Friday, September 4, 2020

CCNA Voice Lab: Basic Router and Switch Setup (Voice VLAN, DHCP and NTP)

This is the Voice/Collaboration virtual lab I've built in Cisco Packet Tracer. I followed the CCNA Voice Lab Manual by Brent Sieling.


Configure Basic Router and Switch Setup.

Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname RtrPod1
RtrPod1(config)#no ip domain-lookup
RtrPod1(config)#enable secret class
RtrPod1(config)#line con 0
RtrPod1(config-line)#logging synchronous
RtrPod1(config-line)#exec-timeout 12 0
RtrPod1(config-line)#login
% Login disabled on line 0, until 'password' is set
RtrPod1(config-line)#password cisco
RtrPod1(config-line)#login
RtrPod1(config-line)#line vty 0 15
RtrPod1(config-line)#password cisco
RtrPod1(config-line)#exit


Switch>enable
Switch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname SwPod1
SwPod1(config)#enable secret class
SwPod1(config)#line con 0
SwPod1(config-line)#logging synchronous
SwPod1(config-line)#exec-timeout 120 0
SwPod1(config-line)#password cisco
SwPod1(config-line)#login
SwPod1(config-line)#line vty 0 15
SwPod1(config-line)#password cisco
SwPod1(config-line)#login
SwPod1(config-line)#exit


Create and name VLANs data, voice and network management.

SwPod1(config)#vlan 10
SwPod1(config-vlan)#name Data
SwPod1(config-vlan)#vlan 11
SwPod1(config-vlan)#name Management
SwPod1(config-vlan)#vlan 15
SwPod1(config-vlan)#name Voice
SwPod1(config-vlan)#exit


Configure the Trunk Port. Newer switch models default trunk encapsulation is dot1q.

SwPod1(config)#interface f0/1
SwPod1(config-if)#switchport trunk encapsulation dot1q
SwPod1(config-if)#switchport mode trunk
SwPod1(config-if)#no shutdown


Configure the Access Ports. Ensure CDP and PortFast are enabled.

SwPod1(config-if)#interface range f0/2-24
SwPod1(config-if-range)#switchport mode access
SwPod1(config-if-range)#switchport access vlan 10
SwPod1(config-if-range)#switchport voice vlan 15
SwPod1(config-if-range)#spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface  when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION

SwPod1(config-if-range)#end
SwPod1#
%SYS-5-CONFIG_I: Configured from console by console

SwPod1#show run
Building configuration...

Current configuration : 4238 bytes
!
version 12.2(37)SE1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SwPod1
!
!
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
!
spanning-tree mode pvst
!
!
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface FastEthernet0/2
 switchport access vlan 10
 switchport mode access
 switchport nonegotiate
 switchport voice vlan 15
 spanning-tree portfast
!
interface FastEthernet0/3
 switchport access vlan 10
 switchport mode access
 switchport nonegotiate
 switchport voice vlan 15
 spanning-tree portfast


<SNIP>


Configure the Switch Management Interface (Switch Virtual Interface/SVI).

SwPod1(config)#interface vlan 11
SwPod1(config-if)#
%LINK-5-CHANGED: Interface Vlan11, changed state to up

SwPod1(config-if)#ip address 10.11.0.2 255.255.255.0
SwPod1(config-if)#exit
SwPod1(config)#ip default-gateway 10.11.0.1


Configure the Router Subinterfaces for Data, Management and Voice VLANs.

RtrPod1(config)#interface g0/1
RtrPod1(config-if)#description ### Trunk to SwPod1 ###
RtrPod1(config-if)#no shutdown
RtrPod1(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
RtrPod8(config-if)#interface g0/1.10
RtrPod8(config-subif)#
%LINK-5-CHANGED: Interface GigabitEthernet0/1.10, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1.10, changed state to up
RtrPod1(config-subif)#description ### Data VLAN ###
RtrPod1(config-subif)#encapsulation dot1q 10
RtrPod1(config-subif)#ip address 10.10.0.1 255.255.255.0
RtrPod1(config-subif)#
RtrPod1(config-subif)#interface g0/1.11
RtrPod1(config-subif)#
%LINK-5-CHANGED: Interface GigabitEthernet0/1.11, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1.11, changed state to up
RtrPod1(config-subif)#description ### Management VLAN ###
RtrPod1(config-subif)#ip address 10.11.0.1 255.255.255.0

% Configuring IP routing on a LAN subinterface is only allowed if that
subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q,
or ISL vLAN.

