Table of Contents
- About the Author
- About the Technical Reviewers
- Chapter 1. Switching Connectivity
- Chapter 2. VLAN Operations
- Chapter 3. Trunking and Bandwidth Aggregation
- Chapter 4. Spanning Tree
- Chapter 5. Inter-VLAN Routing
- Chapter 6. Layer 3 Switching
- Chapter 7. Multicast Routing and Switching
- Chapter 8. Traffic Filtering and Security
- Chapter 9. Quality of Service
- Chapter 10. Maintenance, Monitoring, and Troubleshooting
- Chapter 11. Comprehensive Switching Self-Study Lab
- Appendix A. Comprehensive Switching Self-Study Lab Part I Solution
- Appendix B. Comprehensive Switching Self-Study Lab Part II Solution
Scenario 5-1: Configuring Basic IP Routing
Before examining more advanced routing topics such as Layer 3 switching and multilayer switching, you must understand the fundamentals of basic IP routing. In today's networks, IP is the ubiquitous protocol that interconnects organizations and people globally. The principles of basic routing apply end-to-end over these networks; hence, ensuring you understand the basics is very important. In this scenario you essentially configure routers to route IP traffic This gives you a clear understanding of when a switch is just a switch and when a router is a router. After this you'll be ready to tackle switches that route and other blurred boundaries between routing and switch.
Figure 5-9 shows the topology used for this scenario. The topology is based on the traditional router-on-a-stick method of inter-VLAN routing, with separate physical devices providing routing and switching functions. From a switching point of view, the topology is very simple; only a single switch is required. The major focus of this lab is the two routers Router-A and Router-B. These routers are used to demonstrate inter-VLAN routing. VLANs are created on the switch and the routers are used to enable communications between the VLANs.
Figure 5-9 Topology
The following describes the function of each component of the scenario topology shown in Figure 5-9:
- Switch-A is a Catalyst 3550-24 switch that provides LAN connectivity for Router-A and Router-B, as well as Host-A and Host-B.
- Router-A is a Cisco 2611 router with two physical Ethernet interfaces that reside in different IP subnets (VLANs to the switch), demonstrating the earliest method of implementing a router-on-a-stick. Router-A must route traffic between VLAN 1 and VLAN 2 (and vice versa).
- Router-B is a Cisco 2620 router with a single FastEthernet interface that is configured as an 802.1Q trunk. The trunk interface allows Router-B to have two virtual interfaces that reside in different VLANs operate over the same physical interface, demonstrating a more scalable method of implementing a router-on-a-stick configuration than the physical interfaces used per VLAN on Router-A. Router-B must route traffic between VLAN 2 and VLAN 3 (and vice versa).
- Host-A and Host-B are workstations that are used to test inter-VLAN routing is configured to provide connectivity between each host.
Router-A demonstrates implementing a router-on-a-stick, using a physical interface on the router to attach to each VLAN (i.e., one physical interface per VLAN). Router-B demonstrates using a physical interface to attach to each VLAN.
Understanding the Inter-VLAN Routing Packet Flow
The goal of this scenario is to demonstrate basic inter-VLAN routing between different VLANs on a switch. A switch is a Layer 2 device that can enable intra-VLAN communications only between devices in the same VLAN; to enable communications between devices in different VLANs, a Layer 3 (IP) router is required.
When multiple routers are attached to the LAN infrastructure and multiple VLANs exist, it is important to understand how packets are routed throughout the switching and routing infrastructure. Understanding these packet flows helps determine the routes you must configure on each routing device and which switch ports should be assigned to each VLAN. It also aids in the troubleshooting of inter-VLAN routing issues that might arise. Figure 5-10 shows the topology of Figure 5-9 from an inter-VLAN routing and packet flow perspective.
Figure 5-10 Inter-VLAN Routing Topology
In Figure 5-10, you can see that three VLANs exist—VLAN 1, VLAN 2, and VLAN 3. To route traffic between VLAN 1 and VLAN 2, traffic from VLAN 1 must be sent to the interface of Router-A that is attached to VLAN 1 (e0/0). Because Router-A also has an interface attached to VLAN 2 (e0/1), traffic received from VLAN 1 can be routed to VLAN 2. To route traffic between VLAN 2 and VLAN 3, traffic must be sent from the VLAN 2 interface (e0/1) of Router-A to the interface of Router-B that is attached to VLAN 2 (f0/0.2). Notice in Figure 5-10 that each of the virtual interfaces configured on Router-B can be represented as logically separate interfaces. Because Router-B also has a virtual interface attached to VLAN 3 (f0/0.3), traffic received from the VLAN 2 interface can be routed to VLAN 3. It is important to note that the routers Router-A and Router-B are the devices that enable inter-VLAN routing. Switch-A can enable communications only between devices within the same VLAN. By ensuring that each router has a connection to at least two VLANs, the router can route traffic between each VLAN.
