Packet Tracer Blog

VLAN management on Cisco ISR routers

Details

Last Updated: Tuesday, 16 July 2019 20:57

Published: Tuesday, 05 January 2016 21:16

Written by PacketTracerNetwork

VLAN management is quite different on ISR routers than on Catalyst switches. VLAN can be used as 802.1q subinterfaces for routed interfaces or with a switch-like configuration on Ethernet Switch Modules (HWIC-4ESW for example)

Subinterface configuration (routed interfaces)

Layer 3 router interfaces cannot be configured in switch mode using "switchport" command on a Cisco ISR router. However, 802.1q trunks interconnexion is supported on these interfaces using the subinterface feature.

Virtual layer 3 interfaces are bound to the physical port using the interface <interface name>.<inderface id> command, <interface id> beeing the subinterface ID. For better configuration readability, the <interface id> is usually configured with the <vlan id> value. The encapsulation dot1Q <vlan id> maps the trafic flowing with the 802.1q vlan id (tagged) to the subinterface.

In the example below, FastEthernet0/0.20 is a subinterface bound to the FastEthernet0/0 physical interface. FastEthernet 0/0.20 is configured to process trafic flowing on vlan 20 in the 802.1q trunk connected to the FastEthernet 0/0 physical router interface.

interface FastEthernet0/0.20
  encapsulation dot1Q 20
  ip address 10.20.10.1 255.255.255.0

interface FastEthernet0/0.30
  encapsulation dot1Q 30
  ip address 10.30.10.1 255.255.255.0

VLAN database (ESW module)

If an EtherSwitch Service Module (HWIC-4ESW for example) has been installed on the ISR router, VLAN for that module can be configured using the vlan database in Packet Tracer 7.2. Port membership to the vlan is configured in the same way than on a Catalyst switch using the "switchport access vlan <vid>" commmand.

Read more ...

Zone based firewalling in Cisco Packet Tracer

Details

Last Updated: Tuesday, 16 July 2019 21:02

Published: Monday, 23 February 2015 07:58

Written by PacketTracerNetwork

Zone based firewalling is available in Cisco Packet Tracer 2800 routers with IOS 12.4(15)T1 and in new 2901/2911 ISR routers with IOS 15.1(4). This feature was introduced by Cisco in IOS 12.4(6)release.

The zone-member command seems to be only available on 2811 router's FastEthernet interfaces. It is not available on vlan interfaces of this router or in a 2911 router.

Configuration example:

class-map type inspect match-all all-private
 match access-group 101
!         
policy-map type inspect priv-pub-pmap
 class type inspect all-private
  inspect
 class class-default
!
zone security public
zone security private

zone-pair security priv-pub source private destination public
 service-policy type inspect priv-pub-pmap
! 
interface FastEthernet0/0
 ip address 192.168.110.44 255.255.255.0
 zone-member security public
!

Upgrade router/switch IOS version

Details

Last Updated: Tuesday, 16 July 2019 21:01

Published: Monday, 23 February 2015 08:07

Written by PacketTracerNetwork

It is possible to upgrade the IOS of a device in Cisco Packet Tracer.

1. Put the TFTP server into the workspace
2. Click on it to open its properties
3. Go to the Config tab, then click TFTP. This will show you different IOS versions which can be downloaded on a router or switch device.

You can delete the IOS that is in flash of a router. After reloading the router, it will boot to rommon mode. You can then download an IOS version from the available ones on the TFTP server.

Since Packet Tracer 6.1, IOS 15.x has been available in Packet Tracer for ISR routers as well as catalyst 2960 switch