Skip to main content

Lab 1-1: Initial Configuration of the Network Devices

Topology

image.png

Task 1: Define the Addressing Plan and Assignments

Before beginning with the configuration of the devices themselves, the addressing plan must be properly defined. We will use the following subnets and VLAN numbers:

MADRID OFFICE

NETWORK VLAN SUBNET GATEWAY DHCP
MADRID_MGMT 210 172.20.10.0/24 172.20.10.1 NO
MADRID_MGMT_APs 220 172.20.20.0/24 172.20.20.1 172.20.20.11 - 172.20.20.254
MADRID_VoIP 230 172.20.30.0/24 172.20.30.1 172.20.30.11 - 172.20.30.254
MADRID_USERS 240 172.20.40.0/24 172.20.40.1 172.20.40.11 - 172.20.40.254
MADRID_SERVERS 250 172.20.50.0/24 172.20.50.1 NO

LEON OFFICE

NETWORK VLAN SUBNET GATEWAY DHCP
LEON_MGMT 310 172.30.10.0/24 172.30.10.1 172.30.10.11 - 172.30.10.254
LEON_MGMT_APs 320 172.30.20.0/24 172.30.20.1 172.30.20.11 - 172.30.20.254
LEON_VoIP 330 172.30.30.0/24 172.30.30.1 172.30.30.11 - 172.30.30.254
LEON_USERS 340 172.30.40.0/24 172.30.40.1 172.30.40.11 - 172.30.40.254
LEON_SERVERS 350 172.30.50.0/24 172.30.50.1 172.30.50.11 - 172.30.50.254
Assignments

  • JRI_EDGE

    • MADRID_MGMT: 172.20.10.1/24 (L3 VLAN 210)
    • MADRID_MGMT_APs: 172.20.20.1/24 (L3 VLAN 220)
    • MADRID_VoIP: 172.20.30.1/24 (L3 VLAN 230)
    • MADRID_USERS: 172.20.40.1/24 (L3 VLAN 240)
    • MADRID_SERVERS: 172.20.50.1/24 (L3 VLAN 250)
    • LEON_MGMT: 172.30.10.1/24 (L3 VLAN 310)
    • LEON_MGMT_APs: 172.30.20.1/24 (L3 VLAN 320)
    • LEON_VoIP: 172.30.30.1/24 (L3 VLAN 330)
    • LEON_USERS: 172.30.40.1/24 (L3 VLAN 340)
    • LEON_SERVERS: 172.30.50.1/24 (L3 VLAN 350)
    • GUEST_NETWORK: 192.168.99.0/24 (L3 VLAN 99)

  • LAN.MAD.01

    • MADRID_MGMT: 172.20.10.2/24

  • LAN.LE.01

    • LEON_MGMT: 172.30.10.2/24

  • JRI.WLC.01

    • Virtual Interface IP: 192.0.2.1
    • Management Interface: 172.20.10.3/24 (MADRID_MGMT)

  • JRI.WLC.02

    • Virtual Interface IP: 192.0.2.1
    • Management Interface: 172.30.10.3 (LEON_MGMT)

  • APs at MADRID office: IPs on the MADRID_MGMT_APs DHCP range.

  • APs at LEON office: IPs on the LEON_MGMT_APs DHCP range.

  • Laptop at MADRID office: IP on the MADRID_USERS DHCP range.

  • Laptop at LEON office: IP on the LEON_USERS DHCP range.

  • Management Server: 172.20.10.10/24 (MADRID_MGMT)

  • Prime Infrastructure (Virtual): 172.20.10.11/24 (MADRID_MGMT) 

Task 2: Cable and Configure LAN.MAD.01, LAN.LE.01 and JRI.EDGE devices

As you can see in the following image, this is how I physically fitted the devices to match the topology diagram:

image.png

At the bottom you can see the C1111 router as JRI.EDGE, connected to both LAN.LE.01 and LAN.MAD.01. Also, the APs are already in place (but not cabled yet). The 5508 WLCs at the top are already cabled to their respective switch (with an LC-LC fiber cable), with the help of GLC-SX-MMD SFPs.

