Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,536 --> 00:00:02,236 >> I'm so looking forward to this nugget. 2 00:00:02,236 --> 00:00:07,776 And it ties together the concepts of routing which we just talked about with the concept 3 00:00:07,776 --> 00:00:10,336 of VLANs which we just talked about previously. 4 00:00:11,106 --> 00:00:12,426 So, here's the idea. 5 00:00:12,786 --> 00:00:18,446 VLANs are a layer two features, that's really low in the OSI model in terms of things. 6 00:00:18,446 --> 00:00:23,546 So, when they separate something at layer two and the only way that you're going to beat 7 00:00:23,546 --> 00:00:26,496 that is by doing layer one separation and that would look 8 00:00:26,496 --> 00:00:30,596 like taking those two computers there connect to that switch and physically plugging them 9 00:00:30,596 --> 00:00:33,886 into different switches and then you could say, "Okay, see I'm even more separate 10 00:00:33,886 --> 00:00:38,616 than I could be at level-- at layer two because I'm now-- not even on the same switch. 11 00:00:38,616 --> 00:00:41,686 I'm physically separate, physical separation." 12 00:00:42,016 --> 00:00:47,906 So, layer two separation is, I mean, it's really separate, it's as low as you can get 13 00:00:47,906 --> 00:00:49,896 without physically separating your devices. 14 00:00:49,896 --> 00:00:56,066 So, your devices when they are put on different VLANs truly cannot talk. 15 00:00:56,066 --> 00:00:58,936 You know, even if we were to do something like this and let's say the one 16 00:00:58,936 --> 00:01:03,246 on the left we give him 10.1.1.50 as the IP address, 17 00:01:03,246 --> 00:01:05,776 the one on the right in the right is 10.1.1.51. 18 00:01:06,766 --> 00:01:10,306 Even if they're in the same IP subnet and now, you can think of that, 19 00:01:10,306 --> 00:01:14,436 you're okay well that's layer three, that's above the above the VLAN. 20 00:01:14,436 --> 00:01:18,126 Well, it's kind of like layer three, everything works its way down, right? 21 00:01:18,376 --> 00:01:21,876 Layer three is great as long as it has a layer two to stand on. 22 00:01:22,076 --> 00:01:26,496 I mean, what's the first thing that happens when this guy try-- tries to access this guy? 23 00:01:26,806 --> 00:01:28,176 He sends a broadcast, right? 24 00:01:28,176 --> 00:01:31,176 He's saying, "Hello, I'm trying to reach 10.1.1.51. 25 00:01:31,416 --> 00:01:33,126 ARP, what is your MAC address?" 26 00:01:33,126 --> 00:01:34,846 And the ARP goes nowhere. 27 00:01:34,846 --> 00:01:40,026 It comes out the two red ports and there is no 10.1.1.51 on those red ports so, he is cut off. 28 00:01:40,026 --> 00:01:45,506 Even if we manually could type in the MAC address of this guy and somehow associate it. 29 00:01:45,746 --> 00:01:49,086 So, this guy wouldn't have the ARP, the VLANS would still separate it. 30 00:01:49,086 --> 00:01:51,086 It would still say, "No, you cannot go there. 31 00:01:51,086 --> 00:01:52,486 You are not authorized. 32 00:01:52,706 --> 00:01:54,086 This is a layer two separation." 33 00:01:54,086 --> 00:01:56,786 So, we've got these guys that are saying, "Help us. 34 00:01:57,246 --> 00:01:58,166 We can't talk." 35 00:01:58,746 --> 00:02:02,086 So, the host can't speak directly even if they need too. 36 00:02:02,086 --> 00:02:06,506 Even if, you know, the one on the right is, you know, accounting server nine or something 37 00:02:06,506 --> 00:02:09,346 like that the one on the left is accounting user one. 38 00:02:10,486 --> 00:02:14,486 So they need some kind of layer three assistant to make it happen. 39 00:02:14,956 --> 00:02:18,076 Enter stage left, [inaudible], the router. 40 00:02:18,756 --> 00:02:23,126 [Laugh] My weird mind, I was trying figure out a way to have a router come dancing on the scene 41 00:02:23,126 --> 00:02:26,146 and capes and all, it didn't work out. 42 00:02:26,416 --> 00:02:31,486 Now as you saw from the opening slide, I'm going to show you two different options of routing 43 00:02:31,486 --> 00:02:36,196 between VLANs, this one being the first using separate interfaces. 44 00:02:36,196 --> 00:02:39,956 Now, I know it may seem kind of silly but I still remember back 45 00:02:39,956 --> 00:02:44,766 to when I was first learning Cisco when I was looking at CCNA and all I saw was diagrams 46 00:02:44,766 --> 00:02:46,776 like this to where we'll they weren't even that nice. 47 00:02:46,776 --> 00:02:50,136 See, they're just kind of like, you know, in a textbook black and white. 48 00:02:50,136 --> 00:02:53,326 You know, I just saw this logical view of the network. 49 00:02:53,646 --> 00:02:56,836 And while I was like, okay I kind of get it like I never really get it 50 00:02:56,836 --> 00:02:58,186 until I started seeing physically. 51 00:02:58,186 --> 00:03:01,766 I'm looking at the rack, I'm tracing cables and I'm like, oh, oh that's how it's plugged in. 52 00:03:02,016 --> 00:03:07,876 So, I tried to represent what we see in this logical view with what it actually looks 53 00:03:07,876 --> 00:03:09,386 like physically doing this kind of thing. 54 00:03:09,556 --> 00:03:12,086 So let's look at the physical and then we'll jump back over there. 55 00:03:12,136 --> 00:03:19,316 Physically, I have a router this is get old 60 just because clip art guy made the guts. 56 00:03:19,316 --> 00:03:22,016 You know the same, same router we saw previously. 57 00:03:22,016 --> 00:03:27,696 We've got one interface we'll say Fast Ethernet 0/1 plugged in to we'll just say port two. 58 00:03:28,106 --> 00:03:30,336 That's what it looks like, Fa0/1. 59 00:03:30,586 --> 00:03:36,106 Another interface is plugged in to, I'll put F0/0 is plugged in to I don't know it's looks 60 00:03:36,106 --> 00:03:39,336 like about port 10 or something like that that's over there. 61 00:03:39,336 --> 00:03:43,146 Now, these ports as you can see from the logical view are in different VLANs. 62 00:03:43,146 --> 00:03:48,426 So maybe this, this port is a sign to VLAN 10. 63 00:03:48,756 --> 00:03:50,456 And let me switch colors. 64 00:03:50,676 --> 00:03:55,346 This port right here is assigned to VLAN 20. 65 00:03:55,936 --> 00:04:00,596 Now these computers right here, they'll be assigned to the VLANs as well. 66 00:04:00,726 --> 00:04:05,766 Let's go back, go purple, we'll say this one right here connected port 12 is assigned 67 00:04:05,766 --> 00:04:06,796 to VLAN 10. 68 00:04:07,826 --> 00:04:11,466 And the computer on the right, this one-- now don't you love-- 69 00:04:11,466 --> 00:04:14,596 I've tried to find that old sputnik kind of computer that I could. 70 00:04:14,896 --> 00:04:19,606 The computer on the right, he's going to be in the VLAN 20. 71 00:04:19,606 --> 00:04:22,876 So, these ports right are assigned to the appropriate VLANs, right? 72 00:04:22,876 --> 00:04:27,946 So, what that means is this guy, if we are to follow his packet flow, 73 00:04:27,946 --> 00:04:33,756 we would go into this interface we'll say, "Fast Ethernet 0/-- let me write in the red F0/0." 74 00:04:33,756 --> 00:04:36,276 He'll be assigned an IP address from this guy's subnet. 75 00:04:36,276 --> 00:04:40,496 So we'll make him 10.1.20.1. 