Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,536 --> 00:00:02,236
>> I'm so looking forward to this nugget.
2
00:00:02,236 --> 00:00:07,776
And it ties together the concepts of routing
which we just talked about with the concept
3
00:00:07,776 --> 00:00:10,336
of VLANs which we just talked about previously.
4
00:00:11,106 --> 00:00:12,426
So, here's the idea.
5
00:00:12,786 --> 00:00:18,446
VLANs are a layer two features, that's really
low in the OSI model in terms of things.
6
00:00:18,446 --> 00:00:23,546
So, when they separate something at layer two
and the only way that you're going to beat
7
00:00:23,546 --> 00:00:26,496
that is by doing layer one
separation and that would look
8
00:00:26,496 --> 00:00:30,596
like taking those two computers there connect
to that switch and physically plugging them
9
00:00:30,596 --> 00:00:33,886
into different switches and then you could
say, "Okay, see I'm even more separate
10
00:00:33,886 --> 00:00:38,616
than I could be at level-- at layer two
because I'm now-- not even on the same switch.
11
00:00:38,616 --> 00:00:41,686
I'm physically separate, physical separation."
12
00:00:42,016 --> 00:00:47,906
So, layer two separation is, I mean, it's
really separate, it's as low as you can get
13
00:00:47,906 --> 00:00:49,896
without physically separating your devices.
14
00:00:49,896 --> 00:00:56,066
So, your devices when they are put
on different VLANs truly cannot talk.
15
00:00:56,066 --> 00:00:58,936
You know, even if we were to do
something like this and let's say the one
16
00:00:58,936 --> 00:01:03,246
on the left we give him 10.1.1.50
as the IP address,
17
00:01:03,246 --> 00:01:05,776
the one on the right in the right is 10.1.1.51.
18
00:01:06,766 --> 00:01:10,306
Even if they're in the same IP subnet
and now, you can think of that,
19
00:01:10,306 --> 00:01:14,436
you're okay well that's layer three,
that's above the above the VLAN.
20
00:01:14,436 --> 00:01:18,126
Well, it's kind of like layer three,
everything works its way down, right?
21
00:01:18,376 --> 00:01:21,876
Layer three is great as long as
it has a layer two to stand on.
22
00:01:22,076 --> 00:01:26,496
I mean, what's the first thing that happens
when this guy try-- tries to access this guy?
23
00:01:26,806 --> 00:01:28,176
He sends a broadcast, right?
24
00:01:28,176 --> 00:01:31,176
He's saying, "Hello, I'm
trying to reach 10.1.1.51.
25
00:01:31,416 --> 00:01:33,126
ARP, what is your MAC address?"
26
00:01:33,126 --> 00:01:34,846
And the ARP goes nowhere.
27
00:01:34,846 --> 00:01:40,026
It comes out the two red ports and there is no
10.1.1.51 on those red ports so, he is cut off.
28
00:01:40,026 --> 00:01:45,506
Even if we manually could type in the MAC
address of this guy and somehow associate it.
29
00:01:45,746 --> 00:01:49,086
So, this guy wouldn't have the ARP,
the VLANS would still separate it.
30
00:01:49,086 --> 00:01:51,086
It would still say, "No, you cannot go there.
31
00:01:51,086 --> 00:01:52,486
You are not authorized.
32
00:01:52,706 --> 00:01:54,086
This is a layer two separation."
33
00:01:54,086 --> 00:01:56,786
So, we've got these guys
that are saying, "Help us.
34
00:01:57,246 --> 00:01:58,166
We can't talk."
35
00:01:58,746 --> 00:02:02,086
So, the host can't speak
directly even if they need too.
36
00:02:02,086 --> 00:02:06,506
Even if, you know, the one on the right is,
you know, accounting server nine or something
37
00:02:06,506 --> 00:02:09,346
like that the one on the
left is accounting user one.
38
00:02:10,486 --> 00:02:14,486
So they need some kind of layer
three assistant to make it happen.
39
00:02:14,956 --> 00:02:18,076
Enter stage left, [inaudible], the router.
40
00:02:18,756 --> 00:02:23,126
[Laugh] My weird mind, I was trying figure out
a way to have a router come dancing on the scene
41
00:02:23,126 --> 00:02:26,146
and capes and all, it didn't work out.
42
00:02:26,416 --> 00:02:31,486
Now as you saw from the opening slide, I'm going
to show you two different options of routing
43
00:02:31,486 --> 00:02:36,196
between VLANs, this one being the
first using separate interfaces.
44
00:02:36,196 --> 00:02:39,956
Now, I know it may seem kind of
silly but I still remember back
45
00:02:39,956 --> 00:02:44,766
to when I was first learning Cisco when I was
looking at CCNA and all I saw was diagrams
46
00:02:44,766 --> 00:02:46,776
like this to where we'll
they weren't even that nice.
47
00:02:46,776 --> 00:02:50,136
See, they're just kind of like, you
know, in a textbook black and white.
48
00:02:50,136 --> 00:02:53,326
You know, I just saw this
logical view of the network.
49
00:02:53,646 --> 00:02:56,836
And while I was like, okay I kind
of get it like I never really get it
50
00:02:56,836 --> 00:02:58,186
until I started seeing physically.
51
00:02:58,186 --> 00:03:01,766
I'm looking at the rack, I'm tracing cables and
I'm like, oh, oh that's how it's plugged in.
52
00:03:02,016 --> 00:03:07,876
So, I tried to represent what we see in this
logical view with what it actually looks
53
00:03:07,876 --> 00:03:09,386
like physically doing this kind of thing.
54
00:03:09,556 --> 00:03:12,086
So let's look at the physical and
then we'll jump back over there.
55
00:03:12,136 --> 00:03:19,316
Physically, I have a router this is get old
60 just because clip art guy made the guts.
56
00:03:19,316 --> 00:03:22,016
You know the same, same router
we saw previously.
57
00:03:22,016 --> 00:03:27,696
We've got one interface we'll say Fast Ethernet
0/1 plugged in to we'll just say port two.
58
00:03:28,106 --> 00:03:30,336
That's what it looks like, Fa0/1.
59
00:03:30,586 --> 00:03:36,106
Another interface is plugged in to, I'll put
F0/0 is plugged in to I don't know it's looks
60
00:03:36,106 --> 00:03:39,336
like about port 10 or something
like that that's over there.
61
00:03:39,336 --> 00:03:43,146
Now, these ports as you can see from
the logical view are in different VLANs.
62
00:03:43,146 --> 00:03:48,426
So maybe this, this port is a sign to VLAN 10.
63
00:03:48,756 --> 00:03:50,456
And let me switch colors.
64
00:03:50,676 --> 00:03:55,346
This port right here is assigned to VLAN 20.
65
00:03:55,936 --> 00:04:00,596
Now these computers right here, they'll
be assigned to the VLANs as well.
66
00:04:00,726 --> 00:04:05,766
Let's go back, go purple, we'll say this
one right here connected port 12 is assigned
67
00:04:05,766 --> 00:04:06,796
to VLAN 10.
68
00:04:07,826 --> 00:04:11,466
And the computer on the right,
this one-- now don't you love--
69
00:04:11,466 --> 00:04:14,596
I've tried to find that old sputnik
kind of computer that I could.
70
00:04:14,896 --> 00:04:19,606
The computer on the right, he's
going to be in the VLAN 20.
71
00:04:19,606 --> 00:04:22,876
So, these ports right are assigned
to the appropriate VLANs, right?
72
00:04:22,876 --> 00:04:27,946
So, what that means is this guy, if
we are to follow his packet flow,
73
00:04:27,946 --> 00:04:33,756
we would go into this interface we'll say, "Fast
Ethernet 0/-- let me write in the red F0/0."
74
00:04:33,756 --> 00:04:36,276
He'll be assigned an IP address
from this guy's subnet.
75
00:04:36,276 --> 00:04:40,496
So we'll make him 10.1.20.1.
76
00:04:40,916 --> 00:04:47,556
This guy over here, this computer might
be 10.1.20.20 and this is his IP address.
77
00:04:47,556 --> 00:04:50,756
And he has a default gateway,
well what is default gateway be?