Following, are the configuration of the three devices:

Devices running-config
JRI.EDGE 
JRI.EDGE#show run
Building configuration...

Current configuration : 8616 bytes
!
! Last configuration change at 13:10:39 CEST Sun Sep 7 2025 by sergio
! NVRAM config last updated at 13:32:12 CEST Sun Sep 7 2025 by sergio
!
version 17.12
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform hardware throughput crypto 50000
!
hostname JRI.EDGE
!
boot-start-marker
boot system bootflash:packages.conf
boot-end-marker
!
!
no aaa new-model
clock timezone CEST 1 0
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 2:00
!
ip name-server 8.8.8.8
ip domain name jri.net
!
!
!
!
!
!
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1820294212
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1820294212
 revocation-check none
 rsakeypair TP-self-signed-1820294212
 hash sha512
!
crypto pki trustpoint SLA-TrustPoint
 enrollment terminal
 revocation-check crl
 hash sha512
!
!
crypto pki certificate chain TP-self-signed-1820294212
 certificate self-signed 01
  30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31383230 32393432 3132301E 170D3235 30353330 31383539
  30345A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38323032
  39343231 32308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
  0A028201 0100CA09 0C8EC699 F61A8543 EA79C797 3C64C902 90DF5EB4 2B921C47
  05773F46 E5B5AAC1 05C6B74F A866A484 A7C26827 52267E66 255F8917 A98D3FA5
  A6671BC8 3A7CA568 9CC219C1 5D4345CD 6E57A30A C59CC410 863409B2 0179E034
  45250A0F 8BBB4494 7FC66D37 0B4817ED A76DCC34 8D661BA8 ED6F6953 F1F06D64
  D774CB17 6DFBB081 424D6B2F 5863054D 16A50780 AD806038 B48E22CE 2F261110
  01472A52 3140CCC6 5C403E54 BBC8B3F1 843BE79B 58066A4D F7579F80 9E8A56F8
  FC61C8D7 0BBB63F9 B38DE301 4BC29BC2 8A2D9C9B C116E070 5F70757F 4634FFC9
  B928D795 2DBE4EAF 03680A50 C8D6EE11 60DF21C4 CF3A29E7 367B5131 8F59A2BB
  2C5C5EDA 9CEB0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
  301F0603 551D2304 18301680 14D1D69E 6C75F812 68896FA5 6E5F4171 3BFDB2A6
  D9301D06 03551D0E 04160414 D1D69E6C 75F81268 896FA56E 5F41713B FDB2A6D9
  300D0609 2A864886 F70D0101 05050003 82010100 C8644B0A 9D1D16DA 49FCB237
  A2354D11 3EF1F11E 8D77A390 EE4E43AD 8CA1701A E2724AFC 94E3D8C2 37DCE183
  27F2E2E2 77679B02 597B4C21 A4485ECF EB335C0C D80B9CFA A08C2D45 8F43B88F
  8FF8238D BC1C0857 71407B0C E1E36ACD E276055C 7BD02375 7F606D7D 0D85B2F6
  FCBB4F01 8102D4ED C834DDAF F4182FEC 1F205353 94117B1C 8A7CE764 2B9F2294
  0510EED0 33BDC620 40628CB2 FF0EE40D 0BA37258 BB27F0F0 E3721DAE 61D15827
  D102E0F3 748F6E4C 05C5D1E2 7728E81D 45594380 5CB2E29B C5166A1D 1C7A308E
  9EE27705 F667CDBD D55256B7 650D560D B3969CBE DF8FB9D2 6F9E54A8 59BD6059
  5935B665 465F4FC0 7DCBCB84 7DF02CD6 553CBDD6
        quit
crypto pki certificate chain SLA-TrustPoint
 certificate ca 01
  30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
  32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
  6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
  3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
  43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
  526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
  82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
  CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
  1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
  4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
  7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
  68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
  C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
  C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
  DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
  06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
  4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
  03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
  604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
