Hello, my name is Tyler McMinn with Aruba Networks and this is Part 3 of Networking Essentials. Where we are continuing our lab on adding our connected routes between our Access 1 and Access 2 switch. In order to route from the VLAN 99 network over on the left to the VLAN 20 network over on the right. So in the last lab, we had established our default gateways on each of these access routers. And we had assign those to our switch virtual interfaces on Access 1 and our switch virtual interface for VLAN 20 on Access 2, so SVI 99 on 1, SVI 20 on 2. The ping test that we tried to do which was from PC-1 over to PC-4 is timing out and the reason it's failing is because it's not going nearly that far. It's actually going from PC-1 to the gateway and then the gateway has no idea what's on the other side of Access 2, it's a mystery. So what you might first consider doing is you might consider adding a route between port 1/1/2, and port 1/1/2 here between these two switches. So we can actually add a third kind of SVI, or instead of an SVI we actually just apply it right to the interfaces and assign a route between them to connect them. Another approach that you could do is extend your V LAN, which kind of adds a bit of complexity. We want to keep these as separate gateways between the networks here. So we're extending the network, as if this was one building to another and so between the buildings, we're going to add this third network and see what that does. See if that gets our routes able to ping between PC-1 and PC-4, so let's do that, sit back and let's jump on into the lab. [MUSIC] All right, so the first step I'm going to do is jump into Access 1 and well I guess the first step is I probably want to plan on some sort of route between these guys. So let's go ahead and do that, let me grab a little note or something and let's put this in here. Let's say that we're going to add the network 172.16.1.0/24. And what this network is, it's going to be the name of the network that connects our two different ports on Access 1, we'll just say A1 here, we're going to put 172.16.1.1/24. And that's going to connect us to Access 2 where we'll put 172.16.1.2. This is a totally different network, totally different subnet, I could assign a VLAN to connect these guys together. I could certainly do that, that's fine and then switch between these two ports. But I want to show off that you can do routing on the actual interfaces, so let's actually give it a shot, why not? So grabbing our Access 1 configuration or jumping into the switch there, I'll put Access 1 over here. And let's also connect to Access 2, I'm going to put that over here on the right hand side. So on Access 1, I'm going to go under my connected interface which is Port 112. Login to the switch, there's a secret command you can do called show lldp, link layer discovery protocol, and neighbor info. I could do this just a brief or I can look and see here, yeah, we'll just use your neighbor info, that's fine. And that would tell me what I'm connected to, if it's another switch also running this lldp protocol. And it turns out I am using my port 1/1/2 to connect to this chassis, who's also using port 1/1/2 to get back to me. The name of the chassis, Access-2, so this is Access-1, where I ran the command and it's showing me that these guys are exchanging these little link layer. Just on the link neighbor discovery in messages in order to reach each other. Nice little standard protocol, but it validates that I am indeed on the right interface and remember we removed port 6, so there's no duplication. Otherwise we'd be using the link aggregation as opposed to the physical port. But let's go ahead and actually put it in, so I'm going to go under interface 112. And before I do that, let's do a show interface brief and take a look. Port 2 is currently a trunk link, and it's trunking those VLANs across. So if I change this to a routed port, as opposed to an access or trunk port. It's going to go from a switch port at layer two to a physical port at layer three and allow routing. That means I'm no longer going to extend my VLAN across. And I could choose not to do that, I could choose to say, well, we got VLAN let me draw this in blue. I've got VLAN 20 here, why not just extend that like I have been doing. And make this the gateway for VLAN 20 that would allow it to be connected automatically to VLAN 99 on both of these interfaces. That would actually fix our problem and we would be able to ping because the router in this case, the gateway, would be able to connect between VLAN 99 and VLAN 20, inside its own routing table, inside its own internal process. That would then shift this access to switch over from being a gateway, to just being a regular layer two switch. So if this was my core and this was my access layer, that's probably what I'd do. That's probably what I'd do and that would work, that would work just fine. I can show it