78
00:04:50,996 --> 00:04:53,956
10.1.20.1, right?
79
00:04:53,956 --> 00:04:58,696
So, what that saying is, he-- and these
are all /24, so a Class C subnet mask.
80
00:04:58,816 --> 00:05:04,056
So, to get off of his network he's going
to come in here ARP for his default gateway
81
00:05:04,056 --> 00:05:06,796
which is on the same VLAN come in here.
82
00:05:07,236 --> 00:05:09,766
This guy, let's say he's
trying to ping the purple guys.
83
00:05:09,766 --> 00:05:11,346
Let's fill in the purple players.
84
00:05:11,636 --> 00:05:15,646
Purple guy number one is 10.1.10.20.
85
00:05:15,646 --> 00:05:17,846
Let's give him that IP address.
86
00:05:18,086 --> 00:05:27,366
His default gateway is 10.1.10.1 and that's
his port right here 10.1.10.1 is the IP address
87
00:05:27,366 --> 00:05:28,556
we'll assign to this interface.
88
00:05:28,916 --> 00:05:31,896
So, when this guy, when the
guy on the right pings the guy
89
00:05:31,896 --> 00:05:37,076
on the left his packet flow is going to go wooh,
you know, coming in down here, hit this guy,
90
00:05:37,076 --> 00:05:40,546
he's going to look at his routing table and
go, "Oh, great you're right over there."
91
00:05:40,746 --> 00:05:47,296
He's going to come in to this port on the switch
of VLAN and then come out and reach this guy.
92
00:05:48,106 --> 00:05:52,006
By the way, you'll often see
routers that are connected this way.
93
00:05:53,046 --> 00:05:56,986
And actually, the way I'm showing
you right now is very, very uncommon.
94
00:05:56,986 --> 00:05:58,666
It's just kind of to learn the concept.
95
00:05:58,666 --> 00:06:02,286
I'll show you the most common way, coming up.
96
00:06:02,286 --> 00:06:06,076
The commonly called routers that are
connected like this a router on a stick.
97
00:06:06,426 --> 00:06:08,836
I kid you not like a corn dog or something.
98
00:06:08,836 --> 00:06:11,356
You know it's a-- yeah, Google it,
and you type in router on a Stick
99
00:06:11,356 --> 00:06:12,606
and you'll see this exact diagram.
100
00:06:12,606 --> 00:06:16,496
So, from a logical view, this
is kind of what it looks like.
101
00:06:16,496 --> 00:06:20,186
So that's physically, this is what it looks
like from the logical view, two computers,
102
00:06:20,186 --> 00:06:23,926
two different VLANs, router one
interface in each one of those VLANs.
103
00:06:24,536 --> 00:06:27,546
Now what I just did was pause
the recording so I could go in
104
00:06:27,546 --> 00:06:29,886
and label all of the different ports.
105
00:06:29,886 --> 00:06:33,796
Now, forgive me I did-- just
to how I put things in.
106
00:06:33,796 --> 00:06:38,036
The ports physically on this view
I don't reflect the actual orders.
107
00:06:38,036 --> 00:06:43,856
So, this is my computer that's what I'm working
on right now plugged in to Fast Ethernet0/5.
108
00:06:43,956 --> 00:06:45,536
This is my Dell laptop.
109
00:06:45,536 --> 00:06:49,666
I actually have a little tiny laptop
I used to test and play around with.
110
00:06:49,666 --> 00:06:52,976
I've got that plugged in to Fast Ethernet 0/6.
111
00:06:52,976 --> 00:06:55,996
Now I'm already going in but
actually when I paused it I went in
112
00:06:55,996 --> 00:06:58,566
and assigned these guys the correct IP address.
113
00:06:58,566 --> 00:07:02,806
So you can see these guys got 10.1.20.50.
114
00:07:03,416 --> 00:07:11,976
And well, you can't see the laptop but it's
got 10.1.10.50 [inaudible] there we go.
115
00:07:11,976 --> 00:07:16,716
So, it's got the 10.1.10.50 [inaudible]
me and this is this is my laptop.
116
00:07:17,026 --> 00:07:21,036
So, they each have their
default gateway set to 10.1.20.1.
117
00:07:21,106 --> 00:07:25,576
And this guy has his default gateway
set to 10.1.10.1 which is going
118
00:07:25,576 --> 00:07:26,916
to be how we configure this router.
119
00:07:27,116 --> 00:07:30,436
Now this router you can see is
plugged in to Fast Ethernet 0/3 and 4.
120
00:07:30,686 --> 00:07:33,956
So, the first thing I haven't even
done any of this config 'cause I want
121
00:07:33,956 --> 00:07:35,966
to show it all to you on the switch.
122
00:07:37,196 --> 00:07:41,506
All I did was going in and I kind of turned
on the ports 'cause they were all shutdown.
123
00:07:41,896 --> 00:07:46,316
So, let's go in and create first
off the two VLANs on CBT switch.
124
00:07:46,316 --> 00:07:48,056
Let's do a quick show VLAN first.
125
00:07:48,256 --> 00:07:52,776
This is from-- we still have some VLANs hanging
around from the previous Nugget that we did
126
00:07:52,776 --> 00:07:56,026
and that's fine they're not going to causing
any harm there's no ports assigned to them.
127
00:07:56,026 --> 00:08:05,096
So, I'll go VLAN 10 named blue
exit, VLAN 20 named red exit.
128
00:08:05,486 --> 00:08:09,076
Okay, so we've got the two VLANS created
let's go start assigning some ports.
129
00:08:09,076 --> 00:08:13,336
I'm going to go into interface
Fast Ethernet 0/5.
130
00:08:13,336 --> 00:08:17,536
Just to make sure, switch port mode
access that should all be that way but
131
00:08:17,626 --> 00:08:19,206
and I was-- I want to double check.
132
00:08:19,586 --> 00:08:25,046
Then we will do a switch port access VLAN.
133
00:08:25,046 --> 00:08:27,596
And we are in the red so that'll be VLAN 20.
134
00:08:28,296 --> 00:08:31,956
Hit the up arrow and that's
shoot over to Fast Ethernet 0/4.
135
00:08:31,956 --> 00:08:33,396
Yet, there's some other ports that are red
136
00:08:33,396 --> 00:08:36,326
but they're just logical and
not assigned to any thing.
137
00:08:36,666 --> 00:08:37,936
So, you are VLAN 20.
138
00:08:38,036 --> 00:08:40,156
And if you were being thorough
you could do a description
139
00:08:40,156 --> 00:08:44,096
and put router VLAN 20 interface
and so on and so forth.
140
00:08:44,096 --> 00:08:45,316
We don't need to do that though.
141
00:08:45,506 --> 00:08:56,906
So, I exit back out and let's go into interface
Fast Ethernet 0/3 through him on VLAN 10 as well
142
00:08:56,906 --> 00:09:01,696
as Fast Ethernet 0/6 which is the
PC put him on VLAN 10 as well.
143
00:09:01,696 --> 00:09:02,246
Okay, good.
144
00:09:02,246 --> 00:09:06,136
So, let's go back in to a show-- show VLAN.
145
00:09:06,456 --> 00:09:07,796
I saw my VLAN once.
146
00:09:07,796 --> 00:09:09,076
See how these messages are valuable.
147
00:09:09,216 --> 00:09:10,546
VLAN one just went down.
148
00:09:11,006 --> 00:09:13,616
Why? Because there's no active ports left
149
00:09:13,616 --> 00:09:17,076
in VLAN one I just moved all the active
ports out into these other VLANs.
150
00:09:17,076 --> 00:09:21,676
So now I have VLAN blue and VLAN red with
the correct ports assigned that kind of match
151
00:09:21,916 --> 00:09:23,336
that diagram that you see on the screen.
152
00:09:23,666 --> 00:09:25,906
Now I'll do a show IP interface brief.
153
00:09:26,036 --> 00:09:29,876
These are these are the four ports right
here that they're all plugged in to.
154
00:09:30,226 --> 00:09:34,476
So we're kind of seeing in the config
what's reflected there on the diagram.
155
00:09:34,636 --> 00:09:37,426
Okay. Now what?
156
00:09:37,426 --> 00:09:39,116
Now I need to go over to the router.
