Showing posts with label Network. Show all posts
Showing posts with label Network. Show all posts

June 20, 2018

Resetting Cisco AIR-CAP1702I-E-K9 CAPWAP/LWAP Access Point to Factory Defaults and Reconfiguration AP connect WLC

In this post I will show how to do the same task using Mode/Reset button of the Access point. the image below shows this Reset button of the given AP 1702I. It is usually marked with the “MODE” label.


You can use this mode/reset button when you do not know password or your AP firmware is corrupted,etc. In my case, even the firmware is not corrupted. 
Now, I power off my AP and connect to it with a console cable. 


This is important: I press and hold the MODE button for 20s (until the LED become solid RED). While the button is still pressed, I plug the power back in. I now wait for the message “button is pressed, wait for button to be released…“.


Let’s release the MODE button and wait for the code to load. Here is the process:
IOS Bootloader - Starting system.
flash is writable
Antigua Lite Board P2
40MB format
Tide XL MB - 40MB of flash
Xmodem file system is available.
flashfs[0]: 72 files, 9 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 41158656
flashfs[0]: Bytes used: 21359104
flashfs[0]: Bytes available: 19799552
flashfs[0]: flashfs fsck took 22 seconds.
Base Ethernet MAC address: 84:3d:c6:a8:ed:d8
Ethernet speed is 100 Mb - FULL Duplex
button is pressed, wait for button to be released...
button pressed for 36 seconds
process_config_recovery: set IP address and config to default 10.0.0.1
process_config_recovery: image recovery
image_recovery: Download default IOS tar image tftp://255.255.255.255/ap3g2-k9w7-tar.default
examining image...
DPAA Set for Independent Mode
tide_boot_speed = 100 
DPAA_INIT = 0x0
%Error opening tftp://255.255.255.255/ap3g2-k9w7-tar.default (connection timed out)
Now we reset the AP:
ap: reset
Are you sure you want to reset the system (y/n)?y
System resetting...
IOS Bootloader - Starting system.
flash is writable
Antigua Lite Board P2
40MB format
Tide XL MB - 40MB of flash
Xmodem file system is available.
flashfs[0]: 72 files, 9 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 41158656
flashfs[0]: Bytes used: 21359104
flashfs[0]: Bytes available: 19799552
flashfs[0]: flashfs fsck took 22 seconds.
Base Ethernet MAC address: 84:3d:c6:a8:ed:d8
Ethernet speed is 100 Mb - FULL Duplex
Loading "flash:/ap3g2-k9w8-mx.153-3.JBB6/ap3g2-k9w8-mx.153-3.JBB6"...#########################
File "flash:/ap3g2-k9w8-mx.153-3.JBB6/ap3g2-k9w8-mx.153-3.JBB6" uncompressed and installed, entry point: 0x2003000
executing...
Secondary Bootloader - Starting system.
Antigua Lite Board P2
40MB format
Tide XL MB - 40MB of flash
Xmodem file system is available.
flashfs[0]: 72 files, 9 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 41158656
flashfs[0]: Bytes used: 21359104
flashfs[0]: Bytes available: 19799552
flashfs[0]: flashfs fsck took 22 seconds.
flashfs[1]: 0 files, 1 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 12257280
flashfs[1]: Bytes used: 1024
flashfs[1]: Bytes available: 12256256
flashfs[1]: flashfs fsck took 0 seconds.
Base Ethernet MAC address: 84:3d:c6:a8:ed:d8
Unable to locate IOS image with name **xx**.
Boot CMD: 'boot  flash:/ap3g2-k9w8-mx.153-3.JBB6/ap3g2-k9w8-xx.153-3.JBB6'
Loading "flash:/ap3g2-k9w8-mx.153-3.JBB6/ap3g2-k9w8-xx.153-3.JBB6"...###############################################
File "flash:/ap3g2-k9w8-mx.153-3.JBB6/ap3g2-k9w8-xx.153-3.JBB6" uncompressed and installed, entry point: 0x1003000
executing...
              Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706
Cisco IOS Software, C1700 Software (AP3G2-K9W8-M), Version 15.3(3)JBB6, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Sun 01-Nov-15 21:19 by prod_rel_team
Antigua Lite Board P2
40MB format
Tide XL MB - 40MB of flash
Initializing flashfs...
flashfs[2]: 72 files, 9 directories
flashfs[2]: 0 orphaned files, 0 orphaned directories
flashfs[2]: Total bytes: 40900608
flashfs[2]: Bytes used: 21359104
flashfs[2]: Bytes available: 19541504
flashfs[2]: flashfs fsck took 15 seconds.