76 00:04:40,916 --> 00:04:47,556 This guy over here, this computer might be 10.1.20.20 and this is his IP address. 77 00:04:47,556 --> 00:04:50,756 And he has a default gateway, well what is default gateway be? 78 00:04:50,996 --> 00:04:53,956 10.1.20.1, right? 79 00:04:53,956 --> 00:04:58,696 So, what that saying is, he-- and these are all /24, so a Class C subnet mask. 80 00:04:58,816 --> 00:05:04,056 So, to get off of his network he's going to come in here ARP for his default gateway 81 00:05:04,056 --> 00:05:06,796 which is on the same VLAN come in here. 82 00:05:07,236 --> 00:05:09,766 This guy, let's say he's trying to ping the purple guys. 83 00:05:09,766 --> 00:05:11,346 Let's fill in the purple players. 84 00:05:11,636 --> 00:05:15,646 Purple guy number one is 10.1.10.20. 85 00:05:15,646 --> 00:05:17,846 Let's give him that IP address. 86 00:05:18,086 --> 00:05:27,366 His default gateway is 10.1.10.1 and that's his port right here 10.1.10.1 is the IP address 87 00:05:27,366 --> 00:05:28,556 we'll assign to this interface. 88 00:05:28,916 --> 00:05:31,896 So, when this guy, when the guy on the right pings the guy 89 00:05:31,896 --> 00:05:37,076 on the left his packet flow is going to go wooh, you know, coming in down here, hit this guy, 90 00:05:37,076 --> 00:05:40,546 he's going to look at his routing table and go, "Oh, great you're right over there." 91 00:05:40,746 --> 00:05:47,296 He's going to come in to this port on the switch of VLAN and then come out and reach this guy. 92 00:05:48,106 --> 00:05:52,006 By the way, you'll often see routers that are connected this way. 93 00:05:53,046 --> 00:05:56,986 And actually, the way I'm showing you right now is very, very uncommon. 94 00:05:56,986 --> 00:05:58,666 It's just kind of to learn the concept. 95 00:05:58,666 --> 00:06:02,286 I'll show you the most common way, coming up. 96 00:06:02,286 --> 00:06:06,076 The commonly called routers that are connected like this a router on a stick. 97 00:06:06,426 --> 00:06:08,836 I kid you not like a corn dog or something. 98 00:06:08,836 --> 00:06:11,356 You know it's a-- yeah, Google it, and you type in router on a Stick 99 00:06:11,356 --> 00:06:12,606 and you'll see this exact diagram. 100 00:06:12,606 --> 00:06:16,496 So, from a logical view, this is kind of what it looks like. 101 00:06:16,496 --> 00:06:20,186 So that's physically, this is what it looks like from the logical view, two computers, 102 00:06:20,186 --> 00:06:23,926 two different VLANs, router one interface in each one of those VLANs. 103 00:06:24,536 --> 00:06:27,546 Now what I just did was pause the recording so I could go in 104 00:06:27,546 --> 00:06:29,886 and label all of the different ports. 105 00:06:29,886 --> 00:06:33,796 Now, forgive me I did-- just to how I put things in. 106 00:06:33,796 --> 00:06:38,036 The ports physically on this view I don't reflect the actual orders. 107 00:06:38,036 --> 00:06:43,856 So, this is my computer that's what I'm working on right now plugged in to Fast Ethernet0/5. 108 00:06:43,956 --> 00:06:45,536 This is my Dell laptop. 109 00:06:45,536 --> 00:06:49,666 I actually have a little tiny laptop I used to test and play around with. 110 00:06:49,666 --> 00:06:52,976 I've got that plugged in to Fast Ethernet 0/6. 111 00:06:52,976 --> 00:06:55,996 Now I'm already going in but actually when I paused it I went in 112 00:06:55,996 --> 00:06:58,566 and assigned these guys the correct IP address. 113 00:06:58,566 --> 00:07:02,806 So you can see these guys got 10.1.20.50. 114 00:07:03,416 --> 00:07:11,976 And well, you can't see the laptop but it's got 10.1.10.50 [inaudible] there we go. 115 00:07:11,976 --> 00:07:16,716 So, it's got the 10.1.10.50 [inaudible] me and this is this is my laptop. 116 00:07:17,026 --> 00:07:21,036 So, they each have their default gateway set to 10.1.20.1. 117 00:07:21,106 --> 00:07:25,576 And this guy has his default gateway set to 10.1.10.1 which is going 118 00:07:25,576 --> 00:07:26,916 to be how we configure this router. 119 00:07:27,116 --> 00:07:30,436 Now this router you can see is plugged in to Fast Ethernet 0/3 and 4. 120 00:07:30,686 --> 00:07:33,956 So, the first thing I haven't even done any of this config 'cause I want 121 00:07:33,956 --> 00:07:35,966 to show it all to you on the switch. 122 00:07:37,196 --> 00:07:41,506 All I did was going in and I kind of turned on the ports 'cause they were all shutdown. 123 00:07:41,896 --> 00:07:46,316 So, let's go in and create first off the two VLANs on CBT switch. 124 00:07:46,316 --> 00:07:48,056 Let's do a quick show VLAN first. 125 00:07:48,256 --> 00:07:52,776 This is from-- we still have some VLANs hanging around from the previous Nugget that we did 126 00:07:52,776 --> 00:07:56,026 and that's fine they're not going to causing any harm there's no ports assigned to them. 127 00:07:56,026 --> 00:08:05,096 So, I'll go VLAN 10 named blue exit, VLAN 20 named red exit. 128 00:08:05,486 --> 00:08:09,076 Okay, so we've got the two VLANS created let's go start assigning some ports. 129 00:08:09,076 --> 00:08:13,336 I'm going to go into interface Fast Ethernet 0/5. 130 00:08:13,336 --> 00:08:17,536 Just to make sure, switch port mode access that should all be that way but 131 00:08:17,626 --> 00:08:19,206 and I was-- I want to double check. 132 00:08:19,586 --> 00:08:25,046 Then we will do a switch port access VLAN. 133 00:08:25,046 --> 00:08:27,596 And we are in the red so that'll be VLAN 20. 134 00:08:28,296 --> 00:08:31,956 Hit the up arrow and that's shoot over to Fast Ethernet 0/4. 135 00:08:31,956 --> 00:08:33,396 Yet, there's some other ports that are red 136 00:08:33,396 --> 00:08:36,326 but they're just logical and not assigned to any thing. 137 00:08:36,666 --> 00:08:37,936 So, you are VLAN 20. 138 00:08:38,036 --> 00:08:40,156 And if you were being thorough you could do a description 139 00:08:40,156 --> 00:08:44,096 and put router VLAN 20 interface and so on and so forth. 140 00:08:44,096 --> 00:08:45,316 We don't need to do that though. 141 00:08:45,506 --> 00:08:56,906 So, I exit back out and let's go into interface Fast Ethernet 0/3 through him on VLAN 10 as well 142 00:08:56,906 --> 00:09:01,696 as Fast Ethernet 0/6 which is the PC put him on VLAN 10 as well. 143 00:09:01,696 --> 00:09:02,246 Okay, good. 144 00:09:02,246 --> 00:09:06,136 So, let's go back in to a show-- show VLAN. 145 00:09:06,456 --> 00:09:07,796 I saw my VLAN once. 146 00:09:07,796 --> 00:09:09,076 See how these messages are valuable. 147 00:09:09,216 --> 00:09:10,546 VLAN one just went down. 148 00:09:11,006 --> 00:09:13,616 Why? Because there's no active ports left 149 00:09:13,616 --> 00:09:17,076 in VLAN one I just moved all the active ports out into these other VLANs. 150 00:09:17,076 --> 00:09:21,676 So now I have VLAN blue and VLAN red with the correct ports assigned that kind of match 151 00:09:21,916 --> 00:09:23,336 that diagram that you see on the screen. 152 00:09:23,666 --> 00:09:25,906 Now I'll do a show IP interface brief. 153 00:09:26,036 --> 00:09:29,876 These are these are the four ports right here that they're all plugged in to. 154 00:09:30,226 --> 00:09:34,476 So we're kind of seeing in the config what's reflected there on the diagram. 