
2948G-L3(config-subif)#encapsulation isl 20
2948G-L3(config-subif)#ip address 10.20.20.1 255.255.255.0
2948G-L3(config-subif)#exit
2948G-L3(config)#interface fast 44  
2948G-L3(config-if)#no shutdown
2948G-L3(config-if)#exit
2948G-L3(config)#interface fast 44.1
2948G-L3(config-subif)#encapsulation isl 1
2948G-L3(config-subif)#bridge-group 1
2948G-L3(config-subif)#exit
2948G-L3(config)#interface fast 44.30
2948G-L3(config-subif)#encapsulation isl 30
2948G-L3(config-subif)#ip address 10.30.30.1 255.255.255.0
2948G-L3(config-subif)#^Z
2948G-L3#

Note: The VLAN 1 subinterfaces are not assigned an IP address but are instead added to bridge-group 1. This allows VLAN 1 to span all switches.

  • The encapsulation isl vlan command specifies the encapsulation type, ISL, and the VLAN to receive on the subinterface.

  • Notice that the VLAN 1 subinterfaces are not assigned an IP address but are instead added to bridge-group 1. This allows VLAN 1 to span all switches.

You can verify the configuration with the show interface command. For example, issue the show interface fast 44.30 in order to verify the VLAN 30 subinterface configuration:

2948G-L3#show interface fast 44.30
FastEthernet44.30 is up, line protocol is up
  Hardware is epif_port, address is 0030.40d6.4032 (bia 0030.40d6.4032)
  Internet address is 10.30.30.1/24
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, rely 255/255, load 1/255
  Encapsulation ISL Virtual LAN, Color 30.
  ARP type: ARPA, ARP Timeout 04:00:00
2948G-L3#

On the XL switches, notice that the configuration is only applied to a single interface in the channel group. This is because any configuration applied to one interface in a port group is applied to all the other interfaces in the port group automatically, and appears in the configuration for each interface.

On the Catalyst 3512 XL:

3512XL#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
3512XL(config)#interface gig 0/1
3512XL(config-if)#switchport mode trunk

!--- The switchport mode trunk command configures the interface as a trunk port. 

3512XL(config-if)#^Z
3512XL#

Note: The 2900 XL and 3500 XL switches use ISL encapsulation by default when you enable trunking. There is no need to specify the encapsulation in this case.

You can verify the configuration with the show interface switchport command:

3512XL#show interface gig 0/1 switchport
Name: Gi0/1
Switchport: Enabled
Administrative mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: isl
Operational Trunking Encapsulation: isl
Negotiation of Trunking: Disabled
Access Mode VLAN: 0 ((Inactive))
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: ALL
Trunking VLANs Active: 1,100
Pruning VLANs Enabled: NONE

Priority for untagged frames: 0
3512XL#

On the Catalyst 3548 XL:

3548XL#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
3548XL(config)#interface fast 0/48
3548XL(config-if)#switchport mode trunk
3548XL(config-if)#^Z
3548XL#

You can verify the configuration with the show interface switchport command.

On the Catalyst 2924 XL:

2924 XL#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
2924XL(config)#interface fast 0/24
2924XL(config-if)#switchport mode trunk
2924XL(config-if)#^Z
2924 XL#

You can verify the configuration with the show interface switchport command.

Configure End-Station Ports

Now, ports on the Catalyst 3512 XL, 3548 XL, and 2924 XL switches are assigned to VLANs and spanning-tree portfast is enabled.

On the Catalyst 3512 XL:

3512 XL#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
3512XL(config)#interface fast 0/1
3512XL(config-if)#switchport access vlan 100
3512XL(config-if)#spanning-tree portfast
3512XL(config-if)#exit
3512XL(config)#interface fast 0/2
3512XL(config-if)#switchport access vlan 100
3512XL(config-if)#spanning-tree portfast

. . .

3512XL(config)#interface fast 0/12
3512XL(config-if)#switchport access vlan 100
3512XL(config-if)#spanning-tree portfast
3512XL(config-if)#^Z
3512 XL#

You can verify the configuration with the show interface switchport command and the show spanning-tree interface command:

3512 XL#show interface fast 0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: isl
Operational Trunking Encapsulation: isl
Negotiation of Trunking: Disabled
Access Mode VLAN: 100 (Server-Farm)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: NONE
Pruning VLANs Enabled: NONE

Priority for untagged frames: 0
3512 XL#show spanning-tree interface fast 0/1
Interface Fa0/1 (port 13) in Spanning tree 100 is FORWARDING
   Port path cost 100, Port priority 128
   Designated root has priority 32768, address 00d0.5868.eb81
   Designated bridge has priority 32768, address 00d0.5868.eb81
   Designated port is 13, path cost 0
   Timers: message age 0, forward delay 0, hold 0
   BPDU: sent 0, received 0
   The port is in the portfast mode
3512 XL#

On the Catalyst 3548 XL:

3548 XL#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
3548XL(config)#interface fast 0/1
3548XL(config-if)#switchport access vlan 10
3548XL(config-if)#spanning-tree portfast

. . .

3548XL(config)#interface fast 0/24
3548XL(config-if)#switchport access vlan 10
3548XL(config-if)#spanning-tree portfast
3548XL(config-if)#exit
3548XL(config)#interface fast 0/25
3548XL(config-if)#switchport access vlan 20
3548XL(config-if)#spanning-tree portfast

. . .

3548XL(config)#interface fast 0/44
3548XL(config-if)#switchport access vlan 20
3548XL(config-if)#spanning-tree portfast
3548XL(config-if)#^Z
3548 XL#

You can verify the configuration with the show interface switchport command and the show spanning-tree interface command.

On the Catalyst 2924 XL:

2924 XL#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
2924XL(config)#interface fast 0/1
2924XL(config-if)#switchport access vlan 30
2924XL(config-if)#spanning-tree portfast

. . .

2924XL(config)#interface fast 0/23
2924XL(config-if)#switchport access vlan 30
2924XL(config-if)#spanning-tree portfast
3548XL(config-if)#^Z
3548 XL#

You can verify the configuration with the show interface switchport command and the show spanning-tree interface command.