RtrPod1(config-subif)#encapsulation dot1q 11
RtrPod1(config-subif)#ip address 10.11.0.1 255.255.255.0
RtrPod1(config-subif)#
RtrPod1(config-subif)#interface g0/1.15
RtrPod1(config-subif)#
%LINK-5-CHANGED: Interface GigabitEthernet0/1.15, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1.15, changed state to up
RtrPod1(config-subif)#description ### Voice VLAN ###
RtrPod1(config-subif)#encapsulation dot1q 15
RtrPod1(config-subif)#ip address 10.15.0.1 255.255.255.0


Verify Switch Layer 2 VLANs

SwPod1#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gig0/1, Gig0/2
10   Data                             active    Fa0/2, Fa0/3, Fa0/4, Fa0/5
                                                Fa0/6, Fa0/7, Fa0/8, Fa0/9
                                                Fa0/10, Fa0/11, Fa0/12, Fa0/13
                                                Fa0/14, Fa0/15, Fa0/16, Fa0/17
                                                Fa0/18, Fa0/19, Fa0/20, Fa0/21
                                                Fa0/22, Fa0/23, Fa0/24
11   Management                       active   
15   Voice                            active    Fa0/2, Fa0/3, Fa0/4, Fa0/5
                                                Fa0/6, Fa0/7, Fa0/8, Fa0/9
                                                Fa0/10, Fa0/11, Fa0/12, Fa0/13
                                                Fa0/14, Fa0/15, Fa0/16, Fa0/17
                                                Fa0/18, Fa0/19, Fa0/20, Fa0/21
                                                Fa0/22, Fa0/23, Fa0/24
1002 fddi-default                     active   
1003 token-ring-default               active   
1004 fddinet-default                  active   
1005 trnet-default                    active   

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
10   enet  100010     1500  -      -      -        -    -        0      0
11   enet  100011     1500  -      -      -        -    -        0      0
15   enet  100015     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0  
1003 tr    101003     1500  -      -      -        -    -        0      0  
1004 fdnet 101004     1500  -      -      -        ieee -        0      0  
1005 trnet 101005     1500  -      -      -        ibm  -        0      0  

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

Remote SPAN VLANs
------------------------------------------------------------------------------

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------


Verify Switch Port Assignment

SwPod1#show interface switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: All
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

Name: Fa0/2
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: negotiated
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 10 (Data)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: 15
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: All
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

Name: Fa0/3
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: negotiated
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 10 (Data)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: 15
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: All
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none


Verify Router Layer 3 Subinterface IP Assignment

RtrPod1#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0     unassigned      YES unset  administratively down down
GigabitEthernet0/1     unassigned      YES unset  up                    up
GigabitEthernet0/1.10  10.10.0.1       YES manual up                    up
GigabitEthernet0/1.11  10.11.0.1       YES manual up                    up
GigabitEthernet0/1.15  10.15.0.1       YES manual up                    up
GigabitEthernet0/2     unassigned      YES unset  administratively down down
Vlan1                  unassigned      YES unset  administratively down down


Configure DHCP Pools on the Router for Data and Voice Subnet. It's advisable to exclude the address range first and then make the network statement as the last command.

RtrPod1(config)#ip dhcp excluded-address 10.10.0.1 10.10.0.10
RtrPod1(config)#ip dhcp pool DATA
RtrPod1(dhcp-config)#default-router 10.10.0.1
RtrPod1(dhcp-config)#network 10.10.0.0 255.255.255.0
RtrPod1(dhcp-config)#exit
RtrPod1(config)#ip dhcp excluded-address 10.15.0.1 10.15.0.10
RtrPod1(config)#ip dhcp pool VOICE
RtrPod1(dhcp-config)#default-router 10.15.0.1
RtrPod1(dhcp-config)#option 150 ip 10.15.0.1
RtrPod1(dhcp-config)#network 10.15.0.0 255.255.255.0
RtrPod1(dhcp-config)#exit


Test PC Connectivity by ensuring to get an automatic IP address on the Data VLAN DHCP pool.
Verify the PC can Telnet to both the Router and Switch Management IP addresses.
Set PC IPv4 to DHCP

C:\>ipconfig

Bluetooth Connection:(default port)

   Link-local IPv6 Address.........: ::
   IP Address......................: 0.0.0.0
   Subnet Mask.....................: 0.0.0.0
   Default Gateway.................: 0.0.0.0

FastEthernet0 Connection:

   Link-local IPv6 Address.........: FE80::2D0:58FF:FE3B:79D0
   IP Address......................: 10.10.0.11
   Subnet Mask.....................: 255.255.255.0
   Default Gateway.................: 10.10.0.1

C:\>telnet 10.11.0.1
Trying 10.11.0.1 ...Open

User Access Verification

Password: <cisco>
RtrPod8>exit

[Connection to 10.11.0.1 closed by foreign host]

C:\>telnet 10.11.0.2
Trying 10.11.0.2 ...Open


User Access Verification

Password: <cisco>
SwPod1>


Connect an IP Phone to the Switch. Monitor Power over Ethernet (PoE) output on the Switch console.