Planning Inter-VLAN Routing Configuration
The basic IP routing configuration required in this scenario is not difficult. The only real planning required is to ensure the appropriate routes are in place to reach remote networks from each router, each workstation has an appropriate default gateway configured, and the switch has the correct ports allocated to the correct VLANs.
In terms of routing, Router-A is directly connected to the 192.168.1.0/24 and 192.168.2.0/24 subnets and, therefore, automatically can route traffic to hosts within these subnets. To reach the 192.168.3.0/24 subnet, traffic must be routed via Router-B using the interface in VLAN 2 (192.168.2.2). In the reverse direction, Router-B requires a route to the 192.168.1.0/24 network, which should specify to forward traffic for this subnet to the VLAN 2 interface (192.168.2.1) address on Router-A.
To enable hosts connected to each subnet to communicate with hosts located on remote subnets, each host should have the appropriate default gateway configured on the local operating system TCP/IP stack. The default gateway defines the default route for all non-local traffic sent from the workstation. Host-A must send all non-local traffic to the VLAN 1 interface of Router-A (192.168.1.1) because this is the only router attached to the 192.168.1.0/24 subnet. Similarly, Host-B must send all non-local traffic to the VLAN 3 interface of Router-B (192.168.3.1). Router-A and Router-B then take care of the routing required to deliver packets between Host-A and Host-B (and vice versa).
Figure 5-11 illustrates the routing requirements of the scenario topology.
Figure 5-11 Inter-VLAN Routing Topology
In Figure 5-11, you can see that each routing table entry has three parameters:
- Destination network— A range of destination addresses (normally a subnet, but can be a specific host address or a supernet)
- Next hop— The next closest routing device (hop) to the destination network
- Egress interface— The interface out which any packets addressed to an address within the destination network should be routed
For example on Router-A, a routing table entry exists for the destination network 192.168.3.0/24. The next hop is 192.168.2.2, which is required as 192.168.3.0/24 is reachable via Router-B. The egress interface is e0/1, as the next hop (Router-B) is reachable via the e0/1 interface. This route must be explicitly configured in the routing table, either manually configured using static routing or learned via a dynamic routing protocol.
In Figure 5-11, also notice that the routing table on each router has local routes (also known as connected routes), which can be identified as having a next hop of local. These connected routes are automatically generated for each subnet the router is directly attached to and enable the router to deliver packets to devices attached to these subnets. For example, on Router-A, connected routes are generated for 192.168.1.0/24 and 192.168.2.0/24, as Router-A has interfaces attached to each of these subnets. When a router discovers a destination is reachable via a connected route, assuming the egress interface is an Ethernet interface, the router generates an ARP request for the destination IP address to determine the MAC address of the host with the destination IP address. Once the MAC address of the destination host is known, the packet is delivered within an Ethernet frame addressed to the MAC address of the destination host.
To successfully commence the configuration tasks required to complete this scenario, the following lists the prerequisite configuration tasks required on each device in the scenario topology:
- Hostname— each device should be configured with an appropriate hostname as per Figure 5-9.
- Telnet/Enable password— each device should be configured with an appropriate telnet and enable password.
This scenario assumes the configuration tasks listed above have already been implemented and hence does not include the configuration of these tasks.
In this scenario you perform the following tasks:
- Configuring Layer 2 parameters
- Configuring inter-VLAN routing
- Verifying connectivity
Configuring Layer 2 Parameters
Before you can configure inter-VLAN routing, you must ensure that the appropriate Layer 2 configuration is in place. In this scenario, this requires the VLANs that packets are to be routed between actually exist and are configured. Each VLAN must be created and configured with the appropriate parameters, and then the appropriate switch ports must be placed into each VLAN. Any trunk connections must also be configured to ensure the trunk forms correctly and the appropriate VLANs are trunked across the physical trunk interface.