Save the Switch Configurations

Make sure you save the running configuration to NVRAM (startup configuration) on all switches so that the configuration is retained across a reload.

On the Catalyst 2948G-L3:

2948G-L3#copy running-config startup-config
Destination filename [startup-config]? 
Building configuration...
[OK]
2948G-L3#

On the Catalyst 3512 XL:

3512 XL#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...

3512 XL#

On the Catalyst 3548 XL:

3548 XL#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...

3548 XL#

On the Catalyst 2924 XL:

2924 XL#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...

2924 XL#

Full Device Configurations

Here are the full configurations for the devices used in Example 2.

Example 3: Multi-VLAN Distribution Layer Connecting to Network Core

In this example, two Catalyst 2948G-L3 switches are deployed in order to provide distribution-layer inter-VLAN routing and aggregation for multiple access-layer switches. In addition, the Catalyst 2948G-L3 switches are connected to two Catalyst 6506 switches in order to provide connectivity to the network core.

Note: The configuration of the core Catalyst 6506 switches is not fully discussed in this example. The core switch configurations are discussed only to the degree necessary for this example.

In this example, traffic is load-shared between the two Catalyst 2948G-L3 switches: half of the traffic passes through Catalyst 2948G-L3-01 while the other half passes through Catalyst 2948G-L3-02.

In the access layer, there are multiple Catalyst 2948G switches with two Fast EtherChannel links, one to each Catalyst 2948G-L3. There are two user VLANs configured on each Catalyst 2948G; traffic for one VLAN passes over one link, traffic for the second VLAN passes over the other link. In the event of a link failure, all traffic passes over the remaining link.

Note: The 2948G switch, without the "-L3", is a Layer 2 switch that supports the Catalyst OS command line interface. This switch does not support the IOS interface supported on the Catalyst 2948G-L3.

End-stations are attached to the Catalyst 2948G switches. Servers and other shared resources are located in the core of the network.

Note: The network core configuration is not fully discussed here.

This configuration is applied to the switches:

  • IP addresses and default gateways are assigned to the switches for management.

  • Each Catalyst 2948G switch in the access layer has two Fast EtherChannel links (ports 2/45-46, and ports 2/47-48), one link to each Catalyst 2948G-L3.

  • Each Catalyst 2948G-L3 switch has two Gigabit Ethernet links to the core, one to each of the core Catalyst 6506 switches.

  • The Catalyst 6506 switches in the core are interconnected by a 4-port Gigabit EtherChannel link.

  • The switch-to-switch connections between the Catalyst 2948G switches and the Catalyst 2948G-L3 switches are configured as IEEE 802.1q trunks.

  • On the Catalyst 2948G-L3 switches, there are two links to the core Catalyst 6506 switches; one link goes to 6506-01 on VLAN 10 and the other goes to 6506-02 on VLAN 15. These VLANs are different from VLANs 10 and 15 in the access layer because VLANs 10 and 15 in the access layer are terminated at the Layer 3 interfaces of the Catalyst 2948G-L3 switches.

  • The switch-to-switch connection between the Catalyst 6506 switches is configured as an ISL trunk.

  • Ports on the Catalyst 2948G switches are divided equally between two VLANs. For example, ports 2/1 through 2/22 on 2948G-01 are assigned to VLAN 10, and ports 2/23 through 2/44 are assigned to VLAN 15.

  • Ports of the Catalyst 2948G switches, with end-stations attached, are configured as host ports. Spanning-tree portfast is enabled, trunking is off, and channeling is off.

  • HSRP is configured on the Catalyst 2948G-L3 switches in order to provide first hop (default gateway) redundancy for the access-layer end-stations.

  • EIGRP is configured as the routing protocol on the Catalyst 2948G-L3 switches in order to exchange routing information with routers in the network core.

Mulit-VLAN Distribution Layer Network Diagram

29-30c.gif

Configure the Switches for Management

On the Catalyst 2948G and Catalyst 6506 switches, an IP address and VLAN are assigned to the sc0 management interface and an IP default route is defined.

Because the Catalyst 2948G-L3 switch does not support bridging on IEEE 802.1q subinterfaces, you cannot bridge a single IP subnet across VLAN 1 in this example as on ISL subinterfaces in Example 2). Therefore, management for the Catalyst 2948G-L3 is through any IP interface on the switch, while management for the Catalyst 2948G switches is on one of the user VLAN subnets rather than on VLAN 1.

In general, it is not recommended to put the sc0 management interface in a user VLAN. However, an exception is made in this example because the Catalyst 2948G-L3 does not support bridging on 802.1q subinterfaces, and because the user subnets are relatively small. There are no more than 126 host addresses per subnet.

On the Catalyst 6506 switches in the core, the sc0 interface is assigned to VLAN 1. The default gateway is the IP address of a router interface in the core. The router interface is not discussed in this example.

On the Catalyst 2948G switches:

2948G-01> (enable) set interface sc0 10 10.10.10.4 255.255.255.128
VLAN 10 does not exist.
Vlan is not active, user needs to set vlan 10 active
Interface sc0 vlan set, IP address and netmask set.
2948G-01> (enable) set ip route default 10.10.10.1
Route added.
2948G-01> (enable)

***** 

2948G-15> (enable) set interface sc0 150 10.10.150.4 255.255.255.128
VLAN 150 does not exist.
Vlan is not active, user needs to set vlan 150 active
Interface sc0 vlan set, IP address and netmask set.
2948G-15> (enable) set ip route default 10.10.150.1
Route added.
2948G-15> (enable)

Note: The system returns an error when you assign the sc0 interface to a VLAN that has not been configured yet. This VLAN is associated with the sc0 interface, but is not be added to the switch. This is done later, when the VLANs are defined on the access layer switches.