157
00:09:39,116 --> 00:09:42,656
So I've got the VLANs setup,
everybody is separated even if I wanted
158
00:09:42,656 --> 00:09:45,856
to at this point my happy
computer could not reach
159
00:09:45,856 --> 00:09:48,356
over here 'cause they are not only
different IP subnets but they are
160
00:09:48,406 --> 00:09:49,926
on completely different VLAN,
so they're not talking.
161
00:09:49,956 --> 00:09:51,666
So I'm now going to go to my router
and give this guy the IP Address.
162
00:09:51,696 --> 00:09:53,916
So, on the blue VLAN, he'll be
10.1.10.1 let's add those in there.
163
00:09:53,946 --> 00:09:55,806
On the red VLAN, he will be 10.1.20.1, right?
164
00:09:55,836 --> 00:09:57,336
So this guy is going to kind
a do this, this sort of thing
165
00:09:57,366 --> 00:09:58,596
and then loop back here to communicate with him.
166
00:09:58,626 --> 00:09:59,976
So, that's going to be the
flow of the chain of events.
167
00:10:00,256 --> 00:10:04,546
On the red VLAN, he will be 10.1.1.20.1, right?
168
00:10:04,726 --> 00:10:07,226
So this guy is going to kind
of do this, this sort of thing
169
00:10:07,586 --> 00:10:09,906
and then loop back here to communicate with him.
170
00:10:10,286 --> 00:10:15,156
So, that's going to be the
flow of the chain of events.
171
00:10:15,296 --> 00:10:20,306
So, let me keep those and then
let's jump over the router.
172
00:10:20,306 --> 00:10:23,526
Reach down, move my console cable up.
173
00:10:25,036 --> 00:10:30,106
Sometimes I'm-- sometimes I'm glad there's
no camera to show just how wacky it was set
174
00:10:30,106 --> 00:10:34,096
up this-- 'cause I've got--
I like standing when I teach
175
00:10:34,096 --> 00:10:35,946
but I don't have a standing desk anymore.
176
00:10:36,216 --> 00:10:43,586
So I literally have packing boxes where I
put my keyboard up, my-- like it's funny.
177
00:10:43,746 --> 00:10:46,886
So, and now, I moved over to the router.
178
00:10:46,996 --> 00:10:50,206
So, show IP interface brief.
179
00:10:50,366 --> 00:10:53,256
Now this, we just did the base
config in the last nugget,
180
00:10:53,256 --> 00:10:59,436
so we just I think demonstrate putting an IP
address on there but that's no longer relevant.
181
00:10:59,436 --> 00:11:05,356
So let's go into interface Fast
Ethernet, interface Fast Ethernet 0/0.
182
00:11:05,556 --> 00:11:16,816
And let's give it the IP address
IP 10.1.10.1, 255.255.255.0, enter.
183
00:11:16,816 --> 00:11:17,416
Oh, what am I doing?
184
00:11:17,416 --> 00:11:18,986
IP space address.
185
00:11:19,286 --> 00:11:22,216
So, that's now accurate to meet this.
186
00:11:22,216 --> 00:11:25,566
I'm looking, double checking,
Fast Ethernet 0.0.10.1.1.
187
00:11:25,846 --> 00:11:26,186
We're good.
188
00:11:26,336 --> 00:11:31,816
Good. Let's go into interface Fast Ethernet 0/1.
189
00:11:32,226 --> 00:11:36,556
We'll do IP address 10.1.20.1, right?
190
00:11:37,716 --> 00:11:39,086
Put that in there.
191
00:11:39,086 --> 00:11:41,536
Every-- and then they were both powered up just
192
00:11:41,536 --> 00:11:43,986
from the base configuration
Nugget that we did before.
193
00:11:44,346 --> 00:11:45,416
So, that's good.
194
00:11:46,626 --> 00:11:47,356
Good, good.
195
00:11:47,636 --> 00:11:50,596
So in this one, let me do
a show IP interface brief.
196
00:11:51,036 --> 00:11:54,646
And I see 10.1.10.1.
197
00:11:54,646 --> 00:11:56,546
It's good, looks up 10.1.20.1.
198
00:11:56,546 --> 00:11:57,816
Okay, so let's test it.
199
00:11:57,816 --> 00:12:04,916
I'm going to see if this guy
can actually ping 10.1.20.1.
200
00:12:04,916 --> 00:12:06,176
They should be on the same VLAN.
201
00:12:06,176 --> 00:12:09,186
So, well, let's-- let me bring it up.
202
00:12:09,936 --> 00:12:12,826
Ping 10-- well let me just IP config first.
203
00:12:12,826 --> 00:12:19,236
IP config and you know I want to get this--
let me get that guy out of there, there.
204
00:12:21,156 --> 00:12:22,306
You are disabled.
205
00:12:22,706 --> 00:12:27,796
And just-- and this-- that's
going to cause confusion I think.
206
00:12:27,796 --> 00:12:31,706
So, LAN1 is gone 'cause we
won't know which default gateway
207
00:12:31,706 --> 00:12:33,586
to use since you had two of them.
208
00:12:33,586 --> 00:12:35,036
So, now we just have the LAN2.
209
00:12:35,036 --> 00:12:40,556
Okay. So, we've got 10.1.20.50 so
let's see if we can ping 10.1.20.1.
210
00:12:41,236 --> 00:12:42,486
And look at that, over there.
211
00:12:42,486 --> 00:12:44,936
And then now, great.
212
00:12:45,186 --> 00:12:49,996
I've severed my network connections
I'm getting all these errors.
213
00:12:49,996 --> 00:12:53,506
So, great, where there-- but it's
kind of like, well wait a sec,
214
00:12:53,506 --> 00:12:56,386
prove to me that that's the actual
Cisco router let's telnet there.
215
00:12:56,516 --> 00:13:02,226
10.1.20.1, this-- I'd never even realized a
mistake that-- this a secure Cisco router.
216
00:13:02,226 --> 00:13:03,896
So we're in there, enable Cisco.
217
00:13:04,346 --> 00:13:08,566
So this is indeed the same exact Cisco router.
218
00:13:08,566 --> 00:13:14,286
So, that proves to me now that I can move
from this computer into this interface.
219
00:13:14,286 --> 00:13:17,186
Now, my laptop I can't really
show you 'cause it's right there.
220
00:13:17,556 --> 00:13:24,036
But that I've already configured with this IP
address so let's see if we can ping that far.
221
00:13:24,526 --> 00:13:31,716
Exit out of here and let's do ping
10.1.-- well, first let's ping 10.1.10.1.
222
00:13:31,716 --> 00:13:32,226
That's good.
223
00:13:32,226 --> 00:13:37,686
Okay, what that proves is I'm going out here,
hit in this and then I'm able to reach this side
224
00:13:37,686 --> 00:13:39,216
and that tells me the interface is up.
225
00:13:39,416 --> 00:13:44,076
I haven't really gone too much further but
let's now go the rest of the way 10.1.10.50.
226
00:13:44,676 --> 00:13:47,826
Okay, there we go.
227
00:13:48,376 --> 00:13:56,606
So, we've got 10.1.10.50 which now replies
which tells me, "I'm going through this router,
228
00:13:56,856 --> 00:13:59,286
back out this interface and
then hitting this guy."
229
00:13:59,626 --> 00:14:01,756
Now, we can actually prove
it a little differently.
230
00:14:01,756 --> 00:14:07,916
I can do trace route, trace
rt in the windows world.
231
00:14:08,056 --> 00:14:11,786
Trace route-D, that says,
"Don't try to resolve host."
232
00:14:11,786 --> 00:14:13,706
And otherwise, this command just takes forever
233
00:14:13,916 --> 00:14:16,536
because it's always trying to
figure out what name is that.
234
00:14:16,536 --> 00:14:20,986
It'll look at the IP address you typed in and
trying do what's call the reverse DNS to try
235
00:14:20,986 --> 00:14:22,536
and figure out what host name that is.
236
00:14:22,746 --> 00:14:23,786
Well I do that, it takes too long.
237
00:14:24,096 --> 00:14:30,946
So I'll do trace route 10.1.10.50 which is
saying, "Show me the path to that laptop."