  D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
  467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
  7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
  5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
  80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
  418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
  D697DF7F 28
        quit
!
!
!
!
voice service voip
 mode border-element
 trace
!
!
!
!
!
!
diagnostic bootup level minimal
!
no license feature hseck9
license udi pid C1111-8PLTEEAWE sn FCZ2318C27J
license boot level appxk9
license boot level uck9
license boot level securityk9
license smart transport smart
memory free low-watermark processor 70151
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 210,220,230,240,250,310,320,330,340,350 priority 24576
!
enable secret 9 $9$D65BXxs/tqdALk$b/pYYXb.AqNqCCdkxLzhCqYJoL1NbmFAy14Wb53lBKk
!
username sergio secret 9 $9$ZyISua2TVvy2cU$gu1/fif2v9y14WIpOyk6zbRrQ0MDbmh4GQ9xAvmJUeU
!
redundancy
 mode none
!
!
!
!
controller Cellular 0/2/0
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
 ip address 10.0.10.4 255.255.255.0
 ip nat outside
 negotiation auto
!
interface GigabitEthernet0/0/1
 no ip address
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/1/0
 description LAN.MAD.01 - Gi0/10
 switchport mode trunk
!
interface GigabitEthernet0/1/1
 description LAN.LE.01 - Fa0/8
 switchport mode trunk
!
interface GigabitEthernet0/1/2
 description Management Server
 switchport access vlan 210
 switchport mode access
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0/1/4
!
interface GigabitEthernet0/1/5
!
interface GigabitEthernet0/1/6
 switchport
!
interface GigabitEthernet0/1/7
 switchport
 switchport access vlan 10
!
interface Wlan-GigabitEthernet0/1/8
!
interface Cellular0/2/0
 no ip address
!
interface Cellular0/2/1
 no ip address
!
interface Vlan1
 no ip address
!
interface Vlan210
 description MADRID_MGMT
 ip address 172.20.10.1 255.255.255.0
 ip nat inside
!
interface Vlan220
 description MADRID_MGMT_APs
 ip address 172.20.20.1 255.255.255.0
 ip nat inside
!
interface Vlan230
 description MADRID_VoIP
 ip address 172.20.30.1 255.255.255.0
 ip nat inside
!
interface Vlan240
 description MADRID_USERS
 ip address 172.20.40.1 255.255.255.0
 ip nat inside
!
interface Vlan250
 description MADRID_SERVERS
 ip address 172.20.50.1 255.255.255.0
 ip nat inside
!
interface Vlan310
 description LEON_MGMT
 ip address 172.30.10.1 255.255.255.0
 ip nat inside
!
interface Vlan320
 description LEON_MGMT_APs
 ip address 172.30.20.1 255.255.255.0
 ip nat inside
!
interface Vlan330
 description LEON_VoIP
 ip address 172.30.30.1 255.255.255.0
 ip nat inside
!
interface Vlan340
 description LEON_USERS
 ip address 172.30.40.1 255.255.255.0
 ip nat inside
!
interface Vlan350
 description LEON_SERVERS
 ip address 172.30.50.1 255.255.255.0
 ip nat inside
!
ip forward-protocol nd
no ip http server
ip http secure-server
!
ip nat inside source list NAT interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 10.0.10.1
ip ssh bulk-mode 131072
!
ip access-list extended NAT
 10 permit ip 172.20.10.0 0.0.0.255 any
 20 permit ip 172.20.20.0 0.0.0.255 any
 30 permit ip 172.20.30.0 0.0.0.255 any
 40 permit ip 172.20.40.0 0.0.0.255 any
 50 permit ip 172.20.50.0 0.0.0.255 any
 60 permit ip 172.30.10.0 0.0.0.255 any
 70 permit ip 172.30.20.0 0.0.0.255 any
 80 permit ip 172.30.30.0 0.0.0.255 any
 90 permit ip 172.30.40.0 0.0.0.255 any
 100 permit ip 172.30.50.0 0.0.0.255 any
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
line con 0
 logging synchronous
 transport input none
 stopbits 1
 speed 115200
line vty 0 4
 exec-timeout 0 0
 logging synchronous
 login local
 transport input ssh
line vty 5 15
 exec-timeout 0 0
 logging synchronous
 login local
 transport input ssh
!
ntp master
ntp server ntp.pool.org
!
!
!
!
!
!
end
LAN.MAD.01 
LAN.MAD.01#show run
Building configuration...