For this scenario, three VLANs must be configured on Switch-A, with the following port assignments (see Figure 5-10):
- VLAN 1— Interface fa0/1 and interface fa0/4
- VLAN 2— Interface fa0/2 and interface fa0/3 (trunk)
- VLAN 3— Interface fa0/3 (trunk) and interface fa0/5
All interfaces except for interface fa0/3 must be configured as access ports, meaning they belong only to a single VLAN. Interface fa0/3 must be configured as a trunk to Router-B and must transport traffic from VLAN 2 and VLAN 3. Example 5-1 shows the configuration required on Switch-A to create the required VLANs, assign the appropriate interfaces to each VLAN, and configure the trunk interface to Router-B.
Example 5-1. Configuring VLANs on Switch-A
Switch-A# configure terminal Switch-A(config)# vtp mode transparent Setting device to VTP TRANSPARENT mode. Switch-A(config)# vlan 2 Switch-A(config-vlan)# name VLAN02 Switch-A(config-vlan)# exit Switch-A(config)# vlan 3 Switch-A(config-vlan)# name VLAN03 Switch-A(config-vlan)# exit Switch-A(config)# interface range FastEthernet 0/1 – 2 , FastEthernet 0/4 - 5 Switch-A(config-if-range)# switchport mode access Switch-A(config-if-range)# exit Switch-A(config)# interface FastEthernet 0/2 Switch-A(config-if)# switchport access vlan 2 Switch-A(config-if)# exit Switch-A(config)# interface FastEthernet 0/5 Switch-A(config-if)# switchport access vlan 3 Switch-A(config-if)# exit Switch-A(config)# interface FastEthernet 0/3 Switch-A(config-if)# switchport trunk encapsulation dot1q Switch-A(config-if)# switchport mode trunk Switch-A(config-if)# switchport nonegotiate Switch-A(config-if)# switchport trunk allowed vlan 2,3,1002-1005
In Example 5-1, VLAN Trunking Protocol (VTP) is first configured to operate in transparent mode, which enables VLANs 2 and 3 to be created. Interfaces fa0/1, fa0/2, fa0/4, and fa0/5 are configured as access ports; then appropriate interfaces are then assigned to VLAN 2 and VLAN 3 (all other interfaces are assigned by default to VLAN 1). Interface fa0/3 is next configured as a trunk; then because Router-B is a router, the trunk is configured with a DTP mode of nonegotiate. Notice the allowed VLAN list on the trunk is restricted to VLAN 2 and VLAN 3, as only traffic from these VLANs needs to be forwarded over the trunk to Router-B.
Configuring Inter-VLAN Routing
Once the required Layer 2 configuration is complete, the foundation is in place to begin configuring inter-VLAN routing. In this scenario, two types of key devices are involved in routing:
- Hosts— Hosts (end devices) are involved in the routing process because they must be configured with a default gateway so that packets sent to any unknown destination network are routed correctly.
- Routers— Routers require information about each subnet in the network to be configured in the local routing table with the correct next hop router to ensure correct routing through the network.
Configuration of each of these types of devices is now discussed.
A fundamental concept of the IP routing paradigm is that routing is performed on a per-hop or per-device basis. This means that every device in the path between two communicating hosts (including the hosts themselves) must have the correct routing configuration in place; otherwise, end-to-end delivery might not be possible. When configuring inter-VLAN routing, this means that your inter-VLAN routing configuration must consider not only the normal devices associated with routing (i.e., routers), but also the routing configuration of the end devices (hosts) generate packets that require routing. As discussed previously, hosts generally are configured with a default gateway because hosts are not concerned with the intricacies of routing and require a simple routing configuration.
In this scenario, Host-A must be configured with a default gateway of 192.168.1.1, and Host-B must be configured with a default gateway of 192.168.3.1. Although there are two "hosts" (Host-A and Host-B), there is also a third "host" on the network. This third host is Switch-A, which can be considered a host because it includes a TCP/IP stack for network management purposes. Just as Host-A and Host-B require a default gateway to ensure the successful routing of packets generated by the hosts, so Switch-A requires a default gateway to ensure other devices in the network can communicate with it.
