flokinet-005 - Routing between VLANs
Connecting to the lab server
- Open your favourite Terminal Emulator
- SSH to the netlab server:
-
$ ssh-keygen -R netlab.nanocat.net <- delete the cached fingerprint (lab server rebuilt frequently) $ ssh lab@netlab.nanocat.net Password: (generated fresh each week)
- List the running containerlab devices:
-
$ sudo containerlab inspect --all
- Connect to an Arista device:
-
$ sudo docker exec -it clab-device–name Cli
- .. or connect to a Linux device:
-
$ sudo docker exec -it clab-pcXX-name bash
Diagram
Goal
- all devices in all VLANs can ping each other.
Multi-Layer Switching (MLS)
- Old Think: Switches = Layer 2, Routers = Layer 3
- New Think: “switching” and “routing” are roles
- Switching = forwarding packets at Layer 2
- Frames (sometimes called “Layer 2 Packets”)
- forwarding based on destination MAC address (
show mac address-table
) - no IP addresses (
show ip interface brief
) - no participation in routing (
show ip route
)
- Routing = forwarding packets at Layer 3
- Packets
- forwarding based on destination IP address (
show ip route
)- or label when using MPLS
- IPv4: ARP (Address Resolution Protocol) (
show ip arp
) - IPv6: NDP (Neighbor Discovery Protocol) (
show ipv6 neighbors
) - routing table (
show ip route
)
Configuration overview
- Create a Layer 3 VLAN interface to act as the gateway for your PCs
- Ensure your PCs have the correct default route set
What you are responsible for configuring
- the two PCs connected to your switch
- your switch (switch-XX)
- your uplink port on core-01
- the L3 VLAN interface as follows:
- switch-01: vlan 10
- switch-02: vlan 20
- switch-03: vlan 30
- switch-04: vlan 40
- switch-05: vlan 50
Convert the core-01 into a Multi-Layer Switch
!
ip routing
!
Configure a Layer 3 VLAN interface
!
interface vlan 10
description --- web ---
ip address 192.168.10.1/24
!
Inspect core-01
show mac address-table
show ip arp
show ip route
ping 192.168.x.x
tcpdump
At a bash prompt:
# capture and decode all packets on ethX
$ tcpdump -i ethX
# capture and decode all ICMP packets on ethX
$ tcpdump -i ethX icmp
# capture and decode all packets to or from 192.168.100.100
$ tcpdump -i ethX host 192.168.100.100
# capture and decode FRAMES
$ tcpdump -i ethX -e ether
# capture and decode FRAMES with a filter
$ tcpdump -i ethX -e ether host 01:23:45:67:89:01