flashfs[2]: Initialization complete.
flashfs[4]: 0 files, 1 directories
flashfs[4]: 0 orphaned files, 0 orphaned directories
flashfs[4]: Total bytes: 11999232
flashfs[4]: Bytes used: 1024
flashfs[4]: Bytes available: 11998208
flashfs[4]: flashfs fsck took 0 seconds.
flashfs[4]: Initialization complete.
Copying radio files from flash: to ram:
Copy in progress...CCCCC
Copy in progress...CCC
Copy in progress...CCCC
Copy in progress...CCCC
Copy in progress...CC
Copy in progress...CC
Copy in progress...CCCC
Copy in progress...CC
Copy in progress...CCCCCC
Copy in progress...CCCC
Copy in progress...CC
Uncompressing radio files...
...done Initializing flashfs.
Radio0  present 8764 8000 0 A8000000 A8010000 0
Rate table has 586 entries (20 legacy/160 11n/406 11ac)
POWER TABLE FILENAME = ram:/U2.bin
Radio1  present 8864 8000 0 80000000 80100000 4
POWER TABLE FILENAME = ram:/U5.bin
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
cisco AIR-CAP1702I-E-K9 (PowerPC) processor (revision A0) with 376810K/134656K bytes of memory.
Processor board ID FCW2032N82C
PowerPC CPU at 800Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 8.1.131.0
1 Gigabit Ethernet interface
2 802.11 Radios
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 84:3D:C6:A8:ED:D8
Part Number                          : 73-16776-01
PCA Assembly Number                  : 000-00000-00
PCA Revision Number                  : 
PCB Serial Number                    : FOC20298ARY
Top Assembly Part Number             : 068-100665-01
Top Assembly Serial Number           : FCW2032N82C
Top Revision Number                  : A0
Product/Model Number                 : AIR-CAP1702I-E-K9   
% Please define a domain-name first.
Press RETURN to get started!
*Mar  1 00:00:19.767: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed (15)
*Mar  1 00:00:20.223: Registering HW DTLS
*Mar  1 00:00:20.267: APAVC: Initial WLAN Buffers Given to System is  2500
*Mar  1 00:00:20.319: APAVC:  WlanPAKs 42878 RadioPaks  42270
*Mar  1 00:00:20.319: Starting Ethernet promiscuous mode
*Mar  1 00:00:22.635: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar  1 00:00:22.635: %LINK-6-UPDOWN: Interface GigabitEthernet1, changed state to up
*Mar  1 00:00:25.167: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0 (4)
*Mar  1 00:00:25.279: Loading Power Tables from ram:/U2.bin. Class = E
*Mar  1 00:00:25.279:  record size of 3ss: 1168 read_ptr: 4E3DEB6
*Mar  1 00:00:30.467: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1 (4)
*Mar  1 00:00:30.515: Loading Power Tables from ram:/U5.bin. Class = E
*Mar  1 00:00:30.515:  record size of vht: 2904 read_ptr: 4E3DEB6
*Mar  1 00:00:31.411: %LWAPP-3-CLIENTERRORLOG: Config load from flash failed. Initialising Cfg
*Mar  1 00:00:31.519: Wait until the stile protocol list is initialized.
*Mar  1 00:00:32.771: Start STILE Activation
*Mar  1 00:00:33.015: Found crash file: 'crashinfo_19930301-000038-UTC'
*Mar  1 00:00:33.783: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
*Mar  1 00:00:33.783: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1, changed state to down
*Mar  1 00:00:35.563: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1700 Software (AP3G2-K9W8-M), Version 15.3(3)JBB6, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Sun 01-Nov-15 21:19 by prod_rel_team
*Mar  1 00:00:35.563: %SNMP-5-COLDSTART: SNMP agent on host ap is undergoing a cold start
*Mar  1 00:00:35.831: %CDP_PD-4-POWER_OK: Full power - HIGH_POWER inline power source
*Mar  1 00:00:36.675: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Mar  1 00:00:37.287: %LWAPP-3-CLIENTERRORLOG: Config load from flash failed. Initialising Cfg
*Mar  1 00:00:37.703: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to uplwapp_crypto_init: MIC Present and Parsed Successfully
*Mar  1 00:00:37.859: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Mar  1 00:00:37.859: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar  1 00:00:37.859: %LINK-5-CHANGED: Interface GigabitEthernet1, changed state to administratively down