To configure the default gateway on a Cisco IOS-based Layer 2 switch, you use the ip default-gateway global configuration command as follows:
Switch(config)# ip default-gateway gateway-ip-address
It is important to note on Cisco IOS-based Layer 3 switches, such as the Catalyst 3550, that the ip default-gateway command can be used only if IP routing has been disabled on the switch. IP routing is disabled by default on all Cisco IOS-based Layer 3 switches (except for the Catalyst 6000/6500 operating in native IOS mode) and, if enabled, can be disabled by using the no ip routing global configuration command. If IP routing must be enabled, you can configure a default gateway of sorts by configuring a default route as demonstrated below:
Switch(config)# ip routing Switch(config)# ip route 0.0.0.0 0.0.0.0 gateway-ip-address
Notice that the ip routing command must be configured to use the ip route command. If IP routing has been disabled, you must use the ip default-gateway command to configure a default gateway.
In this scenario, the management interface on Switch-A must be configured in VLAN 2 with an IP address of 192.168.2.100 (see Figure 5-9). Because Router-A and Router-B are both connected to VLAN 2, you can configure either router as the default gateway. For this scenario, it doesn't matter which router you choose as the default gateway because each router is configured with full routing information for all subnets in the network. Example 5-2 demonstrates the configuration required on Switch-A to create the management interface and configure Router-A as the default gateway.
Example 5-2. Configuring a Default Gateway on Switch-A
Switch-A# configure terminal Switch-A(config)# interface vlan 2 Switch-A(config-if)# ip address 192.168.2.100 255.255.255.0 Switch-A(config-if)# exit Switch-A(config)# ip default-gateway 192.168.2.1
Assuming Host-A has been configured with a default gateway of 192.168.1.1 and Host-B has been configured with a default gateway of 192.168.3.1, after the configuration of Example 5-2, all "hosts" in the network are configured correctly to communicate with remote destinations.
Configuring the Routers (Router-A and Router-B)
On Cisco IOS routers, although routing is enabled by default, no routes are explicitly configured; hence, a Cisco router configured with only the appropriate interface IP addressing and no routing configuration can route only between locally attached networks. In this section, the routing operation of a Cisco router before any routes have been configured is demonstrated, after which the required routing configuration for this scenario is implemented and the results are compared with the previous results.
The configuration required for Router-A to connect to the network and route between VLANs 1 and 2 is simple because multiple physical interfaces exist on Router-A for each VLAN. Example 5-3 shows the configuration required on Router-A to enable each interface to connect to the appropriate VLANs and also to enable Router-A to route between VLAN 1 and VLAN 2.
Example 5-3. Configuring Router-A
Router-A# configure terminal Router-A(config)# interface ethernet 0/0 Router-A(config-if)# description CONNECTED TO VLAN 1 Router-A(config-if)# no shutdown Router-A(config-if)# ip address 192.168.1.1 255.255.255.0 Router-A(config-if)# exit Router-A(config)# interface ethernet 0/1 Router-A(config-if)# description CONNECTED TO VLAN 2 Router-A(config-if)# no shutdown Router-A(config-if)# ip address 192.168.2.1 255.255.255.0
In Example 5-3, each Ethernet interface is configured with the appropriate IP addressing. By default, all interfaces on a router are in the shutdown state, with each interface requiring explicit enabling by using the no shutdown interface configuration mode command. Once each interface is enabled, Router-A accepts packets on each of these interfaces and is able to route packets between locally connected networks only (i.e., VLAN 1 and VLAN 2).
The configuration required for Router-B to connect to the network and route between VLANs 2 and 3 is a little more complex than the configuration required on Router-A because Router-B must be configured with a trunk interface. Example 5-4 shows the configuration required on Router-B to configure the trunk to Switch-A and to enable Router-B to route between VLAN 2 and VLAN 3.
Example 5-4. Configuring Router-B
Router-B# configure terminal Router-B(config)# interface FastEthernet 0/0 Router-B(config-if)# no shutdown Router-B(config-if)# exit Router-B(config)# interface FastEthernet 0/0.2 Router-B(config-if)# description CONNECTED TO VLAN 2 Router-B(config-if)# encapsulation dot1q 2 Router-B(config-if)# ip address 192.168.2.2 255.255.255.0 Router-B(config-if)# exit Router-B(config)# interface FastEthernet 0/0.3 Router-B(config-if)# description CONNECTED TO VLAN 3 Router-B(config-if)# encapsulation dot1q 3 Router-B(config-if)# ip address 192.168.3.1 255.255.255.0
In Example 5-4, notice you do not configure any IP addressing on the physical FastEthernet 0/0 interface. You create sub-interfaces (also known as logical interfaces) using the interface FastEthernet 0/0. x command, where x is a unique sub-interface identifier. A sub-interface is created for each VLAN that you want to attach the router to, with the appropriate IP addressing configured on the sub-interface. The ID of the VLAN associated with each sub-interface is specified by the last parameter in the encapsulation dot1q x command.
