cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
12904
Views
0
Helpful
16
Replies

How Do You Guys Test a Router/Switch Config Outside of the Network?

frivers
Level 1
Level 1

I want to test a router config outside of the production network.  How do I go about doing this?  I have set up a VLAN trunk and a couple of VLANS on a switch.  How do I test that with production IP addresses in a test environment?

16 Replies 16

Carles P R
Level 1
Level 1

It depends on what kind of configuration you wanna test... If you want to test some kind of VLAN configuration, do all the config, set up a couple PC and you can connect them to the switchports associated to each vlan so you can test connectivity, opened ports, ...

If you don't give more details, I guess it's impossible to answer you as there can be millions of situations to use a router and a switch hehe

Regards!

You were spot on.  I have 3 vlans set up on the switch and a trunk port to a router.  How would you go about testing this with a laptop and a couple of computers.  The goal is to create a plug and play configuration when we're ready to put this in a production environment.  I'm trying to avoid having to modify the configuration when it's ready for production.

My configuration currently doesn't have any switchports explicitly in a VLAN but I do have virtual interfaces defined in the switching module.  For example:

int vlan 1
description OPS_LAN
ip address 170.87.49.2 255.255.255.0
no shut

int vlan 360
description MPLS_WAN
ip address 192.168.1.2
service-policy output voiceqos
no shut

!--Trunk port out to ISP router
int fa0/0/0
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast

!--This is the public Internet to the Sonicwall device
int fa0/0/1
description TO_FIREWALL_UNTRUSTED
no shutdown
switchport access vlan 560

The goal is to test the firewall port fa0/0/1, all the vlans, and the trunk port.

Currently the plan is to connect a laptop to an access port and try to ping the "gateway" address which is vlan 1.  Then I'll test the static routes by running a tracert to a specific address and watching for where it dies.

If you just want to test the interconnectivity between VLANs, just connect one PC to VLAN X port and another PC or the laptop to VLAN Y port, point their gateways to the corresponding VLAN subinterface IP address.

Ping each other host and if they reply, the configuration for this vlan is ok.

You can also run a "show vlan" in the switch and you will see each VLAN which ports have assigned.

Hope that helps

Carles

Thanks, will try.  I will have to find out how to assign a PC to a VLAN since my VLANS are virtual and not port-based.

You don't have to assign PC to VLAN. VLAN are defined by switch port.

For example, you have a switch and you type the following:

conf t

int fa0/0

switchport mode access

switchport access vlan X

int fa0/1

switchport mode access

switchport access vlan Y

int fa0/2

switchport mode access

switchport access vlan Z

int fa0/3

switchport mode access

switchport access vlan X

int gi0/0

switchport mode trunk

switchport trunk allowed vlan add X

switchport trunk allowed vlan add Y

switchport trunk allowed vlan add Z

Router:

conf t

int fa0/0.X

encapsulation dot1q X

ip address

int fa0/0.Y

encapsulation dot1q Y

ip address

int fa0/0.Z

encapsulation dot1q Z

ip address

int fa0/0

no shutdown

The router subinterfaces can be whatever number, I just use the same number as VLAN to make it clear.

The IP address of each subinterface will be the Default Gateway of each host.

Then, if you plug a PC in switchport fa0/0 and another in fa0/3, they will ping each other. But between fa0/0 or fa0/3 and fa0/1 and fa0/2 they won't see each other.

When you connect the switchport gi0/0 to interface fa0/0 of the router, each vlan will reach each other vlan so there will be full connectivity between vlans. To filter some kind of traffic you will have to set-up ACL and apply them to each router subinterface.

Hope that it is more clear now

Best regards,

Carles

If you are trying to test the Layer 3 (IP's), of course you could always double-NAT the IPs.

Unfortunately I have no control over the router (belongs to the ISP).  I have a ISR 2821 with an etherfast hwic.