155 00:09:34,636 --> 00:09:37,426 Okay. Now what? 156 00:09:37,426 --> 00:09:39,116 Now I need to go over to the router. 157 00:09:39,116 --> 00:09:42,656 So I've got the VLANs setup, everybody is separated even if I wanted 158 00:09:42,656 --> 00:09:45,856 to at this point my happy computer could not reach 159 00:09:45,856 --> 00:09:48,356 over here 'cause they are not only different IP subnets but they are 160 00:09:48,406 --> 00:09:49,926 on completely different VLAN, so they're not talking. 161 00:09:49,956 --> 00:09:51,666 So I'm now going to go to my router and give this guy the IP Address. 162 00:09:51,696 --> 00:09:53,916 So, on the blue VLAN, he'll be 10.1.10.1 let's add those in there. 163 00:09:53,946 --> 00:09:55,806 On the red VLAN, he will be 10.1.20.1, right? 164 00:09:55,836 --> 00:09:57,336 So this guy is going to kind a do this, this sort of thing 165 00:09:57,366 --> 00:09:58,596 and then loop back here to communicate with him. 166 00:09:58,626 --> 00:09:59,976 So, that's going to be the flow of the chain of events. 167 00:10:00,256 --> 00:10:04,546 On the red VLAN, he will be 10.1.1.20.1, right? 168 00:10:04,726 --> 00:10:07,226 So this guy is going to kind of do this, this sort of thing 169 00:10:07,586 --> 00:10:09,906 and then loop back here to communicate with him. 170 00:10:10,286 --> 00:10:15,156 So, that's going to be the flow of the chain of events. 171 00:10:15,296 --> 00:10:20,306 So, let me keep those and then let's jump over the router. 172 00:10:20,306 --> 00:10:23,526 Reach down, move my console cable up. 173 00:10:25,036 --> 00:10:30,106 Sometimes I'm-- sometimes I'm glad there's no camera to show just how wacky it was set 174 00:10:30,106 --> 00:10:34,096 up this-- 'cause I've got-- I like standing when I teach 175 00:10:34,096 --> 00:10:35,946 but I don't have a standing desk anymore. 176 00:10:36,216 --> 00:10:43,586 So I literally have packing boxes where I put my keyboard up, my-- like it's funny. 177 00:10:43,746 --> 00:10:46,886 So, and now, I moved over to the router. 178 00:10:46,996 --> 00:10:50,206 So, show IP interface brief. 179 00:10:50,366 --> 00:10:53,256 Now this, we just did the base config in the last nugget, 180 00:10:53,256 --> 00:10:59,436 so we just I think demonstrate putting an IP address on there but that's no longer relevant. 181 00:10:59,436 --> 00:11:05,356 So let's go into interface Fast Ethernet, interface Fast Ethernet 0/0. 182 00:11:05,556 --> 00:11:16,816 And let's give it the IP address IP 10.1.10.1, 255.255.255.0, enter. 183 00:11:16,816 --> 00:11:17,416 Oh, what am I doing? 184 00:11:17,416 --> 00:11:18,986 IP space address. 185 00:11:19,286 --> 00:11:22,216 So, that's now accurate to meet this. 186 00:11:22,216 --> 00:11:25,566 I'm looking, double checking, Fast Ethernet 0.0.10.1.1. 187 00:11:25,846 --> 00:11:26,186 We're good. 188 00:11:26,336 --> 00:11:31,816 Good. Let's go into interface Fast Ethernet 0/1. 189 00:11:32,226 --> 00:11:36,556 We'll do IP address 10.1.20.1, right? 190 00:11:37,716 --> 00:11:39,086 Put that in there. 191 00:11:39,086 --> 00:11:41,536 Every-- and then they were both powered up just 192 00:11:41,536 --> 00:11:43,986 from the base configuration Nugget that we did before. 193 00:11:44,346 --> 00:11:45,416 So, that's good. 194 00:11:46,626 --> 00:11:47,356 Good, good. 195 00:11:47,636 --> 00:11:50,596 So in this one, let me do a show IP interface brief. 196 00:11:51,036 --> 00:11:54,646 And I see 10.1.10.1. 197 00:11:54,646 --> 00:11:56,546 It's good, looks up 10.1.20.1. 198 00:11:56,546 --> 00:11:57,816 Okay, so let's test it. 199 00:11:57,816 --> 00:12:04,916 I'm going to see if this guy can actually ping 10.1.20.1. 200 00:12:04,916 --> 00:12:06,176 They should be on the same VLAN. 201 00:12:06,176 --> 00:12:09,186 So, well, let's-- let me bring it up. 202 00:12:09,936 --> 00:12:12,826 Ping 10-- well let me just IP config first. 203 00:12:12,826 --> 00:12:19,236 IP config and you know I want to get this-- let me get that guy out of there, there. 204 00:12:21,156 --> 00:12:22,306 You are disabled. 205 00:12:22,706 --> 00:12:27,796 And just-- and this-- that's going to cause confusion I think. 206 00:12:27,796 --> 00:12:31,706 So, LAN1 is gone 'cause we won't know which default gateway 207 00:12:31,706 --> 00:12:33,586 to use since you had two of them. 208 00:12:33,586 --> 00:12:35,036 So, now we just have the LAN2. 209 00:12:35,036 --> 00:12:40,556 Okay. So, we've got 10.1.20.50 so let's see if we can ping 10.1.20.1. 210 00:12:41,236 --> 00:12:42,486 And look at that, over there. 211 00:12:42,486 --> 00:12:44,936 And then now, great. 212 00:12:45,186 --> 00:12:49,996 I've severed my network connections I'm getting all these errors. 213 00:12:49,996 --> 00:12:53,506 So, great, where there-- but it's kind of like, well wait a sec, 214 00:12:53,506 --> 00:12:56,386 prove to me that that's the actual Cisco router let's telnet there. 215 00:12:56,516 --> 00:13:02,226 10.1.20.1, this-- I'd never even realized a mistake that-- this a secure Cisco router. 216 00:13:02,226 --> 00:13:03,896 So we're in there, enable Cisco. 217 00:13:04,346 --> 00:13:08,566 So this is indeed the same exact Cisco router. 218 00:13:08,566 --> 00:13:14,286 So, that proves to me now that I can move from this computer into this interface. 219 00:13:14,286 --> 00:13:17,186 Now, my laptop I can't really show you 'cause it's right there. 220 00:13:17,556 --> 00:13:24,036 But that I've already configured with this IP address so let's see if we can ping that far. 221 00:13:24,526 --> 00:13:31,716 Exit out of here and let's do ping 10.1.-- well, first let's ping 10.1.10.1. 222 00:13:31,716 --> 00:13:32,226 That's good. 223 00:13:32,226 --> 00:13:37,686 Okay, what that proves is I'm going out here, hit in this and then I'm able to reach this side 224 00:13:37,686 --> 00:13:39,216 and that tells me the interface is up. 225 00:13:39,416 --> 00:13:44,076 I haven't really gone too much further but let's now go the rest of the way 10.1.10.50. 226 00:13:44,676 --> 00:13:47,826 Okay, there we go. 227 00:13:48,376 --> 00:13:56,606 So, we've got 10.1.10.50 which now replies which tells me, "I'm going through this router, 228 00:13:56,856 --> 00:13:59,286 back out this interface and then hitting this guy." 229 00:13:59,626 --> 00:14:01,756 Now, we can actually prove it a little differently. 230 00:14:01,756 --> 00:14:07,916 I can do trace route, trace rt in the windows world. 231 00:14:08,056 --> 00:14:11,786 Trace route-D, that says, "Don't try to resolve host." 232 00:14:11,786 --> 00:14:13,706 And otherwise, this command just takes forever 233 00:14:13,916 --> 00:14:16,536 because it's always trying to figure out what name is that. 234 00:14:16,536 --> 00:14:20,986 It'll look at the IP address you typed in and trying do what's call the reverse DNS to try 235 00:14:20,986 --> 00:14:22,536 and figure out what host name that is. 236 00:14:22,746 --> 00:14:23,786 Well I do that, it takes too long. 237 00:14:24,096 --> 00:14:30,946 So I'll do trace route 10.1.10.50 which is saying, "Show me the path to that laptop." 