*Mar  1 00:00:38.911: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar  1 00:00:38.911: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar  1 00:00:47.683: %LINK-6-UPDOWN: Interface BVI1, changed state to down
*Mar  1 00:00:48.727: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to down
*Mar  1 00:00:50.547: %SOAP_FIPS-2-SELF_TEST_HW_SUCCESS: HW crypto FIPS self test passed (2-16)
*Mar  1 00:00:50.547: DPAA Initialization Complete
*Mar  1 00:00:50.547: %SYS-3-HARIKARI: Process DPAA INIT top-level routine exited
*Mar  1 00:00:51.547: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar  1 00:00:53.551: %LINK-6-UPDOWN: Interface BVI1, changed state to up
*Mar  1 00:00:53.987: Currently running a Release Image
*Mar  1 00:00:54.407: Using SHA-2 signed certificate for image signing validation.
*Mar  1 00:00:54.695: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Mar  1 00:00:55.095: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 192.168.13.66, mask 255.255.255.0, hostname AP843d.c6a8.edd8
*Mar  1 00:01:00.947: APAVC: Succeeded to activate all the STILE protocols.
*Mar  1 00:01:00.947: APAVC: Registering with CFT
*Mar  1 00:01:00.947: APAVC: CFT registration of delete callback succeeded
*Mar  1 00:01:00.947: APAVC: Reattaching  Original Buffer pool for system use
*Mar  1 00:01:00.947: Pool-ReAtach: paks 42878 radio42270
%Default route without gateway, if not a point-to-point interface, may impact performance
*Mar  1 00:01:08.531: AP image integrity check PASSED
*Mar  1 00:01:08.535: %LWAPP-3-CLIENTERRORLOG: Config load from flash failed. Initialising Cfg
*Mar  1 00:01:08.607: Cert ISSUER (39): cn=Cisco Manufacturing CA SHA2,o=Cisco
*Mar  1 00:01:08.631: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar  1 00:01:09.723: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar  1 00:01:09.731: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar  1 00:01:10.723: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar  1 00:01:10.979: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar  1 00:01:11.979: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
%Error opening flash:/capwap-saved-config (No such file or directory)
*Mar  1 00:01:18.635: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 0 CLI Request Triggered
Translating "CISCO-CAPWAP-CONTROLLER.xxx.xxx"...domain server (192.168.1.20)
Finally, we use credentials Cisco/Cisco (both with capital “c”) to log in:
User Access Verification
Username: Cisco
Password: ! this is also Cisco
AP843d.c6a8.edd8>enable
Password: ! this is also Cisco
Now I can reconfigure my AP connect to WLC. On my AP I may also do:
AP843d.c6a8.edd8#debug capwap console cli
Not in Bound state.
This command is meant only for debugging/troubleshooting 
Any configuration change may result in different
behavior from centralized configuration. 
CAPWAP console CLI allow/disallow debugging is on
AP843d.c6a8.edd8#
*Mar  1 00:08:04.175: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
*Mar  1 00:08:07.251: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 192.168.13.66, mask 255.255.255.0, hostname AP843d.c6a8.edd8
Translating "CISCO-CAPWAP-CONTROLLER.xxx.xxx"...domain server (192.168.1.20)
Not in Bound state.
*Mar  1 00:12:46.695: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
*Mar  1 00:12:49.771: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 192.168.13.58, mask 255.255.255.0, hostname AP843d.c6a8.edd8
AP843d.c6a8.edd8#
AP843d.c6a8.edd8#capwap ap controller ip address 192.168.1.1 // IP WLC
Waiting for 5 minutes to AP download IOS image from WLC
Translating "CISCO-CAPWAP-CONTROLLER.xxx.xxx"...domain server (192.168.1.20)
*Mar  1 00:15:57.211: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.
*Jun 19 08:43:22.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.1 peer_port: 5246
*Jun 19 08:43:22.335: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.1.1 peer_port: 5246
*Jun 19 08:43:22.335: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.1
*Jun 19 08:43:23.075: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Jun 19 08:43:23.147: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Jun 19 08:43:23.823: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller XXX-WLC