238
00:14:31,456 --> 00:14:37,336
And what this shows is my computer which is
it's this happy computer over on the left.
239
00:14:37,336 --> 00:14:42,696
My computer 10.1.20.50 goes
through the router at 10.1.20.1.
240
00:14:42,696 --> 00:14:46,686
So we're routing now and the
router spits it out here and that's
241
00:14:46,686 --> 00:14:48,566
when it ends up reaching 10.1.50.
242
00:14:48,566 --> 00:14:51,116
Now, a trace route if this
is your first time seeing it,
243
00:14:51,116 --> 00:14:53,206
it actually does three pings for each hop.
244
00:14:53,556 --> 00:14:57,786
That allows you to see if there's
ever a slow link in the chain.
245
00:14:57,786 --> 00:14:59,976
You'll be able to be like, oh,
looks like this one is really slow.
246
00:15:00,796 --> 00:15:05,646
But in this case, it's verified for us the
actual path that we're going through the router.
247
00:15:06,326 --> 00:15:07,616
Now, let's look at option two.
248
00:15:08,416 --> 00:15:14,396
Most people don't use the scenario I just gave
you other than maybe to learn how to route
249
00:15:14,396 --> 00:15:16,656
and things like that because
it's just inefficient.
250
00:15:16,826 --> 00:15:22,156
The more VLANs you have and people have lots of
VLANs you know 10, 20, 30 that kind of thing.
251
00:15:22,156 --> 00:15:26,676
The more VLANs that you have the more interfaces
it's going to end up taking on a router.
252
00:15:26,926 --> 00:15:30,326
And routers honestly don't have
that mini Ethernet interfaces.
253
00:15:30,326 --> 00:15:33,146
Usually routers will have, you
know, a few maybe two, three, four,
254
00:15:33,146 --> 00:15:36,146
five at most, but routers are also expensive.
255
00:15:36,146 --> 00:15:40,056
So the more interface users start adding in
there you just start maxing out the route.
256
00:15:40,056 --> 00:15:41,556
It's just, just inefficient.
257
00:15:41,556 --> 00:15:44,356
In the end, you're eating up
extra switch ports for that.
258
00:15:44,356 --> 00:15:49,166
And I mean, if every single router
connection needs a switch port then--
259
00:15:49,166 --> 00:15:51,916
or every single VLAN needs a switch
port you're eating up just a lot
260
00:15:51,916 --> 00:15:53,606
of your ports just to connect to the router.
261
00:15:53,866 --> 00:15:56,376
So, you probably have been staring
at this picture for a second.
262
00:15:56,706 --> 00:15:57,286
What do we do?
263
00:15:57,886 --> 00:15:59,706
We use a trunk port.
264
00:16:00,036 --> 00:16:03,426
Now, remind me again, scream in out
loud and people think you're crazy.
265
00:16:04,616 --> 00:16:08,136
What VLANs are carried by a trunk port?
266
00:16:08,726 --> 00:16:10,616
And we all scream, "All of them.
267
00:16:10,616 --> 00:16:12,616
All VLANs are carried by a trunk port."
268
00:16:12,616 --> 00:16:13,206
Absolutely.
269
00:16:13,206 --> 00:16:19,076
So if a trunk carries all VLANs then nothing
is to stop us from setting up this router
270
00:16:19,326 --> 00:16:21,376
and connecting it to a trunk port.
271
00:16:21,376 --> 00:16:26,446
So, all the VLANs that's all the blue traffic,
all the red traffic that are needed come
272
00:16:26,446 --> 00:16:29,196
down here to this router and
it's able to do the routing.
273
00:16:30,446 --> 00:16:36,906
Okay. So, what's that mean to me what--
so, let's go back to the scenario.
274
00:16:36,906 --> 00:16:43,166
We have at this computer 10.1.20.50, right?
275
00:16:43,266 --> 00:16:52,076
And then, this computer 10.1.20.50
or wait a second, 10.1.10.50.
276
00:16:52,396 --> 00:16:53,986
Okay, so we have these IP addresses.
277
00:16:53,986 --> 00:16:59,776
So, if that's the case, then I mean, these guys
needed default gateway on their network, right?
278
00:16:59,776 --> 00:17:03,956
One needs 10.1.10.1 the other needs 10.1.20.1.
279
00:17:04,246 --> 00:17:07,156
So now, we're just plugged
into one interface here.
280
00:17:07,156 --> 00:17:09,216
So what IP address do we give that interface?
281
00:17:10,066 --> 00:17:14,196
Well the answer is actually both of them.
282
00:17:14,936 --> 00:17:18,746
Let me introduce to you to
the concept of subinterfaces.
283
00:17:19,086 --> 00:17:20,106
Oh, that's a weird one.
284
00:17:20,176 --> 00:17:24,446
So, here's-- we've got and
we'll say, "Fast Ethernet 0/0?
285
00:17:25,026 --> 00:17:27,796
Now, right now I want to know.
286
00:17:27,796 --> 00:17:31,126
What-- I think yeah this is
definitely Fast Ethernet 0/0.
287
00:17:31,126 --> 00:17:37,086
So physically, a Fast Ethernet 0/0
plugged into the Fast Ethernet 0/2.
288
00:17:37,086 --> 00:17:41,436
That interface is the physical interface
it actually gets nothing assigned to it.
289
00:17:41,436 --> 00:17:42,896
There's no IP address at all.
290
00:17:43,716 --> 00:17:53,416
What we'll do though is create
Fast Ethernet 0/0.10 for VLAN 10.
291
00:17:53,946 --> 00:17:59,726
We'll create Fast Ethernet 0/0.20 for VLAN 20
292
00:17:59,726 --> 00:18:03,606
and then we can give them the IP
addresses 10.1.20.1 gets assigned
293
00:18:03,606 --> 00:18:07,766
to that subinterface 10.1.10.1
gets assigned to that one.
294
00:18:07,766 --> 00:18:09,246
So what are those?
295
00:18:09,246 --> 00:18:10,846
How-- I mean, how did those work?
296
00:18:10,986 --> 00:18:12,556
They are virtual interfaces.
297
00:18:12,556 --> 00:18:14,526
We're going to get use to
this word virtual, right?
298
00:18:14,776 --> 00:18:18,726
They don't really exist but
what it does is accept tags.
299
00:18:18,726 --> 00:18:21,666
Remember, did I say remember?
300
00:18:21,926 --> 00:18:26,076
Remember, the trunk port keeps
the tag on the interface.
301
00:18:26,076 --> 00:18:28,356
So, when this guy says, "I need
to reach my default gateway."
302
00:18:28,656 --> 00:18:33,346
The trunk port will say, "Okay, this is request
from we'll just say client one" and I'm going
303
00:18:33,346 --> 00:18:36,226
to put the tag of VLAN 10 on there.
304
00:18:36,446 --> 00:18:39,056
So when it's received on
here, this router will need
305
00:18:39,056 --> 00:18:42,066
to know okay VLAN 10 tags
all go this subinterface.
306
00:18:42,736 --> 00:18:44,466
So, that one will respond to it.
307
00:18:44,466 --> 00:18:47,386
And this one, you know, it'll come in
and it'll be tagged and we got to go red.
308
00:18:47,386 --> 00:18:52,256
It will be tagged VLAN 20 right there so we
need to configure this subinterface to respond
309
00:18:52,256 --> 00:18:54,716
to those tags for VLAN 20, just try it out.
310
00:18:55,346 --> 00:19:00,556
I still have the same configuration
on there so let's first off empty it
311
00:19:00,556 --> 00:19:03,856
to where it's back the way it
should be for this kind of config.
312
00:19:04,206 --> 00:19:11,446
I'm going to go in to Fast Ethernet 0/1
and do no IP address and shut it down.
313
00:19:11,446 --> 00:19:14,236
We'll not going to need it
anymore because we're going
314
00:19:14,236 --> 00:19:17,446
to just connect Fast Ethernet
0/0 to the trunk port.
315
00:19:17,666 --> 00:19:19,436
Likewise, I'm going back out and go
316
00:19:19,436 --> 00:19:22,706
into interface Fast Ethernet
0/0 and do no IP address.