You can verify the configuration with the show interface and show ip route commands:

2948G-01> (enable) show interface
sl0: flags=50<DOWN,POINTOPOINT,RUNNING>
        slip 0.0.0.0 dest 0.0.0.0
sc0: flags=63<UP,BROADCAST,RUNNING>
        vlan 10 inet 10.10.10.4 netmask 255.255.255.128 broadcast 10.10.10.127
me1: flags=62<DOWN,BROADCAST,RUNNING>
        inet 0.0.0.0 netmask 0.0.0.0 broadcast 0.0.0.0
WARNING: Vlan 10 does not exist!!
2948G-01> (enable) show ip route
Fragmentation   Redirect   Unreachable
-------------   --------   -----------
enabled         enabled    enabled

The primary gateway: 10.10.10.1
Destination      Gateway          RouteMask    Flags   Use       Interface
---------------  ---------------  ----------   -----   --------  ---------
default          10.10.10.1       0x0          UG      0           sc0
10.10.10.0       10.10.10.4       0xffffff80   U       8           sc0
2948G-01> (enable)

On the Catalyst 6506 switches:

6506-01> (enable) set interface sc0 1 10.1.1.4 255.255.255.0
Interface sc0 vlan set, IP address and netmask set.
6506-01> (enable) set ip route default 10.1.1.1
Route added.
6506-01> (enable)

*****

6506-02> (enable) set interface sc0 1 10.1.1.5 255.255.255.0
Interface sc0 vlan set, IP address and netmask set.
6506-02> (enable) set ip route default 10.1.1.1
Route added.
6506-02> (enable)

Note: In this example, the default gateway used by the core switches is an interface on a router in the core. This is not discussed in this example.

You can verify the configuration with the show interface and show ip route commands.

Configure VLANs

In this example, the access-layer Catalyst 2948G switches are configured in VTP transparent mode because a VTP domain cannot be extended across the Catalyst 2948G-L3 switches. Two VLANs are configured on each access-layer switch.

The Catalyst 6506 switches in the core are configured as VTP servers in a VTP domain shared with the rest of the core switches (not discussed in this example). Traffic from the Catalyst 2948G-L3 switches in the distribution layer is carried into the core on VLAN 10, for even VLANs, and VLAN 15, for odd VLANs.

On the Catalyst 2948G switches:

2948G-01> (enable) set vtp domain Closet-10-01 mode transparent
VTP domain Closet-10-01 modified

!--- The set vtp command defines the VTP domain name and sets the VTP mode to transparent.

2948G-01> (enable) set vlan 10 name 10.10.10.0/25
Vlan 10 configuration successful

!--- The set vlan command creates the VLANs and defines the VLAN name.

2948G-01> (enable) set vlan 15 name 10.10.10.128/25
Vlan 15 configuration successful
2948G-01> (enable)

*****

2948G-15> (enable) set vtp domain Closet-10-15 mode transparent
VTP domain Closet-10-15 modified
2948G-15> (enable) set vlan 150 name 10.10.150.0/25
Vlan 150 configuration successful
2948G-15> (enable) set vlan 155 name 10.10.150.128/25
Vlan 155 configuration successful
2948G-15> (enable)

You can verify the configuration with the show vtp domain and show vlan commands:

2948G-01> (enable) show vtp domain
Domain Name                      Domain Index VTP Version Local Mode  Password
-------------------------------- ------------ ----------- ----------- ----------
Closet-10-01                     1            2           Transparent -

Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- -------------
7          1023             0               disabled

Last Updater    V2 Mode  Pruning  PruneEligible on Vlans
--------------- -------- -------- -------------------------
10.1.1.5        disabled disabled 2-1000
2948G-01> (enable) show vlan
VLAN Name                             Status    IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- ------------------------
1    default                          active    87      2/1-50
10   10.10.10.0/25                    active    92
15   10.10.10.128/25                  active    93
1002 fddi-default                     active    88
1003 token-ring-default               active    91
1004 fddinet-default                  active    89
1005 trnet-default                    active    90


VLAN Type  SAID       MTU   Parent RingNo BrdgNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
1    enet  100001     1500  -      -      -      -    -        0      0
10   enet  100010     1500  -      -      -      -    -        0      0
15   enet  100015     1500  -      -      -      -    -        0      0
1002 fddi  101002     1500  -      -      -      -    -        0      0
1003 trcrf 101003     1500  -      -      -      -    -        0      0
1004 fdnet 101004     1500  -      -      -      -    -        0      0
1005 trbrf 101005     1500  -      -      -      ibm  -        0      0


VLAN DynCreated  RSPAN
---- ---------- --------
1    static     disabled
10   static     disabled
15   static     disabled
1002 static     disabled
1003 static     disabled
1004 static     disabled
1005 static     disabled


VLAN AREHops STEHops Backup CRF 1q VLAN
---- ------- ------- ---------- -------
1003 7       7       off
2948G-01> (enable)

VLANs 10 and 15 only need to be added onto one Catalyst 6506 switch because both of them are in the same VTP domain and are interconnected by a trunk link. VTP advertises the new VLAN configuration to the other switches in the same VTP domain.

On the Catalyst 6506 switches:

6506-01> (enable) set vtp domain Core-Domain mode server
VTP domain Core-Domain modified
6506-01> (enable) set vlan 10 name Aggregation-10.10.0.0/16-Even
Vlan 10 configuration successful
6506-01> (enable) set vlan 15 name Aggregation-10.10.0.0/16-Odd
Vlan 15 configuration successful
6506-01> (enable) set vlan 15 4/1
VLAN 15 modified.
VLAN 1 modified.
VLAN  Mod/Ports
---- -----------------------
15    4/1
      15/1 
6506-01> (enable) set vlan 15 5/1
VLAN 15 modified.
VLAN 1 modified.
VLAN  Mod/Ports
---- -----------------------
15    4/1
      5/1
      15/1
6506-01> (enable)

*****

6506-02> (enable) set vtp domain Core-Domain mode server
VTP domain Core-Domain modified
6506-02> (enable) set vlan 10 4/1
VLAN 10 modified.
VLAN 1 modified.
VLAN  Mod/Ports
---- -----------------------
10    4/1
      15/1 
6506-02> (enable) set vlan 10 5/1
VLAN 10 modified.
VLAN 1 modified.
VLAN  Mod/Ports
---- -----------------------
10    4/1
      5/1
      15/1
6506-02> (enable)

Note: VLANs 10 and 15 in the core are distinct from VLANs 10 and 15 used in the access layer in this example. The access-layer VLANs are not extended into the core.