*Jun 19 08:43:23.955: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jun 19 08:43:24.155: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Jun 19 08:43:24.963: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Jun 19 08:43:24.963: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Jun 19 08:43:25.059: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.1.1:5246
*Jun 19 08:43:25.059: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Jun 19 08:43:25.151: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Jun 19 08:43:25.151: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Jun 19 08:43:25.159: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jun 19 08:43:25.787: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jun 19 08:43:25.787: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jun 19 08:43:26.003: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Jun 19 08:43:26.011: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Jun 19 08:43:26.995: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Jun 19 08:43:27.003: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Jun 19 08:43:27.031: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jun 19 08:43:27.039: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Jun 19 08:43:27.047: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Jun 19 08:43:28.031: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jun 19 08:43:28.039: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Jun 19 08:43:28.075: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jun 19 08:43:29.075: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Jun 19 08:43:35.787: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.
*Jun 19 08:43:36.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.1peer_port: 5246
*Jun 19 08:43:36.335: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.1.1 peer_port: 5246
*Jun 19 08:43:36.335: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.1
*Jun 19 08:43:36.975: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Jun 19 08:43:37.047: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Jun 19 08:43:37.719: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller XXX-WLC
*Jun 19 08:43:37.855: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jun 19 08:43:38.059: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Jun 19 08:43:38.963: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Jun 19 08:43:38.967: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Jun 19 08:43:39.199: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
*Jun 19 08:43:39.203:  IN TLV decode - 0 100 -1062731500 3 10 8 ---
*Jun 19 08:43:39.863: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jun 19 08:43:39.959: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Jun 19 08:43:39.999: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jun 19 08:43:40.011: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Jun 19 08:43:40.019: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Jun 19 08:43:40.999: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Jun 19 08:43:41.011: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Jun 19 08:43:41.047: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jun 19 08:43:42.047: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jun 19 08:44:00.419: %CLEANAIR-6-STATE: Slot 0 enabled
*Jun 19 08:44:02.191: %CLEANAIR-6-STATE: Slot 1 enabled
AP843d.c6a8.edd8#copy running-config startup-config
Destination filename [startup-config]? yes
%Error copying nvram:yes (Invalid argument)
AP843d.c6a8.edd8#write memory 
*Jun 19 08:52:16.771: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Jun 19 08:52:16.775: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Jun 19 08:52:17.775: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Jun 19 08:52:17.811: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jun 19 08:52:18.811: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Jun 19 08:52:32.347: %CLEANAIR-6-STATE: Slot 1 down
*Jun 19 08:52:48.639: %CLEANAIR-6-STATE: Slot 1 enabled
OK, Let's open WLC GUI controller on web browser, Click Wireless Tab & select AP