317
00:19:22,976 --> 00:19:25,356
Because like I said, there's not
going to be anything assigned
318
00:19:25,386 --> 00:19:28,796
to that individual interface
the physical interface.
319
00:19:28,986 --> 00:19:30,666
I'm going to start creating the subinterfaces.
320
00:19:30,666 --> 00:19:31,816
So, let's look at it.
321
00:19:31,816 --> 00:19:36,496
I'll do a show IP interface brief and it feels
like we've taken a step backwards in our config
322
00:19:36,496 --> 00:19:38,436
because now it's like there's nothing there.
323
00:19:38,826 --> 00:19:41,936
Well, before I do the router config,
I'm going to hop down and do the tru--
324
00:19:41,936 --> 00:19:47,096
do the switch because the switch needs to
know that I'm going to set up the port going
325
00:19:47,096 --> 00:19:49,896
to the router as a trunk nor or view, right?
326
00:19:50,056 --> 00:19:55,646
So I'm in CBT switch, I'm looking here
on the diagram this is Fast Ethernet 0/2.
327
00:19:58,226 --> 00:20:04,256
We'll do switch port trunk encapsulation
dot1q turn on 802.1q protocol
328
00:20:04,406 --> 00:20:06,906
and then I'll do a switch port mode trunk.
329
00:20:07,726 --> 00:20:08,726
That's it.
330
00:20:10,036 --> 00:20:12,416
And it-- oh, wait a sec.
331
00:20:13,016 --> 00:20:14,246
Did I write down the wrong port?
332
00:20:14,986 --> 00:20:17,846
I did, that's why CDP is so valuable.
333
00:20:18,106 --> 00:20:21,296
This-- sorry scratch that it
should be Fast Ethernet 0/3.
334
00:20:21,546 --> 00:20:22,796
Great, more practice.
335
00:20:23,216 --> 00:20:24,976
And so, we'll get back in there.
336
00:20:25,246 --> 00:20:27,296
Config T interface Fast Ethernet 0/3.
337
00:20:27,296 --> 00:20:30,476
Switch port trunk and encapsulation.1q.
338
00:20:30,696 --> 00:20:32,166
Switch port mode trunk.
339
00:20:32,436 --> 00:20:33,616
There we go.
340
00:20:33,616 --> 00:20:34,666
That now, we're good.
341
00:20:34,666 --> 00:20:40,256
Okay, so it's saying, "Okay, wait a sec, I'm
resetting that interface, change down back up.
342
00:20:40,256 --> 00:20:42,276
So now it's configured as a trunk port.
343
00:20:43,386 --> 00:20:47,326
And remind me to show you a command
about trunking, just thought of.
344
00:20:47,856 --> 00:20:51,136
I'll show you that in a second.
345
00:20:52,166 --> 00:20:52,756
I can hear you.
346
00:20:52,986 --> 00:20:53,806
I know what you're thinking.
347
00:20:54,566 --> 00:20:55,156
All right.
348
00:20:55,156 --> 00:20:57,016
So I'm sitting on-- I'm sitting on the router.
349
00:20:57,016 --> 00:20:59,976
I'm going to do-- okay, so
here's the subinterface.
350
00:20:59,976 --> 00:21:05,156
I'm going to go into interface
Fast Ethernet 0/0.
351
00:21:05,436 --> 00:21:06,896
And you might be wondering.
352
00:21:07,116 --> 00:21:09,266
Well, I mean how many of these can you create?
353
00:21:09,266 --> 00:21:11,846
How many subinterfaces are supported by CSCO?
354
00:21:12,266 --> 00:21:13,946
There it is.
355
00:21:14,426 --> 00:21:20,516
That was somewhere around
4,294, 967, 000 [inaudible].
356
00:21:20,516 --> 00:21:22,656
I mean it's-- no, no, no, no don't go and create
357
00:21:22,656 --> 00:21:25,786
that many sub interfaces I'm sure
the router would explode before then.
358
00:21:25,786 --> 00:21:28,676
He's just saying, "You have the
flexibility to create a lot of them."
359
00:21:28,676 --> 00:21:31,326
There's no feasible limit to
the number that you can create.
360
00:21:31,566 --> 00:21:36,416
But the nice thing about this is you can use
whatever, you know, normal number you want to.
361
00:21:36,776 --> 00:21:40,936
So, I'm going to come in here and
let me say, "Fast Ethernet 0/0.10.
362
00:21:40,936 --> 00:21:46,316
Now, to make this happen, first off
the subinterface number does not--
363
00:21:46,646 --> 00:21:51,816
does not mean that this now magically
responds to things for VLAN 10.
364
00:21:52,126 --> 00:21:54,006
The subinterface number is just unidentified.
365
00:21:54,006 --> 00:21:59,536
Let me do a show IP interface brief and you
see new magic interface has popped up out
366
00:21:59,536 --> 00:22:07,386
of nowhere this .10 which it doesn't do
anything until I typed in encapsulation dot 1q
367
00:22:08,406 --> 00:22:11,506
and follow it up with what VLAN it responds to.
368
00:22:12,086 --> 00:22:13,016
That's the key.
369
00:22:13,466 --> 00:22:18,736
That's the one that says, "Okay, subinterface
0/0.10 any packets that you see tagged
370
00:22:18,736 --> 00:22:21,656
with the number 10 on it remember 'cause
this is a trunk that's a good thing.
371
00:22:21,976 --> 00:22:26,106
Any thing that you see tagged with
VLAN 10 you will grab, you grab those."
372
00:22:26,496 --> 00:22:27,856
And that's such required command.
373
00:22:27,856 --> 00:22:33,326
So you could and I don't know why you would,
you could make this subinterface number 1,292
374
00:22:33,326 --> 00:22:37,746
and then say encapsulation.1q10
and it would do the same thing.
375
00:22:38,036 --> 00:22:39,286
But why would you do that?
376
00:22:39,286 --> 00:22:41,736
It's just not logical.
377
00:22:42,096 --> 00:22:46,586
So, usually, usually, you will match the
subinterface number to the VLAN number.
378
00:22:46,586 --> 00:22:47,976
Now, let's give it the IP address.
379
00:22:48,516 --> 00:22:52,436
[ Pause ]
380
00:22:52,936 --> 00:22:55,396
Good. Now, let me show you something else.
381
00:22:55,396 --> 00:22:56,796
I'm going to do interface.
382
00:22:56,796 --> 00:23:01,476
Usually, one thing you'll find in Cisco is that
it doesn't really matter what order you typed
383
00:23:01,476 --> 00:23:04,746
to commands in like if I go
in and do a no shut first
384
00:23:04,746 --> 00:23:06,426
and then assign the IP address that's fine.
385
00:23:06,466 --> 00:23:09,166
I could also go in and do the IP
address and then do a no show.
386
00:23:09,166 --> 00:23:12,356
I mean, the order it's not really
order dependent but some commands will.
387
00:23:12,466 --> 00:23:13,046
Like watch this.
388
00:23:13,046 --> 00:23:14,526
I'll do, let me just set the up arrow.
389
00:23:14,816 --> 00:23:18,836
IP address 10.0.20.1, watch what it tells me.
390
00:23:19,106 --> 00:23:23,116
It's like sorry you can't give
this subinterface an IP address
391
00:23:23,116 --> 00:23:25,276
until you tell me what VLAN it belongs to.
392
00:23:25,956 --> 00:23:30,236
And if you think about it make sense that the
router is trying to convey you it's like, "Hey,
393
00:23:30,426 --> 00:23:32,706
I don't know when to use this subinterface."
394
00:23:32,876 --> 00:23:36,106
There's nothing telling me when
this subinterface should jump in
395
00:23:36,106 --> 00:23:38,496
and be like I got you, you
know, and grab the packet so.
396
00:23:38,726 --> 00:23:41,186
So, we have to tell it, "Okay,
okay, sorry about that."
397
00:23:41,186 --> 00:23:46,576
Encapsulation, and so you're going to grab the
packet when it is VLAN 20 and now I hit the
398
00:23:46,576 --> 00:23:49,746
up arrow, takes the IP address
no problem, right?
399
00:23:50,176 --> 00:23:53,396
So, now I can do a show IP interface brief.