238 00:14:31,456 --> 00:14:37,336 And what this shows is my computer which is it's this happy computer over on the left. 239 00:14:37,336 --> 00:14:42,696 My computer 10.1.20.50 goes through the router at 10.1.20.1. 240 00:14:42,696 --> 00:14:46,686 So we're routing now and the router spits it out here and that's 241 00:14:46,686 --> 00:14:48,566 when it ends up reaching 10.1.50. 242 00:14:48,566 --> 00:14:51,116 Now, a trace route if this is your first time seeing it, 243 00:14:51,116 --> 00:14:53,206 it actually does three pings for each hop. 244 00:14:53,556 --> 00:14:57,786 That allows you to see if there's ever a slow link in the chain. 245 00:14:57,786 --> 00:14:59,976 You'll be able to be like, oh, looks like this one is really slow. 246 00:15:00,796 --> 00:15:05,646 But in this case, it's verified for us the actual path that we're going through the router. 247 00:15:06,326 --> 00:15:07,616 Now, let's look at option two. 248 00:15:08,416 --> 00:15:14,396 Most people don't use the scenario I just gave you other than maybe to learn how to route 249 00:15:14,396 --> 00:15:16,656 and things like that because it's just inefficient. 250 00:15:16,826 --> 00:15:22,156 The more VLANs you have and people have lots of VLANs you know 10, 20, 30 that kind of thing. 251 00:15:22,156 --> 00:15:26,676 The more VLANs that you have the more interfaces it's going to end up taking on a router. 252 00:15:26,926 --> 00:15:30,326 And routers honestly don't have that mini Ethernet interfaces. 253 00:15:30,326 --> 00:15:33,146 Usually routers will have, you know, a few maybe two, three, four, 254 00:15:33,146 --> 00:15:36,146 five at most, but routers are also expensive. 255 00:15:36,146 --> 00:15:40,056 So the more interface users start adding in there you just start maxing out the route. 256 00:15:40,056 --> 00:15:41,556 It's just, just inefficient. 257 00:15:41,556 --> 00:15:44,356 In the end, you're eating up extra switch ports for that. 258 00:15:44,356 --> 00:15:49,166 And I mean, if every single router connection needs a switch port then-- 259 00:15:49,166 --> 00:15:51,916 or every single VLAN needs a switch port you're eating up just a lot 260 00:15:51,916 --> 00:15:53,606 of your ports just to connect to the router. 261 00:15:53,866 --> 00:15:56,376 So, you probably have been staring at this picture for a second. 262 00:15:56,706 --> 00:15:57,286 What do we do? 263 00:15:57,886 --> 00:15:59,706 We use a trunk port. 264 00:16:00,036 --> 00:16:03,426 Now, remind me again, scream in out loud and people think you're crazy. 265 00:16:04,616 --> 00:16:08,136 What VLANs are carried by a trunk port? 266 00:16:08,726 --> 00:16:10,616 And we all scream, "All of them. 267 00:16:10,616 --> 00:16:12,616 All VLANs are carried by a trunk port." 268 00:16:12,616 --> 00:16:13,206 Absolutely. 269 00:16:13,206 --> 00:16:19,076 So if a trunk carries all VLANs then nothing is to stop us from setting up this router 270 00:16:19,326 --> 00:16:21,376 and connecting it to a trunk port. 271 00:16:21,376 --> 00:16:26,446 So, all the VLANs that's all the blue traffic, all the red traffic that are needed come 272 00:16:26,446 --> 00:16:29,196 down here to this router and it's able to do the routing. 273 00:16:30,446 --> 00:16:36,906 Okay. So, what's that mean to me what-- so, let's go back to the scenario. 274 00:16:36,906 --> 00:16:43,166 We have at this computer 10.1.20.50, right? 275 00:16:43,266 --> 00:16:52,076 And then, this computer 10.1.20.50 or wait a second, 10.1.10.50. 276 00:16:52,396 --> 00:16:53,986 Okay, so we have these IP addresses. 277 00:16:53,986 --> 00:16:59,776 So, if that's the case, then I mean, these guys needed default gateway on their network, right? 278 00:16:59,776 --> 00:17:03,956 One needs 10.1.10.1 the other needs 10.1.20.1. 279 00:17:04,246 --> 00:17:07,156 So now, we're just plugged into one interface here. 280 00:17:07,156 --> 00:17:09,216 So what IP address do we give that interface? 281 00:17:10,066 --> 00:17:14,196 Well the answer is actually both of them. 282 00:17:14,936 --> 00:17:18,746 Let me introduce to you to the concept of subinterfaces. 283 00:17:19,086 --> 00:17:20,106 Oh, that's a weird one. 284 00:17:20,176 --> 00:17:24,446 So, here's-- we've got and we'll say, "Fast Ethernet 0/0? 285 00:17:25,026 --> 00:17:27,796 Now, right now I want to know. 286 00:17:27,796 --> 00:17:31,126 What-- I think yeah this is definitely Fast Ethernet 0/0. 287 00:17:31,126 --> 00:17:37,086 So physically, a Fast Ethernet 0/0 plugged into the Fast Ethernet 0/2. 288 00:17:37,086 --> 00:17:41,436 That interface is the physical interface it actually gets nothing assigned to it. 289 00:17:41,436 --> 00:17:42,896 There's no IP address at all. 290 00:17:43,716 --> 00:17:53,416 What we'll do though is create Fast Ethernet 0/0.10 for VLAN 10. 291 00:17:53,946 --> 00:17:59,726 We'll create Fast Ethernet 0/0.20 for VLAN 20 292 00:17:59,726 --> 00:18:03,606 and then we can give them the IP addresses 10.1.20.1 gets assigned 293 00:18:03,606 --> 00:18:07,766 to that subinterface 10.1.10.1 gets assigned to that one. 294 00:18:07,766 --> 00:18:09,246 So what are those? 295 00:18:09,246 --> 00:18:10,846 How-- I mean, how did those work? 296 00:18:10,986 --> 00:18:12,556 They are virtual interfaces. 297 00:18:12,556 --> 00:18:14,526 We're going to get use to this word virtual, right? 298 00:18:14,776 --> 00:18:18,726 They don't really exist but what it does is accept tags. 299 00:18:18,726 --> 00:18:21,666 Remember, did I say remember? 300 00:18:21,926 --> 00:18:26,076 Remember, the trunk port keeps the tag on the interface. 301 00:18:26,076 --> 00:18:28,356 So, when this guy says, "I need to reach my default gateway." 302 00:18:28,656 --> 00:18:33,346 The trunk port will say, "Okay, this is request from we'll just say client one" and I'm going 303 00:18:33,346 --> 00:18:36,226 to put the tag of VLAN 10 on there. 304 00:18:36,446 --> 00:18:39,056 So when it's received on here, this router will need 305 00:18:39,056 --> 00:18:42,066 to know okay VLAN 10 tags all go this subinterface. 306 00:18:42,736 --> 00:18:44,466 So, that one will respond to it. 307 00:18:44,466 --> 00:18:47,386 And this one, you know, it'll come in and it'll be tagged and we got to go red. 308 00:18:47,386 --> 00:18:52,256 It will be tagged VLAN 20 right there so we need to configure this subinterface to respond 309 00:18:52,256 --> 00:18:54,716 to those tags for VLAN 20, just try it out. 310 00:18:55,346 --> 00:19:00,556 I still have the same configuration on there so let's first off empty it 311 00:19:00,556 --> 00:19:03,856 to where it's back the way it should be for this kind of config. 312 00:19:04,206 --> 00:19:11,446 I'm going to go in to Fast Ethernet 0/1 and do no IP address and shut it down. 313 00:19:11,446 --> 00:19:14,236 We'll not going to need it anymore because we're going 314 00:19:14,236 --> 00:19:17,446 to just connect Fast Ethernet 0/0 to the trunk port. 315 00:19:17,666 --> 00:19:19,436 Likewise, I'm going back out and go 316 00:19:19,436 --> 00:19:22,706 into interface Fast Ethernet 0/0 and do no IP address. 