Current configuration : 3701 bytes
!
! Last configuration change at 13:23:35 CEST Sun Sep 7 2025 by sergio
! NVRAM config last updated at 13:32:05 CEST Sun Sep 7 2025 by sergio
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LAN.MAD.01
!
boot-start-marker
boot-end-marker
!
enable secret 9 $9$YworC0H4LbUQSG$ShaTtZVJlGjDKL9UL.LeQwqtBJD1kqtB.Q0XFnThayY
!
username sergio secret 9 $9$eKiYwQdHX2/hqW$MWsA0HKqBgNHFzBisiNRyZhxw0d2vClHc4wIDBd.La2
no aaa new-model
clock timezone CET 1 0
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 2:00
system mtu routing 1500
!
!
!
!
!
!
ip domain-name jri.net
ip name-server 8.8.8.8
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-3115109632
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3115109632
 revocation-check none
 rsakeypair TP-self-signed-3115109632
!
!
crypto pki certificate chain TP-self-signed-3115109632
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33313135 31303936 3332301E 170D3235 30393037 31323036
  33365A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 31313531
  30393633 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100899F AB69C507 9EB73BD9 9EAA541F 622A2B15 8289AC23 875336DF B6ACB7D4
  14FD049D 2AD8D791 C14EA171 5F98C608 1C66A09A 72320E0F E81FA75D 218E098E
  CAD585CE 6D916E8F 54CD73D3 46F7F03F 0ABADE1F 63080B75 64FB6751 A91F506F
  3BA5B741 D113BDF6 6F2A2892 CD9040DE 6A148301 A219F245 503F66CC D866001A
  A31B0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 1401B984 A2691590 907C3E33 DF886667 6AC71F37 C4301D06
  03551D0E 04160414 01B984A2 69159090 7C3E33DF 8866676A C71F37C4 300D0609
  2A864886 F70D0101 05050003 8181001B 8648432F D38F11A0 82CAB815 1BD8A780
  8F0C1026 B7D5E6FF D2DBF473 59596B75 6A625FC3 A4E35009 C6A6CE5A 7DA8C632
  8C26C613 94678D7D 2A6C7B68 37E8F927 11578F61 66E534F4 6831B46C 97BA542B
  2C8E7D34 7791F7E7 394612F7 09C4F180 EC424FE9 FBBAB191 75D896E4 4D06BA1F
  68A29317 93F17B36 A8990099 C71499
        quit
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 210,220,230,240,250 priority 28672
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/1
 description LAN.MAD.01-AP1
 switchport access vlan 220
 switchport mode access
!
interface GigabitEthernet0/2
 description LAN.MAD.01-AP2
 switchport access vlan 220
 switchport mode access
!
interface GigabitEthernet0/3
 description Madrid_Laptop
 switchport access vlan 240
 switchport mode access
 spanning-tree portfast edge
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
 description JRI.EDGE - Gi0/1/0
 switchport trunk allowed vlan 210
 switchport mode trunk
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface Vlan1
 no ip address
!
interface Vlan210
 description MADRID_MGMT
 ip address 172.20.10.2 255.255.255.0
!
ip default-gateway 172.20.10.1
ip forward-protocol nd
!
ip http server
ip http secure-server
ip ssh version 2
!
!
!
!
!
line con 0
 logging synchronous
line vty 0 4
 exec-timeout 0 0
 logging synchronous
 login local
 transport input ssh
line vty 5 15
 exec-timeout 0 0
 logging synchronous
 login local
 transport input ssh
!
ntp server 172.20.10.1
!
end
LAN.LE.01 
LAN.LE.01#show run
Building configuration...