If you don't believe me, we could actually jump in. I hear you, you're thinking Tyler, there's no way that's going to work. Let's give it a shot, so to do that, I've already got my trunking set up, I've already extended my VLANs, the only issue is my ip interface brief, is that I'm already using the gateway address here. And I'd end up with a duplicate address if I added it over on Access 1, so if I go into Access 1 and I say, well, how about interface VLAN 20. Let's put that IP address 172.16.20.101, done, show IP interface brief, I've got the address, it's good to go. Now that is a duplicate address though, it's not on the same switch duplicate, it's on another switch. So while I couldn't put duplicates on the same switch, if it's on another switch, I mean different area codes and all that. So what we're going to do is we're going to disable the IP address on VLAN 20 for now, or just change it, how about that. We'll go into interface VLAN 20 and I'll change the IP address to 172.16.20.102. Just temporarily, for IP interface brief, and that IP address is now been changed, but PC-4 is still pointing to the 101. So the 101 address is now on the left, the 102, our temporary address is on the right. My theory is, I should now be able to ping from PC-4 and reach Access 1, and then Access 1 should route it over to PC-1. Is it correct, is it going to work or is it going to fail? I'm a little nervous, I'm going to be honest with you, so first thing can I still ping my Gateway? Yes, so that proves that we're actually extending the line 20 traffic across the trunk link between access one and access to the ultimate question is can I ping 99.1? And we can, so that worked we are actually sending the frame without any VLAN tag into our access port. The access port is assigning VLAN 20 bridging it or switching it across the trunk link. It's then being switched internally and is being routed out. This interface Port 1112, the MAC address for PC 1, when it goes out, we strip away the VLAN tag because again, our PCs don't understand VLANs they don't speak 802.1 q. So it is now working and PC 1 is responding, that's why we're actually getting a response. So that is a decent solution that would work fine and in most situations, that's what we do. The reason why I showed all of that it says we're not going to do that. We are going to make this a router and this router. So we're going to make both of these guys routers. And this is still going to be the gateway on the right hand side. So I'm going to switch that back. I should have just done the checkpoint. This would have been so much faster. But I'm getting pretty good at typing. So let's go under interface vlan 20, change the IP address back to 172.16.20.101, without typos, and validate. Remember, it's not done right until you validate it. So there you go, 20.101 this is going to break us now, because we've got a duplicate address. So I'm just going to simply remove that address on the left hand side under access one so interface VLAN 20, my SPI, no IP address. Now I won't necessarily take this it says command and complete. It wants the full command, and it's been so long. I don't remember what it is. So I'm going to do a show run, except I'm going to pipe and include a search value for just VLAN 20. So I could just say 20 press enter, and it's going to print the screen any line with the number 20 in it, and here we go. IP address 20 .1.1 so I can highlight it. I just simply right click put a note in front of it, and then right click, and it pastes it in it even caught my carriage return. So now it's stripped out, maybe, let's verify show IP interface brief. Yeah, look at that, VLAN 20 no IP address, whereas on access to the VLAN 20 address has been set. So now my route the way my switching looks is I've got my overdrive blue. So VLAN 20 is the gateway over here. So this is the gateway for VLAN 20 With its address of 20 dot one on one, and over on the left hand side, this is the gateway for VLAN 99 with the address 99.01. So it's back the way it was, which means how can we solve this now if we're not going to trunk or cross, what we're going to do instead is add this subnet that I showed earlier. So let's do that step one, I need to up these ports from switch ports to routed ports. You could choose to shut them down first or not, I would probably just shut them down so we don't run into any problems so I'm just going to do a shutdown on them. And I'll do it on both sides at the same time. So you can follow the shut down. There you go. So shut them down. They are still set up as switchboards though as trunk ports so I'm just going to simply say routing instead of no routing. I'm going to simply say routing under Port 112. What did that do? Show interface brief. Let's take a look. Before it was a trunk port, now it is a routed port and VLANs don't apply. VLAN is layer two thing. Routing is we're on a totally different layer for a totally different level from VLAN2 from our VLANs at layer two. Same thing here, routing show interface brief is now a routed port. It's a routed port. I can show the interface here. It's a routed port with no configuration and it shut down. So I'm going to go in and do a IP address come in and put the address right on the interface with 172.16.1.1 on access 1 and 172.16.1.2 on access 2. All right now, can they ping each other? The answer is no, even though they're directly connected, but can you think why? Why can they not being each other? Network's unreachable. Why is it unreachable? Well, let's do a show IP interface brief. And we can see here that my port is down, down. The first down is your layer one physical link the carrier on that circuit is down and the second down indicates the layer two and in this case, Ethernet keepalive every 10 seconds, normally sends a hello, those are dying. So the keepalives are not reaching across. So yeah, it's not going to work. So I need to go in and enable my interfaces. And if you if you guess you shut your interfaces down, you need to bring it back up, then you were correct. So I'll do a no shutdown on the left on the right. Let's do it on the left as well. Show IP interface brief. Our Port 112 is now up. It has an IP address, just like our SPI VLAN 99 is up and has an IP address. Same thing here show IP interface brief on access to Part two is up has an IP address just like our gateway SPI 20 is up and has an IP address. Now will my pings work from here? No, because I didn't type do so I'm just going to end and type the same thing again. And lo and behold it works. So we can, we validated that I can ping from PC one to my gateway. I can ping from PC four to my gateway. I can ping from access one to access two and vice versa. Those are are working theoretically, right? So let's validate that again, we don't want to take anything for granted. So if I go to my PC1, I said that I could ping my gateway, And I can go to PC4, I said I could ping my gateway, and I can. So if I could ping it from PC1 to Access1, I can ping it from Access1 to Access2, I can ping it from Access2 to PC4. 4. Can I ping from beginning PC 1 all the way through to PC 4 and get a response? Pause the video, see if you know the answer. Can you guess the answer is no, we can't, One that's a wrong address. [LAUGH] Let's ping it again, the right address is 20.4. So, can I ping from PC-1 to PC-4, the answer is no, it is still giving me a message from my router saying that it is unreachable. Why is it unreachable? Well, that's going to bring us to the end of this video where if I do a show IP route, as a router, my job as access one is to hold a routing table of all known destinations. Do I know or do I have an entry in my routing table for this destination down here? 172.16.20.4 If I look at access to show IP route, it does have an entry for that network, the 172 1620.0 network, that's the name of the network. The slash 24 means that it's all addresses within that 20.0 or 172 1620.0 through 172 20.16.20 255. So what's that entire range? It knows how to get there. If I look at access one access one knows how to get to 99.0, so they know how to get to their perspective subnets, but if you look at access one, there's no entry for the 20.0. In fact, you could just do a show IP route for the destination you want to go to anything that begins with once v 216.20.0. And the answer is no route, same thing with access 2, it's not fair to pick on access 1, access 2. If I look to see if the route to get back to 99, the 99 network, there's no route we're missing the routing piece while we have connected which is why our core access demonstration worked earlier that was a connected route. Those get put in automatically, but we're missing what we would call foreign routes from access one. This is our local network. This is our other local network that we know about. We can route connected routes between those just fine, but we cannot but we cannot reach this network over here in green. So this network is a mystery. Everything on the other side of this router is no mans land. So we need to tell access 1 how to do that. And we're going to do that in the next video. So thank you very much, in this video we added our connected routes, we demonstrated how you could Xs one has a course which, and route between your connected routes there. But we wouldn't be able to get to the internet, we wouldn't be able to get to any foreign routes. We would just be able to get to our directly connected ports. And once you add a route here, such as a route to the internet or something like that, you're going to be out of luck. So only the connected interfaces would work. In the next video, we're going to go over static routes, what those are, how to deploy them, actually demonstrate it. And that'll lead us into our dynamic routing as well. Thank you very much. I'll see you guys in the next video.