317 00:19:22,976 --> 00:19:25,356 Because like I said, there's not going to be anything assigned 318 00:19:25,386 --> 00:19:28,796 to that individual interface the physical interface. 319 00:19:28,986 --> 00:19:30,666 I'm going to start creating the subinterfaces. 320 00:19:30,666 --> 00:19:31,816 So, let's look at it. 321 00:19:31,816 --> 00:19:36,496 I'll do a show IP interface brief and it feels like we've taken a step backwards in our config 322 00:19:36,496 --> 00:19:38,436 because now it's like there's nothing there. 323 00:19:38,826 --> 00:19:41,936 Well, before I do the router config, I'm going to hop down and do the tru-- 324 00:19:41,936 --> 00:19:47,096 do the switch because the switch needs to know that I'm going to set up the port going 325 00:19:47,096 --> 00:19:49,896 to the router as a trunk nor or view, right? 326 00:19:50,056 --> 00:19:55,646 So I'm in CBT switch, I'm looking here on the diagram this is Fast Ethernet 0/2. 327 00:19:58,226 --> 00:20:04,256 We'll do switch port trunk encapsulation dot1q turn on 802.1q protocol 328 00:20:04,406 --> 00:20:06,906 and then I'll do a switch port mode trunk. 329 00:20:07,726 --> 00:20:08,726 That's it. 330 00:20:10,036 --> 00:20:12,416 And it-- oh, wait a sec. 331 00:20:13,016 --> 00:20:14,246 Did I write down the wrong port? 332 00:20:14,986 --> 00:20:17,846 I did, that's why CDP is so valuable. 333 00:20:18,106 --> 00:20:21,296 This-- sorry scratch that it should be Fast Ethernet 0/3. 334 00:20:21,546 --> 00:20:22,796 Great, more practice. 335 00:20:23,216 --> 00:20:24,976 And so, we'll get back in there. 336 00:20:25,246 --> 00:20:27,296 Config T interface Fast Ethernet 0/3. 337 00:20:27,296 --> 00:20:30,476 Switch port trunk and encapsulation.1q. 338 00:20:30,696 --> 00:20:32,166 Switch port mode trunk. 339 00:20:32,436 --> 00:20:33,616 There we go. 340 00:20:33,616 --> 00:20:34,666 That now, we're good. 341 00:20:34,666 --> 00:20:40,256 Okay, so it's saying, "Okay, wait a sec, I'm resetting that interface, change down back up. 342 00:20:40,256 --> 00:20:42,276 So now it's configured as a trunk port. 343 00:20:43,386 --> 00:20:47,326 And remind me to show you a command about trunking, just thought of. 344 00:20:47,856 --> 00:20:51,136 I'll show you that in a second. 345 00:20:52,166 --> 00:20:52,756 I can hear you. 346 00:20:52,986 --> 00:20:53,806 I know what you're thinking. 347 00:20:54,566 --> 00:20:55,156 All right. 348 00:20:55,156 --> 00:20:57,016 So I'm sitting on-- I'm sitting on the router. 349 00:20:57,016 --> 00:20:59,976 I'm going to do-- okay, so here's the subinterface. 350 00:20:59,976 --> 00:21:05,156 I'm going to go into interface Fast Ethernet 0/0. 351 00:21:05,436 --> 00:21:06,896 And you might be wondering. 352 00:21:07,116 --> 00:21:09,266 Well, I mean how many of these can you create? 353 00:21:09,266 --> 00:21:11,846 How many subinterfaces are supported by CSCO? 354 00:21:12,266 --> 00:21:13,946 There it is. 355 00:21:14,426 --> 00:21:20,516 That was somewhere around 4,294, 967, 000 [inaudible]. 356 00:21:20,516 --> 00:21:22,656 I mean it's-- no, no, no, no don't go and create 357 00:21:22,656 --> 00:21:25,786 that many sub interfaces I'm sure the router would explode before then. 358 00:21:25,786 --> 00:21:28,676 He's just saying, "You have the flexibility to create a lot of them." 359 00:21:28,676 --> 00:21:31,326 There's no feasible limit to the number that you can create. 360 00:21:31,566 --> 00:21:36,416 But the nice thing about this is you can use whatever, you know, normal number you want to. 361 00:21:36,776 --> 00:21:40,936 So, I'm going to come in here and let me say, "Fast Ethernet 0/0.10. 362 00:21:40,936 --> 00:21:46,316 Now, to make this happen, first off the subinterface number does not-- 363 00:21:46,646 --> 00:21:51,816 does not mean that this now magically responds to things for VLAN 10. 364 00:21:52,126 --> 00:21:54,006 The subinterface number is just unidentified. 365 00:21:54,006 --> 00:21:59,536 Let me do a show IP interface brief and you see new magic interface has popped up out 366 00:21:59,536 --> 00:22:07,386 of nowhere this .10 which it doesn't do anything until I typed in encapsulation dot 1q 367 00:22:08,406 --> 00:22:11,506 and follow it up with what VLAN it responds to. 368 00:22:12,086 --> 00:22:13,016 That's the key. 369 00:22:13,466 --> 00:22:18,736 That's the one that says, "Okay, subinterface 0/0.10 any packets that you see tagged 370 00:22:18,736 --> 00:22:21,656 with the number 10 on it remember 'cause this is a trunk that's a good thing. 371 00:22:21,976 --> 00:22:26,106 Any thing that you see tagged with VLAN 10 you will grab, you grab those." 372 00:22:26,496 --> 00:22:27,856 And that's such required command. 373 00:22:27,856 --> 00:22:33,326 So you could and I don't know why you would, you could make this subinterface number 1,292 374 00:22:33,326 --> 00:22:37,746 and then say encapsulation.1q10 and it would do the same thing. 375 00:22:38,036 --> 00:22:39,286 But why would you do that? 376 00:22:39,286 --> 00:22:41,736 It's just not logical. 377 00:22:42,096 --> 00:22:46,586 So, usually, usually, you will match the subinterface number to the VLAN number. 378 00:22:46,586 --> 00:22:47,976 Now, let's give it the IP address. 379 00:22:48,516 --> 00:22:52,436 [ Pause ] 380 00:22:52,936 --> 00:22:55,396 Good. Now, let me show you something else. 381 00:22:55,396 --> 00:22:56,796 I'm going to do interface. 382 00:22:56,796 --> 00:23:01,476 Usually, one thing you'll find in Cisco is that it doesn't really matter what order you typed 383 00:23:01,476 --> 00:23:04,746 to commands in like if I go in and do a no shut first 384 00:23:04,746 --> 00:23:06,426 and then assign the IP address that's fine. 385 00:23:06,466 --> 00:23:09,166 I could also go in and do the IP address and then do a no show. 386 00:23:09,166 --> 00:23:12,356 I mean, the order it's not really order dependent but some commands will. 387 00:23:12,466 --> 00:23:13,046 Like watch this. 388 00:23:13,046 --> 00:23:14,526 I'll do, let me just set the up arrow. 389 00:23:14,816 --> 00:23:18,836 IP address 10.0.20.1, watch what it tells me. 390 00:23:19,106 --> 00:23:23,116 It's like sorry you can't give this subinterface an IP address 391 00:23:23,116 --> 00:23:25,276 until you tell me what VLAN it belongs to. 392 00:23:25,956 --> 00:23:30,236 And if you think about it make sense that the router is trying to convey you it's like, "Hey, 393 00:23:30,426 --> 00:23:32,706 I don't know when to use this subinterface." 394 00:23:32,876 --> 00:23:36,106 There's nothing telling me when this subinterface should jump in 395 00:23:36,106 --> 00:23:38,496 and be like I got you, you know, and grab the packet so. 396 00:23:38,726 --> 00:23:41,186 So, we have to tell it, "Okay, okay, sorry about that." 397 00:23:41,186 --> 00:23:46,576 Encapsulation, and so you're going to grab the packet when it is VLAN 20 and now I hit the 398 00:23:46,576 --> 00:23:49,746 up arrow, takes the IP address no problem, right? 399 00:23:50,176 --> 00:23:53,396 So, now I can do a show IP interface brief. 400 00:23:55,216 --> 00:23:56,476 That's looking cool. 401 00:23:56,566 --> 00:24:02,626 So we've got now the two sub interfaces 10.1.10.1 and 10.1.20.1. 