You can verify the configuration with the show vtp domain and show vlan commands.

Configure the EtherChannels Between Switches

This output shows how to configure the Fast EtherChannel links between the access-layer Catalyst 2948G switches and the Catalyst 2948G-L3 switches, and the Gigabit EtherChannel between the core Catalyst 6506 switches.

On the Catalyst 2948G-L3 switches:

2948G-L3-01#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
2948G-L3-01(config)#interface port-channel 1

!--- Creates logical port-channel interface

2948G-L3-01(config-if)#description Channel_to_2948G-01
2948G-L3-01(config-if)#exit
2948G-L3-01(config)#interface fastethernet 1
2948G-L3-01(config-if)#no shutdown
2948G-L3-01(config-if)#channel-group 1

!--- Adds the Fast Ethernet interfaces to the logical port-channel interface

2948G-L3-01(config-if)#exit
2948G-L3-01(config)#interface fastethernet 2
2948G-L3-01(config-if)#no shutdown
2948G-L3-01(config-if)#channel-group 1
2948G-L3-01(config-if)#exit
2948G-L3-01(config)#interface port-channel 2
2948G-L3-01(config-if)#description Channel_to_2948G-02
2948G-L3-01(config-if)#exit
2948G-L3-01(config)#interface fastethernet 3
2948G-L3-01(config-if)#no shutdown
2948G-L3-01(config-if)#channel-group 2
2948G-L3-01(config-if)#exit
2948G-L3-01(config)#interface fastethernet 4
2948G-L3-01(config-if)#no shutdown
2948G-L3-01(config-if)#channel-group 2

. . .

2948G-L3-01(config)#interface port-channel 15
2948G-L3-01(config-if)#description Channel_to_2948G-15
2948G-L3-01(config-if)#exit
2948G-L3-01(config)#interface fastethernet 29
2948G-L3-01(config-if)#no shutdown
2948G-L3-01(config-if)#channel-group 15
2948G-L3-01(config-if)#exit
2948G-L3-01(config)#interface fastethernet 30
2948G-L3-01(config-if)#no shutdown
2948G-L3-01(config-if)#channel-group 15
2948G-L3-01(config-if)#^Z
2948G-L3-01#

***** 

2948G-L3-02#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
2948G-L3-02(config)#interface port-channel 1
2948G-L3-02(config-if)#description Channel_to_2948G-01
2948G-L3-02(config-if)#exit
2948G-L3-02(config)#interface fastethernet 1
2948G-L3-02(config-if)#no shutdown
2948G-L3-02(config-if)#channel-group 1
2948G-L3-02(config-if)#exit
2948G-L3-02(config)#interface fastethernet 2
2948G-L3-02(config-if)#no shutdown
2948G-L3-02(config-if)#channel-group 1
2948G-L3-02(config-if)#exit
2948G-L3-02(config)#interface port-channel 2
2948G-L3-02(config-if)#description Channel_to_2948G-02
2948G-L3-02(config-if)#exit
2948G-L3-02(config)#interface fastethernet 3
2948G-L3-02(config-if)#no shutdown
2948G-L3-02(config-if)#channel-group 2
2948G-L3-02(config-if)#exit
2948G-L3-02(config)#interface fastethernet 4
2948G-L3-02(config-if)#no shutdown
2948G-L3-02(config-if)#channel-group 2

. . .

2948G-L3-02(config)#interface port-channel 15
2948G-L3-02(config-if)#description Channel_to_2948G-15
2948G-L3-02(config-if)#exit
2948G-L3-02(config)#interface fastethernet 29
2948G-L3-02(config-if)#no shutdown
2948G-L3-02(config-if)#channel-group 15
2948G-L3-02(config-if)#exit
2948G-L3-02(config)#interface fastethernet 30
2948G-L3-02(config-if)#no shutdown
2948G-L3-02(config-if)#channel-group 15
2948G-L3-02(config-if)#^Z
2948G-L3-02#

You can verify the configuration with the show interface port-channel # command:

2948G-L3-01#show interface port-channel 1
Port-channel1 is up, line protocol is up
  Hardware is FEChannel, address is 0030.40d6.4007 (bia 0000.0000.0000)
  Description: Channel_to_2948G-01
  MTU 1500 bytes, BW 200000 Kbit, DLY 100 usec, rely 255/255, load 1/255
  Encapsulation ARPA, loopback not set, keepalive set (10 sec)
  Half-duplex, Unknown Speed, Media type unknown
  ARP type: ARPA, ARP Timeout 04:00:00
    No. of active members in this channel: 2
        Member 0 : FastEthernet1
        Member 1 : FastEthernet2
  Last input 00:00:01, output never, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/300, 0 drops
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     1620 packets input, 124360 bytes, 0 no buffer
     Received 3 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 watchdog, 0 multicast
     0 input packets with dribble condition detected
     576 packets output, 103080 bytes, 0 underruns(0/0/0)
     0 output errors, 0 collisions, 0 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
2948G-L3-01# 

On the Catalyst 2948G switches:

2948G-01> (enable) set port name 2/45-46 2948G-L3-01_Uplink
Ports 2/45-46 name set.
2948G-01> (enable) set port name 2/47-48 2948G-L3-02_Uplink
Ports 2/47-48 name set.
2948G-01> (enable) set port channel 2/45-46 on

!--- Enables port channeling in ON mode. Channel mode needs to be forced to 
!--- ON as the 2948G-L3 does not support Port Aggregation Protocol (PAgP).