Ap Name: change your AP name and set static IP for AP

Apply OK, The AP will reboot.


After that add AP above to Group.



DONE.

September 1, 2015

Khái Niệm Và Cách Cấu Hình VLAN



TÁC GIẢ : NGUYỄN THÀNH TRUNG

I> Khái niệm Vlan :
- Mạng Lan (Local Area Network):Là mạng cục bộ được định nghĩa là tất cả các máy tính nằm trong cùng một miền quảng bá (Broadcast Domain).Các Router (bộ định tuyến) có chức năng ngăn chặn miền quảng bá và làm tăng số lượng miền quảng bá,còn Switch (bộ chuyển mạch) chuyển tiếp miền quảng bá và làm mở rộng vùng quảng bá.
- Vlan (Virtual Local Area Network):Là một miền quảng bá được tạo bởi Switch hay được hiểu như là một mạng Lan ảo.Đối với Vlan thì Switch có thể tạo ra miền quảng bá.

II> Ứng dụng của Vlan :
- Ngăn chặn vùng quảng bá
- Gia tăng tính bảo mật
- Uyền chuyển trong viêc 1 Switch có thể tạo ra nhiều Switch ảo
- Tạo ra vùng quảng bá để sử dụng chung một ứng dụng nào đó (điện thoại VoIP).

III> NỘI DUNG:
+ Phần 1: Routing các VLAN trên Router Cisco
+ Phần 2: Routing các VLAN trên Switch layer 3
+ Phần 3: Routing các VLAN trên windows Server 2003 

IV> LAB:
- Trong bài Lab gồm 4 phòng ban và các thiết bị Cisco 2 Switch 2960,Router 2811,Switch 3560 (Core).Mỗi phòng ban tương ứng với 1 Vlan .
- Yêu cầu:Cấu hình các thiết bị sao cho các phòng ban có thể truyền dữ được với nhau.


*MÔ HÌNH 1 :



- Cấu hình Switch 2960 lên 2 phòng kế toán và nhân sự :
Trích:
Building configuration...

Current configuration : 2033 bytes

!

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname Switch1

!

!

!

interface FastEthernet0/1

switchport access vlan 2

switchport mode access

!

interface FastEthernet0/2

switchport access vlan 2

switchport mode access

!

interface FastEthernet0/3

switchport access vlan 2

switchport mode access

!

interface FastEthernet0/4

switchport access vlan 2

switchport mode access

!

interface FastEthernet0/5

switchport access vlan 2

switchport mode access

!

interface FastEthernet0/6

switchport access vlan 2

switchport mode access

!

interface FastEthernet0/7

switchport access vlan 2

switchport mode access

!

interface FastEthernet0/8

switchport access vlan 2

switchport mode access

!

interface FastEthernet0/9

switchport access vlan 2

switchport mode access

!

interface FastEthernet0/10

switchport access vlan 2

switchport mode access

!

interface FastEthernet0/11

switchport access vlan 3

switchport mode access

!

interface FastEthernet0/12

switchport access vlan 3

switchport mode access

!

interface FastEthernet0/13

switchport access vlan 3

switchport mode access

!

interface FastEthernet0/14

switchport access vlan 3

switchport mode access

!

interface FastEthernet0/15

switchport access vlan 3

switchport mode access

!

interface FastEthernet0/16

switchport access vlan 3

switchport mode access

!

interface FastEthernet0/17

switchport access vlan 3

switchport mode access

!

interface FastEthernet0/18

switchport access vlan 3

switchport mode access

!

interface FastEthernet0/19

switchport access vlan 3

switchport mode access

!

interface FastEthernet0/20

switchport access vlan 3

switchport mode access

!

interface FastEthernet0/21

!

interface FastEthernet0/22

!

interface FastEthernet0/23

!

interface FastEthernet0/24

switchport mode trunk

!

interface GigabitEthernet1/1

!

interface GigabitEthernet1/2

!

interface Vlan1

no ip address

shutdown

!

!

line con 0

!

line vty 0 4

login

line vty 5 15

login

!

!

end
- Cấu hình Switch 2960 lên 2 phòng kinh doanh và hành chánh :
Trích:
Building configuration...

Current configuration : 2055 bytes

!

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname Switch

!

ip name-server 0.0.0.0

!

!

interface FastEthernet0/1

switchport access vlan 4

switchport mode access

!

interface FastEthernet0/2

switchport access vlan 4

switchport mode access

!

interface FastEthernet0/3

switchport access vlan 4

switchport mode access

!

interface FastEthernet0/4

switchport access vlan 4

switchport mode access

!

interface FastEthernet0/5

switchport access vlan 4

switchport mode access

!

interface FastEthernet0/6

switchport access vlan 4

switchport mode access

!

interface FastEthernet0/7

switchport access vlan 4

switchport mode access

!

interface FastEthernet0/8

switchport access vlan 4

switchport mode access

!