400
00:23:55,216 --> 00:23:56,476
That's looking cool.
401
00:23:56,566 --> 00:24:02,626
So we've got now the two sub
interfaces 10.1.10.1 and 10.1.20.1.
402
00:24:02,626 --> 00:24:08,346
Every thing else is the same and now
our computers can do their pings just
403
00:24:08,636 --> 00:24:09,506
with out any problem.
404
00:24:09,506 --> 00:24:10,446
Well, with out any problem.
405
00:24:10,446 --> 00:24:17,276
I actually went in and disable it 'cause I
had to save the last recording and it blew up.
406
00:24:17,276 --> 00:24:19,066
So now, let me flip it back it over.
407
00:24:19,416 --> 00:24:20,926
So now I've got LAN2 we should.
408
00:24:20,926 --> 00:24:27,156
We should have-- we should have--
yep, there we go the IP address.
409
00:24:27,156 --> 00:24:28,086
So, let's if it works.
410
00:24:28,546 --> 00:24:31,676
Ping 10.1.10.1.
411
00:24:35,356 --> 00:24:44,946
Dot 10-- Oh, wait no, or scratch that
10.1.20.1, that's the IP address I'm in.
412
00:24:45,146 --> 00:24:47,926
Destination host, oh, there yo go.
413
00:24:47,926 --> 00:24:48,836
Oh, okay, okay.
414
00:24:48,836 --> 00:24:50,016
Thank you Window 7.
415
00:24:50,016 --> 00:24:56,126
See Window 7, it fix you out like Windows
XP, when you disable and enable an interface
416
00:24:56,126 --> 00:24:57,556
like that, it'll just hang there.
417
00:24:57,556 --> 00:25:00,676
It's like I'm just sitting here and you're
like what's wrong with you Windows and as fell
418
00:25:00,676 --> 00:25:02,356
as I go gamed on like 30 seconds later.
419
00:25:02,496 --> 00:25:04,806
Window 7 is like ha, ha I'm so fast
420
00:25:04,946 --> 00:25:07,326
but really behind the scenes it
takes with the same 30 seconds.
421
00:25:07,326 --> 00:25:08,866
It's just doesn't make it and he sent it away.
422
00:25:09,086 --> 00:25:10,946
So, it just took some time and there we go.
423
00:25:10,946 --> 00:25:13,716
We now have my interface, my interface active.
424
00:25:13,716 --> 00:25:16,986
And now, what I'm doing is I'm
coming in over that trunk port.
425
00:25:16,986 --> 00:25:21,406
Let's do a show interface Fast Ethernet 0/0.10.
426
00:25:22,106 --> 00:25:24,516
That didn't show me too much.
427
00:25:24,836 --> 00:25:28,536
So, well, I guess we'll only see the
statistics on the parent interface.
428
00:25:28,646 --> 00:25:34,146
So I can see-- you know, this guy is not
much but he's receiving some data for these
429
00:25:34,146 --> 00:25:37,516
and now I should be able to
ping through to the other side.
430
00:25:37,516 --> 00:25:41,996
So, the same exact result 10.50, right?
431
00:25:41,996 --> 00:25:46,896
Ping 10.1.10.50, there we go.
432
00:25:46,896 --> 00:25:49,946
Same exact results as before.
433
00:25:50,256 --> 00:25:54,136
However, this one using-- this is truly a router
434
00:25:54,136 --> 00:25:57,366
on a stick this one using the
trunk configuration to do this.
435
00:25:57,366 --> 00:25:59,956
Now, let me mention one more thing.
436
00:26:01,626 --> 00:26:04,726
I'm really debating, adding a third
option in here and I think I'm going to.
437
00:26:04,946 --> 00:26:10,476
I want to mention one more thing and that
is the validity of router on a stick.
438
00:26:10,806 --> 00:26:13,626
You will find a way, if you get in
the real world and some one is like,
439
00:26:13,626 --> 00:26:15,456
"Hey, did-- so I heard you took CCNA?
440
00:26:15,456 --> 00:26:18,246
Did you learn routing through VLANs, you know."
441
00:26:18,246 --> 00:26:22,166
"Like, oh yeah, using the router on the
stick" and they'll be like, wa-ha-ha, nobody,
442
00:26:22,166 --> 00:26:23,806
uses router on a stick blah, blah, blah."
443
00:26:23,806 --> 00:26:30,206
You know it's like they have this thing-- I
will say router on a stick is designed typically
444
00:26:30,206 --> 00:26:35,666
for smaller environments, but
it is used all of the time.
445
00:26:35,666 --> 00:26:40,596
And you know, the reason they say people
don't use it is because it's a bottleneck
446
00:26:40,596 --> 00:26:42,026
and that that is absolutely correct.
447
00:26:42,026 --> 00:26:45,796
Because literally, for this guy to get to
this guy, he's got to go do this little thing.
448
00:26:45,796 --> 00:26:49,036
Da, da, da, da kind of you know,
hopping back and forth that's the--
449
00:26:49,036 --> 00:26:52,576
that word yo-yo effect you get on the, the
router on a stick because you're going out
450
00:26:52,576 --> 00:26:54,276
and back in, in and out and back in.
451
00:26:54,336 --> 00:26:55,746
You're going-- and see that kind of thing.
452
00:26:55,946 --> 00:26:58,906
So, it will slow you down but
I'm telling you for small,
453
00:26:58,906 --> 00:27:02,426
sometimes even maybe mid-sized
business, it works great.
454
00:27:02,546 --> 00:27:06,926
I mean if you can't afford a layer three
switch which is option number three,
455
00:27:07,336 --> 00:27:10,676
there's no replacing a router on a stick.
456
00:27:10,786 --> 00:27:11,176
All right.
457
00:27:11,176 --> 00:27:15,666
So, let me show you-- oh, oh, oh wait,
wait, before I do that before I see--
458
00:27:15,916 --> 00:27:18,146
I almost forgot somebody who reminded me.
459
00:27:18,496 --> 00:27:21,016
I heard him, I wanted to show
you one more command on trunking.
460
00:27:21,506 --> 00:27:22,896
Well it's kind of a nice one.
461
00:27:22,896 --> 00:27:25,486
We've configured a number of
trunk interfaces now, right?
462
00:27:25,916 --> 00:27:30,196
On our CBT switch, there is a
quick command that you can use
463
00:27:30,196 --> 00:27:32,216
to show what interfaces are trunking.
464
00:27:32,406 --> 00:27:35,736
You can do a show interface trunk.
465
00:27:36,726 --> 00:27:40,316
This is handy because I can go in
there and I can say, "Oh well, now,
466
00:27:40,316 --> 00:27:42,156
there are more trunks but they're not active."
467
00:27:42,436 --> 00:27:48,026
I can see Fast Ethernet 0/3 it's on 802.1q
is its encapsulation and it says, "Okay,
468
00:27:48,236 --> 00:27:52,606
VLANs allowed or all of them as it"-- now, we
can restrict it, we can go in and say, "Well,
469
00:27:52,606 --> 00:27:54,476
not that VLAN, not this VLAN, not that."
470
00:27:54,476 --> 00:27:55,986
You know we can trim it down.
471
00:27:56,306 --> 00:28:01,546
But it's saying normally a trunk allows
all VLANs so everything is allowed
472
00:28:01,546 --> 00:28:04,346
and then these are the ones
that are actually active.
473
00:28:04,756 --> 00:28:11,026
So, even though on this example we
only use VLAN 10 and 20 to switch
474
00:28:11,026 --> 00:28:15,776
because it is a trunk is allowing me
to send all these VLANs to the router.
475
00:28:15,776 --> 00:28:17,606
So, all that traffic is going to the router.
476
00:28:17,606 --> 00:28:21,946
Now you might say, "Oh, wait a
second, that doesn't feel efficient.
477
00:28:22,396 --> 00:28:24,476
Can I trim that down?
478
00:28:24,566 --> 00:28:31,396
Can I like-- can I just say VLANs 10 and 20
are allowed to cross that trunk to the router?"
479
00:28:31,646 --> 00:28:32,576
Answer is, "Sure."
480
00:28:33,176 --> 00:28:37,616
Go into interface Fast Ethernet 0/3
and you can do a switch port trunk
481
00:28:37,616 --> 00:28:39,036
and the command is actually allowed.
482
00:28:39,036 --> 00:28:39,496
Do you see that?
483
00:28:39,676 --> 00:28:43,876
Allowed VLANs and you can say,
"I want to allow all of them.
484
00:28:44,016 --> 00:28:49,596
Well, I want to allow a few of
them, add a few of VLANs to them
485
00:28:49,596 --> 00:28:51,646
or I want to remove the current ones.
486
00:28:51,646 --> 00:28:56,466
Now, you've got to be careful because
you might say, "Okay, allowed VLAN 10."
487
00:28:56,526 --> 00:29:01,876
And I won't allow it ''cause it's, you know,
it just says word that's why it hit VLAN 10.
488
00:29:01,876 --> 00:29:07,006
And says, "Okay, what I'm going to do is now
trim that down you can see that kind of takes
489
00:29:07,006 --> 00:29:09,406
down a VLAN one 'cause nothing
else is active there now.
490
00:29:09,406 --> 00:29:13,226
So, I'm going to do a show
interface trunk again.
491
00:29:13,576 --> 00:29:16,686
Now you can see the out port and it
says, "Allowed VLANs are active now."
492
00:29:16,906 --> 00:29:19,126
You've got to be careful here, be very careful.
493
00:29:19,126 --> 00:29:23,686
In production, it's very bad
to just cut off VLANs on a whim
494
00:29:23,916 --> 00:29:26,716
and it's sometimes you'll be
like, "Okay, well I want to do--
495
00:29:26,716 --> 00:29:29,186
okay, I've added 10 let's add 20 now."
496
00:29:29,646 --> 00:29:32,816
I will tell you, everybody
makes that mistake once.
497
00:29:32,966 --> 00:29:34,306
It's like the matrix, right?
498
00:29:34,566 --> 00:29:36,456
Everybody falls the first time Neo.
499
00:29:36,846 --> 00:29:41,256
That can be a painful fall because
what that does is and let me go back,
500
00:29:41,946 --> 00:29:44,726
is notice it just replaced VLAN 10.
501
00:29:44,726 --> 00:29:46,746
So, let me talk to you about
a production environment.
502
00:29:46,906 --> 00:29:50,976
You've got switches, you know, they're doing
their thing with trunking and you've got all
503
00:29:50,976 --> 00:29:54,876
of these hundreds of devices
connected, you know, 50 different VLANs.
504
00:29:54,876 --> 00:29:56,866
You know like oh, I just
need to add VLAN 50 here.
505
00:29:56,866 --> 00:30:00,846
So you go in and type the command that I just
showed you and say, "You know, allowed VLAN 50"
506
00:30:01,006 --> 00:30:05,846
and what happens is all the other 50
VLANs or 20 VLANs or whatever that around
507
00:30:05,846 --> 00:30:09,896
that thing get stripped and
replaced by just to VLAN 50.
508
00:30:10,406 --> 00:30:13,686
If you've got some experience in this field,
and you done that, you know that pain.
509
00:30:13,886 --> 00:30:17,956
That's a complete outage, and that
a few phone calls and that's sent
510
00:30:18,206 --> 00:30:21,736
down in the manager's office saying,
now why did you do that again?
511
00:30:21,736 --> 00:30:24,836
So you got to be careful,
this is a replace command.
512
00:30:25,226 --> 00:30:27,786
So, if you want to use the
switch for trunk-allowed VLAN,
513
00:30:27,786 --> 00:30:32,686
then I will do 10 comma 20 that will do that.
514
00:30:32,686 --> 00:30:37,096
Now, what if you've got a whole bunch of VLANs,
you don't want to retype them all, right?
515
00:30:37,096 --> 00:30:39,636
So what you can do is that-- let
me go back and let's just say,
516
00:30:39,636 --> 00:30:44,446
allowed VLAN 10 so we're
back down to just 10, right?
517
00:30:44,446 --> 00:30:47,446
And so now, I'm going-- let say, I
want to add in 20, so I can do switch
518
00:30:47,446 --> 00:30:54,096
for trunk-allowed VLAN add, you know,
instead of just typing in VLAN I'm saying,
519
00:30:54,146 --> 00:30:58,026
add to the current list of
VLANs that are there VLAN 20.
520
00:30:58,646 --> 00:31:04,986
And that trims it down, and that's pretty cool,
because that allows you to be really efficient
521
00:31:05,206 --> 00:31:09,236
to only send the VLANs towards
the router that belong there.
522
00:31:09,236 --> 00:31:13,346
Now, one of the things that you'll notice
is it says, VLANs allowed, VLANs active,
523
00:31:13,346 --> 00:31:18,126
VLANs forwarding and not pruned only 10 it takes
some time, it takes usually 5 to 10 seconds
524
00:31:18,126 --> 00:31:21,826
for the VLANs to come up once you've
added them in there, maybe 30 seconds.
525
00:31:21,946 --> 00:31:29,256
It just takes time now before the VLANS are
actually added to the trunk, but if I stand here
526
00:31:29,256 --> 00:31:32,586
and there we go, and hit the [inaudible]
enough times it will pop, and pop in there,
527
00:31:32,646 --> 00:31:34,616
so that's the one that I want to show you.
528
00:31:34,616 --> 00:31:37,446
Now, let me talk about option number 3.
529
00:31:38,636 --> 00:31:42,476
I wasn't originally going to show
this, but it's so valuable and it's
530
00:31:42,476 --> 00:31:45,186
so easy that I've just got to do it.
531
00:31:45,336 --> 00:31:48,506
Option number 3 is essentially that.
532
00:31:50,176 --> 00:31:56,196
There is no router, or I guess more
specifically there's no external router.
533
00:31:56,706 --> 00:32:01,446
Option number 3 is what just about every
large network will use and that is setting
534
00:32:01,446 --> 00:32:05,066
up a system of layer three switching.
535
00:32:05,236 --> 00:32:10,916
Now the 3550 happens to be a layer 3 switch,
536
00:32:11,076 --> 00:32:16,166
and what that does is really integrate
routing inside of the switching device.
537
00:32:16,166 --> 00:32:21,536
So instead of needing a router outside here
which you run into environments where you have
538
00:32:21,536 --> 00:32:25,816
to have that, but they actually include routing
capabilities and the way that we do it is
539
00:32:25,816 --> 00:32:31,186
through those VLAN interfaces that we
were setting up way back in the VLANs.
540
00:32:31,186 --> 00:32:35,846
Remember I said, when you create VLAN 10,
you're actually creating the layer two VLAN.
541
00:32:35,846 --> 00:32:39,676
That was the command where we
went in-- we run the switch.
542
00:32:39,676 --> 00:32:44,656
We go into global config and we type in
VLAN 10 that creates the layer two VLAN.
543
00:32:44,876 --> 00:32:48,466
But then I said, okay, but what
if you wanted a routed interface
544
00:32:48,526 --> 00:32:51,186
for that VLAN or a logical interface?
545
00:32:51,186 --> 00:32:56,056
We can do interface VLAN 10, and
that will create an interface
546
00:32:56,056 --> 00:32:57,666
that everybody in VLAN 10 can reach.
547
00:32:57,666 --> 00:32:58,596
Now check this out.
548
00:32:58,596 --> 00:33:04,776
I can give an IP address to that interface
10.1.10.1 the same IP address we were using
549
00:33:04,776 --> 00:33:09,626
for that now that phantom router here as
a default gateway, so here's the concept.
550
00:33:09,626 --> 00:33:14,796
Instead of this guy ARP-ing and finding this
outside router that will do the routing for it.
551
00:33:14,986 --> 00:33:18,626
He will send an ARP and he'll find, you
know, think of it like back here somewhere.
552
00:33:18,776 --> 00:33:23,806
You know, he'll find the router inside of
the switch which responds to the ARP messages
553
00:33:23,806 --> 00:33:26,746
and he goes oh yeah, I'll take care of
you, I'll switch you between the VLANs.
554
00:33:26,746 --> 00:33:28,996
I'll get you off the-- your
VLAN that's no problem.