Port(s) 2/45-46 are assigned to admin group 80.
Port(s) 2/45-46 channel mode set to on.
2948G-01> (enable) set port channel 2/47-48 on
Port(s) 2/47-48 are assigned to admin group 81.
Port(s) 2/47-48 channel mode set to on.
2948G-01> (enable)

*****

2948G-15> (enable) set port name 2/45-46 2948G-L3-01_Uplink
Ports 2/45-46 name set.
2948G-15> (enable) set port name 2/47-48 2948G-L3-02_Uplink
Ports 2/47-48 name set.
2948G-15> (enable) set port channel 2/45-46 on
Port(s) 2/45-46 are assigned to admin group 98.
Port(s) 2/45-46 channel mode set to on.
2948G-15> (enable) set port channel 2/47-48 on
Port(s) 2/47-48 are assigned to admin group 99.
Port(s) 2/47-48 channel mode set to on.
2948G-15> (enable)

You can use the show port channel command in order to verify the EtherChannel configuration:

2948G-01> (enable) show port channel
Port  Status     Channel              Admin Ch
                 Mode                 Group Id
----- ---------- -------------------- ----- -----
 2/45 connected  on                      80   823
 2/46 connected  on                      80   823
----- ---------- -------------------- ----- -----
 2/47 connected  on                      81   824
 2/48 connected  on                      81   824
----- ---------- -------------------- ----- -----

Port  Device-ID                       Port-ID                   Platform
----- ------------------------------- -----------------------------------------
 2/45  Not directly connected to switch
 2/46 2948G-L3-01                     FastEthernet2             cisco Cat2948G
----- ------------------------------- -----------------------------------------
 2/47  Not directly connected to switch
 2/48 2948G-L3-02                     FastEthernet2             cisco Cat2948G
----- ------------------------------- -----------------------------------------
2948G-01> (enable)

On the Catalyst 6506 switches:

6506-01> (enable) set port name 2/7-8,3/7-8 Cat6506-02
Ports 2/7-8,3/7-8 name set.
6506-01> (enable) set port channel 2/7-8,3/7-8 on
Port(s) 2/7-8,3/7-8 are assigned to admin group 144.
Port(s) 2/7-8,3/7-8 channel mode set to on.
6506-01> (enable)

*****

6506-02> (enable) set port name 2/7-8,3/7-8 Cat6506-01
Ports 2/7-8,3/7-8 name set.
6506-02> (enable) set port channel 2/7-8,3/7-8 on
Port(s) 2/7-8,3/7-8 are assigned to admin group 88.
Port(s) 2/7-8,3/7-8 channel mode set to on.
6506-02> (enable)

You can use the show port channel command in order to verify the EtherChannel configuration.

Configure Trunks and Router Interfaces

In this example, the trunks from the Catalyst 2948G switches to the Catalyst 2948G-L3 switches use IEEE 802.1q encapsulation. The trunk between the core Catalyst 6506 switches use ISL encapsulation.

Each trunk between the Catalyst 2948G switches and the Catalyst 2948G-L3 switches carries three VLANs: VLAN 1 and the two user VLANs on each switch. The native VLAN is 1. Notice that no IP addresses are assigned to the VLAN 1 subinterfaces because these subinterfaces are not being used in order to route user traffic. However, protocols such as VTP and CDP are passed on VLAN 1.

In order to configure trunking on the Catalyst 2948G-L3, subinterfaces must be added under the main port-channel interface; one subinterface is added for each VLAN transmitted on the trunk. An IP address is assigned to each subinterface, and HSRP is configured between the two Catalyst 2948G-L3 switches in order to provide first-hop (default gateway) redundancy for the end-stations.

On Catalyst 2948G-L3-01, the subinterfaces for odd VLANs, 15, 25, 35, and so on, are the HSRP active interfaces. On Catalyst 2948G-L3-02, the subinterfaces for even VLANs, 10, 20, 30, and so on, are the HSRP active interfaces. In the event that the primary link goes down, the standby HSRP interface becomes the active and continues to function as the default gateway for end-stations in the VLAN.

In addition, the Catalyst 2948G-L3 switches use the HSRP tracking feature in order to favor one HSRP interface over another based on whether the Gigabit Ethernet links into the network core are up or down.

It is important to understand that every VLAN in the access-layer is terminated at the Catalyst 2948G-L3 routed interfaces.

In addition to the trunks to the access-layer switches, each Catalyst 2948G-L3 switch has two ports that connect into the network core: one in VLAN 10 and the other in VLAN 15.

Catalyst 2948G-L3-01 uses the VLAN 15 link as the primary link and performs the routing for the odd VLANs, 15, 25, 35, and so on. Catalyst 2948G-L3-02 uses the VLAN 10 link as the primary link and performs the routing for the even VLANs, 10, 20, 30, so on. In the event of a link failure, the backup link into the core is used. EIGRP routing, which is configured later in this example, is used in order to determine on which link traffic is forwarded.

On the Catalyst 2948G-L3 switches:

2948G-L3-01#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
2948G-L3-01(config)#interface port-channel 1.1

!--- Creates a subinterface for the port-channel

2948G-L3-01(config-subif)#encapsulation dot1q 1 native

!--- Configures the 802.1q encapsulation for the subinterface and
!--- defines it as the native VLAN for the trunk

2948G-L3-01(config-subif)#exit
2948G-L3-01(config)#interface port-channel 1.10
2948G-L3-01(config-subif)#encapsulation dot1q 10

!--- Configures the 802.1q encapsulation for the subinterface

2948G-L3-01(config-subif)#ip address 10.10.10.2 255.255.255.128

!--- Defines the IP address and subnet mask for the subinterface

2948G-L3-01(config-subif)#standby 10 ip 10.10.10.1

!--- The standby ip command enables HSRP, specifies the group and the HSRP IP address.
!--- If you do not specify a group-number, group 0 is used.

2948G-L3-01(config-subif)#standby 10 priority 100 preempt

!--- The standby priority command specifies the priority for the HSRP interface.
!--- Increase the priority of at least one interface in the HSRP group to a value 
!--- greater than the default (the default is 100). 
!--- The interface with the highest priority becomes active for that HSRP group.