After the configuration of Example 5-3 and Example 5-4, assuming all interfaces on Router-A and Router-B are connected to Switch-A, you should be able to successfully verify that each router can communicate with any device that is directly attached to the router. For example, Router-A should be able to ping both Host-A and Switch-A, while Router-B should be able to ping both Host-B and Switch-A. However, if at this stage either router attempts to ping any host on a subnet that is not locally connected (e.g., Router-A attempting to communicate with devices in VLAN 3), connectivity fails because routing has not been configured yet.
Example 5-5 demonstrates testing ping connectivity from Router-A to the interface attached to VLAN 3 on Router-B.
Example 5-5. Testing ping Connectivity from Router-A to the VLAN 3 Interface on Router-B
Router-A# ping 192.168.3.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5)
Notice that you can't ping the VLAN 3 interface on Router-B. This is because the IP routing table on Router-A does not possess an entry for the 192.168.3.0/24 subnet, as is demonstrated by the show ip route command on Router-A in Example 5-6.
Example 5-6. Viewing the Routing Table on Router-A
Router-A# show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C 192.168.1.0/24 is directly connected, Ethernet0/0 C 192.168.2.0/24 is directly connected, Ethernet0/1
As you can see in Example 5-6, routes exist only for locally connected networks on Router-A, which means packets sent to any other destination are unroutable at this stage.
A useful command that can be used to verify routing operation is the debug ip packet command, which generates debugging output for any packet that is process-switched by the router. Example 5-7 demonstrates the use of this command on Router-A, after attempting to ping the VLAN 3 interface (192.168.3.1) on Router-B
Example 5-7. Testing ping Connectivity from Router-A to the VLAN 3 Interface
Router-A# debug ip packet IP packet debugging is on Router-A# ping 192.168.3.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds: 01:37:58: IP: s=192.168.1.1 (local), d=192.168.3.1, len 100, unroutable. 01:38:00: IP: s=192.168.1.1 (local), d=192.168.3.1, len 100, unroutable. 01:38:02: IP: s=192.168.1.1 (local), d=192.168.3.1, len 100, unroutable. 01:38:04: IP: s=192.168.1.1 (local), d=192.168.3.1, len 100, unroutable. 01:38:06: IP: s=192.168.1.1 (local), d=192.168.3.1, len 100, unroutable. Success rate is 0 percent (0/5)
In Example 5-7, the shaded output shows the debugging messages generated for each ping packet that is sent. The important text within each message is the unroutable portion at the end, which has been shaded. This message means that the router does not possess a route to the destination network and, therefore, must discard the packet.
To enable Router-A and Router-B to communicate with the VLANs that are not locally connected, static routes must be created on each router. Static routes are configured using the ip route global configuration command as follows:
Router(config)# ip route destination-network destination-mask next-hop-gateway [admin-distance]
Example 5-8 demonstrates configuring a static route for the 192.168.3.0/24 network on Router-A.
Example 5-8. Configuring Static IP Routes on Router-A
Router-A# configure terminal Router-A(config)# ip route 192.168.3.0 255.255.255.0 192.168.2.2
In Example 5-8, the 192.168.3.0/24 subnet is defined as being reachable via Router-B (192.168.2.2). This means any packets received by Router-A with a destination IP address of 192.168.3.x are forwarded to Router-B. Example 5-9 shows the routing configuration required on Router-B.
Example 5-9. Configuring Static IP Routing on Router-B
Router-B# configure terminal Router-B(config)# ip route 192.168.1.0 255.255.255.0 192.168.2.1
After configuring routing on Router-A and Router-B, the routing tables should now include the new static routes. Example 5-10 shows the output of the show ip route command on Router-A.
Example 5-10. Verifying the IP Routing Table on Router-A
Router-A# show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C 192.168.1.0/24 is directly connected, Ethernet0/0 C 192.168.2.0/24 is directly connected, Ethernet0/1 S 192.168.3.0/24 [1/0] via 192.168.2.2
In Example 5-10, the shaded output shows the static route configured in Example 5-9 loaded into the IP routing table.