Hi,

To test your switch configuration do the below things

1.configure your switch interface as below

switch_name(config)# interface

switchport mode access

switchport access vlan 1

switch_name(config)# interface

switchport mode access

switchport access vlan 360

2.Connect two PC's on these ports and assign the ip address to your PCs with respective vlan

3.Try to ping each other.

Since you dont have access to the router,i am not in the position to test your router connectivity.atleast we should know the port configuration which is connected to your switch.If possible you can post the running config of your router.

Thanks

Karuppu

According to I understood, you want to test the switch connectivity to the router before putting it in production.

I guess your switch is a multilayer. If so, it is capable to make routing decision and intervlan traffic.

What I suggest, if there is no redundancy (it's stub), to add a default route to the router's IP. All traffic comming from the VLANs will be routed to the router.

I don't know if there is any routing protocol on your switch. If so, your ISP can redistribute traffic into BGP, for example...

You should have the ISP router configuration, since it provides connectivity to you, you have the rights to know how the traffic is being treated (You may not have access to the router, but you have the rights to know it - at least the customer's configuration related and WAN interface).

For the firewall, you can make a NAT or not, depending on the purpose of the firewall (interface fa0/0/1). If it is for public access, for sure you will have a NAT

I don't know the traffic flow of your production network... you must know the reason for the firewall and which traffic is allowed to pass thru it. Usually, for public environment, you have to use a NAT (configured on the switch or on the firewall itself).

You have at least to try to take the control of your network by making configurations on your own equipment so you don't stay dependent under vendors equipments.

For testing:

I would suggest you to use Dynamips, for example, so you can plug it to the computer and configure the router on Dynamips representing the ISP equipment and the firewall.

If not possible, just configure the router's interface IP on your computer. It is supposed tro receive traffic.

For firewall, do the same by using the firewall's IP.

Also, to make sure you do a good intervlan testing only using the switch, use the extended ping command..

ping source {source_IP} destination {destination_IP}

this is a simple and good testing

Ping from one vlan to another.

Ping from a VLAN to a inexistent IP on your network and see if it goes to the default gateway configured.

Ping from a VLAN to the firewall IP

shailesh.h
Level 1
Level 1

I would like to suggest you a very simple approach

  • Draw a test diagram with IP addresses already allocated. (Put some colour to the device over which you do not have control)
  • Follow the suggestions of inter-vlan configuration suggested by experts above
  • Note down what you have done and what you want to achieve. Check if it is working as expected or share what's the issue

Hope this will help you to some extend.

With regards,

Shailesh Hardas

My goal is to not assign vlans to specific ports but to have all ports as access ports and the vlans are basically gateways.  I suppose I could plug a laptop into one of the access ports in the default vlan (vlan 1) and then try these methods:

  • Ping the default gateway (x.x.49.2) from laptop
  • Traceroute from laptop to various IP addresses on the MPLS and over the Internet

        With this method I expect to see hops to the correct gateways based on the static routes I've set up.

Is this approach sound?

Hi!

As far as I know, you can setup IP addresses in VLAN, but the problem is that the switch, at least if it is an average Layer 2 switch (I'm using 2950G) it can't configure static routes, at least in mine:

Switch(config)#ip rou?
% Unrecognized command
Switch(config)#ip rou

I can ping, telnet and traceroute to the switch IP address configured in a VLAN different than 1 but if you can't create static route on the switch as is my case, the switch won't be able to forward the packets although it will receive them.

Switch forward based on layer 2 (MAC addresses), to take decissions based on layer 3 the IOS must have IP routing capabilities. If you use a layer 3 switch I don't think that there would be any problem...

Hope to help you more now

Carles

What I mean is that while you can configure and IP address on the vlan, you can ping it, etc..., you shouldn't configure this as default gateway on pc as the switch won't know what to do with those packets and they will go nowhere, of course if it's not a layer 3 router with "ip routing" enabled.

You will have to configure as default gateway the router LAN subinterface.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco