IP Addressing implementation - LAN
This section will plan out the IP addressing for our modelled hotel network and then implement the LAN and interVLAN routing requirements.
Explanation
In the previous section, we developed an IP addressing scheme for Hotel California. There is quite a bit going on in that section, and I encourage you to review it carefully so that you have a solid understanding of the “design”. However, in this section, you are the implementor, and you should trust in the design philosophy and follow the template that has been created for you.
We will start with applying the addressing scheme to determine individual host and interfaces addresses for our devices. We will use a spreadsheet to create some network documentation for our Hotel, and then we will apply the addresses to our EVE topology and test our implementation.
Planning
Step 1 - Download the template spreadsheet.
Click on this link Address Planning Sheet link to download a pre-prepared spreadsheet. This spreadsheet features three tabs. The first tab shows a completed addressing plan for the Perth site, assuming we are modelling Guest levels 20 and 25. The second tab is a partially completed table for the Perth site with Guest level 20 and the second modelled level left blank. The third tab is an incomplete table for the Sydney hotel site.
Step 2 - Complete the second table for the Guest level at Perth.
- Complete the entries for the orange cells in the second table (Perth - Student Worksheet). You should use the Guest floor number you selected in the VLAN section (using your student number) and complete the Perth site’s addressing using your assigned floor.
You can refer to the first tab, the implementor notes (text box in the spreadsheet) and the overall IP addressing design document to determine the addresses you need to use.
Hint: We are following an easy to implement template for our IP addressing. If you find yourself struggling with subnet masks and working out what to put in the box, one cell at a time, you have missed the point. When you understand the template, this is a trivial exercise.
Step 3 - Complete the third table for the Sydney site.
Moving on to the third table (Perth - Student Worksheet), you should complete the Sydney site’s addressing.
Remember, we have an easy to follow numbering scheme designed to be both scalable and to reduce errors when implementing. If you get to the end of this section and ask yourself, “Is that really all I need to do?” then you are probably on the right track. Go back and look at the overall IP addressing design page and reassure yourself that we intended it to be this easy.
Again, if you find yourself spending a lot of time on any cell after the first one, you are missing the point of our structure. When you work it out, you should experience an “oh, why didn’t I see that before” reaction.
Step 4 - Save your completed table.
- Save your completed spreadsheet for future reference.
If you are enrolled in ICT291, this spreadsheet needs to be submitted along with your EVE implementation. Please include your student number or name in the filename.
Step 5 - Double-checking your work
How do you know your work is correct
As you are following a template, there is no way to “test” the answers. However, the spreadsheet lists the following guidelines to implementors:
Notes to implementor: * The hotel site number must be unique to this site. * The second octet must be the Hotel Site number in all addresses. * The third octet must be 128 for all Staff addresses unless more than 250 are required. * The VLAN ID for Staff must be 1000 unless more than 250 staff are catered for. * The VLAN ID for all guest floors must match the floor number. * The third octet of any Guest address must match the floor number and VLAN ID. * The gateway address used by hosts must match the SVI address (DL1 .2 at this stage).
Implementation - LAN
Now that we have a detailed IP addressing plan for the Hotel group we will configure the local area network (LAN) and enable routing between the VLANs. Note that we will not yet be configuring the links to the core even though we have detailed them in our addressing plan.
Step 1 - Configuring your host PC addresses
- Referring to your spreadsheet, apply the appropriate IP address to each of the e0/0 interfaces on your PCs.
- You should have previously performed a no shutdown but if not, do so now.
How will you know if it is correctly configured?
show ip interface brief is one of the most used troubleshooting commands.
PerStaff2#show ip interface brief Interface IP-Address OK? Method Status Protocol Ethernet0/0 10.1.128.11 YES manual up up Ethernet0/1 unassigned YES TFTP administratively down down Ethernet0/2 unassigned YES TFTP administratively down down Ethernet0/3 unassigned YES TFTP administratively down down PerStaff2#
As the staff are all in the same subnet and VLAN at each site. PerStaff1 should be able to ping PerStaff2; SydStaff1 should be able to ping SydStaff2;
If the staff PCs within a hotel site cannot ping each other, you should verify:
- Your devices are turned on (Cisco blue)
- Your switch ports connected to the PC are in the correct VLAN (1000).
- The links between your switches are trunking (show interface trunk)
- VLAN 1000 is present on all your switches (show vlans)
As your Guests are on different floors and consequently in different subnets and VLANs, we cannot test them yet.
Step 2 - Enable interVLAN routing on the Distribution Layer devices
Many versions of Cisco IOS do not automatically enable routing between VLANs.
- Enable routing on each Distribution Layer device with the ip routing command.
PERDL1>enable PERDL1#conf t Enter configuration commands, one per line. End with CNTL/Z. PERDL1(config)#ip routing
Step 3 - Configuring your Distribution Router VLAN interfaces
-Referring to your spreadsheet (and the interVLAN lab), configure your distribution router VLAN interfaces that will form the gateways for your PCs.
As we are configuring redundant gateways using two distribution routers, each router must have an IP address in each VLAN. Recall that the distribution device is a layer three switch. The routing component does not have physical interfaces (e0/0 etc.) but rather connects to the switching component using a VLAN interface.
For example on PerDL1:
PERDL1>enable PERDL1#conf t Enter configuration commands, one per line. End with CNTL/Z. PERDL1(config)#int vlan 1000 PERDL1(config-if)#ip add 10.1.128.2 255.255.255.0 PERDL1(config-if)#no shutdown PERDL1(config-if)#int vlan 20 PERDL1(config-if)#ip add 10.1.20.2 255.255.255.0 PERDL1(config-if)#no shutdown PERDL1(config-if)#int vlan25 PERDL1(config-if)#ip add 10.1.25.2 255.255.255.0 PERDL1(config-if)#no shutdown PERDL1(config-if)#
Note that all the PerDL1 VLAN interfaces all have a second octet of 1 (they are in Perth), and the third octet is 128 for staff and or corresponds to the floor number for Guests. The VLAN number and the third octet also match for guests. Look out for these patterns in your own addressing. On PerDL1, all the host portions of the address are dot-2. If you were configuring PerDL2, they would all be dot-3.
How will you know if it is correctly configured?
Once again show ip interface brief is helpful to verify that the VLAN interfaces are up and have the appropriate IP address.
PERDL1#show ip interface brief Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES unset up up Ethernet0/1 unassigned YES unset administratively down down Ethernet0/2 unassigned YES unset administratively down down Ethernet0/3 unassigned YES unset administratively down down Ethernet1/0 unassigned YES unset up up Ethernet1/1 unassigned YES unset up up Ethernet1/2 unassigned YES unset up up Ethernet1/3 unassigned YES unset up up Vlan20 10.1.20.2 YES manual up up Vlan25 10.1.25.2 YES manual up up Vlan1000 10.1.128.2 YES manual up up PERDL1#
If the VLANs do not show up, check that you have actually created the VLANs with show vlans.
At this stage, each PC should be able to ping each distribution device’s IP address that resides in its VLAN. So a staff PC should be able to ping the dot-2 and dot-3 address in the same subnet (and VLAN). Similarly, the GuestPC on level 20 should be able to ping the dot-2 and dot-3 address in its network. The same applies to GuestPC2 in your other VLAN. This must work as the dot-2, and dot3 addresses represent potential gateways for the PCs. Without an active gateway, communicating any further within your network will not be possible.
Even though we have enabled routing, you still cannot ping between subnets because your PCs do not know where the gateway is.
Step 4 - Configuring a default gateway on your PCs
As we are “faking” PCs using a Cisco router, we use a static route to simulate the default-gateway configuration associated with a real host.
ip default-gateway gateway-address
As we have two distribution layer routers, we have two potential gateways. Dealing with two gateways and automatically switching between them will be covered as a separate topic. For now, we will configure each PC to use DL1 (the dot-2 address) as its gateway.
For example:
PerStaff1>enable PerStaff1#conf t Enter configuration commands, one per line. End with CNTL/Z. PerStaff1(config)#ipdefault-gateway 10.1.128.2 PerStaff1(config)#end PerStaff1#
- Referring to the spreadsheet, configure the appropriate default gateway on each of your PCs.
How will you know if it is correctly configured?
Just behind show ip interface brief in usefulness is show ip route. A default route shows up as a “gateway of last resort” and should be “pointing” to the address of the default gateway:
PerGuest1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is 10.1.20.2 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 10.1.20.2
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.20.0/24 is directly connected, Ethernet0/0
L 10.1.20.10/32 is directly connected, Ethernet0/0
PerGuest1#
Troubleshooting
You should now be able to ping between all the devices within a hotel site. You can also use the traceroute command to follow the routing path your packets are taking.
For example a traceroute from PerGuest1 to PerStaff2:
PerGuest1#traceroute 10.1.128.11 Type escape sequence to abort. Tracing the route to 10.1.128.11 VRF info: (vrf in name/id, vrf out name/id) 1 10.1.20.2 1 msec 1 msec 2 msec 2 10.1.128.11 1 msec 2 msec * PerGuest1#
In the above example, you can see that traceroute reports the IP address of each layer three device it encounters. So a packet travelling from PerGuest1 passes through 10.1.20.2 (its gateway at PerDL1) before reaching its final destination at PerStaff2 (10.1.128.11).
If you find that two devices within the same site can not communicate, then check the default route on both PCs because a successful ping or traceroute requires traffic flow in both directions.
If the default routes look correct and you still can’t communicate, you should double-check that each PC can ping the gateway in its subnet.