The S on the left-hand side indicates the route is a static route (see the codes section at the top of the show ip route command output), while the [1/0] indicates, firstly, the administrative distance of the route (1) and, secondly, the metric of the route (0). The administrative distance defines the preference of the route when multiple routing protocols offer up different routes to the same destination network. Different routing protocols possess different administrative distances—for example, OSPF possesses an administrative distance of 110 by default, while a static route possesses an administrative distance of 1 by default. The lower the administrative distance, the more preferable the route—administrative distance is always the primary entity used to select which routes should appear in the routing table.
The metric of the route defines how far away the route is and is used to differentiate between routes that possess the same administrative distance (this is normally routes from the same routing protocol). Routing protocols each possess different mechanisms for calculating metrics; in general, the lower the metric, the more preferred the route is. Importantly, administrative distance always takes precedence over the metric of a router. For example, a route with an administrative distance of 10 and a metric of 10,000 is preferred over a route with an administrative distance of 100 and a metric of 1, even though the second route has a lower metric because the administrative distance of the first route is lower and hence preferred.
Now that the appropriate routing configuration is in place on Router-A and Router-B, hosts in VLAN 1 should be able to communicate with hosts in VLAN 3 (as well as VLAN 2).
Example 5-11 demonstrates using the ping command to verify connectivity to VLAN 3 from Router-A, with the debug ip packet command enabled.
Example 5-11. Testing ping Connectivity from Router-A to the VLAN 3 Interface
Router-A# debug ip packet IP packet debugging is on Router-A# ping 192.168.3.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms Router-A# 01:55:59: IP: s=192.168.2.1 (local), d=192.168.3.1 (Ethernet0/1), len 100, sending 01:55:59: IP: s=192.168.3.1 (Ethernet0/1), d=192.168.2.1 (Ethernet0/1), len 100, rcvd 01:55:59: IP: s=192.168.2.1 (local), d=192.168.3.1 (Ethernet0/1), len 100, sending 01:55:59: IP: s=192.168.3.1 (Ethernet0/1), d=192.168.2.1 (Ethernet0/1), len 100, rcvd 01:55:59: IP: s=192.168.2.1 (local), d=192.168.3.1 (Ethernet0/1), len 100, sending 01:55:59: IP: s=192.168.3.1 (Ethernet0/1), d=192.168.2.1 (Ethernet0/1), len 100, rcvd 01:55:59: IP: s=192.168.2.1 (local), d=192.168.3.1 (Ethernet0/1), len 100, sending 01:55:59: IP: s=192.168.3.1 (Ethernet0/1), d=192.168.2.1 (Ethernet0/1), len 100, rcvd 01:55:59: IP: s=192.168.2.1 (local), d=192.168.3.1 (Ethernet0/1), len 100, sending 01:55:59: IP: s=192.168.3.1 (Ethernet0/1), d=192.168.2.1 (Ethernet0/1), len 100, rcvd
In Example 5-11, the VLAN 3 interface on Router-B (192.168.3.1) is successfully pinged, with the debug output providing details of the packets sent and received. If you compare the output of Example 5-11 with Example 5-7 (where routing was not configured), notice that the debug output is quite different. The first shaded line shows a ping packet (ICMP echo request) being sent by the router (as indicated by the text sending at the end of the line). Notice that the message indicates that the packet is being routed out the Ethernet0/1 interface, as indicated by the Ethernet0/1 text in the parentheses after the d=192.168.3.1 text. The second shaded line shows return ping replies (ICMP echo replies) received by the router, as indicated by the rcvd text at the end of the line.
If you take a closer look at the source and destination IP addresses of the ping packets generated in Example 5-11, you might notice that Example 5-11 is only verifying Router-A can route to VLAN 3 (192.168.3.0/24) and is not verifying that Router-B can route to VLAN 1 (192.168.1.0/24). This is because by default, the source IP address of each ping request generated by Router-A is the IP address of the egress interface out which the packet is sent. Because 192.168.3.0/24 is reachable via the egress interface Ethernet 0/0 on Router-A, the source IP address of each ping packet generated is 192.168.2.1. Router-B is directly attached to the 192.168.2.0/24 subnet, so even if Router-B does not have a route configured for VLAN 1, Router-B is able to successfully reply to the 192.168.2.1 source address of each ping request.