2948G-L3-01(config-subif)#standby 10 track gig 49 20

!--- The standby track interface-priority interface configuration command specifies
!--- how much to decrement the hot standby priority when a tracked interface goes down.

2948G-L3-01(config-subif)#standby 10 track gig 50 20
2948G-L3-01(config-subif)#standby 10 authentication C10-10

!--- Defines the authentication string which is sent unencrypted in all HSRP messages. 
!--- The string must be the same for all routers or an authentication mismatch 
!--- prevents a device from learning the designated Hot Standby IP address and timer 
!--- values from other routers.

2948G-L3-01(config-subif)#exit
2948G-L3-01(config)#interface port-channel 1.15
2948G-L3-01(config-subif)#encapsulation dot1q 15
2948G-L3-01(config-subif)#ip address 10.10.10.130 255.255.255.128
2948G-L3-01(config-subif)#standby 15 ip 10.10.10.129
2948G-L3-01(config-subif)#standby 15 priority 110 preempt
2948G-L3-01(config-subif)#standby 15 track gig 49 20
2948G-L3-01(config-subif)#standby 15 track gig 50 20
2948G-L3-01(config-subif)#standby 15 authentication C10-15

. . .

2948G-L3-01(config)#interface port-channel 15.1
2948G-L3-01(config-subif)#encapsulation dot1q 1 native
2948G-L3-01(config-subif)#exit
2948G-L3-01(config)#interface port-channel 15.150
2948G-L3-01(config-subif)#encapsulation dot1q 150
2948G-L3-01(config-subif)#ip address 10.10.150.2 255.255.255.128
2948G-L3-01(config-subif)#standby 150 ip 10.10.150.1
2948G-L3-01(config-subif)#standby 150 priority 100 preempt
2948G-L3-01(config-subif)#standby 150 track gig 49 20
2948G-L3-01(config-subif)#standby 150 track gig 50 20
2948G-L3-01(config-subif)#standby 150 authentication C10-150
2948G-L3-01(config-subif)#exit
2948G-L3-01(config)#interface port-channel 15.155
2948G-L3-01(config-subif)#encapsulation dot1q 155
2948G-L3-01(config-subif)#ip address 10.10.150.130 255.255.255.128
2948G-L3-01(config-subif)#standby 155 ip 10.10.150.129
2948G-L3-01(config-subif)#standby 155 priority 110 preempt
2948G-L3-01(config-subif)#standby 155 track gig 49 20
2948G-L3-01(config-subif)#standby 155 track gig 50 20
2948G-L3-01(config-subif)#standby 155 authentication C10-155
2948G-L3-01(config-subif)#exit
2948G-L3-01(config)#interface gig 49
2948G-L3-01(config-if)#no shutdown
2948G-L3-01(config-if)#description CoreVLAN15
2948G-L3-01(config-if)#ip address 10.10.0.19 255.255.255.240
2948G-L3-01(config-if)#exit
2948G-L3-01(config)#interface gig 50
2948G-L3-01(config-if)#no shutdown
2948G-L3-01(config-if)#description CoreVLAN10
2948G-L3-01(config-if)#ip address 10.10.0.3 255.255.255.240
2948G-L3-01(config-if)#^Z
2948G-L3-01#

***** 

2948G-L3-02#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
2948G-L3-02(config)#interface port-channel 1.1
2948G-L3-02(config-subif)#encapsulation dot1q 1 native
2948G-L3-02(config-subif)#exit
2948G-L3-02(config)#interface port-channel 1.10
2948G-L3-02(config-subif)#encapsulation dot1q 10
2948G-L3-02(config-subif)#ip address 10.10.10.3 255.255.255.128
2948G-L3-02(config-subif)#standby 10 ip 10.10.10.1
2948G-L3-02(config-subif)#standby 10 priority 110 preempt
2948G-L3-02(config-subif)#standby 10 track gig 49 20
2948G-L3-02(config-subif)#standby 10 track gig 50 20
2948G-L3-02(config-subif)#standby 10 authentication C10-10
2948G-L3-02(config-subif)#exit
2948G-L3-02(config)#interface port-channel 1.15
2948G-L3-02(config-subif)#encapsulation dot1q 15
2948G-L3-02(config-subif)#ip address 10.10.15.131 255.255.255.128
2948G-L3-02(config-subif)#standby 15 ip 10.10.15.129
2948G-L3-02(config-subif)#standby 15 priority 100 preempt
2948G-L3-02(config-subif)#standby 15 track gig 49 20
2948G-L3-02(config-subif)#standby 15 track gig 50 20
2948G-L3-02(config-subif)#standby 15 authentication C10-15

. . .

2948G-L3-02(config)#interface port-channel 15.1
2948G-L3-02(config-subif)#encapsulation dot1q 1 native
2948G-L3-02(config)#interface port-channel 15.150
2948G-L3-02(config-subif)#encapsulation dot1q 150
2948G-L3-02(config-subif)#ip address 10.10.150.3 255.255.255.128
2948G-L3-02(config-subif)#standby 150 ip 10.10.150.1
2948G-L3-02(config-subif)#standby 150 priority 110 preempt
2948G-L3-02(config-subif)#standby 150 track gig 49 20
2948G-L3-02(config-subif)#standby 150 track gig 50 20
2948G-L3-02(config-subif)#standby 150 authentication C10-150
2948G-L3-02(config-subif)#exit
2948G-L3-02(config)#interface port-channel 15.155
2948G-L3-02(config-subif)#encapsulation dot1q 155
2948G-L3-02(config-subif)#ip address 10.10.150.131 255.255.255.128
2948G-L3-02(config-subif)#standby 155 ip 10.10.150.129
2948G-L3-02(config-subif)#standby 155 priority 100 preempt
2948G-L3-02(config-subif)#standby 155 track gig 49 20
2948G-L3-02(config-subif)#standby 155 track gig 50 20
2948G-L3-02(config-subif)#standby 155 authentication C10-155
2948G-L3-02(config-subif)#exit
2948G-L3-02(config)#interface gig 49
2948G-L3-02(config-if)#description CoreVLAN10
2948G-L3-02(config-if)#ip address 10.10.0.4 255.255.255.240
2948G-L3-02(config-if)#exit
2948G-L3-02(config)#interface gig 50
2948G-L3-02(config-if)#description CoreVLAN15
2948G-L3-02(config-if)#ip address 10.10.0.20 255.255.255.240
2948G-L3-02(config-if)#^Z
2948G-L3-02#

Notes:

  • The encapsulation dot1q 1 native command configures the 802.1q VLAN encapsulation for the current subinterface and defines it as the native VLAN for the trunk.

  • The other encapsulation dot1q commands configure the 802.1q VLAN encapsulation for each subinterface.

  • The ip address command defines the IP address and subnet mask for each subinterface.

  • The standby commands define the HSRP configuration for each subinterface, including the HSRP IP address, priority, authentication string, and interfaces to track.

You can verify the interface configuration with the show interface type # command. You can verify the IP configuration with the show ip interface type # command. You can verify the HSRP configuration with the show standby command.

2948G-L3-01#show interface port-channel 1
Port-channel1 is up, line protocol is up
  Hardware is FEChannel, address is 0030.40d6.4007 (bia 0000.0000.0000)
  Description: Channel_to_2948G-01
  MTU 1500 bytes, BW 200000 Kbit, DLY 100 usec, rely 255/255, load 1/255
  Encapsulation ARPA, loopback not set, keepalive set (10 sec)
  Half-duplex, Unknown Speed, Media type unknown
  ARP type: ARPA, ARP Timeout 04:00:00
    No. of active members in this channel: 2
        Member 0 : FastEthernet1
        Member 1 : FastEthernet2
  Last input 00:00:00, output never, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/300, 0 drops
  5 minute input rate 1000 bits/sec, 3 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     3251 packets input, 243304 bytes, 0 no buffer
     Received 7 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 watchdog, 0 multicast
     0 input packets with dribble condition detected
     1091 packets output, 182850 bytes, 0 underruns(0/0/0)
     0 output errors, 0 collisions, 0 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
2948G-L3-01#show ip interface port-channel 1.10
Port-channel1.10 is up, line protocol is up
  Internet address is 10.10.10.2/25
  Broadcast address is 255.255.255.255
  Address determined by setup command
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Multicast reserved groups joined: 224.0.0.2 224.0.0.10
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are never sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is disabled
  IP fast switching on the same interface is disabled
  IP CEF switching is enabled
  IP Null turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Probe proxy name replies are disabled
  Policy routing is disabled
  Network address translation is disabled
  Web Cache Redirect is disabled
  BGP Policy Mapping is disabled
2948G-L3-01#show standby port-channel 1.10
Port-channel1.10 - Group 10
  Local state is Standby, priority 100, may preempt
  Hellotime 3 holdtime 10
  Next hello sent in 00:00:02.302
  Hot standby IP address is 10.10.10.1 configured
  Active router is 10.10.10.3 expires in 00:00:09
  Standby router is local
  Standby virtual mac address is 0000.0c07.ac0a
  Tracking interface states for 2 interfaces, 2 up:
    Up   GigabitEthernet49 Priority decrement: 20
    Up   GigabitEthernet50 Priority decrement: 20
2948G-L3-01#show standby port-channel 1.15
Port-channel1.15 - Group 15
  Local state is Active, priority 110, may preempt
  Hellotime 3 holdtime 10
  Next hello sent in 00:00:01.294
  Hot standby IP address is 10.10.10.129 configured
  Active router is local
  Standby router is 10.10.10.131 expires in 00:00:09
  Standby virtual mac address is 0000.0c07.ac0f
  Tracking interface states for 2 interfaces, 2 up:
    Up   GigabitEthernet49 Priority decrement: 20
    Up   GigabitEthernet50 Priority decrement: 20
2948G-L3-01#

On the Catalyst 2948G switches:

2948G-01> (enable) set trunk 2/45 nonegotiate dot1q      

!--- Configures the trunk for 802.1q encapsulation and sets the mode to nonegotiate

Port(s) 2/45-46 trunk mode set to nonegotiate.
Port(s) 2/45-46 trunk type set to dot1q.
2948G-01> (enable) set trunk 2/47 nonegotiate dot1q
Port(s) 2/47-48 trunk mode set to nonegotiate.
Port(s) 2/47-48 trunk type set to dot1q.
2948G-01> (enable) 

*****

2948G-15> (enable) set trunk 2/45 nonegotiate dot1q      
Port(s) 2/45-46 trunk mode set to nonegotiate.
Port(s) 2/45-46 trunk type set to dot1q.
2948G-15> (enable) set trunk 2/47 nonegotiate dot1q
Port(s) 2/47-48 trunk mode set to nonegotiate.
Port(s) 2/47-48 trunk type set to dot1q.
2948G-15> (enable)

Note: The nonegotiate keyword must be used when you configure a trunk to the Catalyst 2948G-L3, or any router, because the Catalyst 2948G-L3 does not support the dynamic negotiation of trunk links with DTP.

You can verify the trunk configuration with the show trunk command:

2948G-01> (enable) show trunk
* - indicates vtp domain mismatch
Port      Mode         Encapsulation  Status        Native vlan
--------  -----------  -------------  ------------  -----------
 2/45     nonegotiate  dot1q          trunking      1
 2/46     nonegotiate  dot1q          trunking      1
 2/47     nonegotiate  dot1q          trunking      1
 2/48     nonegotiate  dot1q          trunking      1

Port      Vlans allowed on trunk
--------  ---------------------------------------------------------------------
 2/45     1-1005
 2/46     1-1005
 2/47     1-1005
 2/48     1-1005

Port      Vlans allowed and active in management domain
--------  ---------------------------------------------------------------------
 2/45     1,10,15
 2/46     1,10,15
 2/47     1,10,15
 2/48     1,10,15

Port      Vlans in spanning tree forwarding state and not pruned
--------  ---------------------------------------------------------------------
 2/45     1,10,15
 2/46     1,10,15
 2/47     1,10,15
 2/48     1,10,15
2948G-01> (enable)

On the Catalyst 6506 switches:

6506-01> (enable) set trunk 2/7 isl desirable

!--- Configures the trunk for ISL encapsulation and sets the mode to desirable

Port(s) 2/7-8,3/7-8 trunk mode set to desirable.
Port(s) 2/7-8,3/7-8 trunk type set to isl.
6506-01> (enable)

*****

6506-02> (enable) set trunk 2/7 isl desirable
Port(s) 2/7-8,3/7-8 trunk mode set to desirable.
Port(s) 2/7-8,3/7-8 trunk type set to isl.
6506-02> (enable)

Note: Use the desirable keyword in order to allow the Catalyst 6506 switches to dynamically negotiate the trunk link with DTP.