555
00:33:29,336 --> 00:33:31,386
And so we create that and we go in,
556
00:33:31,386 --> 00:33:39,246
we create interface VLAN 20 give
it the IP address 10.1.20.1,
557
00:33:39,246 --> 00:33:42,316
the same IP address-- wait a second.
558
00:33:42,316 --> 00:33:43,666
I keep flipping those.
559
00:33:43,846 --> 00:33:47,416
The same IP address this guy was using as
his default gateway, so that the other one is
560
00:33:47,416 --> 00:33:48,756
that guy using his default gateway.
561
00:33:48,756 --> 00:33:50,696
So let me show you "oh."
562
00:33:51,136 --> 00:33:52,996
Let me show you.
563
00:33:53,326 --> 00:33:57,586
I'm going to go into global
config mode, so I created VLAN 10.
564
00:33:57,586 --> 00:33:58,976
VLAN 10 has always been there.
565
00:33:59,266 --> 00:34:14,216
Now, I'm going type in Interface VLAN 10, IP
address 10.1.10.1, Interface VLAN-- "ops."
566
00:34:14,666 --> 00:34:19,156
Let me unplug that router which is saying, I've
got that IP address, what are do you doing?
567
00:34:19,616 --> 00:34:20,296
He's gone.
568
00:34:20,546 --> 00:34:33,746
So IP address interface VLAN 20, IP
address 10.1.20.1, 255.255.255.0, okay?
569
00:34:34,006 --> 00:34:37,426
So now we've got, and I'm
wondering why did VLAN 20--
570
00:34:37,536 --> 00:34:43,536
oh, because there's nothing active in VLAN
20, because I disabled my network card.
571
00:34:43,536 --> 00:34:44,796
So let's bring him backup.
572
00:34:44,796 --> 00:34:47,746
We should see VLAN 20 resurrected itself.
573
00:34:47,746 --> 00:34:49,476
So now, let's go back.
574
00:34:52,436 --> 00:34:59,006
And I see that we've got VLAN 10 which
is no-- we've got VLAN 1 as well.
575
00:34:59,006 --> 00:35:01,516
So this guy is like, got arms every direction.
576
00:35:01,736 --> 00:35:04,836
VLAN 1 was what we did when
we put the base configuration.
577
00:35:05,046 --> 00:35:07,296
VLAN 10 took the 1 IP address of the router.
578
00:35:07,296 --> 00:35:09,216
VLAN 20 took the other IP address.
579
00:35:09,216 --> 00:35:13,526
Now that VLAN 20 is going to come up
any second to where that's now active,
580
00:35:13,776 --> 00:35:18,526
but now I'm able to on my computer
and this is something I want to do.
581
00:35:18,526 --> 00:35:20,316
There's VLAN 20 just when active down there.
582
00:35:20,706 --> 00:35:22,626
I'm going to do first often ARP-a.
583
00:35:22,626 --> 00:35:24,206
I want to make sure.
584
00:35:24,796 --> 00:35:28,966
Let just make sure 10.1.20.1.
585
00:35:29,306 --> 00:35:30,896
I don't-- see, here's the problem.
586
00:35:30,896 --> 00:35:37,576
My computer remembers the IP address-- sorry the
IP address to Mac address mapping for 5 minutes.
587
00:35:37,576 --> 00:35:39,226
So I'm going to clear the ARP table.
588
00:35:39,456 --> 00:35:41,726
ARP-D star as a command.
589
00:35:41,896 --> 00:35:43,616
That actually wipes out the whole ARP Table.
590
00:35:43,616 --> 00:35:48,586
So the next time I try to ping, it's going
to make sure I'm checking the Mac address
591
00:35:48,586 --> 00:35:53,046
because previously, that duplicate
Mac address thing alerted me to that.
592
00:35:53,286 --> 00:35:57,886
Previously, this guy had the IP addresses and
he had a different Mac address than the switch.
593
00:35:58,086 --> 00:36:02,476
So if this guy remembers his Mac address he's
not even going to send out the ARP for minutes,
594
00:36:02,476 --> 00:36:06,426
and we're going to not be able to
communicate so, let's jump back there.
595
00:36:06,646 --> 00:36:10,266
So now, I'm going to get on my command prompt
596
00:36:10,266 --> 00:36:18,046
and let's do a ping 10.1.20.1 is the
IP address of the now the switch.
597
00:36:18,546 --> 00:36:20,746
It's not replying which is great.
598
00:36:20,946 --> 00:36:24,856
And I can ping through now, ping.10.1.10.1.
599
00:36:24,996 --> 00:36:26,086
I hope-- actually, you know what?
600
00:36:27,346 --> 00:36:31,396
Probably not going to be able
ping to through, because I have--
601
00:36:31,996 --> 00:36:34,506
this is an annoying thing--
all right there we go.
602
00:36:34,506 --> 00:36:35,846
It's now back in place.
603
00:36:37,006 --> 00:36:37,476
There we go.
604
00:36:37,566 --> 00:36:39,356
As soon as I did that, it's like, now I can.
605
00:36:39,356 --> 00:36:43,226
Now I've only got one-- one interface to
default gateway, so now I'm pinging through.
606
00:36:43,226 --> 00:36:49,306
And you notice that, both of
the IP addresses are own by.
607
00:36:49,766 --> 00:36:54,216
Oop, I forgot that we put a
username on that what was it?
608
00:36:54,216 --> 00:36:56,416
Germany, there we go.
609
00:36:56,706 --> 00:37:02,776
They're owned now by the CBT switch, the
router is out of the picture, in large network.
610
00:37:02,776 --> 00:37:07,376
In, you know what, layer 3 switches
are no longer a out of reach commodity.
611
00:37:07,606 --> 00:37:11,416
The price has come down on them
significantly and recently here so.
612
00:37:11,646 --> 00:37:14,606
This is really starting to take hold
then we're trying to see a lot of layer
613
00:37:14,606 --> 00:37:15,776
through switches all over the place.
614
00:37:16,076 --> 00:37:17,326
That's your option 3.
615
00:37:17,576 --> 00:37:20,546
That's the one that businesses normally use.
616
00:37:21,796 --> 00:37:27,666
The biggest advantage of using
a layer 3 switch is the speed,
617
00:37:27,926 --> 00:37:32,076
because as soon as you get a
layer 3 switch that has the--
618
00:37:32,076 --> 00:37:34,506
man I thought I can do it
right while I'm talking, nope.
619
00:37:34,766 --> 00:37:35,826
Layer 3 switch.
620
00:37:36,196 --> 00:37:39,446
The layers 3 switch that-- or a switch.
621
00:37:39,546 --> 00:37:40,496
Okay, I'm done writing.
622
00:37:40,596 --> 00:37:46,576
Switch as the layer 3 capabilities
will have A6 to support it.
623
00:37:47,076 --> 00:37:52,776
So a layer3 switch will always be faster
than the router because it can actually route
624
00:37:52,776 --> 00:37:55,076
at wider speed, that's the biggest advantage.
625
00:37:55,076 --> 00:37:58,446
In addition to all of the other ones to
where you don't have to have an extra router,
626
00:37:58,446 --> 00:38:02,436
you don't have tie up a [inaudible], you don't
have configure trunk, you don't have bottleneck.
627
00:38:02,436 --> 00:38:05,336
I mean there's just so many
advantages to using a layer 3 switch.
628
00:38:05,336 --> 00:38:11,406
So that is kind of your intense
jump into the water of routing.
629
00:38:12,086 --> 00:38:16,836
We went from what is a router to routing
between VLANs tying together all those concepts.
630
00:38:16,836 --> 00:38:22,926
We saw, using separate interfaces which, not a
recommended method anymore, although it works.
631
00:38:23,026 --> 00:38:28,486
Using sub interfaces by connecting a router
interface to a trunk port and then number 3
632
00:38:28,486 --> 00:38:31,496
by using no router at all,
by using a layer 3 switch,
633
00:38:31,496 --> 00:38:35,796
and using all the internal logical interfaces
inside of there we can move our data,
634
00:38:35,796 --> 00:38:38,136
we can route our data between VLANs.
635
00:38:38,566 --> 00:38:41,556
I hope this has been informative for you,
and I'd like to thank you for viewing.
60885
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.