To verify that Router-B knows how to route to the 192.168.1.0/24 network, you can test connectivity between Host-A and Host-B, or you can ping the VLAN 1 interface on Router-A from Router-B. Another way to verify the routing configuration on Router-B is to issue an extended ping on Router-A, which allows you to modify the source IP address of the ping packets generated to be the VLAN 1 interface on Router-A. Example 5-12 demonstrates using the extended ping command on Router-A to verify both Router-A and Router-B have the appropriate routing configuration in place in a single step.
Example 5-12. Testing Extended ping Connectivity from Router-A to Router-B
Router-B# ping Protocol [ip]: ip Target IP address: 192.168.3.1 Repeat count : Datagram size : Timeout in seconds : Extended commands [n]: y Source address or interface: 192.168.1.1 Type of service : Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
In Example 5-12, you just specify the ping command to enter the interactive extended ping mode. In interactive mode, you are prompted for various parameters that are used to generate ping packets. The defaults are listed in square brackets for each prompt so if the default is sufficient you can just press the Enter key. In Example 5-12, the destination IP address is indicated with the use of extended commands enabled. Extended commands allow you to specify advanced parameters, such as the source address of the ping packet that is generated. In Example 5-12, notice that a source address of 192.168.3.1 is configured. After configuring the extended commands, the ping packets are generated, with successful replies received. This confirms two things:
- A valid route exists on Router-A for the destination network (192.168.3.0/24) of the ping traffic.
- A valid route exists on Router-B for the 192.168.1.0/24 network. This is true because the source IP address of the ping traffic (192.168.1.1) resides in the 192.168.1.0/24 network. For Router-B to successfully reply to the ping traffic from Router-A, it must have a route for the 192.168.1.0/24 network in its local route table.
At this point, the routing configuration on Router-A and Router-B has been successfully tested, and Host-A on VLAN 1 should be able to communicate with Host-B on VLAN 3. When verifying host connectivity to the network, it is good practice to first ensure that the host can ping its local default gateway and to then attempt to ping a remote network. Taking this approach ensures that you verify the path to remote networks in an incremental fashion, starting from the first hop in the path. Example 5-13 demonstrates verifying connectivity from Host-A to Host-B in such a fashion.
Example 5-13. Testing ping Connectivity from Host-A
C:\WINXP\SYSTEM32> ping 192.168.1.1 Pinging 192.168.1.1 with 32 bytes of data: Reply from 192.168.1.1: bytes=32 time=1ms TTL=255 Reply from 192.168.1.1: bytes=32 time=1ms TTL=255 Reply from 192.168.1.1: bytes=32 time=1ms TTL=255 Reply from 192.168.1.1: bytes=32 time=1ms TTL=255 Ping statistics for 192.168.1.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms C:\WINXP\SYSTEM32> ping 192.168.3.100 Pinging 192.168.3.100 with 32 bytes of data: Reply from 192.168.3.100: bytes=32 time=1ms TTL=255 Reply from 192.168.3.100: bytes=32 time=1ms TTL=255 Reply from 192.168.3.100: bytes=32 time=1ms TTL=255 Reply from 192.168.3.100: bytes=32 time=1ms TTL=255 Ping statistics for 192.168.3.100: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms
In Example 5-13, connectivity to the local default gateway (Router-A) is first verified, after which connectivity to the desired remote network (VLAN 3) is verified.
Sometimes you might run into a situation where you want to verify the path traffic between two hosts takes through the network. The tracert (Windows) and traceroute (Cisco IOS and UNIX) utilities are useful tools that enable you to discover the path between two endpoints in the network. Example 5-14 demonstrates the use of the tracert utility on Host-A.
Example 5-14. Verifying the Network Path from Host-A to Host-B
C:\WINXP\SYSTEM32> tracert -d 192.168.3.100 Tracing route to 192.168.3.100 over a maximum of 30 hops 1 1 ms 1 ms 1 ms 192.168.1.1 2 2 ms 3 ms 1 ms 192.168.2.2 3 3 ms 5 ms 5 ms 192.168.3.100 Trace Complete.
In Example 5-14, use the –d option to prevent the Windows operating system from performing a DNS query for the hostname associated with each IP address returned. Each routing device in the path to the destination is shown. You can see that Router-A (192.168.1.1) is the first router, Router-B (192.168.2.2) is the second router, with the third entry representing the traceroute packet reaching its final destination.