Current configuration : 3665 bytes
!
! Last configuration change at 13:32:20 CEST Sun Sep 7 2025 by sergio
! NVRAM config last updated at 13:32:22 CEST Sun Sep 7 2025 by sergio
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service unsupported-transceiver
!
hostname LAN.LE.01
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$SXjR$chCzX6MeTiu7QtYUb1r.i.
!
username sergio secret 5 $1$Q0ZL$mimsdyKi8vhaJmT8XR9La.
no aaa new-model
clock timezone CET 1 0
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 2:00
system mtu routing 1500
ip domain-name jri.net
ip name-server 8.8.8.8
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1832650624
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1832650624
 revocation-check none
 rsakeypair TP-self-signed-1832650624
!
!
crypto pki certificate chain TP-self-signed-1832650624
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31383332 36353036 3234301E 170D3933 30333031 30303031
  30385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38333236
  35303632 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100AB85 D921BF50 D990B916 D8B20152 F4F0FEB7 3E044956 97C00E26 9D961FF3
  FC8312D7 4A45315B 13A5E75C 41F8F19E 937BF5CE 29A6E7DD F02B938B 29EF17EB
  0D235F92 6A223E93 4CEE103A C70C08D5 A81F759B 16B2A80E BBFE5D92 5312C029
  B002158C 59A94C08 7CB416EF A0DA6BE6 6638EF5F AFE98132 48BAFCBA 88E74D4D
  C1270203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 14FD0096 553FF8CF 455EFA2C E2A666E1 F341CD34 58301D06
  03551D0E 04160414 FD009655 3FF8CF45 5EFA2CE2 A666E1F3 41CD3458 300D0609
  2A864886 F70D0101 05050003 8181000B 2912D173 751BE67E 9EA88ACC AD1089BB
  78CC5EEB C04085A4 67137ABE 3836005A 7C1DF241 0C2D8748 5673A3F0 48DF0108
  52579771 BBB3FF91 6F642F0C BA3EC4F3 B47DA810 5A77978B AFAEF284 DCCB0DA2
  06DB4803 9BA8A309 830F52BB D20FA9B6 505834A8 DD20A87F DACFDBCC 15795A40
  1A5A937D E448A085 68F523D1 B7959C
        quit
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 310,320,330,340,350 priority 28672
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/1
 description LAN.LE.01-AP1
 switchport access vlan 320
 switchport mode access
!
interface FastEthernet0/2
 description LAN.LE.01-AP2
 switchport access vlan 320
 switchport mode access
!
interface FastEthernet0/3
 description Leon_Laptop
 switchport access vlan 340
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
 description JRI.EDGE - Gi0/1/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/1
 description JRI.WLC.02
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan310
 description LEON_MGMT
 ip address 172.30.10.2 255.255.255.0
!
ip default-gateway 172.30.10.1
ip http server
ip http secure-server
!
!
!
!
!
vstack
!
line con 0
 logging synchronous
line vty 0
 exec-timeout 0 0
 logging synchronous
 login local
 transport input ssh
line vty 1 4
 logging synchronous
 login local
 transport input ssh
line vty 5 15
 logging synchronous
 login local
 transport input ssh
!
ntp server 172.30.10.1
end
Notes

For the lab networks to have access to the Internet, I have configured JRI.EDGE to act as a NAT router, translating requests coming from the lab networks to the outside zone (lab networks permitted via ACL). JRI.EDGE interface connecting to the TP-LINK is a routed interface with IP 10.0.10.4/24 (in the MGMT VLAN 10 network, from my homelab). The TP-LINK port 1 is configured as untagged for VLAN 10 but tagged on the trunk to the Proxmox (OPNsense).

  • Routing handled by JRI.EDGE for all VLANs (SVIs).
  • STP mode rapid-pvst, with JRI.EDGE as root bridge for all VLANs, LAN.MAD.01 root secondary for Madrid VLANs, and LAN.LE.01 root secondary for Leon VLANs.
  • APs, WLCs and laptops ports already configured.
Back to top