Student Lab Setup
- Last Updated: 11/22/2021
Cisco Switch Configuration:¶
The goal of this exercise is to set up the kvm servers for usage in the following semester and labs so that they can talk to each other. In order to do that we need to connect the servers to an ethernet switch. In this lab we will use the Cisco switch to create some virtual lans that will carry the traffic between the servers on isolated, segmented VLANs. You should review VLAN basics before continuing if you are not sure what a VLAN is.
- VLAN Basics: A VLAN is a virtual local area network where multiple devices are grouped together to create a single logical network. VLANs are important as they do not require multiple devices on a network to have their own separate infrastructure. Rather, all of the hosts that are connected to a switch share the same broadcast domain.
The documentation found below will also serve as a tutorial for a user at the base level and requires no prior experience or knowledge. Links may be provided to learn required skills for this lab. The direct follow-up to this setup is the Cisco lab which will make use of the configuration done here.By the end of this lab setup, the user will be able to:
- Set up basic configuration for a switch (hostname, domain name)
- Configure switch interfaces (Portfast, trunking vs. access, ) *
First the user will configure their Cisco switch.
Basic switch configuration¶
Step 1.1: Connecting to the switch¶
If the user's server is running linux, follow this Minicom guide to learn how to enter the switch's command line:
otherwise, if the user's server is running on Windows, reference the puTTY guide found here:
Enter the switch's command line now. The following should appear:
This is the terminal for the Cisco Switch.
Type "enable" into the prompt. You should now see a "#" next to the name instead of ">". This allows you to access and change switch settings. You cannot configure the switch in this mode. However, you can utilize certain "show" commands to see details about the switch. For example, typing "show run" will show you the current configuration that is set up on the switch.
Type "configure terminal" into the Cisco switch. This allows you to type console commands directly into the switch and configure what you want.
(Side note: Know that you do not need to type in an entire command for it to register. "conf t" is the same as the command above. You can press "?" while typing to see all available commands, and <tab> to autocomplete a word you are currently typing)
Now that you are in configuration mode, the terminal should look like this:
In conf mode, you can still use the "show" commands from before, however you will need to include the word "do" before the command. For example, before you might have typed "show run", and now you will need to type "do show run"
Step 1.2: Configure the global switch options¶
You may wish to disable messages being logged to console as they can be annoying while typing commands. To do this, you utilize the 'no' keyword you just learned to disable logging to console:
trainswitch(config)# no logging console
Before configuring the ports on the switch, there are a few commands to enter to configure the global options on the switch. Enter these:
switch(config)# hostname trainswitch trainswitch(config)# ip domain name train.local trainswitch(config)# clock timezone est -5 0 trainswitch(config)# clock summer-time est recurring trainswitch(config)# no ip http server trainswitch(config)# no ip http secure-server trainswitch(config)# no ip domain-lookup
(Side note: Cisco equipment comes in many shapes and sizes. For instance, "domain name" shown above sometimes is "domain-name" and varies from machine to machine. If you get stuck, make ample use of "?" to problem solve)
Stating "no" before a command shuts it off. In this instance, "ip http server" allows remote access of our switch from the internet, (which we don't want) and so we are shutting it off. Similarly- the "no ip domain-lookup" command prevents our switch from attempting to find a domain when we enter a typo, saving us a few seconds in the future.
You can follow these same steps when configuring the router. Just make sure to change the hostname from "trainswitch" to "trainrtr".
Step 1.3: Configuring switch ports¶
Now that we are in the switch, we want to configure each port to a vlan. We'll use vlan60 from here on. This will isolate all lab traffic on the switch that it cant impact vlans on the switch This will hold all the traffic for everyone in the server (for now at least). Type "_interface FastEthernet 0/1 - *?*_" where ? is the last port on your switch.
For example, if your switch's last port was 24 (as in there are 24 ports on the switch), you would do the following:
Switch(config)#interface range FastEthernet 0/1 - 24 Switch(config-if-range)#
(Side note: the ports may be numbered 1/0/x instead of 0/x. Use "*show ip interface brief*" to check the names and status of every port on the switch. If they are named as 1/0/x, simply change the command above to "interface range FastEthernet 1/0/1 - 24")
Yours may not look identical. As long as you see the "_(config-if-range)_", you are in good shape. This command has selected all the ports on the switch (ports 1-24) and entered configuration mode for them. Any commands you enter from here on will apply to each port within your specified range.
Enter the following three commands. They will change the ports you select to use vlan60 and increase the connection speed of the port.
Switch(config)#interface range FastEthernet 0/1 - 6 Switch(config-if-range)#switchport access vlan 60 Switch(config-if-range)#spanning-tree portfast
The second command is nonessential and only makes connecting to the ports faster. It is often turned off for debugging purposes.
All ports are now configured to access vlan 60. Type "exit" to deselect all the ports.
Now, throughout the lab you will probably find it useful to connect to the actual internet from your server. The easiest way to do this is to set one vlan to be your "Internet Vlan". For now, we will just use vlan 10 for this.
Figure out whatever port on the switch is plugged directly into the internet. This is most likely a ethernet port that connects to the building's network, like a wall port. Once you know what number port that is, run these commands to change its vlan to 10:
Switch(config)# interface range FastEthernet 0/7 - 12 Switch(config-if)# switchport access vlan 10
This creates a new vlan that won't interfere with the lab network we are creating on vlan 60, which we can access through the server after we configure it.