402 00:24:02,626 --> 00:24:08,346 Every thing else is the same and now our computers can do their pings just 403 00:24:08,636 --> 00:24:09,506 with out any problem. 404 00:24:09,506 --> 00:24:10,446 Well, with out any problem. 405 00:24:10,446 --> 00:24:17,276 I actually went in and disable it 'cause I had to save the last recording and it blew up. 406 00:24:17,276 --> 00:24:19,066 So now, let me flip it back it over. 407 00:24:19,416 --> 00:24:20,926 So now I've got LAN2 we should. 408 00:24:20,926 --> 00:24:27,156 We should have-- we should have-- yep, there we go the IP address. 409 00:24:27,156 --> 00:24:28,086 So, let's if it works. 410 00:24:28,546 --> 00:24:31,676 Ping 10.1.10.1. 411 00:24:35,356 --> 00:24:44,946 Dot 10-- Oh, wait no, or scratch that 10.1.20.1, that's the IP address I'm in. 412 00:24:45,146 --> 00:24:47,926 Destination host, oh, there yo go. 413 00:24:47,926 --> 00:24:48,836 Oh, okay, okay. 414 00:24:48,836 --> 00:24:50,016 Thank you Window 7. 415 00:24:50,016 --> 00:24:56,126 See Window 7, it fix you out like Windows XP, when you disable and enable an interface 416 00:24:56,126 --> 00:24:57,556 like that, it'll just hang there. 417 00:24:57,556 --> 00:25:00,676 It's like I'm just sitting here and you're like what's wrong with you Windows and as fell 418 00:25:00,676 --> 00:25:02,356 as I go gamed on like 30 seconds later. 419 00:25:02,496 --> 00:25:04,806 Window 7 is like ha, ha I'm so fast 420 00:25:04,946 --> 00:25:07,326 but really behind the scenes it takes with the same 30 seconds. 421 00:25:07,326 --> 00:25:08,866 It's just doesn't make it and he sent it away. 422 00:25:09,086 --> 00:25:10,946 So, it just took some time and there we go. 423 00:25:10,946 --> 00:25:13,716 We now have my interface, my interface active. 424 00:25:13,716 --> 00:25:16,986 And now, what I'm doing is I'm coming in over that trunk port. 425 00:25:16,986 --> 00:25:21,406 Let's do a show interface Fast Ethernet 0/0.10. 426 00:25:22,106 --> 00:25:24,516 That didn't show me too much. 427 00:25:24,836 --> 00:25:28,536 So, well, I guess we'll only see the statistics on the parent interface. 428 00:25:28,646 --> 00:25:34,146 So I can see-- you know, this guy is not much but he's receiving some data for these 429 00:25:34,146 --> 00:25:37,516 and now I should be able to ping through to the other side. 430 00:25:37,516 --> 00:25:41,996 So, the same exact result 10.50, right? 431 00:25:41,996 --> 00:25:46,896 Ping 10.1.10.50, there we go. 432 00:25:46,896 --> 00:25:49,946 Same exact results as before. 433 00:25:50,256 --> 00:25:54,136 However, this one using-- this is truly a router 434 00:25:54,136 --> 00:25:57,366 on a stick this one using the trunk configuration to do this. 435 00:25:57,366 --> 00:25:59,956 Now, let me mention one more thing. 436 00:26:01,626 --> 00:26:04,726 I'm really debating, adding a third option in here and I think I'm going to. 437 00:26:04,946 --> 00:26:10,476 I want to mention one more thing and that is the validity of router on a stick. 438 00:26:10,806 --> 00:26:13,626 You will find a way, if you get in the real world and some one is like, 439 00:26:13,626 --> 00:26:15,456 "Hey, did-- so I heard you took CCNA? 440 00:26:15,456 --> 00:26:18,246 Did you learn routing through VLANs, you know." 441 00:26:18,246 --> 00:26:22,166 "Like, oh yeah, using the router on the stick" and they'll be like, wa-ha-ha, nobody, 442 00:26:22,166 --> 00:26:23,806 uses router on a stick blah, blah, blah." 443 00:26:23,806 --> 00:26:30,206 You know it's like they have this thing-- I will say router on a stick is designed typically 444 00:26:30,206 --> 00:26:35,666 for smaller environments, but it is used all of the time. 445 00:26:35,666 --> 00:26:40,596 And you know, the reason they say people don't use it is because it's a bottleneck 446 00:26:40,596 --> 00:26:42,026 and that that is absolutely correct. 447 00:26:42,026 --> 00:26:45,796 Because literally, for this guy to get to this guy, he's got to go do this little thing. 448 00:26:45,796 --> 00:26:49,036 Da, da, da, da kind of you know, hopping back and forth that's the-- 449 00:26:49,036 --> 00:26:52,576 that word yo-yo effect you get on the, the router on a stick because you're going out 450 00:26:52,576 --> 00:26:54,276 and back in, in and out and back in. 451 00:26:54,336 --> 00:26:55,746 You're going-- and see that kind of thing. 452 00:26:55,946 --> 00:26:58,906 So, it will slow you down but I'm telling you for small, 453 00:26:58,906 --> 00:27:02,426 sometimes even maybe mid-sized business, it works great. 454 00:27:02,546 --> 00:27:06,926 I mean if you can't afford a layer three switch which is option number three, 455 00:27:07,336 --> 00:27:10,676 there's no replacing a router on a stick. 456 00:27:10,786 --> 00:27:11,176 All right. 457 00:27:11,176 --> 00:27:15,666 So, let me show you-- oh, oh, oh wait, wait, before I do that before I see-- 458 00:27:15,916 --> 00:27:18,146 I almost forgot somebody who reminded me. 459 00:27:18,496 --> 00:27:21,016 I heard him, I wanted to show you one more command on trunking. 460 00:27:21,506 --> 00:27:22,896 Well it's kind of a nice one. 461 00:27:22,896 --> 00:27:25,486 We've configured a number of trunk interfaces now, right? 462 00:27:25,916 --> 00:27:30,196 On our CBT switch, there is a quick command that you can use 463 00:27:30,196 --> 00:27:32,216 to show what interfaces are trunking. 464 00:27:32,406 --> 00:27:35,736 You can do a show interface trunk. 465 00:27:36,726 --> 00:27:40,316 This is handy because I can go in there and I can say, "Oh well, now, 466 00:27:40,316 --> 00:27:42,156 there are more trunks but they're not active." 467 00:27:42,436 --> 00:27:48,026 I can see Fast Ethernet 0/3 it's on 802.1q is its encapsulation and it says, "Okay, 468 00:27:48,236 --> 00:27:52,606 VLANs allowed or all of them as it"-- now, we can restrict it, we can go in and say, "Well, 469 00:27:52,606 --> 00:27:54,476 not that VLAN, not this VLAN, not that." 470 00:27:54,476 --> 00:27:55,986 You know we can trim it down. 471 00:27:56,306 --> 00:28:01,546 But it's saying normally a trunk allows all VLANs so everything is allowed 472 00:28:01,546 --> 00:28:04,346 and then these are the ones that are actually active. 473 00:28:04,756 --> 00:28:11,026 So, even though on this example we only use VLAN 10 and 20 to switch 474 00:28:11,026 --> 00:28:15,776 because it is a trunk is allowing me to send all these VLANs to the router. 475 00:28:15,776 --> 00:28:17,606 So, all that traffic is going to the router. 476 00:28:17,606 --> 00:28:21,946 Now you might say, "Oh, wait a second, that doesn't feel efficient. 477 00:28:22,396 --> 00:28:24,476 Can I trim that down? 478 00:28:24,566 --> 00:28:31,396 Can I like-- can I just say VLANs 10 and 20 are allowed to cross that trunk to the router?" 479 00:28:31,646 --> 00:28:32,576 Answer is, "Sure." 480 00:28:33,176 --> 00:28:37,616 Go into interface Fast Ethernet 0/3 and you can do a switch port trunk 481 00:28:37,616 --> 00:28:39,036 and the command is actually allowed. 482 00:28:39,036 --> 00:28:39,496 Do you see that? 483 00:28:39,676 --> 00:28:43,876 Allowed VLANs and you can say, "I want to allow all of them. 484 00:28:44,016 --> 00:28:49,596 Well, I want to allow a few of them, add a few of VLANs to them 485 00:28:49,596 --> 00:28:51,646 or I want to remove the current ones. 486 00:28:51,646 --> 00:28:56,466 Now, you've got to be careful because you might say, "Okay, allowed VLAN 10." 487 00:28:56,526 --> 00:29:01,876 And I won't allow it ''cause it's, you know, it just says word that's why it hit VLAN 10. 488 00:29:01,876 --> 00:29:07,006 And says, "Okay, what I'm going to do is now trim that down you can see that kind of takes 489 00:29:07,006 --> 00:29:09,406 down a VLAN one 'cause nothing else is active there now. 490 00:29:09,406 --> 00:29:13,226 So, I'm going to do a show interface trunk again. 491 00:29:13,576 --> 00:29:16,686 Now you can see the out port and it says, "Allowed VLANs are active now." 492 00:29:16,906 --> 00:29:19,126 You've got to be careful here, be very careful. 493 00:29:19,126 --> 00:29:23,686 In production, it's very bad to just cut off VLANs on a whim 494 00:29:23,916 --> 00:29:26,716 and it's sometimes you'll be like, "Okay, well I want to do-- 495 00:29:26,716 --> 00:29:29,186 okay, I've added 10 let's add 20 now." 496 00:29:29,646 --> 00:29:32,816 I will tell you, everybody makes that mistake once. 497 00:29:32,966 --> 00:29:34,306 It's like the matrix, right? 498 00:29:34,566 --> 00:29:36,456 Everybody falls the first time Neo. 499 00:29:36,846 --> 00:29:41,256 That can be a painful fall because what that does is and let me go back, 500 00:29:41,946 --> 00:29:44,726 is notice it just replaced VLAN 10. 501 00:29:44,726 --> 00:29:46,746 So, let me talk to you about a production environment. 502 00:29:46,906 --> 00:29:50,976 You've got switches, you know, they're doing their thing with trunking and you've got all 503 00:29:50,976 --> 00:29:54,876 of these hundreds of devices connected, you know, 50 different VLANs. 504 00:29:54,876 --> 00:29:56,866 You know like oh, I just need to add VLAN 50 here. 505 00:29:56,866 --> 00:30:00,846 So you go in and type the command that I just showed you and say, "You know, allowed VLAN 50" 506 00:30:01,006 --> 00:30:05,846 and what happens is all the other 50 VLANs or 20 VLANs or whatever that around 507 00:30:05,846 --> 00:30:09,896 that thing get stripped and replaced by just to VLAN 50. 508 00:30:10,406 --> 00:30:13,686 If you've got some experience in this field, and you done that, you know that pain. 509 00:30:13,886 --> 00:30:17,956 That's a complete outage, and that a few phone calls and that's sent 510 00:30:18,206 --> 00:30:21,736 down in the manager's office saying, now why did you do that again? 511 00:30:21,736 --> 00:30:24,836 So you got to be careful, this is a replace command. 512 00:30:25,226 --> 00:30:27,786 So, if you want to use the switch for trunk-allowed VLAN, 513 00:30:27,786 --> 00:30:32,686 then I will do 10 comma 20 that will do that. 514 00:30:32,686 --> 00:30:37,096 Now, what if you've got a whole bunch of VLANs, you don't want to retype them all, right? 515 00:30:37,096 --> 00:30:39,636 So what you can do is that-- let me go back and let's just say, 516 00:30:39,636 --> 00:30:44,446 allowed VLAN 10 so we're back down to just 10, right? 517 00:30:44,446 --> 00:30:47,446 And so now, I'm going-- let say, I want to add in 20, so I can do switch 518 00:30:47,446 --> 00:30:54,096 for trunk-allowed VLAN add, you know, instead of just typing in VLAN I'm saying, 519 00:30:54,146 --> 00:30:58,026 add to the current list of VLANs that are there VLAN 20. 520 00:30:58,646 --> 00:31:04,986 And that trims it down, and that's pretty cool, because that allows you to be really efficient 521 00:31:05,206 --> 00:31:09,236 to only send the VLANs towards the router that belong there. 522 00:31:09,236 --> 00:31:13,346 Now, one of the things that you'll notice is it says, VLANs allowed, VLANs active, 523 00:31:13,346 --> 00:31:18,126 VLANs forwarding and not pruned only 10 it takes some time, it takes usually 5 to 10 seconds 524 00:31:18,126 --> 00:31:21,826 for the VLANs to come up once you've added them in there, maybe 30 seconds. 525 00:31:21,946 --> 00:31:29,256 It just takes time now before the VLANS are actually added to the trunk, but if I stand here 526 00:31:29,256 --> 00:31:32,586 and there we go, and hit the [inaudible] enough times it will pop, and pop in there, 527 00:31:32,646 --> 00:31:34,616 so that's the one that I want to show you. 528 00:31:34,616 --> 00:31:37,446 Now, let me talk about option number 3. 529 00:31:38,636 --> 00:31:42,476 I wasn't originally going to show this, but it's so valuable and it's 530 00:31:42,476 --> 00:31:45,186 so easy that I've just got to do it. 531 00:31:45,336 --> 00:31:48,506 Option number 3 is essentially that. 532 00:31:50,176 --> 00:31:56,196 There is no router, or I guess more specifically there's no external router. 533 00:31:56,706 --> 00:32:01,446 Option number 3 is what just about every large network will use and that is setting 534 00:32:01,446 --> 00:32:05,066 up a system of layer three switching. 535 00:32:05,236 --> 00:32:10,916 Now the 3550 happens to be a layer 3 switch, 536 00:32:11,076 --> 00:32:16,166 and what that does is really integrate routing inside of the switching device. 537 00:32:16,166 --> 00:32:21,536 So instead of needing a router outside here which you run into environments where you have 538 00:32:21,536 --> 00:32:25,816 to have that, but they actually include routing capabilities and the way that we do it is 539 00:32:25,816 --> 00:32:31,186 through those VLAN interfaces that we were setting up way back in the VLANs. 540 00:32:31,186 --> 00:32:35,846 Remember I said, when you create VLAN 10, you're actually creating the layer two VLAN. 541 00:32:35,846 --> 00:32:39,676 That was the command where we went in-- we run the switch. 542 00:32:39,676 --> 00:32:44,656 We go into global config and we type in VLAN 10 that creates the layer two VLAN. 543 00:32:44,876 --> 00:32:48,466 But then I said, okay, but what if you wanted a routed interface 544 00:32:48,526 --> 00:32:51,186 for that VLAN or a logical interface? 545 00:32:51,186 --> 00:32:56,056 We can do interface VLAN 10, and that will create an interface 546 00:32:56,056 --> 00:32:57,666 that everybody in VLAN 10 can reach. 547 00:32:57,666 --> 00:32:58,596 Now check this out. 548 00:32:58,596 --> 00:33:04,776 I can give an IP address to that interface 10.1.10.1 the same IP address we were using 549 00:33:04,776 --> 00:33:09,626 for that now that phantom router here as a default gateway, so here's the concept. 550 00:33:09,626 --> 00:33:14,796 Instead of this guy ARP-ing and finding this outside router that will do the routing for it. 551 00:33:14,986 --> 00:33:18,626 He will send an ARP and he'll find, you know, think of it like back here somewhere. 552 00:33:18,776 --> 00:33:23,806 You know, he'll find the router inside of the switch which responds to the ARP messages 553 00:33:23,806 --> 00:33:26,746 and he goes oh yeah, I'll take care of you, I'll switch you between the VLANs. 554 00:33:26,746 --> 00:33:28,996 I'll get you off the-- your VLAN that's no problem. 