interface FastEthernet0/9

switchport access vlan 4

switchport mode access

!

interface FastEthernet0/10

switchport access vlan 4

switchport mode access

!

interface FastEthernet0/11

switchport access vlan 5

switchport mode access

!

interface FastEthernet0/12

switchport access vlan 5

switchport mode access

!

interface FastEthernet0/13

switchport access vlan 5

switchport mode access

!

interface FastEthernet0/14

switchport access vlan 5

switchport mode access

!

interface FastEthernet0/15

switchport access vlan 5

switchport mode access

!

interface FastEthernet0/16

switchport access vlan 5

switchport mode access

!

interface FastEthernet0/17

switchport access vlan 5

switchport mode access

!

interface FastEthernet0/18

switchport access vlan 5

switchport mode access

!

interface FastEthernet0/19

switchport access vlan 5

switchport mode access

!

interface FastEthernet0/20

switchport access vlan 5

switchport mode access

!

interface FastEthernet0/21

!

interface FastEthernet0/22

!

interface FastEthernet0/23

!

interface FastEthernet0/24

switchport mode trunk

!

interface GigabitEthernet1/1

!

interface GigabitEthernet1/2

!

interface Vlan1

no ip address

shutdown

!

!

line con 0

!

line vty 0 4

login

line vty 5 15

login

!

!

end
- Cấu hình Router 2811 :
Trích:
Building configuration...



Current configuration : 794 bytes

!

version 12.4

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname Router

!

!

!

interface FastEthernet0/0

no ip address

duplex auto

speed auto

!

interface FastEthernet0/0.2

encapsulation dot1Q 2

ip address 192.168.1.1 255.255.255.0

!

interface FastEthernet0/0.3

encapsulation dot1Q 3

ip address 192.168.2.1 255.255.255.0

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

!

interface FastEthernet0/1.4

encapsulation dot1Q 4

ip address 192.168.3.1 255.255.255.0

!

interface FastEthernet0/1.5

encapsulation dot1Q 5

ip address 192.168.4.1 255.255.255.0

!

interface Vlan1

no ip address

shutdown

!

ip classless

!

!

!

line con 0

line vty 0 4

login

!

!

!

end

MÔ HÌNH 2 :



- Cấu hình 2 Switch 2960 (Làm tương tự):
- Cấu hình Switch 3560 (Core):
Trích:
Building configuration...



Current configuration : 1265 bytes

!

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname Core

!

!

!

interface FastEthernet0/1

!

interface FastEthernet0/2

!

interface FastEthernet0/3

!

interface FastEthernet0/4

!

interface FastEthernet0/5

!

interface FastEthernet0/6

!

interface FastEthernet0/7

!

interface FastEthernet0/8

!

interface FastEthernet0/9

!

interface FastEthernet0/10

!

interface FastEthernet0/11

!

interface FastEthernet0/12

!

interface FastEthernet0/13

!

interface FastEthernet0/14

!

interface FastEthernet0/15

!

interface FastEthernet0/16

!

interface FastEthernet0/17

!

interface FastEthernet0/18

!

interface FastEthernet0/19

!

interface FastEthernet0/20

!

interface FastEthernet0/21

!

interface FastEthernet0/22

!

interface FastEthernet0/23

!

interface FastEthernet0/24

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface Vlan1

no ip address

shutdown

!

interface Vlan2

ip address 192.168.1.1 255.255.255.0

!

interface Vlan3

ip address 192.168.2.1 255.255.255.0

!

interface Vlan4

ip address 192.168.3.1 255.255.255.0

!

interface Vlan5

ip address 192.168.4.1 255.255.255.0

!

ip classless

!

!

!

line con 0

line vty 0 4

login

!

!

!

end
MÔ HÌNH 3 :


- Cấu hình 2 Switch 2960 (Làm tương tự):
- Cấu hình Router software :
+ Thiết lập địa chỉ IP trên card mạng kết nối với Switch 1












- Thiết lập địa chỉ IP trên card mạng kết nối với Switch 2 :










-Cấu hình Routing and Remote access :
Hình ảnh này đã được thay đổi kích thước. Click vào đây để xem hình ảnh gốc với kích thước là 962x628