Cisco | Konfig Link Point to Point Layer2, Layer3 dan VLAN
1. Link Port-channel antar Core to Disti tidak perlu pake protocol. Di gambar ini SW-Core-1 terhubung ke Distribution SW-1, sedgkn Core-2 terhubung ke Distribution SW-2. Masing-masing ada 2 tarikan kabel. Catatan: Di Switch distribution menggunakan metode stacking, pisisk ada 2 swith, namun 1 secara logik.
2. Port-channel switch Disti dan Access bs pake non-protocol, bs pake protocol. Kalau pake procotol mode portchannel nya pek active.
3. Link dari Core-SW (N7k) to Firewall-PALO
4. Link to Core (Po L3) dan Link to Access (Po L2)
Konfig Switch Core-1
interface Ethernet1/19
description Link to Port Ten1/1/1
channel-group 103
no shutdown
!
rface Ethernet1/20
description Link to Port Ten1/1/2
channel-group 103
no shutdown
!
interface port-channel103
description to_DAPENRA1
ip address 10.1.241.1/30
ip ospf network point-to-point
ip router ospf 1 area 0.0.0.0
!
--------------------------------
Konfig SW-Dsitribution-01 (N7K) - VPC
interface Ethernet1/35
channel-group 103
no shutdown
!
rface Ethernet1/20
description Link to Port Ten1/1/2
channel-group 103
no shutdown
!
interface port-channel103
description to_DAPENRA1
ip address 10.1.241.1/30
ip ospf network point-to-point
ip router ospf 1 area 0.0.0.0
!
--------------------------------
Konfig SW-Dsitribution-01 (N7K) - VPC
interface Ethernet1/35
description Link to HQ-AcSW-GA05-LT.5 Te1/1/4
switchport
switchport mode trunk
switchport trunk allowed vlan 307,314,331
storm-control broadcast level 20.00
channel-group 5 mode active
no shutdown
!
interface port-channel5
switchport
switchport mode trunk
switchport trunk allowed vlan 307,314,331
storm-control broadcast level 20.00
switchport
switchport mode trunk
switchport trunk allowed vlan 307,314,331
storm-control broadcast level 20.00
channel-group 5 mode active
no shutdown
!
interface port-channel5
switchport
switchport mode trunk
switchport trunk allowed vlan 307,314,331
storm-control broadcast level 20.00
vpc 5
Konfig SW-Dsitribution-02 (N7K) - VPC
interface Ethernet1/35
interface Ethernet1/35
description Link to HQ-AcSW-GA05-LT.5 Te2/1/4
switchport
switchport mode trunk
switchport trunk allowed vlan 307,314,331
storm-control broadcast level 20.00
channel-group 5 mode active
no shutdown
!
interface port-channel5
switchport
switchport mode trunk
switchport trunk allowed vlan 307,314,331
storm-control broadcast level 20.00
switchport
switchport mode trunk
switchport trunk allowed vlan 307,314,331
storm-control broadcast level 20.00
channel-group 5 mode active
no shutdown
!
interface port-channel5
switchport
switchport mode trunk
switchport trunk allowed vlan 307,314,331
storm-control broadcast level 20.00
vpc 5
----------------------------------------------------
Konfig SW-Access-01 Cat9200-48P
interface TenGigabitEthernet1/1/4
description Uplink TO_Disti-N7K
switchport trunk allowed vlan 307,314,331
switchport mode trunk
switchport nonegotiate
storm-control broadcast level 20.00
channel-group 1 mode active
!
interface TenGigabitEthernet2/1/4
description Uplink Uplink TO_Disti-N7K
switchport trunk allowed vlan 307,314,331
switchport mode trunk
switchport nonegotiate
storm-control broadcast level 20.00
channel-group 1 mode active
!
interface Port-channel1
escription Uplink Uplink TO_Disti-N7K
switchport trunk allowed vlan 307,314,331
switchport mode trunk
switchport nonegotiate
storm-control broadcast level 20.00
end
_______________________________________________
5. Link Point to Point swith dengan firewall. Disisi swith port pisisk konfig Vlan access, dan L3 nya pake SVI. Disisi firewall port2 dan port di bounding, firewall-01 Active dan firewall-02 standby/backup.