555 00:33:29,336 --> 00:33:31,386 And so we create that and we go in, 556 00:33:31,386 --> 00:33:39,246 we create interface VLAN 20 give it the IP address 10.1.20.1, 557 00:33:39,246 --> 00:33:42,316 the same IP address-- wait a second. 558 00:33:42,316 --> 00:33:43,666 I keep flipping those. 559 00:33:43,846 --> 00:33:47,416 The same IP address this guy was using as his default gateway, so that the other one is 560 00:33:47,416 --> 00:33:48,756 that guy using his default gateway. 561 00:33:48,756 --> 00:33:50,696 So let me show you "oh." 562 00:33:51,136 --> 00:33:52,996 Let me show you. 563 00:33:53,326 --> 00:33:57,586 I'm going to go into global config mode, so I created VLAN 10. 564 00:33:57,586 --> 00:33:58,976 VLAN 10 has always been there. 565 00:33:59,266 --> 00:34:14,216 Now, I'm going type in Interface VLAN 10, IP address 10.1.10.1, Interface VLAN-- "ops." 566 00:34:14,666 --> 00:34:19,156 Let me unplug that router which is saying, I've got that IP address, what are do you doing? 567 00:34:19,616 --> 00:34:20,296 He's gone. 568 00:34:20,546 --> 00:34:33,746 So IP address interface VLAN 20, IP address 10.1.20.1, 255.255.255.0, okay? 569 00:34:34,006 --> 00:34:37,426 So now we've got, and I'm wondering why did VLAN 20-- 570 00:34:37,536 --> 00:34:43,536 oh, because there's nothing active in VLAN 20, because I disabled my network card. 571 00:34:43,536 --> 00:34:44,796 So let's bring him backup. 572 00:34:44,796 --> 00:34:47,746 We should see VLAN 20 resurrected itself. 573 00:34:47,746 --> 00:34:49,476 So now, let's go back. 574 00:34:52,436 --> 00:34:59,006 And I see that we've got VLAN 10 which is no-- we've got VLAN 1 as well. 575 00:34:59,006 --> 00:35:01,516 So this guy is like, got arms every direction. 576 00:35:01,736 --> 00:35:04,836 VLAN 1 was what we did when we put the base configuration. 577 00:35:05,046 --> 00:35:07,296 VLAN 10 took the 1 IP address of the router. 578 00:35:07,296 --> 00:35:09,216 VLAN 20 took the other IP address. 579 00:35:09,216 --> 00:35:13,526 Now that VLAN 20 is going to come up any second to where that's now active, 580 00:35:13,776 --> 00:35:18,526 but now I'm able to on my computer and this is something I want to do. 581 00:35:18,526 --> 00:35:20,316 There's VLAN 20 just when active down there. 582 00:35:20,706 --> 00:35:22,626 I'm going to do first often ARP-a. 583 00:35:22,626 --> 00:35:24,206 I want to make sure. 584 00:35:24,796 --> 00:35:28,966 Let just make sure 10.1.20.1. 585 00:35:29,306 --> 00:35:30,896 I don't-- see, here's the problem. 586 00:35:30,896 --> 00:35:37,576 My computer remembers the IP address-- sorry the IP address to Mac address mapping for 5 minutes. 587 00:35:37,576 --> 00:35:39,226 So I'm going to clear the ARP table. 588 00:35:39,456 --> 00:35:41,726 ARP-D star as a command. 589 00:35:41,896 --> 00:35:43,616 That actually wipes out the whole ARP Table. 590 00:35:43,616 --> 00:35:48,586 So the next time I try to ping, it's going to make sure I'm checking the Mac address 591 00:35:48,586 --> 00:35:53,046 because previously, that duplicate Mac address thing alerted me to that. 592 00:35:53,286 --> 00:35:57,886 Previously, this guy had the IP addresses and he had a different Mac address than the switch. 593 00:35:58,086 --> 00:36:02,476 So if this guy remembers his Mac address he's not even going to send out the ARP for minutes, 594 00:36:02,476 --> 00:36:06,426 and we're going to not be able to communicate so, let's jump back there. 595 00:36:06,646 --> 00:36:10,266 So now, I'm going to get on my command prompt 596 00:36:10,266 --> 00:36:18,046 and let's do a ping 10.1.20.1 is the IP address of the now the switch. 597 00:36:18,546 --> 00:36:20,746 It's not replying which is great. 598 00:36:20,946 --> 00:36:24,856 And I can ping through now, ping.10.1.10.1. 599 00:36:24,996 --> 00:36:26,086 I hope-- actually, you know what? 600 00:36:27,346 --> 00:36:31,396 Probably not going to be able ping to through, because I have-- 601 00:36:31,996 --> 00:36:34,506 this is an annoying thing-- all right there we go. 602 00:36:34,506 --> 00:36:35,846 It's now back in place. 603 00:36:37,006 --> 00:36:37,476 There we go. 604 00:36:37,566 --> 00:36:39,356 As soon as I did that, it's like, now I can. 605 00:36:39,356 --> 00:36:43,226 Now I've only got one-- one interface to default gateway, so now I'm pinging through. 606 00:36:43,226 --> 00:36:49,306 And you notice that, both of the IP addresses are own by. 607 00:36:49,766 --> 00:36:54,216 Oop, I forgot that we put a username on that what was it? 608 00:36:54,216 --> 00:36:56,416 Germany, there we go. 609 00:36:56,706 --> 00:37:02,776 They're owned now by the CBT switch, the router is out of the picture, in large network. 610 00:37:02,776 --> 00:37:07,376 In, you know what, layer 3 switches are no longer a out of reach commodity. 611 00:37:07,606 --> 00:37:11,416 The price has come down on them significantly and recently here so. 612 00:37:11,646 --> 00:37:14,606 This is really starting to take hold then we're trying to see a lot of layer 613 00:37:14,606 --> 00:37:15,776 through switches all over the place. 614 00:37:16,076 --> 00:37:17,326 That's your option 3. 615 00:37:17,576 --> 00:37:20,546 That's the one that businesses normally use. 616 00:37:21,796 --> 00:37:27,666 The biggest advantage of using a layer 3 switch is the speed, 617 00:37:27,926 --> 00:37:32,076 because as soon as you get a layer 3 switch that has the-- 618 00:37:32,076 --> 00:37:34,506 man I thought I can do it right while I'm talking, nope. 619 00:37:34,766 --> 00:37:35,826 Layer 3 switch. 620 00:37:36,196 --> 00:37:39,446 The layers 3 switch that-- or a switch. 621 00:37:39,546 --> 00:37:40,496 Okay, I'm done writing. 622 00:37:40,596 --> 00:37:46,576 Switch as the layer 3 capabilities will have A6 to support it. 623 00:37:47,076 --> 00:37:52,776 So a layer3 switch will always be faster than the router because it can actually route 624 00:37:52,776 --> 00:37:55,076 at wider speed, that's the biggest advantage. 625 00:37:55,076 --> 00:37:58,446 In addition to all of the other ones to where you don't have to have an extra router, 626 00:37:58,446 --> 00:38:02,436 you don't have tie up a [inaudible], you don't have configure trunk, you don't have bottleneck. 627 00:38:02,436 --> 00:38:05,336 I mean there's just so many advantages to using a layer 3 switch. 628 00:38:05,336 --> 00:38:11,406 So that is kind of your intense jump into the water of routing. 629 00:38:12,086 --> 00:38:16,836 We went from what is a router to routing between VLANs tying together all those concepts. 630 00:38:16,836 --> 00:38:22,926 We saw, using separate interfaces which, not a recommended method anymore, although it works. 631 00:38:23,026 --> 00:38:28,486 Using sub interfaces by connecting a router interface to a trunk port and then number 3 632 00:38:28,486 --> 00:38:31,496 by using no router at all, by using a layer 3 switch, 633 00:38:31,496 --> 00:38:35,796 and using all the internal logical interfaces inside of there we can move our data, 634 00:38:35,796 --> 00:38:38,136 we can route our data between VLANs. 635 00:38:38,566 --> 00:38:41,556 I hope this has been informative for you, and I'd like to thank you for viewing. 60885