Nicholas Morrison - Networking Specialist

flokinet-005 - Routing between VLANs

Tags:

Connecting to the lab server

  • Open your favourite Terminal Emulator
  • SSH to the netlab server:
  • $ ssh-keygen -R netlab.nanocat.net   <- delete the cached fingerprint
                                        (lab server rebuilt frequently)
$ ssh lab@netlab.nanocat.net
Password: (generated fresh each week)
  • List the running containerlab devices:
  • $ sudo containerlab inspect --all
  • Connect to an Arista device:
  • $ sudo docker exec -it clab-device–name Cli
  • .. or connect to a Linux device:
  • $ sudo docker exec -it clab-pcXX-name bash

Diagram

Topology 03

Goal

  • all devices in all VLANs can ping each other.

Multi-Layer Switching (MLS)

  • Old Think: Switches = Layer 2, Routers = Layer 3
  • New Think: “switching” and “routing” are roles
  • Switching = forwarding packets at Layer 2
    • Frames (sometimes called “Layer 2 Packets”)
    • forwarding based on destination MAC address (show mac address-table)
    • no IP addresses (show ip interface brief)
    • no participation in routing (show ip route)
  • Routing = forwarding packets at Layer 3
    • Packets
    • forwarding based on destination IP address (show ip route)
      • or label when using MPLS
    • IPv4: ARP (Address Resolution Protocol) (show ip arp)
    • IPv6: NDP (Neighbor Discovery Protocol) (show ipv6 neighbors)
    • routing table (show ip route)

Configuration overview

  • Create a Layer 3 VLAN interface to act as the gateway for your PCs
  • Ensure your PCs have the correct default route set

What you are responsible for configuring

  • the two PCs connected to your switch
  • your switch (switch-XX)
  • your uplink port on core-01
  • the L3 VLAN interface as follows:
    • switch-01: vlan 10
    • switch-02: vlan 20
    • switch-03: vlan 30
    • switch-04: vlan 40
    • switch-05: vlan 50

Convert the core-01 into a Multi-Layer Switch

!
ip routing
!

Configure a Layer 3 VLAN interface

!
interface vlan 10
   description --- web ---
   ip address 192.168.10.1/24
!

Inspect core-01

show mac address-table
show ip arp
show ip route
ping 192.168.x.x

tcpdump

At a bash prompt:

# capture and decode all packets on ethX
$ tcpdump -i ethX

# capture and decode all ICMP packets on ethX
$ tcpdump -i ethX icmp

# capture and decode all packets to or from 192.168.100.100
$ tcpdump -i ethX host 192.168.100.100

# capture and decode FRAMES
$ tcpdump -i ethX -e ether

# capture and decode FRAMES with a filter
$ tcpdump -i ethX -e ether host 01:23:45:67:89:01