SwPod1#
%ILPOWER-7-DETECT: Interface Fa0/3: Power Device detected: IEEE PD
%ILPOWER-5-POWER_GRANTED: Interface Fa0/3: Power granted
%LINK-5-CHANGED: Interface FastEthernet0/3, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to up
%LINK-5-CHANGED: Interface FastEthernet0/3, changed state to up
SwPod1#
%ILPOWER-7-DETECT: Interface Fa0/4: Power Device detected: IEEE PD
%ILPOWER-5-POWER_GRANTED: Interface Fa0/4: Power granted
%LINK-5-CHANGED: Interface FastEthernet0/4, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to up
%LINK-5-CHANGED: Interface FastEthernet0/4, changed state to up


Verify the Switch PoE usage. Take note each IP phone consumed about 10 Watts (total Used: 20 w). The Remaining power on the Switch is 350 w.

SwPod1#show power inline
Available:370.0(w)  Used:20.0(w)  Remaining:350.0(w)

Interface Admin  Oper       Power   Device              Class Max
                            (Watts)
--------- ------ ---------- ------- ------------------- ----- ----
Fa0/1     auto   off        0.0     n/a                 n/a   15.4
Fa0/2     auto   off        0.0     n/a                 n/a   15.4
Fa0/3     auto   on         10.0    IP Phone 7960       3     15.4
Fa0/4     auto   on         10.0    IP Phone 7960       3     15.4
Fa0/5     auto   off        0.0     n/a                 n/a   15.4
Fa0/6     auto   off        0.0     n/a                 n/a   15.4
Fa0/7     auto   off        0.0     n/a                 n/a   15.4
Fa0/8     auto   off        0.0     n/a                 n/a   15.4
Fa0/9     auto   off        0.0     n/a                 n/a   15.4
Fa0/10    auto   off        0.0     n/a                 n/a   15.4
Fa0/11    auto   off        0.0     n/a                 n/a   15.4
Fa0/12    auto   off        0.0     n/a                 n/a   15.4
Fa0/13    auto   off        0.0     n/a                 n/a   15.4
Fa0/14    auto   off        0.0     n/a                 n/a   15.4
Fa0/15    auto   off        0.0     n/a                 n/a   15.4
Fa0/16    auto   off        0.0     n/a                 n/a   15.4
Fa0/17    auto   off        0.0     n/a                 n/a   15.4
Fa0/18    auto   off        0.0     n/a                 n/a   15.4
Fa0/19    auto   off        0.0     n/a                 n/a   15.4
Fa0/20    auto   off        0.0     n/a                 n/a   15.4
Fa0/21    auto   off        0.0     n/a                 n/a   15.4
Fa0/22    auto   off        0.0     n/a                 n/a   15.4
Fa0/23    auto   off        0.0     n/a                 n/a   15.4
Fa0/24    auto   off        0.0     n/a                 n/a   15.4


Notice the IP phone got an IP address from the Voice DHCP pool.

RtrPod1#sh ip dhcp bind
IP address       Client-ID/              Lease expiration        Type
                 Hardware address
10.10.0.11       00D0.583B.79D0           --                     Automatic
10.15.0.11       0002.16D1.B005           --                     Automatic
10.15.0.12       00E0.A39E.541C           --                     Automatic


SwPod1#show mac address-table
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----

   1    00e0.a39d.3802    DYNAMIC     Fa0/1
  10    00e0.a39d.3802    DYNAMIC     Fa0/1
  11    00e0.a39d.3802    DYNAMIC     Fa0/1
  15    0002.16d1.b005    DYNAMIC     Fa0/3
  15    00e0.a39d.3802    DYNAMIC     Fa0/1
  15    00e0.a39e.541c    DYNAMIC     Fa0/4

SwPod1#show cdp neighbor
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID    Local Intrfce   Holdtme    Capability   Platform    Port ID
RtrPod8      Fas 0/1          138            R       C2900       Gig 0/1
RtrPod8      Fas 0/1          138            R       C2900       Gig 0/1.10
RtrPod8      Fas 0/1          138            R       C2900       Gig 0/1.11
RtrPod8      Fas 0/1          138            R       C2900       Gig 0/1.15
IP Phone     Fas 0/3          151            H P     7960        
IP Phone     Fas 0/4          151            H P     7960    



Configure the new Router as the NTP Server with a Stratum of 4. CUCM will not trust an NTP server with a Stratum of 7 or higher.

Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname NTP_SERVER
NTP_SERVER(config)#interface f0/0
NTP_SERVER(config-if)#ip address 192.168.0.1 255.255.255.0
NTP_SERVER(config-if)#no shutdown
NTP_SERVER(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
NTP_SERVER(config-if)#exit
NTP_SERVER(config)#clock timezone SGT ?
  <-23 - 23>  Hours offset from UTC
NTP_SERVER(config)#clock timezone SGT 8
NTP_SERVER(config)#exit
NTP_SERVER#
%SYS-5-CONFIG_I: Configured from console by console

NTP_SERVER#clock set 14:04:00 25 Jul 2020
NTP_SERVER#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
NTP_SERVER(config)#ntp ?
  authenticate        Authenticate time sources
  authentication-key  Authentication key for trusted time sources
  master              Act as NTP master clock
  server              Configure NTP server
  trusted-key         Key numbers for trusted time sources
  update-calendar     Configure NTP to update the calendar.
NTP_SERVER(config)#ntp master ?
  <1-15>  Act as NTP master clock
  <cr>
NTP_SERVER(config)#ntp master 4
NTP_SERVER(config)#end
NTP_SERVER#
%SYS-5-CONFIG_I: Configured from console by console

NTP_SERVER#show clock
22:5:18.274 SGT Sat Jul 25 2020


Configure NTP on the VoIP Gateway Router.

RtrPod1>enable
Password:<class>
RtrPod1#sh cdp n
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID    Local Intrfce   Holdtme    Capability   Platform    Port ID
RtrPod1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
RtrPod1(config)#interface g0/0
RtrPod1(config-if)#ip address 192.168.0.2 255.255.255.0
RtrPod1(config-if)#no shutdown
RtrPod1(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
RtrPod1(config-if)#exit
RtrPod1(config)#ntp server 192.168.0.1
RtrPod1(config)#end
RtrPod1#
%SYS-5-CONFIG_I: Configured from console by console
RtrPod1#ping 192.168.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms


Verify NTP and note NTP synchronization is slow.

RtrPod1#show ntp status
Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 250.0000 Hz, actual freq is 249.9990 Hz, precision is 2**24
reference time is 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1990)
clock offset is 0.00 msec, root delay is 0.00  msec
root dispersion is 0.00 msec, peer dispersion is 0.00 msec.
loopfilter state is 'FSET' (Drift set from file), drift is - 0.000001193 s/s system poll interval is 4, never updated.

RtrPod1#show ntp status
Clock is synchronized, stratum 16, reference is 192.168.0.1
nominal freq is 250.0000 Hz, actual freq is 249.9990 Hz, precision is 2**24
reference time is 161A707E.0000039C (7:13:2.924 UTC Wed Dec 18 2047)
clock offset is 0.00 msec, root delay is 1.00  msec
root dispersion is 10.35 msec, peer dispersion is 0.12 msec.
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is - 0.000001193 s/s system poll interval is 4, last update was 8 sec ago.

RtrPod1#show ntp association

address         ref clock       st   when     poll    reach  delay          offset            disp
 ~192.168.0.1   127.127.1.1     4    6        16      1      0.00           864579776566.00   0.00
 * sys.peer, # selected, + candidate, - outlyer, x falseticker, ~

RtrPod1#show ntp association

address         ref clock       st   when     poll    reach  delay          offset            disp
*~192.168.0.1   127.127.1.1     4    4        16      157    0.00           0.00              0.12
 * sys.peer, # selected, + candidate, - outlyer, x falseticker, ~

RtrPod1#show clock
14:12:14.270 UTC Sat Jul 25 2020

RtrPod1(config)#clock timezone SGT 8   // CONFIGURE SAME TIMEZONE WITH NTP SERVER (UTC +8)
RtrPod1(config)#end
RtrPod1#
%SYS-5-CONFIG_I: Configured from console by console

RtrPod1#show clock
22:23:58.876 SGT Sat Jul 25 2020