Step 1.4: Configuring switch ports connected to the servers¶
Your servers are each attached to the switch via an ethernet port. We need to trunk these ports. Trunking is the alternative to access, and is used to send multiple vlans through a single port as opposed to a single vlan. Trunking will be used so that our servers can access different vlans through one wired connection (instead of having individual connections for each vlan). This isn't needed right now since we're only working with one vlan, but we will need it in the future.
Again, to find the status of our interfaces we can use the "show ip interface brief" (don't forget the "do" if you're in configuration mode). The protocol column will show whether or not an interface is plugged in. Alternatively, follow the ethernet connections physically and check their labeled ports to find which interfaces you want to configure.
(Side note: If the status of an interface/port is set to "_administratively down_", type "no shutdown" when configuring them, which will resume their operation.)
ONLY FOR THE PORTS CONNECTED FROM THE SWITCH TO THE SERVERS:
Select the port via a variation of the earlier command: "interface FastEthernet 0/*?*" where ? is the ethernet port number of your server. This allows us to configure one port as opposed to a range of interfaces.
Enter each of the following commands:
interface range FastEthernet 0/13 - 18 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate load-interval 30 spanning-tree portfast trunk
The "_nonegotiate_" command prevents a connection if either side of an ethernet cable is set to a different mode (trunk and access being the two modes).
That specific port indicated by the "?" is now set up for trunking. Make sure to do that for both server ports and ONLY the server ports.
Make sure each server is connected via ethernet to the correct ports before continuing.
Once you have finished the configuration, enter "Ctrl+c" to go to the base configuration mode, and then enter this command to save your changes:
trainswitch# write mem
Step 2: Configuring the server¶
Now, enter the "Ctrl+a x" to exit minicom. You can find more information on this command and others like it in the minicom guide.
Step 2.1: Configuring vlans on the servers¶
Perform the following for each server. Make sure to give each a different IP address.
You can find more information on IP addresses here: https://neatrack.globalweb.net/documents/5
Enter the server using the monitor and keyboard in the rack. Use nano to edit the interfaces file. Enter:
root@neatrack1 16:20:46 > ~ # nano /etc/network/interfaces
Remove everything below the loopback line and replace it with this:
Note: depending on the hardware your server is using, the primary physical interface might be called something different from eth0. Use the command "ip a" to list your interfaces. It probably looks like "enp2s0", "eno1" or "ens2". If that is the case, everywhere that "eth0" is used in the configuration below, replace it with whatever your interface is
auto eth0 iface eth0 inet manual up /sbin/ifconfig $IFACE up ## server lan auto vlan60 iface vlan60 inet manual vlan-raw-device eth0 auto vmbr60 iface vmbr60 inet manual bridge_ports vlan60 bridge_hello 2 bridge_maxage 12 bridge_stp off bridge_fd 9 up /sbin/ifconfig $IFACE up || /bin/true #Internet Connection auto vlan10 iface vlan10 inet manual vlan-raw-device eth0 auto vmbr10 iface vmbr10 inet dhcp bridge_ports vlan10 bridge_hello 2 bridge_maxage 12 bridge_stp off bridge_fd 9 up /sbin/ifconfig $IFACE up || /bin/true
We put dhcp on the vmbr interface instead of the physical interface because if we need to use the same vmbr for a VM, we'll be able to easily get a DHCP address. When you put an IP address attained from DHCP on a physical interface and then try to use DHCP on a vmbr or vlan interface, you will not get a DHCP address, because the physical interface will be preferred over the vmbr/vlan interface.
Now, type this to restart networking so that vmbr60 and vmbr10 can be used:
root@neatrack1 16:20:46 > ~ # service networking restart
This command is alright to use since we don't have any VMs running, however, when we begin to add more, you will not want to the use this command. This will take down all of the interfaces, which could bring down other VMs. Instead, we use:
ifup vlan 10 && ifup vmbr10
ifup vlan60 && ifup vmbr60
We do this so that we only have to bring up an individual interface instead of restarting the whole network. Take note that you should bring up the vlans before the vmbrs because the vlans are what the vmbrs are tethered to. Also we can bring up both the vlan and the vmbr without having to type in each command individually with the use of &&. This makes it to where we can run two commands on the same line, assuming that the first command is completed successfully. This saves time and typing when you bring up vlans and vmbrs in this way.
- NOTE: We are using vmbr60 as our dhcp server vlan, and this sets us up when we begin to create the VM we are going to be using to make a DHCP server.
If you have your switch connected to an ethernet port that has access to the internet and you followed the above steps, you should now have internet access. You can test this by checking that you have an IP address on vmbr10 with the "ship" command, then running "ping 18.104.22.168". If you see responses coming in, then it is working. In the event that this doesn't work, Internet access is nonessential, so see if you can figure out how to fix it, but don't worry if you can't. Hopefully, as we progress through the labs you'll get a better understanding of what these steps do so you can troubleshoot.
Make sure if do this to both servers, you change the IP addresses. Don't leave them the same IP. These will be the IPs you can use to ssh into the server. Read about that in Intro to Linux found here:
Backing up the configuration¶
Backing up the configurations is a tool that allows multiple students/groups to independently work on a single rack. If you only plan to have on group running their labs at a time, there is no need to back anything up the way described, but if you want groups to take turns on a rack without interfering with each other, these tools allow that.
View the Backing Up document on how to backup everything.