_________________________________________________________
6. Link Port-Channel L3 switch Cat6500. Jika Port-Channel L2 bisa pake mode on.
6. Link Port-Channel L3 switch Cat6500. Jika Port-Channel L2 bisa pake mode on.
7. Link to Access Point Cisco C9100 AXI (Joint WLC)
interface GigabitEthernet1/0/3
description MGMT_WIFI_GRAHA
switchport trunk native vlan 308
switchport mode trunk
spanning-tree portfast trunk
end
!
-----ATAU --------
interface GigabitEthernet1/0/12
description MGMT_WIFI_GSG-RUANG_RIAS-LT2
switchport trunk native vlan 309
switchport mode trunk
spanning-tree portfast
spanning-tree bpduguard enable
end
!
8. Link to Access Point Cisco AIR-AP-1600 (NOt Joint WLC /Standalone)
interface GigabitEthernet1/0/7
description MGMT_WIFI_GSG
switchport trunk native vlan 309
switchport mode trunk
end
description MGMT_WIFI_GSG
switchport trunk native vlan 309
switchport mode trunk
end
9. Konfigurasi FEX (Fabric Extender). Misal FEX 117
interface Ethernet3/33
description To N2248-Fex117-Rack100-Atas
switchport
switchport mode fex-fabric
fex associate 117
channel-group 117
no shutdown
interface Ethernet3/34
description To N2248-Fex117-Rack100-Atas
switchport
switchport mode fex-fabric
fex associate 117
channel-group 117
no shutdown
interface Ethernet4/33
description To N2248-Fex117-Rack100-Atas
switchport
switchport mode fex-fabric
fex associate 117
channel-group 117
no shutdown
interface Ethernet4/34
description To N2248-Fex117-Rack100-Atas
switchport
switchport mode fex-fabric
fex associate 117
channel-group 117
no shutdown
!
interface port-channel117
switchport
switchport mode fex-fabric
fex associate 117
!
fex 117
pinning max-links 1
description "Rack36_Exalogic"
type N2248TP-E
description To N2248-Fex117-Rack100-Atas
switchport
switchport mode fex-fabric
fex associate 117
channel-group 117
no shutdown
interface Ethernet3/34
description To N2248-Fex117-Rack100-Atas
switchport
switchport mode fex-fabric
fex associate 117
channel-group 117
no shutdown
interface Ethernet4/33
description To N2248-Fex117-Rack100-Atas
switchport
switchport mode fex-fabric
fex associate 117
channel-group 117
no shutdown
interface Ethernet4/34
description To N2248-Fex117-Rack100-Atas
switchport
switchport mode fex-fabric
fex associate 117
channel-group 117
no shutdown
!
interface port-channel117
switchport
switchport mode fex-fabric
fex associate 117
!
fex 117
pinning max-links 1
description "Rack36_Exalogic"
type N2248TP-E
10. Konfig port link antar perangkat pakai kabel FO
DISTI-01
interface GigabitEthernet2/1
description # To Fl.1 BTR-01-ACC03 Gi0/1 #- ##PAKE FO)
switchport
switchport trunk allowed vlan 1,4,60,68,101,102,131,147
switchport mode trunk
udld port aggressive
spanning-tree guard root
end
!
BTR-01-ACC03#sh run int
!
interface GigabitEthernet0/1
description # UPLINK_TO_BTR-08-6500-DIST-01_Gi2/1 #
switchport trunk allowed vlan 1,4,60,101,102,131,147
switchport mode trunk
udld port aggressive
end
11. Konfigurasi link port antar pernagkat pakai Kabel UTP
interface GigabitEthernet0/3
description # UPLINK_TO_BTR-01-ACC08_Gi1/0/48 #
switchport trunk allowed vlan 1,4,60,101,102,131,147
switchport mode trunk
end
!
interface GigabitEthernet1/0/48
description # UPLINK_TO_BTR-01-ACC03_Gi0/3 #
switchport trunk allowed vlan 1,4,60,101,102,131,147
switchport mode trunk
end
12. Link ke Access Point AP-Aruba pakai kabel UTP (ada WLC)
BTM-01-ACC08#sh run interface gi1/0/4
interface GigabitEthernet1/0/1
description # AP ARUBA #
switchport access vlan 60
switchport mode access
udld port aggressive
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
end
========================================
13. Link ke PC-User kabel UTP
BTM-01-ACC03#sh run int fastEthernet 0/7
interface FastEthernet0/7
description # USER-PC #
switchport access vlan 4
switchport mode access
udld port aggressive
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
end
DISTI-01
interface GigabitEthernet2/1
description # To Fl.1 BTR-01-ACC03 Gi0/1 #- ##PAKE FO)
switchport
switchport trunk allowed vlan 1,4,60,68,101,102,131,147
switchport mode trunk
udld port aggressive
spanning-tree guard root
end
!
BTR-01-ACC03#sh run int
!
interface GigabitEthernet0/1
description # UPLINK_TO_BTR-08-6500-DIST-01_Gi2/1 #
switchport trunk allowed vlan 1,4,60,101,102,131,147
switchport mode trunk
udld port aggressive
end
11. Konfigurasi link port antar pernagkat pakai Kabel UTP
interface GigabitEthernet0/3
description # UPLINK_TO_BTR-01-ACC08_Gi1/0/48 #
switchport trunk allowed vlan 1,4,60,101,102,131,147
switchport mode trunk
end
!
interface GigabitEthernet1/0/48
description # UPLINK_TO_BTR-01-ACC03_Gi0/3 #
switchport trunk allowed vlan 1,4,60,101,102,131,147
switchport mode trunk
end
12. Link ke Access Point AP-Aruba pakai kabel UTP (ada WLC)
BTM-01-ACC08#sh run interface gi1/0/4
interface GigabitEthernet1/0/1
description # AP ARUBA #
switchport access vlan 60
switchport mode access
udld port aggressive
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
end
========================================
13. Link ke PC-User kabel UTP
BTM-01-ACC03#sh run int fastEthernet 0/7
interface FastEthernet0/7
description # USER-PC #
switchport access vlan 4
switchport mode access
udld port aggressive
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
end
==================================
14. Link ke PC/Laptop kabel UTP
interface FastEthernet0/45
switchport access vlan 2
switchport mode access
spanning-tree portfast
spanning-tree guard root
!
-----ATAU-------
interface FastEthernet0/21
description # USER #
switchport access vlan 4
switchport mode access
udld port aggressive
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
end
interface FastEthernet0/45
switchport access vlan 2
switchport mode access
spanning-tree portfast
spanning-tree guard root
!
-----ATAU-------
interface FastEthernet0/21
description # USER #
switchport access vlan 4
switchport mode access
udld port aggressive
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
end
15. Link to Mesin Print Photocopy
interface GigabitEthernet2/0/15
description LAN_DAPENRA_LT.3
switchport access vlan 333
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
end
16. LINK TRUNK -UTP-
interface FastEthernet0/47
description # BTR-02-ACC09
switchport trunk allowed vlan 1,2,21,60,102
switchport mode trunk
!
interface FastEthernet0/48
description # BTR-02-ACC09
switchport trunk allowed vlan 1,2,21,102
switchport mode trunk
udld port aggressive
!
-------------------------
17. LINK TRUNK -FO
interface GigabitEthernet0/1
description BTR-08-6500-DIST-02_Gi2/2
switchport trunk allowed vlan 1,2,21,60,102
switchport mode trunk
udld port aggressive
!
BTM-08-6500-DIST-01#sh run interface gi2/1
interface GigabitEthernet2/1
description # To Fl.1 BTR-01-ACC03 Gi0/1 #
switchport trunk allowed vlan 1,4,60,68,101,102,131,147
switchport mode trunk
udld port aggressive
spanning-tree guard root
end
interface GigabitEthernet2/0/15
description LAN_DAPENRA_LT.3
switchport access vlan 333
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
end
16. LINK TRUNK -UTP-
interface FastEthernet0/47
description # BTR-02-ACC09
switchport trunk allowed vlan 1,2,21,60,102
switchport mode trunk
!
interface FastEthernet0/48
description # BTR-02-ACC09
switchport trunk allowed vlan 1,2,21,102
switchport mode trunk
udld port aggressive
!
-------------------------
17. LINK TRUNK -FO
interface GigabitEthernet0/1
description BTR-08-6500-DIST-02_Gi2/2
switchport trunk allowed vlan 1,2,21,60,102
switchport mode trunk
udld port aggressive
!
BTM-08-6500-DIST-01#sh run interface gi2/1
interface GigabitEthernet2/1
description # To Fl.1 BTR-01-ACC03 Gi0/1 #
switchport trunk allowed vlan 1,4,60,68,101,102,131,147
switchport mode trunk
udld port aggressive
spanning-tree guard root
end
18. Konfigurasi Link Management (OOB)
interface GigabitEthernet0
description MANAGEMENT-OOB
vrf forwarding Mgmt-intf
ip address 192.168.4.66 255.255.255.0
negotiation auto
cdp enable
exit
!
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 192.168.4.254
interface GigabitEthernet0
description MANAGEMENT-OOB
vrf forwarding Mgmt-intf
ip address 192.168.4.66 255.255.255.0
negotiation auto
cdp enable
exit
!
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 192.168.4.254
19. BERIKUT LINK PORT DARI SWITH C6500 SBG DISTRIBUTION DAN KE C2960 sbg SW-ACCESS.
BTR-08-6500-DIST-01#
!
interface GigabitEthernet2/9
description # To HYW-07-ACC01 PO37 #
switchport trunk native vlan 10
switchport trunk allowed vlan 10,15,148,149,214,215,218
switchport mode trunk
udld port aggressive
channel-group 37 mode on
!
interface GigabitEthernet2/10
description # To HYW-07-ACC01 PO37 #
switchport trunk native vlan 10
switchport trunk allowed vlan 10,15,148,149,214,215,218
switchport mode trunk
udld port aggressive
channel-group 37 mode on
!
interface Vlan10
description VLAN-MANAGEMENT
ip address 10.89.100.2 255.255.255.0
standby 1 ip 10.89.100.1
standby 1 timers 5 15
standby 1 priority 110
standby 1 preempt
!
--------------HYW-07-ACC01----------
!
interface GigabitEthernet1/1/1
description # To HWY-05-DIST01 PO37 #
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport trunk allowed vlan 10,15,148,149,214,215,218
switchport mode trunk
udld port aggressive
channel-group 37 mode on
!
interface GigabitEthernet1/1/2
description # To HWY-05-DIST01 PO37 #
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport trunk allowed vlan 10,15,148,149,214,215,218
switchport mode trunk
udld port aggressive
channel-group 37 mode on
!
interface Port-channel37
description # To HWY-05-DIST01 PO37 #
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport trunk allowed vlan 10,15,148,149,214,215,218
switchport mode trunk
spanning-tree cost 4
!
interface FastEthernet0/1
description # LINK-TO-PC-USER #
switchport access vlan 4
switchport mode access
udld port aggressive
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
!
interface Vlan10
ip address 10.89.100.107 255.255.255.0
!
ip default-gateway 10.89.100.1
==================================
JIKA LINK DARI DISTI-TO-SW-ACCESS TANPA PORT-CHANNEL
!
interface GigabitEthernet2/9
description # To HYW-07-ACC01 PO37 #
switchport trunk native vlan 10
switchport trunk allowed vlan 10,15,148,149,214,215,218
switchport mode trunk
udld port aggressive
channel-group 37 mode on
!
interface GigabitEthernet2/10
description # To HYW-07-ACC01 PO37 #
switchport trunk native vlan 10
switchport trunk allowed vlan 10,15,148,149,214,215,218
switchport mode trunk
udld port aggressive
channel-group 37 mode on
!
interface Vlan10
description VLAN-MANAGEMENT
ip address 10.89.100.2 255.255.255.0
standby 1 ip 10.89.100.1
standby 1 timers 5 15
standby 1 priority 110
standby 1 preempt
!
--------------HYW-07-ACC01----------
!
interface GigabitEthernet1/1/1
description # To HWY-05-DIST01 PO37 #
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport trunk allowed vlan 10,15,148,149,214,215,218
switchport mode trunk
udld port aggressive
channel-group 37 mode on
!
interface GigabitEthernet1/1/2
description # To HWY-05-DIST01 PO37 #
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport trunk allowed vlan 10,15,148,149,214,215,218
switchport mode trunk
udld port aggressive
channel-group 37 mode on
!
interface Port-channel37
description # To HWY-05-DIST01 PO37 #
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport trunk allowed vlan 10,15,148,149,214,215,218
switchport mode trunk
spanning-tree cost 4
!
interface FastEthernet0/1
description # LINK-TO-PC-USER #
switchport access vlan 4
switchport mode access
udld port aggressive
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
!
interface Vlan10
ip address 10.89.100.107 255.255.255.0
!
ip default-gateway 10.89.100.1
==================================
JIKA LINK DARI DISTI-TO-SW-ACCESS TANPA PORT-CHANNEL
!
SW-DSITI-6500
interface GigabitEthernet2/1
description # To Fl.1 BTR-01-ACC03 Gi0/1 #
switchport
switchport trunk allowed vlan 1,4,60,68,101,102,131,147
switchport mode trunk
udld port aggressive
spanning-tree guard root
!
SW-DSITI-6500
interface GigabitEthernet2/1
description # To Fl.1 BTR-01-ACC03 Gi0/1 #
switchport
switchport trunk allowed vlan 1,4,60,68,101,102,131,147
switchport mode trunk
udld port aggressive
spanning-tree guard root
!
SW-ACCESS
interface GigabitEthernet0/1
description # UPLINK_TO_BTR-01-ACC01_Gi0/4 #
switchport trunk allowed vlan 1,4,101,102,131,147
switchport mode trunk
udld port aggressive
!
description # UPLINK_TO_BTR-01-ACC01_Gi0/4 #
switchport trunk allowed vlan 1,4,101,102,131,147
switchport mode trunk
udld port aggressive
!
interface Vlan1
description *** VLAN Management ***
ip address 10.87.100.13 255.255.255.0
no ip route-cache
!
ip default-gateway 10.87.100.1
description *** VLAN Management ***
ip address 10.87.100.13 255.255.255.0
no ip route-cache
!
ip default-gateway 10.87.100.1
ip tacacs source-interface Vlan1
Nexus N7K Disti/Gateway ke User-Lantai (DHCP Relay)
---Disti-N7K-01--
interface Vlan319
description BOD_GRAHA
no shutdown
no ip redirects
ip address 10.1.19.2/24
no ipv6 redirects
ip router ospf 1 area 0.0.0.0
hsrp 3
preempt
priority 110
ip 10.1.19.1
ip dhcp relay address 10.1.51.39
exit
---Disti-N7K-02---
interface Vlan319
description BOD_GRAHA
no shutdown
no ip redirects
ip address 10.1.19.3/24
no ipv6 redirects
ip router ospf 1 area 0.0.0.0
hsrp 3
ip 10.1.19.1
ip dhcp relay address 10.1.51.39
exit
---Disti-N7K-01--
interface Vlan319
description BOD_GRAHA
no shutdown
no ip redirects
ip address 10.1.19.2/24
no ipv6 redirects
ip router ospf 1 area 0.0.0.0
hsrp 3
preempt
priority 110
ip 10.1.19.1
ip dhcp relay address 10.1.51.39
exit
---Disti-N7K-02---
interface Vlan319
description BOD_GRAHA
no shutdown
no ip redirects
ip address 10.1.19.3/24
no ipv6 redirects
ip router ospf 1 area 0.0.0.0
hsrp 3
ip 10.1.19.1
ip dhcp relay address 10.1.51.39
exit
Catalsyt C9500 / Cat 6500 Disti/Gateway ke User-Lantai (DHCP Relay)
Switch Mode Stacking (2 pisik di stacking)
interface Vlan336
no shut
description AP1_DAPENRA
ip address 10.1.36.1 255.255.254.0
ip helper-address 10.1.51.39
ip ospf 1 area 0
end
-------------------------------
no shut
description AP1_DAPENRA
ip address 10.1.36.1 255.255.254.0
ip helper-address 10.1.51.39
ip ospf 1 area 0
end
-------------------------------
FEX fex
nexus
link port
port
nxos
Cisco | Konfigurasi Link Point to Point
ip helper
dhcp relay
Posting Komentar untuk "Cisco | Konfig Link Point to Point Layer2, Layer3 dan VLAN"