You can verify the trunk configuration with the show trunk command.

Configure EIGRP Routing

In this example, EIGRP is configured to exchange routing information with other routers in the network core. The configuration of the core devices is not considered in this example.

The IP addressing scheme in this example was chosen so that all of the access-layer VLANs can be summarized to the core routers in a single advertisement of the 10.10.0.0/16 subnet. This drastically reduces the number of routing table entries and EIGRP topology table entries that the core routers must manage.

In addition, if Internet connectivity is required, network address translation (NAT) must be used in order to translate the 10.0.0.0/8 addresses to a valid IP address range. NAT configuration is not considered in this example.

On the Catalyst 2948G-L3 switches:

2948G-L3-01#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
2948G-L3-01(config)#router eigrp 10

!--- Starts the EIGRP process with process ID 10 
!--- The ID number must be the same on all routers in order to share routing information. 

2948G-L3-01(config-router)#network 10.0.0.0

!--- The network command identifies the interfaces that run EIGRP.
!--- In this case, any interface in the 10.0.0.0/8 network participates.

2948G-L3-01(config-router)#exit
2948G-L3-01(config)#interface gig 49
2948G-L3-01(config-if)#ip summary-address eigrp 10 10.10.0.0 255.255.0.0
2948G-L3-01(config-if)#exit
2948G-L3-01(config)#interface gig 50
2948G-L3-01(config-if)#ip summary-address eigrp 10 10.10.0.0 255.255.0.0

!--- Defines a summary route in order to advertise on the interface. In this case, only 
!--- the 10.10.0.0/16 route is advertised into the core while more specific 
!--- subnet routes are suppressed.

2948G-L3-01(config-if)#^Z
2948G-L3-01#

*****

2948G-L3-02#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
2948G-L3-02(config)#router eigrp 10
2948G-L3-02(config-router)#network 10.0.0.0
2948G-L3-02(config-router)#exit
2948G-L3-02(config)#interface gig 49
2948G-L3-02(config-if)#ip summary-address eigrp 10 10.10.0.0 255.255.0.0
2948G-L3-02(config-if)#exit
2948G-L3-02(config)#interface gig 50
2948G-L3-02(config-if)#ip summary-address eigrp 10 10.10.0.0 255.255.0.0
2948G-L3-02(config-if)#^Z
2948G-L3-02#

You can verify the EIGRP configuration with the show ip protocols command and the show ip eigrp interface command.

Configure End-Station Ports

Ports on the access-layer Catalyst 2948G switches are assigned to VLANs and are configured as host ports with the set port host command. This command enables spanning-tree portfast and turns off trunking and channeling on the ports.

On the Catalyst 2948G switches:

2948G-01> (enable) set vlan 10 2/1-22
VLAN 10 modified.
VLAN 1 modified.
VLAN  Mod/Ports
---- -----------------------
10    2/1-22
2948G-01> (enable) set vlan 15 2/23-44
VLAN 15 modified.
VLAN 1 modified.
VLAN  Mod/Ports
---- -----------------------
15    2/23-44
2948G-01> (enable) set port host 2/1-44
Port(s) 2/1-44 channel mode set to off.

Warning: Spantree port fast start should only be enabled on ports connected
to a single host.  Connecting hubs, concentrators, switches, bridges, etc. to
a fast start port can cause temporary spanning tree loops.  Use with caution.

Spantree ports 2/1-44 fast start enabled.
Port(s) 2/1-44 trunk mode set to off.
2948G-01> (enable)

*****

2948G-15> (enable) set vlan 150 2/1-22
VLAN 150 modified.
VLAN 1 modified.
VLAN  Mod/Ports
---- -----------------------
150   2/1-22
2948G-15> (enable) set vlan 155 2/23-44
VLAN 155 modified.
VLAN 1 modified.
VLAN  Mod/Ports
---- -----------------------
155   2/23-44
2948G-15> (enable) set port host 2/1-44
Port(s) 2/1-44 channel mode set to off.

Warning: Spantree port fast start should only be enabled on ports connected
to a single host.  Connecting hubs, concentrators, switches, bridges, etc. to
a fast start port can cause temporary spanning tree loops.  Use with caution.

Spantree ports 2/1-44 fast start enabled.
Port(s) 2/1-44 trunk mode set to off.
2948G-15> (enable)

You can verify the configuration with the show port command and the show port spantree command.

Save the Switch Configurations

Make sure you save the running configuration to NVRAM (startup configuration) on the Catalyst 2948G-L3 switches so that the configuration is retained if the switch is reloaded. On the CatOS switches, Catalyst 2948G and Catalyst 6506 switches, this step is not necessary because the changes to the configuration are saved in NVRAM immediately after you enter each command.

On Catalyst 2948G-L3-01:

2948G-L3-01#copy running-config startup-config
Destination filename [startup-config]? 
Building configuration...
[OK]
2948G-L3-01#

On Catalyst 2948G-L3-02:

2948G-L3-02#copy running-config startup-config
Destination filename [startup-config]? 
Building configuration...
[OK]
2948G-L3-02#

Full Device Configurations

Here are the full configurations for the devices used in Example 3.

Related Information

Updated: Aug 30, 2005
Document ID: 12020